Close Panel

3

May

2009

An Introduction to ITIL and CobiT

By IPSECS Admin. Posted in Management | Comments Off

CobitIn the bowl of alphabet soup that feeds our industry lurk two acronyms that actually have little to do with technology, and everything to do with how we use it: ITIL (the IT Infrastructure Library) and CobiT (Control Objectives for Information and related Technology).

These two complementary sets of best practices deal, respectively, with service management and with governance in IT organizations. Between them, the ITIL and CobiT provide guidelines to help companies cut support costs, increase IT efficiency, and meet regulatory requirements.

The ITIL was developed by the British government in the 1980s as a best practice framework for IT service management. It is vendor-independent, and the Crown still holds copyright to ensure no organization can hijack the framework for its own purposes. It really is a library, too, originally consisting of over forty individual volumes, each one dedicated to a separate area of service management. ITIL Service Management is currently embodied in the ISO 20000 standard (previously BS 15000).

Those forty-odd books have since been distilled into a more manageable seven (and will soon be down to five, in ITIL version 3), consisting of volumes on:

* Service Support.
* Service Delivery.
* Planning to Implement Service Management.
* ICT Infrastructure Management.
* Applications Management.
* Security Management.
* The Business Perspective.

Each volume in subdivided into sections breaking down its topic further. For example, Service Support is divided into:

* Service Desk: How to establish and run a service desk as the central point of contact with the user.
* Incident Management: Restoring normal operations as quickly as possible.
* Problem Management: Diagnoses root causes of incidents reported by the service desk and arranges changes in the IT infrastructure to prevent their recurrence.
* Change Management: Processes and procedures to ensure prompt and efficient handling of changes.
* Release Management: Planning of changes so both IT and non-IT aspects are considered.
* Configuration Management: Identifies, controls, and maintains the configurations of items and services.

And Service Delivery is divided into:

* Availability Management: Maintaining the availability of services that allow the business to function effectively.
* Capacity Management: The process for predicting future needs.
* IT Service Continuity Management: Managing the ability to provide pre-defined levels of service after a disaster or other business interruption.
* Service Level Management: Agreeing upon, monitoring, and reporting IT achievements and establishing ways to eliminate poor service.
* Financial Management for IT Services: Budgeting, accounting, and charging for IT services.

Each book provides processes and vocabularies, so every ITIL-certified individual can describe situations in the same way, and understand precisely what?s going on. This is particularly valuable in situations where several IT organizations are being merged.

Yes, I did say certified. Independent examining bodies provide several levels of certification for ITIL practitioners, from the very basic Foundation Certificate to advanced management. And certification implies training, such as that provided by the improbably-named Pink Elephant, a global leader in all things ITIL, ITIL Training World, which offers online courses, and even IBM Global Services.

ITIL best practices have been rolled into many commercial products. Remedy help desk and CA Unicenter are compliant, for example, and Microsoft has adopted the framework as well, and in fact uses it in-house.

Where ITIL concentrates on service delivery, CobiT looks at governance. It is, according to its Web site, “an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations.” It was developed by the ISACA (Information Systems Audit and Control Association) and the IT Governance Institute (ITGI) in the 1990s, and is now in its fourth edition.

CobiT’s framework is built on four domains (Plan and Organise, Acquire and Implement, Deliver and Support, Monitor and Evaluate) with 34 high-level control objectives, which are in turn broken down into detailed control objectives. The primary IT governance focus areas in CobiT are as follows:

*Strategic alignment focuses on ensuring the linkage of business and IT plans, on defining, maintaining and validating the IT value proposition, and on aligning IT operations with enterprise operations.

*Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT.

*Resource management is about the optimal investment in, and the proper management of, critical IT resources: processes, people, applications, infrastructure and information. Key issues relate to the optimization of knowledge and infrastructure.

*Risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprise’s appetite for risk, transparency about the significant risks to the enterprise, and embedding of risk management responsibilities into the organization.

*Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using tools such as balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.

CobiT, like ITIL, comes with the possibility of certification, although it currently only has a foundation level of certification available. Training consists of two online, self-paced courses; there’s a newly-minted third course specifically dealing with Sarbanes-Oxley. Information on CobiT education can be found here.

Where do ITIL and CobiT fit into the business IT world? ITGI positions CobiT as a better alternative to ITIL and other frameworks in its 2004 paper, CobiT Mapping Overview of International IT Guidance, but IT service management guru Malcolm Fry thinks that each of the two brings an important component to the table. In a 2005 interview in IT Business Edge, Fry said, “The ITIL is basically running the day-to-day operations of IT. What CobiT does is it brings in check points, security points, so in other words, in a certain point in the procedure you can’t go past here unless you’ve got authority or proof or you meet some kind of criteria. So when you’re implementing ITIL to support the corporate TQM, then CobiT you will implement at the same time to put the control points in.”

Taken From : http://business.itbusinessnet.com/articles/viewarticle.jsp?id=51745-1

is
Email this author | All posts by | Subscribe to Entries (RSS)

 

» Comments are closed.