Professional Documents
Culture Documents
EXECUTIVE SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
» About COBIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
» Business Service Management — A Practical Path to Supportting COBIT . . . . . . . . . . . . . . . . . 1
BMC SOLUTIONS AND COBIT CONTROLS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
» COBIT and IT Governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
» COBIT and ITIL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
» PLAN AND ORGANIZE (PO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
BMC Solution Fit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
BMC Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
» Acquire and Implement (AI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
BMC Solution Fit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
BMC Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
» Deliver and Support (DS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
BMC Solution Fit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
BMC Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
» Monitor and Evaluate (ME). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
BMC Solution Fit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
BMC Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
CONCLUSION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
» BSM Makes Compliance a Result of Running I.T. Well . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
EXECUTIVE SUMMARY
ABOUT COBIT
Control Objectives for Information and related Technology (COBIT®) is an IT-focused governance and
control framework created by the IT Governance Institute (ITGI) and Information Systems Audit and Control
Association® (ISACA). COBIT was developed as an open standard, and provides good practices across a
domain and process framework. COBIT presents activities in a manageable and logical structure. COBIT is
being increasingly adopted globally as the governance and control model for implementing and demonstrating
effective IT governance. The first, second, and third editions/versions of COBIT were published in 1994, 1998, and
2000, respectively.
COBIT harmonizes well with established frameworks, such as the Soware Engineering Institute’s Capability
Maturity Model, ISO 9000, ISO 17799 (standard security framework, now ISO 27001) and ITIL. In fact, 13 of the 34
high-level control objectives are derived directly from the ITIL Service Support and Service Delivery areas.
BSM offers a common and consistent way for information to be shared across IT functions and departments.
BSM simplifies, standardizes, and automates IT processes through out-of-the-box best practice templates and
integrated workflows that include IT Governance, Risk and Compliance elements for multiple regulations and
frameworks, across multiple platforms. BMC BSM solutions enable IT to manage based on business priorities.
BSM solutions from BMC help IT organizations automate IT controls while complying with governmental
regulation, industry best practices and internal policies. With BSM solutions from BMC, IT organizations
can meet and exceed business objectives AND mitigate risks while delivering superior performance within
constraints.
Many BMC solutions align with the fulfillment of COBIT, but to maximize the impact upon COBIT controls, we
recommend that you focus first on building your foundational controls in the following key solution areas:
With the foundation controls in place, you will be well positioned to address:
This document maps BMC solutions to COBIT control objectives outlined in the COBIT 4.0 guide. In many cases, text from the COBIT 4.0 document has been summarized in order to condense the information. Sections in boxes are direct
quotes from COBIT 4.0, “Source: COBIT 4.0. ©1996, 1998, 2000, IT Governance Institute. All rights reserved. Used by permission. ” Visit www.isaca.org to get a free download of the complete COBIT document.
1
BMC SOLUTIONS AND COBIT CONTROLS
Overall, BMC solutions apply to 32 of the 34 COBIT control objectives. These solutions offer a broad range of
coverage in many important areas, and are organized into the following four main groups to best address COBIT
Controls.
2
and risks within IT that need to be managed. They are usually ordered into the responsibility domains of plan,
build, run and monitor. Within the COBIT framework, these domains are called:
» Plan and Organize (PO)—Provides direction to solution delivery (AI) and service delivery (DS)
» Acquire and Implement (AI)—Provides the solutions and passes them to be turned into services
» Deliver and Support (DS)—Receives the solutions and makes them usable for end users
» Monitor and Evaluate (ME)—Monitors all processes to ensure that the direction provided is followed.
Business orientation is the main theme of COBIT. It is designed to be employed not only by IT service providers,
users, and auditors, but also, and more importantly, as comprehensive guidance for management and business
process owners.
COBIT defines IT activities in a generic process model within four domains. These domains are Plan and Organize,
Acquire and Implement, Deliver and Support, and Monitor and Evaluate. The domains map to IT’s traditional
responsibility areas of plan, build, run, and monitor.
3
BMC SOLUTION FIT
Plan and Organize control objectives are what we refer to as general IT management controls. These controls
result in many of the decisions and policies that are input into the IT service management system.
