INTERNATIONAL

BS ISO 21505:2017
ISO
STANDARD 21505
First edition
2017-03
Corrected version
2017-05

Project, programme and portfolio

management — Guidance on
governance
Management de projets, programmes et portefeuilles —
Recommandations sur la gouvernance

Reference number
ISO 21505:2017(E)

© ISO 2017
BS ISO 21505:2017
ISO 21505:2017(E)

COPYRIGHT PROTECTED DOCUMENT

© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part o f this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country o f
the requester.
ISO copyright o ffice
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org

ii © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

Contents Page
Foreword .......................................................................................................................................................................................................................................... v
Introduction ................................................................................................................................................................................................................................ vi
1 Scope ................................................................................................................................................................................................................................. 1
2 Normative references ...................................................................................................................................................................................... 1
3 Terms and definitions ..................................................................................................................................................................................... 1
4 Context ............................................................................................................................................................................................................................ 2
4.1 Organizational governance........................................................................................................................................................... 2
4.2 Governing bodies .................................................................................................................................................................................. 3
4.3 Differences between governance and management............................................................................................... 3
5 Governance of projects, programmes and portfolios ..................................................................................................... 3
5.1 General ........................................................................................................................................................................................................... 3
5.2 Values .............................................................................................................................................................................................................. 4
5.3 Principles ..................................................................................................................................................................................................... 4
5.4 Guidelines for the governance of projects, programmes and portfolios ............................................... 4
5.4.1 General...................................................................................................................................................................................... 4
5.4.2 Guidelines .............................................................................................................................................................................. 4
5.4.3 Performance of projects, programmes and portfolios .................................................................... 5
5 . 4. 4 S us tainab ility and ethics ........................................................................................................................................... 5
5.4.5 Stakeholders ........................................................................................................................................................................ 5
5.4.6 Management policies ................................................................................................................................................... 6
5.5 Framework ................................................................................................................................................................................................. 6
5.5.1 General...................................................................................................................................................................................... 6
5.5.2 Governance interfaces ................................................................................................................................................. 7
5.5.3 Implementation and maintenance of the governance framework ....................................... 8
6 Governance of projects ................................................................................................................................................................................... 8
6.1 General ........................................................................................................................................................................................................... 8
6.2 Pro j ect governing b o dy .................................................................................................................................................................... 9
6.3 Guidelines for the governance of projects ....................................................................................................................... 9
6.3.1 General...................................................................................................................................................................................... 9
6.3 .2 Pro j ect management p o licy ................................................................................................................................. 10
6.3.3 Risk ........................................................................................................................................................................................... 10
6.3.4 Project decision gates ............................................................................................................................................... 10
6.3.5 Stakeholders ..................................................................................................................................................................... 10
6.3.6 Project audit, review or assurance ................................................................................................................ 10
6.3 .7 S us tainab ility and s tatuto ry requirements ............................................................................................ 10
6.3.8 Reporting ............................................................................................................................................................................. 10
6.4 Framework .............................................................................................................................................................................................. 10
7 Governance of programmes ................................................................................................................................................................... 11
7.1 General ........................................................................................................................................................................................................ 11
7.2 Pro gramme governing b o dy ..................................................................................................................................................... 11
7.3 Guidelines for the governance of programmes ........................................................................................................ 12
7.3.1 General................................................................................................................................................................................... 12
7.3 .2 Pro gramme management p o licy ..................................................................................................................... 12
7.3.3 Risk ........................................................................................................................................................................................... 13
7.3.4 Programme decision gates ................................................................................................................................... 13
7.3.5 Stakeholders ..................................................................................................................................................................... 13
7.3.6 Programme audit, review or assurance .................................................................................................... 13
7.3 .7 S us tainab ility and s tatuto ry requirements ............................................................................................ 13
7.3.8 Reporting ............................................................................................................................................................................. 13
7.4 Framework .............................................................................................................................................................................................. 13
8 Governance of portfolios ........................................................................................................................................................................... 14

© ISO 2017 – All rights reserved iii

BS ISO 21505:2017
ISO 21505:2017(E)

8.1
General ........................................................................................................................................................................................................ 14
f
8.2 Po rt o lio governing b o dy ............................................................................................................................................................. 14
Guidelines for the governance of portfolios ............................................................................................................... 15
8.3
8.3.1 General................................................................................................................................................................................... 15
f
8.3 .2 Po rt o lio management p o licy ............................................................................................................................. 15
8.3.3 Risk ........................................................................................................................................................................................... 15
8.3.4 Stakeholders ..................................................................................................................................................................... 16
8.3.5 Portfolio audit or review........................................................................................................................................ 16
8.3 .6 S us tainab ility and s tatuto ry requirements ............................................................................................ 16
8.3.7 Reporting ............................................................................................................................................................................. 16
8.4 Framework .............................................................................................................................................................................................. 16
Annex A (informative) Implementation, continuous improvement and sustainment of the
governance framework ............................................................................................................................................................................... 18
Bibliography ............................................................................................................................................................................................................................. 20

iv © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work o f preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters o f
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
di fferent types o f ISO documents should be noted. This document was dra fted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso .org/directives).
Attention is drawn to the possibility that some o f the elements o f this document may be the subject o f
patent rights. ISO shall not be held responsible for identi fying any or all such patent rights. Details o f
any patent rights identified during the development o f the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso .org/patents).
Any trade name used in this document is in formation given for the convenience o f users and does not
constitute an endorsement.
For an explanation on the voluntary nature o f standards, the meaning o f ISO specific terms and
expressions related to con formity assessment, as well as in formation about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 258, Project, programme and portfolio
management.

