Itil-Cobit Mapping Eng

Glenfis AG ITIL zu COBIT Prozess Mapping Seite 1 von 17 COBIT’s Golden Rule In order to provide the information that the organisation needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes. (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Seite 2 von 17 (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Seite 3 von 17 PO AI DS MO Key Performance Indicators Guidance for measurement can be obtained from the Balanced Business Scorecard concepts, where goals and measures from the financial, customer, process and innovation perspective are set and monitored Critical Success Factors The control of •Management oriented IT control implementation guidance •Most important things that contribute to the IT process achieving its goal •Strategically (c) Glenfis AG www.glenfis.ch IT Processes which satisfy Business Requirements Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Requirements is enabled by Seite 4 von 17 •Strategically •Technically •Organisationally •Process or Procedure •Control Statement and Considerations of the ‘Waterfall’ •Visible and measurable signs of success •Short, focussed and action oriented •Leveraging the resources of primary importance in this process Control Statements and considers Control Practices Generic Process Guideline Control over an IT process and its activities with specific business goals is determined by the delivery of information to the business that addresses the required information criteria and is measured by KGIs is enabled by creating and maintaining a system of process and control excellence appropriate for the business considers CSFs that leverage specific IT resources and is measured by KPIs The Framework’s Principles To link Management’s IT Expectations with Management’s IT Responsibilities (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Seite 5 von 17 (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping ITIL Process Process DS DS DS DS DS DS DS PO PO PO DS DS DS DS 1 1 1 1 1 1 1 5 5 5 6 6 6 6 Seite 6 von 17 Control Objective DS 1.0 DS 1.1 DS 1.2 DS 1.2 DS 1.5 DS 1.2 DS 1.4 PO PO PO DS DS DS DS 5.0 5.1 5.1 6.2 6.1 6.0 6.3 COBIT Process Define and Manage Service Levels Service Level Agreement Framework Aspects of Service Level Agreements Aspects of Service Level Agreements Review of Service Level Agreements and Contracts Aspects of Service Level Agreements Monitoring and Reporting Manage the IT Investment Annual IT Operating Budget Annual IT Operating Budget Costing Procedures Chargeable Items Identify and Allocate Costs User Billing and Chargeback Procedures SERVICE LEVEL MANAGEMENT The SLM Process Planning the Process Implementing the Process The On-going Process SLA contents and key targets Key Performance Indicators and metrics for SLM efficiency and effectiveness FINANCIAL MANAGEMENT FOR IT SERVICES Budgeting Developing the IT Accounting system Developing the Charging System Planning for IT Accounting and Charging Implementation Ongoing management and operation CAPACITY MANAGEMENT The Capacity Management process Activities in Capacity Management Costs, benefits and possible problems Planning and implementation Review of the Capacity Management process Interfaces with other SM processes DS 2 DS 3 DS 3 DS 3 DS 3 DS 3 n.a. DS 2.0 DS 3.0 DS 3.7 DS 3.7 DS 3.0 DS 3.3 n.a. Manage Third-Party Services Manage Performance and Capacity Capacity Management of Resources Capacity Management of Resources Manage Performance and Capacity Monitoring and Reporting n.a. IT Service Continuity Management Scope of ITSCM The Business Continuity Lifecycle Management Structure Generating awareness Interfaces with other SM processes DS 4 DS 4 DS 4 DS 4 DS 4 n.a. DS 4.0 DS 4.1 DS 4.1 DS 4.1 DS 4.1 n.a. Ensure Continuous Service IT Continuity Framework IT Continuity Framework IT Continuity Framework IT Continuity Framework n.a. AVAILABILITY MANAGEMENT Basic concepts The Availability Management Process The Cost of (Un)Availability Availability Planning Availability improvement Availability measurement and reporting Availability Management tools Availability Management methods and techniques THE SERVICE DESK Overview Implementing a Service Desk infrastructure Service Desk technologies Service Desk responsibilities, functions, staffing levels etc Service Desk staffing skill set Setting up a Service Desk environment DS DS DS PO DS DS DS DS DS 4 4 4 9 3 4 3 3 3 DS DS DS PO DS DS DS DS DS 4.0 4.2 4.0 9.4 3.2 4.4 3.3 3.4 3.0 Ensure Continuous Service IT Continuity