This section will examine all ten of the Plan and Organize control objectives, drilling deeper into the eight
objectives directly supported by BMC solutions:
BMC SOLUTIONS
» BMC Atrium Discovery
» BMC Atrium CMDB Suite
» BMC Atrium Orchestrator
» BMC BladeLogic Client Automation
» BMC BladeLogic Network Automation
» BMC BladeLogic Server Automation Suite
» BMC Remedy IT Service Management Suite
» BMC Remedy Identity Management Suite
» SailPoint IdentityIQ
» BMC IT Business Management Suite
» Are new projects likely to deliver solutions that meet business needs?
» Are new projects likely to be delivered on time and within budget?
» Will the new systems work properly when implemented?
» Will changes be made without upsetting current business operations?
4
BMC SOLUTIONS
» BMC Atrium CMDB Suite
» BMC Atrium Orchestrator
» BMC Event and Impact Management
» BMC BladeLogic Client Automation
» BMC BladeLogic Network Automation
» BMC BladeLogic Server Automation Suite
» BMC BladeLogic Application Automation
» BMC Remedy IT Service Management Suite
» BMC Remedy Identity Management Suite
» SailPoint Identity IQ
» BMC IT Business Management Suite
BMC SOLUTIONS
» BMC Atrium CMDB Suite
» BMC Atrium Discovery
» BMC Atrium Orchestrator
» BMC Analytics for BSM
» BMC Dashboards for BSM
» BMC MainView
5
» BMC Control-M
» BMC Control-D
» BMC Data Management for z/OS
» BMC Database Recovery Management
» BMC ProactiveNet Performance Management
» BMC Event and Impact Management
» BMC Service Level Management
» BMC BladeLogic Client Automation
» BMC BladeLogic Networks
» BMC BladeLogic Decision Support for Network Automation
» BMC BladeLogic Server Automation Suite
» BMC BladeLogic Decision Support for Server Automation
» BMC BladeLogic Application Automation
» BMC Remedy IT Service Management Suite
» BMC Remedy Identity Management Suite
» Sailpoint Identity IQ
» BMC IT Business Management Suite
BMC SOLUTIONS
» BMC Atrium CMDB Suite
» BMC Atrium Orchestrator
» BMC Analytics for BSM
» BMC Dashboards for BSM
» BMC MainView
» BMC Control-M
» BMC Control-D
» BMC ProactiveNet Performance Management
» BMC Event and Impact Management
6
» BMC Service Level Management
» BMC BladeLogic Client Automation
» BMC BladeLogic Networks
» BMC BladeLogic Decision Support for Network Automation
» BMC BladeLogic Server Automation Suite
» BMC BladeLogic Decision Support for Server Automation
» BMC BladeLogic Application Automation
» BMC Remedy IT Service Management Suite
» BMC Remedy Identity Management Suite
» SailPoint Identity IQ
» BMC IT Business Management Suite
CONCLUSION
BSM MAKES COMPLIANCE A RESULT OF RUNNING I.T. WELL
As your IT organization transitions to face the challenge of managing IT based on business priorities, you can
use COBIT controls and Business Service Management solutions from BMC to help meet the challenge. COBIT
provides the framework for setting business goals and objectives, and measuring the progress of how those
goals are accomplished. BSM solutions from BMC provide you with the most effective approach for managing IT
from the perspective of the business. All potential users can benefit from using the COBIT content as an overall
approach to managing and governing IT, orchestrated with more detailed standards.
When you introduce solutions that enhance implementation and maintenance of COBIT controls enterprise
wide, you can better meet business objectives and deliver higher quality business services — at lower costs to
your organization.
BMC offers solutions that enable you to control your IT environment and meet governance and compliance
objectives, as defined by COBIT. BSM solutions from BMC help you automate IT controls; comply with
government regulations, industry best practices, and internal policies; manage risk effectively; and improve
overall business performance. These solutions help you manage IT based on business priorities, and align IT
processes to business needs.
7
Business runs on IT. IT runs on BMC Soware.
Business thrives when IT runs smarter, faster, and stronger. That’s why the most demanding IT organizations in
the world rely on BMC Soware across both distributed and mainframe environments. Recognized as the leader
in Business Service Management, BMC offers a comprehensive approach and unified platform that helps IT
organizations cut cost, reduce risk, and drive business profit. For the four fiscal quarters ended March 31, 2010,
BMC revenue was approximately $1.91 billion. Visit www.bmc.com for more information.
*141967*
BMC, BMC Soware, and the BMC Soware logo are the exclusive properties of BMC Soware, Inc., are registered with the U.S. Patent and Trademark Office, and may be
registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other
countries. All other trademarks or registered trademarks are the property of their respective owners. ©2010 BMC Soware, Inc. All rights reserved.