Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan

Save this PDF as:

Size: px
Start display at page:

Download "Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan"

Transcription

1 Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan

2 You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A Globalization Siloed Projects Heterogeneity Direct Costs Indirect Costs New Risk Exposure Business Process Architecture IT Process and Governance Compliance Management Best Practices Drive Cost DOWND 2006 Gartner, Inc. All Rights Reserved.

3 Roles and Views Set Different Targets Audience CEO CFO Challenges Regulatory Compliance Visibility and Alignment Operational Efficiency Risk Minimization CIO VP IT VP OPS Management Processes and Audit Performance Explicit, Repeatable and Enforceable Traceable, Secure Development, Project, Operations Managers Project and Operational Execution Coordination, Control, Integration 2006 Gartner, Inc. All Rights Reserved.

4 Foundations of Excellence: Repeatable Processes Governance Management Assess, Prioritize and Charter Operate and Monitor Development Design, Develop, Enhance and Integrate Assure and Deliver Production Acceptance 2006 Gartner, Inc. All Rights Reserved.

5 Regulatory Compliance Processes Will Entwine IT Control and Risk Frameworks SAS 70 (Service Org. Controls) ITIL (Best Practices) ISO (Security Policies and Controls) COBIT (Key Processes for Internal Audits ) PMBoK, Prince2 (Project Management) CMMi (Capability Maturity Model Integration) 2006 Gartner, Inc. All Rights Reserved.

6 Regulatory Compliance Processes Will Entwine IT Control and Risk Frameworks CobiT Processes for Regulatory Compliance 2006 Gartner, Inc. All Rights Reserved. Manage Operations Manage Risks and Controls Manage Reliability Manage Records and Data Manage Systems Manage Change DS 2 Manage third-party services DS 7 Educate and train users DS 13 Manage operations PO 9 Assess risks PO 8 Ensure external compliance M1 Monitor M2 Assess internal-control adequacy DS 10 Problems and incidents DS 5 Ensure system security DS 11 Manage data PO 2 Define IT architecture DS 9 Manage the configuration PO 5 Manage the IT investment AI 4 Develop and maintain procedures AI 6 Manage change PO 11 Manage quality AI 5 Install and accredit systems

7 Change Request Initiation and Control (AI 6.1) Ensure that all requests for changes, system maintenance and supplier maintenance are standardized and are subject to formal change management procedures. Categorize and prioritize changes. Put specific procedures in place to handle urgent matters. Keep change requestors informed about request status. Originators Service Desk Change Board Implementers 2006 Gartner, Inc. All Rights Reserved.

8 Impact Assessment (AI 6.2) Ensure that all requests for change are assessed in a structured way for all possible impacts on the operational system and its functionality. Business units, development (or other implementers) and production have to be involved in impact assessments Governance processes have to balance the legitimate interests of all parties Resource constraints have to be explicitly recognized Application portfolio management can significantly enhance capabilities 2006 Gartner, Inc. All Rights Reserved. Risk Value

9 Control of Changes (AI 6.3) Properly integrate change management and software control and distribution with a comprehensive configuration management system. Automate the system used to monitor changes to application systems to support the recording and tracking of changes made to large, complex information systems. VERSION + TRACK AND NOTIFY + AUTOMATE 2006 Gartner, Inc. All Rights Reserved.

10 Emergency Changes (AI 6.4) Establish parameters defining emergency changes. Establish procedures to control these changes when they circumvent the normal process of technical, operational and management assessment prior to implementation. Record the emergency changes and have them authorized by IT management prior to implementation. Monitor the proportion of emergencies Police the use of the emergency process Capture afterward in normal processes 2006 Gartner, Inc. All Rights Reserved.

11 Documentation and Procedures (AI 6.5) Whenever system changes are implemented, ensure that the associated documentation and procedures are updated accordingly. Causes of Unplanned Application Downtime Operator Errors 40% 20% 40% Technology Failures Application Failures 2006 Gartner, Inc. All Rights Reserved.

