YaSM and COBIT: Difference between revisions

From YaSM Service Management Wiki
No edit summary
No edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 7: Line 7:
<meta property="og:site_name" content="YaSM Service Management">
<meta property="og:site_name" content="YaSM Service Management">
<meta property="og:type" content="article" />
<meta property="og:type" content="article" />
<meta property="fb:admins" content="100002035253209" />
<meta property="fb:admins" content="100002592864414" />
<meta property="og:image" content="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" />
<meta property="og:image" content="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" />
<meta property="og:image:width" content="1200" />
<meta property="og:image:width" content="1200" />
<meta property="og:image:height" content="900" />
<meta property="og:image:height" content="900" />
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@yasmcom">
<meta name="twitter:creator" content="@yasmcom">
<meta name="twitter:title" content="YaSM and COBIT®">
<meta name="twitter:description" content="COBIT® enabling processes and how they relate to YaSM service management processes.">
<meta name="twitter:image" content="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg">
<meta name="twitter:image:alt" content="The YaSM model and COBIT&reg; share many basic principles: COBIT enabling processes and how they relate to the YaSM service management processes - cross-reference.">
<link href="https://plus.google.com/104150539756444616711/posts" rel="publisher" />
<link href="https://plus.google.com/104150539756444616711/posts" rel="publisher" />
</itpmch>
</itpmch>
Line 28: Line 19:
<p>&nbsp;</p>
<p>&nbsp;</p>


[[What is YaSM|YaSM]]&reg; was developed with [[YaSM_and_COBIT|COBIT]]&reg; ([[YaSM_and_COBIT|Control Objectives for Information and Related Technologies]]) [[#COBIT|[1]]] in mind, but YaSM is not a "COBIT process model".
[[What is YaSM|YaSM]]&reg; was developed with <b><span style="color:#465674;">COBIT&reg; (Control Objectives for Information and Related Technologies)</span></b> [[#COBIT|[1]]] in mind, but YaSM is not a "COBIT process model".
<p>&nbsp;</p>
<p>&nbsp;</p>


<html><div style="float:right;"><div itemid="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" itemscope itemtype="https://schema.org/ImageObject">
<html><div itemid="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" itemscope itemtype="https://schema.org/ImageObject">
<a href="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" title="COBIT&reg; enabling processes and the YaSM model" itemprop="contentUrl">
<meta itemprop="caption" content="COBIT&reg; enabling processes and how they relate to YaSM service management processes." />
<meta itemprop="caption" content="COBIT&reg; enabling processes and how they relate to YaSM service management processes." />
<meta itemprop="width" content="1200" />
<meta itemprop="width" content="1200" />
Line 47: Line 37:
<meta itemprop="keywords" content="COBIT enabling processes" />
<meta itemprop="keywords" content="COBIT enabling processes" />
<meta itemprop="keywords" content="IT governance YaSM" />
<meta itemprop="keywords" content="IT governance YaSM" />
<img style="margin:0px 0px 20px 20px; float:right;" srcset="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/480px/cobit-enabling-processes-and-the-YaSM-model.jpg 480w, https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg 1200w" sizes="100vw" src="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" width="480" height="360" title="COBIT&reg; enabling processes and the YaSM model" alt="COBIT&reg; enabling processes and how they relate to YaSM service management processes - cross-reference." /></a>
<figure class="mw-halign-right" typeof="mw:File/Thumb"><a itemprop="contentUrl" href="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" title="COBIT&reg; enabling processes and the YaSM model"><img srcset="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/480px/cobit-enabling-processes-and-the-YaSM-model.jpg 480w, https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg 1200w" sizes="100vw" src="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" fetchpriority="high" decoding="async" width="480" height="360" class="mw-file-element" alt="COBIT&reg; enabling processes and how they relate to YaSM service management processes - cross-reference." /></a>
<div class="thumbcaption" style="margin:0px 0px 20px 20px"><span style="font-variant:small-caps;"><b>Fig. 1: COBIT enabling processes and YaSM service management.</b></span></div></div></div></html>
<figcaption><span style="font-variant:small-caps;"><b>Fig. 1: What is COBIT&reg; (Control Objectives for Information and Related Technologies)?</b><br /><a href="https://yasm.com/wiki/en/img/yasm-frameworks/cobit/cobit-enabling-processes-and-the-YaSM-model.jpg" title="COBIT&reg; enabling processes and the YaSM service management model">COBIT enabling processes and YaSM service management</a>.</span></figcaption></figure></div></html>


