8.5.2 Service design and tran8.5.2 Service design and transition 8.5.

2 Service design and transition

5 Leadership 6 Planning 7 Support of the service 8.3 Relationship and agreement 9 Performance evaluation 10 Improvement
management system
5.2 Policy 8.2 Service portfolio 8.3 Relationship and agreement 8.4 Supply and demand 8.5 Service design, build and transition 8.6 Resolution and fulfilment 8.7 Service assurance
8.5.1 Change management 8.5.2 Service design and transition 8.7.3 Information security management

6.2 Service management objectives and planning to achieve them

5.3 Organizational roles, responsibilities and authorities

9.1 Monitoring, measurement, analysis and evaluation

8.2.3 Control of parties involved in the service lifecycle
5.2.2 Communicating the service management policy
5.2.1 Establishing the service management policy

6.1 Actions to address risks and opportunities

8.5.3 Release and deployment management

8.4.1 Budgeting and accounting for services
6.3 Plan the service management system

10.1 Nonconformity and corrective action

8.3.2 Business relationship management

8.5.1.3 Change management activities

8.5.1.2 Change management initiation

8.7.1 Service availability management

8.5.2.1 Plan new or changed services
8.2.4 Service catalogue management

8.7.2 Service continuity management

`8.5.1.1 Change management policy

8.7.3.3 Information security incidents

8.1 Operational planning and control

8.7.3.2 Information security controls

8.6.2 Service request management

8.7.3.1 Information security policy

8.2.6 Configuration management
5.1 Leadership and commitment

8.3.3 Service level management

8.4.3 Capacity management

7.5 Documented information

8.4.2 Demand management

10.2 Continual improvement

8.6.3 Problem management
8.3.4 Supplier management

8.6.1 Incident management

8.5.2.3 Build and transition
8.2.5 Asset management

9.3 Management review

8.2.2 Plan the services
8.2.1 Service delivery

9.4 Service reporting

7.4 Communication

9.2 Internal audit

7.2 Competence
7.3 Awareness

7.6 Knowledge
7.1 Resources

8.5.2.2 Design
8.3.1 General
Practice_Name Practice ID
Evaluate the governance system. EDM01.01
Direct the governance system. EDM01.02
Monitor the governance system. EDM01.03
Establish the target investment mix. EDM02.01
Evaluate value optimization. EDM02.02
Direct value optimization. EDM02.03
Monitor value optimization. EDM02.04
EDM

Evaluate risk management. EDM03.01

Direct risk management. EDM03.02
Monitor risk management. EDM03.03
Evaluate resource management. EDM04.01
Direct resource management. EDM04.02
Monitor resource management. EDM04.03
Evaluate stakeholder engagement and reporting requirements. EDM05.01
Direct stakeholder engagement, communication and reporting. EDM05.02
Monitor stakeholder engagement. EDM05.03
Design the management system for enterprise I&T. APO01.01
Communicate management objectives, direction and decisions made. APO01.02
Implement management processes (to support the achievement of governance and management objectives). APO01.03
Define and implement the organizational structures. APO01.04
Establish roles and responsibilities. APO01.05
Optimize the placement of the IT function. APO01.06
Define information (data) and system ownership. APO01.07
Define target skills and competencies. APO01.08
Define and communicate policies and procedures. APO01.09
Define and implement infrastructure, services and applications to support the governance and management system. APO01.10
Manage continual improvement of the I&T management system. APO01.11
Understand enterprise context and direction. APO02.01
Assess current capabilities, performance and digital maturity of the enterprise. APO02.02
Define target digital capabilities. APO02.03
Conduct a gap analysis. APO02.04
Define the strategic plan and road map. APO02.05
Communicate the I&T strategy and direction. APO02.06
Develop the enterprise architecture vision. APO03.01
Define reference architecture. APO03.02
Select opportunities and solutions. APO03.03
Define architecture implementation. APO03.04
Provide enterprise architecture services. APO03.05
Create an environment conducive to innovation. APO04.01
Maintain an understanding of the enterprise environment. APO04.02
Monitor and scan the technology environment. APO04.03
Assess the potential of emerging technologies and innovative ideas. APO04.04
Recommend appropriate further initiatives. APO04.05
Monitor the implementation and use of innovation. APO04.06
Determine the availability and sources of funds. APO05.01
Evaluate and select programs to fund. APO05.02
Monitor, optimize and report on investment portfolio performance. APO05.03
Maintain portfolios. APO05.04
Manage benefits achievement. APO05.05
Manage finance and accounting. APO06.01
Prioritize resource allocation. APO06.02
Create and maintain budgets. APO06.03
Model and allocate costs. APO06.04
Manage costs. APO06.05
Acquire and maintain adequate and appropriate staffing. APO07.01
Identify key IT personnel. APO07.02
Maintain the skills and competencies of personnel. APO07.03
APO

