White Paper. COBIT 5 & BiSL



Similar documents
White Paper. Business Analysis meets Business Information Management

White Paper. Comparison of ISO/IEC with ASL and BiSL

ASL 2, An introduction

ITIL and BiSL : sound guidance for business-it alignment from a business perspective

White Paper September 2011

BiSL Glossary. 5 February 2014

Revised October 2013

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Chayuth Singtongthumrongkul

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

An introduction to BiSL A framework for business information management

COBIT 5 Introduction. 28 February 2012

Frameworks for IT Management

Somewhere Today, A Project is Failing

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

ITIL Service Lifecycles and the Project Manager

COBIT Helps Organizations Meet Performance and Compliance Requirements

ITIL V3 and ASL Sound Guidance for Application Management and Application Development

The IT Infrastructure Library (ITIL)

How To Compare Itil To Togaf

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Roles, Activities and Relationships

Enabling Information PREVIEW VERSION

An introduction to BiSL A framework for business information management

INFORMATION TECHNOLOGY FLASH REPORT

EA vs ITSM. itsmf

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

for Information Security

Executive's Guide to

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

Frameworks for IT Management

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

Advanced Topics for TOGAF Integrated Management Framework

IT Governance Implementation Workshop

TOGAF TOGAF & Major IT Frameworks, Architecting the Family

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

ISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04

Principles of Execution. Tips and Techniques for Effective Project Portfolio Management

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

Introduction to ITIL for Project Managers

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

Introduction: ITIL Version 3 and the ITIL Process Map V3

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy

Frameworks for IT Management

How To Use Risk It

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

ISACA Roundtable. Cobit and 7 september 2015

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

What are the factors that influence the success of the BiSL framework for business information management?

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

How To Manage Information Management

11 Tips to make the requirements definition process more effective and results more usable

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

Maximize the synergies between ITIL and DevOps

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

What Makes PMI Certifications Stand Apart?

Global Standards and Publications

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Trends in Information Technology (IT) Auditing

HOW COBIT CAN COMPLEMENT ITIL TO ACHIEVE BIT

Feature. Using COBIT 5 for Data Breach Prevention

The role of Information Governance in an Enterprise Architecture Framework

Ann Geyer Tunitas Group. CGEIT Domains

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

IS Management, ITIL, ISO, COBIT...

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

ITIL's IT Service Lifecycle - The Five New Silos of IT

Company size matters: Perspectives on IT Governance

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

Consultants Alliance LLC. Professional Development Programs

The ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner.

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

Domain 5 Information Security Governance and Risk Management

COBIT 5 IMPLEMENTATION SYLLABUS

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained

Information Security and Risk Management

2. Alignment. 3. Financial Benefits. 4. Non-financial Benefits. 5. Risk

Professional Cloud Solutions and Service Practices

ITIL v2 to v3 qualification conversion

Recent Advances in Automatic Control, Information and Communications

Terms of Reference for an IT Audit of

It s All About Process

ITIL: What it is What it Can Do For You V2.1

Information Security Management Systems

Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? Jimmy Heschl

Transcription:

White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management processes are executed effectively and efficiently. COBIT guides enterprises in rigorous governance and management of processes and other enablers related to demand, supply and use of information and technology. It provides much guidance for assurance of benefits realization, risk optimization and resource optimization. It refers to the predominantly IT-supply oriented frameworks and standards ITIL, TOGAF, PMBOK, PRINCE2, COSO and ISO for additional specific guidance. Because BiSL provides extensive guidance regarding the content of the processes for demand and use of information and technology, COBIT and BiSL can also be regarded as complimentary frameworks. Machteld Meijer & Mark Smalley, 28 January 2014 1

COBIT 5 According to its owner, ISACA, COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 helps enterprises of all sizes to: Maintain high-quality information to support business decisions Achieve strategic goals and realize business benefits through the effective and innovative use of IT Achieve operational excellence through reliable, efficient application of technology Maintain IT-related risk at an acceptable level Optimize the cost of IT services and technology Support compliance with relevant laws, regulations, contractual agreements and policies BiSL The Business Information Services Library (BiSL), according to its owner, the ASL BiSL Foundation, establishes a bridge between IT and business processes, and between business information administrators and information managers. The BiSL process model provides an insight into all of the primary processes within their field of operations and into the relationship between the various processes. It offers a starting point for the improvement of these processes using best practices, amongst other things, and it provides uniform terminology. The domain that BiSL addresses is referred to as business information management that is defined as the means by which an organization efficiently plans, collects, organizes, uses, controls, disseminates and disposes of its information, and through which it ensures that the value of that information is identified and exploited to the fullest extent. It is a corporate responsibility that needs to be addressed and followed from the most senior levels of management to the front line worker. Organizations must be held and must hold their employees accountable to manage information appropriately and responsibly. [Ref: BIM] 2

