Architecting the Enterprise

Serge Thorn

Subscribe to Serge Thorn: eMailAlertsEmail Alerts
Get Serge Thorn: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

IT Governance, finally a worldwide recognition: ISO 38500

Finally IT Governance will be recognised as a standard. We already had a series of ISO standards for various IT Governance domains such as IT Service Management ISO 20000, Security Management ISO 27001, and Quality ISO 9000, but recently the international organization recognized that a new standard would be well accepted. It will be named ISO 38500 which will cover Corporate Governance of information technology. This standard was originally defined as an Australian standard AS8015, which by the way was the only alternative available.

AS8015 is (was?) intended to provide guiding principles to any organisation, from the smallest to the largest, including private and public (listed and unlisted) companies, not-for-profit organisations, associations, clubs and government agencies. This standard has an application to just about any organisation, either because you are a supplier of ICT related goods and services or more simply because you implement and use ICT in your business.

AS8015 provides six guiding principles for good corporate governance and the effective, efficient and acceptable use of ICT. The six principles (and examples of each) are:

1 Establish clearly understood responsibilities for ICT (eg, ensure individuals understand and accept their responsibilities)
2 Plan ICT to best support the organisation (eg, ensure ICT plans fit current and future needs and the organisation’s corporate plans)
3 Acquire ICT validly (eg, ICT acquisitions should be made for approved reasons and in the approved way; on the basis of ongoing analysis)
4 Ensure ICT performs well, whenever required (eg, ensure ICT is fit for its purpose and is responsive to changing requirements)
5 Ensure ICT conforms with formal rules (eg, ensure compliance with external regulations and internal policies and practices)
6 Ensure ICT use respects human factors (eg, ensure ICT meets the evolving needs of the ‘people in the process’)

The following ISO website used to be where the draft was located (different number) but if you want more information you may refer to

The 26th of May, the standard will be launched in the Netherlands. As any ISO standards, this will impact how IT Departments are organized!

Read the original blog entry...

More Stories By Serge Thorn

Serge Thorn is currently developing and delivering new Enterprise Architecture consultancy and training services, implementing Governance and managing IT Operations.

Before he was in charge of International Governance and Control, implementing different best practices around IT Finance/Procurement, Audit/Risk management, Vendors Management (with Service Level Management) in a Bank.

Previously Serge worked in a Pharma in charge of the Enterprise Architecture worldwide program and Governance, the IT Research & Innovation, following the reorganization of the IT Department, implementing Service Management based on ITIL Best Practices and deploying new processes: Change, Configuration, Release, and Capacity/Availability Management, responsible for the Disaster Recovery Plan and for the System Management team.

Prior to this, he was responsible for the Architecture team in an international bank, and has wide experience in the deployment and management of information systems in Private Banking and Wealth Management environments, and also in the IT architectures domains, Internet, dealing rooms, inter-banking networks, Middle and Back-office. He also has been into ERP and CRM domains.

Serge's main competencies cover the perfect understanding of banking activities, and industry, the design of new systems, IT strategies, IT Governance and Control, Innovation, new technologies, Enterprise Architecture (including BPM and TOGAF 9), Service Management (ITIL V 3), Quality System ISO 9001:2000, team management, project and portfolio management (PMI), IT Finance, organization and planning.