Integrating IT Frameworks,

Methodologies and Best

Practices Into IT Delivery
and Operation

Alan McSweeney
Objectives

• Contains notes on the integration of available frameworks

and methodologies into a possible integrated approach to
providing information technology services

March 23, 2010 2

Information Technology and Related Frameworks
and Methodologies
• Bewildering array of overlapping frameworks and methodologies
across lifecycle of IT systems delivery and management
• Frameworks and methodologies have benefits
− Provide a short-cut to determining the optimum approach to address a
business need
− Contain collective learning and experience
− Supported and enhanced
− Useful but are a means to and end and not an end in themselves
• But there are many (too many) competing individual frameworks
and methodologies representing specific potential solutions to
specific needs
− Focussing on individual aspects of IT
• Need for a higher view above the individual frameworks
• A view that represents how an IT function needs to operate
holistically

March 23, 2010 3

Suggested Integrated IT Solution and Operations
Management Approach
Integrated Solution and Operations
Management Approach

Architecture and Management and

Realisation Processes

Vision and Strategy Enterprise Management

Programme and Portfolio

Architecture
Management

Development, Customisation
Project Management
and Configuration

Implementation and
Service Management
Deployment

Operation and Control Architecture Management

March 23, 2010 4
Integrated IT Solution and Operations Management
Approach
• Every IT function has two pillars
− Doing
• Strategy
• Design
• Development
• Implementation
− Managing the doing
• Business change
• Programmes
• Projects
• Operations
• Generalised approach that can integrate specific delivery
frameworks as required
• Provide an overarching approach on which any function can be built

March 23, 2010 5

 Direction and Focus of IT Solution and Operations
Management Approach – Three Layers
Integrated Solution and Operations
Management Approach

Architecture and Management and

Realisation Processes

General Vision and Strategy Enterprise Management Fundamental

Direction of Processes and
Solution Competencies
Programme and Portfolio
Lifecycle Architecture
Management
From
Design to Development, Customisation Implementation
Operation Project Management of New Projects
and Configuration
and Services
Implementation and
Service Management
Deployment

Operation of
Operation and Control Architecture Management Existing Services

March 23, 2010 6

 Arrangement of Integrated IT Solution and Operations
Management Approach Within Operational Context
Architecture and Realisation Management and Processes

Existing

MANAGING THE DOING

Programmes, Focus on management processes
Focus on architecture and design
Projects and associated with the operation and
aspects of existing services
Services delivery of existing services

Focus on management processes

DOING

Focus on architecture, design,

New associated with the architecture,
selection, development and
Programmes, design, selection, development
delivery aspects of new projects
Projects and and delivery aspects of new
and services
Services projects and services

Focus on the prerequisites and Focus on the prerequisite and

Fundamental
foundations for strategy, foundation management
Organisational
Requirements architecture and design across IT processes across IT function and
function and solution lifecycle solution lifecycle

March 23, 2010 7

Integrated IT Solution and Operations Management
Approach
• An practical and integrated solution and operations
management approach consisting of two pillars:
− Architecture and Realisation (“Doing”)
• Concerned with enterprise vision, strategy, architecture, implementation,
delivery and subsequent operation
− Management and Processes (“Managing the Doing”)
• Addresses the management of large-scale business and information
technology initiatives and associated programmes and projects
• Phases and processes within the two pillars can be
integrated across a programme of work or the services can
be delivered independently, depending on the
requirements of the organisation
• Generalised framework that can be applied across multiple
environments
March 23, 2010 8
Expanded Integrated IT Solution and Operations
Management Approach - Architecture and Realisation Pillar
Architecture and Realisation

Vision and Strategy

Enterprise Transition and Information Technology

Transformation Strategy

Architecture

Business Application Information Technology

System Architecture Business Area Architecture
Architecture Architecture

Development, Customisation
and Configuration

Package Selection,
Accelerated Application
Customisation and Iterative Development Application Re-engineering
Prototyping and Development
Implementation

