COBIT and ITIL Mapping

IT Evaluation and Auditing By Abdul Rasheed Baloch MSIS-10

What is ITIL? The IT Infrastructure Library is a set of books comprising an IT service management Best Practices framework. It is an industry of products, services, and organizations. ITIL is Unique: consistent, comprehensive, non-proprietary was created by and for the British government, later expanded for use in all organizations. ITIL Gives a detailed description of important IT practices, with comprehensive checklists, tasks, procedures and responsibilities. And can be tailored to any IT organization. ITIL Objectives Create a set of comprehensive, consistent and coherent codes of Best Practice for quality IT service management, promoting business effectiveness in the use of IT. ITIL Encourage the private sector to develop services and products (training, consultancy and tools) that support ITIL. It provide an approach based on the best examples taken from practice. IT service providers use ITIL concepts and practices to: Increase satisfaction of customers / users with IT services Enhance communication with customers Achieve higher reliability in mission-critical systems and infrastructure Improve the cost/benefit of services Create a common sense among staff

Control Objectives for Information and Related Technology (COBIT) Sponsor: Information Systems Audit and Control Association and the IT Governance Institute What it is: An audit-oriented set of guidelines for IT processes, practices and controls. It is geared to risk reduction, focusing on integrity, reliability and security. Addresses four domains: 1. 2. 3. 4. Planning and organization Acquisition and implementation Delivery and support Monitoring

COBIT Has six maturity levels, similar to CMM's. Strengths: Good checklists for IT. COBIT enables IT to address risks not explicitly addressed by other frameworks and to pass audits. It can work well with other frameworks, especially ITIL. Limitations: Says what to do but not how to do it. It doesn't deal directly with software development or IT services. COBIT doesn't provide road map for continuous process improvement.

COBIT and ITIL Mapping Planning and Organization

COBIT Define a Strategic Information Technology Plan Define the Information Architecture Determine the Technology Direction Define the IT Organization and Relationships Manage the Investment in Information Technology Communicate Management Aims and Direction Manage Human Resources Ensure Compliance with External Requirements Assess Risks Manage Projects Manage Quality ITIL Planning & control for IT Services Security Management Determine the Technology Direction IT Services Organization Financial Management

Quality Management for IT Services (CCTA Quality Management Library)

ACQUISITION & IMPLEMENTATION

COBIT Identify Solutions ITIL Service Level Management; Change Management; Security Management; Release Management Change Management, Availability Management Problem Management; Security Management; Change Management

Acquire and Maintain Application Software Acquire and Maintain Technology Architecture Develop and Maintain Information Technology Procedures Install and Accredit Systems

Capacity Management; Change Management; Security Management

Delivery and Support

COBIT 1. Define Service Levels 2. Manage Third-Party Services 3. Manage Performance and Capacity 4. Ensure Continuous Service 5. Ensure Systems Security 6. Identify and Allocate Costs 7. Educate and Train Users 8. Assisting and Advising Information Technology Customers 9. Manage the Configuration 10. Manage Problems and Incident 11. Manage Data ITIL Service Level Management Service Level Management Capacity Management Availability Management, Contingency Planning Security Management Financial Management Customer Liaison Incident Management (Service Desk) Configuration Management Problem Management Capacity Management, Release Management, Availability Management; Contingency Planning

12. Manage Facilities 13. Manage Operations

Monitoring
COBIT Monitor the process Obtain Independent Assurance Provide for Independent Audit

ITIL