Cobit, Itil and Cmmi - A Tutorial

1
2005
I nt egr at i ng CMMI
w i t h COBI T
and I TI L
I nt egr at i ng CMMI
w i t h COBI T
and I TI L
Dr . Bi l l Cur t i s
Chi ef Pr oc ess Of f i c er
Chi ef Pr oc ess Of f i c er
2
Agenda
Agenda
1) The I T Spac e 3
2) CMMI and COBI T 7
3) CMMI and I TI L 27
CMM and CMMI are registered with the US Patent and Trademark Office
COBIT is a registered trademark of ISACA
ITIL is a registered trademark of the UK Office of Government Commerce
C
M
M
I T
T
I
C
O
B
L
2
3
Sec t i on 1: The I T Spac e
Sec t i on 1: The I T Spac e
Application
Development
Data and
Operations Center
Service
Desk
IT Strategy
IT-Enabled
Services
4
The St andar ds
The St andar ds
I ndust r y
Sponsor
Gr oup
Par ent
Or g.
St andar d
3
5
Gar t ner s Revi ew of Model s
Gar t ner s Revi ew of Model s
6
CMMI
Domai n
Appl i c at i on Management
Appl i c at i on Management
Application Management
Application
Development
Service
Management
Plan Design Build Operate Deploy Support Optimize Define
Source: ITIL: Application Management (2002, p.7)
4
7
Sec t i on 2: COBI T
Sec t i on 2: COBI T
COBI T:
Control OBjectives for Information and related Technology
3
rd
editionJ uly 2000
Sponsor shi p:
Open standard of IT Governance Institute
Published by ISACA The Information Systems Audit and Control
Association & Foundation
Certified Information Systems Auditor certification 23,000+auditors
Foc us:
IT Governance - How does executive management fulfill its
responsibilities with respect to IT?
Audit of IT operations
Source: COBIT Management Guidelines (2000)
8
Appr oac h t o Usi ng COBI T
Appr oac h t o Usi ng COBI T
Manage I T-r el at ed busi ness r i sk s:
base use on business objectives in the COBIT Framework
select IT processes and controls appropriate for the organization
from the COBIT Control Objectives
operate from the organization business plan
assess procedures and results with COBIT Audit Guidelines
assess status of the organization, identify critical success factors,
measure performance with the COBIT Management Guidelines
To devel op a sound set of pr oc esses:
choose Control Objectives that fit the business objectives
identify industry models that provide guidance for supporting
processes (CMMI, People CMM, ITIL, )
5
9
COBI T Ar c hi t ec t ur e
COBI T Ar c hi t ec t ur e
34 I nf or mat i on Tec hnol ogy c ont r ol obj ec t i ves:
11 planning and organization
6 acquisition and implementation
13 delivery and support
4 monitoring
318 det ai l ed c ont r ol obj ec t i ves & audi t gui del i nes:
3-30 detailed control objectives per process
Eac h I T pr oc ess i s suppor t ed by:
8-10 Critical Success Factors
5-7 Key Goal Indicators
6-8 Key Performance Indicators
10
Eval uat i ng COBI T Pr oc esses
Eval uat i ng COBI T Pr oc esses
Cr i t i c al Suc c ess Fac t or s:
Managements key issues to control and actions to take
Focused on implementing and controlling the right processes
Key Goal I ndi c at or s:
Indicators of whether an IT process has achieved its goals
Focused on monitoring achievement of goals
Key Per f or manc e I ndi c at or s:
Measures of how well an IT process is performing
Focused on monitoring performance to predict goal achievement
6
11
Ar c hi t ec t ur al Compar i son
Ar c hi t ec t ur al Compar i son
Measur es i n Di r ec t i ng
I mpl ement at i on
Key per f or manc e
i ndi c at or s
CMMI COBI T
Pr oc ess Ar eas
Cont r ol obj ec t i ves
Measur es i n Di r ec t i ng
I mpl ement at i on
Key goal
i ndi c at or s
Pr ac t i c e l evel goal s
Cr i t i c al suc c ess
f ac t or s
Pr ac t i c es
Det ai l ed c ont r ol obj ec t i ves
Architectural comparison is suggestive of relationships, but the
mapping between these elements is not exact.
Font sizes indicate relati ve scope of the element between models.
12
COBI Ts Mat ur i t y Model
COBI Ts Mat ur i t y Model
Level 0 Level 0
Non Non- -ex i st ent ex i st ent
Complete lack of recognizable processes
No recognition of issues to be addressed
Level 1 Level 1
I ni t i al I ni t i al
Ad hoc processes developed case by case
Recognition of issues to be addressed
Level 2 Level 2
Repeat abl e Repeat abl e
Similar procedures followed by people
performing the same task, but no training
Level 3 Level 3
Def i ned Def i ned
Standard, documented procedures based on
existing practice with no process assurance
Level 4 Level 4
Managed Managed
Process compliance monitored & measured
Constant improvement, some automation
Level 5 Level 5
Opt i mi sed Opt i mi sed
Processes refined to level of best practice
Automation integrates workflow
7
13
Mat ur i t y Model Types
Or gani zat i onal Si ngl e pr oc ess
D
e
s
c
r
i
p
t
i
v
e
P
r
e
s
c
r
i
p
t
i
v
e
Models that provideasimple
scalefor assigning alevel of
maturity to asingleprocess
based on ageneralized
characterization of its
behavior or results without
requiring that any specific
attributes beimplemented.
Processes areappraised
independently and can be
rated at different levels
Models that provideasimple
scalefor appraising the
attributes of an organization
and assign it to alevel of
maturity based on a
generalized characterization
of its behavior or results
without requiring that specific
processes beimplemented
Models that assign aspecific
set of process attributes to
each maturity level and
requirethat for aprocess to be
rated at aspecific level, all the
attributes at that level and all
lower levels must be
implemented for that process.
Processes areappraised
independently and can be
rated at different levels
Models that assign aspecific
set of process areas to each
maturity level and requirethat
for an organization to berated
at aspecific level, all process
areas at that level and all
lower levels must be
implemented. Each process
areausually contains a
collection of practices for
implementing that process.
Foc us of t he Tr ansf or mat i on
L
e
v
e
l

t
o

W
h
i
c
h

B
e
s
t
P
r
a
c
t
i
c
e
s

A
r
e

C
h
a
r
a
c
t
e
r
i
z
e
d
14
Or gani zat i onal Si ngl e pr oc ess
D
e
s
c
r
i
p
t
i
v
e
P
r
e
s
c
r
i
p
t
i
v
e
Foc us of t he Tr ansf or mat i on
L
e
v
e
l

t
o

W
h
i
c
h

B
e
s
t
P
r
a
c
t
i
c
e
s

A
r
e

C
h
a
r
a
c
t
e
r
i
z
e
d
CMMI
Staged
CMMI
Continuous
COBIT
ITIL Org.
Growth
People
CMM
Crosby Quality
Maturity Grid
ITIL Maturity
Model
8
15
COBI T Mat ur i t y Eval uat i ons
COBI T Mat ur i t y Eval uat i ons
Mat ur i t y c ompar i sons f or eac h I T pr oc ess:
Status of organizations current process
Status of best in class industry process
Status of current industry standard guidelines
Strategic objective for organizational improvement
N
o
n
-
e
x
i
s
t
e
n
t
I
n
i
t
i
a
l
R
e
p
e
a
t
a
b
l
e
D
e
f
i
n
e
d
M
a
n
a
g
e
d
O
p
t
i
m
i
s
e
d
Company
status
Industry
status
Industry
guidelines
Company
objective
AI 7
16
COBI T-MM vs. CMMs
COBI T-MM vs. CMMs
Not mapped t o CMMs vi ew of mat ur i t y:
Level 2 uses local procedures
Level 3 compliance is not left to individuals
Level 4 measurement focused on compliance not stability or
predictability
Weak focus on continual improvement
COBIT-MM is evolving and will include an assessment method
COBI T uses t he c ont i nuous appr oac h
Process focus, not organizational focus
No roadmap for implementation
Conf uses pr oc ess mat ur i t y and audi t abi l i t y
9
17
Pl anni ng & Or gani zat i on1
CMMI L3OEI
Level 3 i ssue
PO4Def i ne t he I T or gani zat i on
and r el at i onshi psdeliver
the right IT services
CMMI no c l ear r ef er ent
Level 3 i ssue
PO3Det er mi ne t ec hnol ogi c al
di r ec t i onexploit current and
emerging technology to achieve
business strategy
Level 3 i ssue
PO2Def i ne t he i nf or mat i on
ar c hi t ec t ur eoptimize the
organization and integration of
information systems
Level 3 i ssue
PO1Def i ne a st r at egi c I T
pl analign IT opportunities
with business requirements and
ensure accomplishment
Pr oc ess Mat ur i t y Fr amew or k COBI T
18
CMMI L2REQM, PPQA
CMMI L3RD, VAL
PO8Ensur e c ompl i anc e w i t h
ex t er nal r equi r ement s
meet legal, regulatory, and
contractual obligations
Peopl e CMM
CMMI OT
Level 3 i ssue
PO7Manage human
r esour c essustain a
motivated, competent workforce
& ensure individual contributions
CMMI GP2.1Pol i c y
Level 2 i ssue
PO6Communi c at e
management ai ms and
di r ec t i onsensure user
awareness of directions
Level 3 i ssue
PO5Manage t he I T
i nvest ment ensure funding
and control of financial
resources
10
19
CMMI L2REQM
CMMI L3RD, TS, VER, VAL
PO11Manage qual i t ymeet IT
customer requirements
CMMI L2REQM, PP, PMC
CMMI L3I PM, RSKM
PO10Manage pr oj ec t sset
priorities and deliver on time and
within budget
CMMI L2PP
CMMI L3RSKM
PO9Assess r i sk ssupport
management decisions and
reduce threats
20
Ac qui si t i on & I mpl ement at i on1
CMMI L3RD, TS AI 4Devel op and mai nt ai n
pr oc edur esensure proper
use of applications and technical
solutions deployed
CMMI L2CM
CMMI L3RD, TS
AI 3Ac qui r e and mai nt ai n
t ec hnol ogy i nf r ast r uc t ur e
provide appropriate platforms to
support business applications
CMMI L2SAM
CMMI L3RD, TS, VA, I PM, I SM
AI 2Ac qui r e and mai nt ai n
appl i c at i on sof t w ar e
provide automated functions to
support business processes
CMMI L2REQM, SAM
CMMI L3RD, TS, RM, DAR,
I SM
AI 1I dent i f y aut omat ed
sol ut i onsensure effective,
efficient approach to satisfy user
requirements
11
21
CMMI L2REQM, CM AI 6Manage c hangesminimize
disruption, unauthorized
changes, and errors
CMMI L3VER, VAL AI 5I nst al l and ac c r edi t
syst emsconfirm that solution
is fit for intended purpose
22
Del i ver y and Suppor t 1
Level 2& 3 i ssue
DS4Ensur e c ont i nuous
ser vi c emake IT services
available and minimize business
impact in case of disruption
CMMI L3RD, TS DS3Manage per f or manc e and
c apac i t yensure that
adequate capacity is available
and used to best effect
CMMI L2SAM
CMMI L3I SM
DS2Manage t hi r d par t y
ser vi c esensure that third
party responsibilities are defined
and met
CMMI L2REQM, PP, PMC
CMMI L3I PM
DS1Def i ne and manage
ser vi c e l evel sestablish a
common understanding of the
level of service required
12
23
Level 3 i ssue
DS8Assi st and advi se
c ust omer sensure problems
experienced by users are
resolved
Peopl e CMM
CMMI L3OT
DS7Educ at e and t r ai n user s
ensure users make effective use
of technology and are aware of
responsibilities
Level 3 i ssue
DS6I dent i f y and al l oc at e
c ost sensure awareness of
costs attributable to IT services
Level 2& 3 i ssue
DS5Ensur e syst em sec ur i t y
safeguard information against
unauthorized use, disclosure,
modification, damage, or loss
24
Peopl e CMMWE DS12Manage f ac i l i t i esprovide
physical environment that
protects people and equipment
against hazards
CMMI L2PP, PMC DS11Manage dat aensure data
remains complete, accurate, and
valid during input, update, and
storage
Level 3 i ssue
DS10Manage pr obl ems and
i nc i dent sensure problems
and incidents are resolved and
causes investigated
CMMI L2CM DS9Manage t he
c onf i gur at i onprevent
unauthorized alteration, verify
existence, provide change mgt.
13
25
Level 3 i ssue
DS13Manage oper at i ons
ensure IT support functions are
performed regularly in an orderly
fashion
26
Moni t or i ng1
Moni t or i ng1
CMMI L2PPQA M4Pr ovi de f or an i ndependent
audi t ensure proper use of
applications and technical
solutions deployed
CMMI L2PPQA M3Obt ai n i ndependent
assur anc eincrease
confidence and trust among IT,
customers, and suppliers
CMMI L2PMC
CMMI L3I PM
M2Assess i nt er nal c ont r ol
adequac yensure
achievement of internal control
objectives for IT processes
CMMI L2PMC M1Moni t or t he pr oc esses
ensure achievement of
performance objectives set for IT
processes
14
27
CMMI -COBI T Cover age
CMMI -COBI T Cover age
CMMI COBI T
CMMI provides for monitoring functions at the
project level, but does not invol ve audit controls
at the organizational level
Moni t or i ng
CMMIs management processes can be translated
to support the management of service levels,
third parties, capacity, problems, and data;
however continuous operation and user support
services are not well covered in CMMI
Del i ver y and
Suppor t
CMMI provides excellent coverage for achieving
acquisition and implementation objectives
Ac qui si t i on and
I mpl ement at i on
CMMI provides light support for achieving
organization-wide objectives, but better support
for objectives with greater project focus such as
requirements, risks, quality, and project mgt.
Pl anni ng and
Or gani zat i on
28
CMMI -COBI T Summar y
CMMI -COBI T Summar y
CMMI and COBI T have di f f er ent obj ec t i ves:
COBIT focuses on governance of all IT functions
CMMI focuses on improving application development processes
CMMI and COBI T ar e c ompl ement ar y:
Use COBIT to appraise overall management of IT
Use CMMI to appraise the maturity of application development
Use CMMI t o gui de t he i mpl ement at i on of
c ont r ol pr oc esses f or :
acquisition and implementation processes
project management processes
some delivery and support processes
15
29
Sec t i on 3: I TI L
Sec t i on 3: I TI L
I TI LInformation Technology Infrastructure Library
Guide for cost-effective use of UK public sector IT resources
Requirements for IT service management
Collection of best practices in IT
Vendor independent
Suppor t i ng or gani zat i ons:
UK Office of Government Commerce
Published by The Stationary Office (London)
itSMFIT Service Management Forumintro book
EXIN, ISEBprofessional certifications in ITIL
30
Internal Processes and Procedures As-is
I TI L
How-to
PD 0005 Overview
I TI L & BS 15000
I TI L & BS 15000
Source: PD 0015 (2000)
BS 15000-2
Code of Practice
Guidance
BS
15000-1
Specification
Aspiration
16
31
I TI L Publ i c at i on Fr amew or k
I TI L Publ i c at i on Fr amew or k
Source: ITIL: Planning to Implement Service Management (2002, p.4)
T
h
e
B
u
s
i
n
e
s
s
T
h
e
T
e
c
h
n
o
l
o
g
y
Planning to Implement Service Management
Application Management
The
Business
Perspective
ICT
Infra-
structure
Management
Service
Management
Service
Support
Service
Delivery
Security
Management
32
I TI L Topi c Ar eas1
Ser vi c e Del i ver y:
Service level management
Financial management for IT services
Capacity management
IT service continuity management
Availability management
Ser vi c e Suppor t :
Service desk
Incident management
Problem management
Change management
Release management
Configuration management
17
33
I CT I nf r ast r uc t ur e Management :
Design and planning
Deployment
Operations
Technical support
Appl i c at i ons Management :
Managing business value
Aligning delivery strategy with business drivers
Application management lifecycle
Organizing roles and functions
Control methods and techniques
34
Pl anni ng t o I mpl ement Ser vi c e Mgt
Sec ur i t y Management
Sof t w ar e Asset Management
The Busi ness Per spec t i ve
18
35
I TI L-Rel at ed Model s
I TI L-Rel at ed Model s
I TI L
HP ITSM Reference Model
IBM IT Process Model
Microsoft MOF
Etc., etc., etc.
36
The I TI L Pr oc esses
The I TI L Pr oc esses
PP, PMC, SAM, I SM, SAM Pr oj ec t Management
Envi r onment al I nf r ast r uc t ur e
Sec ur i t y Management
RM, TS, PI , VE, VA, I SM Appl i c at i on Management
Conf i gur at i on Management Conf i gur at i on Management
Conf i gur at i on Management Change Management
Conf i gur at i on Management Rel ease Management
I nc i dent Management
Ver i f i c at i on, Causal Anal ysi s & Res. Pr obl em Management
Ser vi c e Desk
Ser vi c e Level Management
Capac i t y Management
Fi nanc i al Mgt . f or I T Ser vi c es
Cust omer Rel at i onshi p Management
I CT I nf r ast r uc t ur e Management
CMMI PA I TI L Pr oc ess
Source: ITIL: Service Support (2002, p.11-16)
19
37
Service management
CMMI
domai n
Application development
Appl i c at i on Mgt . Li f ec yc l e
Appl i c at i on Mgt . Li f ec yc l e
Requirements
Requirements
Operate
Operate
Design
Design
Build
Build
Deploy
Deploy
Optimize
Optimize
38
I TI L-AM: Requi r ement s
I TI L-AM: Requi r ement s
RD-Analyze and validate requirements
Establish operational concepts & scenarios
Establish definition of required functionality
Analyze requirements
Analyze requirements to achieve balance
Validate reqts with comprehensive models
RD-Develop product requirements
Establish product & product-component reqts.
Allocate product-component reqts.
Identify interface requirements
RD-Develop customer requirements
Elicit needs
Develop the customer requirements
RM-Manage requirements:
Obtain understanding of requirements
Obtain commitment to requirements
Manage requirements changes
Maintain bi-directional traceability
Identify inconsistencies between project work and
requirements
Functional requirements
Non-functional requirements
Usability requirements
Change cases
Testing requirements
Requirements management checklist
Organization of the requirements team
CMMI I TI L Appl i c at i on Management
Source: ITIL: Application Management (2002), CMMI (2003)
20
39
I TI L-AM: Desi gn
I TI L-AM: Desi gn
TS-Implement the product design
Implement the design
Develop product support documentation
TS-Develop the design
Design the product or product component
solution
Establish a technical data package
Design interfaces using criteria
Perform make, buy, or reuse analyses
TS-Select product component
solutions
Develop detailed alternatives and selection
criteria
Evolve operational concepts & scenarios
Select product component solutions
Design for non-functional
requirements/manageability
Risk-dri ven scheduling
Managing tradeoffs
Application-independent design
guidelines and application
frameworks
Design management checklist
Problems with design guidelines
