SPICE for IT-Governance



Similar documents
CMMI meets ITIL. Dr. Ute Streubel

How To Develop A Car

COBIT Helps Organizations Meet Performance and Compliance Requirements

Certified Software Quality Assurance Professional VS-1085

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

IT Governance Implementation Workshop

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC to fit the future of service management

Implementing COBIT based Process Assessment Model for Evaluating IT Controls

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Requirements Management Practice Description

How to Upgrade SPICE-Compliant Processes for Functional Safety

ITIL Foundation Certification Course

IT Service Management in Practice

TIPA : services based on standards

Automotive SPICE 3.0 What is new and what has changed? Fabio Bella Klaus Hoermann Bhaskar Vanamali Steffen Herrmann Markus Müller Dezember 2015

Securing external suppliers and supply chains: the ISF approach

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

Revised October 2013

Chayuth Singtongthumrongkul

-Blue Print- The Quality Approach towards IT Service Management

etom, ITIL & ISO/IEC20000 harmonization Matthew Burrows (BSMimpact) & Megan Pendlebury (itsmf UK) November

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Lecture 8 About Quality and Quality Management Systems

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

Software Quality Assurance: VI Standards

ISO/IEC Part 1 the next edition

2011 Diploma General Management of small and medium enterprises (60 days), University of St. Gallen

itsmf USA Problem Management Community of Interest

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

SC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards

Herstellerinitiative Software (OEM Initiative Software)

Introduction to ITIL for Project Managers

Using COSO Small Business Guidance for Assessing Internal Financial Controls

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

GAIA Service Catalogs: A Framework for the Construction of IT Service Catalogs

Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC Specification Sheet. ISO/IEC Foundation Bridge TÜV SÜD Akademie

The Advantages of ISO 9001 Certification

DoD IT Service Management Initiatives Implications and Opportunities for Industry

Coming up soon: TMMI. What to expect. Jan Jaap Cannegieter Vice President SYSQA

The Capability Road Map a framework for managing quality and improving process capability

COBIT 5 Introduction. 28 February 2012

ICTEC. IT Services Issues HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen

LUXOFT ADVANTAGES. International Quality Standards

Geschäftsprozesse mit Enterprise SPICE und ISO verbessern und ihre Reife messen

Software Development Life Cycle Models - Process Models. Week 2, Session 1

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva

Measuring the level of quality of IT Service Management

ISO20000: What it is and how it relates to ITIL v3

COBIT 5 Implementation Certification Course

I T Service Management Implementation and

Governance SPICE. ISO/IEC for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

IT Governance. Infocom India Presentation. Pathfinder Technology Solutions. December 6, 2006

Understanding Management Systems Concepts

ITIL & The Service Oriented Approach. Vivek Shrivastava

Restructure of CIMO-Guide Part III Chapter 3 (Quality Management of Meteorological Observing Systems): Changes and Supplements

Consultants Alliance LLC. Professional Development Programs

Project Management and ITIL Transitions

ECQA Certified E-Learning Manager

How To Compare Itil To Togaf

EA vs ITSM. itsmf

ISO 9000 FOR SOFIYifrARE QUALITY SYSTEMS

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

BCS Specialist Certificate in Service Desk & Incident Management Syllabus

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology

Automotive SPICE & ISO/CD Their Mutual Relationship

iso20000templates.com

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

RESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA

Risikomanagement mit der Success Driver Analyse (SDA) - Erfahrungen bei Grossprojekten und Programmen

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

EffiValidation 3.0 software basic training module

Hans Bos Microsoft Nederland.

BCS Specialist Certificate in Change Management Syllabus

MM Agile: SCRUM + Automotive SPICE. Electronics Infotainment & Telematics

IT Governance using COBIT implemented in a High Public Educational Institution A Case Study

Is ISO/IEC Applicable to Agile Methods?