Implementation and
Deployment

Readiness Assessment Pilot Deployment Preparation Deployment

Operation and Control

System Operations and Service System Support and

Management Administration
March 23, 2010 9
Expanded Integrated IT Solution and Operations
Management Approach - Management and Processes Pillar
Management and Processes

Enterprise Management

Architecture and Systems Management Support

Business Change Governance IT Management
Management Framework

Programme and Portfolio

Management

Portfolio Project
Programme Management
Management

Project Management

PMO Implementation
Management of Projects
and Operation

Service Management

Service Request Service Improvement

Service Delivery
Management Programme

Architecture
Management

Business Architecture Information Architecture Technology Architecture Application Architecture

Management Management Management Management
March 23, 2010 10
 Integrated IT Solution and Operations Management
Approach Within Operational Context
Architecture and Realisation Management and Processes

Existing
Operation and
Programmes, Control
Projects and
Services Service
Management

Implementation and
Deployment

New
Programmes,
Projects and Development,
Customisation
Services and
Configuration
Architecture Programme
Enterprise Project Architecture
and Portfolio Management
Management Management
Management
Vision and
Fundamental Strategy
Organisational
Requirements

March 23, 2010 11

Architecture and Realisation Pillar

• Vision and Strategy

− Creates the business vision defines the direction for subsequent information technology initiatives
− Internal and external requirements and processes are analysed
− Allows prioritisation of the business and information system areas that will addressed in subsequent stages
− Ensures that all further work is aligned with the vision and strategy
• Architecture
− Designed to translate the Vision and Strategy into an implementable, operable and supportable structure
− Architecture can encompass both enterprise and specific solution areas
− Scope, requirements and functionality of the business processes and the associated information systems are
specified
− Architecture is concerned with both business and information technology in parallel
− Constituent projects and changes to deliver the architecture are identified
• Development, Customisation and Configuration
− Selects, designs, builds, customises and tests the elements of the solution
− Includes some or all of customised development, package customisation and system enhancement.
− Development activities related to business change and technical infrastructure are addressed
• Implementation and Deployment
− Takes the solution components and creates a fully operable system, complete with data and business process
changes
− Includes integration testing, pilot, data conversion documented procedures, training, and operational readiness
and acceptance
• Operation and Control
− Creates and implements practices for ensuring defined service levels for the operation, maintenance, and
support of the new or modified systems

March 23, 2010 12

Management and Processes Pillar

• Enterprise Management
− Involves establishing business objectives, monitoring achievement against targets and making necessary
corrections
• Programme and Portfolio Management
− Directs and manages programmes and portfolios of initiatives and undertakings offerings to balance benefits,
costs, resources and risks in a strategic context and ensuring benefits realisation
− Establish the competency within an organisation to provide this service internally or manage its provision by
external agents
• Project Management
− Concentrates on the effective and efficient processes required to identify, coordinate, and continuously focus
people and resources on achieving project objectives and commitment within time, cost, resource and quality
controls
− Enables organisations to deliver both the simple and complex initiatives and to perform projects capably
• Service Management
− Controls and manages the operational services phases of the overall initiative life cycle
− Service request management handles requests from users
− Manages their fulfilment and includes logging, performing initial analysis, monitoring, prioritising, measuring,
and closing
− Service delivery management directs and manages services to ensure that the end-user receives the agreed
service
• Architecture Management
− Concerned with the business, technical, and operational procedures and processes needed to ensure and
maintain integrated enterprise and solution architecture during the implementation of the solution and its
subsequent operation

March 23, 2010 13

Groups of Information Technology and Related
Frameworks, Methodologies and Toolsets
• Multiple existing IT frameworks can be divided into groups
− Service and Application Management, Provisioning and Sourcing
− Program and Project Management
− Enterprise Architecture
− Software Lifecycle Management
− Value and Investment Management
− Data Management
− Quality Management
− Governance, Security and Risk Management
− Business Management and Support
− Business Analysis
• Not an exhaustive list of frameworks or groups
• Each exists as a point solution to a specific requirement
• Frameworks need to be placed in context to allow most relevant and
appropriate be selected

