ISO/IEC 38500:2024
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
Framework for the governance of IT – ISO/IEC 38500:2024
| Code | Title |
|---|---|
| iso-iec-38500-2024::7.1 | General |
| iso-iec-38500-2024::7.2 | Elements of the framework |
| iso-iec-38500-2024::7.2.1 | General |
| iso-iec-38500-2024::7.2.2 | Direction |
| iso-iec-38500-2024::7.2.3 | Capability |
| iso-iec-38500-2024::7.2.4 | Policy |
| iso-iec-38500-2024::7.2.5 | Delegation |
| iso-iec-38500-2024::7.2.6 | Performance |
| iso-iec-38500-2024::7.2.7 | Accountability |
Good governance of IT – ISO/IEC 38500:2024
| Code | Title |
|---|---|
| iso-iec-38500-2024::4.1 | Outcomes of good governance of IT |
| iso-iec-38500-2024::4.1.1 | Overview |
| iso-iec-38500-2024::4.1.2 | Effective performance |
| iso-iec-38500-2024::4.1.3 | Responsible stewardship |
| iso-iec-38500-2024::4.1.4 | Ethical behaviour |
| iso-iec-38500-2024::4.2 | Principles, model and framework |
Model for the governance of IT – ISO/IEC 38500:2024
| Code | Title |
|---|---|
| iso-iec-38500-2024::6.1 | Introduction |
| iso-iec-38500-2024::6.2 | Governance of IT practice |
| iso-iec-38500-2024::6.2.1 | Engage stakeholders |
| iso-iec-38500-2024::6.2.2 | Evaluate |
| iso-iec-38500-2024::6.2.3 | Direct |
| iso-iec-38500-2024::6.2.4 | Monitor |
| iso-iec-38500-2024::6.3 | Management of IT practice |
| iso-iec-38500-2024::6.4 | Framework for the governance of IT |
Principles for the governance of IT – ISO/IEC 38500:2024
| Code | Title |
|---|---|
| iso-iec-38500-2024::5.1 | Overview |
| iso-iec-38500-2024::5.10 | Risk governance |
| iso-iec-38500-2024::5.10.1 | Principle |
| iso-iec-38500-2024::5.10.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.10.3 | Outcomes |
| iso-iec-38500-2024::5.11 | Social responsibility |
| iso-iec-38500-2024::5.11.1 | Principle |
| iso-iec-38500-2024::5.11.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.11.3 | Outcomes |
| iso-iec-38500-2024::5.12 | Viability and performance over time |
| iso-iec-38500-2024::5.12.1 | Principle |
| iso-iec-38500-2024::5.12.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.12.3 | Outcomes |
| iso-iec-38500-2024::5.2 | Purpose |
| iso-iec-38500-2024::5.2.1 | Principle |
| iso-iec-38500-2024::5.2.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.2.3 | Outcomes |
| iso-iec-38500-2024::5.3 | Value generation |
| iso-iec-38500-2024::5.3.1 | Principle |
| iso-iec-38500-2024::5.3.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.3.3 | Outcomes |
| iso-iec-38500-2024::5.4.1 | Principle |
| iso-iec-38500-2024::5.4.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.4.3 | Outcomes |
| iso-iec-38500-2024::5.5 | Oversight |
| iso-iec-38500-2024::5.5.1 | Principle |
| iso-iec-38500-2024::5.5.3 | Outcomes |
| iso-iec-38500-2024::5.6 | Accountability |
| iso-iec-38500-2024::5.6.1 | Principle |
| iso-iec-38500-2024::5.6.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.6.3 | Outcomes |
| iso-iec-38500-2024::5.7 | Stakeholder engagement |
| iso-iec-38500-2024::5.7.1 | Principle |
| iso-iec-38500-2024::5.7.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.7.3 | Outcomes |
| iso-iec-38500-2024::5.8 | Leadership |
| iso-iec-38500-2024::5.8.1 | Principle |
| iso-iec-38500-2024::5.8.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.8.3 | Outcomes |
| iso-iec-38500-2024::5.9 | Data and decisions |
| iso-iec-38500-2024::5.9.1 | Principle |
| iso-iec-38500-2024::5.9.2 | Governance implications for use of IT |
| iso-iec-38500-2024::5.9.3 | Outcomes |
Your Compliance Coverage
If you comply with ISO/IEC 38500:2024, you already cover:
ISO/IEC 42001:2023
100%
66 controls mapped
Compare →ISO/IEC 23894:2023
97%
64 controls mapped
Compare →ISO/IEC TR 24028:2020
71%
47 controls mapped
Compare →+ 46 more: ISO 22000:2018 (41%), ISO 37301:2021 (32%)
See all 49 mapped frameworks ↓Maps to 49 other frameworks
Frequently Asked Questions
What is ISO/IEC 38500:2024?
ISO/IEC 38500:2024 is a compliance framework from International with 4 domains and 66 controls. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO/IEC 38500:2024 have?
ISO/IEC 38500:2024 has 66 controls organised across 4 domains. The largest domains are Principles for the governance of IT – ISO/IEC 38500:2024 (43 controls), Framework for the governance of IT – ISO/IEC 38500:2024 (9 controls), Model for the governance of IT – ISO/IEC 38500:2024 (8 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO/IEC 38500:2024 map to?
ISO/IEC 38500:2024 maps to 49 other compliance frameworks. The top mapping partners are ISO/IEC 42001:2023 (100% coverage), ISO/IEC 23894:2023 (97% coverage), ISO/IEC TR 24028:2020 (71% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO/IEC 38500:2024 compliance?
Start your ISO/IEC 38500:2024 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO/IEC 38500:2024 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 66 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required