Professional Documents
Culture Documents
© 2005
Agenda
1) The IT Space 3
® CMM and CMMI are registered with the US Patent and Trademark Office
® COBIT is a registered trademark of ISACA
® ITIL is a registered trademark of the UK Office of Government Commerce
2
1
Section 1: The IT Space
IT Strategy Data and Service
Operations Center Desk
Application IT-Enabled
Development Services
The Standards
Standard
Parent
Org.
Industry
Sponsor
Group
2
Gartner’s Review of Models
Application Management
Application Management
CMMI
Domain Application Service
Development Management
Source:
6 ITIL: Application Management (2002, p.7)
3
Section 2: COBIT
COBIT:
• Control OBjectives for Information and related Technology
• 3rd edition—July 2000
Sponsorship:
• Open standard of IT Governance Institute
• Published by ISACA – The Information Systems Audit and Control
Association & Foundation
• Certified Information Systems Auditor certification – 23,000+ auditors
Focus:
• IT Governance - How does executive management fulfill its
responsibilities with respect to IT?
• Audit of IT operations
7 Source: COBIT Management Guidelines (2000)
4
COBIT Architecture
34 Information Technology control objectives:
• 11 planning and organization
• 6 acquisition and implementation
• 13 delivery and support
• 4 monitoring
5
Architectural Comparison
COBIT CMMI
Control objectives Process Areas
factors
Key goal Measures in Directing
Implementation
indicators
Key performance Measures in Directing
Implementation
indicators
Architectural comparison is suggestive of relationships, but the
mapping between these elements is not exact.
Font sizes indicate relative scope of the element between models.
11
6
Maturity Model Types
Prescriptive
set of process attributes to set of process areas to each
each maturity level and maturity level and require that
require that for a process to be for an organization to be rated
rated at a specific level, all the at a specific level, all process
Prescriptive
COBIT
ITIL Maturity
Model
Descriptive
7
COBIT Maturity Evaluations
ble
d
t
ise
xis
ata
ge
ed
tim
n-e
na
fi n
pe
tia
Ma
Op
No
Re
De
Ini
AI7
Company Industry Industry Company
status status guidelines objective
8
Planning & Organization—1
COBIT Process Maturity Framework
PO1—Define a strategic IT CMMI—no clear referent
plan—align IT opportunities Level 3 issue
with business requirements and
ensure accomplishment
PO2—Define the information CMMI—no clear referent
architecture—optimize the Level 3 issue
organization and integration of
information systems
PO3—Determine technological CMMI—no clear referent
direction—exploit current and Level 3 issue
emerging technology to achieve
business strategy
PO4—Define the IT organization CMMI L3—OEI
and relationships—deliver Level 3 issue
the right IT services
Source:
17 COBIT Management Guidelines (2000)
9
Planning & Organization—3
COBIT Process Maturity Framework
PO9—Assess risks—support CMMI L2—PP
management decisions and CMMI L3—RSKM
reduce threats
10
Acquisition & Implementation—2
11
Delivery and Support—2
COBIT Process Maturity Framework
DS5—Ensure system security— CMMI—no clear referent
safeguard information against Level 2&3 issue
unauthorized use, disclosure,
modification, damage, or loss
DS6—Identify and allocate CMMI—no clear referent
costs—ensure awareness of Level 3 issue
costs attributable to IT services
12
Delivery and Support—4
COBIT Process Maturity Framework
DS13—Manage operations— CMMI—no clear referent
ensure IT support functions are Level 3 issue
performed regularly in an orderly
fashion
Monitoring—1
COBIT Process Maturity Framework
M1—Monitor the processes— CMMI L2—PMC
ensure achievement of
performance objectives set for IT
processes
M2—Assess internal control CMMI L2—PMC
adequacy—ensure CMMI L3—IPM
achievement of internal control
objectives for IT processes
M3—Obtain independent CMMI L2—PPQA
assurance—increase
confidence and trust among IT,
customers, and suppliers
M4—Provide for an independent CMMI L2—PPQA
audit—ensure proper use of
applications and technical
solutions deployed
13
CMMI-COBIT Coverage
COBIT CMMI
CMMI provides light support for achieving
organization-wide objectives, but better support
Planning and
for objectives with greater project focus such as
Organization requirements, risks, quality, and project mgt.