12 Authorized Maintenance (AI 6.6) Ensure that maintenance personnel have specific assignments and that their work is properly monitored. Control system access rights to avoid risks of unauthorized access to automated systems. Responsibility Traceability Separation of Duties Develop or Assemble Development Process Test and Integration Acceptance Process Production Preproduction 2006 Gartner, Inc. All Rights Reserved. Development Production

13 Software Release Policy (AI 6.7) Ensure that the release of software is governed by formal procedures ensuring signoff, packaging, regression testing, handover, etc. Responsibility Traceability Separation of Duties Develop or Assemble Development Process Test and Integration Acceptance Process Production Preproduction 2006 Gartner, Inc. All Rights Reserved. Development Production

14 Recommendations Seek excellence in software development processes (eg. change and configuration management) to reduce the cost of compliance. Promote process discipline from a service-level issue to a corporate risk issue. Understand that IT management needs will accelerate the convergence of control and administration. Plan for audit standards, particularly in regulated industries, to be elevated as best attainable practice is identified Gartner, Inc. All Rights Reserved.

15 Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan

16 Business Unit or Product Name Comply, Improve, Transform: Regulatory Compliance Management for Software Development Robyn Gold Market Manager, Rational Compliance Solutions 2004 IBM Corporation

17 Business Unit or Product Name Before we begin... IBM s customer is responsible for ensuring its own compliance with legal requirements. It is the customer s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. CORPORATE OVERVIEW 2003 IBM Corporation

18 Business Unit or Product Name Compliance for software development organizations Say what you do Establish a compliant development process Business controls and workflow Technical controls and workflow Approvals, authorizations, quality gates, separation of duties Do what you say Automate enforcement of your process Process guidance, automated workflow, tooldirected behavior Be able to prove it Automate the generation of audit documentation Leverage compliance for business advantage Analyze project metrics and process metrics Iteratively improve CORPORATE OVERVIEW 2003 IBM Corporation

19 Business Unit or Product Name A Sample Compliant Project Flow CEO CIO/ Portfolio Mgr. Business Business Issue Issue Raised Raised by by Audit Audit Risks Risks Assessed Assessed Proposal Proposal Defined Defined Project Project Estimated Estimated and and Approved Approved Architect Solution Solution Designed Designed Development Manager Release Release Scheduled Scheduled Team Lead Developer Functionality Functionality Built Built Quality Manager Release Completed Audit Evaluate Evaluate Audit Audit Package Package sign-off Release Deployed For Test sign-off Release Verified sign-off sign-off Business CORPORATE OVERVIEW Development Operations 2003 IBM Corporation

20 Business Unit or Product Name Step one: Define a compliant development process Project Governance Questions How do projects get approved? Funded? What criteria is used to prioritize, save and kill projects? What authorizations are required, by whom, and when? Who assigns resources? Technology Governance Questions Who is authorized to access technical assets? How do software changes get approved? How is software validated? By whom? When? What approvals are required, where and by whom? What are audit package requirements? Where is the change package stored, and for how long? CORPORATE OVERVIEW 2003 IBM Corporation

21 Business Unit or Product Name Defining a compliant process Rational Method Composer and Portfolio Manager 6.2 Process Engineer Rational Unified Process Practitioner Project Manager Rational Portfolio Manager Process Advisor Method Library Published Configurations Process Templates CORPORATE OVERVIEW 2003 IBM Corporation

22 Business Unit or Product Name Step two: Do what you say Create an audit-ready infrastructure that minimizes developer burden and maximizes team collaboration Automated workflow Make it easy to do the right thing Enforce separation of duties Build in quality and approval gates Traceability Verify that validated requirements drive results Auditability Capture the Who, what, when, why of all software deliverables Ensure that only authorized personnel have contributed to software updates Support forensic analysis Validation Validate that deliveries meet requirements Verify completeness and accuracy of software builds New GUI button Enhanced Bug 849 audit trail 1. Select activity 2. Checkout & edit files 3. Compile and link IBM Rational Software Development Platform 5. Check in changes 4. Test changes CORPORATE OVERVIEW 2003 IBM Corporation