__TOC__
__TOC__
Line 55: Line 45:
==<span id="about-cobit">About COBIT&reg;</span>==
==<span id="about-cobit">About COBIT&reg;</span>==


According to its authors, [https://cobitonline.isaca.org/ COBIT] is an "overarching framework" for IT governance that is "aligned with other relevant standards and frameworks at a high level" [[#ISACA-2012|[ISACA, 2012]]].
According to its authors, [https://www.isaca.org/resources/cobit/ COBIT] is an "overarching framework" for IT governance that is "aligned with other relevant standards and frameworks at a high level" [[#ISACA-2012|[ISACA, 2012]]].


COBIT describes seven categories of "enablers" for the governance and management of enterprise IT:
COBIT describes seven categories of "enablers" for the governance and management of enterprise IT:
Line 75: Line 65:
COBIT is less helpful for designing the [[Service Management Processes|service management processes of an organization]]. Although COBIT defines a process model complete with suggested process activities, its authors concede that "the activities may not be at a sufficient level of detail for implementation, and further guidance may need to be obtained from specific relevant standards and good practice such as ITIL&reg;, ..." [[#ISACA-2012|[ISACA, 2012]]].
COBIT is less helpful for designing the [[Service Management Processes|service management processes of an organization]]. Although COBIT defines a process model complete with suggested process activities, its authors concede that "the activities may not be at a sufficient level of detail for implementation, and further guidance may need to be obtained from specific relevant standards and good practice such as ITIL&reg;, ..." [[#ISACA-2012|[ISACA, 2012]]].


This is where YaSM comes into the picture. [[YaSM and ITIL]] [[#ITIL|[2]]] are well aligned but YaSM is somewhat easier to implement, so using YaSM and COBIT in combination is quite conceivable when setting up a set of service management processes, including a suitable governance framework. We expect, however, that a number of enhancements to the [[Service Management Processes|YaSM processes]] will be needed, depending on which particular sets of COBIT goals an organization intends to fulfill. The ITIL&reg; publications and other service management guidance may also be consulted if additional advice is needed for specific topics.
This is where YaSM comes into the picture.
 
[[YaSM and ITIL]] [[#ITIL|[2]]] are well aligned but YaSM is somewhat easier to implement, so using YaSM and COBIT in combination is quite conceivable when setting up a set of service management processes, including a suitable governance framework. We expect, however, that a number of enhancements to the [[Service Management Processes|YaSM service management processes]] will be needed, depending on which particular sets of COBIT goals an organization intends to fulfill. The ITIL&reg; publications and other service management guidance may also be consulted if additional advice is needed for specific topics.


'''''Note:''''' ''YaSM is an independent framework and is not endorsed by the authors of COBIT.'' <br />
'''''Note:''''' ''YaSM is an independent framework and is not endorsed by the authors of COBIT.'' <br />
Line 81: Line 73:
==<span id="cobit-yasm-processes">COBIT&reg; enabling processes and how they relate to YaSM processes</span>==
==<span id="cobit-yasm-processes">COBIT&reg; enabling processes and how they relate to YaSM processes</span>==


<html><p><span id="md-webpage-description" itemprop="description">The following tables highlight which <a href="https://yasm.com/wiki/en/index.php/Service_Management_Processes" title="YaSM service management processes">YaSM processes</a> are related to specific COBIT&reg; enabling processes, to illustrate that YaSM and COBIT share many basic principles.</span> Please note that the aim is not to provide a detailed and scientifically correct cross-reference between the two service management frameworks.</html>
<span id="md-webpage-description" itemprop="description">The following tables highlight which [[Service_Management_Processes|YaSM service management processes]] are related to specific COBIT&reg; enabling processes, to illustrate that YaSM and COBIT share many basic principles:</span>
 
*[[#domain-edm|Domain: Evaluate, Direct and Monitor (EDM)]]
*[[#domain-edm|Domain: Evaluate, Direct and Monitor (EDM)]]
*[[#domain-apo|Domain: Align, Plan and Organize (APO)]]
*[[#domain-apo|Domain: Align, Plan and Organize (APO)]]
Line 89: Line 80:
*[[#domain-mea|Domain: Monitor, Evaluate and Assess (MEA)]]
*[[#domain-mea|Domain: Monitor, Evaluate and Assess (MEA)]]


==<span id="domain-edm">Domain: Evaluate, Direct and Monitor (EDM)</span>==
Please note that the aim is not to provide a detailed and scientifically correct cross-reference between the two service management frameworks.
 