This corrected version of ISO 21505:2017 incorporates the correct Figure 5.

© ISO 2017 – All rights reserved v

BS ISO 21505:2017
ISO 21505:2017(E)

Introduction

This document describes the context of, and guidelines for, the governance of projects, programmes
and portfolios.
The governance of projects, programmes and portfolios includes, but is not limited to, areas of
governance that relate to projects, programmes and portfolios. Organizations can use this document
for the governa nce o f any one or a l l o f thei r proj e c ts , pro gra m me s , or p or t fol io s .

T h i s do c u ment i s i ntende d to b e u s e d b y any orga n i z ation and any group o f orga n i z ation s for proj e c ts ,

pro gram me s or p or t fol io s o f a ny s i ze and comple xity, but m ight re qui re tai lori ng to the s p e ci fic ne e d s

of the organization. In addition, this document is designed to provide guidance for governing bodies
and for executive and senior management that can have governance responsibilities within their
organizations.
This document refers to the governance of projects, governance of programmes and governance of
portfolios, which is intended to be interchangeable with the terms project governance, programme
governance and portfolio governance. However, the governance for a single project or programme can
differ from the governance of multiple projects or programmes.
Fol lowi ng the gu idel i ne s for governance o f proj e c ts , pro gram me s and p or t fol io s identi fie d in th i s

document can contribute to:

— i mprove d accou ntabi l ity and tran s p arenc y;

— i mprove d engagement with s ta keholders;

— re duce d organ i z ationa l ri s k;

— i ncre as e d l i kel i ho o d o f ach ievi ng s u s tai nable re s u lts , b enefits and en hance d opp or tun itie s;

— i mprove d com mu n ic ation;

— i mprove d cl arity regard i ng va lue s , e th ics , and gu id i ng pri nciple s .

vi © ISO 2017 – All rights reserved

 BS ISO 21505:2017
INTERNATIONAL STANDARD ISO 21505:2017(E)

Project, programme and portfolio management —

Guidance on governance
1 Scope
This document describes the context in which the governance of projects, programmes and portfolios
is conducted and provides guidance for the governance of projects, programmes and portfolios. This
f
do c ument c a n a l s o b e u s e d f f
or a s s e s s ment, a s s urance or veri fic ation o f the governa nce u nc tion or

projects, programmes or portfolios.

NOTE Throughout this document, the term “portfolio” is used to mean “project and programme portfolio”
and the term “programme” is used to mean a “programme of interrelated projects and other related work”.
T h i s do c u ment i s i ntende d for govern i ng b o d ie s and exe c uti ve and s enior management who i n fluence,

impact or make decisions regarding the governance of projects, programmes and portfolios. It is
also intended to provide guidance to those who direct projects, programmes and portfolios, such as
s p on s ors , s te eri ng com m itte e s , p or t fol io owners and the proj e c t management o ffice .

I t a l s o c an b e u s e d by proj e c t, pro gra m me and p or t fol io managers , as wel l a s s ta keholders i nvolve d i n

the development and implementation of projects, programmes and portfolios. Other audiences who can
have an interest in this topic include those advising, informing, assisting or working within projects,
programmes and portfolios.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the pu rp o s e s o f th i s do c u ment, the fol lowi ng term s and defi n ition s apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http://www.iso .org/obp
— IEC Electropedia: available at http://www.electropedia .org/
3.1
governance
pri nciple s , p ol icie s and framework b y wh ich an organ i z ation i s d i re c te d and control le d

3.2
stakeholder
p ers on, group or orga ni z ation that ha s i ntere s ts i n, or c a n a ffe c t, c a n b e a ffe c te d b y, or p erceive its el f to

b e a ffe c te d b y, any as p e c t o f a proj e c t, pro gram me, p or t fol io or the organ i z ation’s governa nce

3.3
risk
uncertain event or set of events with a potential positive or negative impact
3.4
benefit
created advantage, value or other positive effect

© ISO 2017 – All rights reserved 1

BS ISO 21505:2017
ISO 21505:2017(E)

3.5
governing body
person, group or entity accountable for the governance o f an organization, organizations or a part o f an
organization
4 Context

4.1 Organizational governance

Organizational governance is the directing o f a permanent or temporary organization through the

establishment of the governance framework. Governing bodies, executive and senior management have
the responsibility for governing their organization to achieve both accountability and per formance.
An organization’s governance is based on the specific priorities o f the organization and spans across the
range o f sometimes conflicting stakeholder interests and may be influenced by the wider governance
environment.
The elements of organizational governance that address projects, programmes and portfolios should be:
— an integrated part o f the permanent or temporary organization’s overall governance framework;
— designed to support the organization’s principles, values and strategic objectives;
— designed to optimize the benefits created by investing resources in selected projects, programmes
and portfolios.
One possible relationship between organizational governance and governance of projects, programmes
and portfolios is shown in Figure 1.

2 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

The shaded box represents the governance framework discussed in Clause 4.

Arrows are a generalized representation o f the flow o f knowledge, documents, deliverables and other
artefacts.
PPP is the acronym in the diagram for projects, programmes and portfolios.

