ITIL, COBIT,
TOGAF and CMMI are very large subjects. Also they are related the each other.
In this homework, they will be explained shortly and separately to make more
understandable.
What
is Information Systems Management (ISM)?
Information
Systems Management (ISM) is the application of information technology to
support the major functions and activities of either a private sector business
or public sector institution. In the past, organizations recognized the
importance of managing resources such as labor, capital, and raw materials.
Today, it is widely accepted that managing the information resource is very
often equally important. ISM supports the process of collection, manipulation,
storage, distribution and utilization of an organization's information
resources.
The
Information Systems Management undergraduate major is a multi-disciplinary
major that focuses on the fusion of information systems, technology, and
business management for two purposes: the use of information systems to solve
business problems and the management of technology, which includes new product
development and enterprise management.
The vast
majority of information systems are developed for and used by people in
functional areas (e.g., manufacturing, human resources, accounting, finance and
marketing). To develop information systems that address the needs of the
organization, ISM professionals must possess a solid mix of business and technical
knowledge. They must understand organizational structures, objectives,
operations (including processes and the flows of data between processes) and
the financial implications related to these factors. Only by understanding
these factors can an ISM professional communicate effectively with users and
then design systems that support their needs.
ISM managers
and professionals must stay up-to-date with evolving information technologies
and have a solid foundation of technical skills to select appropriate
technologies and to implement computer-based information systems. Thus, ISM
people must be well versed in topics such as systems development tools and
techniques, information architecture, network configurations, databases, and
systems integration.
CMMI
(Capability Maturity Model Integration)
As the organization behind the Capability Maturity Model Integration
(CMMI), a process improvement framework that guides organizations in
high-performance operations, the CMMI Institute is working to build upon CMMI’s
success, advance the state of the practice, accelerate the development and
adoption of best practices, and provide new and evolved solutions to meet the
emerging needs of businesses around the world. The institute also leads the
People Capability Maturity Model and the Data Management Maturity Model
frameworks.
The CMMI Institute supports the worldwide adoption of its solutions in
small and large organizations alike in a variety of industries, including
aerospace, finance, health services, software, defense, transportation, and
telecommunications.
Background
on CMMI
The Capability Maturity Model Integration (CMMI®) is
a world-class performance improvement framework for competitive organizations
that want to achieve high-performance operations. Building upon an
organization’s business performance objectives, CMMI provides a set of
practices for improving processes, resulting in a performance improvement
system that paves the way for better operations and performance. More than any
other approach, CMMI doesn’t just help you to improve your organizational
processes. CMMI also has built-in practices that help you to improve the way
you use any performance improvement approach, setting you up to achieve a
positive return on your investment.
CMMI does not provide a single process. Rather, the
CMMI framework models what to do to improve your processes, not define your
processes. CMMI is designed to compare an organization’s existing processes to
proven best practices developed by members of industry, government, and
academia; reveal possible areas for improvement; and provide ways to measure
progress. The result? CMMI helps you to build and manage performance
improvement systems that fit your unique environment.
Maturity
levels in CMMI for Development
There
are five maturity levels. Maturity level ratings are awarded for levels 2
through 5. The process areas below and their maturity levels are listed for the
CMMI for Development model:
Maturity Level 2 - Managed
·
CM - Configuration Management
·
MA - Measurement and Analysis
·
PMC - Project Monitoring and Control
·
PP - Project Planning
·
PPQA - Process and Product Quality Assurance
·
REQM - Requirements Management
·
SAM - Supplier Agreement Management
Maturity Level 3 - Defined
·
DAR - Decision Analysis and Resolution
·
IPM - Integrated Project Management
·
OPD - Organizational Process Definition
·
OPF - Organizational Process Focus
·
OT - Organizational Training
·
PI - Product Integration
·
RD - Requirements Development
·
RSKM - Risk Management
·
TS - Technical Solution
·
VAL - Validation
·
VER - Verification
Maturity Level 4 - Quantitatively Managed
·
OPP - Organizational Process Performance
·
QPM - Quantitative Project Management
Maturity Level 5 - Optimizing
·
CAR - Causal Analysis and Resolution
·
OPM - Organizational Performance Management
Maturity levels in CMMI for Services
The process areas below and their
maturity levels are listed for the CMMI for Services model:
Maturity Level 2 - Managed
·
CM - Configuration Management
·
MA - Measurement and Analysis
·
PPQA - Process and Product Quality Assurance
·
REQM - Requirements Management
·
SAM - Supplier Agreement Management
·
SD - Service Delivery
·
WMC - Work Monitoring and Control
·
WP - Work Planning
