Aligning COBIT 4.1, ITIL V3 and ISO 27002The new ITGI/OGC guide is intended to help companies achieve maximum governance and value in a down economy.
In the current economy, enterprises worldwide are struggling to achieve growth and governance at an affordable cost without compromising the business, its customers, and the integrity and security of their information systems. To help them accomplish this daunting task, the nonprofit, independent IT Governance Institute (ITGI), in conjunction with the UK Office of Government Commerce (OGC), has released Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit, a complimentary, 131 page guide on how to use these frameworks and standards together for maximum governance and value.
This guidance helps enterprises implement effective and transparent governance without reinventing the wheel, said Gary Hardy, CGEIT, a founder of the ITGI COBIT Steering Committee, in a written statement. Enterprises should use COBIT as an overall control framework to focus on priority areas and quick wins and ITIL and ISO/IEC 27002 to provide more detailed guidance regarding service management and security. This will ensure both breadth and depth of governance that is efficient to deploy.
Control Objectives for Information and related Technology (COBIT) is a globally accepted set of tools organized into a framework that executives and IT professionals at all organizations can use to ensure IT is helping them achieve their goals and objectives. Based on industry standards and best practices, COBIT enables enterprises to direct IT for optimal advantage, reduce IT-related risks and increase confidence in the information provided by IT. It enables clear policy development and good practice for IT management, increases the value organizations can attain from IT and helps manage compliance. COBIT 4.1 is freely available for download from www.itgi.org.
Developed by the OGC, ITIL (IT Infrastructure Library) is the most widely accepted best practice for IT service management. Version 3 consists of 27 detailed processes organized into five high-level processes described in five core publications. ITIL V3 also introduced the concept of the service life cycle, which is described in the sixth ITIL publication.
Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 27002:2005 provides a standard for developing and maintaining security standards and management practice to improve information security management.
Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 is of particular value for enterprises that are undergoing change or restructure.
In merger and acquisition situations, the mappings of COBIT to other frameworks and standards, including ITIL and ISO/IEC 27002, are especially helpful, said Robert Stroud, international VP of ITGI and IT governance evangelist at CA, in a written statement. If the other organization involved uses a different standard or guidance, the mapping clarifies how processes from both organizations fit together.