===<span id="domain-edm">Domain: Evaluate, Direct and Monitor (EDM)</span>===


{| class="wikitable" style="background: white;"
{| class="wikitable" style="background: white;"
|-
|+style="background:#465674;"|<span style="color:#ffffff; font-size: 110%">COBIT domain 'Evaluate, Direct and Monitor (EDM)' and related YaSM processes</span>
!style="background:#379988; font-size: 110%; color:#ffffff;"|COBIT&reg; enabling pro&shy;cesses
|-style="vertical-align:top"
!style="background:#379988; font-size: 110%; color:#ffffff; "|Related YaSM processes
!style="background:#eeeeee;"|COBIT&reg; enabling pro&shy;cesses
!style="background:#379988; font-size: 110%; color:#ffffff;"|Notes
!style="background:#eeeeee;"|Related YaSM processes
!style="background:#eeeeee;"|Notes
|-style="vertical-align:top"
|-style="vertical-align:top"
|EDM01 Ensure Gover&shy;nance Frame&shy;work Setting and Mainte&shy;nance
|EDM01 Ensure Gover&shy;nance Frame&shy;work Setting and Mainte&shy;nance
Line 122: Line 116:
<p>&nbsp;</p>
<p>&nbsp;</p>


==<span id="domain-apo">Domain: Align, Plan and Organize (APO)</span>==
===<span id="domain-apo">Domain: Align, Plan and Organize (APO)</span>===


{| class="wikitable" style="background: white;"
{| class="wikitable" style="background: white;"
|-
|+style="background:#465674;"|<span style="color:#ffffff; font-size: 110%">COBIT domain 'Align, Plan and Organize (APO)' and related YaSM processes</span>
!style="background:#379988; font-size: 110%; color:#ffffff;"|COBIT&reg; enabling pro&shy;cesses
|-style="vertical-align:top"
!style="background:#379988; font-size: 110%; color:#ffffff;"|Related YaSM processes
!style="background:#eeeeee;"|COBIT&reg; enabling pro&shy;cesses
!style="background:#379988; font-size: 110%; color:#ffffff;"|Notes
!style="background:#eeeeee;"|Related YaSM processes
!style="background:#eeeeee;"|Notes
|-style="vertical-align:top"
|-style="vertical-align:top"
|APO01 Manage the IT Manage&shy;ment Frame&shy;work
|APO01 Manage the IT Manage&shy;ment Frame&shy;work
Line 146: Line 141:
*[[LP1: Set the strategic direction]]
*[[LP1: Set the strategic direction]]
*[[SP1: Set up and maintain the service management system|SP1: Set up and maintain the service mgmt. system]]
*[[SP1: Set up and maintain the service management system|SP1: Set up and maintain the service mgmt. system]]
*[[SP4: Manage configuration information|SP4: Manage config. information]]
*[[SP4: Manage configuration information|SP4: Manage config. infor&shy;mation]]
|
|
*This COBIT process cannot be related directly to specific YaSM processes.
*This COBIT process cannot be related directly to specific YaSM processes.
*A number of YaSM processes maintain information which is generally under-stood to be part of the enterprise architecture, for example:
*A number of YaSM processes maintain information which is generally under-stood to be part of the enterprise architecture, for example:
**The process for setting up the SMS maintains a model of the organization's processes.
**The process for setting up the SMS maintains a model of the organization's processes.
**The configuration management process maintains a configuration model, which typically includes information about applications and their interrelationships.
**The configuration management process maintains a configuration model, which typically includes information about applications and their inter&shy;relationships.
**The strategic process contains activities to produce a roadmap for the future development of the technical infrastructure.
**The strategic process contains activities to produce a roadmap for the future development of the technical infrastructure.
|-style="vertical-align:top"
|-style="vertical-align:top"
Line 167: Line 162:
*[[LP1: Set the strategic direction]]
*[[LP1: Set the strategic direction]]
*[[SP2: Maintain the service portfolio]]
*[[SP2: Maintain the service portfolio]]
*[[SP4: Manage configuration information|SP4: Manage config. information]]
*[[SP4: Manage configuration information|SP4: Manage config. infor&shy;mation]]
*[[SP12: Manage service financials]]
*[[SP12: Manage service financials]]
|
|
Line 232: Line 227:
*[[LP1: Set the strategic direction]]
*[[LP1: Set the strategic direction]]
*[[SP7: Ensure security]]
*[[SP7: Ensure security]]
*[[SP8: Prepare for disaster events]]
*[[SP8: Ensure continuity]]
|
|
*Risks affecting the service provider's business model as a whole are assessed during strategic reviews. This may lead to the definition and implementation of suitable responses to the identified strategic risks.
*Risks affecting the service provider's business model as a whole are assessed during strategic reviews. This may lead to the definition and implementation of suitable responses to the identified strategic risks.
*A number of other YaSM processes are tasked with managing risks of particular types, for example security risks or risks associated with disaster events.
*A number of other YaSM processes are tasked with managing risks of particular types, for example security risks or risks associated with critical, disruptive events.
|-style="vertical-align:top"
|-style="vertical-align:top"
|APO13 Manage Security</span>
|APO13 Manage Security</span>
Line 246: Line 241:
<p>&nbsp;</p>
<p>&nbsp;</p>


