ISO, ITIL, And COBIT: What You Need To Know, from CIO.com (www.cio.com)
"The three different best practices frameworks cover different domains:-
ISO 17799. This international standard — of which International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) released a revised version in June 2005 — aims to improve the practices and organizations around information security. It defines a global approach to security management that touches the responsibilities and organizations responsible for security as well as the policies, critical asset classification, and risk management. It is best used when security certification and overall definition of all security processes — logical and physical — is needed and basic rules for security defined.
ITIL. Originally created by the UK government, ITIL summarizes best practices for the implementation of IT management processes. ITIL defines the processes to be implemented to deliver and support IT services (most of the time, IT services today equal applications) focusing on the business (IT’s customer). The ITIL philosophy revolves around the service desk as a communication platform and the configuration management database (CMDB).
COBIT. COBIT compiles an up-to-date international set of generally accepted control objectives for day-to-day use by business managers and IT managers. It addresses IT governance and the key performance indicators associated with process improvement. At first glance, COBIT seems to overlap considerably with ITIL, but COBIT has clearly been influenced by problems raised by the insurance industry. Mergers and acquisitions, unification of processes, outsourcing and audits are main chapters of the COBIT framework.
Here are the strengths and weaknesses of each:-
ISO 17999 provides security controls. It does not provide implementation guidance and does not specifically address how these processes fit into the overall IT management processes.
ITIL is strong on delivery and support processes. It describes how to structure operational processes but is weak on security controls and processes.
COBIT is focused on controls and metrics. It also lacks a security component but provides a more global view of IT processes at the IT organization management principles than ITIL.
ISO, ITIL, And COBIT: Complementary Or Overlapping?
Looking at these three frameworks, we reach the conclusion that they do in fact complement each other: you can supplement the IT operational process strengths of ITIL with the critical success factors (CSF) and key performance indicators (KPI) of COBIT, and both can make good use of the security processes and controls defined in ISO.
Examples of complementary elements between ITIL Service Support, COBIT, and ISO are:-
Incident management. Defined as an ITIL service support process, it has an ISO complement in case of security incidents as well as a COBIT delivery and support chapter.
Problem management. The COBIT delivery and support chapter defines incident and problem management processes that complement the ITIL problem management process.
Change, configuration, and release management. These ITIL processes have a direct complement in COBIT’s change management and configuration changes as well as in ISO’s operational change control, controls against viruses, and third-party security requirements.
COBIT and ISO also provide guidance, key indicators, and controls for the definition of service-level agreements, capacity planning, availability management, and business continuity, which complement ITIL service delivery processes."
Full Article Here
New! Visit the latest Blog from the creator of Dr. ITiL – covering ITIL Version 3 Refresh, Service Catalogs, CMDB, Foundation Exam Tips and ISO20000 Knowledge. There’s a variety of free PDF and Powerpoint downloads available to help you plan and implement ITIL.
Visit the IT Service Blog
Leveraging Cross-Silo Base Lines To Accelerate ITIL ROI
John Worthington, IT Service Management Consultant at www.MyServiceMonitor.com, has produced a special white paper and made it available to Dr. ITiL readers. We'll let John do the talking...
John explains,
"This paper was written after attending the recent itSMF USA Conference in Chicago, Illinois on September 19th, 2005. With a significant focus on the CMDB and the Service Support processes, I wanted to look at how Service Delivery can also help improve ITSM efforts and the customer’s bottom line.
Indeed, the essence of IT Service Management - a services-oriented approach to the management of IT - must Begin with the End in Mind; a thorough understanding of what’s important from the Business’ perspective.
Once this critical step is completed and management has ‘bought-in’ to the improvement program, the focus is (or should be) quickly directed to acceleration of the gains associated with implementing best practice.
For many, this has been focused heavily on Release & Control processes (i.e., Change / Configuration / Release Management). When the CEO and/or CFO is threatened with jail time, as in the case of Sarbanes-Oxley, risk reduction becomes the order of the day!
However, Release & Control processes take time to implement and neither the CEO nor the CFO intends to take the pressure off of IT to continue to reduce costs. In fact, the pressure to reduce risk could actually increase costs; further stressing already overtaxed IT organizations.
John Heller’s opening keynote, IT Service Management Improves the Value of IT to the Business included a statement on how supply chain challenges increase the importance of ITSM, and other session topics at the recent itSMF Conference including ITSM & Distributed Sourcing: It’s not a question of "If" but of "How" suggests that cross silo performance data will be increasingly important in ITSM implementations.
This paper will describe how one tool (there are others) is enabling companies to leverage real time performance data in IT Service Management deployments to provide performance base lines for critical business services that provide vital context for their associated configuration base line."
In addition, the paper is complemented by an excellent site, where we learn...
A driving force behind MyServiceMonitor is to find ways for clients to leverage emerging technologies and tools on a subscription basis as they implement IT Service Management best practices .
Currently, MyServiceMonitor provides customers with an easy, low risk, and rapid way to establish end-to-end, cross-silo service infrastructure performance base lines, leveraging a unique software technology from eG Innovations which provides the following benefits:
-Quickly provide an end-to-end infrastructure performance baseline for any critical IT service
-Accelerate your staff’s paradigm shift from silos to services
-Improve Time-to-Fix by up to 30% or more
-Rapidly migrate to Proactive Problem Management
By providing these capabilities via a consulting engagement, customers can immediately obtain value, minimize risk and help focus and accelerate deployment of IT Service Management best practice.
As an independent consultant, MyServiceMonitor provides flexible, affordable consulting and accredited ITIL® certification training. Call for a free consultation today!
For more information, contact:
John M. Worthington (201) 826 - 1374
jmw@MyServiceMonitor.com
Access the full white paper here
Learn more about MyServiceMonitor here
Subscribe to:
Posts (Atom)
Posts