Plan Strategy and Philosophy Ensure Continuous Service Assess Risks Availability Plan Minimising IT Continuity Requirements Monitoring and Reporting Modeling Tools Manage Performance and Capacity Assist and Advise Customers Help Desk Help Desk n.a. Roles and Responsibilities Personnel Training External Requirements Review DS 8 DS 8 DS 8 n.a. PO 4 PO 7 PO 8 DS 8.0 DS 8.1 DS 8.1 n.a. PO 4.4 PO 7.4 PO 8.1 (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping PO 7 DS 8 DS 5 PO 7.4 DS 8.0 DS 5.10 Personnel Training Assist and Advise Customers Violation and Security Activity Reports Seite 7 von 17 Service Desk education and training Service Desk processes and procedures Incident reporting and review INCIDENT MANAGEMENT Goal of Incident Management Scope of Incident Management Basic concepts Benefits of Incident Management Planning and implementation Incident Management activities Handling of major Incidents Roles of the Incident Management process Key Performance Indicators Tools DS DS DS DS DS DS DS DS DS DS DS 10 10 10 10 10 10 10 10 10 10 10 DS DS DS DS DS DS DS DS DS DS DS 10.0 10.0 10.1 10.1 10.1 10.1 10.3 10.2 10.0 10.3 10.1 Manage Problems and Incidents Manage Problems and Incidents Problem Management System Problem Management System Problem Management System Problem Management System Problem Tracking and Audit Trail Problem Escalation Manage Problems and Incidents Problem Tracking and Audit Trail Problem Management System PROBLEM MANAGEMENT Goal of Problem Management Scope of Problem Management Basic concepts Benefits of Problem Management Planning and implementation Problem control activities Error control activities Proactive Problem Management Providing information to the support organisation Metrics Roles within Problem Management DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 DS 8 DS 8 DS 10 DS 10 DS 10.0 DS 10.0 DS 10.1 DS 10.1 DS 10.1 DS 10.1 DS 10.3 DS 10.3 DS 8.5 DS 8.5 DS 10.0 DS 10.0 Manage Problems and Incidents Manage Problems and Incidents Problem Management System Problem Management System Problem Management System Problem Management System Problem Tracking and Audit Trail Problem Tracking and Audit Trail Trend Analysis and Reporting Trend Analysis and Reporting Manage Problems and Incidents Manage Problems and Incidents CONFIGURATION MANAGEMENT Goal of Configuration Management Scope of Configuration Management Basic concepts Benefits and possible problems Planning and implementation Activities Process control Relations to other processes Tools specific to the Configuration Management process Impact of new technology Guidance on Configuration Management DS 9 DS 9 DS 9 DS 9 DS 9 DS 9 DS 9 DS 9 n.a. n.a. n.a. n.a. DS 9.0 DS 9.0 DS 9.0 DS 9.1 DS 9.1 DS 9.1 DS 9.0 DS 9.0 n.a. n.a. n.a. n.a. Manage the Configuration Manage the Configuration Manage the Configuration Configuration Recording Configuration Recording Configuration Recording Manage the Configuration Manage the Configuration n.a. n.a. n.a. n.a. CHANGE MANAGEMENT Goal of Change Management Scope of Change Management Basic concepts Benefits, costs and possible problems Activities Planning and implementation Metrics and management reporting AI AI AI AI AI AI AI AI 6 6 6 6 6 6 6 6 AI AI AI AI AI AI AI AI 6.0 6.0 6.0 6.1 6.2 6.0 6.0 6.2 Manage Changes Manage Changes Manage Changes Change Request Initiation and Control Impact Assessment Manage Changes Manage Changes Impact Assessment (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping AI 6 n.a. AI 6.3 n.a. Control of Changes n.a. Seite 8 von 17 Software tools Impact of new technology RELEASE MANAGEMENT Goal of Release Management Scope of Release Management Basic concepts Benefits and possible problems Planning and implementation Process control Relations to other processes Tools specific to the Release Management process Guidance for successful Release Management AI 6 AI 6 AI 6 AI 6 AI 6 AI 6 AI 6 n.a. n.a. AI 6 AI 6.0 AI 6.7 AI 6.7 AI 6.7 AI 6.7 AI 6.7 AI 6.7 n.a. n.a. AI 6.7 Manage Changes Software Release Software Release Software Release Software Release Software Release Software Release n.a. n.a. Software Release Policy Policy Policy Policy Policy Policy Policy (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Planning & Organisation ITIL Process Design and Planning: Strategic Management Design and implementing a Plan Setting goals and objectives Developing a strategy Design and implementing a Plan Design and implementing a Plan Deployment: Communication Plan Review and