The growing extent of ICT application globally has motivated the development of standards and frameworks, notably by the International Organization for Standardization (ISO), Control Objectives for Information and Related Technology (COBIT®), IT Infrastructure Library® (ITIL®), Data Management International (DAMA), Organization for the Advancement of Structured Information Standards (OASIS), World Wide Web Consortium (W3C), Object Management Group (OMG), Dublin Core Metadata Initiative and Capability Maturity Model Integrated (CMM/CMMI). These standards and frameworks are generic and cover a very wide range of activities, and so are applicable in all kinds of business areas.

It is widely accepted that the starting point for adopting ICT governance practices and developing an institutional framework is the standard ISO/IEC 38500, which defines six high-level principles for “good corporate governance of IT” and focuses on the role of the board and its responsibility concerning ICT governance. However, this standard does not address specific governance and management processes, which are covered by other standards and practices.

COBIT®, a generic, process-based framework which is increasingly accepted internationally, covers overall ICT governance and management. ITIL® is an integrated set of best practice recommendations which focuses on managing the ICT service lifecycle in line with the requirements of the business. DAMA-DMBOK is a comprehensive guide which covers overall data management activities. Software application development has been addressed by CMM/CMMI, among others. In turn, OASIS, W3C, OMG and Dublin Core have focused on technical standards concerning interoperability, metadata and semantic and web-related technologies.

These international standards and frameworks provide social security institutions with comprehensive and rigorous approaches to managing the complexities of ICT application (e.g. in large and critical-mission organizations). In addition, as they are increasingly adopted worldwide, their application would enable institutions to take advantage of global knowledge, experience and trained human resources.

On the other hand, the corporate application of these standards requires significant administrative effort, and, frequently, changes in the organizational culture and processes. The burden of this transformation very often constitutes a barrier to adoption of these standards. Therefore, these practices should be adopted as medium-term capacity-building projects, focusing on selected areas which address the institution’s priorities, especially those related to the implementation of social security programmes and services. Individually, these standards do not completely cover all aspects of social security administration.

The ISSA Guidelines on Information and Communication Technology aims at supporting social security institutions in the application of systematic and consistent ICT governance and management practices and providing a general framework for the application of standards in such institutions. They provide guidance to identify and apply general purpose frameworks and norms that are particularly relevant to social security.