==<span id="domain-bai">Domain: Build, Acquire and Implement (BAI)</span>==
===<span id="domain-bai">Domain: Build, Acquire and Implement (BAI)</span>===


{| class="wikitable" style="background: white;"
{| class="wikitable" style="background: white;"
|-
|+style="background:#465674;"|<span style="color:#ffffff; font-size: 110%">COBIT domain 'Build, Acquire and Implement (BAI)' and related YaSM processes</span>
!style="background:#379988; font-size: 110%; color:#ffffff;"|COBIT&reg; enabling pro&shy;cesses
|-style="vertical-align:top"
!style="background:#379988; font-size: 110%; color:#ffffff;"|Related YaSM processes
!style="background:#eeeeee;"|COBIT&reg; enabling pro&shy;cesses
!style="background:#379988; font-size: 110%; color:#ffffff;"|Notes
!style="background:#eeeeee;"|Related YaSM processes
!style="background:#eeeeee;"|Notes
|-style="vertical-align:top"
|-style="vertical-align:top"
|BAI01 Manage Pro&shy;grammes and Projects
|BAI01 Manage Pro&shy;grammes and Projects
Line 324: Line 320:
*[[LP3: Build new or changed services]]
*[[LP3: Build new or changed services]]
*[[LP4: Operate the services]]
*[[LP4: Operate the services]]
*[[SP4: Manage configuration information|SP4: Manage config. information]]
*[[SP4: Manage configuration information|SP4: Manage config. infor&shy;mation]]
*[[SP11: Manage suppliers]]
*[[SP11: Manage suppliers]]
*[[SP12: Manage service financials]]
*[[SP12: Manage service financials]]
Line 337: Line 333:
|BAI10 Manage Configu&shy;ration
|BAI10 Manage Configu&shy;ration
|
|
*[[SP4: Manage configuration information|SP4: Manage config. information]]
*[[SP4: Manage configuration information|SP4: Manage config. infor&shy;mation]]
|
|
*-/-
*-/-
Line 344: Line 340:
<p>&nbsp;</p>
<p>&nbsp;</p>


==<span id="domain-dss">Domain: Deliver, Service and Support (DSS)</span>==
===<span id="domain-dss">Domain: Deliver, Service and Support (DSS)</span>===


