There are a lot of things out there that claim to be representing "best practice". Here is a brief list of the management systems or approaches that are commonly mentioned:
ISO 12207: aims to be 'the' standard that defines all the tasks required for developing and maintaining software.
ISO 20000: describes the best practices for service management
ISO 27001: specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS
ISO 9001: set of requirements for a quality management system.
ISO 13485: requirements for a comprehensive management system for the design and manufacture of medical devices.
ISO 15504: Software Process Improvement and Capability dEtermination is a "framework for the assessment of processes".
COBIT: a set of best practices (framework) for information technology (IT) management
ITIL: a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations.
GAMP: a series of Good Practice Guides on several topics involved in drug manufacturing
CMMI: a process improvement approach that provides organizations with the essential elements of effective processes.
COSO: a common definition of internal controls, standards, and criteria against which companies and organizations can assess their control systems
So what are the differences? Well as you may deduce, there not that many real differences underlying these publications. Some focus on service management, and others on software development, and others on system or process controls, but in their efforts to broaden their appeal, they actually overlap to such an extent that they can often be mapped process for process - the only real difference is the language used to describe the tasks.
Here is a typical example of mapping between ITILv2 and COBITv4. And remembering that ISO20000 is derived from ITIL, then there is a map from COBIT to ISO20000.
So whichever system you choose to adopt, you can make a fairly safe bet that you will also be covering many of the requirements from the other models.
| ITIL Process | COBIT | ||
| Process | Control Objective | COBIT Process | |
| SERVICE LEVEL MANAGEMENT | DS 1 | DS 1.0 | Define and Manage Service Levels |
| The SLM Process | DS 1 | DS 1.1 | Service Level Agreement Framework |
| Planning the Process | DS 1 | DS 1.2 | Aspects of Service Level Agreements |
| Implementing the Process | DS 1 | DS 1.2 | Aspects of Service Level Agreements |
| The On-going Process | DS 1 | DS 1.5 | Review of Service Level Agreements and Contracts |
| SLA contents and key targets | DS 1 | DS 1.2 | Aspects of Service Level Agreements |
| Key Performance Indicators and metrics for SLM efficiency and effectiveness | DS 1 | DS 1.4 | Monitoring and Reporting |
| FINANCIAL MANAGEMENT FOR IT SERVICES | PO 5 | PO 5.0 | Manage the IT Investment |
| Budgeting | PO 5 | PO 5.1 | Annual IT Operating Budget |
| Developing the IT Accounting system | PO 5 | PO 5.1 | Annual IT Operating Budget |
| Developing the Charging System | DS 6 | DS 6.2 | Costing Procedures |
| Planning for IT Accounting and Charging | DS 6 | DS 6.1 | Chargeable Items |
| Implementation | DS 6 | DS 6.0 | Identify and Allocate Costs |
| Ongoing management and operation | DS 6 | DS 6.3 | User Billing and Chargeback Procedures |
| CAPACITY MANAGEMENT | DS 2 | DS 2.0 | Manage Third-Party Services |
| The Capacity Management process | DS 3 | DS 3.0 | Manage Performance and Capacity |
| Activities in Capacity Management | DS 3 | DS 3.7 | Capacity Management of Resources |
| Costs, benefits and possible problems | DS 3 | DS 3.7 | Capacity Management of Resources |
| Planning and implementation | DS 3 | DS 3.0 | Manage Performance and Capacity |
| Review of the Capacity Management process | DS 3 | DS 3.3 | Monitoring and Reporting |
| Interfaces with other SM processes | n.a. | n.a. | n.a. |
| IT Service Continuity Management | DS 4 | DS 4.0 | Ensure Continuous Service |
| Scope of ITSCM | DS 4 | DS 4.1 | IT Continuity Framework |
| The Business Continuity Lifecycle | DS 4 | DS 4.1 | IT Continuity Framework |
| Management Structure | DS 4 | DS 4.1 | IT Continuity Framework |
| Generating awareness | DS 4 | DS 4.1 | IT Continuity Framework |
| Interfaces with other SM processes | n.a. | n.a. | n.a. |
| AVAILABILITY MANAGEMENT | DS 4 | DS 4.0 | Ensure Continuous Service |
| Basic concepts | DS 4 | DS 4.2 | IT Continuity Plan Strategy and Philosophy |
| The Availability Management Process | DS 4 | DS 4.0 | Ensure Continuous Service |
| The Cost of (Un)Availability | PO 9 | PO 9.4 | Assess Risks |
| Availability Planning | DS 3 | DS 3.2 | Availability Plan |
| Availability improvement | DS 4 | DS 4.4 | Minimising IT Continuity Requirements |
| Availability measurement and reporting | DS 3 | DS 3.3 | Monitoring and Reporting |
| Availability Management tools | DS 3 | DS 3.4 | Modeling Tools |
