To implement the ISO 38500 standard a system to direct and control the current and future use of IT is required. The system comprises controls and processes to achieve the strategic objectives set by the organisation's governing body. A few choices are available.

CobiT is a popular IT management framework that defines both processes and controls. In many respects its purpose is similar to ISO 38500 as it also aims to enable better governance of information technology so that the organisational objectives are achieved.

At the centre of ISO 38500 is a framework of 6 principles. To implement these principles they are mapped to the CobiT process model. 

The advantage of using a process model like CobiT is that it groups related IT activities in processes that have a life-cycle and are focused on achieving specific outcomes. Through cascading the organisation's business objectives down to the IT processes you are able to align day to day activities with the organisation's business objectives. Roles, responsibilities and decision-rights at the process level can be aligned with the business goals. Governance mechanisms such as job descriptions and contracts can be crafted to achieve specific outcomes. Performance measures can be fine tuned to drive the required behaviour. Over time controls are implemented to manage risk and capability developed to better perform as expected.