标准摘要
[中文适用范围]: 该标准为组织董事(包括所有者、董事会成员、董事、合伙人、高级管理人员或类似人员)提供有关在其组织内有效、高效和可接受地使用信息技术 (IT) 的指导原则。 本标准适用于与组织使用的信息和通信服务相关的管理流程(和决策)的治理。 这些流程可以由组织内的 IT 专家或外部服务提供商或组织内的业务部门控制。 它还为那些向董事提供建议、通知或协助的人提供指导。 他们包括: 〜高级管理人员; ~ 监控组织内资源的团体成员; ~ 外部业务或技术专家,例如法律或会计;专家、零售协会或专业团体; ~ 硬件、软件、通信和其他 IT 产品的供应商; ~ 内部和外部服务提供商(包括顾问); ~ IT 审计员。 [外文原描述]: ISO/IEC 38500:2008 provides guiding principles for directors of organizations (including owners, board members, directors, partners, senior executives, or similar) on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. ISO/IEC 38500:2008 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization. It also provides guidance to those advising, informing, or assisting directors. They include: senior managers; members of groups monitoring the resources within the organization; external business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies; vendors of hardware, software, communications and other IT products; internal and external service providers (including consultants); IT auditors.
英文名称Corporate governance of information technology