evaluating progress of the plan Review the current position (SWOT) Design and Planning: the ICT Architecture Technology Architecture Technology Architecture n.a. n.a. Design and Planning: the ICT Architecture Technology Architecture Management Architecture (Selecting) Technology Architecture & Environmental design Design and implementing a Plan The design and development of ICT standards and policies Seite 9 von 16 PO PO1 PO 1.1 PO 1.2 PO 1.3 PO 1.4 PO 1.5 PO 1.6 PO 1.7 PO 1.8 PO2 PO 2.1 PO 2.2 PO 2.3 PO 2.4 PO3 PO 3.1 PO 3.2 PO 3.3 PO 3.4 PO 3.5 PO4 PO 4.1 PO 4.2 PO 4.3 PO 4.4 PO 4.5 PO 4.6 PO 4.7 PO 4.8 PO 4.9 PO 4.10 PO 4.11 PO 4.12 PO 4.13 PO 4.14 PO 4.15 PO5 PO 5.1 PO 5.2 PO 5.3 PO6 PO 6.1 PO 6.10 PO 6.11 PO 6.2 PO 6.3 PO 6.4 PO 6.5 PO 6.6 PO 6.7 PO 6.8 PO 6.9 PO7 PO 7.1 PO 7.2 PO 7.3 PO 7.4 PO 7.5 ITIL Book ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management Define a Strategic IT Plan IT as Part of the Organisation's Long- and Short-Range Plan IT Long-Range Plan IT Long-Range Planning-Approach and Structure IT Long-Range Plan Changes Short-Range Planning for the IT Function Communication of IT Plans Monitoring and Evaluating of IT Plans Assessment of Existing Systems Define the Information Architecture Information Architecture Model Corporate Data Dictionary and Data Syntax Rules Data Classification Scheme Security Levels Determine Technological Direction Technological Infrastructure Planning Monitor Future Trends and Regulations Technological Infrastructure Contingency Hardware and Software Acquisition Plans Technology Standards Define the IT Organisation and Relationships IT Planning or Steering Committee Organisational Placement of the IT Function Review of Organisational Achievements Roles and Responsibilities Responsibility for Quality Assurance Responsibility for Logical and Physical Security Ownership and Custodianship Data and System Ownership Supervision Segregation of Duties IT Staffing Job or Position Descriptions for IT Staff Key IT Personnel Contracted Staff Policies and Procedures Relationships Manage the IT Investment Annual IT Operating Budget Cost and Benefit Monitoring Cost and Benefit Justification Communicate Management Aims and Direction Positive Information Control Environment Management's Responsibility for Policies Communication of Organisation Policies Policy Implementation Resources Maintenance of Policies Compliance with Policies, Procedures and Standards Quality Commitment Security and Internal Control Framework Policy Intellectual Property Rights Issue-Specific Policies Communication of IT Security Awareness Manage Human Resources Personnel Recruitment and Promotion Personnel Qualifications Roles and Responsibilities Personnel Training Cross-Training or Staff Back-up ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Service Delivery & Service Support & ICT IM ITIL Service Delivery & Service Support & ICT IM ITIL Service Delivery & Service Support & ICT IM ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL Service Delivery & Service Support & ICT IM ITIL Security Management ITIL Service Delivery & Service Support & ICT IM ITIL Service Delivery & Service Support & ICT IM ITIL Service Delivery & Service Support & ICT IM ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Security Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management n.a. ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Service Delivery & Service Support & ICT IM ITIL Service Delivery & Service Support & ICT IM ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management generic generic generic Roles, responsibilities and interfaces Roles, responsibilities and interfaces Roles, responsibilities and interfaces Infrastructure Design (Ownership issues) Infrastructure Design (Ownership issues) Roles, responsibilities and interfaces generic ICT Operational Roles ICT Operational Roles ICT Operational Roles Suppliers and Procurement Suppliers and Procurement ITIL Financial Mgmt for IT Services ITIL Financial Management ITIL Financial Management ITIL Service Management generic Communication the vision generic generic Roles for implementation (Authority Matrix) generic generic generic generic generic generic n.a. n.a. Roles, responsibilities and interfaces; Training Roles, responsibilities and interfaces Training Training (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Planning & Organisation ITIL Process generic Where are we now: People n.a. Seite 10 von 16 PO PO 7.6 PO 7.7 PO 7.8 PO8 PO 8.1 