Assess and recognize/reward employee job performance. APO07.04

Plan and track the usage of IT and business human resources. APO07.05
Manage contract staff. APO07.06
Understand business expectations. APO08.01
Align I&T strategy with business expectations and identify opportunities for IT to enhance the business. APO08.02
Manage the business relationship. APO08.03
Coordinate and communicate. APO08.04
Provide input to the continual improvement of services. APO08.05
Identify I&T services. APO09.01
Catalog I&T-enabled services. APO09.02
Define and prepare service agreements. APO09.03
Monitor and report service levels. APO09.04
Review service agreements and contracts. APO09.05
Identify and evaluate vendor relationships and contracts. APO10.01
Select vendors. APO10.02
Manage vendor relationships and contracts. APO10.03
Manage vendor risk. APO10.04
Monitor vendor performance and compliance. APO10.05
Establish a quality management system (QMS). APO11.01
Focus quality management on customers. APO11.02
Manage quality standards, practices and procedures and integrate quality management into key processes and solutions. APO11.03
Perform quality monitoring, control and reviews. APO11.04
Maintain continuous improvement. APO11.05
Collect data. APO12.01
Analyze risk. APO12.02
Maintain a risk profile. APO12.03
Articulate risk. APO12.04
Define a risk management action portfolio. APO12.05
Respond to risk. APO12.06
Establish and maintain an information security management system (ISMS). APO13.01
Define and manage an information security risk treatment plan. APO13.02
Monitor and review the information security management system (ISMS). APO13.03
Define and communicate the organization's data management strategy and roles and responsibilities. APO14.01
Define and maintain a consistent business glossary. APO14.02
Establish the processes and infrastructure for metadata management. APO14.03
Define a data quality strategy. APO14.04
Establish data profiling methodologies, processes and tools. APO14.05
Ensure a data quality assessment approach. APO14.06
Define the data cleansing approach. APO14.07
Manage the life cycle of data assets. APO14.08
Support data archiving and retention. APO14.09
Manage data backup and restore arrangements. APO14.10
Maintain a standard approach for program management. BAI01.01
Initiate a program. BAI01.02
Manage stakeholder engagement. BAI01.03
Develop and maintain the program plan. BAI01.04
Launch and execute the program. BAI01.05
Monitor, control and report on the program outcomes. BAI01.06
Manage program quality. BAI01.07
Manage program risk. BAI01.08
Close a program. BAI01.09
Define and maintain business functional and technical requirements. BAI02.01
Perform a feasibility study and formulate alternative solutions. BAI02.02
Manage requirements risk. BAI02.03
Obtain approval of requirements and solutions. BAI02.04
Design high-level solutions. BAI03.01
Design detailed solution components. BAI03.02
Develop solution components. BAI03.03
Procure solution components. BAI03.04
Build solutions. BAI03.05
Perform quality assurance (QA). BAI03.06
Prepare for solution testing. BAI03.07
Execute solution testing. BAI03.08
Manage changes to requirements. BAI03.09
Maintain solutions. BAI03.10
Define IT products and services and maintain the service portfolio. BAI03.11
Design solutions based on the defined development methodology. BAI03.12
Assess current availability, performance and capacity and create a baseline. BAI04.01
Assess business impact. BAI04.02
Plan for new or changed service requirements. BAI04.03
Monitor and review availability and capacity. BAI04.04
Investigate and address availability, performance and capacity issues. BAI04.05
Establish the desire to change. BAI05.01
Form an effective implementation team. BAI05.02
Communicate desired vision. BAI05.03
Empower role players and identify short-term wins. BAI05.04
Enable operation and use. BAI05.05
BAI

