scope:

This standard provides guiding principles for directors of organizations (including owners, board members, directors, partners, senior executives, or similar) on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.

This standard applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.

It also provides guidance to those advising, informing, or assisting directors. They include:

• senior managers;

• members of groups monitoring the resources within the organization;

• external business or technical specialists, such as legal or accounting; specialists, retail associations, or professional bodies;

• vendors of hardware, software, communications and other IT products;

• internal and external service providers (including consultants);

• IT auditors.