23 Business Unit or Product Name Step 3: Be able to prove it Project proposal submitted for planning and assessment Project approval authorizes effort Audit report confirms delivery steps Compliance is like the emperor s wife: you must not only be virtuous, but be seen to be virtuous. CORPORATE OVERVIEW 2003 IBM Corporation

24 Business Unit or Product Name Compliance: The foundation for good IT governance IT Executive Value Manage Risk Prioritize Compliance Initiatives Evaluate and Mitigate Risks Reducing regulatory compliance risk is the first step toward establishing a strategic framework for IT governance. Monitor Remediation Track Development / Compliance Metrics Instantiate Controls Operationalize Best Practices Minimize Overhead Automate Compliant Development Flows Enable Business Transformation Restructure Processes Optimize Execution Time IBM Rational Portfolio Manager CORPORATE OVERVIEW 2003 IBM Corporation

25 Business Unit or Product Name Summary Compliance is a software development imperative Mandates both business and technology controls over the software lifecycle Best controls = least intrusive Controls provide the foundation for IT governance Compliance is both a requirement and an opportunity to drive fundamental improvements in software development maturity. CORPORATE OVERVIEW 2003 IBM Corporation

26 Business Unit or Product Name Customer success Volkswagen AG TTI Telecom Unisys Acuity Viveo ToolObject Assurant Health Ludwig Gortz Thomson Financial 20% productivity increase Improved time-to-market by 50% Estimated savings of $2 million per year 25-40% improvement in cycle time % improvement in productivity 25-60% cost savings 15% higher profitability 46% higher employee productivity 60% reduction in development cycles Projects delivered on-time 30% under budget 25% increase in employee satisfaction Pilot project costs reduced 50% CORPORATE OVERVIEW 2003 IBM Corporation

27 Business Unit or Product Name For more information IBM Rational Compliance Solutions software/info/developer/solutions/compliance Success stories Datasheets and brochures Whitepapers Demos How to contact an IBM Rational representative software/info/developer/solutions CORPORATE OVERVIEW 2003 IBM Corporation

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck How to Ensure IT Compliance Without Compromising Innovation Nik Teshima, IBM Phil Odence, Black Duck Black Duck 2013 Speakers Phil Odence VP of Business Development Black Duck Software Nik Teshima Senior

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

Leveraging Sarbanes-Oxley (SOX) to Build Better Practices

Leveraging Sarbanes-Oxley (SOX) to Build Better Practices Leveraging Sarbanes-Oxley (SOX) to Build Better Practices Powering Strategies and Managing Risks Using SOX compliance to build disciplined, repeatable, and auditable practices. Running a successful business

More information

ITIL's IT Service Lifecycle - The Five New Silos of IT

ITIL's IT Service Lifecycle - The Five New Silos of IT The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its

More information

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments. Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover

More information

Implement a unified approach to service quality management.

Implement a unified approach to service quality management. Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional

More information

IBM asset management solutions White paper. Using IBM Maximo Asset Management to manage all assets for hospitals and healthcare organizations.

IBM asset management solutions White paper. Using IBM Maximo Asset Management to manage all assets for hospitals and healthcare organizations. IBM asset management solutions White paper Using IBM Maximo Asset Management to manage all assets for hospitals and healthcare organizations. September 2007 2 Contents 2 Executive summary 3 Introduction

More information

Applying ITIL v3 Best Practices

Applying ITIL v3 Best Practices white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version

More information

Select the right configuration management database to establish a platform for effective service management.

Select the right configuration management database to establish a platform for effective service management. Service management solutions Buyer s guide: purchasing criteria Select the right configuration management database to establish a platform for effective service management. All business activities rely

More information

Address IT costs and streamline operations with IBM service request and asset management solutions.