PO 8.2 PO 8.3 PO 8.4 PO 8.5 PO 8.6 PO9 PO 9.1 PO 9.2 PO 9.3 PO 9.4 PO 9.5 PO 9.6 PO 9.7 PO 9.8 PO10 PO 10.1 PO 10.10 PO 10.11 PO 10.12 PO 10.13 PO 10.2 PO 10.3 PO 10.4 PO 10.5 PO 10.6 PO 10.7 PO 10.8 PO 10.9 PO11 PO 11.1 PO 11.2 PO 11.3 PO 11.4 PO 11.5 PO 11.6 PO 11.7 PO 11.8 PO 11.9 PO 11.10 PO 11.11 PO 11.12 PO 11.13 PO 11.14 PO 11.15 PO 11.16 PO 11.17 PO 11.18 PO 11.19 ITIL Book ITIL Security Management ITIL ICT Infrastructure Management n.a. n.a. n.a. n.a. n.a. ITIL Security Management n.a. n.a. ITIL The Business Perspective ITIL The Business Perspective ITIL The Business Perspective ITIL The Business Perspective ITIL The Business Perspective ITIL The Business Perspective ITIL The Business Perspective ITIL The Business Perspective ITIL The Business Perspective n.a. n.a. ITIL Application ITIL Application ITIL Application ITIL Application ITIL Application ITIL Application n.a. n.a. n.a. n.a. ITIL Application ITIL Application Personnel Clearance Procedures Employee Job Performance Evaluation Job Change and Termination Ensure Compliance with External Requirements External Requirements Review Practices and Procedures for Complying with External Requirements Safety and Ergonomic Compliance Privacy, Intellectual Property and Data Flow Electronic Commerce Compliance with Insurance Contracts Assess Risks Business Risk Assessment Risk Assessment Approach Risk Identification Risk Measurement Risk Action Plan Risk Acceptance Safeguard Selection Risk Assessment Commitment Manage Projects Project Management Framework User Department Participation in Project Initiation Project Team Membership and Responsibilities Project Definition Project Approval Project Phase Approval Project Master Plan System Quality Assurance Plan Planning of Assurance Methods Formal Project Risk Management Test Plan Training Plan Post-Implementation Review Plan Manage Quality General Quality Plan Quality Assurance Approach Quality Assurance Planning Quality Assurance Review of Adherence to IT Standards and Procedures System Development Life Cycle Methodology System Development Life Cycle Methodology for Major Changes to Existing Technology Updating of the System Development Life Cycle Methodology Coordination and Communication Acquisition and Maintenance Framework for the Technology Infrastructure Third-Party Implementor Relationships Programme Documentation Standards Programme Testing Standards System Testing Standards Parallel/Pilot Testing System Testing Documentation Quality Assurance Evaluation of Adherence to Development Standards Quality Assurance Review of the Achievement of IT Objectives Quality Metrics Reports of Quality Assurance Reviews n.a. n.a. n.a. generic n.a. n.a. ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL Business Business Business Business Business Business Business Business Continuity Continuity Continuity Continuity Continuity Continuity Continuity Continuity Management Management Management Management Management Management Management Management n.a. Readiness Assessment (Provide a baseline for Risk Mgmt) Design, Build, Deploy: Testing Deploy: training strategies Optimize: Application review Process Managing the business Value Organising roles and functions n.a. n.a. n.a. n.a. The Application Management lifecycle Control methods and techniques Management Management Management Management Management Management Management Management Quality Management Quality Management Formal quality initiatives Formal quality initiatives ITIL Application Management The Application Management lifecycle Control methods and techniques Communication plan n.a. n.a. Control methods and techniques Control methods and techniques Control methods and techniques Deploy: Pilot Deployment Control methods and techniques Control methods and techniques Critical success factors and Key performance indicators Critical success factors and Key performance indicators Ongoing monitoring and process reviews ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL Planning to implement Service Management n.a. n.a. ITIL Application Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management ITIL Planning to implement Service Management (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Acquisition & Implementation ITIL Process Managing the business value Defining the delivery strategy Defining the delivery strategy n.a. n.a. n.a. n.a. Readiness Assessment n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. Seite 11 von 17 AI AI1 AI 1.1 AI 1.2 AI 1.3 AI 1.4 AI 1.5 AI 1.6 AI 1.7 AI 1.8 AI 1.9 AI 1.10 AI 1.11 AI 1.12 AI 1.13 AI 1.14 AI 1.15 AI 1.16 AI 1.17 AI 1.18 AI2 AI 2.1 AI 2.2 AI 2.3 AI 2.4 AI 2.5 AI 2.6 AI 2.7 AI 2.8 AI 2.9 AI 2.10 AI 2.11 AI 2.12 AI 2.13 AI 2.14 AI 2.15 AI 2.16 AI 2.17 AI3 AI 3.1 AI 3.2 AI 3.3 AI 3.4 AI 3.5 AI 3.6 AI 3.7 AI4 AI 4.1 AI 4.2 AI 4.3 AI 4.4 AI5 AI 5.1 AI 5.2 AI 5.3 AI 5.4 AI 5.5 AI 5.6 AI 5.7 ITIL Book ITIL Application Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL Application Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL Application Management n.a. n.a. ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management n.a. ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL Application Management ITIL Application Management ITIL Service Support ITIL Service Support ITIL Service Support n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. ITIL Service Support ITIL Application Management ITIL Application Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management & ITIL Service Delivery IITIL Security Management ITIL ICT Infrastructure Management ITIL Availability Management ITIL Service Support ITIL ICT Infrastructure Management ITIL Application Management ITIL Service Delivery ITIL Application Management ITIL Application Management ITIL Application Management ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support Identify Automated Solutions Definition of Information Requirements Formulation of Alternative Courses of Action Formulation of Acquisition Strategy Third-Party Service Requirements Technological Feasibility Study Economic Feasibility Study Information Architecture Risk Analysis Report Cost-Effective Security Controls Audit Trails Design Ergonomics Selection of System Software Procurement Control Software Product Acquisition Third-Party Software Maintenance Contract Application Programming Acceptance of Facilities Acceptance of Technology Acquire and Maintain Application Software Design Methods Major Changes to Existing Systems Design Approval File Requirements Definition and Documentation Programme Specifications Source Data Collection Design Input Requirements Definition and Documentation Definition of Interfaces User-Machine Interface Processing Requirements Definition and Documentation Output Requirements Definition and Documentation Controllability Availability as a Key Design Factor IT Integrity Provisions in Application Programme Software Application Software Testing User Reference and Support Materials Reassessment of System Design Acquire and Maintain Technology Infrastructure Assessment of New Hardware and Software Preventative Maintenance for Hardware System Software Security System Software Installation System Software Maintenance System Software Change Controls Use and Monitoring of System Utilities Develop and Maintain Procedures Operational Requirements and Service Levels User Procedures Manual Operations Manual Training Materials Install and Accredit Systems Training Application Software Performance Sizing Implementation Plan System Conversion Data Conversion Testing Strategies and Plans Testing of Changes Control Methods and techniques ITIL Change Management ITIL Change Management ITIL Change Management n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. ITIL Change Management Application review process Operational control and mgmt of the services, components and their config. Proactive operational Mgmt & Availability Mgmt generic Operational control and mgmt of the services, components and their config. Operational control and mgmt of the services, components and their config. ITIL Change Management n.a. Service Level Management, SLA, OLA, UC Deploy; Distributing applications Deploy; Distributing applications Deploy; Training strategy ITIL ITIL ITIL ITIL ITIL ITIL ITIL Release Management Change Management Release Management Release Management Release Management Change Management Change Management (Rollout plan) (Rollout plan) (Rollout plan) (Rollout plan) (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Acquisition & Implementation ITIL Process ITIL ITIL ITIL ITIL ITIL ITIL ITIL Release Management Release Management Release Management Change Management Release Management Change Management Release Management ITIL ITIL ITIL ITIL ITIL ITIL ITIL Service Service Service Service Service Service Service Support Support Support Support Support Support Support Seite 12 von 17 AI AI AI AI AI AI AI AI 5.8 5.9 5.10 5.11 5.12 5.13 5.14 ITIL Book Parallel/Pilot Testing Criteria and Performance