Maturity Level 3 - Defined
·
CAM - Capacity and Availability Management
·
DAR - Decision Analysis and Resolution
·
IRP - Incident Resolution and Prevention
·
IWM - Integrated Work Managements
·
OPD - Organizational Process Definition
·
OPF - Organizational Process Focus
·
OT - Organizational Training
·
RSKM - Risk Management
·
SCON - Service Continuity
·
SSD - Service System Development
·
SST - Service System Transition
·
STSM - Strategic Service Management
Maturity Level 4 - Quantitatively Managed
·
OPP - Organizational Process Performance
·
QWM - Quantitative Work Management
Maturity Level 5 - Optimizing
·
CAR - Causal Analysis and Resolution
·
OPM - Organizational Performance Management
Maturity
levels in CMMI for Acquisition
The process areas below and their
maturity levels are listed for the CMMI for Acquisition model:
Maturity Level 2 - Managed
·
AM - Agreement Management
·
ARD - Acquisition Requirements Development
·
CM - Configuration Management
·
MA - Measurement and Analysis
·
PMC - Project Monitoring and Control
·
PP - Project Planning
·
PPQA - Process and Product Quality Assurance
·
REQM - Requirements Management
·
SSAD - Solicitation and Supplier Agreement Development
Maturity Level 3 - Defined
·
ATM - Acquisition Technical Management
·
AVAL - Acquisition Validation
·
AVER - Acquisition Verification
·
DAR - Decision Analysis and Resolution
·
IPM - Integrated Project Management
·
OPD - Organizational Process Definition
·
OPF - Organizational Process Focus
·
OT - Organizational Training
·
RSKM - Risk Management
Maturity Level 4 - Quantitatively Managed
·
OPP - Organizational Process Performance
·
QPM - Quantitative Project Management
Maturity Level 5 - Optimizing
·
CAR - Causal Analysis and Resolution
·
OPM - Organizational Performance Management
COBIT
COBIT aims "to research, develop,
publish and promote an authoritative, up-to-date, international set of
generally accepted information technology control objectives for day-to-day use by business
managers, IT
professionals and assurance professionals". COBIT, initially an acronym
for "Control objectives for information and related technology"
(though before the release of the framework people talked of "COBIT"
as "Control Objectives for IT), defines a set of generic processes for the
management of IT. The framework defines each process together with process
inputs and outputs, key process-activities, process objectives, performance
measures and an elementary maturity
model. The
framework supports governance of IT
by defining and aligning business goals with IT
goals and IT processes.
COBIT provides a set of recommended best
practices for governance and control process of information systems and
technology with the essence of aligning IT with business. COBIT 5 consolidates
COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise
framework aligned and interoperable with TOGAF and ITIL.
The
COBIT Framework
The business orientation of COBIT consists of linking
business goals to IT goals, providing metrics and maturity models to measure
their achievement, and identifying the associated responsibilities of business
and IT process owners.
The process focus of COBIT 4.1 is illustrated by a
process model that subdivides IT into four domains (Plan and Organize, Acquire
and Implement, Deliver and Support, and Monitor and Evaluate) and 34 processes
in line with the responsibility areas of plan, build, run and monitor. It is
positioned at a high level and has been aligned and harmonized with other, more
detailed, IT standards and good practices such as COSO, ITIL, BISL, ISO 7000, CMMI, TOGAF and PMBOK. COBIT acts as an integrator of these different
guidance materials, summarizing key objectives under one umbrella framework
that link the good practice models with governance and business requirements.
Components
of COBBIT
·
Framework: Organize IT governance objectives and good practices by IT
domains and processes, and links them to business requirements
·
Process descriptions: A reference process model and common language for
everyone in an organization. The processes map to responsibility areas of plan,
build, run and monitor.
·
Control objectives: Provide a complete set of high-level requirements to
be considered by management for effective control of each IT process.
·
Management guidelines: Help assign responsibility, agree on objectives,
measure performance, and illustrate interrelationship with other processes
·
Maturity models: Assess maturity and capability per process and helps to
address gaps.
ISO/IEC
20000
·
ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It
specifies requirements for the service provider to plan, establish, implement,
operate, monitor, review, maintain and improve an SMS. The requirements include
the design, transition, delivery and improvement of services to fulfill agreed
service requirements.
·
ISO/IEC 20000-1:2011 can be used by:
·
an organization seeking services from service providers and requiring
assurance that their service requirements will be fulfilled;
·
an organization that requires a consistent approach by all its service
providers, including those in a supply chain;
·
a service provider that intends to demonstrate its capability for the
design, transition, delivery and improvement of services that fulfill service
requirements;
·
a service provider to monitor, measure and review its service management
processes and services;
·
a service provider to improve the design, transition, delivery and
improvement of services through the effective implementation and operation of
the SMS;
·
an assessor or auditor as the criteria for a conformity assessment of a
service provider's SMS to the requirements in ISO/IEC 20000-1:2011.
