ISO Standards Inventory
Document ID: ISO-INVENTORY-001
Date: June 2026
Scope: ISO and ISO/IEC standards applicable to the ICT Governance Framework
Parent: ISO Standards Library
Classification
| Tier |
Criteria |
Action |
| Tier 1 |
Foundational to framework design and seven-pillar operations |
Maintain library entry + crosswalk; track evidence |
| Tier 2 |
Supporting controls, cloud, privacy, quality |
Library entry; map to pillars where relevant |
| Tier 3 |
Emerging, conditional, or low business impact |
Monitor; add when product scope expands |
Tier 1 — Foundational
Tier 2 — Supporting
Tier 3 — Emerging and conditional
| Standard |
Title |
A033 / source |
Reassessed |
Condition |
| ISO/IEC 42001:2023 |
AI management system |
Not in A033 |
35–45% |
Library entry |
| ISO/IEC 23053:2022 |
Framework for AI risk management |
A033 Tier 3 |
30–40% |
AI risk; links to AI control plane |
| ISO/IEC 30141:2018 |
IoT reference architecture |
A033 Tier 3 |
40–50% |
IoT Governance Framework |
| ISO/TC 307 |
Blockchain standards |
A033 Tier 3 |
~20% |
Conditional on blockchain use |
| ISO 14001:2015 |
Environmental management |
A033 Tier 3 |
~45% |
Sustainability pillar; low priority |
| ISO/IEC 4922 |
Quantum key distribution |
A033 Tier 3 |
Emerging |
Future crypto governance |
Non-ISO standards frequently paired (reference only)
| Standard |
Relationship to ISO library |
| COBIT 2019 |
IT governance controls; complements 38500 |
| ITIL 4 |
Service management; pairs with 20000 |
| FAIR |
Quantitative risk; implements 31000 intent |
| NIST CSF 2.0 |
Cybersecurity functions; parallel assessment track |
| BIO (NL) |
Government baseline; maps to 27001 controls |
Code and artefact index
| Artefact |
ISO relevance |
adpa/coe/compliance-lineage-bridge.json |
ISO 27001 control ID normalization |
adpa/templates/ict-governance/iso38500-crosswalk.template.md |
ISO 38500 tenant crosswalk |
blueprint-templates/compliance-blueprints/iso27001-compliance.bicep |
27001 IaC pattern (update to 2022) |
ict-governance-framework/tests/contracts/*.contract.test.js |
Pillar evidence for 27001 |
ict-governance-framework/services/fair-risk-engine.js |
31000 quantitative risk |
docs/compliance/regulatory/ISO-IEC-38500-Governance-Standards.md |
Authoritative 38500 deep-dive |
Maintenance log
| Date |
Change |
| June 2026 |
Initial inventory and library created (v1.0-adaptive-governance) |