Address IT costs and streamline operations with IBM service request and asset management solutions. Service management solutions To support your IT objectives Address IT costs and streamline operations with IBM service request and asset management solutions. Highlights Help service desk technicians become

More information

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation

More information

Enhance visibility into and control over software projects IBM Rational change and release management software

Enhance visibility into and control over software projects IBM Rational change and release management software Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software

More information

How Technology Supports Project, Program and Portfolio Management

How Technology Supports Project, Program and Portfolio Management WHITE PAPER: HOW TECHNOLOGY SUPPORTS PROJECT, PROGRAM AND PORTFOLIO MANAGEMENT SERIES 4 OF 4 How Technology Supports Project, Program and Portfolio Management SEPTEMBER 2007 Enrico Boverino CA CLARITY

More information

Bridging Development and Operations: The Secret of Streamlining Release Management

Bridging Development and Operations: The Secret of Streamlining Release Management Bridging Development and Operations: The Secret of Streamlining Release Management Mark Levy, Product Manager Serena Software SERENA SOFTWARE INC. Release Management Goal Deploy application changes into

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

Making Compliance Work for You

Making Compliance Work for You white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by

More information

October 7, 2011. Presented to. The PMI Washington DC Chapter. Pedro Agosto. Director of Client Services, XA Systems, LLC. pedro.agosto@xasystems.

October 7, 2011. Presented to. The PMI Washington DC Chapter. Pedro Agosto. Director of Client Services, XA Systems, LLC. pedro.agosto@xasystems. October 7, 2011 Presented to The PMI Washington DC Chapter By Pedro Agosto Director of Client Services, XA Systems, LLC pedro.agosto@xasystems.com Introduction Re-evaluating IT Services Today s Challenges

More information

Compliance Management, made easy

Compliance Management, made easy Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one

More information

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Based on 2008 Survey of 255 Non-IT CEOs/Executives Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is

More information

Integrating Project Management and Service Management

Integrating Project Management and Service Management Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming

More information

Practical Approaches to Achieving Sustainable IT Governance

Practical Approaches to Achieving Sustainable IT Governance Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions

More information

Life Cycle Models, CMMI, Lean, Six Sigma Why use them?

Life Cycle Models, CMMI, Lean, Six Sigma Why use them? Life Cycle Models, CMMI, Lean, Six Sigma Why use them? John Walz IEEE Computer Society, VP for Standards QuEST Forum Best Practices Conference Track 3 What, Where, How & Why Monday, 24-Sep-07, 4:30 5:30

More information

Global Delivery Excellence Best Practices for Improving Software Process and Tools Adoption. Sunil Shah Technical Lead IBM Rational

Global Delivery Excellence Best Practices for Improving Software Process and Tools Adoption. Sunil Shah Technical Lead IBM Rational Global Delivery Excellence Best Practices for Improving Software Process and Tools Adoption Sunil Shah Technical Lead IBM Rational Agenda Organization s Challenges from a Delivery Perspective Introduction

More information

IBM Software Integrated Service Management: Visibility. Control. Automation.

IBM Software Integrated Service Management: Visibility. Control. Automation. IBM Software Integrated Service Management: Visibility. Control. Automation. Enabling service innovation 2 Integrated Service Management: Visibility. Control. Automation. Every day, the world is becoming

More information

Driving Your Business Forward with Application Life-cycle Management (ALM)

Driving Your Business Forward with Application Life-cycle Management (ALM) Driving Your Business Forward with Application Life-cycle Management (ALM) Published: August 2007 Executive Summary Business and technology executives, including CTOs, CIOs, and IT managers, are being

More information

Healthcare systems make effective use of IT

Healthcare systems make effective use of IT SETLabs Briefings September 2008 IT Applications for Healthcare: Leverage Processes for High Quality By Ravishankar N An integrated process framework derived from industry models can help address compliance,

More information

Leveraging RUP, OpenUP, and the PMBOK. Arthur English, GreenLine Systems

Leveraging RUP, OpenUP, and the PMBOK. Arthur English, GreenLine Systems Software Project Management Leveraging RUP, OpenUP, and the PMBOK Arthur English, GreenLine Systems GreenLine Systems Inc. 2003 2013 My Background 30+ years of IT project management experience with both

More information

Identity Management: Bringing the People Component to ITIL

Identity Management: Bringing the People Component to ITIL Identity Management: Bringing the People Component to ITIL This article appeared in INNOVATION: The Convergence of Information Technology and Business, published by BMC Software. INNOVATION: THE CONVERGENCE

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER Regulatory compliance. Server virtualization. IT Service Management. Business Service Management. Business Continuity planning.

