ISO/IEC 38500: A pocket guide, second edition

CHAPTER 1: WHAT IS ISO/IEC 38500?

ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology.

There are, broadly speaking, two types of standards²:

•A specification that describes requirements that must be achieved (ISO 9001 and the Payment Card Industry Data Security Standard (PCI DSS), for example).

•A code of practice, which is a set of guidelines and supporting information that describe best practice and provide advice on how something might be done (such as ISO 27002 or ITIL^®).

A specification sets out clear requirements against which an audit can be carried out. Third-party certification schemes – such as the ISO/IEC 27001 certification scheme – are able to exist because an accredited ...

Get ISO/IEC 38500: A pocket guide, second edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO/IEC 38500: A pocket guide, second edition by Alan Calder

CHAPTER 1: WHAT IS ISO/IEC 38500?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly