ISO/IEC 38500
The IT governance standard
ISO/IEC 38500
The IT governance standard
ALAN CALDER
Every possible effort has been made to ensure that the
information contained in this book is accurate at the time
of going to press, and the publishers and the author
cannot accept responsibility for any errors or omissions,
however caused. No responsibility for loss or damage
occasioned to any person acting, or refraining from
action, as a result of the material in this publication can
be accepted by the publisher or the author.
Apart from any fair dealing for the purposes of research
or private study, or criticism or review, as permitted
under the Copyright, Designs and Patents Act 1988, this
publication may only be reproduced, stored or
transmitted, in any form, or by any means, with the prior
permission in writing of the publisher or, in the case of
reprographic reproduction, in accordance with the terms
of licences issued by the Copyright Licensing Agency.
Enquiries concerning reproduction outside those terms
should be sent to the publishers at the following address:
IT Governance Publishing
IT Governance Limited
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely
Cambridgeshire
CB7 4EH
United Kingdom
www.itgovernance.co.uk
© Alan Calder 2008
The author has asserted the rights of the author under the
Copyright, Designs and Patents Act, 1988, to be
identified as the author of this work.
First published in the United Kingdom in 2008
by IT Governance Publishing
ISBN 978-1-905356-58-4
5
ABOUT THE AUTHOR
Alan Calder is a leading author on IT governance
and information security issues. He is chief
executive of IT Governance Limited, the one-stop
shop for books, tools, training and consultancy on
Governance, Risk Management and Compliance.
He is also Chairman of the Board of Directors of
CEME, a public-private sector skills partnership.
Alan has written extensively on issues of IT
governance. Books on the subject that are
currently in print include IT Governance:
Guidelines for Directors, IT Governance: A
Practitioner’s Handbook and a series of IT
governance-related pocket guides, known as the IT
Governance Triptych.
Alan is also an international authority on
ISO27001 (formerly BS7799), the international
security standard, about which he wrote, with
colleague Steve Watkins, the definitive
compliance guide, IT Governance: A Manager’s
Guide to Data Security and BS7799/ISO17799.
This work is based on his experience of leading
the world’s first successful implementation of
BS7799 (with the fourth edition published in
May 2008) and is the basis for the UK
Open University’s postgraduate course on
information security.
Other books written by Alan include The Case for
ISO27001 and ISO27001 – Nine Steps to Success.
1
1
For details of these books, see:
http://www.itgovernance.co.uk/catalog/2.

Get ISO/IEC 38500: The IT Governance Standard now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.