Home Random Page


CATEGORIES:

BiologyChemistryConstructionCultureEcologyEconomyElectronicsFinanceGeographyHistoryInformaticsLawMathematicsMechanicsMedicineOtherPedagogyPhilosophyPhysicsPolicyPsychologySociologySportTourism






A1 COBIT

The COBIT framework, produced by the Information Systems Audit and Control Association (ISACA) and managed by the IT Governance Institute, provides a very useful framework of guidance for IT audit and security personnel.

The current version of COBIT, edition 4, includes 34 High Level Control Objectives, 13 of which are grouped under the ‘Deliver and Support Domain’, which maps quite closely onto ITIL’s Service Operation phase. These are entitled:

  • DS1 Define and manage service levels.
  • DS2 Manage third-party services.
  • DS3 Manage performance and capacity.
  • DS4 Ensure continuous service.
  • DS5 Ensure systems security.
  • DS6 Identify and allocate costs.
  • DS7 Educate and train users.
  • DS8 Manage service desk and incidents.
  • DS9 Manage the configuration.
  • DS10 Manage problems.
  • DS11 Manage data.
  • DS12 Manage the physical environment.
  • DS13 Manage operations.

Some aspects of Service Operation are also touched upon in some of the control objectives within other domains – but the vast majority of what COBIT has to say about the ‘live operation’ phase of IT is contained in the abovementioned control objectives.

COBIT is primarily aimed at auditors, so has an emphasis on what should be audited and how, rather than including detailed guidance for those who are operating the processes that will be audited – but it has a lot of valid material which organizations may find useful.

It should be noted that COBIT and ITIL are not ‘competitive’ nor are they mutually exclusive – on the contrary, they can be used in conjunction as part of an organization’s overall managerial and governance framework. ITIL provides an organization with best-practice guidance on how to manage and improve its process to deliver high-quality, cost-effective IT services. COBIT provides guidance on how these processes should be audited and assessed to determine whether they are operating as intended and giving optimum benefit for the organization.

For a more complete overall picture, organizations may wish to read and become familiar with what COBIT has to say alongside their reading and understanding of ITIL. Further details of the standard can be found via ISACA at www.isaca.org


A2 ISO/IEC 20000

In December 2005 the International Standards Organization launched a formal international standard, ISO/ISE 20000, against which organizations can seek independent accreditation for ITSM . This was preceded by a British Standard, BS15000, which was originally introduced in 2000 and under which some organizations became accredited, but was superseded by ISO/ISE 20000 and accreditations were carried over.

While ISO/IEC 20000 initially mapped to the prior Service Support and Service Delivery publication of ITIL, the standard continues to map well to ITIL today and also covers IT Security, Business Relationship Management and Supplier Management.

For organizations seeking formal accreditation to ISO/IEC 20000, so as to get external, international recognition for the success of their ITSM processes, there will be a significant involvement by Service Operation staff in preparing for and undergoing the formal surveillance necessary to achieve the standard.

Further details of the standard can be found via the itSMF at www.itsmf.com or the ISO at www.iso.org


Date: 2014-12-29; view: 1110

<== previous page | next page ==>
Risks to successful Service Operation | A4 Balanced Scorecard
doclecture.net - lectures - 2014-2024 year. Copyright infringement or personal data (0.006 sec.)