ITIL, COBIT, CMMI

ITIL, COBIT, TOGAF and CMMI are very large subjects. Also they are related the each other. In this homework, they will be explained shortly and separately to make more understandable.

What is Information Systems Management (ISM)?

Information Systems Management (ISM) is the application of information technology to support the major functions and activities of either a private sector business or public sector institution. In the past, organizations recognized the importance of managing resources such as labor, capital, and raw materials. Today, it is widely accepted that managing the information resource is very often equally important. ISM supports the process of collection, manipulation, storage, distribution and utilization of an organization's information resources.

The Information Systems Management undergraduate major is a multi-disciplinary major that focuses on the fusion of information systems, technology, and business management for two purposes: the use of information systems to solve business problems and the management of technology, which includes new product development and enterprise management.

The vast majority of information systems are developed for and used by people in functional areas (e.g., manufacturing, human resources, accounting, finance and marketing). To develop information systems that address the needs of the organization, ISM professionals must possess a solid mix of business and technical knowledge. They must understand organizational structures, objectives, operations (including processes and the flows of data between processes) and the financial implications related to these factors. Only by understanding these factors can an ISM professional communicate effectively with users and then design systems that support their needs.

ISM managers and professionals must stay up-to-date with evolving information technologies and have a solid foundation of technical skills to select appropriate technologies and to implement computer-based information systems. Thus, ISM people must be well versed in topics such as systems development tools and techniques, information architecture, network configurations, databases, and systems integration.

CMMI (Capability Maturity Model Integration)

As the organization behind the Capability Maturity Model Integration (CMMI), a process improvement framework that guides organizations in high-performance operations, the CMMI Institute is working to build upon CMMI’s success, advance the state of the practice, accelerate the development and adoption of best practices, and provide new and evolved solutions to meet the emerging needs of businesses around the world. The institute also leads the People Capability Maturity Model and the Data Management Maturity Model frameworks.

The CMMI Institute supports the worldwide adoption of its solutions in small and large organizations alike in a variety of industries, including aerospace, finance, health services, software, defense, transportation, and telecommunications.

Background on CMMI

The Capability Maturity Model Integration (CMMI®) is a world-class performance improvement framework for competitive organizations that want to achieve high-performance operations. Building upon an organization’s business performance objectives, CMMI provides a set of practices for improving processes, resulting in a performance improvement system that paves the way for better operations and performance. More than any other approach, CMMI doesn’t just help you to improve your organizational processes. CMMI also has built-in practices that help you to improve the way you use any performance improvement approach, setting you up to achieve a positive return on your investment.

CMMI does not provide a single process. Rather, the CMMI framework models what to do to improve your processes, not define your processes. CMMI is designed to compare an organization’s existing processes to proven best practices developed by members of industry, government, and academia; reveal possible areas for improvement; and provide ways to measure progress. The result? CMMI helps you to build and manage performance improvement systems that fit your unique environment.

Maturity levels in CMMI for Development

There are five maturity levels. Maturity level ratings are awarded for levels 2 through 5. The process areas below and their maturity levels are listed for the CMMI for Development model:

Maturity Level 2 - Managed

·         CM - Configuration Management

·         MA - Measurement and Analysis

·         PMC - Project Monitoring and Control

·         PP - Project Planning

·         PPQA - Process and Product Quality Assurance

·         REQM - Requirements Management

·         SAM - Supplier Agreement Management

Maturity Level 3 - Defined

·         DAR - Decision Analysis and Resolution

·         IPM - Integrated Project Management

·         OPD - Organizational Process Definition

·         OPF - Organizational Process Focus

·         OT - Organizational Training

·         PI - Product Integration

·         RD - Requirements Development

·         RSKM - Risk Management

·         TS - Technical Solution

·         VAL - Validation

·         VER - Verification

Maturity Level 4 - Quantitatively Managed

·         OPP - Organizational Process Performance

·         QPM - Quantitative Project Management

Maturity Level 5 - Optimizing

·         CAR - Causal Analysis and Resolution

·         OPM - Organizational Performance Management

Maturity levels in CMMI for Services

The process areas below and their maturity levels are listed for the CMMI for Services model:

Maturity Level 2 - Managed

·         CM - Configuration Management

·         MA - Measurement and Analysis

·         PPQA - Process and Product Quality Assurance

·         REQM - Requirements Management

·         SAM - Supplier Agreement Management

·         SD - Service Delivery

·         WMC - Work Monitoring and Control

·         WP - Work Planning

Maturity Level 3 - Defined

·         CAM - Capacity and Availability Management

·         DAR - Decision Analysis and Resolution

·         IRP - Incident Resolution and Prevention

·         IWM - Integrated Work Managements

·         OPD - Organizational Process Definition

·         OPF - Organizational Process Focus

·         OT - Organizational Training

·         RSKM - Risk Management

·         SCON - Service Continuity

·         SSD - Service System Development

·         SST - Service System Transition

·         STSM - Strategic Service Management

Maturity Level 4 - Quantitatively Managed

·         OPP - Organizational Process Performance

·         QWM - Quantitative Work Management

Maturity Level 5 - Optimizing

·         CAR - Causal Analysis and Resolution

·         OPM - Organizational Performance Management

Maturity levels in CMMI for Acquisition

The process areas below and their maturity levels are listed for the CMMI for Acquisition model:

Maturity Level 2 - Managed

·         AM - Agreement Management

·         ARD - Acquisition Requirements Development

·         CM - Configuration Management

·         MA - Measurement and Analysis

·         PMC - Project Monitoring and Control

·         PP - Project Planning

·         PPQA - Process and Product Quality Assurance

·         REQM - Requirements Management

·         SSAD - Solicitation and Supplier Agreement Development

Maturity Level 3 - Defined

·         ATM - Acquisition Technical Management

·         AVAL - Acquisition Validation

·         AVER - Acquisition Verification

·         DAR - Decision Analysis and Resolution

·         IPM - Integrated Project Management

·         OPD - Organizational Process Definition

·         OPF - Organizational Process Focus

·         OT - Organizational Training

·         RSKM - Risk Management

Maturity Level 4 - Quantitatively Managed

·         OPP - Organizational Process Performance

·         QPM - Quantitative Project Management

Maturity Level 5 - Optimizing

·         CAR - Causal Analysis and Resolution

·         OPM - Organizational Performance Management

COBIT

COBIT aims "to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals". COBIT, initially an acronym for "Control objectives for information and related technology" (though before the release of the framework people talked of "COBIT" as "Control Objectives for IT), defines a set of generic processes for the management of IT. The framework defines each process together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model. The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes.

COBIT provides a set of recommended best practices for governance and control process of information systems and technology with the essence of aligning IT with business. COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL.

The COBIT Framework

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.

The process focus of COBIT 4.1 is illustrated by a process model that subdivides IT into four domains (Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed, IT standards and good practices such as COSO, ITIL, BISL, ISO 7000, CMMI, TOGAF and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.

 

Components of COBBIT

·         Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements

·         Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.

·         Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.

·         Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes

·         Maturity models: Assess maturity and capability per process and helps to address gaps.

 

ISO/IEC 20000

·         ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfill agreed service requirements.

·         ISO/IEC 20000-1:2011 can be used by:

·         an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled;

·         an organization that requires a consistent approach by all its service providers, including those in a supply chain;

·         a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfill service requirements;

·         a service provider to monitor, measure and review its service management processes and services;

·         a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS;

·         an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.

 

ITIL (Information Technology Infrastructure Library)

ITIL is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITIL 2011 edition), ITIL is published as a series of five core volumes, each of which covers a different ITSM lifecycle stage. Although ITIL underpins ISO/IEC 20000 (previously BS15000), the International Service Management Standard for IT service management, there are some differences between the ISO 20000 standard and the ITIL framework.