Figure 1 — Example of context of governance of projects, programmes and portfolios (PPP)

4.2 Governing bodies

Several di fferent governing bodies may exist within an organization, depending on organizational
needs and the projects, programmes and portfolios being governed.
Each governing body may have accountability and responsibility for:
a) complying with the objectives, values and principles established by the organization’s overall
governing body;
b) addressing the requirements o f stakeholders;
c) complying with organizational and legal requirements;
d) developing and maintaining policies, procedures and processes;
e) setting objectives for, and providing direction to the organizational entities being governed;
f) delegating responsibilities to, empowering and supporting the managers:
— delegations should balance authority and responsibility for the required actions,
— the governing body remains accountable;
g) monitoring con formance to and achievement o f the objectives;
h) providing final decision-making on escalated critical issues.

4.3 Differences between governance and management

Governance authorizes, directs, empowers, provides oversight and limits the actions of management.
Management should work within the constraints set by the organization’s governance to achieve the
organization’s objectives.
Governance functions and management functions may be per formed at di fferent levels and in di fferent
parts o f the organization, but the governing body remains accountable for the per formance o f the
organization.
While governance and management are di fferent, everyone involved in governance and management
should have a responsibility to work proactively towards achieving the objectives o f the organization.

5 Governance of projects, programmes and portfolios

5.1 General
The governance of projects, programmes and portfolios should be an integrated part of the organization’s
overall governance. The governance framework should integrate across the projects, programmes
and portfolios within the organization and, where necessary, incorporate the requirements o f other

© ISO 2017 – All rights reserved 3

BS ISO 21505:2017
ISO 21505:2017(E)

participating organizations. The overall governance of the organization should support and enable the
proper management of projects, programmes and portfolios.
The governance of projects, programmes and portfolios should:
a) refle c t the va lue s and pri nc iple s o f the organ i z ation or organ i z ation s re s p on s ible for the proj e c ts ,

pro gram me s a nd p or t fol io s b ei ng governe d;

b) fac i l itate ach ievi ng the orga ni z ation’s obj e c ti ve s , wh i le complyi ng with the con s trai nts s e t by its

governa nce framework;

c) consider the cultural and ethical norms of:

— any o ther orga n i z ation s i nvolve d;

— communities in which the organization operates.

5.2 Values
The values expressed through the governance of projects, programmes, and portfolios should remain
consistent to, and aligned with the organization’s values.
With i n th i s do c u ment, the concep t o f va lue s a re tho s e va lue s that a re adop te d or de c ide d b y the

organ i z ation or p a r ticip ati ng orga n i z ation s . T he s e va lue s shou ld de term i ne or i n fluence the s tanda rd s

o f b eh aviou r o f the memb ers o f the organ i z ation, or organ i z ation s , a nd s hou ld b e genera l ly accep te d

with i n the wider com mu n ity in wh ich the orga n i z ation op erate s . T he organ i z ation’s va lue s may

be do c u mente d a nd s hou ld refle c t what i s e th ic a l ly accep table a nd va luable to the orga ni z ation’s

s ta keholders . Where con fl ic ti ng va lue s exi s t among the s ta keholder com mu n itie s , there shou ld b e

agre ement on the man ner i n wh ich the s e con fl ic ts are ma nage d .

5.3 Principles
P ri nciple s a re refle c te d in the fundamenta l p ol icie s and prac tice s adop te d by the organ i z ation’s

govern i ng b o dy to s upp or t its va lue s and ach ieve its obj e c tive s . T he govern i ng b o dy shou ld identi fy and

do c u ment key pri nc iple s for the governance o f proj e c ts , pro gram me s and p or t fol io s that a l ign with the

organ i z ation’s va lue s and identi fy the obj e c tive s o f the governance fra mework.

5.4 Guidelines for the governance of projects, programmes and portfolios

5.4.1 General
T he guidel i ne s for the governa nce o f proj e c ts , pro gra m me s and p or t fol io s identi fie d i n 5.4.2 to 5.4.6
s hou ld enable the cre ation o f the governance fra mework to b e adop te d b y the orga ni z ation’s governi ng

b o dy a nd s upp or t its va lue s , pri nc iple s and the ach ievement o f its obj e c tive s . For the pu rp o s e s o f th i s

do c u ment, the govern i ng b o dy s hou ld b e accountable for i mplementi ng the governance framework
for proj e c ts , pro gram me s a nd p or t fol io s . T he govern i ng b o dy shou ld con s ider the pri nc iple s and the

5.4.2 to 5.4.6 in the design and implementation of the governance framework

gu idel i ne s identi fie d i n

for projects, programmes and portfolios.

5.4.2 Guidelines
T he govern i ng b o dy s hou ld develop s p e ci fic gu idel i ne s that provide the contex t with i n wh ich its

projects, programmes and portfolios should be managed, in accordance with the organization’s values
and requirements. The guidelines should include:
a) alignment of the governance of project, programme and portfolio management with the
orga ni z ation’s p ol ic ie s , va lue s a nd obj e c tive s;

4 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

b) a pro ce s s for developi ng new and mo d i fie d va lue s and p ol icie s , where gap s e xi s t at the organ i s ationa l
level or i mprovements are re qu i re d;

c) development, implementation and maintenance of the governance framework for projects,

programmes and portfolios which includes:
— e s tabl i sh i ng role s , re s p on s ibi l itie s and accou ntabi l itie s;

— defi n i ng gu idel i ne s for the app oi ntment o f hu man re s ou rce s;

d) enabl i ng e ffe c tive com mu n ic ation b e twe en governa nce and management entitie s;

e) provid i ng for the s ep a ration o f the governa nce fu nc tion from the ma nagement role;

f) provid i ng overs ight to enable con forma nce with the governance gu idel i ne s;

g) improving the governance framework for projects, programmes and portfolios.