ITIL (Information Technology Infrastructure
Library)
ITIL is a set of practices for IT service management (ITSM) that focuses on aligning IT
services with the needs of business. In its current form (known as ITIL 2011
edition), ITIL is published as a series of five core volumes, each of which
covers a different ITSM lifecycle stage. Although ITIL underpins ISO/IEC 20000 (previously
BS15000), the International Service Management Standard for IT service
management, there are some differences between the ISO 20000 standard and the
ITIL framework.
ITIL describes processes, procedures, tasks, and
checklists which are not organization-specific, but can be applied by an
organization for establishing integration with the organization's strategy,
delivering value, and maintaining a minimum level of competency. It allows the
organization to establish a baseline from which it can plan, implement, and
measure. It is used to demonstrate compliance and to measure improvement.
Characteristics
of the 2011 Edition of ITIL
ITIL 2011 is an update to the ITIL framework that addresses significant
additional guidance with the definition of formal processes which were
previously implied but not identified, as well as correction of errors and
inconsistencies. Twenty-six processes are listed in ITIL 2011 edition and
described below, along with which core publication provides the main content
for each process. The 2011 edition consists of five core publications – Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement.
1.
ITIL Service Strategy: understands
organizational objectives and customer needs
2.
ITIL Service Design: turns
the service strategy into a plan for delivering the business objectives
3.
ITIL Service Transition: develops
and improves capabilities for introducing new services into supported
environments
4.
ITIL Service Operation: manages
services in supported environments
5.
ITIL Continual Service Improvement: achieves services incremental and large-scale improvements
Continual
Service Improvement
Continual service improvement,
defined in the ITIL continual service improvement volume, aims to align and realign IT services
to changing business needs by identifying and implementing improvements to the
IT services that support the business processes. It incorporates many of the
same concepts articulated in the Deming Cycle of Plan-Do-Check-Act. The perspective of CSI on
improvement is the business perspective of service quality, even though CSI
aims to improve process effectiveness, efficiency and cost effectiveness of the IT
processes through the whole lifecycle. To manage improvement, CSI should
clearly define what should be controlled and measured.
COBIT
versus ITIL
COBIT and ITIL have been used by information
technology professionals in the IT service management (ITSM) space for many
years. Used together, COBIT and ITIL provide guidance for the governance and
management of IT-related services by enterprises, whether those services are
provided in-house or obtained from third parties such as service providers or
business partners.
Enterprises need to govern and manage their
information and related technology assets and resources, and those arrangements
customarily include both internal and external services to satisfy specific
stakeholder needs. COBIT 5 aims primarily to guide enterprises on the
implementation, operation and, where required, improvement of their overall
arrangements relating to governance and management of enterprise IT (GEIT).
ITIL provides guidance and good practice for IT service providers for the
execution of IT service management from the perspective of enabling business
value.
COBIT 5 describes the principles and enablers
that support an enterprise in meeting stakeholder needs, specifically those
related to the use of IT assets and resources across the whole enterprise. ITIL
describes in more detail those parts of enterprise IT that are the service
management enablers (process activities, organizational structures, etc.).
Generally speaking:
· COBIT is broader than
ITIL in its scope of coverage (GEIT). It is based on five principles (meeting
stakeholder needs; covering the enterprise end to end; applying a single,
integrated framework; enabling a holistic approach; and separating governance
from management) and seven enablers (principles, policies and frameworks;
processes; organizational structures; culture, ethics and behavior;
information; services, infrastructure and applications; people, skills and
competencies).
· ITIL focuses on ITSM and provides much more
in-depth guidance in this area, addressing five stages of the service life
cycle: service strategy, service design, service transition, service
operation and continual service improvement. Also, COBIT and ITIL are well
aligned in their approach to ITSM. The COBIT 5 Process Reference Model, as
documented in COBIT 5: Enabling Processes, maps closely to the ITIL
v3 2011 stages.
The distinction between the two is sometimes
described as “COBIT provides the ‘why’;
ITIL provides the ‘how.’” While
catchy, that view is simplistic and seems to force a false “one or the other”
choice. It is more accurate to state that enterprises and IT professionals who
need to address business needs in the ITSM area would be well served to
consider using both COBIT and ITIL guidance. Leveraging the strengths of both
frameworks, and adapting them for their use as appropriate, will aid in solving
business problems and supporting business goals achievement.
COBIT versus CMMI
SOURCES