March 23, 2010 14

Groups of Information Technology and Related
Frameworks, Methodologies and Toolsets
Information Technology and Related
Frameworks, Methodologies and Toolsets

Service and Application Management,

Quality Management
Provisioning and Sourcing

Governance, Security and Risk

Program and Project Management
Management

Software Lifecycle Management Business Management and Support

Value and Investment Management Business Analysis

Data Management Enterprise Architecture

March 23, 2010 15

 Framework Groups Within Integrated Solution and
Operations Management Approach
Architecture and Realisation Management and Processes

Existing
Programmes,
Projects and
Services

Business
Management
and Support Software
Lifecycle
Service and
New Application
Management Governance,
Program and
Management, Security and
Programmes, Provisioning Risk Project
Management Management
Projects and and Sourcing

Services
Business Value and Quality
Data
Analysis Enterprise Investment Management
Management
Architecture Management

Fundamental
Organisational
Requirements

March 23, 2010 16

Organisations Need to Maintain Sets of Core
Competencies That Cross All Functions
• Core competencies that organisations need and which cross
functional areas
− Performance and Quality Management
− Resource Management
− Funding, Financial, Investment and Budget Management and Total Cost of
Ownership
− Human Capital and Resource Management
− Organisation Design, Planning and Management
− Usability and User Experience Design
− Sourcing and Selection Management
− Vendor and Supplier Management
− Business Process Management
− Benefits Assessment and Realisation
− Capacity Planning, Forecasting and Demand and Supply Management
• These are common sets of skills needed for both pillars and across
solution and service lifecycles
• Not specific to one area within integrated approach
March 23, 2010 17
Core Competencies That Cross All Functions
Integrated Solution
Performance and Management
and Quality Operations
Management Approach
Resource Management
Architecture and Management and
Funding,Realisation
Financial, Investment and Budget Management and Total Cost of Ownership
Processes

Human Capital and Resource Management

Vision and Strategy Enterprise Management
Organisation Design, Planning and Management
Programme and Portfolio
Usability and User Experience
Architecture Design
Management
Sourcing and Selection Management
Development, Customisation
Project Management
and Configuration
Vendor and Supplier Management
Business
Implementation andProcess Management
Service Management
Deployment
Benefits Assessment and Realisation
Operation
Capacity Planning, and Controland Demand
Forecasting Architecture Management
and Supply Management
March 23, 2010 18
Core Competencies

