COBIT Requirements and Strategic Tools
COBIT Requirements and Strategic Tools - COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT is a set of best practices for information management. It provides managers, auditors, and IT users with a set of measures, processes and best practices to assist them in maximizing the benefits derived through the use of IT and developing appropriate governance and control.
Save over 35%
Special Offer for COBIT Compliance Toolkit
The first step in the process is the creation of an IT Infrastructure that supports best practices processes. These are all addressed in Janco's IT Governance Infrastructure, Strategy, and Charter Template. A further expansion of that infrastructure is supported by the Cobit Compliance Toolkit.
IT Governance Compliance - COBIT Compliance Kit |
Order |
The kit includes:
- Compliance Management White Paper
- Record Management and Destruction Policy Template
- IT Governance Infrastructure, Strategy, and Charter Template
- Disaster Recovery Business Continuity Template
- Practical Guide for IT Outsourcing
- Service Level Agreement Policy Template with Sample Metrics
- Metrics for the Internet, Information Technology, and Service Management
- IT Service Management (ITSM) Service Oriented Architecture (SOA)
- Internet and Information Technology Position Descriptions HandiGuide
- HIPAA Audit Program
- Security Policies and Procedures Template
- Security Audit Program
- Business and IT Impact Questionnaire
- IT Salary Survey
See also CIO IT Infrastructure Policy Bundle
Save over 35% off of the individual product cost by purchasing the COBIT Compliance Toolkit.
Janco's product offerings support COBIT. The list below maps Janco's product offerings to specific requirement of planning and organization, acquisition and implementation, and delivery and support.
PLAN and ORGANIZE
The first domain in CobiT is Plan and Organize(PO). It is made up of 10 processes and 74 control objectives. The first domain in CobiT is Plan and Organize(PO). It is made up of 10 processes and 74 control objectives.
- Define a Strategic IT Plan
- IT strategic planning is required to manage and direct all IT resources in line with the business strategy and priorities. The IT function and business stakeholders are responsible for ensuring that optimal value is realised from project and service portfolios. The strategic plan improves key stakeholders' understanding of IT opportunities and limitations, assesses current performance, identifies capacity and human resource requirements, and clarifies the level of investment required. The business strategy and priorities are to be reflected in portfolios and executed by the IT tactical plan(s), which specifies concise objectives, action plans and tasks that are understood and accepted by both business and IT.
- IT Governance Infrastructure, Strategy, and Charter Template
- Compliance Management White Paper
- Define the Information Architecture
- The information systems function creates and regularly updates a business information model and defines the appropriate systems to optimise the use of this information. This encompasses the development of a corporate data dictionary with the organisation's data syntax rules, data classification scheme and security levels. This process improves the quality of management decision making by making sure that reliable and secure information is provided, and it enables rationalising information systems resources to appropriately match business strategies. This IT process is also needed to increase accountability for the integrity and security of data and to enhance the effectiveness and control of sharing information across applications and entities.
- IT Governance Infrastructure, Strategy, and Charter Template
- Compliance Management White Paper
- Record Management Retention and Destruction Policy
- Determine Technological Direction
- The information services function determines the technology direction to support the business. This requires the creation of a technological infrastructure plan and an architecture board that sets and manages clear and realistic expectations of what technology can offer in terms of products, services and delivery mechanisms. The plan is regularly updated and encompasses aspects such as systems architecture, technological direction, acquisition plans, standards, migration strategies and contingency. This enables timely responses to changes in the competitive environment, economies of scale for information systems staffing and investments, as well as improved interoperability of platforms and applications.
- Define the IT processes, organization and relationships
- Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g. , to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them.
- Manage the IT Investment
- Defining IT budgets and service level agreements. This includes all IT assets within an organization where information is created, processed, stored, transmitted, or discarded. Mapping and managing IT investments is essential to prioritize investments and concentrate efforts on most critical assets that sustain organizational processes.
- Communicate Management Aims and Direction - Communicate awareness and understanding of business and IT objectives and direction to appropriate stakeholders and users throughout the enterprise.
- Manage IT Human Resources - Maintain IT personnel recruitment processes in line with the overall organisation´s personnel policies and procedures (e.g. , hiring, positive work environment, orienting). Implement processes to ensure that the organisation has an appropriately deployed IT workforce with the skills necessary to achieve organisational goals. Regularly verify that personnel have the competencies to fulfil their roles on the basis of their education, training and/or experience. Define core IT competency requirements and verify that they are being maintained, using qualification and certification programmes where appropriate.
- Manage Quality - Establish and maintain a QMS that provides a standard, formal and continuous approach regarding quality management that is aligned with business requirements. The QMS should identify quality requirements and criteria; key IT processes and their sequence and interaction; and the policies to support that.
- Assess and Manage IT Risks - Establish an IT risk management framework that is aligned to the organisation´s (enterprise´s) risk management framework. Establish the context in which the risk assessment framework is applied to ensure appropriate outcomes. This should include determining the internal and external context of each risk assessment, the goal of the assessment, and the criteria against which risks are evaluated.
- Manage Projects - Maintain a list of projects, related to the portfolio of IT-enabled investment programmes, by identifying, defining, evaluating, prioritising, selecting, initiating, managing and controlling projects. Ensure that the projects support the programme´s objectives. Co-ordinate the activities and interdependencies of multiple projects, manage the contribution of all the projects within the programme to expected outcomes, and resolve resource requirements and conflicts.
ACQUIRE and IMPLEMENT
The acquire and implement domain covers identifying IT requirements, acquiring the technology, and implementing it within the company's current business processes. This domain also addresses the development of a maintenance plan that a company should adopt in order to prolong the life of an IT system and its components.
- Identify Automated Solutions- Identify, prioritise, specify and agree on business functional and technical requirements covering the full scope of all initiatives required to achieve the expected outcomes of the IT-enabled investment initiatives.
- Acquire and Maintain Application Software - Translate business requirements into a high-level design specification for software acquisition, taking into account the organisation´s technological direction and information architecture. Have the design specifications approved by management to ensure that the high-level design responds to the requirements. Reassess when significant technical or logical discrepancies occur during development or maintenance.
- Acquire and Maintain Technology Infrastructure - Produce a plan for the acquisition, implementation and maintenance of the technological infrastructure that meets established business functional and technical requirements and is in accord with the organisation´s technology direction.
- Enable operation and use - Develop a plan to identify and document all technical, operational and usage aspects such that all those who will operate, use and maintain the automated solutions can exercise their responsibility. Transfer knowledge to business management to allow those individuals to take ownership of the system and data, and exercise responsibility for service delivery and quality, internal control, and application administration.
- IT Governance Infrastructure, Strategy, and Charter Template
- IT Service Management (ITSM) Service Oriented Architecture (SOA)
- Record Management Retention and Destruction Policy
- Obtain IT resources - Develop and follow a set of procedures and standards that is consistent with the business organisation´s overall procurement process and acquisition strategy to acquire IT-related infrastructure, facilities, hardware, software and services needed by the business.
- Manage Changes - Set up formal change management procedures to handle in a standardised manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms.
- Install and Accredit Solutions and Changes - Train the staff members of the affected user departments and the operations group of the IT function in accordance with the defined training and implementation plan and associated materials, as part of every information systems development, implementation or modification project.
DELIVER and SUPPORT
The deliver and support domain focuses on the delivery aspects of the information technology. It covers areas such as the execution of the applications within the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. These support processes include security issues and training. The following table lists the IT processes contained in the Deliver and Support domain.
- Define and Manage Service Levels - Define a framework that provides a formalised service level management process between the customer and service provider. The framework should maintain continuous alignment with business requirements and priorities and facilitate common understanding between the customer and provider(s). The framework should include processes for creating service requirements, service definitions, SLAs, OLAs and funding sources. The framework should define the organisational structure for service level management, covering the roles, tasks and responsibilities of internal and external service providers and customers.
- Manage Third-Party Services - Identify all supplier services, and categorise them according to supplier type, significance and criticality. Maintain formal documentation of technical and organisational relationships covering the roles and responsibilities, goals, expected deliverables, and credentials of representatives of these suppliers.
- Manage Performance and Capacity - Establish a planning process for the review of performance and capacity of IT resources to ensure that cost-justifiable capacity and performance are available to process the agreed-upon workloads as determined by the SLAs. Capacity and performance plans should leverage appropriate modelling techniques to produce a model of the current and forecasted performance, capacity and throughput of the IT resources.
- Ensure Continuous Service - Develop a framework for IT continuity to support enterprisewide business continuity management using a consistent process. The objective of the framework should be to assist in determining the required resilience of the infrastructure and to drive the development of disaster recovery and IT contingency plans. The framework should address the organisational structure for continuity management, covering the roles, tasks and responsibilities of internal and external service providers, their management and their customers, and the planning processes that create the rules and structures to document, test and execute the disaster recovery and IT contingency plans.