Testing the requirements
Organization of the design team
Source: ITIL: Application Management (2002) ), CMMI (2003)
40
I TI L-AM: Bui l d1
I TI L-AM: Bui l d1
PI-Assemble product deliver product
confirmreadiness for integration
Assemble product components
Evaluate assembled components
Package and deliver the product or
component
PI-Ensure interface compatibility
Review interface description for
completeness
Manage interfaces
PI-Prepare for product integration
Determine integration sequence
Establish the integration environment
Establish integration procedures and criteria
Consistent coding conventions
Application-independent building
guidelines
Operability testing
Build management checklist
Organization of the build team
21
41
I TI L-AM: Bui l d2
I TI L-AM: Bui l d2
VE-Analyze selected work products
Perform verification
Analyze verification results and identify
corrective action
VE-Perform peer reviews
Prepare for peer reviews
Conduct peer reviews
Analyze peer review data
VE-Prepare for verification
Select work products for verification
Establish the verification environment
Establish verification procedures and criteria
Consistent coding conventions
Application-independent building
guidelines
Operability testing
Build management checklist
Organization of the build team
42
I TI L-AM: Depl oy
I TI L-AM: Depl oy
Organization of the deployment team
Deployment management checklists
Pilot deployments
Distributing applications
Approving the deployment
Planning the deployment
Source: ITIL: Application Management (2002)
22
43
I TI L-AM: Oper at e
I TI L-AM: Oper at e
Organization of the operations team
Operations management checklist
Benefits of an application
Application state
Day-to-day maintenance activities to
maintain service levels
44
I TI L-AM: Opt i mi ze
I TI L-AM: Opt i mi ze
Organization of the optimization team
Optimization management checklist
Application review process
23
45
Ser vi c e Del i ver y Pr oc esses
Availability
Management
Capacity
Management
Service Level
Management
Financial
Management
Continuity
Management
Alerts &
exceptions,
Changes
Requirements
Targets,
Achievements
46
I TI L-SD: Ser vi c e Level Mgt .
I TI L-SD: Ser vi c e Level Mgt .
PP SG 3 Service level agreement
OPF, OID Service improvement program
PMC Monitor and report service delivery
PP SG 3 Operational level agreements
REQM, RD Service level requirements
Service catalogue
PP Planning service delivery
CMMI I TI L Ser vi c e Del i ver y
Source: ITIL: Service Deli very (2001)
24
47
I TI L-SD: Fi nanc i al Mgt .
I TI L-SD: Fi nanc i al Mgt .
Managing variances
Financial operation and reporting
Implementing IT financial mgt
Planning IT financial mgt
IT charging system
IT accounting system
Budgeting
48
I TI L-SD: Capac i t y Mgt .
I TI L-SD: Capac i t y Mgt .
Capacity planning
Application sizing
QPM Modeling
Demand management
Implementation
OPP, OID Tuning
OPP Analysis
PMC SG1 Monitoring
Resource capacity management
Service capacity management
Business capacity management
25
49
I TI L-SD: Cont i nui t y Mgt .1
VER Initial testing
OPD, TS Develop procedures
RSKM Implement risk reduction measures
PP Develop recovery plans
Implement standby arrangements
PP Org. and implementation planning
Business continuity strategy
RSKM Risk assessment
Business impact analysis
Initiate business continuity mgt.
50
VAL, PPQA Assurance
OT Training
CM Change management
Tuning
VER, PPQA Review and audit
OT Education and awareness
26
51
I TI L-SD: Avai l abi l i t y Mgt .
I TI L-SD: Avai l abi l i t y Mgt .
PP Availability planning
PMC SG2 Availability problem prevention
PMC SG2 Availability problem detection
PMC SG1 Monitoring and trend analysis
MA Availability measures and reporting
REQM Availability targets
CAR Failure impact analysis
REQM, RD Availability requirements
52
Ser vi c e Suppor t Pr oc esses
Ser vi c e Suppor t Pr oc esses
Incident
Management
Problem
Management
Change
Management
