Skip to main content

ISO Consultation Certification Services

Our Clint Rating: 4.8 Start Based on 35 users

ISO 38500:2015-IT governance

ISO/IEC 38500:2015 was previously 38500:2008 ,It is been revised on 12th Febuary 2015 .This standard is applicable to all organizations like public and private companies, government entities, and non profit organizations. its  applicable to organizations irrespective of size and regardless of IT usage.


  • The ISO/IEC 38500:2015 will enable efficient and acceptable IT usage in an Organization by providing,
  • It will setup a vocabulary for IT governance
  • Increase confidence of customers in IT governance of organization by following the proposed practices and principles of ISO 38500
  • Give guidance and information to governing bodies regarding IT governance


The main changes made are :

  • The title of the standard has been changed, from Corporate Governance of IT to Governance of IT for the Organization, which reflects the wider applicability of the standard.
  • Updated the terms and definitions
  • Scope and application is wider  -This is been reflected in all documents
  • Terminology and definitions have also been updated



When it comes to ISO 38500:2008,


ISO/IEC 38500:2008 provides guiding principles and standards for the directors, executives of organizations (including owners, board members, directors, partners, senior executives, or similar) on the effective, efficient, and acceptable use of Information Technology (IT) within the organization in all levels. ISO/IEC 38500:2008 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.


The ISO/IEC 38500:2008 helps the organization to streamline the IT governance from top down approach by describing and demonstrating the importance and the effective compliance to the stakeholders for dedicating an appropriate governance and security framework.


The key advantage for the ISO/IEC 38500:2008 IT Governance framework was focused mainly on the accountability, ensuring and assigning all the IT risks and activities within your organization. The standards includes IT security responsibilities, strategies and behaviors to be completely assigned and monitored individually. The standards will help the organization to apply appropriate measures and mechanisms which were already established within the organization including the reporting and the response on the current and planned use of IT – In today’s technology, any organization must comply and meet the latest data protection requirements for all the externally used devices that should support the data encryption this is to avoid transmitting personal data and misusing the company information. 

ISO 38500:2015 is an International Standard which is applicable for all organizations regardless of size, purpose, design, and ownership structure.

  • The objective of ISO 38500 to help an organization by providing principles ,definitions and model of governing bodies and to enable monitoring and evaluation of IT usage 
  • This is a high level International standard, principles-based consultative standard.
  • More than implementing broad guidance on the role of a governing body, it also encourages organizations to use appropriate standards for IT governance 
  • By the proper implementation we can avoid  negative outcomes that are affecting the technical, financial, and scheduling aspects of IT activities
  • To fulfil their legal, regulatory, and ethical obligations of their organizations' use of IT.Proper maintenance of ISO 38500 is required
  • This International Standard is addressed primarily to the governing body. In some (typically smaller) organizations
  • The members of the governing body can also be executive managers.

In ISO 38500 :2008

The management processes and decisions are involved in the ISO/IEC 38500:2008 this is in relation with the current practices and the future use of the IT governance within the organization. The processes involved can be controlled mainly by the ICT specialists/authorities, business units or external service providers.


The above standards also defines the governance of IT as a separate section or domain of the organizational or corporate governance.


ISO/IEC 38500:2008 is applicable to any sizes of organizations from the smallest to the largest regardless of the sector, industries, coverage of their use of IT and is applicable including the public, private and government entities and non-profit organizations.


The standard will help the organization to promote and achieve the acceptable use of IT throughout the organizations in the most effective and efficient implementation which includes the following:


  • Providing assurance for the Top-Level Management and stakeholders that the principles and practices are being implemented within the organization. It will allow the organization to gain higher confidence on the governance of IT.
  • The standard will help the organization to create a vocabulary on the governance of IT.
  • The organizations governing bodies will be well-informed and guided with the use of every IT members throughout the organization.