CMMI-COBIT Summary
14
Section 3: ITIL
Supporting organizations:
• © UK Office of Government Commerce
• Published by The Stationary Office (London)
• itSMF—IT Service Management Forum—intro book
• EXIN, ISEB—professional certifications in ITIL
29
BS Aspiration
15000-1
Specification
BS 15000-2
Code of Practice Guidance
PD 0005 Overview
ITIL How-to
15
ITIL Publication Framework
T
Planning to Implement Service Management
T h
h e
Service
e
Management ICT T
B Service Infra- e
The
u Support structure c
s Business h
Management
i Perspective n
n Service o
e Delivery l
Security
s o
s Management g
Application Management y
31 Source: ITIL: Planning to Implement Service Management (2002, p.4)
Service Delivery:
• Service level management
• Financial management for IT services
• Capacity management
• IT service continuity management
• Availability management
Service Support:
• Service desk
• Incident management
• Problem management
• Change management
• Release management
32 • Configuration management
16
ITIL Topic Areas—2
Applications Management:
• Managing business value
• Aligning delivery strategy with business drivers
• Application management lifecycle
• Organizing roles and functions
• Control methods and techniques
33
Security Management
34
17
ITIL-Related Models
ITIL
Microsoft MOF
35
18
Application Mgt. Lifecycle
Application development
Requirements
Requirements
CMMI
Optimize
Optimize domain Design
Design
Operate
Operate Build
Build
Deploy
Deploy
Service management
ITIL-AM: Requirements
ITIL Application Management CMMI
Functional requirements RM-Manage requirements:
Non-functional requirements • Obtain understanding of requirements
• Obtain commitment to requirements
Usability requirements • Manage requirements changes
Change cases • Maintain bi-directional traceability
Testing requirements • Identify inconsistencies between project work and
requirements
Requirements management checklist
Organization of the requirements team • Elicit needs customer requirements
RD-Develop
• Develop the customer requirements
19
ITIL-AM: Design
ITIL Application Management CMMI
Design for non-functional TS-Select product component
requirements/manageability solutions
Risk-driven scheduling •Develop detailed alternatives and selection
criteria
Managing tradeoffs
•Evolve operational concepts & scenarios
Application-independent design
•Select product component solutions
guidelines and application
frameworks TS-Develop the design
Design management checklist •Design the product or product component
solution
Problems with design guidelines
•Establish a technical data package
Testing the requirements •Design interfaces using criteria
Organization of the design team •Perform make, buy, or reuse analyses
ITIL-AM: Build—1
ITIL Application Management CMMI
Consistent coding conventions PI-Prepare for product integration
Application-independent building •Determine integration sequence
guidelines •Establish the integration environment
Operability testing •Establish integration procedures and criteria
Build management checklist PI-Ensure interface compatibility
Organization of the build team •Review interface description for
completeness
•Manage interfaces
PI-Assemble product deliver product
•confirm readiness for integration
•Assemble product components
•Evaluate assembled components
•Package and deliver the product or
component
20
ITIL-AM: Build—2
ITIL Application Management CMMI
Consistent coding conventions VE-Prepare for verification
Application-independent building •Select work products for verification
guidelines •Establish the verification environment
Operability testing •Establish verification procedures and criteria
Build management checklist VE-Perform peer reviews
Organization of the build team •Prepare for peer reviews
•Conduct peer reviews
•Analyze peer review data
VE-Analyze selected work products
•Perform verification
•Analyze verification results and identify
corrective action
ITIL-AM: Deploy
ITIL Application Management CMMI
Planning the deployment
Distributing applications
Pilot deployments
21
ITIL-AM: Operate
ITIL Application Management CMMI
Day-to-day maintenance activities to
maintain service levels
Application state
Benefits of an application
ITIL-AM: Optimize
ITIL Application Management CMMI
Application review process
22
Service Delivery Processes
Availability Service Level
Management Management
Requirements
Targets,
Achievements
Capacity
Management
Financial
Management
23
ITIL-SD: Financial Mgt.
