Here is the honest situation. Boards are accountable for the use of IT, but most govern it by anecdote, without a model. ISO 38500 gives them one: six principles and the evaluate, direct and monitor model. The hard part is operationalizing it, the board-level evaluation and direction, the reporting that gives visibility, and the clean split from management, all evidenced. Building that from a guidance document is weeks of work, and without it IT decisions happen without real oversight.
This Kit removes the interpretation. It is the ISO 38500 principles, model and tasks as adopt-ready controls you personalize in a weekend.
What you get, the moment you buy
Grounded in ISO/IEC 38500 and the evaluate-direct-monitor model, aligned with ISO/IEC 27014 for security governance, with the board-level reporting and the governance-management split called out. Editable Word and Excel files.
What one control looks like
This is the first principle, responsibility for the use of IT. All 26 controls are built to this depth.
Why this is not another template pack
- The evidence is the point. A governance charter is not oversight. This tells you exactly what an assessor examines and the finding they raise, for every principle and task, including the board-level reporting.
- Principles and model together. The six principles and the evaluate-direct-monitor model, applied across strategy, investment, risk and resources, so governance is practiced, not published.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. ISO 38500 aligns with ISO 27014 security governance and COBIT, so your IT and security governance share one model.
Who buys this
Boards and executives accountable for IT, CIOs who report to them, internal auditors, and consultants standing up IT governance. Whether it is a first governance framework or a maturity uplift, you save weeks and walk in with the principles, model and evidence structured.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Is 38500 certifiable? It is a guidance standard, not certifiable on its own. This Kit gives you an adoptable, auditable IT governance model that satisfies board-oversight expectations and aligns with COBIT.
How does it relate to ISO 27014? 38500 governs the use of IT broadly; 27014 governs information security specifically, on the same evaluate-direct-monitor basis. This Kit aligns with both.
Does it cover the board's role? Yes. The governing body's evaluate, direct and monitor responsibilities across IT are the core of the Kit.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com