Final Acceptance Test Security Testing and Accreditation Operational Test Promotion to Production Evaluation of Meeting User Requirements Management's Post-Implementation Review Manage Changes Change Request Initiation and Control Impact Assessment Control of Changes Emergency Changes Documentation and Procedures Authorised Maintenance Software Release Policy Distribution of Software AI6 AI 6.1 AI 6.2 AI 6.3 AI 6.4 AI 6.5 AI 6.6 AI 6.7 AI 6.8 ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL Change Management Change Management Change Management Change Management Change Management Change Management Release Management Release Management ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Delivery & Support ITIL Processe ITIL Service Level Management ITIL Service Level Management ITIL Service Level Management ITIL Service Level Management ITIL Service Level Management ITIL Service Level Management ITIL Service Level Management ITIL Service Level Management ITIL Capacity & ITSCM & Security Mgmt ITIL Capacity Management ITIL Capacity Management ITIL Service Level Management (Underpinning Contracts) ITIL Capacity Management ITIL Service Level Management ITIL Service Continuity Management generic ITIL Service Level Management ITIL Availability & Capacity Mgmt ITIL Availability Management ITIL Availability Management ITIL Availability Management ITIL Availability Management ITIL Capacity Management ITIL Capacity Management ITIL Capacity Management ITIL Capacity Management ITIL Capacity Management ITIL ITSCM ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity ITIL Service Continuity Seite 13 von 17 DS DS1 DS 1.1 DS 1.2 DS 1.3 DS 1.4 DS 1.5 DS 1.6 DS 1.7 DS2 DS 2.1 DS 2.2 DS 2.3 DS 2.4 DS 2.5 DS 2.6 DS 2.7 DS 2.8 DS3 DS 3.1 DS 3.2 DS 3.3 DS 3.4 DS 3.5 DS 3.6 DS 3.7 DS 3.8 DS 3.9 DS4 DS 4.1 DS 4.2 DS 4.3 DS 4.4 DS 4.5 DS 4.6 DS 4.7 DS 4.8 DS 4.9 DS 4.10 DS 4.11 DS 4.12 DS 4.13 DS5 DS 5.1 DS 5.2 DS 5.3 DS 5.4 DS 5.5 DS 5.6 DS 5.7 DS 5.8 DS 5.9 DS 5.10 DS 5.11 DS 5.12 DS 5.13 DS 5.14 ITIL Book ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Security Management ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL ICT Infrastructure Management ITIL Security Management ITIL Security Management ITIL Security Management ITIL Security Management ITIL Security Management ITIL Security Management ITIL ICT Infrastructure Management ITIL Security Management ITIL Security Management ITIL Security Management ITIL ICT Infrastructure Management ITIL Security Management ITIL Security Management ITIL Security Management Define and Manage Service Levels Service Level Agreement Framework Aspects of Service Level Agreements Performance Procedures Monitoring and Reporting Review of Service Level Agreements and Contracts Chargeable Items Service Improvement Programme Manage Third-Party Services Supplier Interfaces Owner Relationships Third-Party Contracts Third-Party Qualifications Outsourcing Contracts Continuity of Services Security Relationships Monitoring Manage Performance and Capacity Availability and Performance Requirements Availability Plan Monitoring and Reporting Modeling Tools Proactive Performance Management Workload Forecasting Capacity Management of Resources Resources Availability Resources Schedule Ensure Continuous Service IT Continuity Framework IT Continuity Plan Strategy and Philosophy IT Continuity Plan Contents Minimising IT Continuity Requirements Maintaining the IT Continuity Plan Testing the IT Continuity Plan IT Continuity Plan Training IT Continuity Plan Distribution User Department Alternative Processing Back-up Procedures Critical IT Resources Back-up Site and Hardware Off-site Back-up Storage Wrap-up Procedures Ensure Systems Security Manage Security Measures Identification, Authentication and Access Security of Online Access to Data User Account Management Management Review of User Accounts User Control of User Accounts Security Surveillance Data Classification Central Identification and Access Rights Management Violation and Security Activity Reports Incident Handling Reaccreditation Counterparty Trust Transaction Authorisation Management Management Management Management Management Management Management Management Management Management Management Management Management ITIL ICT Infrastructure Management generic generic generic generic generic generic Management and control of all aspects of ICT operational security generic generic generic Management and control of all aspects of ICT operational