More information

Change Management Best Practices

Change Management Best Practices General Change Management Best Practices Practice Area Best Practice Criteria Organization Change management policy, procedures, and standards are integrated with and communicated to IT and business management

More information

Harnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP

Harnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP Harnessing the power of software-driven innovation Martin Nally IBM Rational CTO IBM Fellow and VP We have entered a new wave of innovation Innovation The Industrial Revolution Age of Steam and Railways

More information

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen ICTEC IT Services Issues 3.4.2008 IT Services? IT Services include (for example) Consulting, IT Strategy, IT Architecture, Process, Software Software development, deployment, maintenance, operation, Custom

More information

HP ITSM Assessment Services Helping you reach the levels of service your business requires

HP ITSM Assessment Services Helping you reach the levels of service your business requires HP ITSM Assessment Services Helping you reach the levels of service your business requires HP ITSM Assessment Services are designed to help you achieve the IT service levels your business requires by reducing

More information

Emptoris Contract Management Solution for Healthcare Providers

Emptoris Contract Management Solution for Healthcare Providers Emptoris Contract Management Solution for Healthcare Providers An Emptoris White Paper Emptoris, an IBM Company www.emptoris.com CMS-HP-4/12 Emptoris Contract Management Solution for Healthcare Providers

More information

A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS

A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS Sushma Mishra Virginia Commonwealth University mishras@vcu.edu Heinz Roland Weistroffer Virginia Commonwealth

More information

LANDesk Service Desk. Outstanding IT Service Management Made Easy

LANDesk Service Desk. Outstanding IT Service Management Made Easy LANDesk Service Desk Outstanding IT Service Management Made Easy Deliver Outstanding IT Services to Employees, Citizens and Customers LANDesk Service Desk enables organizations to deliver outstanding IT

More information

The role of integrated requirements management in software delivery.

The role of integrated requirements management in software delivery. Software development White paper October 2007 The role of integrated requirements Jim Heumann, requirements evangelist, IBM Rational 2 Contents 2 Introduction 2 What is integrated requirements management?

More information

ITIL V3 AND THE SERVICE LIFECYCLE PART I THE MISSING COMPONENT

ITIL V3 AND THE SERVICE LIFECYCLE PART I THE MISSING COMPONENT ITIL V3 AND THE SERVICE LIFECYCLE PART I THE MISSING COMPONENT PLANVIEW INC. BACKGROUND IT departments continually have tremendous demands placed on them to manage new initiatives, projects, incidents,

More information

Provide access control with innovative solutions from IBM.

Provide access control with innovative solutions from IBM. Security solutions To support your IT objectives Provide access control with innovative solutions from IBM. Highlights Help protect assets and information from unauthorized access and improve business

More information

ITSM vs EA KAOS 10.3.2014

ITSM vs EA KAOS 10.3.2014 ITSM vs EA KAOS ITSM vs EA SH Needs Business Goals 2 GOVERNANCE EVALUATE PLANNING ITSM IMPROVING OPERATING Business Programs Projects DEVELOPING EA IMPLEMENTING IT service - ITIL 3 Lifecycle approach Service

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

ITIL v3 Service Manager Bridge

ITIL v3 Service Manager Bridge ITIL v3 Service Manager Bridge Course Length: 5 Days Course Overview This 5 day hands on, certification training program enables ITIL Version 2 certified Service Managers to upgrade their Service Manager