ITIL describes processes, procedures, tasks, and checklists which are not organization-specific, but can be applied by an organization for establishing integration with the organization's strategy, delivering value, and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement.

 

                         Characteristics of the 2011 Edition of ITIL

            ITIL 2011 is an update to the ITIL framework that addresses significant additional guidance with the definition of formal processes which were previously implied but not identified, as well as correction of errors and inconsistencies. Twenty-six processes are listed in ITIL 2011 edition and described below, along with which core publication provides the main content for each process. The 2011 edition consists of five core publications – Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement.

1.   ITIL Service Strategy: understands organizational objectives and customer needs

2.   ITIL Service Design: turns the service strategy into a plan for delivering the business objectives

3.   ITIL Service Transition: develops and improves capabilities for introducing new services into supported environments

4.   ITIL Service Operation: manages services in supported environments

5.   ITIL Continual Service Improvement: achieves services incremental and large-scale improvements

Continual Service Improvement

Continual service improvement, defined in the ITIL continual service improvement volume, aims to align and realign IT services to changing business needs by identifying and implementing improvements to the IT services that support the business processes. It incorporates many of the same concepts articulated in the Deming Cycle of Plan-Do-Check-Act. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. To manage improvement, CSI should clearly define what should be controlled and measured.

COBIT versus ITIL

COBIT and ITIL have been used by information technology professionals in the IT service management (ITSM) space for many years. Used together, COBIT and ITIL provide guidance for the governance and management of IT-related services by enterprises, whether those services are provided in-house or obtained from third parties such as service providers or business partners.

Enterprises need to govern and manage their information and related technology assets and resources, and those arrangements customarily include both internal and external services to satisfy specific stakeholder needs. COBIT 5 aims primarily to guide enterprises on the implementation, operation and, where required, improvement of their overall arrangements relating to governance and management of enterprise IT (GEIT). ITIL provides guidance and good practice for IT service providers for the execution of IT service management from the perspective of enabling business value.

COBIT 5 describes the principles and enablers that support an enterprise in meeting stakeholder needs, specifically those related to the use of IT assets and resources across the whole enterprise. ITIL describes in more detail those parts of enterprise IT that are the service management enablers (process activities, organizational structures, etc.).

Generally speaking:

·           COBIT is broader than ITIL in its scope of coverage (GEIT). It is based on five principles (meeting stakeholder needs; covering the enterprise end to end; applying a single, integrated framework; enabling a holistic approach; and separating governance from management) and seven enablers (principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies).

· ITIL focuses on ITSM and provides much more in-depth guidance in this area, addressing five stages of the service life cycle:  service strategy, service design, service transition, service operation and continual service improvement. Also, COBIT and ITIL are well aligned in their approach to ITSM. The COBIT 5 Process Reference Model, as documented in COBIT 5:  Enabling Processes, maps closely to the ITIL v3 2011 stages.

The distinction between the two is sometimes described as “COBIT provides the ‘why’; ITIL provides the ‘how.’” While catchy, that view is simplistic and seems to force a false “one or the other” choice. It is more accurate to state that enterprises and IT professionals who need to address business needs in the ITSM area would be well served to consider using both COBIT and ITIL guidance. Leveraging the strengths of both frameworks, and adapting them for their use as appropriate, will aid in solving business problems and supporting business goals achievement.

COBIT versus CMMI

SOURCES

-       ISM - https://tm.soe.ucsc.edu/undergraduates

-       CMMI - http://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration

http://cmmiinstitute.com/about-cmmi-institute

-       COBIT - http://en.wikipedia.org/wiki/COBIT

-       ISO 20000 - http://en.wikipedia.org/wiki/ISO/IEC_20000

-       ITIL - http://en.wikipedia.org/wiki/ITIL

-       COBIT VS ITIL VS CMMI - http://www.slideshare.net/seveman/cobit-itil-and-cmmi-a-tutorial