• Frameworks can assist in quickly implementing some core

competencies
Performance and Quality Management ISO 9000, TickIT, TQM, Six Sigma
Resource Management
Funding, Financial, Investment and Budget ITIM, Val IT
Management and Total Cost of Ownership
Human Capital and Resource Management People CMM
Organisation Design, Planning and Management
Usability and User Experience Design
Sourcing and Selection Management eSCM, ISPL
Vendor and Supplier Management eSCM, ISPL
Business Process Management
Benefits Assessment and Realisation MSP, IT Balanced Scorecard, ITIM, Val IT
Capacity Planning, Forecasting and Demand and
Supply Management
March 23, 2010 19
Frameworks and Integrated Solution and Operations
Management Approach - Architecture and Realisation
High Level Function
Vision and Strategy
Architecture
Development, Customisation and
Configuration
Implementation and Deployment
Operation and Control
March 23, 2010
Components of Function
Enterprise Transition and Transformation
Information Technology Strategy
System Architecture
Business Application Architecture
Information Technology Architecture
Business Area Architecture
Accelerated Application Prototyping and
Development
Package Selection, Customisation and
Implementation
Iterative Development
Application Re-engineering
Readiness Assessment
Pilot
Deployment Preparation
Deployment
System Operations and Service Management
System Support and Administration
Possible Methodology/Framework
Toolset
TOGAF, DODAF, MODAF, NASCIO EAMM
TOGAF, DODAF, MODAF, NASCIO EAMM
TOGAF, DODAF, MODAF, NASCIO EAMM
TOGAF, DODAF, MODAF, NASCIO EAMM
TOGAF, DODAF, MODAF, NASCIO EAMM
DSDM, RUP
ITIM, Val IT
DSDM, RUP
ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
20
Frameworks and Integrated Solution and Operations
Management Approach - Management and Processes
High Level Function
Enterprise Management
Programme and Portfolio Management
Project Management
Service Management
Architecture Management
March 23, 2010
Components of Function
Business Change
Governance
Architecture and Systems Management
Management Support Framework
IT Management
Programme Management
Portfolio Project Management
PMO Implementation and Operation
Management of Projects
Service Delivery
Service Request Management
Service Improvement Programme
Business Architecture Management
Information Architecture Management
Technology Architecture Management
Application Architecture Management
Possible Methodology/Framework
Toolset
COBIT, ISO 38500, OCEG
MOF, BISL, ITIL, ISO 20000, IT Service CMM,
ISPL, eSCM, ASL, USMBOK
PRINCE2, PMBOK, MSP
PRINCE2, PMBOK, MSP
PRINCE2, PMBOK, MSP
PRINCE2, PMBOK, MSP
ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
TOGAF, DODAF, MODAF, NASCIO EAMM
TOGAF, DODAF, MODAF, NASCIO EAMM
TOGAF, DODAF, MODAF, NASCIO EAMM
TOGAF, DODAF, MODAF, NASCIO EAMM
21
Service and Application Management, Provisioning
and Sourcing Frameworks
Information
Technology
and Related
Frameworks

Service and
Application
Management,
Provisioning
and Sourcing

USMBOK
ITIL IT Service ISPL eSCM
ASL (Universal
(Information ISO 20000 CMM (Information (eSourcing
(Application Service
Technology (ITSM (Capability Services Capability
Services Management
Infrastructure Standard) Maturity Procurement Maturity
Library) Body of
Library) Model) Library) Model)
Knowledge)

March 23, 2010 22

ITIL (Information Technology Infrastructure Library)

• Aims to improve the overall quality of service to the business within imposed
constraints while improving the overall effectiveness and efficiency of IT
• Consists of a series of books giving guidance on the provision of quality IT services,
and on the accommodation and environmental facilities needed to support IT
• Provides a framework of best practice guidance for IT service management that
has become the most widely used and accepted approach to IT service
management in the world
• Developed in recognition of organisations' growing dependency on IT
• Core of ITIL provides best practice guidance for service delivery, service support, IT
infrastructure management, planning to implement service management,
application management, the business perspective, and security management
• Whole ITIL philosophy has grown up around the guidance contained within the ITIL
books and the supporting professional qualification scheme

March 23, 2010 23

ISO 20000 (IT Service Management Standard)

• Formal standard for IT service management

• Management standard, addressing the establishment and
maintenance of processes and the mechanism to ensure their
relevance and improvement
• Consists of service delivery processes, resolution processes,
relationship processes, control processes, and the release process
• Requires service providers to implement the PDCA( Plan-Do-Check-
Act) cycle for service management processes
• Achieve formal certification and thus demonstrate compliance to
accepted best practices but ISO 20000 is primarily a measure of
process conformance to be achieved rather than setting out a means
of achieving this process conformance
• Covers only core elements of the service management process and
thus cannot describe the full set of processes for any specific service
provider

March 23, 2010 24

IT Service CMM (Capability Maturity Model)

• Maturity model for organisations that provide IT services

such as management of hardware and software,
operations, and software maintenance
• Used to assess current IT organisation's maturity and to
improve IT processes
• Focus on process improvement but does not include
specifications on how a specific maturity level should be
reached
• Does not distinguish between internal and external IT
service providers

March 23, 2010 25

ISPL (Information Services Procurement
Library)
• Best practice library for the management of IT related
acquisition processes
• Focus on the relationship between the customer and
supplier organisation and on the procurement of
information services
• Designed to professionalise customer-supplier
relationships during an outsourcing initiative
• Designed to help understand services to be acquired and
delivered and structure their acquisition and delivery