Software Engineering CSCI Class 50 Software Process Improvement. December 1, 2014

Rules for the certification of IT (Information Technology) Service Management Systems

EXIN IT Service Management Foundation based on ISO/IEC 20000

Surviving SOX with Scrum. Integrating Scrum in IT Governance at Allianz

Enabling Compliance Requirements using ISMS Framework (ISO27001)

sample exam ITMP.EN IT Management Principles (ITMP.EN) edition 2010 content introduction 3 exam 4 answer key 9 evaluation 16

ITIL and ITUP, and some real words too. - A context for modern ITSM. Ivor Macfarlane IBM Global Technology Services Henrik Toft IBM Software Group

IAS ACCREDITED INSPECTION AGENCIES: GUIDELINES FOR CONDUCTING INTERNAL AUDITS AND MANAGEMENT REVIEWS. Revised January, 2016

Transcription:

CRP Henri Tudor - Banking SPICE - 09.April 2008 & Gregor Gedlicka andreas@nehfort.at www.nehfort.at Banking SPICE - 1 SPICE/ISO 15504 as integration platform for the relevant regulations and standards to enable IT-Governance Return of experience on multi-site process harmonization & integration (Gregor Gedlicka - WAVE Solutions for IT) Banking SPICE - 2 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 1

Andreas Nehfort IT-Consultant & Trainer - since 1986 Nehfort IT-Consulting: - Software Processes Assessment Based Process Improvement: - Software Engineering: CMMI, SPiCE & Automotive SPICE - IT Service Management ITIL and ISO 20000 - IT-Project Management, Quality Management, SW - Requirements Formal Qualification / Certificates: - intacs Certified Competent Assessor für SPICE / ISO 15504 - Itsmf certified ISO 20000 Consultant Background: - TU-Wien Studying Technical Methematics: 1975-1979 - Software Developer and Project Management since 1978 Banking SPICE - 3 Nehfort IT-Consulting IT-Consulting Company focussed on: - Software Processes & Software Process Improvement - Based on well established reference models: - SPiCE - ISO15504 / Automotive SPiCE / CMMI - ITIL / ISO 20000 or ISO 27000ff - Agile Processes / RUP - Rational Unified Process - Network of independent Consultants, Trainers & Assessors: - Software Engineering & Project Management - IT Service Management & IT Security Management Nehfort IT-Consulting is representing KUGLER MAAG CIE in Austria! Banking SPICE - 4 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 2

Agenda - Some trends and challenges in the financial sector - Growth by mergers & acquisition - Standards & regulations - Enablers for IT-Governance base & advanced techniques - Assessment Based Process Improvement ABPI - SPICE as integration platform for the relevant regulations and standards - Multi-site process harmonization & integration Return of experience WAVE Solutons for IT - Multi-Standard Assessment Tool: SPICE 1-2-1 for IT-Governance Banking SPICE - 5 The Trends Mergers & Acquisition growing enterprises A growing field of Standards & Regulations The Challenges Reconfiguration & integration of business & organisations Reconfiguration & harmonisation of processes Assuring compliance to the relevant standards Demonstrating compliance to these relevant standards Banking SPICE - 6 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 3

IT-related Standards SW-Engineering: - CMMI & ISO 15504 / SPICE Systems Engineering: - CMMI & SPICE4Systems ( ISO 15504-6) IT Service Management: - ITIL & ISO 20000 Infomation Security: - ISO 27000ff IT-Controlling & IT-Governance: - Cobit Banking SPICE - 7 Standards & regulations for Financial Reporting The Topic: - Reliability of Financial Reporting - Monitoring Internal Control Systems Effectiveness The Standards & Regulations: - Sarbanes Oxley: SOX & SAS70 - COSO-Standards - Cobit - 8. EU-Directive (EuroSOX coming soon June 2008) Banking SPICE - 8 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 4

Base Techniques for IT-Management and IT Governance (enabler) An Integrated Management System: - The link from management to implementation targets - The link from implementation to management results Risk Management: - Identifying risks and goal oriented action planning Process-Controls and Process-Measurement: - For governance goals - For monitoring results Project Management: - To master the change processes Project Banking SPICE - 9 Advanced techniques for process management Applying the Process Capability Approach to all kinds of processes: - The Capability Level Model: from CL1 to CL5 - Process description via purpose and outcome - Process Attributes and Generic Practices Relevant Standards: - CMMI Capability Maturity Model Integration - SPICE ISO 15504: Process Assessments Application-Specific Process Reference Model Banking SPICE - 10 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 5

ISO 15504 - Scope The scope of ISO/IEC 15504: process assessments - for improvement and capability determination - It is not limited to software & systems engineering! Other best practice models for IT - like ITIL and ISO 20000 for IT Service Management - or ISO 27000ff for Information Security Management do not provide such a concise approach for process improvement. So ISO 15504 / SPICE can be used as a universal model for process assessment and process improvement. Banking SPICE - 11 Assessment Based Process Improvement Our integrative Assessment Approach SW Development SPICE / ISO 15504-5 SPiCE Assessment Approach IT Service Management ITIL / ISO 20000 Banking SPICE - 12 Information Security Management ISO 27000ff - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 6

