Skip to content

ISO International Standards for Service Directors

February 16, 2013

ISO International Standards ensure that products and services are safe, reliable and of good quality.

A Service Director (SD) should have a deep understanding and knowledge of the following ISO norms or Standard Frameworks:

ISO/IEC 37500: Outsourcing

ISO 37500 is the International Standard for Outsourcing.

Outsourcing is defined in ISO 37500 as the process of engaging in having services delivered from an outside service provider, which historically have been operated internally. Where the:

  • process is based on a Strategic Decision
  • resources may be transferred to the Service Provider.
  • Service is significant to the Customer Organization.
  • Service Provider is responsible for the Service for a substantial period of time.
  • Customer Organization retains the accountability for the Service.

The standard is intended to cover the main typical phases, processes and governance aspects of outsourcing, regardless of the industrial

or commercial sector involved. It aims to provide good industry practice to help organizations enter into, and continue to sustain, successful outsourcing arrangements throughout their agreed life. The standard focuss on:

  • Stimulating good management practices.
  • Ensuring flexibility in outsourcing to accommodate changing business requirements.
  • Managing the risks involved with outsourcing.
  • Enabling and fostering sustainable business relations.

Click here to download the draft version.

ISO/IEC 38500: IT Governance

ISO 38500 is the international standard for the Corporate Governance of Information Technology.
Corporate governance of IT is described as the system by which the current and future use of IT is directed and controlled. It is different to management, the system of controls and processes required to achieve the strategic objectives set by the organization’s governing body.

The six principles of the ISO 38500 standard are:

  • Responsibility
  • Strategy
  • Acquisition
  • Performance
  • Conformance
  • Human Behaviour

Adopting ISO/IEC 38500 starts with the first principle, establish “Responsibility”, through:

  • IT governance charter
  • IT governance framework
  • Accountability framework
  • CIO role and responsibilities
  • Assignment of authority to business, IT, service providers

Service Directors (or CIOs) need to prioritise the opportunities for IT to contribute positively to the performance of their organisations.
ISO 38500 standard was based on COBIT® (know more). 

ISO/IEC 17998: SOA Governance Framework

ISO 17998 describes a framework that provides context and definitions to enable organizations to understand and deploy service-oriented architecture (SOA) governance.

ISO 17998 defines:

  • SOA Governance, including its relationship between Business, IT, and EA governance; this assists organizations in understanding the impact that the introduction of SOA into an organization has on governance;
  • an SOA Governance Reference Model (SGRM) and its constituent parts, which assists organizations in specifying their appropriate governance regimes; and capturing best practice as a basis for a common approach;
  • the SOA Governance Vitality Method (SGVM) which assists organizations in customizing the SGRM and realizing their SOA Governance Regimen.

ISO 17998 is not intended to be used literally as provided; it is intended to be adapted/customized to create appropriate SOA governance for the organization. Many of the lists are non-normative and exemplary and intended to be filtered and as input to the customization process.

Click here to know more about its contents.

ISO 22301: Business Continuity

This standard provides the best framework for managing business continuity in an organization. Its full name is “ISO 22301:2012 Societal security – Business continuity management systems – Requirements”.

One of the features that differentiates this standard compared to other business continuity frameworks/standards is that an organization can become certified by an accredited certification body, and will therefore be able to prove its compliance to its customers, partners, owners and other stakeholders.

You can find here more information from ISO on this standard.

Other International Standards and Frameworks

Take in account that ISO 20000 (Service Management) and ISO 27000 series (Security Management) are covered at

In addition, there are also some interesting Commercial Frameworks (not ISO) such as COBIT®, ITIL®, CMMi® for Services, MOF, Run SAP®, etc. (we go over them at

As a Service Director, are you planning to implement ISO Standards?

Author: angelberniz (All Rights Reserved by the author)
Source: Original Text (based upon first hand knowledge)
Image: © DOC RABE Media –
Help us to improve it: how-todiscussion