The AI governance and the main related ISO standards: 42001, 38507 and 38500

22 Jan 2025 07:00 AM - By itSMF Staff

Reading time: ~ 3 min.

direttiva sulla responsabilità da intelligenza artificiale itsmf blog

The artificial intelligence and the governance: the most relevant ISO standards

In the landscape of (IT or) Enterprise Service Management the artificial intelligence arises as one of the leading trend that brings a lot of innovation in the concept of IT service management, as well as big challenges regarding the governance aspects.

In our today post, we're going to take a closer look at the most relevant ISO standards that provide us useful guidelines for organizations in the implementation of the correct AI governance. Our overview will be mainly on:

  • ISO/IEC 38507:2022
  • ISO 38500
  • ISO 42001:2023
  • ISO/IEC 28394:2023

The artificial intelligence and governance according to the ISO 38507 standard

The ISO/IEC 38507:2022 standard on «Information technology — Governance of IT — Governance implications of the use of artificial intelligence by Organizations» provides guidelines addressed to governing body of organizations that use artificial intelligence.


The documentation is useful to implement an effective, efficient and acceptable use of the AI within the organization. The standard can be applied to ensure the governance of current and future uses of artificial intelligence as well as the implications of such use for the organization itself.


These are the sections of ISO/IEC 38507:2022 standard:

1 Scope
2 Normative references
3 Terms and definitions
3.1 Terms related to Al
3.2 Terms related to governance
4 Governance implications of the organizational use of Al
4.1 General
4.2 Maintaining governance when introducing Al
4.3 Maintaining accountability when introducing Al
5 Overview of Al and Al systems
5.1 General
5.2 How Al systems differ from other information technologies
5.3 Al ecosystem
5.4 Benefits of the use of Al
5.5 Constraints on the use of Al
6 Policies to address use of Al
6.1 General
6.2 Governance oversight of Al
6.3 Governance of decision-making
6.4 Governance of data use
6.5 Culture and values
6.6 Compliance
6.7 Risk
Annex A Governance and organizational decision-making
A.1 Overview of relevant governance standards
A. 2 Governing body guidance over management decisions
A.3 Governance of data use

ISO/IEC 38507 and the main correlated ISO standards

If we take a closer look at the IEC/ISO 38507:2022 standard we can find a direct relation to the ISO/IEC 42001:2023 on «Information technology Artificial intelligence Management system» (we already had a focus on our blog about this standard).

Regarding to the AI governance approach proposed in the ISO 38507 standard, we can point out that it is aligned with the one defined in the well-known ISO/IEC 38500:2015 standard on «Information technology - Governance of IT for the organization».

On the subject of risk management, the ISO 38507 recalls the IEC/ISO 28394:2023 standard on «Information technology — Artificial intelligence – Guidance on risk management».

To better figure out the «big picture», take a look at our infographic:
By Andrea Leonardi (VP @ Minerva Group Service, MP @ Alpemi Consulting & itSMF Swizerland board member).
If you want to keep you up-to-date with the most recent news on this topic, don't forget to follow us on our social media channels or subscribe to our newsletter.

FOLLOW US ON OUR YOUTUBE CHANNEL

Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
CONTACT US TO SEND YOUR MESSAGE
DISCOVER OUR EVENT CALENDAR
Get the benefits of Membership Program

Our sponsors

A special thanks to our Advanced Sponsors:

itSMF Staff