Release
Management
Configuration
Management
Incidents
Changes
Releases
Configuration
Management
Repository
27
53
I TI L-SS: I nc i dent Mgt .
I TI L-SS: I nc i dent Mgt .
Ownership, monitoring, tracking, and
communication
Incident closure
Resolution and recovery
Investigation and diagnosis
Classification and initial support
Incident detection and recording
CMMI I TI L Ser vi c e Suppor t
Source: ITIL: Service Support (2000)
54
I TI L-SS: Pr obl em Mgt .
I TI L-SS: Pr obl em Mgt .
Problem/error resolution recording
VER SP3.2 Error closure
VER SP3.2 Error resolution recording
VER SP3.2 Error assessment
VER SP3.2 Error identification and recording
VER SP3.2, CAR SP1.2 Problem investigation and diagnosis
CAR SP1.1 Problem classification
Problem identification and recording
28
55
I TI L-SS: Conf i gur at i on Mgt .
I TI L-SS: Conf i gur at i on Mgt .
Configuration management service
CM SP1.2 CMDB backups, archives, and
housekeeping
CM SP3.2 Configuration verification and audit
CM SP3.1 Configuration status accounting
CM SP1.2, SP2.2 Control of configuration items
CM SP1.1 Configuration identification
CM GP2.2 Configuration management planning
56
I TI L-SS: Change Mgt .1
CM SP2.2 Change building, testing, and
implementation
CM SP2.2 Change scheduling
CM SP2.2 Change approval
CM SP2.1 Impact and resource assessment
CM SP2.2 Change Advisory Board meetings
CM SP2.1 Change categorization
CM SP2.1 Allocation of priorities
CM SP2.1 Change logging and filtering
CM GP2.2 Planning the implementing of
operational processes
29
57
CM GP2.4 Roles and responsibilities
CM GP2.8, GP2.9, P2.10 Reviewing the change management
process for efficiency & effectiveness
CM SP2.2 Change review
CM SP2.2 Urgent change building, testing, and
implementation
CM SP2.2 Urgent change scheduling
58
I TI L-SS: Rel ease Mgt .
I TI L-SS: Rel ease Mgt .
Distribution and installation
Communication, preparation, and
training
CM GP2.2 Rollout planning
VE SP3.1 Release acceptance
CM SP1.3 Designing, building, and configuring a
release
CM GP2.2 Release planning
30
59
I CT I nf r ast r uc t ur e Mgt .
I CT I nf r ast r uc t ur e Mgt .
Source: ITIL: ICT Infrastructure Management (2002, p.9)
Desi gn and pl anni ng Depl oyment Oper at i on
Tec hni c al suppor t
60
I TI L-I CT: Desi gn & Pl anni ng
I TI L-I CT: Desi gn & Pl anni ng
Review progress of the plan
Design and implement a plan
Define desired state
Review current position
Strategic management
CMMI I TI L I CT I nf r ast r uc t ur e Mgt .
Source: ITIL: ICT Infrastructure Management (2002)
31
61
I TI L-I CT: Depl oyment
I TI L-I CT: Depl oyment
Handover
Rollout phase
VER Acceptance testing
TS Build phase
IPM Working environments
TS Design phase
62
I TI L-I CT: Oper at i on
I TI L-I CT: Oper at i on
Proacti ve operational mgt. processes
Manage support operating processes
ICT operational security
Storage mgt., backup, &recovery
Workload, output, resilience testing
management, & schedules
Operational control and management
Manage ICT infrastructure events
32
63
I TI L-I CT: Tec hni c al Suppor t
I TI L-I CT: Tec hni c al Suppor t
PP SG 2 Document management
SAM, ISM Supplier management
Research and development
64
BS 15000 Pr oc esses
BS 15000 Pr oc esses
Cont r ol Pr oc esses
Configuration Management
Change Management
Rel ease
Pr oc ess
Release Management
Resol ut i on
Pr oc esses
Incident Management
Problem Management
Rel at i onshi p
Pr oc esses
Business
Relationship
Management
Supplier Management
Capacity Management
Service Continuity
and Availability
Management
Information
Security
Management
Budgeting and
Accounting for
IT Services
Service Level
Management
Service Reporting
Source: BS 15000-2: Service Management (2003)
33
65
Mat ur i t y of I T Or gani zat i ons
Mat ur i t y of I T Or gani zat i ons
Technology Stage 1
Product/Service Stage 2
Customer focus Stage 3
Business focus Stage 4
Value chain Stage 5
high
low
I
n
f
l
u
e
n
c
e