March 23, 2010 26

eSCM (eSourcing Capability Maturity Model)

• Two versions:
− Sourcing partners (eSCM-SP)
− Client companies availing of outsourcing function (eSCM-CL)
• Sourcing partners
− Defines sourcing capabilities that organisations should develop
and improve in order to be viewed by their current and
prospective customers as capable and reliable partners
• Client companies availing of outsourcing function
− Defines capabilities that organisations should develop and
improve in order to select and manage outsourcing relationship
• Covers the lifecycle of service provision from initiation to
completion of a relationship

March 23, 2010 27

ASL (Application Services Library)

• Describes a standard for processes for management,

maintenance and enhancement/renovation of (business)
applications
• Aimed at managers and professionals loooking to improve
maturity of the processes for delivering application
management services
• Can be used to improve a broad spectrum of aspects of
application management, varying from cost control and
quality of service to staff motivation and strategic
alignment
• Based on ITIL concepts
March 23, 2010 28
USMBOK (Universal Service Management Body of
Knowledge)
• New major and comprehensive service management
framework
• Driven by a single individual
• Designed as an open body of knowledge on successful
service management

March 23, 2010 29

Program and Project Management Frameworks
Information
Technology
and Related
Frameworks

Program and
Project
Management

PMBOK
PRINCE2 MSP
(Project
(Projects in (Managing IT Balanced
Management
Controlled Successful Scorecard
Body of
Environments) Programmes)
Knowledge)

March 23, 2010 30

PRINCE2 (Projects in Controlled Environments )

• Best practice project management standard in the UK and widely

used elsewhere
• Process-based method for project management - sets of processes
that provide a controlled project start, controlled project, and
controlled close
• Covers management, control and organisation of a project and can
be used for any project type and size
• Concentrates on the work of project and team managers and
management involved in decision-making within the project
• Covered aspects of projects are business case, organisation, plans,
controls, management of risks, quality in a project environment,
configuration management and change control

March 23, 2010 31

PMBOK (Project Management Body of Knowledge)

• Very widely used process-based project management

guide and an internationally recognised standard that
provides the fundamentals of project management as they
apply to a wide range of projects
• Recognised throughout the world as a standard for
managing projects
• Covers project knowledge areas: integration management,
HR management, scope management, communications
management, time management, risk management, cost
management, procurement management and quality
management

March 23, 2010 32

MSP (Managing Successful Programmes)

• Best practice guide on programme management

• Generic approach which can be used in all types of
programmes
• Contains a set of principles and a set of processes for use
when managing a programme
• Tool to manage strategic change in parts of an
organisation
• Can be used together with PRINCE2

March 23, 2010 33

IT Balanced Scorecard

• Planning and management tool used to align business

activities to the vision and strategy of the organisation,
improve internal and external communications and
monitor organisation performance against strategic goals
• Can be used to measure and manage IT performance and
to enable alignment between business and IT
• Covers four perspectives: perspective, internal business
process, learning and growth and customer

March 23, 2010 34

Software Lifecycle Management Frameworks
Information
Technology and
Related
Frameworks

Software
Lifecycle
Management

ISO/IEC 12207
CMMI Systems And DSDM (Dynamic
(Capability Software Systems RUP (Rational
Maturity Model Engineering – Development Unified Process)
Integration) Software Life Method)
Cycle Processes)

March 23, 2010 35

CMMI (Capability Maturity Model Integration

• Process improvement approach that provides with the

essential elements of effective processes
• Currently addresses three areas
− Product and service development - CMMI for Development
− Service establishment, management, and delivery - CMMI for
Services
− Product and service acquisition - CMMI for Acquisition

March 23, 2010 36

ISO/IEC 12207 Systems And Software Engineering –
Software Life Cycle Processes)
• Defines a common framework for software life cycle
processes, with well-defined terminology that can be
referenced by the software industry
• Applies to the acquisition of systems and software
products and services, to the supply, development,
operation, maintenance, and disposal of software products
and the software portion of a system, whether performed
internally or externally to an organisation
• Provides a process that can be employed for defining,
controlling, and improving software life cycle processes