The three main tasks that shall be governed with the involvement of the directors are as follows:

  1. Continuously evaluate the current and future use of IT which will benefit the organization;
  2. Direct preparation, evaluation and implementation of plans and policies to ensure that the use of IT is aligned within the organizations business objectives.
  3. Monitoring the conformances to the current implemented policies, performances which is aligned within the plans of the organization.

ISO 38500 Standard

Adapted from the ISO standard: ISO 38500



  • The above standard can be aligned and integrated to the ISO 9001, ISO 27001 and ISO 14001, ISO 20000 and ISO 28000 management standards in order to deliver significant benefits to the organization.

  • It will help the organization to comply with all the mandatory legal and regulatory requirements.

  • It helps the organization to achieve an internationally recognized certification which can increase customer’s loyalty and trust for the company.

  • Increases the organizations competitive advantage and boosts the image and reputation of the company.

  • Articulate the drive within the organization and demonstrate to the key stakeholders (Customers, Suppliers and Partners) the key benefits on the effective corporate governance of IT.

  • Establishes an appropriate metrics that will clearly demonstrate the success for the organization.

The Nbiz GO-AIM-HIGH methodology was developed to provide the continuous success for every clientle’s project. It represents the Nbiz Team Consultants activities during the involvement from the initial phase until the last phase to conclude the project successfully.


The acronyms on the GO-AIM-HIGH methodology are already tested, applied and proven methods by the Nbiz Team Consultants during the implementation of the project. These are the activities performed which represents the corresponding phases during the project implementation.


We are delighted to provide you the detailed explanation of our GO-AIM-HIGH Methodology on the below illustration.


G – Gathering of Data

The first step in the IMS Consultancy is gathering of data. In this, our consultants will be gathering all different types of relevant and existing records that are already with the client.

O – Organizational strength and weakness identification

The second step is aiming to identify the organizational strength and weaknessess.

A - Analyze and review documents, current processes and procedures

The third step in the IMS Consultancy is to conduct Gap Analysis of the current structure of the company which includes review of documents, processes and procedures in order to determine compliance to the required Management System standard. It is through this step that consultants and the company's key personnel can collaboratively formulate appropriate plan and activities to respond to gaps identified against the standard.

I-Improve, create and implement processes and procedures
The fourth step of the IMS consultancy is based on the gaps identified during step 1

Improvements and/or creation of documents meeting the requirements of the standard shall be initiated by the consultant in close coordination with the company’s key personnel. Documents shall include policies, manuals, procedures, forms/templates, instructions, etc. The documents created/improved shall be meeting the standard requirements and shall be suitable to the business activities and culture of the company. The company’s authorized representative shall review the documents and must be approved by the Top Management before issue. Additionally, Nbiz Infosol consultants shall guide companies to implement the set procedures and processes in order to comply with standard requirements. Appropriate trainings shall be provided to key personnel in order to provide or develop competence in the implementation of the system.

M-Monitor, check 

Once standard is established, Nbiz Infosol consultants shall guide companies to monitor performance as per the required standard through performance measurement, check compliance and conformances through audits and inspections. Nonconformance shall be identified, reported and recorded accordingly.

H-Handle non-conformities

As part of the monitoring and checking, Nbiz Consultants shall assist companies in reviewing and re-assing their environmental aspects/impacts and occupational hazards and risks. The review and re-assessment shall be done on a regular basis or as per requirement of the ISO 14001:2004 and OHSAS 18001:2007 standards.

I-Implement corrective actions and recommendations

Once the nonconformities are identified, Nbiz Infosol consultants shall assist companies to identify root causes, implement corrections, corrective actions and preventive actions for nonconformance. Recommendations shall also be considered for continual improvement.

G-Generate reports

Reports shall be generated in all phases of the consultancy. Nbiz Infosol recognized that reports and records are essential to prove evidences of performed activities. Reports shall be properly channeled and submitted in correct and appropriate formats.