security generic generic generic (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Delivery & Support ITIL Processe generic generic generic Management Management Management Management ITIL ITIL ITIL ITIL ITIL ITIL ITIL Seite 14 von 17 DS DS DS DS DS DS DS DS 5.15 5.16 5.17 5.18 5.19 5.20 5.21 ITIL Book Security Management Security Management Security Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management Non-Repudiation Trusted Path Protection of Security Functions Cryptographic Key Management Malicious Software Prevention, Detection and Correction Firewall Architectures and Connections with Public Networks Protection of Electronic Value Identify and Allocate Costs Chargeable Items Costing Procedures User Billing and Chargeback Procedures Educate and Train Users Identification of Training Needs Training Organisation Security Principles and Awareness Training Assist and Advise Customers Help Desk Registration of Customer Queries Customer Query Escalation Monitoring of Clearance Trend Analysis and Reporting Manage the Configuration Configuration Recording Configuration Baseline Status Accounting Configuration Control Unauthorised Software Software Storage Configuration Management Procedures Software Accountability Manage Problems and Incidents Problem Management System Problem Escalation Problem Tracking and Audit Trail Emergency and Temporary Access Authorisations Emergency Processing Priorities Manage Data Data Preparation Procedures Source Document Authorisation Procedures Source Document Data Collection Source Document Error Handling Source Document Retention Data Input Authorisation Procedures Accuracy, Completeness and Authorisation Checks Data Input Error Handling Data Processing Integrity Data Processing Validation and Editing Data Processing Error Handling Output Handling and Retention Output Distribution Output Balancing and Reconciliation Output Review and Error Handling Security Provision for Output Reports Protection of Sensitive Information During Transmission and Transport and and and and control control control control of of of of all all all all aspects aspects aspects aspects of of of of ICT ICT ICT ICT operational operational operational operational security security security security DS6 DS 6.1 DS 6.2 DS 6.3 DS7 DS 7.1 DS 7.2 DS 7.3 DS8 DS 8.1 DS 8.2 DS 8.3 DS 8.4 DS 8.5 DS9 DS 9.1 DS 9.2 DS 9.3 DS 9.4 DS 9.5 DS 9.6 DS 9.7 DS 9.8 DS10 DS 10.1 DS 10.2 DS 10.3 DS 10.4 DS 10.5 DS11 DS 11.1 DS 11.2 DS 11.3 DS 11.4 DS 11.5 DS 11.6 DS 11.7 DS 11.8 DS 11.9 DS 11.10 DS 11.11 DS 11.12 DS 11.13 DS 11.14 DS 11.15 DS 11.16 DS 11.17 ITIL Financial Mgmt for IT Services ITIL Financial Management ITIL Financial Management ITIL Financial Management ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL Service Delivery ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL Service Support ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL Security Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management Deployment; Training Deployment; Training Deployment; Training ITIL Service Desk & Incident Mgmt ITIL Service Desk ITIL Incident Management ITIL Incident Management ITIL Incident Management ITIL Problem Management ITIL Configuration Management ITIL Configuration Management ITIL Configuration Management ITIL Configuration Management ITIL Configuration Management ITIL Configuration Management ITIL Configuration Management (DSL) ITIL Configuration Management ITIL Configuration Management ITIL Incident, Problem & Change Mgmt ITIL Incident Management (Begriffsabgrenzung unklar Problem, Incident) ITIL Incident Management ITIL Problem Management ITIL Change Management ITIL Change Management Management Management Management Management Management Management Management Management Management Management Management Management Management Management Management Management Management of the supporting operational process of the supporting operational process of the supporting operational process of the supporting operational process of the supporting operational process of the supporting operational process and control of all aspects of ICT operational and control of all aspects of ICT operational and control of all aspects of ICT operational and control of all aspects of ICT operational of the supporting operational process of the supporting operational process of the supporting operational process of the supporting operational process of the supporting operational process and control of all aspects of ICT operational