March 23, 2010 37

DSDM (Dynamic Systems Development Method)

• Software development methodology originally based on

and extends Rapid Application Development methodology
• Iterative and incremental approach that emphasises
continuous user involvement
• Aims to deliver software systems on time and on budget
while adjusting for changing requirements along the
development process

March 23, 2010 38

RUP (Rational Unified Process)

• Iterative software development process framework

created by the Rational Software Corporation (IBM)
• Can be tailored by the development organisations and
software project teams who select the parts of the process
that are appropriate
• Consists of project lifecycle phases and engineering and
supporting disciplines
• Variants and extensions
− Unified Process
− Open Unified Process
− Agile Unified Process
− Enterprise Unified Process

March 23, 2010 39

Value and Investment Management Frameworks
Information
Technology
and Related
Frameworks

Value and
Investment
Management

ITIM
(Information Gartner Total
Technology Val IT Cost of
Investment Ownership
Management)

March 23, 2010 40

ITIM (Information Technology Investment
Management)
• Produced by the United States General Accounting Office
(GAO)
• Identifies and organises thirteen processes that are critical
for successful investment into a framework of increasingly
mature stages
• Tool for internal and external evaluations of investment
management process

March 23, 2010 41

Val IT

• Framework for the governance of IT investments to get

business value from IT investments
• Provides guidance on different types of value (tangible and
intangible) that can be considered and how to compare
the tangible with intangibles benefits
• Tightly integrated with and extends and complements
COBIT with management processes required to get good
value from IT investments

March 23, 2010 42

Gartner Total Cost of Ownership

• Aims to be an industry standard TCO methodology

• TCO models are available for contact centre, data network,
distributed computing, enterprise operations centre,
enterprise storage management, help desk, and voice
telecom

March 23, 2010 43

Data Management Frameworks
Information
Technology
and Related
Frameworks

Data
Management

DMBOK (Data
Management
Body of
Knowledge)

March 23, 2010 44

DMBOK (Data Management Body of Knowledge)

• Generalised and comprehensive framework for managing

data across the entire lifecycle
• rovides a detailed framework to assist development and
implementation of data management processes and
procedures and ensures all requirements are addressed
• Enables effective and appropriate data management
across the organisation
• Provides awareness and visibility of data management
issues and requirements

March 23, 2010 45

Quality Management Frameworks
Information
Technology and
Related
Frameworks

Quality
Management

TQM (Total
ISO 9000 TickIT/TickITplus Quality Six Sigma
Management)

March 23, 2010 46

ISO 9000

• ISO 9000 is a family of standards for quality management

systems
• Developed to address the quality management systems
within an organisation to demonstrate its capability to
meet its customer's requirements
• Certifies that an organisation has carried out the correct
processes but does not provide a quality guarantee of the
end product
• Only standard that can be used for the certification of a
quality management system

March 23, 2010 47

TickIT/TickITplus

• Quality management certification for software

• Mainly UK based
• Aims to improve the quality of software and its application
• Includes practical guidance for software development and
services
• TickITplus adds industry best practice with international IT
standards with ISO 9001 accredited certification

March 23, 2010 48

TQM (Total Quality Management)

• TQM is a management approach that seeks to integrate all

organisational functions to focus on meeting customer
needs and organisational objectives
• All personnel become involved in the continuous
improvement of the production of goods and services
• Concerned with continuous improvement in all work from
high level strategic planning and decision making to
detailed execution of work elements
• Many methodologies and techniques to implement TQM
approach

March 23, 2010 49

Six Sigma

• Data-driven approach and methodology for eliminating defects in

any process
• Originated in manufacturing but now widely used
• Practical goal to increase profits by eliminating variability, defects,
and waste that undermine customer loyalty
• Two Six Sigma components
− DMAIC - define, measure, analyse, improve and control for existing processes
− DMADV define, measure, analyse, design and verify for new processes
• Uses a set of quality management methods, including statistical
methods, and creates a special infrastructure of people within the
organisation who are experts in these methods