H-Head towards certification

Once, documents, procedures and processes are already established and implementation is considered adequate, Nbiz Infosol shall facilitate for the certification process of the companies. Nbiz Infosol consultants shall render support during all phases of the certification audits starting from planning with external auditors, during the actual audits, closing of the nonconformance and follow-up audits.

  1. Scoping on the required scope of certification. The general information required for the application and scoping are as follows:
    • Initial System Study on the relevant field of certification applied and interested for, involved activities of the organization, no. of employees and the details on the available technical resources, any related subsidiary/entities.
    • Any related information within the organization that will effect on the requirements to fulfill the conformity related processes, consultations on the management system, and requirements on seeking the certifications.
  2. Submission of the required and improved documents to obtain approval and certification from the authorized certification body.
  3. Coordinating Audit Plan – Our consultants will closely facilitate on the schedule communicated by the client. The audit plan will be prepared by the certification body and communicated to the client.
  4. Submission of the required and improved documents to obtain approval and certification from the authorized certification body.
  5. Facilitate to close NC’s – Our consultants will be assisting on developing and enhancing the identified non-conformances by the Auditor of the certification body.
  6. Facilitate in submitting non-conformities to certification body – Upon the identification of non-conformities, the consultants will be facilitating on clearing and completing all the identified non-conformities of the client to be submitted to the certification body.
  7. Co-ordination for approval of non-conformities and releasing of certificates from the certification body and providing the certificate the client.


Nbiz Certification


Nbiz Infosol Certification is in co-ordination with many leading certification body which are internationally recognized to help our client on achieving any relevant ISO Standards.


The phases on the above diagram explains only the commonly used processes/activities in order to provide a clear summary explanation/objective during the certification process. 


Nbiz Consultants Team will facilitate mostly on gathering the requirements, coordinating on the schedule, as well as submitting the requirements to the certification body. 


Nbiz Infosol will not have any control/influence on the schedule/decision by any Certification Body.


Kindly note that there are extra phases involved on each relevant standards that the Certification Body Representative may add and apply whenever necessary. 


   1. Phase I - Application and Scoping on the required certification.

The general information required by the Certification Body Representative for the application and scoping are as follows:


  •  Initial System Study on the relevant field of certification applied and interested for, involved activities of the organization, no. of employees and the details on the available technical resources, any related subsidiary/entities.
  • Any related information within the organization that will effect on the requirements to fulfill the conformity related processes, consultations on the management system, and requirements on seeking the certifications.


   2. Phase II - Audit Planning 


  • Identification of Audit Criteria, scope and objectives. 
  • Audit Schedule preparation
  • Co-ordination with clients regarding audit details and logistics.
  • Preparation of checklists, audit formats, etc.


  3. Phase III – Stage 1 - Certification Audit


      The Certification Body Auditors will perform the following:


  • Certification Body Representative will gather detail for the company’s background/information and reviewing the existing documents to understand and evaluate the company’s set objectives, policies and procedures.
  • Assessing the processes in place and comparing on the set objectives is being facilitated by our consultants in order to know if it is aligned within the organizations objectives.


    Phase III - Stage II – Audit (On-site)


  • Opening Meeting
  • Audit execution and identification of non-conformities
  • Closing Meeting
  • Follow-up Audit
  • Audit Closure


  4. Phase IV - Certification approval process is to validate the organizations system compliance and implementation. The certification can be a useful tool to boost the company’s credibility. This will also demonstrate that the products and services are being met along with the customers’ expectations. On every organization the certification is a legal or contractual requirement. 


  5. Phase V - Surveillance Audit - are being performed after a year of the certification. The purpose of the surveillance audit is to check if the standards are being implemented and maintained.


  6. Phase VI – Re-scoping/Change of Scope – this is to continuously evaluate the continual fulfillment and improvement of all the required and relevant documents within the management system standard. In case there are changes to be implement on the new services/processes/products or regulatory authority’s requirements, changes required from the Top Management the Phase III – Certification Audit shall be applicable. 