Assessment Based Process Improvement Assessment Based Process Improvement combines: 1.) The SPICE assessment approach as defined in ISO 15504-2 2.) International and industry standards for the different process domains: - For Software Engineering: ISO/IEC 12207 as PRM and ISO/IEC 15504-5 as PAM - For Systems Engineering: ISO/IEC 15288 as PRM and the new ISO/IEC 15504-6 as PAM - For IT Service Management: ITIL (best practice) and ISO/IEC 20000-1 as standard for certification. - For Information Security Management: ISO/IEC 27001:2005 as standard for certification and ISO 17799 as standard for information security controls. - For IT Governance: Cobit as accounting standard for IT governance and SOX Banking SPICE - 13 A-B-P-I: Our Initiatives ISO 20000 PAM (developed in 2006): - SPICE conformant Process Assessment Model for IT Service Management Processes according to ISO/IEC 20000-1 - Combines state of the art know-how from two different angles: - The Reference Model for IT-Service Management: ISO 20000-1 - The Process Assessment model based on ISO 15504 / SPICE - Assessment Tool: SPICE 1-2-1 for ISO 20000 www.spice4iso20000.com ISO 27000 PAM (developed in 2007 & 2008): - SPICE conformant Process Assessment Model for Information Security Management according to ISO 27001 & ISO 27002 - Assessment Tool: SPICE 1-2-1 for ISO 27000 www.spice4iso27000.com Banking SPICE - 14 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 7

From consultant`s theory to customer`s practice Return of experience on multi-site process harmonization & integration WAVE Solutions for IT Gregor Gedlicka Banking SPICE - 15 and back to consultant`s support The dancing master will be our Process Assessments! We support these Asssessments with our Assessment Tool SPICE 1-2-1 for IT-Governance www.spice4it-governance.com Banking SPICE - 16 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 8

SPICE 1-2-1: Available Standards SPICE 1-2-1 for IT Governance provides the following models: - ISO 155004-5: SW-Engineering - ISO 20000: IT Service Management System - ISO 27001: Information Security Management System - ISO 27002: Information Security Controls -A customer-specific model - First empty can be filled with SynEdit - or we fill it with predefined processes (as a service) SPICE 1-2-1 is expandable e.g. for COBIT controls Banking SPICE - 17 The use of SPICE 1-2-1 for IT-Governance For fixing the position initial Assessment: - As starting point for process improvement For monitoring success evaluation assessment: - As part of an improvement program Fo compliance checks: - Preparing for an ISO certification ISO 20000 & ISO 27001 - In line with internal audits or supplier audits - In line with the internal control system for SOX, SAS70, EuroSOX and other regulations Banking SPICE - 18 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 9

Assessment Tool - Prepare Available Standards WAVE the customer-specific model Banking SPICE - 19 Prepare: ISO 270001 & ISO 27002 Select Information Security Controls Banking SPICE - 20 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 10

SPICE 1-2-1: Fill-In Fill In: N Not P Partially L Largely F Fully Banking SPICE - 21 SPICE 1-2-1: Analyze ISO 20000: Service Delivery Processes Banking SPICE - 22 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 11

Assessment Tool - Analyze Mix from ISO 15504 and ISO 20000 Banking SPICE - 23 Charts - an example: All Standards - Overview Banking SPICE - 24 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 12

SPICE 1-2-1: Reports Banking SPICE - 25 Emerging Interest in the process capability approach We notice a substantial interest to apply process capability approaches (CMMI and SPICE) to IT Service Management - especially by companies which deal with CMMI or SPICE for software engineering processes anyway. - For SW-Product companies: - ISO 15504-5 for SW-Product Development - ISO 20000 for the product related service organisation We also notice a substantial interest to apply the SPICE capability approach to organization wide process management initiatives, which cover not only IT processes! Banking SPICE - 26 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 13

ISO 20000 goes SPICE An ISO working group has started in 2007: - To develop ISO 20000-4 as Process Reference Model (PRM) for IT Service Management - To develop ISO 15504-8 as corresponding Process Assessment Model (PAM) ISO will need some years to publish these standards... (and SPICE for ISO 27000 will still be an open issue ) But you can benefit from our work right now... Banking SPICE - 27 Thank you for your attention! Questions & Discussion... Banking SPICE - 28 - andreas@nehfort.at - www.nehfort.at Tudor-Nehfort-SPICE-4-IT-Governance.ppt 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information