BS ISO/IEC 38505-1:2017为组织管理机构的成员提供了指导原则 可以由所有者、董事、合伙人、执行经理或类似人员组成， 通过将ISO/IEC 38500的治理原则和模型应用于数据治理，确保利益相关者在遵守本文件提出的原则和实践的情况下， 他们可以对组织的数据治理充满信心，在组织中使用和保护数据方面向治理机构提供信息和指导，并建立数据治理词汇表。该文件还可以为更广泛的社区提供指导，包括:执行经理、外部企业或技术专家，如法律或会计专家、零售或零售专家 行业协会或专业机构、内部和外部服务提供商（包括顾问）和审计人员。 虽然本文档着眼于数据治理及其在组织内的使用，但 ISO/IEC/TS 38501中给出了有效治理IT的实施安排。ISO/IEC/TS 38501中的结构有助于识别与环境相关的内部和外部因素 管理IT，帮助定义有益的结果，并确定成功的证据。本文件适用于管理当前和未来使用的创建、收集和， 由IT系统存储或控制，并影响与数据相关的管理流程和决策。本文档将数据治理定义为数据治理的子集或域 它本身是组织治理的一个子集或一个领域，如果是公司，则是公司治理的一个子集或一个领域。本文件适用于所有组织，包括公共和私营公司、政府 实体和非营利组织。本文件适用于以下所有规模的组织: 从最小到最大，不管它们对数据的依赖程度如何。交叉引用:ISO/IEC 38500ISO/IEC/TS 38501ISO/IEC/TR 38502ISO 31000:2009ISO/TR 31004:2013ISO/IEC 17788:2014ISO/IEC 27000ISO/IEC 27002:2013ISO/IEC 27017ISO/IEC 27018ISO/IEC 20546ISO/IEC 20889ISO/IEC 29100:2011购买本文件时提供的所有当前修订版均包括在内。

BS ISO/IEC 38505-1:2017 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of data within their organizations byapplying the governance principles and model of ISO/IEC 38500 to the governance of data,assuring stakeholders that, if the principles and practices proposed by this document are followed, they can have confidence in the organization's governance of data,informing and guiding governing bodies in the use and protection of data in their organization, andestablishing a vocabulary for the governance of data.This document can also provide guidance to a wider community, including:executive managers,external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies,internal and external service providers (including consultants), andauditors.While this document looks at the governance of data and its use within an organization, guidance on the implementation arrangement for the effective governance of IT in general is found in ISO/IEC/TS 38501.The constructs in ISO/IEC/TS 38501 can help to identify internal and external factors relating to the governance of IT and help to define beneficial outcomes and identify evidence of success.This document applies to the governance of the current and future use of data that is created, collected, stored or controlled by IT systems, and impacts the management processes and decisions relating to data.This document defines the governance of data as a subset or domain of the governance of IT, which itself is a subset or domain of organizational, or in the case of a corporation, corporate governance.This document is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. This document is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their dependence on data.Cross References:ISO/IEC 38500ISO/IEC/TS 38501ISO/IEC/TR 38502ISO 31000:2009ISO/TR 31004:2013ISO/IEC 17788:2014ISO/IEC 27000ISO/IEC 27002:2013ISO/IEC 27017ISO/IEC 27018ISO/IEC 20546ISO/IEC 20889ISO/IEC 29100:2011All current amendments available at time of purchase are included with the purchase of this document.