and control of all aspects of ICT operational security security security security security security (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG ITIL zu COBIT Prozess Mapping Delivery & Support ITIL Processe Management and control of all aspects of ICT operational security Storage Management, Backup & Recovery Storage Management, Backup & Recovery Storage Management, Backup & Recovery Storage Management, Backup & Recovery Storage Management, Backup & Recovery Storage Management, Backup & Recovery Storage Management, Backup & Recovery Storage Management, Backup & Recovery generic generic generic generic generic: Vertraulichkeit, Integrität, Verfügbarkeit n.a. n.a. n.a. n.a. n.a. n.a. ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL ITIL Seite 15 von 17 DS DS DS DS DS DS DS DS DS DS DS DS DS DS 11.18 11.19 11.20 11.21 11.22 11.23 11.24 11.25 11.26 11.27 11.28 11.29 11.30 ITIL Book ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management ICT Infrastructure Management Security Management Security Management Security Management Security Management Protection of Disposed Sensitive Information Storage Management Retention Periods and Storage Terms Media Library Management System Media Library Management Responsibilities Back-up and Restoration Back-up Jobs Back-up Storage Archiving Protection of Sensitive Messages Authentication and Integrity Electronic Transaction Integrity Continued Integrity of Stored Data Manage Facilities Physical Security Low Profile of the IT Site Visitor Escort Personnel Health and Safety Protection Against Environmental Factors Uninterruptible Power Supply Manage Operations Processing Operations Procedures and Instructions Manual Start-up Process and Other Operations Documentation Job Scheduling Departures from Standard Job Schedules Processing Continuity Operations Logs Safeguard Special Forms and Output Devices Remote Operations DS12 DS 12.1 DS 12.2 DS 12.3 DS 12.4 DS 12.5 DS 12.6 DS13 DS 13.1 DS 13.2 DS 13.3 DS 13.4 DS 13.5 DS 13.6 DS 13.7 DS 13.8 ITIL Security Management Workload, Workload, Workload, Workload, Workload, Workload, Workload, Workload, output, output, output, output, output, output, output, output, resilience resilience resilience resilience resilience resilience resilience resilience testing testing testing testing testing testing testing testing management management management management management management management management and and and and and and and and scheduling scheduling scheduling scheduling scheduling scheduling scheduling scheduling ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management ITIL ICT Infrastructure Management (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008 Glenfis AG M M1 M 1.1 M 1.2 M 1.3 M 1.4 M2 M 2.1 M 2.2 M 2.3 M 2.4 Monitor the Processes Collecting Monitoring Data Assessing Performance Assessing Customer Satisfaction Management Reporting Assess Internal Control Adequacy Internal Control Monitoring Timely Operation of Internal Controls Internal Control Level Reporting Operational Security and Internal Control Assurance ITIL zu COBIT Prozess Mapping Monitoring ITIL ITIL ITIL ITIL Seite 16 von 17 ITIL Process Service Service Service Service Level Level Level Level Management Management Management Management ITIL ITIL ITIL ITIL ITIL n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. ITIL Book Service Service Service Service Service Delivery Delivery Delivery Delivery Delivery n.a. n.a. n.a. n.a. M3 Obtain Independent Assurance M 3.1 Independent Security and Internal Control Certification/Accreditation of IT Services Independent Security and Internal Control Certification/Accreditation of Third-Party Service M 3.2 Providers M 3.3 Independent Effectiveness Evaluation of IT Services M 3.4 Independent Effectiveness Evaluation of Third-Party Service Providers Independent Assurance of Compliance with Laws and Regulatory Requirements and M 3.5 Contractual Commitments Independent Assurance of Compliance with Laws and Regulatory Requirements and M 3.6 Contractual Commitments by Third-Party Service Providers M 3.7 Competence of Independent Assurance Function M 3.8 Proactive Audit Involvement M4 M 4.1 M 4.2 M 4.3 M 4.4 M 4.5 M 4.6 M 4.7 M 4.8 Provide for Independent Audit Audit Charter Independence Professional Ethics and Standards Competence Planning Performance of Audit Work Reporting Follow-up Activities n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. n.a. (c) Glenfis AG www.glenfis.ch Datum: 4/24/2008