| Availability Management methods and techniques | DS 3 | DS 3.0 | Manage Performance and Capacity |
| THE SERVICE DESK | DS 8 | DS 8.0 | Assist and Advise Customers |
| Overview | DS 8 | DS 8.1 | Help Desk |
| Implementing a Service Desk infrastructure | DS 8 | DS 8.1 | Help Desk |
| Service Desk technologies | n.a. | n.a. | n.a. |
| Service Desk responsibilities, functions, staffing levels etc | PO 4 | PO 4.4 | Roles and Responsibilities |
| Service Desk staffing skill set | PO 7 | PO 7.4 | Personnel Training |
| Setting up a Service Desk environment | PO 8 | PO 8.1 | External Requirements Review |
| Service Desk education and training | PO 7 | PO 7.4 | Personnel Training |
| Service Desk processes and procedures | DS 8 | DS 8.0 | Assist and Advise Customers |
| Incident reporting and review | DS 5 | DS 5.10 | Violation and Security Activity Reports |
| INCIDENT MANAGEMENT | DS 10 | DS 10.0 | Manage Problems and Incidents |
| Goal of Incident Management | DS 10 | DS 10.0 | Manage Problems and Incidents |
| Scope of Incident Management | DS 10 | DS 10.1 | Problem Management System |
| Basic concepts | DS 10 | DS 10.1 | Problem Management System |
| Benefits of Incident Management | DS 10 | DS 10.1 | Problem Management System |
| Planning and implementation | DS 10 | DS 10.1 | Problem Management System |
| Incident Management activities | DS 10 | DS 10.3 | Problem Tracking and Audit Trail |
| Handling of major Incidents | DS 10 | DS 10.2 | Problem Escalation |
| Roles of the Incident Management process | DS 10 | DS 10.0 | Manage Problems and Incidents |
| Key Performance Indicators | DS 10 | DS 10.3 | Problem Tracking and Audit Trail |
| Tools | DS 10 | DS 10.1 | Problem Management System |
| PROBLEM MANAGEMENT | DS 10 | DS 10.0 | Manage Problems and Incidents |
| Goal of Problem Management | DS 10 | DS 10.0 | Manage Problems and Incidents |
| Scope of Problem Management | DS 10 | DS 10.1 | Problem Management System |
| Basic concepts | DS 10 | DS 10.1 | Problem Management System |
| Benefits of Problem Management | DS 10 | DS 10.1 | Problem Management System |
| Planning and implementation | DS 10 | DS 10.1 | Problem Management System |
| Problem control activities | DS 10 | DS 10.3 | Problem Tracking and Audit Trail |
| Error control activities | DS 10 | DS 10.3 | Problem Tracking and Audit Trail |
| Proactive Problem Management | DS 8 | DS 8.5 | Trend Analysis and Reporting |
| Providing information to the support organisation | DS 8 | DS 8.5 | Trend Analysis and Reporting |
| Metrics | DS 10 | DS 10.0 | Manage Problems and Incidents |
| Roles within Problem Management | DS 10 | DS 10.0 | Manage Problems and Incidents |
| CONFIGURATION MANAGEMENT | DS 9 | DS 9.0 | Manage the Configuration |
| Goal of Configuration Management | DS 9 | DS 9.0 | Manage the Configuration |
| Scope of Configuration Management | DS 9 | DS 9.0 | Manage the Configuration |
| Basic concepts | DS 9 | DS 9.1 | Configuration Recording |
| Benefits and possible problems | DS 9 | DS 9.1 | Configuration Recording |
| Planning and implementation | DS 9 | DS 9.1 | Configuration Recording |
| Activities | DS 9 | DS 9.0 | Manage the Configuration |
| Process control | DS 9 | DS 9.0 | Manage the Configuration |
| Relations to other processes | n.a. | n.a. | n.a. |
| Tools specific to the Configuration Management process | n.a. | n.a. | n.a. |
| Impact of new technology | n.a. | n.a. | n.a. |
| Guidance on Configuration Management | n.a. | n.a. | n.a. |
| CHANGE MANAGEMENT | AI 6 | AI 6.0 | Manage Changes |
| Goal of Change Management | AI 6 | AI 6.0 | Manage Changes |
| Scope of Change Management | AI 6 | AI 6.0 | Manage Changes |
| Basic concepts | AI 6 | AI 6.1 | Change Request Initiation and Control |
| Benefits, costs and possible problems | AI 6 | AI 6.2 | Impact Assessment |
| Activities | AI 6 | AI 6.0 | Manage Changes |
| Planning and implementation | AI 6 | AI 6.0 | Manage Changes |
| Metrics and management reporting | AI 6 | AI 6.2 | Impact Assessment |
| Software tools | AI 6 | AI 6.3 | Control of Changes |
| Impact of new technology | n.a. | n.a. | n.a. |
| RELEASE MANAGEMENT | AI 6 | AI 6.0 | Manage Changes |
| Goal of Release Management | AI 6 | AI 6.7 | Software Release Policy |
| Scope of Release Management | AI 6 | AI 6.7 | Software Release Policy |
| Basic concepts | AI 6 | AI 6.7 | Software Release Policy |
| Benefits and possible problems | AI 6 | AI 6.7 | Software Release Policy |
| Planning and implementation | AI 6 | AI 6.7 | Software Release Policy |
| Process control | AI 6 | AI 6.7 | Software Release Policy |
| Relations to other processes | n.a. | n.a. | n.a. |
| Tools specific to the Release Management process | n.a. | n.a. | n.a. |
| Guidance for successful Release Management | AI 6 | AI 6.7 | Software Release Policy |
No comments:
Post a Comment