5.4.3 Performance of projects, programmes and portfolios
The governance framework should contribute to and provide oversight of the creation and realization
o f va lue for s ta keholders b y:

a) the s ele c tion o f memb ers o f the governi ng b o dy and delegate d governa nce entitie s that have the

appropri ate level s o f c ap abi l ity, comp e tence, authority, e xp erience and acce s s to the re s ource s they

re qui re;

b) responsible management of human and other resources and their use.

5.4.4 Sustainability and ethics
T he governa nce o f proj e c ts , pro gra m me s and p or t fol io s shou ld refle c t the orga n i z ation’s com m itment

to e th ic a l va lue s a nd s u s ta i nabi l ity. T he com m itment to e th ics and s u s tai nabi l ity s hou ld i nclude:

a) integrating the organization’s values and policies into the governance and management of projects,
pro gram me s a nd p or t fol io s;

b) fo s teri ng a c u ltu re o f re s p e c t, fai rne s s , tru s t, hone s ty, and appropri ate tran s p a renc y and op en ne s s;

c) s upp or ti ng the organ i z ation’s com m itment to s u s tai nabi l ity, i nclud i ng e conom ic, envi ron menta l

and s o c ia l re s p on s ibi l ity;

d) s upp or ti ng the i nte grity, s e c urity and d i s clo s u re o f i n formation cre ate d, re ceive d, ob ta i ne d and

otherwise handled and distributed. the support should include, but is not limited to:
— b a lanc i ng the ne e d for s e c u rity and con fidenti a l ity with the s ta keholder ’s ne e d for avai labi l ity

and tran s p a renc y;

— provid i ng for the i ntegrity and avai labi l ity o f the i n formation;

e) establishing processes that provide decision makers with adequate, relevant, and reliable
information.
5.4.5 Stakeholders
T he governance o f proj e c ts , pro gra m me s and p or t fol io s s hou ld refle c t the organ i z ation’s com m itment

to determine and acknowledge the importance of stakeholders. The respect for stakeholders should
include:
a) considering and balancing the interests of stakeholders that is consistent with the organization’s
overa l l appro ach to s ta keholders;

© ISO 2017 – All rights reserved 5

BS ISO 21505:2017
ISO 21505:2017(E)

b) cre ati ng a nd mai ntai n i ng a c u ltu re th at encou rage s engagement with s ta keholders;

c) developing policies to prevent or resolve disputes among or with stakeholders.

5.4.6 Management policies

T he govern i ng b o dy shou ld develop or adop t, i mplement a nd mon itor ma nagement p ol icie s , and i f

needed, procedures and processes for projects, programmes and portfolios, which should align with the
organization’s management policies, procedures and tolerances, adapted as needed. The management
p ol ic ie s , pro ce dure s and pro ce s s e s to b e e s tabl i s he d may i nclude, but are no t l i m ite d to:

a) ri sk ma nagement p ol ic ie s;

b) i s s ue management p ol icie s and e s c a lation pro ce du re s;

c) hu man re s ou rce p ol ic ie s , i nclud i ng the management o f comp e tence s a nd ta lent;

d) delegation s o f re s p on s ibi l ity a nd authority;

e) qua l ity p ol icie s;

f) envi ron menta l a nd s u s tai nabi l ity p ol icie s;

g) i n formation a nd knowle dge management p ol ic ie s;

h) pro c u rement p ol ic ie s a nd pro ce dure s;

i) he a lth and s a fe ty p ol icie s;

j) budge tar y and fi s ca l p ol icie s;

k) conformance and oversight procedures.

5.5 Framework

5.5.1 General

T he govern i ng b o dy s hou ld e s tab l i s h a governa nce framework for proj e c ts , pro gram me s and p or t fol io s .

T he governance framework s hou ld comply with the organ i z ationa l governance va lue s , pri nciple s and

guidelines.
The framework should include the policies, processes, procedures, guidelines, boundaries, interfaces,
roles, responsibilities and accountabilities needed for the implementation and maintenance of the
organization’s governance values and principles, as indicated in Figure 2. The framework should be
capable of being documented, communicated, and monitored. The governance framework for projects,
pro gra m me s and p or t fol io s , and its i nter face s , s hou ld b e reviewe d re gu larly.

6 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

The dotted line and shaded box represent aspects of the governance framework applicable to the refer-
enced guidelines.
Arrows are a generalized representation o f the flow o f knowledge, documents, deliverables and other
artefacts.
PPP is the acronym in the diagram for projects, programmes and portfolios.

Figure 2 — Example of context of governance framework for projects, programmes and

portfolios (PPP)

Figure 2 offers one possible view of the context of the governance for an organization. The major
elements are:
— the environment in which the organization or organizations function;
— the relationship between the guidelines, and stakeholders and the governing body;
— the disciplines of project, programme and portfolio management and the interface with operations
or other organizations;
— the guidelines for the governance framework;
— the governance guidelines for projects, programmes and portfolios as identified in Clauses 6, 7 and 8.
The necessary governance functions and responsibilities should be defined and allocated to each unit
or entity at a level o f complexity appropriate to the organization’s needs.

