ISO/IEC 38500 - Foundation


This course enables participants to learn about the best practices in IT Corporate Governance as specified in ISO/IEC 38500. The participant will learn the essential concepts and processes that are considered most effective in IT Corporate Governance. This training will help participants understand the operation of an IT Corporate Governance system based on ISO/IEC 38500.


Who should attend?

  • Members of an Information Security or IT Governance team
  • Risk managers
  • Project managers
  • Professionals wanting to gain a comprehensive knowledge of the main concepts and processes in IT Corporate Governance
  • Auditors


Learning objectives

  • To understand the components and the operation of an IT Corporate Governance system based on ISO/IEC 38500, and partly on COBIT 5 and CGEIT
  • To understand the goal, content and correlation between ISO/IEC 38500, COBIT 5 and CGEIT, as well as with other standards and regulatory frameworks
  • To know the concepts, approaches, standards, methods and techniques for the implementation and effective management of an IT Corporate Governance System


Course Agenda

Day 1: ISO/IEC 38500, Responsibilities, Strategy, Acquisition and Performance

  • Course objective and structure
  • Normative frameworks for IT governance
  • ISO/IEC 38500 standard
  • IT Governance model
  • Responsibilities
  • Strategy
  • Acquisition
  • Performance

Day 2: Risk Management, Resource Management, Conformance, Human Behaviour and Certification Exam

  • Risk Management as an integral part of performance
  • Resource management - Introduction
  • Human resource management
  • Outsourcing
  • Outcome and performance measurement techniques
  • Conformance
  • Human behaviour
  • Applying for certification and closing of the training
  • Certification Exam





Educational approach

  • This training is based on both theory and practice:
    • Sessions of lectures illustrated with examples based on real cases
    • Review exercises to assist the exam preparation
    • Practice test similar to the certification exam
  • Benefit from the practical exercises, the number of training participants is limited

Examination and Certification

  • The “PECB Certified ISO/IEC 38500 IT Corporate Governance Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
    • Domain 1: Principles for good Corporate Governance of IT
    • Domain 2: Evaluate-Direct-Monitor Model of ISO/IEC 38500
  • The “PECB Certified ISO/IEC 38500 IT Corporate Governance Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 1 hour
  • For more information about exam, refer to PECB section on PECB Certified ISO/IEC 38500 IT Corporate Governance Foundation Exam
  • A certificate of "PECB Certified ISO/IEC 38500 IT Corporate Governance Foundation" will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential
  • For more information about PECB Certified ISO/IEC 38500 IT Corporate Governance certifications and the PECB certification process, refer to PECB section on PECB Certified ISO/IEC 38500 IT Corporate Governance

General Information

  • Exam and certification fees are included in the training price
  • A student manual containing over 200 pages of information and practical examples will be distributed to participants
  • A participation certificate of 14 CPD (Continuing Professional Development) will be issued to participants
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions