InformatIon TechnologyManagement and Standards



27.3.2015 Analyse in Relation between ITIL,COBIT,CMMI and TOGAFFEYYAZ KAYAR feyyazkyr@centercenterInformatIon TechnologyManagement and StandardsITIL(IT Service Delivery and Support)ITILITIL (The?Information Technology Infrastructure Library) is a globally accepted approach to IT service management (ITSM). ITIL provides a cohesive set of best practices, drawn from the public and private sectors, that focus on aligning end-to-end IT?services?with the needs of business. Tobias International can assist with this alignment, and an implementation plan tailored for your organization.ITIL offers a framework that describes processes, procedures, tasks and checklists that may be used by an organization for establishing integration with the organization’s strategic goals, delivering value to customers/users, and maintaining a minimum level of competency. However, the framework itself is not organization-specific. Upon adopting ITIL, an organization can then establish a baseline from which it can plan, implement, and measure improvement.The processes, procedures, functions and roles that facilitate effective IT?SERV?CE management are?defined in the five core ITSM Lifecycle stages: IT Service StrategyIT Service DesignIT Service TransitionIT Service OperationIT Continual Service ImprovementThe processes of Service Support are:Incident managementProblem managementConfiguration managementChange managementRelease managementThe key practices of Service Delivery are:Service level managementFinancial management for IT servicesCapacity managementIT service continuity managementAvailability managementITIL (IT Infrastructure Library) is the most widely accepted set of best practices in the IT service delivery domain and is complementary to COBIT.COBITControl Objectives for Information and related Technology (COBIT?)provides good practices across a domain and process frameworkand presents activities in a manageable and logical structure. COBIT’s good practices represent the consensus of experts. They are strongly focused more on control, less on execution. These practices will help optimise IT-enabled investments, ensure service delivery and provide a measure against which to judge when things do go wrong. For IT to be successful in delivering against business requirements, management should put an internal control system or framework in place. The COBIT control framework contributes to these needs by:? Making a link to the business requirements? Organising IT activities into a generally accepted process model? Identifying the major IT resources to be leveraged? Defining the management control objectives to be consideredThe business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.The COBIT frameworkThe business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.The process focus of COBIT 4.1 is illustrated by a process model that subdivides IT into four domains (Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed, IT standards and good practices such as?COSO,?ITIL,?BiSL,?ISO 27000,CMMI,?TOGAF?and?PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.The COBIT 4.1 framework specification can be obtained as a complimentary PDF at the?ISACA download website. (Free self-registration may be required.)COBIT 5 was released in April 2012.[4]?COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA's?IT Assurance Framework?(ITAF) and the?Business Model for Information Security?(BMIS). It aligns with frameworks and standards such as?Information Technology Infrastructure Library(ITIL),?International Organization for Standardization?(ISO),?Project Management Body of Knowledge?(PMBOK), PRINCE2 and?The Open Group Architecture Framework?(TOGAF).COBIT has had five major releases:In 1996, the first edition of COBIT was released.In 1998, the second edition added "Control".In 2000, the third edition was released "Management Guidelines".In 2003, an on-line version became available.In December 2005, the fourth edition was initially released.In May 2007, the 4.1 revision was released.COBIT 5 was released in June 2012. It consolidates and integrates the COBIT 4.1,?Val IT?2.0 and?Risk ITframeworks, and also draws significantly from the?Business Model for Information Security?(BMIS) and ITAF.In December 2012, one add-on document was released, COBIT 5 for information security.[5INFORMATION CRITERIA Information delivered to the core business processes has to fulfill certain criteria, which are summarily characterised as follows: Quality requirements: – Effectiveness:Deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner – Efficiency: Concerns the provision of information through the optimal (most productive and economical) use of resources Security requirements:– Confidentiality: Concerns the protection of sensitive information from unauthorised disclosure – Integrity: Relates to the accuracy and completeness of information, as well as to its validity in accordance with business values and expectations – Availability: Relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. Fiduciary requirements: – Compliance:Deals with complying with those laws, regulations and contractual arrangements to which the business process is subject, i.e., externally imposed business criteria, as well as internal policies – Reliability:Relates to the provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilitiesTOGAFThe Open Group Architecture Framework?(TOGAF) is a?framework?forenterprise architecture?which provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture.[2]?TOGAF has been a registered trademark ofThe Open Group?in the United States and other countries since 2011.[3]TOGAF is a high level approach to design. It is typically modeled at four levels: Business, Application, Data, and Technology. It relies heavily on modularization, standardization, and already existing, proven technologies and products.TOGAF – The Open Group Architecture FrameworkABD Savunma Bakanl???’n?n (DoD) geli?tirmi? oldu?u TAFIM – Technical Architecture Framework for Information Management metodolojisi baz al?narak “Open Group” taraf?ndan 1995 y?l?nda geli?tirilmi?tir. Her y?l güncellenmektedir.?rün ve kurum ba??ms?zd?r. Ancak a??k sistemler kullan?lan bilgi teknolojileri ortamlar?na daha fazla a??rl?k verilmektedir. TOGAF – The Open Group Architecture FrameworkThe Benefits: A successful enterprise architecture offers your business many benefits and opportunities: The architecture supports both the business strategy and the business model. The architecture is flexible enough to respond to new market requirements and changes. The architecture guarantees an optimum basis for business intelligence. The complexity of the architecture and therefore of the IT is reduced. The advantages and disadvantages of various architectures are known. Business Needs and Challenges: Infrastructure and Security Business Technology Technology Transformation Cost Optimization Global Sourcing CloudComputingCMMIDünya genelinde kabul g?ren?CMMI?yaz?l?m geli?tirme sertifikas?n? almaya giden yol?Rational Software‘den ge?iyorDünya standartlar?nda yaz?l?m geli?tirmek ?o?u yaz?l?m evinin hayalidir. Türkiye’deki yaz?l?m evleri, geli?tirdikleri yaz?l?mlarda dünya standartlar?n? yakalamak i?in büyük bir gayret g?steriyorlar. Yaz?l?m geli?tirmede, proje y?netimi belli bir kaliteyi yakalamak i?in ?ok ?nemli. IBM’in Rational Software ??zümü ise proje y?netimini bir ad?m ?teye ta??yarak, toplam yaz?l?m geli?tirme y?netimini, geli?tiricilere sunuyor.Bireyler i?in MCSE, CCNA sertifikalar? varsa, yaz?l?m evleri i?in de CMMI (Capability Maturity Model Integration) adl? bir sertifika var. Uluslararas? i?lerde firmalar CMMI sertifikas?na sahip yaz?l?m evlerini tercih ediyorlar. Rational Software sundu?u yaz?l?m kalite y?netimi ara?lar? ile bu sertifikan?n al?nmas?n? kolayla?t?r?yor..Büyük Yaz?l?mc?lar?n TercihiRational Software IBM taraf?ndan ge?ti?imiz sene 2.5 milyar dolara sat?n al?nd?. Rational’?n IBM bünyesine ge?mesiyle birlikte IBM Türkiye’de bu ürüne büyük ?nem vermeye ba?lad?. ?u an Türkiye’deKo? Sistem, Akbank, Yap? Kredi, Turkcell, Telsim?gibi büyük firmalarda?ve?savunma sekt?rüne yaz?l?m geli?tiren yaz?l?m firmalar?nda?Rational Software etkin bir ?ekilde kullan?l?yor.IBM’in Türkiye’deki Rational Software stratejisi hakk?nda IBM Sat?? Y?neticisi Server Tanfer ile g?rü?tük. Rational Software’e büyük ?nem verdiklerini belirten Server Tanfer ?unlar? s?yledi: “Rational’da iki türlü büyüme bekliyoruz. Bunlar?n birincisi kapsama alan? olarak büyüme. Bu güne kadar Rational’la hi? tan??mam?? firmalara ula?maya ?al???yoruz. Bununla ilgili olarak Yaz?l?m Mühendisleri Günleri ger?ekle?tirdik. ?nümüzdeki d?nemde kapsama alan? ve mü?teri say?s?nda büyük art?? bekliyoruz. ?kinci büyüme ise teknolojik olarak ürünlerin h?zl? geli?mesinde olacak. IBM bir ?irket sat?n ald??? zaman bilgi aktar?m? yap?yor. Bu bilgi aktar?m? Rational’a da ba?lad?. Bu nedenle ?nümüzdeki d?nem Rational’?n teknolojisi ?ok h?zl? bir ivme ile geli?ecek.”A??rl?k Savunma ve TelekomdaRational Software, bünyesinde?proje y?netimi, yaz?l?m modelleme, kalite y?netimi, kod ve sunum y?netimi, de?i?iklik y?netimi, gereksinim y?netimi?ve?dokümantasyon y?netimi modüllerini?i?eriyor. Bu modüller ister ayr? ayr?, isterse tam paket olarak al?nabiliyor. IBM Rational Software’? kanal üzerinden sat?yor. Rational Software IBM bünyesine kat?lmadan ?nce Türkiye’de Bildem firmas? taraf?ndan temsil ediliyordu. Bildem ?u an IBM ??züm orta?? olarak Rational sat??lar?na devam ediyor. Rational’?n Türkiye’deki en g?zde mü?terileri savunma ve telekom sekt?rüne yaz?l?m geli?tiren firmalar. Bu tarz yaz?l?mlarda hata kabul edilemez oldu?undan dolay?, yaz?l?m y?netimi büyük ?nem ta??yor. Yaz?l?m y?netimi i?in Rational kullanan firmalar, daha etkin ve güvenli yaz?l?mlar geli?tirebiliyorlar.Rational’?n maliyeti kullan?lan modüllere g?re de?i?iyor. Server Tanfer kurulumun ?ekline g?re maliyetin kullan?c? ba??na 1-2 bin dolar seviyelerinden ba?lad???n? belirterek, kurumlara ürün ile ilgili her türlü destek ve dan??manl??? verdiklerini s?ylüyor.Background of CMMILevel1- InitialAt maturity level 1, processes are usually ad hoc and chaotic. The organization usually does not provide a stable environment. Success in these organizations depends on the competence and heroics of the people in the organization and not on the use of proven processes.Maturity level 1 organizations often produce products and services that work; however, they frequently exceed the budget and schedule of their projects.Maturity level 1 organizations are characterized by a tendency to over commit, abandon processes in the time of crisis, and not be able to repeat their past successes.ManagedAt maturity level 2, an organization has achieved all the specific and generic goals of the maturity level 2 process areas. In other words, the projects of the organization have ensured that requirements are managed and that processes are planned, performed, measured, and controlled.The process discipline reflected by maturity level 2 helps to ensure that existing practices are retained during times of stress. When these practices are in place, projects are performed and managed according to their documented plans.At maturity level 2, requirements, processes, work products, and services are managed. The status of the work products and the delivery of services are visible to management at defined mitments are established among relevant stakeholders and are revised as needed. Work products are reviewed with stakeholders and are controlled.The work products and services satisfy their specified requirements, standards, and objectives.DefinedAt maturity level 3, an organization has achieved all the specific and generic goals of the process areas assigned to maturity levels 2 and 3.At maturity level 3, processes are well characterized and understood, and are described in standards, procedures, tools, and methods.A critical distinction between maturity level 2 and maturity level 3 is the scope of standards, process descriptions, and procedures. At maturity level 2, the standards, process descriptions, and procedures may be quite different in each specific instance of the process (for example, on a particular project). At maturity level 3, the standards, process descriptions, and procedures for a project are tailored from the organization’s set of standard processes to suit a particular project or organizational unit. The organization’s set of standard processes includes the processes addressed at maturity level 2 and maturity level 3. As a result, the processes that are performed across the organization are consistent except for the differences allowed by the tailoring guidelines.Another critical distinction is that at maturity level 3, processes are typically described in more detail and more rigorously than at maturity level 2. At maturity level 3, processes are managed more proactively using an understanding of the interrelationships of the process activities and detailed measures of the process, its work products, and its services.Quantittatively ManagedAt maturity level 4, an organization has achieved all the specific goals of the process areas assigned to maturity levels 2, 3, and 4 and the generic goals assigned to maturity levels 2 and 3.At maturity level 4 Subprocesses are selected that significantly contribute to overall process performance. These selected subprocesses are controlled using statistical and other quantitative techniques.Quantitative objectives for quality and process performance are established and used as criteria in managing processes. Quantitative objectives are based on the needs of the customer, end users, organization, and process implementers. Quality and process performance are understood in statistical terms and are managed throughout the life of the processes.For these processes, detailed measures of process performance are collected and statistically analyzed. Special causes of process variation are identified and, where appropriate, the sources of special causes are corrected to prevent future occurrences.Quality and process performance measures are incorporated into the organization.s measurement repository to support fact-based decision making in the future.A critical distinction between maturity level 3 and maturity level 4 is the predictability of process performance. At maturity level 4, the performance of processes is controlled using statistical and other quantitative techniques, and is quantitatively predictable. At maturity level 3, processes are only qualitatively predictable.OptimizingAt maturity level 5, an organization has achieved all the specific goals of the process areas assigned to maturity levels 2, 3, 4, and 5 and the generic goals assigned to maturity levels 2 and 3.Processes are continually improved based on a quantitative understanding of the common causes of variation inherent in processes.Maturity level 5 focuses on continually improving process performance through both incremental and innovative technological improvements.Quantitative process-improvement objectives for the organization are established, continually revised to reflect changing business objectives, and used as criteria in managing process improvement.The effects of deployed process improvements are measured and evaluated against the quantitative process-improvement objectives. Both the defined processes and the organization’s set of standard processes are targets of measurable improvement activities.Optimizing processes that are agile and innovative depends on the participation of an empowered workforce aligned with the business values and objectives of the organization. The organization’s ability to rapidly respond to changes and opportunities is enhanced by finding ways to accelerate and share learning. Improvement of the processes is inherently part of everybody’s role, resulting in a cycle of continual improvement.A critical distinction between maturity level 4 and maturity level 5 is the type of process variation addressed. At maturity level 4, processes are concerned with addressing special causes of process variation and providing statistical predictability of the results. Though processes may produce predictable results, the results may be insufficient to achieve the established objectives. At maturity level 5, processes are concerned with addressing common causes of process variation and changing the process (that is, shifting the mean of the process performance) to improve process performance (while maintaining statistical predictability) to achieve the established quantitative process-improvement objectives.RESOURCES ation_2011_04_05_FINAL.PDF 12-11.pdf Management%202013.10.10%20v0.1.pdf ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download