ISO IEC TR 38504-2016 PDF

Full title and description

ISO/IEC TR 38504:2016 — Governance of information technology — Guidance for principles-based standards in the governance of information technology. This technical report provides guidance on the information needed to support principles-based standards addressing governance and management of IT within organizations.

Abstract

Provides high-level guidance for developing and applying principles-based standards in the governance of information technology. The report describes the types of information and elements that should be identified and documented when producing principles-based governance standards and offers recommendations for their formulation. It does not set specific governance principles nor prescribe detailed implementation steps for achieving business outcomes from IT.

General information

• Status: Published (technical report; confirmed at latest review).
• Publication date: September 2016 (edition 1, published September 2016).
• Publisher: Joint ISO/IEC (International Organization for Standardization / International Electrotechnical Commission).
• ICS / categories: 35.020 — Information technology (IT) in general.
• Edition / version: Edition 1 (2016).
• Number of pages: 8 pages (short technical report).

Bibliographic and lifecycle information confirmed from the ISO catalogue and recognized standards repositories.

Scope

Scope limited to guidance for the development and use of principles-based governance standards for IT. It identifies what information and structural elements such standards should include (for example, purpose, principles, explanatory material and guidance for governance bodies) and gives advice on formulating those elements so they are useful and adaptable across organizational contexts. The report explicitly excludes prescribing specific governance principles or detailed implementation guidance.

Key topics and requirements

• Principles-based approach: guidance on framing high-level governance principles and associated explanatory material.
• Element identification: recommended information elements to include in principles-based governance standards (purpose, scope, principles, rationale, roles/responsibilities, outcomes).
• Formulation guidance: advice on wording, scope boundaries and how to make principles actionable without prescribing specific technical controls.
• Alignment considerations: how principles-based standards relate to other governance and management standards in the ISO/IEC 38500 series and related deliverables.
• Audience and applicability: guidance intended to be adaptable across different organization sizes, sectors and regulatory environments.

These topics summarize the primary content and intended use of the technical report.

Typical use and users

Used by standards developers, national bodies and committees when drafting or reviewing principles-based governance standards for IT; by governance professionals, board members and senior IT managers seeking to understand how high-level governance principles should be structured in standards; and by consultants and auditors who align organizational governance frameworks with internationally recognised principles. It is a guidance document rather than a compliance or certification standard.

Related standards

Part of the broader ISO/IEC 38500 family addressing governance of IT. Related deliverables include ISO/IEC 38500 (primary governance standard), ISO/IEC TS 38501 (implementation guidance), ISO/IEC TR 38502 (framework and model), and other TR/TS documents within the governance series. The report is frequently listed together with other 38500-series documents in collections and catalogs for governance of IT.

Keywords

Governance of IT, principles-based standards, IT governance, ISO/IEC 38500 series, governance guidance, standards development, management of information technology.

FAQ

Q: What is this standard?

A: It is a technical report (ISO/IEC TR 38504:2016) giving guidance for creating and supporting principles-based standards in the governance of information technology; it is not a requirements standard but a guidance document for standards developers and governance practitioners.

Q: What does it cover?

A: It covers the types of information and structural elements that should be included in principles-based governance standards, recommendations for their formulation, and how to present explanatory material so principles are useful across contexts. It does not define specific governance principles or implementation steps.

Q: Who typically uses it?

A: Standards developers, national standards bodies, IT governance professionals, board members, senior managers, consultants and auditors who work on or with principles-based IT governance standards and frameworks.

Q: Is it current or superseded?

A: ISO/IEC TR 38504 was published in 2016 (edition 1) and the ISO catalogue indicates it was reviewed and confirmed in a subsequent review, remaining current as of the latest confirmation noted in the ISO lifecycle. Users should check the ISO catalogue or national standards body records for any later revisions or withdrawals before relying on it for normative purposes.

Q: Is it part of a series?

A: Yes — it is associated with the ISO/IEC 38500 family (governance of IT) and complements other TR/TS documents and the main ISO/IEC 38500 governance standard and implementation guidance documents.

Q: What are the key keywords?

A: Governance of IT; principles-based standards; IT governance; standards development; ISO/IEC 38500 series; guidance; principles formulation.