iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC TS 38508:2024

(Main)

Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations

Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations

This document provides guidance for members of governing bodies of organizations on the effective, efficient and acceptable use of a shared digital service platform among ecosystem organizations by: — establishing a vocabulary for the governance of a shared digital service platform among ecosystem organizations; — providing a framework for understanding the implications of the use of a shared digital service platform among ecosystem organizations; — guiding governing bodies to evaluate, direct and monitor the introduction and use of a digital service platform, applying the governance principles of ISO/IEC 38500; — assuring stakeholders that, if the guidance proposed by this document is followed, they can have confidence in the organization’s use of shared digital service platform among ecosystem organizations. This document also provides guidance to those advising, informing or assisting governing bodies, including: — executive managers; — members of groups monitoring the resources within the organization; — external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; — public authorities and policy makers; — internal and external service providers (including consultants); — auditors.

Technologies de l'information — Gouvernance des technologies de l'information — Implications de gouvernance de l'utilisation d'une plateforme mutualisée de services numériques dans les organisations d'un écosystème

General Information

Status
Published
Publication Date
22-Feb-2024
ICS
35.020 - Information technology (IT) in general
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Current Stage
6060 - International Standard published
Start Date
23-Feb-2024
Due Date
13-Apr-2024
Completion Date
23-Feb-2024
Ref Project

Buy Standard

ISO/IEC TS 38508:2024 - Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations Released:23. 02. 2024ISO/IEC TS 38508:2024 - Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations Released:23. 02. 2024
PreviousNext
Technical specification
ISO/IEC TS 38508:2024 - Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations Released:23. 02. 2024
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


Technical
Specification
ISO/IEC TS 38508
First edition
Information technology —
2024-02
Governance of IT — Governance
implications of the use of a shared
digital service platform among
ecosystem organizations
Technologies de l'information — Gouvernance des technologies
de l'information — Implications de gouvernance de l'utilisation
d'une plateforme mutualisée de services numériques dans les
organisations d'un écosystème
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of shared digital service platform among ecosystem organizations . 2
4.1 The purpose of a shared digital service platform among ecosystem organizations .2
4.2 Governance arrangement of shared digital service platform among ecosystem
organizations .3
4.2.1 General .3
4.2.2 Centralized model .3
4.2.3 Consortium model .3
4.2.4 Open platform model .3
4.3 Consortium model — exemplar of an alliance .4
5 Benefits of good governance of a shared digital service platform . 5
6 Governance framework for a shared digital service platform . 5
7 Governance model for organizations participating in shared digital service platform . 6
8 Guidance for the governance of a shared digital service platform . 8
8.1 General .8
8.2 Strategy .8
8.3 Acquisition .8
8.4 Compliance .9
8.5 Performance .9
8.6 Human behaviour and culture .9
8.7 Data quality .10
8.8 Risk governance .10
8.9 Organizational governance oversight .11
9 Guidance for the management of shared digital service platform .12
9.1 Roles of management . 12
9.2 Considerations for management systems . 12
Annex A (informative) Plug and play architecture of a platform and its ecosystem . 14
Annex B (informative) Use case of shared digital service platform .15
Bibliography .16

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 40, IT service management and IT governance.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
Organizations are increasingly using plug and play architecture on shared digital service platforms to
develop new digital services that can be adapted to meet future needs. This architecture allows organizations
to add new applications and features to the platform without disrupting the overall system. Using a shared
digital service platform also enables organizations to enhance the value they offer to customers by bundling
existing capabilities with new digital capabilities and forming flexible value networks with business
partners and suppliers.
The plug and play architecture of a shared digital service platform can easily add the applications of
suppliers or other ecosystem organizations. For example, a product manufacturer could monitor product
performance data for preventive maintenance by adding applications from their part suppliers and other
ecosystem organizations.
The plug and play architecture of a shared digital service platform also enables independently developed
applications to be combined and integrated into the platform through a standardized interface, thereby
reducing overall adjustment costs incurred in the platform ecosystem. The plug and play architecture of the
platform enables ecosystem organizations to focus on their work relatively autonomously, which ultimately
helps to lower both application innovation costs and system integration costs borne by the ecosystem
organizations.
The plug and play architecture of a shared digital service platform lays the foundation for platform
participants to innovate the platform through application development instead of the platform owner being
fully responsible for application development and thus platform innovation. The plug and play architecture
of the platform and its underlying scalable technologies, with the option of adding additional elements
[technology for Internet of Things (IoT), data storage, application development, analytics and security],
makes it possible for organizations to dramatically enhance value offered to customers by easily expanding
the organizations’ existing capabilities with new digital capabilities in cooperation with the ecosystem
organizations.
The use of a shared digital service platform creates governance and control issues that the governing
body and management have to ensure are addressed. These include ensuring that there is a clear basis
for governance and a governance framework that provides policies and accountabilities that meet the
organization’s requirements.
This document aims to provide guidance to the governing body of organizations that are accountable for
their organization’s adoption of a digital service platform among an ecosystem organization. Thus, this
document focuses on governance and not on the technologies themselves. The technological and managerial
aspects of a "digital service platform" are only covered to the extent that is necessary to understand the
governance implications of their use.
For information on the technological aspects of digital service platforms and cloud computing, please see
ISO/IEC TS 5928 and ISO/IEC 22123-2.
This document is applicable to all organizations, including public and private companies, government
entities, and not-for-profit organizations. This document is applicable to organizations of all sizes from the
smallest to the largest, regardless of the extent of their dependence on data or information technologies.