  7. Phase VII – Certificate Renewal – the re-certification renewal demonstrates that the organization is continuously striving for improvement into the implemented Management System in order to achieve and meet the client’s satisfaction and regulatory authority’s requirements/expectations.






Why Nbiz



  • Nbiz Infosol can assist your organization to acquire any relevant ISO certifications which is well-known internationally. It will generate additional business opportunities, exhibit the organizations compliance and commitment to the best-practices in any industries in order to be more competitive in today’s market.
  • Nbiz Infosol consists of professionals which are high level and practically experienced and very senior Project Directors along with our well-experienced and knowledgeable Senior Consultants.
  • Nbiz Infosol location advantage within the Emirates on the following: Abu Dhabi, Dubai, Al Ain, Sharjah, Ajman, Ras Al Khaimah and Fujairah (We have successfully completed many and different projects locally and also internationally).
    Nbiz Infosol strongly promotes and implements the facilitations on the relevant Management System not only for the sake of certification but to really make a difference in the processes and procedures that will be implemented throughout any organization.
  • Nbiz Infosol consist of some project members which are also EFQM International Assessors this can add value to the assignment as Abu Dhabi government is highly recommending Organizational Excellence program across Abu Dhabi Emirate (and UAE).
  • Nbiz Infosol prices are very competitive in the market without compromising our quality of service which in return provides our company’s commitment and to maintain repeated orders from our clients.
  • Nbiz Infosol is driven by professional Senior Consultants with good cross functional knowledge of the other standards such as ISO 27001 and ISO 20000 which will also add value to the project.
  • Nbiz Infosol can be a good channel to assist the standardization within the organization. It will help to promote worldwide trading, encouraging rationalization, maintaining quality assurance and environmental protection, as well as improving the security and communication at all levels within the organization.
  • Nbiz Consultants Team will work collaboratively and will be able to support the organization within the entire certification process.
  • Nbiz Consultants Team are fully experienced and exposed in the consultation, implementation, facilitation and trainings of ISO/IEC 38500:2008 IT Governance.
  • Nbiz Consultants Team have the most extensive invaluable hand-on experience of working under various roles and capacities in the IT industry. 
  • Nbiz Consultants Team drives the standardization within the organization to promote worldwide governance, encouraging rationalization, maintaining quality assurance and environmental protection, as well as improving the security and communication at all levels within the organization.
  • Nbiz Consultants Team will work collaboratively and will be able to support the organization within the entire certification process.
  • Nbiz Consultants Team will be closely monitoring and continually improving the organizations governance on any IT related services.



ISO Scope Form

Download the Scope form , fill it and send to us. Download »
Upload the filled Scope form here


Fill out the online form

 In order for us to provide an accurate quote, we need to determine the processes and activities that are involved within your organisation.
We also need to know about the state of readiness of your Management System prior to certification.
Please provide us with as much detail as you can by answering the following questions. If you have any queries, please contact us on:

Company Name

Contact Name



Telephone Number

Fax Number

E-mail Address

Website Address

Please specify the details of Consultants, if used

Multi-site Addresses

Main activity in each site

Number of Shifts

Number of Emp.

2.1 Please describe fully the products, processes and/or services of your organisation.


2.3 Name of Parent or Holding Company:

2.4 Total Number of Employees:

Comprising of:






Stores &Shipping



Servicing Others

If yes,

 2.8 Please describe fully the locations, staffing,products, process and/or services of the other sites within the scope of your management system.

 Note: This would include temporary sites, such as construction locations, major projects, installation, Servicing and maintenance operations, disaster recovery sites. If no, please go on to 2.11.
 2.9 Does the system cover other offsite activities?
 2.10 Please describe fully these activities, giving locations and duration of projects and personnel numbers :

 2.11 Please list all outsourced processes used by the organisation that will affect conformity to the requirements.

3.1 Please indicate the management system standard(s) required, and complete additional information as indicated:

ISO 9001 ISO 14001
OHSAS 18001 ISO 20001
ISO 22000 ISO 27001