o
n

t
h
e

b
u
s
i
n
e
s
s
Organization Growth Model
66
I TI Ls Mat ur i t y Model
I TI Ls Mat ur i t y Model
Pr oc ess has st r at egi c obj ec t i ves t hat ar e
i nst i t ut i onal i zed, sel f -c ont ai ned i mpr ovement s
c r eat i ng a pr e-empt i ve c apabi l i t y.
5
Opt i mi zed
Pr oc ess f ul l y ac c ept ed i n I T, w i t h t ar get s based on
busi ness goal s. Pr oac t i ve and i nt egr at ed w i t h
ot her I T ser vi c e management pr oc esses
4
Managed
Doc ument ed pr oc ess w i t h pr oc ess ow ner , but no
f or mal r ec ogni t i on of i t s r ol e i n I T.
Cl ear l y def i ned and oc c asi onal l y pr oac t i ve
3
Def i ned
Pr oc ess ac t i vi t i es ar e unc oor di nat ed, w i t hout
di r ec t i on, f oc used on pr oc ess ef f ec t i veness.
Def i ned pr oc esses and pr oc edur es, l ar gel y r eac t i ve
2
Repeat -
abl e
Li t t l e pr oc ess management ac t i vi t y.
Loosel y def i ned pr oc esses and pr oc edur es, t ot al l y
r eac t i ve, i r r egul ar unpl anned ac t i vi t i es
1
I ni t i al
Char ac t er i zat i on Level
Source: ITIL: Planning to Implement Service Management (2002, p.187-190)
34
67
I T-Busi ness Al i gnment
I T-Busi ness Al i gnment
Business objectives should
be reflected in all levels of IT. Key Business
Drivers
Service Level
Requirements
Operational Level
Requirements
Process
Requirements
Skill
Requirements
Technology
Requirements
Application
Characteristics
Data
Characteristics
Infrastructure
Characteristics
Business
Function
IT Service
IT System
IT Processes
IT People
Technology
Applications
Data
Infrastructure
SLAs
OLAs
St r at egi c
Al i gnment
Obj ec t i ves
Model
(SOAM)
68
Ret hi nk i ng I ssues by Level
Ret hi nk i ng I ssues by Level
Pr oj ec t l evel c onf i gur at i on management i ssues i n
CMMI spac e may bec ome or gani zat i onal i ssues i n I T
Tr ansac t i on i nt egr i t y New
i ssue
Level 2 l oc al uni t
Level 3 ser vi c e-w i de
Level 2 - pr oj ec t Level
Not under l oc al c ont r ol
(di f f er ent f unc t i onal uni t s)
Under l oc al c ont r ol
(pr oj ec t )
Cont r ol
Ser vi c e c omponent s
(syst em c omponent s,
ser vi c e pr oc esses, f or ms,
t r ai ni ng, et c .)
Syst em c omponent s,
doc ument at i on, t ool s,
envi r onment , et c .
Cont ent
I T CMMI CM
35
69
Usi ng I TI L and CMMI
Usi ng I TI L and CMMI
I TI L and CMMI best appl y t o di f f er ent par t s of
t he I T or gani zat i on:
Use CMMI in application development
Use CMMI in ICT Infrastructure projects
Use ITIL in IT operations and services
The pr obl emser vi c e l evel appl i c at i on
ac t i vi t i es:
Option 1treat each modification/enhancement as a project
CMMI (may require translation)
Option 2treat the service level agreement as a projectCMMI
(requires translation)
Option 3treat the service level agreement as a serviceITIL
70
Summar y
Summar y
CMMI , COBI T, and I TI L (BS 15000) pr ovi de
c ompl ement ar y model s f or di f f er ent I T
f unc t i ons:
Use CMMI and ITIL to implement practices that support COBIT
control objectives
Apply CMMI or ITIL to appropriate parts of the IT organization
Select appraisal/certification methods based on appropriateness
of fit to the IT processes to be assessed
Dr aw f r om al l st andar ds w hen desi gni ng and
i mpl ement i ng pr oc esses t o ensur e a mor e
c ompl et e and r obust i mpl ement at i on
36
71
Rel evant Websi t es
Rel evant Websi t es
w w w .i t gi .or g I T Gover nanc e I nst i t ut e
w w w .i sac a.or g I nf or mat i on Syst ems Audi t and Cont r ol Assoc .
w w w .i t i l .c o.uk UK Of f i c e of Gover nment Commer c e
w w w .i t smf .c om I T Ser vi c e Management For um
w w w .sei .c mu.edu Sof t w ar e Engi neer i ng I nst i t ut e
w w w .ndi a.or g Nat i onal Def ense I ndust r i al Assoc .
72
Bill Curtis is the Chief Process Officer of Borland Software Corp. Prior to its
acquisition by Borland, he was the Co-founder and Chief Scientist of
TeraQuest in Austin, Texas. He is a former Director of the Software
Process Program in the Software Engineering Institute at Carnegie Mellon
University. He is a co-author of the Capability Maturity Model for Software,
and is the principal architect of the People CMM. Prior to joining the SEI,
Dr. Curtis directed research on advanced user interface technologies and
the software design process at MCC, developed a global software
productivity and quality measurement system at ITTs Programming
Technology Center, evaluated software development methods in GE Space
Division, and taught statistics at the University of Washington.
P.O. Box 126079
9108 Benview Court
Fort Worth, Texas 76126-0079
1-817-228-2994
curtis@borland.com

Cobit, Itil and Cmmi - A Tutorial

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cobit, Itil and Cmmi - A Tutorial

Uploaded by

Copyright:

Available Formats

1

You might also like