Comparison of scope COBIT offers guidance to help enterprises govern and manage enablers related to information and IT in order to achieve goals and thereby create value for their stakeholders. These are: Principles, policies and frameworks Processes Organizational structures Culture, ethics and behaviors Information Services, infrastructure and applications People, skills and competences. BiSL offers guidance to help enterprises manage and execute processes and activities related to managing business information and to the demand and use of IT. BiSL addresses six of the seven enablers, as illustrated in the following table. Italic text denotes the process or process cluster in which the enabler is to be found. COBIT Principles, policies and frameworks Processes Organizational structures Culture, ethics and behaviors Information Services, infrastructure and applications People, skills and competences BiSL I-organization strategy: Supplier policy Policy for the information function Policy for inter-enterprise information chains Information strategy: Information policy 23 processes for information management Strategic user relationship management: Organizational structure of the information function Information coordination: Authorities matrix - 1. Business information Information strategy: Information strategy Information architecture 2. GEIT information In all processes: High-level information flow needed to support execution of business information management processes Contract management: Required IT services Planning and resource management: Annual resourcing plan for execution of business information management 3

Implementation of business information management requires insight into: which activities should be executed and which measures should be taken to manage the activities and risks and to assure benefits realization, risk optimization and resource optimization. Most of BiSL s guidance addresses the first point, whereas COBIT is stronger in the second area. Similarities and differences BiSL does not address IT supply and therefore has a narrower scope as far as the information technology supply chain is concerned. BiSL also addresses fewer enablers, focusing on the processes and activities needed to execute the processes. Regarding the execution of activities, COBIT focusses on governing and managing the execution of activities whereas BiSL focusses on management and the content of the activities. BiSL also addresses managing the execution of activities in terms of time, costs, quality and agreements but with less emphasis on assurance than COBIT, that uses an extensive set of key practices to manage benefits realization, risk optimization and resource optimization. Two thirds of the COBIT key practices and the management practices apply partially to business information management. Half of these practices spans one or two BiSL processes while the other half spans three to six BiSL processes. The following two tables illustrate the core similarities and differences in the scope of COBIT and BiSL. The two main points are that BiSL (1) just focuses on demand and use, and (2) gives more detailed practitioner guidance. BiSL focuses on demand and use COBIT BiSL Use of information Management of information Use of IT IT demand IT supply BiSL gives more detailed practitioner guidance COBIT BiSL Governance Management of enablers/resources Management of execution of activities Execution of activities 4

Application of COBIT in combination with BiSL for business information management Many COBIT practices apply to business information management and contribute to providing assurance that business information management processes are executed effectively. The COBIT-BiSL cross reference below gives an indication of the relationship between the COBIT processes and the BiSL process clusters. A cross reference on a more detailed level was the basis of this mapping. Business information managers who want to use COBIT key practices to assure themselves and stakeholders that the information systems (in the broadest sense of the word) in an organization are under control, can use the more detailed cross reference to determine in which BiSL processes they should implement the key practices. BiSL does not provide specific guidance as to how to comply with the key practices but gives an extensive description of the content of the processes. COBIT refers explicitly to BiSL s in-depth guidance in the COBIT 5 Enabling Information publication: A useful reference framework to consult for more detailed management of demand and use of information is the Business Information Services Library (BiSL). Relationship: x = weak xxxx = strong I-organization strategy Information coordination Information strategy Management processes Use management Connecting processes Functionality management EDM Evaluate, Direct and Monitor x x x APO Align, Plan and Organize x xx xxx BAI Build, Acquire and Implement xx x xx xxxx DSS Deliver, Service and Support xx MEA Monitor, Evaluate and Assess 5

Conclusion COBIT guides enterprises in rigorous governance and management of processes and other enablers related to demand, supply and use of information and technology. It provides much guidance for assurance of benefits realization, risk optimization and resource optimization. It refers to the predominantly IT-supply oriented frameworks and standards ITIL, TOGAF, PMBOK, PRINCE2, COSO and ISO for additional specific guidance. Because BiSL provides extensive guidance regarding the content of the processes for demand and use of information and technology, COBIT and BiSL can also be regarded as complimentary frameworks. References [COBIT] [BiSL] [BIM] ISACA website www.isaca.org/cobit COBIT 5 Enabling Processes, 2012 COBIT 5 Enabling Information, 2013 Business information Services Library www.aslbislfoundation.org/en/bisl/ publications/books/299-2012- bisl-een-framework-voor-business-informatiemanagement Business information management function http://aslbislfoundation.org/en/bisl/publications/ whitepapers/doc_download/787-2012-08- white-paper-bim-function-v5-m-smalley 6

Acknowledgements The authors are grateful to Gary Bannister, APMG Chief Examiner COBIT, and Mark Thomas, President itsmf USA COBIT Special Interest Group, for reviewing and endorsing this paper. Authors Dr. Machteld Meijer is a self-employed senior consultant at Maise. She is Chief examiner for APM Group for the ASL and BiSL examinations, a member of ISO working groups and an active member of the ASL BiSL Foundation. Machteld is widely recognized as an expert in the fields of Business Information Management and Application Management, supported by many publications and presentations. Further details and publications at: www.maise.nl Mark Smalley is responsible for global promotion at the not-for-profit, vendor-independent ASL BiSL Foundation and is a self-employed IT Management Consultant at Smalley.IT. He is specialized in Application Lifecycle Management and IT Governance. Mark is a regular speaker at international conferences, where he has reached out to thousands of IT professionals. Follow & engage with Mark on Twitter @marksmalley Email: mark.smalley@aslbislfoundation.org Further details, publications & speaking engagements at www.linkedin.com/in/marksmalley 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information