ITIL, COBIT, and ISO 17799 provide a blueprint for managing IT services.
It's long been accepted that constant change is fundamental to IT. While most IT pros understand that change is part of the game, the organizations they support often resist it or have a hard time understanding why IT operates under the strictures it does. CIOs must be prepared to overturn accepted norms in the pursuit of innovation. Finessing those changes means more than just leadership skills or charisma. It calls for having a clear blueprint as to the direction of the organization and its goals.
Many organizations struggle with that blueprint. It's not simple for IT to define its goals, position services and the need for constant evolution, and then communicate its capabilities and services to its line-of-business customers. The good news is that a lot of thinking has already gone into the problem.
The answer for many has been to follow the models set down in ITIL 2.0 (Information Technology Infrastructure Library), the 10-book set of best practices for IT service management that's gained wide popularity among international organizations and the vendor community. While ITIL will go far, skeptics contend that it's too specific. IT needs to think more broadly, they say, and blend ITIL with other, broader specifications. COBIT, or Control Objectives for Information and Related Technology, and ISO 17799, which is more specific to security, along with ITIL form the basis of a blueprint for IT governance.
COBIT, ITIL, AND ISO 17799
Cobit's goal is to help IT understand the needs of the business and to put practices in place to meet them as efficiently as possible. Strategic alignment keeps IT and more general enterprise planning in sync. Value delivery takes that strategic value proposition and delivers on it. Resource management helps IT put its money and other assets where they'll do the most good, while risk management establishes a conversation between corporate officers and IT executives so that systems reflect the enter- prise's aversion to risk. Performance management monitors IT's implementation efforts, providing measures for success and constant improvement.
Attempting to mix the three management specifications--COBIT, ITIL, and ISO 17799--can be daunting, and much work has been done to harmonize them. You can think of the three this way: COBIT tells you what to monitor and control. ITIL describes how to go about implementing the processes for doing that. ISO/IEC 17799:2000 lays out a process for securing those services and addressing legal requirements.
COBIT was published by the IT Governance Institute and is positioned as a high-level governance and control framework. The framework specifies 34 high-level control objectives for IT processes. Corresponding to these 34 control objectives are 318 recommended detailed control objectives to provide management assurance and advice for improvement.
ISO/IEC 17799:2000 is a framework for information security management published by the International Organization for Standardization and the International Electrotechnical Commission. The standard was first published in 2000 and updated in June 2005. It specifies best practices for security in 12 areas and offers guidance on such topics as protecting personal data, internal information, and intellectual property.
ITIL was developed by the U.K. government starting in the '80s and provides best practices for delivering IT services. The first version was a 48-book collection that was subsequently reduced to 10 books focusing solely on IT process. ITIL 3, released this year, is condensed into five books and refines the notion of IT service. Previously, core tenants were divided between service support and service delivery; these are now combined.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.