Professional Documents
Culture Documents
Summery processes :-
•Establish Strategic Vision for Information Technology
•Develop Tactics to Plan, Communicate, And Manage
Realization of the Strategic Mission
•Create positive control environment, such as instituting code
of ethics, Quality control, separation of duties, mandatory
leave days.
Control Objectives for Information and related
Technology (COBIT): acquisition and implementation
Includes:-
•processes to identify, develop or acquire, implement
IT solutions, and integrate them into the business
processes.
•Once installed, procedures must also be in place to
maintain and manage changes to existing systems.
Control Objectives for Information and related
Technology (COBIT): acquisition and implementation – cont…
Summery processes :-
• Acquire IT Solutions, adherence to SDLC, e.g. provide for preparation and
maintenance of service level requirements and application documentation to
ensure sustainable and effective use of the IT solution.
• Integrate IT Solutions into Operational Processes. The SDLC should provide
for a planned, tested, controlled, and approved conversion to the new system
• Manage Changes to Existing IT Systems. To ensure processing integrity
between versions of systems and to ensure consistency of results from period
to period, changes to IT infrastructure must be managed via change request,
impact assessment, documentation, authorization, release and distribution
policies, and procedures.
Control Objectives for Information and related
Technology (COBIT): delivery and support
Includes processes to :-
•Deliver required IT services,
•Ensure security and continuity of services,
•Set up support services, including training, and ensure
integrity of application data.
Failure of these processes can result in poor quality IS
Control Objectives for Information and related
Technology (COBIT): monitoring
• Includes process to assess IT services for quality and to ensure
compliance with control requirements. Monitoring may be performed
as a self-assessment activity within an organizational unit.