COBIT Requirements and Strategic Tools

Cobit Compliance ToolkitCOBIT Requirements and Strategic Tools - COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT is a set of best practices for information management. It provides managers, auditors, and IT users with a set of measures, processes and best practices to assist them in maximizing the benefits derived through the use of IT and developing appropriate governance and control.

Save over 35%
Special Offer for COBIT Compliance Toolkit

The first step in the process is the creation of an IT Infrastructure that supports best practices processes. These are all addressed in Janco's IT Governance Infrastructure, Strategy, and Charter Template. A further expansion of that infrastructure is supported by the Cobit Compliance Toolkit.

IT Governance Compliance - COBIT Compliance Kit
SAVE $2,000


The kit includes:

See also CIO IT Infrastructure Policy Bundle

Save over 35% off of the individual product cost by purchasing the COBIT Compliance Toolkit.


Janco's product offerings support COBIT. The list below maps Janco's product offerings to specific requirement of planning and organization, acquisition and implementation, and delivery and support.


The first domain in CobiT is Plan and Organize(PO). It is made up of 10 processes and 74 control objectives. The first domain in CobiT is Plan and Organize(PO). It is made up of 10 processes and 74 control objectives.

  • Define a Strategic IT Plan - IT strategic planning is required to manage and direct all IT resources in line with the business strategy and priorities. The IT function and business stakeholders are responsible for ensuring that optimal value is realised from project and service portfolios. The strategic plan improves key stakeholders' understanding of IT opportunities and limitations, assesses current performance, identifies capacity and human resource requirements, and clarifies the level of investment required. The business strategy and priorities are to be reflected in portfolios and executed by the IT tactical plan(s), which specifies concise objectives, action plans and tasks that are understood and accepted by both business and IT.

  • Define the Information Architecture - The information systems function creates and regularly updates a business information model and defines the appropriate systems to optimise the use of this information. This encompasses the development of a corporate data dictionary with the organisation's data syntax rules, data classification scheme and security levels. This process improves the quality of management decision making by making sure that reliable and secure information is provided, and it enables rationalising information systems resources to appropriately match business strategies. This IT process is also needed to increase accountability for the integrity and security of data and to enhance the effectiveness and control of sharing information across applications and entities.

  • Determine Technological Direction - The information services function determines the technology direction to support the business. This requires the creation of a technological infrastructure plan and an architecture board that sets and manages clear and realistic expectations of what technology can offer in terms of products, services and delivery mechanisms. The plan is regularly updated and encompasses aspects such as systems architecture, technological direction, acquisition plans, standards, migration strategies and contingency. This enables timely responses to changes in the competitive environment, economies of scale for information systems staffing and investments, as well as improved interoperability of platforms and applications.

  • Define the IT processes, organization and relationships - Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g. , to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them.

  • Manage the IT Investment - Defining IT budgets and service level agreements. This includes all IT assets within an organization where information is created, processed, stored, transmitted, or discarded. Mapping and managing IT investments is essential to prioritize investments and concentrate efforts on most critical assets that sustain organizational processes.

  • Communicate Management Aims and Direction - Communicate awareness and understanding of business and IT objectives and direction to appropriate stakeholders and users throughout the enterprise.

  • Manage IT Human Resources - Maintain IT personnel recruitment processes in line with the overall organisationīs personnel policies and procedures (e.g. , hiring, positive work environment, orienting). Implement processes to ensure that the organisation has an appropriately deployed IT workforce with the skills necessary to achieve organisational goals. Regularly verify that personnel have the competencies to fulfil their roles on the basis of their education, training and/or experience. Define core IT competency requirements and verify that they are being maintained, using qualification and certification programmes where appropriate.

  • Manage Quality - Establish and maintain a QMS that provides a standard, formal and continuous approach regarding quality management that is aligned with business requirements. The QMS should identify quality requirements and criteria; key IT processes and their sequence and interaction; and the policies to support that.

  • Assess and Manage IT Risks - Establish an IT risk management framework that is aligned to the organisationīs (enterpriseīs) risk management framework. Establish the context in which the risk assessment framework is applied to ensure appropriate outcomes. This should include determining the internal and external context of each risk assessment, the goal of the assessment, and the criteria against which risks are evaluated.

  • Manage Projects - Maintain a list of projects, related to the portfolio of IT-enabled investment programmes, by identifying, defining, evaluating, prioritising, selecting, initiating, managing and controlling projects. Ensure that the projects support the programmeīs objectives. Co-ordinate the activities and interdependencies of multiple projects, manage the contribution of all the projects within the programme to expected outcomes, and resolve resource requirements and conflicts.


The acquire and implement domain covers identifying IT requirements, acquiring the technology, and implementing it within the company's current business processes. This domain also addresses the development of a maintenance plan that a company should adopt in order to prolong the life of an IT system and its components.


The deliver and support domain focuses on the delivery aspects of the information technology. It covers areas such as the execution of the applications within the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. These support processes include security issues and training. The following table lists the IT processes contained in the Deliver and Support domain.

  • Define and Manage Service Levels - Define a framework that provides a formalised service level management process between the customer and service provider. The framework should maintain continuous alignment with business requirements and priorities and facilitate common understanding between the customer and provider(s). The framework should include processes for creating service requirements, service definitions, SLAs, OLAs and funding sources. The framework should define the organisational structure for service level management, covering the roles, tasks and responsibilities of internal and external service providers and customers.

  • Manage Third-Party Services - Identify all supplier services, and categorise them according to supplier type, significance and criticality. Maintain formal documentation of technical and organisational relationships covering the roles and responsibilities, goals, expected deliverables, and credentials of representatives of these suppliers.

  • Manage Performance and Capacity - Establish a planning process for the review of performance and capacity of IT resources to ensure that cost-justifiable capacity and performance are available to process the agreed-upon workloads as determined by the SLAs. Capacity and performance plans should leverage appropriate modelling techniques to produce a model of the current and forecasted performance, capacity and throughput of the IT resources.

  • Ensure Continuous Service - Develop a framework for IT continuity to support enterprisewide business continuity management using a consistent process. The objective of the framework should be to assist in determining the required resilience of the infrastructure and to drive the development of disaster recovery and IT contingency plans. The framework should address the organisational structure for continuity management, covering the roles, tasks and responsibilities of internal and external service providers, their management and their customers, and the planning processes that create the rules and structures to document, test and execute the disaster recovery and IT contingency plans.


Compliance Management Governance