More information

Complimentary Relationship Between ITIL and PMBOK

Complimentary Relationship Between ITIL and PMBOK CSC NORTH AMERICAN PUBLIC SECTOR Complimentary Relationship Between ITIL and PMBOK August Chantilly Luncheon Linda Budiman, PMP ITIL Business Process Architect ITIL Service Manager, COBIT certified 8/20/2008

More information

How to Maximise ROI and drive IT Governance with Visual Studio Team System

How to Maximise ROI and drive IT Governance with Visual Studio Team System How to Maximise ROI and drive IT Governance with Visual Studio Team System The Power of an Integrated ALM Solution Julio Fernández-Gayoso Sales manager for Development Tools Western European Microsoft

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

HP and netforensics Security Information Management solutions. Business blueprint

HP and netforensics Security Information Management solutions. Business blueprint HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization

More information

Key Benefits of Microsoft Visual Studio Team System

Key Benefits of Microsoft Visual Studio Team System of Microsoft Visual Studio Team System White Paper November 2007 For the latest information, please see www.microsoft.com/vstudio The information contained in this document represents the current view

More information

Leveraging ITIL Foundational Controls to Achieve SOX Compliance. ISACA San Francisco Fall Conference September 17 th, 2007

Leveraging ITIL Foundational Controls to Achieve SOX Compliance. ISACA San Francisco Fall Conference September 17 th, 2007 Leveraging ITIL Foundational Controls to Achieve SOX Compliance ISACA San Francisco Fall Conference September 17 th, 2007 Agenda for today Introductions & Objectives IT Priorities Overview of Sarbanes-Oxley

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

PUB (MPI) 1-62 Reference: Gartner Scorecard

PUB (MPI) 1-62 Reference: Gartner Scorecard Information Requests Round 1 PUB (MPI) 1-62 Reference: Gartner Scorecard PUB/MPI 2-23 2013 GRA a) Please file an update to the response to Gartner s recommendations provided at PUB/MPI 2-23 from last year

More information

Introduction to ITIL for Project Managers

Introduction to ITIL for Project Managers CSC NORTH AMERICAN PUBLIC SECTOR Introduction to ITIL for Project Managers May Chantilly Luncheon Linda Budiman, PMP ITILv2 & ITILv3 Process Architect ITIL Service Manager, CobiT certified 5/13/2008 8:08:45

More information

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance CITY OF HOUSTON Executive Order E.O. No: 1-44 Effective Date: December 20, 2012 1. AUTHORITY 1.1 Article VI, Section 7a, of the City Charter of the City of Houston. 2. PURPOSE 2.1 The City of Houston seeks

More information

Five CIO challenges addressed by better change management.

Five CIO challenges addressed by better change management. Enterprise change management White paper June 2009 Five CIO challenges addressed by better change management. Dominic Tavassoli, IBM Page 2 Contents 2 Introduction 2 Lower the cost of managing change and

More information

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment. Security Services A Solution for Providing BPM of Security Services within the Enterprise Environment. First steps towards Next Generations Operations (OPS) to drive Gross Margin Dear security colleagues,

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

How do you manage the growing complexity of software development? Is your software development organization as responsive to your business needs as

How do you manage the growing complexity of software development? Is your software development organization as responsive to your business needs as How do you manage the growing complexity of software development? Is your software development organization as responsive to your business needs as it could be? Borland Core SDP enables your IT organization

More information

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions

More information

Address IT costs and streamline operations with IBM service desk and asset management.

Address IT costs and streamline operations with IBM service desk and asset management. Asset management and service desk solutions To support your IT objectives Address IT costs and streamline operations with IBM service desk and asset management. Highlights Help improve the value of IT

More information

Evolving from Financial Compliance to Next Generation GRC. Gary Prince Principal Solution Specialist - GRC

Evolving from Financial Compliance to Next Generation GRC. Gary Prince Principal Solution Specialist - GRC Evolving from Financial Compliance to Next Generation GRC Gary Prince Principal Solution Specialist - GRC Agenda Business Challenges Oracle s Leadership in Governance, Risk and Compliance Solution Overview

More information

Realizing business flexibility through integrated SOA policy management.