ITIL Service Delivery CMMI
Budgeting
IT accounting system
IT charging system
Planning IT financial mgt
Implementing IT financial mgt
Financial operation and reporting
Managing variances
24
ITIL-SD: Continuity Mgt.—1
ITIL Service Delivery CMMI
Initiate business continuity mgt.
Business impact analysis
Risk assessment RSKM
Business continuity strategy
Org. and implementation planning PP
Implement standby arrangements
Develop recovery plans PP
Implement risk reduction measures RSKM
Develop procedures OPD, TS
Initial testing VER
25
ITIL-SD: Availability Mgt.
ITIL Service Delivery CMMI
Availability requirements REQM, RD
Failure impact analysis CAR
Availability targets REQM
Availability measures and reporting MA
Monitoring and trend analysis PMC SG1
Availability problem detection PMC SG2
Availability problem prevention PMC SG2
Availability planning PP
Problem
Changes
Management
Change Releases
Management
Release
Management
Configuration
Management
Configuration
Repository
Management
52 Source: ITIL: Planning to Implement Service Management (2002, p.6)
26
ITIL-SS: Incident Mgt.
ITIL Service Support CMMI
Incident detection and recording
Classification and initial support
Investigation and diagnosis
Resolution and recovery
Incident closure
Ownership, monitoring, tracking, and
communication
27
ITIL-SS: Configuration Mgt.
ITIL Service Support CMMI
Configuration management planning CM GP2.2
Configuration identification CM SP1.1
Control of configuration items CM SP1.2, SP2.2
Configuration status accounting CM SP3.1
Configuration verification and audit CM SP3.2
CMDB backups, archives, and CM SP1.2
housekeeping
Configuration management service
28
ITIL-SS: Change Mgt.—2
ITIL Service Support CMMI
Urgent change scheduling CM SP2.2
Urgent change building, testing, and CM SP2.2
implementation
Change review CM SP2.2
Reviewing the change management CM GP2.8, GP2.9, P2.10
process for efficiency & effectiveness
Roles and responsibilities CM GP2.4
29
ICT Infrastructure Mgt.
Technical support
Source:
60 ITIL: ICT Infrastructure Management (2002)
30
ITIL-ICT: Deployment
ITIL ICT Infrastructure Mgt. CMMI
Design phase TS
Working environments IPM
Build phase TS
Acceptance testing VER
Rollout phase
Handover
ITIL-ICT: Operation
ITIL ICT Infrastructure Mgt. CMMI
Manage ICT infrastructure events
Operational control and management
Workload, output, resilience testing
management, & schedules
Storage mgt., backup, &recovery
ICT operational security
Manage support operating processes
Proactive operational mgt. processes
31
ITIL-ICT: Technical Support
ITIL ICT Infrastructure Mgt. CMMI
Research and development
Supplier management SAM, ISM
Document management PP SG 2
BS 15000 Processes
Service Delivery Processes
Capacity Management Service Level Information
Management Security
Service Continuity Management
and Availability Service Reporting
Management Budgeting and
Accounting for
Control Processes IT Services
Configuration Management
32
Maturity of IT Organizations
Product/Service Stage 2
Technology Stage 1
low
33
IT-Business Alignment
Business objectives should
Key Business be reflected in all levels of IT. Business
Drivers Function
Process
IT Processes
Requirements
Skill
IT People
Requirements
Technology
Technology
Requirements
Strategic
Alignment
Application
Applications
Characteristics
Objectives Data
Model
Data
Characteristics
(SOAM) Infrastructure
Infrastructure
Characteristics
67 Source: ITIL: Application Management (2002, p.14)
68
34
Using ITIL and CMMI
Summary
70
35
Relevant Websites
71
72
36