Embed new approaches. BAI05.06

Sustain changes. BAI05.07
Evaluate, prioritize and authorize change requests. BAI06.01
Manage emergency changes. BAI06.02
Track and report change status. BAI06.03
Close and document the changes. BAI06.04
Establish an implementation plan. BAI07.01
Plan business process, system and data conversion. BAI07.02
Plan acceptance tests. BAI07.03
Establish a test environment. BAI07.04
Perform acceptance tests. BAI07.05
Promote to production and manage releases. BAI07.06
Provide early production support. BAI07.07
Perform a post-implementation review. BAI07.08
Identify and classify sources of information for governance and management of I&T. BAI08.01
Organize and contextualize information into knowledge. BAI08.02
Use and share knowledge. BAI08.03
Evaluate and update or retire information. BAI08.04
Identify and record current assets. BAI09.01
Manage critical assets. BAI09.02
Manage the asset life cycle. BAI09.03
Optimize asset value. BAI09.04
Manage licenses. BAI09.05
Establish and maintain a configuration model. BAI10.01
Establish and maintain a configuration repository and baseline. BAI10.02
Maintain and control configuration items. BAI10.03
Produce status and configuration reports. BAI10.04
Verify and review integrity of the configuration repository. BAI10.05
Maintain a standard approach for project management. BAI11.01
Start up and initiate a project. BAI11.02
Manage stakeholder engagement. BAI11.03
Develop and maintain the project plan. BAI11.04
Manage project quality. BAI11.05
Manage project risk. BAI11.06
Monitor and control projects. BAI11.07
Manage project resources and work packages. BAI11.08
Close a project or iteration. BAI11.09
Perform operational procedures. DSS01.01
Manage outsourced I&T services. DSS01.02
Monitor I&T infrastructure. DSS01.03
Manage the environment. DSS01.04
Manage facilities. DSS01.05
Define classification schemes for incidents and service requests. DSS02.01
Record, classify and prioritize requests and incidents. DSS02.02
Verify, approve and fulfill service requests. DSS02.03
Investigate, diagnose and allocate incidents. DSS02.04
Resolve and recover from incidents. DSS02.05
Close service requests and incidents. DSS02.06
Track status and produce reports. DSS02.07
Identify and classify problems. DSS03.01
Investigate and diagnose problems. DSS03.02
Raise known errors. DSS03.03
Resolve and close problems. DSS03.04
Perform proactive problem management. DSS03.05
Define the business continuity policy, objectives and scope. DSS04.01
DSS

Maintain business resilience. DSS04.02

Develop and implement a business continuity response. DSS04.03
Exercise, test and review the business continuity plan (BCP) and disaster response plan (DRP). DSS04.04
Review, maintain and improve the continuity plans. DSS04.05
Conduct continuity plan training. DSS04.06
Manage backup arrangements. DSS04.07
Conduct post-resumption review. DSS04.08
Protect against malicious software. DSS05.01
Manage network and connectivity security. DSS05.02
Manage endpoint security. DSS05.03
Manage user identity and logical access. DSS05.04
Manage physical access to I&T assets. DSS05.05
Manage sensitive documents and output devices. DSS05.06
Manage vulnerabilities and monitor the infrastructure for security-related events. DSS05.07
Align control activities embedded in business processes with enterprise objectives. DSS06.01
Control the processing of information. DSS06.02
Manage roles, responsibilities, access privileges and levels of authority. DSS06.03
Manage errors and exceptions. DSS06.04
Ensure traceability and accountability for information events. DSS06.05
Secure information assets. DSS06.06
Establish a monitoring approach. MEA01.01
Set performance and conformance targets. MEA01.02
Collect and process performance and conformance data. MEA01.03
Analyze and report performance. MEA01.04
Ensure the implementation of corrective actions. MEA01.05
Monitor internal controls. MEA02.01
Review effectiveness of business process controls. MEA02.02
Perform control self-assessments. MEA02.03
Identify and report control deficiencies. MEA02.04
Identify external compliance requirements. MEA03.01
MEA

Optimize response to external requirements. MEA03.02

Confirm external compliance. MEA03.03
Obtain assurance of external compliance. MEA03.04
Ensure that assurance providers are independent and qualified. MEA04.01
Develop risk-based planning of assurance initiatives. MEA04.02
Determine the objectives of the assurance initiative. MEA04.03
Define the scope of the assurance initiative. MEA04.04
Define the work program for the assurance initiative. MEA04.05
Execute the assurance initiative, focusing on design effectiveness. MEA04.06
Execute the assurance initiative, focusing on operating effectiveness. MEA04.07
Report and follow up on the assurance initiative. MEA04.08
Follow up on recommendations and actions. MEA04.09