© ISO/IEC 2024 – All rights reserved
v
Technical Specification ISO/IEC TS 38508:2024(en)
Information technology — Governance of IT — Governance
implications of the use of a shared digital service platform
among ecosystem organizations
1 Scope
This document provides guidance for members of governing bodies of organizations on the effective,
efficient and acceptable use of a shared digital service platform among ecosystem organizations by:
— establishing a vocabulary for the governance of a shared digital service platform among ecosystem
organizations;
— providing a framework for understanding the implications of the use of a shared digital service platform
among ecosystem organizations;
— guiding governing bodies to evaluate, direct and monitor the introduction and use of a digital service
platform, applying the governance principles of ISO/IEC 38500;
— assuring stakeholders that, if the guidance proposed by this document is followed, they can have
confidence in the organization’s u
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 20000-16:2025(Main)
Information technology — Service management — Part 16: Guidance on sustainability within a service management system based on ISO/IEC 20000-1

This document provides guidance for including sustainability within a service management system (SMS) based on the requirements defined in ISO/IEC 20000-1. It is aimed at: — organizations that are intending to implement the requirements of ISO/IEC 20000-1 and directly address sustainability; — organizations that intend to leverage their existing SMS to enable sustainability actions and sustainable delivery; — consultants, trainers and other experts supporting organizations that utilize ISO/IEC 20000-1, so that they can be informed on how to include sustainability actions in an SMS. Sustainability in this context has three interdependent dimensions, which are environmental, social and economic. Annex A expands on the three dimensions with examples of each. The guidance provided in this document aims to help organizations consider and address sustainability objectives as well as challenges related to their services. The complexity and detail surrounding the inclusion of sustainability within an SMS will vary and be dependent on the context of the organization, the scope of the SMS, compliance obligations and the nature of the services within the scope of the SMS. This document is intended to be used in conjunction with ISO/IEC 20000-1 to address sustainability objectives related to specific requirements in ISO/IEC 20000-1. As such, it is anticipated that the user of this document is aware of the requirements in ISO/IEC 20000-1. The suggestions included across clauses in this document will be most effective when applied to an SMS which is implemented according to the corresponding clauses in ISO/IEC 20000-1. Application of this guidance to an SMS according to ISO/IEC 20000-1 is therefore recommended. This document supports and is an addition to the guidance already provided in ISO/IEC 20000-2, ISO/IEC 20000-3, ISO/IEC TS 20000-5 and other parts of the ISO/IEC 20000 series. Organizations can use the guidance in this document to also address the new requirements identified in ISO/IEC 20000-1:2018/Amd 1:2024 and ISO’s objectives to address climate change. The recommendations in this document for improving sustainability within an SMS are not exclusive and can be implemented along with other sustainability initiatives.

  • Technical specification
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 20000-17:2024(Main)
Information technology — Service management — Part 17: Scenarios for the practical application of service management systems based on ISO/IEC 20000-1:2018

This document provides scenarios, explanations and examples for the practical application of service management systems (SMS) based on ISO/IEC 20000-1:2018. These scenarios provide examples of situations in which an SMS can be used and how the requirements of ISO/IEC 20000-1:2018 can be applied. This document can be used with ISO/IEC 20000-1 as well as with ISO/IEC 20000-2, ISO/IEC 20000-3, ISO/IEC TS 20000-5 and other parts of the ISO/IEC 20000 series. This document is aimed at: a) organizations that are intending to implement an SMS based on the requirements of ISO/IEC 20000-1; b) organizations that have already implemented an SMS based on the requirements of ISO/IEC 20000-1; c) consultants, trainers and other experts supporting these organizations. This document does not add to, change or replace any of the requirements in ISO/IEC 20000-1. This document is not intended to be used for a conformity assessment.

  • Technical report
    44 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-2:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 2: Process assessment model (PAM)

This document specifies the process assessment model (PAM). It contains process definitions of the ITES-BPO lifecycle defined in ISO/IEC 30105-1 and a model suitable for assessing process capability. The outcomes in the PAM are clearly defined, observable results, aligned to the business benefits derived by the customer and service provider. A PAM consists of a set of indicators for process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to determine ratings. The set of indicators included in this document is not intended to be an all-inclusive set, nor is it intended to be applicable in its entirety. Supersets and subsets are selected according to the context and the scope of the assessment. The PAM in this document is directed at assessment sponsors and competent assessors who wish to select a model and an associated documented assessment process for the ITES-BPO lifecycle processes, for process capability gap determination.