Realizing business flexibility through integrated SOA policy management. SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished

More information

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business.

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business. White Paper: AlfaPeople ITSM 2013 This whitepaper discusses how ITIL 3.0 can benefit your business. Executive Summary Imagine trying to run a manufacturing business without a comprehensive and detailed

More information

An introduction to the benefits of Application Lifecycle Management

An introduction to the benefits of Application Lifecycle Management An introduction to the benefits of Application Lifecycle Management IKAN ALM increases team productivity, improves application quality, lowers the costs and speeds up the time-to-market of the entire application

More information

San Francisco Chapter. Cassius Downs Network Edge LLC

San Francisco Chapter. Cassius Downs Network Edge LLC Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 The 12 Rules 1. EXERCISE Rule #1: Exercise boosts brain

More information

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013 TM ComplianceSP TM on SharePoint Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013 Overview With increasing pressure on costs and margins across Life Sciences, the industry

More information

Best practices in demand management, project lifecycle management, and application lifecycle management

Best practices in demand management, project lifecycle management, and application lifecycle management Best practices in demand management, project lifecycle management, and application lifecycle management How HP PPM Center and ResultsPositive create improved business outcomes through visibility into business

More information

Enterprise Service Management (ESM)

Enterprise Service Management (ESM) Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

Achieving Regulatory Compliance through Security Information Management

Achieving Regulatory Compliance through Security Information Management www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations

More information

Proving Control of the Infrastructure

Proving Control of the Infrastructure WHITE paper The need for independent detective controls within Change/Configuration Management page 2 page 3 page 4 page 6 page 7 Getting Control The Control Triad: Preventive, Detective and Corrective

More information

ITIL Service Lifecycles and the Project Manager

ITIL Service Lifecycles and the Project Manager 1 ITIL Service Lifecycles and the Project Manager The intersection of IT Service and Project Delivery Presented to: Kansas City Mid-America PMI Chapter Mark Thomas January 17, 2011 1 Agenda 2 Introduction

More information

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained The Future of Best Practices in IT Service Management - ITIL Version 3 Explained Reg Harbeck CA Monday, August 13, 2007 Session 1455 ITIL V3: The Processes Governance Processes: Service Measurement Service

More information

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements WHITE PAPER Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements TABLE OF CONTENTS Executive Summary 2 Sarbanes-Oxley Section 404 Internal Controls 3 IT Involvement

More information

Published April 2010. Executive Summary

Published April 2010. Executive Summary Effective Incident, Problem, and Change Management Integrating People, Process, and Technology in the Datacenter Published April 2010 Executive Summary Information technology (IT) organizations today must

More information

Is ITIL right for you? Understand the benefits of Implementing ITIL Processes

Is ITIL right for you? Understand the benefits of Implementing ITIL Processes Is ITIL right for you? Understand the benefits of Implementing ITIL Processes What I ve seen in the Industry De facto set of best practices for IT Service Management Adoption growing at a steady rate ITIL

More information

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface. iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management

More information

Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions

Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions Tim Ruzbacki, Sr. Process Consultant MKS Software Inc. 4 th Annual CMMI Technology Conference, Denver CO

More information

IT Service Management ITIL, COBIT

IT Service Management ITIL, COBIT IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service

More information

ITIL. Lifecycle. www.alctraining.com.my. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition

ITIL. Lifecycle. www.alctraining.com.my. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition Take your ITIL skills to the next level ITIL Lifecycle ITIL Intermediate: Part of the complete ITIL Education Program Advance your career Add value to your organisation Gain credits towards ITIL Expert

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

White Paper. Change Management: A CA IT Service Management Process Map

White Paper. Change Management: A CA IT Service Management Process Map White Paper Change Management: A CA IT Service Management Process Map Peter Doherty Senior Consultant, Technical Service, CA, Inc. Peter Waterhouse Director, Business Service Optimization, CA Inc. June

More information

Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations

Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations White Paper September 2009 Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations Page 2 Contents 2 Executive

More information

ROUTES TO VALUE. Business Service Management: How fast can you get there?

