Back to Frameworks

ISO/IEC 38500:2024

International
v2024
4 domains
66 controls
Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (4)

Framework for the governance of IT – ISO/IEC 38500:2024

9 controls
Controls in the Framework for the governance of IT – ISO/IEC 38500:2024 domain of ISO/IEC 38500:20249 controls
CodeTitle
iso-iec-38500-2024::7.1General
iso-iec-38500-2024::7.2Elements of the framework
iso-iec-38500-2024::7.2.1General
iso-iec-38500-2024::7.2.2Direction
iso-iec-38500-2024::7.2.3Capability
iso-iec-38500-2024::7.2.4Policy
iso-iec-38500-2024::7.2.5Delegation
iso-iec-38500-2024::7.2.6Performance
iso-iec-38500-2024::7.2.7Accountability

Good governance of IT – ISO/IEC 38500:2024

6 controls
Controls in the Good governance of IT – ISO/IEC 38500:2024 domain of ISO/IEC 38500:20246 controls
CodeTitle
iso-iec-38500-2024::4.1Outcomes of good governance of IT
iso-iec-38500-2024::4.1.1Overview
iso-iec-38500-2024::4.1.2Effective performance
iso-iec-38500-2024::4.1.3Responsible stewardship
iso-iec-38500-2024::4.1.4Ethical behaviour
iso-iec-38500-2024::4.2Principles, model and framework

Model for the governance of IT – ISO/IEC 38500:2024

8 controls
Controls in the Model for the governance of IT – ISO/IEC 38500:2024 domain of ISO/IEC 38500:20248 controls
CodeTitle
iso-iec-38500-2024::6.1Introduction
iso-iec-38500-2024::6.2Governance of IT practice
iso-iec-38500-2024::6.2.1Engage stakeholders
iso-iec-38500-2024::6.2.2Evaluate
iso-iec-38500-2024::6.2.3Direct
iso-iec-38500-2024::6.2.4Monitor
iso-iec-38500-2024::6.3Management of IT practice
iso-iec-38500-2024::6.4Framework for the governance of IT

Principles for the governance of IT – ISO/IEC 38500:2024

43 controls
Controls in the Principles for the governance of IT – ISO/IEC 38500:2024 domain of ISO/IEC 38500:202443 controls
CodeTitle
iso-iec-38500-2024::5.1Overview
iso-iec-38500-2024::5.10Risk governance
iso-iec-38500-2024::5.10.1Principle
iso-iec-38500-2024::5.10.2Governance implications for use of IT
iso-iec-38500-2024::5.10.3Outcomes
iso-iec-38500-2024::5.11Social responsibility
iso-iec-38500-2024::5.11.1Principle
iso-iec-38500-2024::5.11.2Governance implications for use of IT
iso-iec-38500-2024::5.11.3Outcomes
iso-iec-38500-2024::5.12Viability and performance over time
iso-iec-38500-2024::5.12.1Principle
iso-iec-38500-2024::5.12.2Governance implications for use of IT
iso-iec-38500-2024::5.12.3Outcomes
iso-iec-38500-2024::5.2Purpose
iso-iec-38500-2024::5.2.1Principle
iso-iec-38500-2024::5.2.2Governance implications for use of IT
iso-iec-38500-2024::5.2.3Outcomes
iso-iec-38500-2024::5.3Value generation
iso-iec-38500-2024::5.3.1Principle
iso-iec-38500-2024::5.3.2Governance implications for use of IT
iso-iec-38500-2024::5.3.3Outcomes
iso-iec-38500-2024::5.4.1Principle
iso-iec-38500-2024::5.4.2Governance implications for use of IT
iso-iec-38500-2024::5.4.3Outcomes
iso-iec-38500-2024::5.5Oversight
iso-iec-38500-2024::5.5.1Principle
iso-iec-38500-2024::5.5.3Outcomes
iso-iec-38500-2024::5.6Accountability
iso-iec-38500-2024::5.6.1Principle
iso-iec-38500-2024::5.6.2Governance implications for use of IT
iso-iec-38500-2024::5.6.3Outcomes
iso-iec-38500-2024::5.7Stakeholder engagement
iso-iec-38500-2024::5.7.1Principle
iso-iec-38500-2024::5.7.2Governance implications for use of IT
iso-iec-38500-2024::5.7.3Outcomes
iso-iec-38500-2024::5.8Leadership
iso-iec-38500-2024::5.8.1Principle
iso-iec-38500-2024::5.8.2Governance implications for use of IT
iso-iec-38500-2024::5.8.3Outcomes
iso-iec-38500-2024::5.9Data and decisions
iso-iec-38500-2024::5.9.1Principle
iso-iec-38500-2024::5.9.2Governance implications for use of IT
iso-iec-38500-2024::5.9.3Outcomes

Your Compliance Coverage

If you comply with ISO/IEC 38500:2024, you already cover:

Maps to 49 other frameworks

66 total controls
ISO/IEC 42001:2023
66 source controls mapped|21 target controls covered
100%
ISO/IEC 23894:2023
64 source controls mapped|15 target controls covered
97%
ISO/IEC TR 24028:2020
47 source controls mapped|22 target controls covered
71%
ISO 22000:2018
27 source controls mapped|6 target controls covered
41%
ISO 37301:2021
21 source controls mapped|7 target controls covered
32%
ISO 37001:2016
16 source controls mapped|8 target controls covered
24%
ISO 10005:2005
16 source controls mapped|5 target controls covered
24%
ISO 13485:2016
15 source controls mapped|13 target controls covered
23%
ISO 14004:2016
15 source controls mapped|5 target controls covered
23%
ISO 45001:2018
15 source controls mapped|4 target controls covered
23%
ISO 55001:2014
13 source controls mapped|5 target controls covered
20%
ISO 22301:2019
11 source controls mapped|6 target controls covered
17%
FFIEC Cybersecurity Assessment Tool (CAT)
11 source controls mapped|1 target controls covered
17%
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)
11 source controls mapped|1 target controls covered
17%
BCBS 239
11 source controls mapped|1 target controls covered
17%
ISO 37000:2021
8 source controls mapped|9 target controls covered
12%
ISO/IEC 17050-2:2004
7 source controls mapped|3 target controls covered
11%
ISO/IEC 38500:2024 - Governance of IT
7 source controls mapped|8 target controls covered
11%
ISO 31000:2018
6 source controls mapped|5 target controls covered
9%
ISO 37000:2021 - Governance of Organizations
6 source controls mapped|5 target controls covered
9%
ISO 27701:2019
6 source controls mapped|6 target controls covered
9%
ISO 27017:2015
5 source controls mapped|3 target controls covered
8%
ISO 14001:2015
5 source controls mapped|2 target controls covered
8%
ISO 27002:2022
4 source controls mapped|7 target controls covered
6%
ISO 27005:2022
3 source controls mapped|4 target controls covered
5%
ISO 10007:2017
3 source controls mapped|2 target controls covered
5%
ISO 9001:2015
2 source controls mapped|1 target controls covered
3%
ISO 27001:2022
2 source controls mapped|1 target controls covered
3%
Belgium CyberFundamentals
2 source controls mapped|1 target controls covered
3%
Canada Artificial Intelligence and Data Act (AIDA)
2 source controls mapped|1 target controls covered
3%
Ethiopia Personal Data Protection Proclamation (No. 1321/2024)
2 source controls mapped|1 target controls covered
3%
ASEAN Guide on AI Governance and Ethics
2 source controls mapped|1 target controls covered
3%
FedRAMP High
2 source controls mapped|1 target controls covered
3%
NIST SP 800-53 Revision 5.1 HIGH
2 source controls mapped|1 target controls covered
3%
NIST SP 800-66 Rev 2
2 source controls mapped|1 target controls covered
3%
HIPAA Security Rule
2 source controls mapped|1 target controls covered
3%
BSI IT-Grundschutz
2 source controls mapped|1 target controls covered
3%
ISO 10006:2003
1 source controls mapped|1 target controls covered
2%
ISO 26000:2010
1 source controls mapped|1 target controls covered
2%
Brazil AI Framework
1 source controls mapped|1 target controls covered
2%
ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)
1 source controls mapped|1 target controls covered
2%
ISO 27005
1 source controls mapped|1 target controls covered
2%
ISO 31000
1 source controls mapped|1 target controls covered
2%
ISO 22316
1 source controls mapped|1 target controls covered
2%
Equator Principles (EP4, 2020)
1 source controls mapped|1 target controls covered
2%
ISO 20400:2017 - Sustainable Procurement
1 source controls mapped|2 target controls covered
2%
ISO/IEC 27014:2020
1 source controls mapped|1 target controls covered
2%
ISO 27018:2019
1 source controls mapped|1 target controls covered
2%
Annex 11 to EU GMP - Computerised Systems
1 source controls mapped|1 target controls covered
2%

Frequently Asked Questions

What is ISO/IEC 38500:2024?

ISO/IEC 38500:2024 is a compliance framework from International with 4 domains and 66 controls. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does ISO/IEC 38500:2024 have?

ISO/IEC 38500:2024 has 66 controls organised across 4 domains. The largest domains are Principles for the governance of IT – ISO/IEC 38500:2024 (43 controls), Framework for the governance of IT – ISO/IEC 38500:2024 (9 controls), Model for the governance of IT – ISO/IEC 38500:2024 (8 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does ISO/IEC 38500:2024 map to?

ISO/IEC 38500:2024 maps to 49 other compliance frameworks. The top mapping partners are ISO/IEC 42001:2023 (100% coverage), ISO/IEC 23894:2023 (97% coverage), ISO/IEC TR 24028:2020 (71% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with ISO/IEC 38500:2024 compliance?

Start your ISO/IEC 38500:2024 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO/IEC 38500:2024 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 66 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required