This chapter describes the scope, application and objectives of ISO/IEC 38500. It also sets out some of the benefits of using the standard, in terms of the conformance and performance of the organisation. Finally, it provides a set of useful definitions, some of which are drawn from ISO Guide 73:2002 (Risk Management—Vocabulary— #8212;Guidelines for Use in Standards).
As might be expected, the scope of ISO/IEC 38500 is ‘the governance of management processes (and decisions) relating to the information and communications processes used by an organization’68. The standard recognises that these processes could be controlled by one or more of the following:
• IT specialists within the organisation
• External service ...