5.5.2 Governance interfaces

The governing body should determine the inter faces among the entities responsible for the governance
o f projects, programmes and portfolios and other governance entities. The inter faces may be
characterized by the flow o f in formation, resources or requirements.

© ISO 2017 – All rights reserved 7

BS ISO 21505:2017
ISO 21505:2017(E)

As indicated in Figure 2 , these flows generally create two primary governance interfaces which may
need definition within the organization’s overall governance context:
a) the interface between the organization’s governance and the governance of projects, programmes
and portfolios;
b) the interface between the governance of projects, programmes and portfolios and:
— the governance o f operations;
— other areas o f the organization;
— the management of other organizations.
5.5.3 Implementation and maintenance of the governance framework

The organization or organizations should identi fy and provide or acquire the necessary support,
resources and knowledge for the implementation, improvement and sustainment of the governance
framework for projects, programmes and portfolios.
Factors to consider during the development, implementation and maintenance of the governance
ramework for projects, programmes and portfolios may include:
f

a) the organization’s existing governance framework and the legal context o f stakeholders;
b) the way management roles and responsibilities and governance roles and responsibilities are
defined and allocated;
c) the preparedness of the people within the organization to understand and support the
organization’s principles and values, and contribute to the organization’s governance;
d) the potential need for independent and autonomous audit or review, or decision gates;
e) the continuous improvement and sustainment of the governance framework should be an integral
part of the organizational governance framework.
Once the governance framework has been established, the unique requirements for each discipline
should be identified and addressed. See Annex A for further information on implementation, continuous
improvement and sustainment of the governance framework.
6 Governance of projects

6.1 General

Governance o f projects should be supported by processes, procedures and standards as appropriate for
governance requirements.
Governance of projects should be aligned with organizational governance, and, where appropriate,
the governance o f programmes and portfolios. A project may involve multiple organizations that
may require a separate specific governance framework, which should consider the governance o f the
organizations involved.
In addition to the guidelines for the governance of projects, programmes and portfolios listed in 5.4,
6.2 to 6.4 describe the authority and responsibilities of the project governing body, and the guidelines
and framework for the establishment and maintenance of governance for each project. These elements
should be considered in conjunction to the guidelines for the governance of programmes and portfolios,
as applicable.

8 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

6.2 Project governing body

The project governing body (for example a project steering committee, a body o f executive or senior
managers, a single manager, sponsor or other management oversight body) should be established and
granted its authority by the governing body o f the organizations involved.
The responsibilities o f the project governing body should include, but are not limited to:
a) aligning the governance o f the project with the organization’s governance;
b) ensuring the project meets its legal obligations in the jurisdictions a ffecting its work;
c) demonstrating support for the project, and its mission and objectives;
d) engaging with and supporting the project in achieving the project’s objectives;
e) determining and, as appropriate, delegating levels o f decision-making authority and other
mandates;
f ) defining roles, responsibilities, authorities and accountabilities within the project governing body;
g) supporting project decision making;
h) providing e ffective and e fficient leadership based upon an ethical foundation;
i) authorizing the required resources and capabilities to support the project, organization and
a ffected stakeholders;
j) ensuring appropriate and timely access to finances for the project;
k) veri fying that the project justification and objectives are aligned with the organizational strategy
or needs;
l) creating awareness o f the e ffect o f individual, project as well as organizational risks;
m) ensuring the appropriate use o f risk and opportunity management practices on the project;
n) instituting a change management process and monitoring adherence;
o) responding to progress audit, review and assurance reports;
p) validating the application of the policies, processes, procedures and standards for authorizing,
approving and steering the project;
q) providing oversight over project outcomes;
r) instituting an appropriate remuneration policy based on stakeholder interests.

6.3 Guidelines for the governance of projects

6.3.1 General
A project operates in an environment through a defined project li fe cycle which includes the
application o f guidelines for the governance o f projects, programmes and portfolios, as identified in
5.4. The application of the guidelines is established in a governance framework and supported with
the guidelines for the governance o f projects, as identified in 6.3.2 to 6.3.8. The application of these
guidelines is governed by the project governing body.

© ISO 2017 – All rights reserved 9

BS ISO 21505:2017
ISO 21505:2017(E)

6.3.2 Project management policy

A policy should be developed that identifies the purpose, roles, responsibilities, authorities, and
accountabilities o f the project management function. Delegation authority for accountability and
responsibility should be stated in the policy.

6.3.3 Risk
Project risk management should be aligned to the organization’s risk management policy and
communicated to key stakeholders.

6.3.4 Project decision gates

Decision gates should be established in the project li fe cycle with criteria that enable the authorization
o f project continuation, suspension, termination, or modification.

6.3.5 Stakeholders
Guidance for the engagement with stakeholders should be provided that considers the legitimate
interests, expectations, and conflicting interests, as well as the synergies o f the project stakeholders.

6.3.6 Project audit, review or assurance

An internal or external project audit, review or assurance process should be established.
6.3.7 Sustainability and statutory requirements
Policies and procedures should be established that direct the actions to be taken with respect to
sustainability and statutory requirements (such as health, sa fety, security, legal, regulatory, economic,
environmental and social) for the project.
6.3.8 Reporting
Project reporting should be established in line with project objectives and organizational governance
and, where appropriate, the governance o f programmes and portfolios. The level o f transparency and
disclosure o f project reporting should be defined. The integrity o f project reports should be verified
and validated. Governing body decisions should be documented.

