ITIL can be described as a set of books documenting best practice for ITSM, providing guidance on the provision of quality IT services and the facilities needed to support them. Organisations need to understand that ITIL has never been nor was intended to be a complete, out-of-the-box solution and does not have to stand alone; in fact, an organisation may struggle to effectively implement ITIL without some form of IT governance framework. Importantly, COBIT can help guide an organisation in what should be covered in processes and procedures whereas ITIL provides guidance on how the processes or procedures should be designed. This should then be built upon to establish business-aligned IT objectives. It has the additional ability to ensure that ITIL-based Continual Service Improvement is focused on appropriate processes and activities to deliver the greatest positive impact in respect of business goals.
|Published (Last):||24 May 2014|
|PDF File Size:||12.93 Mb|
|ePub File Size:||16.75 Mb|
|Price:||Free* [*Free Regsitration Required]|
For complaints, use another form. Study lib. Upload document Create flashcards. Documents Last activity. Flashcards Last activity. Add to Add to collection s Add to saved. ITGI was established by the non-profit membership association ISACA in to help ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly allocated, and IT performance is measured.
ITGI makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other proper information, procedures and tests that are reasonably directed to obtaining the same results.
In determining the propriety of any specific information, procedure or test, control professionals should apply their own professional judgement to the specific control circumstances presented by the particular systems or information technology environment. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means electronic, mechanical, photocopying, recording or otherwise without the prior written authorisation of ITGI.
No other right or permission is granted with respect to this work. Mitchell, Ph. Stroud, CA Inc. Analytix Holdings Pty. Bwise B. CA Inc. LogLogic Inc. Phoenix Business and Systems Process Inc. Project Rx Inc. Symantec Corp.
TruArx Inc. Purpose of the Document Methodology for the Mapping ITIL v3 Overview High-level Mapping Detailed Mapping Through original research, case studies and electronic resources, ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.
COBIT provides a high-level, comprehensive IT governance and control framework based on the harmonisation of more than 50 IT good practice sources published by various international standards bodies, governments and other institutions. In addition, the results help entities that are planning to apply standards and guidance to harmonise those initiatives and use COBIT as the overall framework for sound IT governance.
Although many of these questions can be addressed using the openly available COBIT guidance, more specific information is sometimes required. The mapping project addresses the gaps by mapping the most important and commonly used standards1 to the COBIT processes and control objectives. With the addition of management guidelines in , COBIT was used more frequently as a management framework, providing management tools, such as metrics and maturity models, to complement the control framework.
Version 3 consists of 27 detailed processes organised into five high-level processes described in five core books—Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement—that comprise one function: effective IT service management. This mapping does not contain all of the details of ITIL v3. Some language is included directly from ITIL, but it is recommended to obtain a copy of the original document.
The detailed mapping was done as shown in figure 1. A mapping was done for information requirements that fit to a single control objective. A 1:n mapping was done for information requirements that fit to more than one control objective. If a, b and c failed, then COBIT does not cover the requirement of this specific information, in which case the most appropriate process was selected and the information requirement was mapped to non-existent control objective 99 of the process.
In , the second edition was published with additional control objectives and the Implementation Tool Set. The third edition was issued by ITGI in and included the management guidelines and several new control objectives. Within organisations, COBIT intends to support executive management and boards; business and IT management; and governance, assurance, control and security professionals.
The level of detail primarily depends on the role of the function. If the function is responsible to fulfil the requirements, thorough knowledge should be ensured, but if the function is accountable or involved otherwise consulted or informed , an overview should be applicable. The level is indicated in figure 2. The research conducted for these updates addressed components of the control objectives and management guidelines. The first document, , was published in Others are still in development.
It includes the most significant parts of IT management, including those covered by other standards. Although no technical details are included, the necessary tasks for complying with the control objectives are self-explanatory.
Therefore, it is classified at a relatively high level, aiming to be generically complete but not specific. It offers online, real-time surveys and benchmarking. Enterprise governance is inadequate without IT governance and vice versa. IT can extend and influence the performance of the organisation, but IT has to be subject to adequate governance.
On the other hand, business processes require information from the IT processes, and this interrelationship has to be governed as well. In this subject matter, the plan-do-check-act PDCA cycle becomes evident.
The concept of the PDCA cycle usually is used in structured problem-solving and continuous-improvement processes. Both the information needed enterprise governance and the information delivered IT governance have to be planned with measurable and constructive indicators plan.
The information and, possibly, information systems have to be implemented, delivered and used do. The outcome of the information delivered and used is measured against the indicators defined in the planning phase check.
Deviation is investigated, and corrective action is taken act. Considering these interdependencies, it is apparent that the IT processes are not an end in themselves; instead, they are a means to an end that is highly integrated with the management of business processes. ME2 Monitor and evaluate internal control. ME3 Ensure regulatory compliance. ME4 Provide IT governance. PO1 Define a strategic IT plan.
PO2 Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. DS2 Manage third-party services. DS3 Manage performance and capacity. DS4 Ensure continuous service. DS5 Ensure systems security.
DS6 Identify and allocate costs. DS7 Educate and train users. DS8 Manage service desk and incidents. DS9 Manage the configuration. DS10 Manage problems. DS11 Manage data. DS12 Manage the physical environment. DS13 Manage operations. AI2 Acquire and maintain application software. AI3 Acquire and maintain technology infrastructure. AI4 Enable operation and use. AI5 Procure IT resources.
AI6 Manage changes. AI7 Install and accredit solutions and changes. Plans and organisational structures already developed can be adopted, depending on the significance of each service, rather than developing a new plan for the IT service.
Services are implemented subsequently, and all necessary precautions for ongoing service, delivery and monitoring are considered. From the IT governance point of view, single services are merely in the background.
Freely subscribe to our NEWSLETTER
For complaints, use another form. Study lib. Upload document Create flashcards. Documents Last activity. Flashcards Last activity. Add to
Mapping of ITIL v3 With COBIT® 4.1
ITGI was established by the non-profit membership association ISACA in to help ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly allocated, and IT performance is measured. ITGI makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other proper information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, control professionals should apply their own professional judgement to the specific control circumstances presented by the particular systems or information technology environment.
Mapping of ITIL v3 - With COBIT 4.1