ROUTES TO VALUE. Business Service Management: How fast can you get there? ROUTES TO VALUE Business Service : How fast can you get there? BMC Software helps you achieve business value quickly Each Route to Value offers a straightforward entry point to BSM; a way to quickly synchronize

More information

Asset management guidelines

Asset management guidelines Asset management guidelines 1 IT asset management (ITAM) overview Objective Provide a single, integrated view of agency assets in order to allow agencies to identify the asset location and assess the potential

More information

The Mandate for Lights-Out IT Management

The Mandate for Lights-Out IT Management The Mandate for Lights-Out IT Management By Jim Metzler, Cofounder, Webtorials Editorial/Analyst Division Introduction Businesses on a worldwide basis are under increasing competitive pressure to become

More information

Governing the Control and Delivery of Change in IT

Governing the Control and Delivery of Change in IT Governing the Control and Delivery of Change in IT An MKS White Paper By: Gary Guttridge Principal Change Manage IT Ltd. Page 1 of 19 1. INTRODUCTION When a business requirement passes along the application

More information

ITIL v3 Process Cheat Sheets

ITIL v3 Process Cheat Sheets CEB Infrastructure Leadership Council ITIL v3 Process Cheat Sheets 2014 CEB. All rights reserved. IEC8051414SYN 1 ITIL v3 Process Cheat Sheets The ITIL v3 process cheat sheets include a definition, description

More information

How to Deliver Measurable Business Value with the Enterprise CMDB

How to Deliver Measurable Business Value with the Enterprise CMDB How to Deliver Measurable Business Value with the Enterprise CMDB James Moore jdmoore@us.ibm.com Product Manager, Business Service, Netcool/Impact 2010 IBM Corporation Agenda What is a CMDB? What are CMDB

More information

MKS Integrity & CMMI. July, 2007

MKS Integrity & CMMI. July, 2007 & CMMI July, 2007 Why the drive for CMMI? Missed commitments Spiralling costs Late delivery to the market Last minute crunches Inadequate management visibility Too many surprises Quality problems Customer

More information

ISO 20000-1:2005 Requirements Summary

ISO 20000-1:2005 Requirements Summary Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service

More information

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA White Paper Achieving HIPAA Compliance through Security Information Management White Paper / HIPAA Contents Executive Summary... 1 Introduction: Brief Overview of HIPAA... 1 The HIPAA Challenge: Protecting

More information

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation. Risk mitigation for business resilience White paper A comprehensive, best-practices approach to business resilience and risk mitigation. September 2007 2 Contents 2 Overview: Why traditional risk mitigation

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements

More information

Moving from Paper to Electronic Records: Hardwiring Compliance into Product Development Using technology to incorporate quality system regulation

Moving from Paper to Electronic Records: Hardwiring Compliance into Product Development Using technology to incorporate quality system regulation P T C. c o m White Paper Medical Devices Page 1 of 8 Moving from Paper to Electronic Records: Hardwiring Compliance into Product Development Using technology to incorporate quality system regulation Abstract

More information

WHITE PAPER Configuration and Change Management for IT Compliance and Risk Management: The Tripwire Approach

WHITE PAPER Configuration and Change Management for IT Compliance and Risk Management: The Tripwire Approach WHITE PAPER Configuration and Change Management for IT Compliance and Risk Management: The Tripwire Approach Sponsored by: Tripwire Frederick W. Broussard November 2007 Vivian Tero EXECUTIVE SUMMARY Global

More information

NetIQ FISMA Compliance & Risk Management Solutions

NetIQ FISMA Compliance & Risk Management Solutions N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a

More information

White paper September 2009. Realizing business value with mainframe security management

White paper September 2009. Realizing business value with mainframe security management White paper September 2009 Realizing business value with mainframe security management Page 2 Contents 2 Executive summary 2 Meeting today s security challenges 3 Addressing risks in the mainframe environment

More information

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them? SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT

More information