March 23, 2010 50

Governance, Security and Risk Management
Frameworks
Information
Technology
and Related
Frameworks

Governance,
Security and
Risk
Management

COBIT (Control ISO 38500 ISO 27000 /

OCEG (Open
Objectives for (Corporate (Information IT Baseline
Compliance
Information Governance of Security Protection
and Ethics
and Related Information Management Catalogs
Group)
Technology) Technology) System)

March 23, 2010 51

COBIT (Control Objectives for Information and
Related Technology
• Framework for IT management created by the Information
Systems Audit and Control Association (ISACA) and the IT
Governance Institute (ITGI)
• Enables clear policy development and good practice for IT
control
• Emphasises regulatory compliance, helps organisations to
increase the value attained from IT

March 23, 2010 52

ISO 38500 (Corporate Governance of Information
Technology)
• Framework for governance of IT to assist senior
management to understand and fulfill their legal,
regulatory and ethical obligations in relation to the
organisation’s use of IT
• Based on Austrailian standard AS 8015 for corporate
governance of information and communication technology
• Encompasses establish responsibilities, plan to best
support the organisation, acquire validly, ensure
performance when required, ensure conformance with
rules and ensure respect for human factors

March 23, 2010 53

ISO 27000 / (Information Security Management
System)
• Family of 27000 standards for information security
• ISO 27001 specifies a management system to bring
information security under management control
• Examine information security risks, taking account of the
threats, vulnerabilities and impacts
• Design and implement information security controls to
address those risks that are deemed unacceptable
• Implement management process to ensure that the
controls continue to meet information security
requirements

March 23, 2010 54

Open Compliance and Ethics Group

• OCEG Framework contains the GRC Capability Model –

specified in the OCEG Red Book
• Provides comprehensive and detailed practices for an
integrated GRC system
− Achieve business objectives
− Enhance organisational culture
− Increase stakeholder confidence
− Prepare and protect the organisation
− Prevent, detect and reduce adversity
− Motivate and inspire desired conduct
− Improve responsiveness and efficiency
− Optimise economic and social value
March 23, 2010 55
IT Baseline Protection Catalogs

• Collection of documents from the German Federal Office

for Security in Information Technology
• Includes standard security measures for typical IT systems
with normal protection needs
• Component catalog defines overall aspects of IT,
infrastructure, IT systems, networks and IT applications
• Threat catalog details potential threats to IT systems
• measures catalog define measures necessary to achieve
baseline protection

March 23, 2010 56

Business Management and Support Frameworks

Information
Technology and
Related
Frameworks

Business
Management
and Support

MOF (Microsoft BISL (Business

Operations Information
Framework) Service Library)

March 23, 2010 57

MOF (Microsoft Operations Framework)

• Contains practices, principles, and activities that provide guidelines

for achieving reliability for IT solutions and services
• Provides question-based guidance that allows you to determine
what is needed now as well as activities that will keep the IT
organisation running efficiently and effectively in the future
• Creates an environment where business and IT can work together
toward operational maturity using a proactive model that defines
processes and standard procedures to gain efficiency and
effectiveness
• Covers activities and processes involved in managing IT services:
definition, development, operation, maintenance and retirement

March 23, 2010 58

BISL (Business Information Service Library)

• Public domain standard for functional and and information

management
• Describes processes within business information management at the
strategy, management, and operations level
• Establishes a bridge between IT and business processes and
between business information administrators and information
managers
• Identifies processes at three levels: operations, management, and
strategic
• Covers operations management, functionality management, change
management and transition, planning and control, financial
management, demand management, contract management,
develop information strategy, develop information organisation
strategy and information coordination

March 23, 2010 59

Business Analysis Frameworks

Information
Technology
and Related
Frameworks

Business
Analysis

Structured
Business Systems
Analysis Body Analysis and
of Knowledge Design
(BABOK) Method
(SSADM)

