ISO/IEC TR 38504:2016 情報技術のガバナンス—情報技術のガバナンスにおける原則ベースの標準のガイダンス | ページ 2

Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives ).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents ).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html .

The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 40, IT service management and IT governance.

Introduction

This document has been developed to give guidance on the information required to support principles-based standards in the area of governance and management of information technology.

A principles-based approach to standardization is aimed at providing non-prescriptive guidance that is applicable to all organizations, including public and private companies, government entities and not-for-profit organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.

The benefit of a principles-based standard is that it can identify the outcomes of applying the principles without specifying explicit methodologies, structures, processes and techniques needed to achieve the outcomes.

Within the International Standards arena, the definition of guidance in the area of governance of information technology falls within the scope of ISO/IEC JTC 1/SC 40. The existing International Standards in this area are ISO/IEC 38500, ISO/IEC TS 38501 and ISO/IEC TR 38502.

Experience with principles-based standards in the area of governance of IT has indicated that there is a need to establish a common understanding of proposed principles and the expected outcomes of applying the recommended principles as a basis for consensus. This requires a clear statement of the rationale for the principles, the expected governance behaviours associated with the principle together with the expected outcomes from their adoption.

In order for future standards and revisions of current standards to select the appropriate forms of principle description and apply them in a consistent fashion, it is desired to develop a common characterization of all of these forms of principle description. This document presents guidelines for the general recommendations of principles-based governance standards and the description of principles in terms of their format, content and level of prescription.

The intended audience for this document are the editors, working group members, reviewers and other participants in the development of principles-based standards and technical reports as well as governance of IT practitioners. An additional audience may be experts developing organizational policies and standards. It is intended that they will select the elements suitable for their project from those described in this document. It is further intended that, having selected the appropriate elements, users of this document will apply them in a manner consistent with the guidance provided by this document.

1 Scope

This document provides guidance on the information required to support principles-based standards in the area of governance and management of information technology.

Guidance includes general recommendations, identification of elements and advice for their formulation. It does not describe the detail of specific principles or how they are aggregated into specific guidance to fulfil business objectives and achieve business outcomes from the use of IT.

2 Normative references

There are no normative references in this document.

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 38500 and ISO/IEC TR 38502 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

Bibliography