{| class="wikitable" style="background: white;"
{| class="wikitable" style="background: white;"
|-
|+style="background:#465674;"|<span style="color:#ffffff; font-size: 110%">COBIT domain 'Deliver, Service and Support (DSS)' and related YaSM processes</span>
!style="background:#379988; font-size: 110%; color:#ffffff;"|COBIT&reg; enabling pro&shy;cesses
|-style="vertical-align:top"
!style="background:#379988; font-size: 110%; color:#ffffff;"|Related YaSM processes
!style="background:#eeeeee;"|COBIT&reg; enabling pro&shy;cesses
!style="background:#379988; font-size: 110%; color:#ffffff;"|Notes
!style="background:#eeeeee;"|Related YaSM processes
!style="background:#eeeeee;"|Notes
|-style="vertical-align:top"
|-style="vertical-align:top"
|DSS01 Manage Operations
|DSS01 Manage Operations
Line 374: Line 371:
|DSS04 Manage Continuity
|DSS04 Manage Continuity
|
|
*[[SP8: Prepare for disaster events]]
*[[SP8: Ensure continuity]]
|
|
*-/-
*-/-
Line 399: Line 396:
<p>&nbsp;</p>
<p>&nbsp;</p>


==<span id="domain-mea">Domain: Monitor, Evaluate and Assess (MEA)</span>==
===<span id="domain-mea">Domain: Monitor, Evaluate and Assess (MEA)</span>===


{| class="wikitable" style="background: white;"
{| class="wikitable" style="background: white;"
|-
|+style="background:#465674;"|<span style="color:#ffffff; font-size: 110%">COBIT domain 'Monitor, Evaluate and Assess (MEA)' and related YaSM processes</span>
!style="background:#379988; font-size: 110%; color:#ffffff;"|COBIT&reg; enabling pro&shy;cesses
|-style="vertical-align:top"
!style="background:#379988; font-size: 110%; color:#ffffff;"|Related YaSM processes
!style="background:#eeeeee;"|COBIT&reg; enabling pro&shy;cesses
!style="background:#379988; font-size: 110%; color:#ffffff;"|Notes
!style="background:#eeeeee;"|Related YaSM processes
!style="background:#eeeeee;"|Notes
|-style="vertical-align:top"
|-style="vertical-align:top"
|MEA01 Monitor, Evaluate and Assess Per&shy;formance and Con&shy;formance
|MEA01 Monitor, Evaluate and Assess Per&shy;formance and Con&shy;formance
Line 438: Line 436:


==External links==
==External links==
*[COBIT browsing page]. -- ISACA International ("ISACA"): [https://cobitonline.isaca.org/ https://cobitonline.isaca.org/]. -- The COBIT 5 resource center for governance and management of enterprise IT.  - ISACA; Rolling Meadows, IL 60008, USA.
*[COBIT browsing page]. -- ISACA International ("ISACA"): [https://www.isaca.org/resources/cobit/ https://www.isaca.org/resources/cobit/]. -- The COBIT resource center for governance and management of enterprise IT.  - ISACA; Rolling Meadows, IL 60008, USA.


== Notes ==
== Notes ==
Line 477: Line 475:


<!-- define schema.org/WebPage --> <span itemid="https://yasm.com/wiki/en/index.php/YaSM_and_COBIT" itemscope itemtype="https://schema.org/WebPage" itemref="md-webpage-description">
<!-- define schema.org/WebPage --> <span itemid="https://yasm.com/wiki/en/index.php/YaSM_and_COBIT" itemscope itemtype="https://schema.org/WebPage" itemref="md-webpage-description">
   <meta itemprop="educationalUse" content="Which YaSM processes are related to specific COBIT&reg; enabling processes." />
   <meta itemprop="educationalUse" content="Which YaSM service management processes are related to specific COBIT&reg; enabling processes." />
   <meta itemprop="name Headline" content="YaSM and COBIT" />
   <meta itemprop="name Headline" content="YaSM and COBIT" />
   <meta itemprop="alternativeHeadline" content="YaSM and COBIT&reg; (Control Objectives for Information and Related Technologies)" />
   <meta itemprop="alternativeHeadline" content="YaSM and COBIT&reg; (Control Objectives for Information and Related Technologies)" />

Latest revision as of 10:57, 10 August 2024

 

 

Comparison: YaSM and COBIT® (Control Objectives for Information and Related Technologies)

Part of: YaSM vs. other service management frameworks and standards

 

YaSM® was developed with COBIT® (Control Objectives for Information and Related Technologies) [1] in mind, but YaSM is not a "COBIT process model".