March 23, 2010 60

Business Analysis Body of Knowledge (BABOK)

• Developed by the IIBA (International Institute of Business Analysis)

• BABOK is the collection of knowledge within the profession of
Business Analysis and reflects generally accepted practice
• Describes business analysis areas of knowledge, their associated
activities and tasks and the skills necessary to be effective in their
execution
• Identifies currently accepted practices
• Recognises business analysis is not the same as software
requirements
• Defined and enhanced by the professionals who apply it
• Captures the knowledge required for the practice of business
analysis as a profession
March 23, 2010 61
Structured Systems Analysis and Design Method
(SSADM)
• Systems approach to the analysis and design of
information systems
• Waterfall approach incorporates document-led approach
to system design
• Includes
− Logical Data Modelling
− Data Flow Modelling
− Entity Behaviour Modelling

March 23, 2010 62

Enterprise Architecture Frameworks

Information
Technology
and Related
Frameworks

Enterprise
Architecture

NASCIO EAMM
Department of Ministry of
TOGAF (The Federal (NASCIO
Defense Defence
Open Group Enterprise Enterprise
Architecture Architectural Zachman
Architecture Architecture Architecture
Framework Framework
Framework) (FEA) Maturity
(DoDAF) (MODAF)
Model)

March 23, 2010 63

TOGAF (The Open Group Architecture Framework)

• TOGAF is a framework - a detailed method and a set of supporting tools — for

developing an enterprise architecture
− TOGAF is not itself an architecture
• Architecture design is a technically complex process and the design of mixed,
multivendor architectures is particularly complex
• TOGAF plays an important role in helping to demystify and reduce the risk in the
architecture development process
• TOGAF provides a platform for adding value and enables users to build genuinely
open systems-based solutions to address their business issues and needs
• Because TOGAF has a detailed implementation framework, the project to
implement it and the associated time and cost can be defined more exactly
• Framework can be customised to suit the requirements of the organisation
• TOGAF has a broad coverage and a business focus and seeks to ensure that IT
delivers what the business needs
• TOGAF focuses on both the “what” and the “how”

March 23, 2010 64

Department of Defense Architecture Framework
(DoDAF)
• Framework for developing and representing architecture
descriptions that ensure a common denominator for
understanding, comparing, and integrating architectures
• Establishes data element definitions, rules, and
relationships and a baseline set of products for consistent
development of systems, integrated or federated
architectures

March 23, 2010 65

Ministry of Defence Architectural Framework
(MODAF)
• Framework defining a standardised way of creating
enterprise architecture
• Defines architectural views covering the strategic goals of
the enterprise and the people, processes and systems that
deliver those goals

March 23, 2010 66

Zachman

• Zachman Framework for Enterprise Architecture defines a

collection of perspectives involved in enterprise
architecture
• Provides a logical structure for classifying and organising
the descriptive representations of an enterprise
• High level framework

March 23, 2010 67

Federal Enterprise Architecture (FEA)

• Methodology for information technology acquisition, use

and disposal
• Contains a set of reference models
− Performance Reference Model
− Business Reference Model
− Service Component Reference Model
− Data Reference Model
− Technical Reference Model

March 23, 2010 68

NASCIO EAMM (NASCIO Enterprise Architecture
Maturity Model)
• Developed by National Association of State Chief
Information Officers (NASCIO)
• Provides a path for architecture and procedural
improvements within an organisation
• Framework combines business and environment processes
and representations to allow planning and development of
an architecture blueprint
• Designed to improve information sharing across
government boundaries, as well as to position government
enterprises for the digital government age and the
advantages and opportunities that technology presents
March 23, 2010 69
Summary

• Large number of potentially very useful frameworks and

methodologies existing as point solutions
• Need to select the most appropriate framework to suit
your needs
• Need to integrate frameworks into IT operations and
delivery structure

March 23, 2010 70

More Information

Alan McSweeney
alan@alanmcsweeney.com

March 23, 2010 71