6.4 Framework
The governance framework for projects establishes and defines the boundaries, inter faces, roles,
responsibilities and accountabilities restricting and enabling the management o f projects and may
include the reporting structure, project management processes, risk management processes and risk
tolerance thresholds, and decision gates for review. The governance framework should be documented,
reviewed, updated and archived as required and in accordance with changing circumstances.
Figure 3 illustrates an example of the context of a governance framework highlighting the governance
of a project or projects.

10 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

Figure 3 — Example of context of governance framework for projects

NOTE See 5.5.1 for further explanation of Figure 3.

7 Governance of programmes
7.1 General
Governance o f programmes should be supported by processes, procedures and standards as appropriate
for governance requirements.
Governance of programmes should be aligned with organizational governance, and, where appropriate,
the governance o f projects and portfolios. A programme may involve multiple organizations that
may require a separate specific governance framework, which should consider the governance o f the
organizations involved.
In addition to the guidelines for the governance of projects, programmes and portfolios listed in 5.4, 7.2
to 7.4 describe the authority and responsibilities of the programme governing body, and the guidelines
and framework for the establishment and maintenance of governance for each programme. These
elements should be considered in conjunction with the guidelines for the governance of projects and
portfolios, as applicable.
7.2 Programme governing body
A programme governing body (for example a programme steering committee or a programme board,
consisting o f a body o f executive or senior managers, or other management oversight body) should be
established and granted its authority by the governing body o f the organizations involved.
The responsibilities o f the programme governing body should include, but are not limited to:
a) aligning the governance of the programme with the organization’s governance, the governance of
the portfolio, and the governance o f other participating organizations, as necessary;
b) ensuring the programme meets its legal obligations in the jurisdictions a ffecting its work;

© ISO 2017 – All rights reserved 11

BS ISO 21505:2017
ISO 21505:2017(E)

c) establishing and demonstrating support for the goals and vision of the programme, in alignment
with organizational strategy;
d) veri fying alignment o f programme work to the objectives and vision o f the programme;
e) engaging with and supporting the programme’s team in achieving the programme’s objectives;
f ) determining and, as appropriate, delegating levels o f decision-making authority and other
mandates;
g) defining roles, responsibilities, authorities and accountabilities within the programme;
h) supporting programme decision making;
i) ensuring e ffective and e fficient leadership based upon an ethical foundation;
j) authorizing the required resources and capabilities to support the programme, participating
organizations and a ffected stakeholders;
k) ensuring appropriate and timely access to finances for the programme;
l) veri fying that the programme justification and objectives are aligned with the organizational
strategy or needs;
m) ensuring the appropriate use o f risk and opportunity management practices on the programme;
n) participating in and supporting the programme change management process;
o) responding to progress, audit, review and assurance reports;
p) validating the application of the policies, processes, procedures and standards for authorizing,
approving and steering the programme;
q) providing oversight over programme benefits;
r) supporting resolution of overlaps and dependencies among programmes, projects and other
related work;
s) assessing the need for and monitoring organizational change management;
t) providing awareness from the effect of individual project risks, as well as from the overall
programme risks to the organization or organizations.
7.3 Guidelines for the governance of programmes

7.3.1 General
A programme operates in an environment through a programme li fe cycle which includes the
application o f guidelines for the governance o f projects, programmes and portfolios, as identified in
5.4. The application of the guidelines is established in a governance framework and supported with the
guidelines for the governance o f programmes, as identified in 7.3.2 to 7.3.8. The application of these
guidelines is governed by the programme governing body.
7.3.2 Programme management policy
A policy should be developed that identifies the objectives, roles, responsibilities, authorities and
accountabilities o f the programme management function. Delegation authority for accountability and
responsibility should be stated in the policy. The programme management policy is reviewed and
updated in accordance to changing circumstances.

12 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

7.3.3 Risk
P ro gram me ri sk management s hou ld b e a l igne d to the ri s k ma nagement p ol ic y o f the p ar tic ip ati ng

organizations and include stakeholder engagement. Programme risk management should be based
on a ri sk ana lys i s o f the pro gram me, b e a l igne d to the organ i z ation’s ri s k management p ol ic y and

com mu nic ate d to the key s ta keholders .

7.3.4 Programme decision gates

D e c i s ion gate s shou ld b e e s tabl i she d i n the pro gram me l i fe c ycle with c riteri a to:

— authori ze the conti nuation, term i nation or mo d i fic ation o f pro gra m me and pro gram me comp onents;

— faci l itate de ci s ion ma ki ng and a s s e s s a nd va l idate b enefits re a l i z ation;

— va l id ate a l ignment o f the pro gram me with the orga n i z ation’s s trateg y, go a l s and obj e c tive s .

7.3.5 Stakeholders
Guidance for the engagement with stakeholders should be provided that considers the legitimate
i ntere s ts , exp e c tation s a nd con fl ic ti ng i ntere s ts , as wel l a s the s ynergie s o f the pro gram me s ta keholders .