  • Standard
    135 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-3:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)

This document specifies a measurement framework (MF) and an organization maturity model (OMM). It provides the overview of how an organization can use the process reference model (PRM) in ISO/IEC 30105-1 and the process assessment model (PAM) in ISO/IEC 30105-2 to measure their capability and maturity levels. It conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004 and supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels. This document is intended to be used in concurrence with the other parts of the ISO/IEC 30105 series and the assessment approach provided by ISO/IEC 33002 for assessing processes.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-5:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 5: Guidance

This document contains the guidance on supporting maturity improvement for service providers. It specifies the provision of assessment results that are repeatable, objective and comparable within similar contexts, and can be used for either process improvement or process capability gap determination. The framework for the conduct of assessments is designed to support the achievement of dependable assessment results. This document provides guidance on the usage of the core parts of the ISO/IEC 30105 series: ISO/IEC 30105-1, ISO/IEC 30105-2 and ISO/IEC 30105-3. This document also introduces the extended parts of the ISO/IEC 30105 series: ISO/IEC TS 30105-6, ISO/IEC TR 30105-7, ISO/IEC 30105-8 and ISO/IEC TS 30105-9.

  • Standard
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-1:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 1: Process reference model (PRM)

The ISO/IEC 30105 series specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document specifies the process reference model (PRM). It contains process definitions across the lifecycle described in terms of process context, purpose and outcomes, together with a framework defining relationships between the processes. The process purpose details the high-level objective of performing the process such that implementation of the process leads to tangible benefits for stakeholders. The process outcomes are clearly defined by observable results and aligned to the business benefits derived by the customer and service provider. This document: — covers IT enabled business processes that are outsourced; — is not intended to address IT processes, but includes references to them at key touchpoints for completeness; — is applicable to the service provider, not to the customer; — is applicable to all lifecycle processes of ITES-BPO; — serves as a PRM for organizations providing ITES-BPO services.

  • Standard
    29 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 20000-15:2024(Main)
Information technology — Service management — Part 15: Guidance on the application of Agile and DevOps principles in a service management system

This document provides guidance on the relationship between ISO/IEC 20000–1:2018 and two commonly used frameworks, Agile and DevOps. It can be used by any organization or person wishing to understand how Agile and DevOps can be used with ISO/IEC 20000–1, including: a) an organization that has demonstrated or intends to demonstrate conformity to the requirements specified in ISO/IEC 20000–1 and is seeking guidance on the use of Agile or DevOps to establish or improve the SMS and the services; b) an organization that already uses Agile or DevOps and is seeking guidance on how Agile or DevOps can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000–1; c) an assessor or auditor who wishes to understand the use of Agile or DevOps as a support for achieving the requirements specified in ISO/IEC 20000–1. Both approaches can be used independently or together. Depending on the context, an organization can deploy Agile frameworks only, DevOps frameworks only, use both Agile and DevOps frameworks in isolation, or use an integrated workflow with combined Agile and DevOps approaches. In any of these situations, this document can be used as guidance for the integration of Agile and DevOps practices in an SMS. The guidance in this document can assist an organization in planning and preparing for a conformity assessment against ISO/IEC 20000-1, noting that an organization can only claim conformity by fulfilling all requirements specified in ISO/IEC 20000-1.

  • Technical specification
    34 pages
    English language
    sale 15% off
ISO
ISO/IEC 38500:2024(Main)
Information technology — Governance of IT for the organization

This document provides guiding principles for members of governing bodies of organizations and those that support them on the effective, efficient and acceptable use of information technology (IT) within their organizations. This document is applicable to: — the governance of the organization’s current, and future, use of IT; — the governance of IT as a domain of governance of organizations. In terms of audience, this document is applicable to: — all organizations, including public and private companies, government entities, and not-for-profit organizations; — organizations of all sizes, from the smallest to the largest, regardless of the extent of their use of IT.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC 20000-1:2018/Amd 1:2024(Amendment)
Information technology — Service management — Part 1: Service management system requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO/IEC TS 20000-14:2023(Main)
Information technology — Service management — Part 14: Guidance on the application of Service Integration and Management to ISO/IEC 20000-1

This document provides guidance for organizations that are establishing or improving a service management system (SMS) by incorporating a service integrator. The incorporation of a service integrator is aimed at addressing an environment that includes services sourced from multiple service providers. This document specifically focuses on Service Integration and Management (SIAM) in the context of an SMS. The intended users of this document include: — organizations that need to manage multiple service providers within a new or existing SMS according to SIAM; and — consultants and advisors that support an organization during SMS implementation or improvement, where a SIAM approach is being adopted. NOTE 1 This document is applicable for organizations implementing SIAM in conjunction with SMS. It does not limit organizations or individuals from implementing any other management and governance model for managing multivendor environments along with SMS. This document is not applicable to organizations that have only one service provider. NOTE 2 In SIAM, the term "supplier" is not used. Internal and external suppliers are both referred to as “service providers”. See 4.2 for further comparison of terminology.

  • Technical specification
    30 pages
    English language
    sale 15% off