 

COBIT® enabling processes and how they relate to YaSM service management processes - cross-reference.
Fig. 1: What is COBIT® (Control Objectives for Information and Related Technologies)?
COBIT enabling processes and YaSM service management.


About COBIT®

According to its authors, COBIT is an "overarching framework" for IT governance that is "aligned with other relevant standards and frameworks at a high level" [ISACA, 2012].

COBIT describes seven categories of "enablers" for the governance and management of enterprise IT:

  • Principles, policies and frameworks
  • Processes
  • Organizational structures
  • Culture, ethics and behavior
  • Information
  • Services, infrastructure and applications
  • People, skills and competencies.

COBIT's "enabling processes" are defined in the COBIT Process Reference Model. For each process in the reference model, COBIT specifies a number of dimensions such as a set of goals, metrics, inputs, outputs, management practices and activities. The COBIT product set also includes a process capability model which can be used to assess the maturity of an organization's IT-related processes, as well as an implementation guide.

Because of its complete set of goals and metrics for IT processes, many organizations use COBIT to improve governance of their information technology operations.

Using YaSM and COBIT® in combination

COBIT is less helpful for designing the service management processes of an organization. Although COBIT defines a process model complete with suggested process activities, its authors concede that "the activities may not be at a sufficient level of detail for implementation, and further guidance may need to be obtained from specific relevant standards and good practice such as ITIL®, ..." [ISACA, 2012].

This is where YaSM comes into the picture.

YaSM and ITIL [2] are well aligned but YaSM is somewhat easier to implement, so using YaSM and COBIT in combination is quite conceivable when setting up a set of service management processes, including a suitable governance framework. We expect, however, that a number of enhancements to the YaSM service management processes will be needed, depending on which particular sets of COBIT goals an organization intends to fulfill. The ITIL® publications and other service management guidance may also be consulted if additional advice is needed for specific topics.

Note: YaSM is an independent framework and is not endorsed by the authors of COBIT.

COBIT® enabling processes and how they relate to YaSM processes

The following tables highlight which YaSM service management processes are related to specific COBIT® enabling processes, to illustrate that YaSM and COBIT share many basic principles:

Please note that the aim is not to provide a detailed and scientifically correct cross-reference between the two service management frameworks.

Domain: Evaluate, Direct and Monitor (EDM)

COBIT domain 'Evaluate, Direct and Monitor (EDM)' and related YaSM processes
COBIT® enabling pro­cesses Related YaSM processes Notes
EDM01 Ensure Gover­nance Frame­work Setting and Mainte­nance
  • These COBIT processes cannot be related directly to specific YaSM processes.
  • The YaSM process for setting up the service management system (SMS) is responsible for defining, maintaining, reviewing and improving a set of suitable service management processes and policies. This includes the processes and policies related to governance.
  • The strategic process ensures at the strategic level that the service provider's objectives and those of the customers are aligned, that best use is made of available resources, and that enterprise risk is identified and managed.
  • The defined strategic objectives are typically achieved by executing suitable strategic initiatives.

EDM02 Ensure Benefits Delivery

EDM03 Ensure Risk Optimi­sation

EDM04 Ensure Resource Optimi­sation

EDM05 Ensure Stake-holder Transpa­rency

 

Domain: Align, Plan and Organize (APO)