7.3.6 Programme audit, review or assurance

An internal or external programme audit, review or assurance process should be established. The
f
aud it f
unc tion may i nclude the eva luation o b enefits , s ynergie s and p o tenti a l con fl ic ts b e twe en the

programme, the programme components, external organizations involved in the programme and other
operational activities.
7.3.7 Sustainability and statutory requirements
Policies and procedures should be established that direct the actions to be taken with respect to
f
s u s ta i nabi l ity and s tatutor y re qu i rements (s uch a s he a lth , s a e ty, s e c u rity, lega l, regu lator y, e conom ic,

environmental and social) for the programme.

7.3.8 Reporting
Programme reporting should be established in line with programme objectives and organizational
governance and with the needs of the organization. The programme reporting structure should enable
the govern i ng b o dy and s ta keholders to mon itor the pro gra m me s tatu s and b enefits re a l i z ation . T he

level o f tran s p arenc y a nd d i s clo s ure o f pro gra m me rep or ti ng s hou ld be defi ne d . T he i ntegrity o f

pro gra m me rep or ts s hou ld b e veri fie d and va l idate d . T he de ci s ion s o f the pro gram me govern i ng b o dy

should be documented.
7.4 Framework
T he governance fra mework for pro gram me s e s tabl i she s and defi ne s the b ou ndarie s , i nter face s , role s ,

re s p on s ibi l itie s and accou ntabi l itie s re s tric ti ng a nd enabl i ng the management o f pro gram me s and may

include the reporting structure, programme management practices, risk management processes and risk
tolerance thresholds, and decision gates for review. The governance framework should be documented,
reviewed, updated and archived as required and in accordance with changing circumstances.
Figure 4 illustrates an example of the context of a governance framework highlighting the governance
of a programme or programmes.

© ISO 2017 – All rights reserved 13

BS ISO 21505:2017
ISO 21505:2017(E)

Figure 4 — Example of context of governance framework for programmes

NOTE See 5.5.1 for further explanation of Figure 4.

8 Governance of portfolios
8.1 General
Governance o f portfolios should be supported by processes, procedures and standards as appropriate
for governance requirements.
Governance of portfolios should be aligned with organizational governance.
In addition to the guidelines for the governance of projects, programmes and portfolios, listed in 5.4,
8.2 to 8.4 describe the authority and responsibilities of the portfolio governing body, and the guidelines
and framework for the establishment and maintenance of governance for each portfolio. These
elements should be considered in conjunction with the guidelines for the governance of projects and
programmes, as applicable.
8.2 Portfolio governing body
A portfolio governing body (for example an investment committee, a portfolio board consisting o f a
body o f executive or senior managers) should be established and granted its authority by the governing
body o f the organization.
The responsibilities o f the portfolio governing body should include, but are not limited to:
a) aligning the governance o f the portfolio with the organization’s governance;
b) ensuring the portfolio meets its legal obligations in the jurisdictions a ffecting its work;
c) establishing and demonstrating support for the objectives and vision of the portfolio in alignment
with organizational strategy;

14 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

d) validating the alignment of the governance of projects and programmes with the governance of the
portfolio and the organization’s governance;
e) engaging with and supporting the management of the portfolio in achieving the portfolio’s
objectives;
f ) determining and, as appropriate, delegating levels o f decision-making authority and other
mandates;
g) defining roles, responsibilities, authorities and accountabilities within the portfolio;
h) providing e ffective and e fficient leadership based upon an ethical foundation;
i) authorizing and validating the required resources and capabilities to support the effective and
e fficient project, programme and portfolio management, as applicable;
j) providing appropriate and timely access to finances for the portfolio;
k) veri fying that the portfolio justification and objectives are aligned with the changing strategy and
needs o f the organization;
l) providing awareness o f individual project, programme and overall portfolio risks;
m) validating the alignment of the governance of projects and programmes with the governance of the
portfolio and the organization’s governance;
n) ensuring the appropriate use o f risk and opportunity management practices on the portfolio;
o) establishing and validating policies, processes, procedures and authorities for the governance of
portfolios (which could include project and programme selection, prioritization, authorization
criteria, categorization, mechanisms for strategic alignment, and benefits realization and
optimization).
8.3 Guidelines for the governance of portfolios

8.3.1 General
A portfolio operates in an environment which includes the application of guidelines for the governance
o f projects, programmes and portfolios, as identified in 5.4. The application of the guidelines is
established in a governance framework and supported with the guidelines for the governance of
portfolios, as identified in 8.3.2 to 8.3.7. The application o f these guidelines is governed by the portfolio
governing body.

8.3.2 Portfolio management policy

A policy should be developed that identifies the strategic vision, the objectives, roles, responsibilities,
authorities and accountabilities o f the portfolio management function. Delegation authority for
accountability and responsibility should be stated in the policy. The portfolio management policy is
reviewed and updated in accordance to changing circumstances.
8.3.3 Risk
The risk thresholds of the portfolio should be established, including consideration of the organization’s
and stakeholders’ policies and risk tolerances, and communicated to key stakeholders. Policies
and procedures should be established and communicated to the governing bodies of projects and
programmes, as appropriate. The portfolio risk profile should be reviewed and monitored at established
intervals.

© ISO 2017 – All rights reserved 15

BS ISO 21505:2017
ISO 21505:2017(E)

8.3.4 Stakeholders
Guidance for the relationships and engagement with stakeholders should be provided that considers
the legiti mate i ntere s ts , exp e c tation s a nd con fl ic ti ng i ntere s ts o f the p or t fol io s ta keholders .

8.3.5 Portfolio audit or review

An internal or external portfolio audit or review process should be established. The audit function
f
may i nclude the eva luation o orga n i z ationa l s trate g y re a l i z ation and compl ia nce to orga n i z ationa l

governance.
8.3.6 Sustainability and statutory requirements
Policies and procedures should be established that direct the actions to be taken with respect
to s u s tai nabi l ity and s tatutor y re qu i rements (s uch as he a lth, s a fe ty, s e c u rity, lega l, regu lator y,

e conom ic, envi ron menta l and s o c ia l) for the p or t fol io . T he p ol icie s a nd pro ce du re s s hou ld b e forma l ly
communicated to the governing bodies of projects and programmes, as appropriate.
8.3.7 Reporting
Portfolio reporting should be established and aligned with the portfolio objectives and organizational
governance . T he level o f tran s p arenc y and d i s clo s ure o f p or t fol io rep or ti ng s hou ld b e defi ne d . T he

i ntegrity o f p or t fol io rep or ts shou ld b e veri fie d a nd va l idate d . G overn i ng b o dy de c i s ion s shou ld b e

documented.
8.4 Framework
T he governance fra mework for p or t fol io s e s tabl i s he s a nd defi ne s the b ou ndarie s , i nter face s , role s ,

re s p on s ibi l itie s and accou ntabi l itie s re s tric ti ng and enabl i ng the management o f p or t fol io s and may

include the reporting structure, portfolio management practices, risk management processes and risk
tolerance thresholds, and decision criteria for review. The governance framework should be documented,
reviewed, updated and archived as required and in accordance with changing circumstances.
Figure 5 illustrates an example of the context of a governance framework highlighting the governance
of a portfolio or portfolios.

16 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

Figure 5 — Example of context of governance framework for portfolios

NOTE See 5.5.1 for further explanation of Figure 5.

© ISO 2017 – All rights reserved 17

BS ISO 21505:2017
ISO 21505:2017(E)

Annex A
(informative)
Implementation, continuous improvement and sustainment of the
governance framework

T he govern i ng b o dy is re s p on s ible for defi n i ng and i mplementi ng the governance framework

a nd a s s o ci ate d gu idel i ne s . T he chai rp ers on o f the govern i ng b o dy shou ld be accou ntable for the

implementation, continuous improvement and sustainment of the governance framework for projects,
programmes and portfolios.
Continuous improvement should be an integral part of the activities for the sustainment of the
governance framework. In order to ach ieve a conti nuou s i mprovement c ycle for the governance

fra mework, s evera l fac tors may b e con s idere d:

a) development of oversight mechanisms to measure:

— p er forma nce and outcome s s uch as p er formance reviews , as s e s s ments a nd aud its;

— level o f unders ta nd i ng o f the p ol icie s , pro ce du re s , and pro ce s s e s;

— de gre e o f adop tion o f the p ol ic ie s , pro ce dure s , a nd pro ce s s e s;

b) review of the governance framework through various tools, techniques, and methodologies,
including but not limited to:
— fe e db ack from s ta keholders and u s ers o f the governance framework;

— identi fic ation o f change s and trend s i n the envi ron ment;

— identi fic ation o f re dundanc ie s;

— gap ana lys i s to identi fy and remove any gap s , overlap s , a nd con fl ic ts;

— ri sk ana lys i s;

— eva luati ng tolerance s previou sly e s tabl i she d for the governance pro ce s s e s;

— b ench marki ng and comp a rative s tud ie s;

— identi fic ation o f pro ce s s i mprovements to b e u nder ta ken i nclud i ng i nputs from le s s on s le arne d;

— ro o t c au s e ana lys i s for identi fie d i s s ue s;

c) integration of the information acquired into the existing governance framework:

— removi ng re du ndancie s;

— re s olution o f i s s ue s b a s e d up on the ro o t c aus e a na lys i s or o ther ana lys i s to ol .

— provid i ng p ol icie s , pro ce du re s , and pro ce s s e s to fi l l identi fie d gap s;

— aligning policies, procedures and processes with the demands placed upon the governance
framework b y s ta keholders;

— mo d i fyi ng p ol ic ie s , pro ce du re s , a nd pro ce s s e s b a s e d up on fe e db ack from s ta keholders and the

users of the governance framework.

18 © ISO 2017 – All rights reserved

 BS ISO 21505:2017
ISO 21505:2017(E)

The governance framework should be reviewed, documented, and updated on an as needed basis as well
as b y s che du le d u s e o f the me tric a nd ana lys i s to ol s u s e d b y the organ i z ation or organ i z ation s wh ich

fu nc tion with i n the fra mework. T he organ i z ation or organ i z ation s may s ele c t to u s e any combi nation

of the tools, techniques, and methodologies available to enable the continuous improvement and
sustainment of the governance framework.

© ISO 2017 – All rights reserved 19

BS ISO 21505:2017
ISO 21505:2017(E)

Bibliography

[1] ISO 21500, Guidance on project management

[2] ISO 21504, Project, programme and portfolio management — Guidance on portfolio management
[3] ISO/IEC 38500, Information technology — Governance of IT for the organization
[4] Report of the Committee on the Financial Aspects of Corporate Governance, Sir Adrian Cadbury,
London, 1992
[5] OECD Principles of Corporate Governance , OECD (Organisation for Economic Co-operation and
Development), 1999 and 2004

20 © ISO 2017 – All rights reserved