COBIT domain 'Align, Plan and Organize (APO)' and related YaSM processes
COBIT® enabling pro­cesses Related YaSM processes Notes
APO01 Manage the IT Manage­ment Frame­work
  • The YaSM process for setting up the SMS is in charge of defining and maintaining a set of suitable service management processes and policies. This includes aspects such as communicating the service provider's objectives, establishing responsibilities, tracking compliance with the defined policies and processes, and continually improving the processes.
APO02 Manage Strategy
  • -/-
APO03 Manage Enter­prise Archi­tecture
  • This COBIT process cannot be related directly to specific YaSM processes.
  • A number of YaSM processes maintain information which is generally under-stood to be part of the enterprise architecture, for example:
    • The process for setting up the SMS maintains a model of the organization's processes.
    • The configuration management process maintains a configuration model, which typically includes information about applications and their inter­relationships.
    • The strategic process contains activities to produce a roadmap for the future development of the technical infrastructure.
APO04 Manage Inno­vation
  • YaSM's strategic process gathers information about the latest available technologies and assesses how these may be applied to offer innovative services or to improve service economics.
  • This is supported by customer relation-ship management, which provides inputs related to the customers' needs and plans for the future, as well as by supplier management, which contributes information on new or enhanced services offered by external service suppliers.
APO05 Manage Portfolio
  • The strategic process decides which strategic initiatives ("programs") are to be executed and allocates the required funds, in cooperation with financial management. Once the programs have been initiated, the strategy manager will monitor their progress and take corrective action if required.
  • The financial management process tracks the budget against actual expenses and reviews the investments to verify if the expected benefits have been realized.
  • The portfolio of services is maintained by the service portfolio management process.
  • The portfolio of assets is maintained by the configuration management process.
APO06 Manage Budget and Costs
  • -/-
APO07 Manage Human Resources
  • YaSM's human resources management process is tasked with developing the skills required to provide the service provider's range of services.
  • The required staffing levels for new services or processes are determined during the service design stage.
  • Once services and processes are implemented, tracking of human resources usage and planning of staffing levels is done as part of service and process operation.
APO08 Manage Relation­ships
  • -/-
APO09 Manage Service Agree­ments
  • The service portfolio process identifies the services, maintains the service portfolio and publishes service catalogues, as appropriate.
  • The customer relationship process is in charge of signing service agreements with the customers; the properties of those services are defined in service definitions, which are prepared in the service design stage.
  • Service operation is responsible for monitoring service levels and producing corresponding reports.
  • Service improvement will conduct periodic service reviews, which typically include reviews of the service agreements.
APO10 Manage Suppliers
  • YaSM's supplier management process has overall responsibility for managing supplier relationships and contracts.
  • It is supported by service operations, which monitors the quality levels of services provided by external suppliers.
APO11 Manage Quality
  • This COBIT process cannot be related directly to specific YaSM processes.
  • YaSM is particularly concerned with managing service quality. This is achieved through defining the required service quality levels during the service design stage, measuring the achieved service levels during service operation, and continually improving the services as required.
APO12 Manage Risk
  • Risks affecting the service provider's business model as a whole are assessed during strategic reviews. This may lead to the definition and implementation of suitable responses to the identified strategic risks.
  • A number of other YaSM processes are tasked with managing risks of particular types, for example security risks or risks associated with critical, disruptive events.
APO13 Manage Security
  • -/-

 

Domain: Build, Acquire and Implement (BAI)

COBIT domain 'Build, Acquire and Implement (BAI)' and related YaSM processes
COBIT® enabling pro­cesses Related YaSM processes Notes
BAI01 Manage Pro­grammes and Projects
  • -/-
BAI02 Manage Require­ments Definition
  • -/-
BAI03 Manage Solutions Identi­fication and Build
  • The service design process designs the solution components which are built and tested by the service build process.
  • Supplier management is tasked with procuring components from external suppliers.
  • The service portfolio process is responsible for updating the service portfolio.
BAI04 Manage Availa­bility and Capacity
  • Both YaSM and COBIT stipulate that service availability and capacity must be managed, but YaSM does not contain specific capacity and availability management processes. Rather, service capacity and availability is treated as an aspect of services to be managed through the service lifecycle processes.
BAI05 Manage Organi­sational Change Enable­ment
  • This COBIT process cannot be related directly to specific YaSM processes.
  • If significant organizational changes are required, YaSM suggests implementing such changes by way of defining and executing strategic initiatives. Communicating the vision and empowering the implementation team is thus the responsibility of the strategic process.
  • The actual implementation of the organizational changes may be performed, for example, by the process responsible for setting up and maintaining the SMS.
BAI06 Manage Changes
  • -/-
BAI07 Manage Change Accep­tance and Transi­tioning
  • YaSM's service design process will define the approach for developing new or significantly changed services, including any required supporting infrastructure. Project management is responsible for the detailed planning of service development projects.
  • The actual implementation of new services is performed by the service build process.
BAI08 Manage Knowledge
  • -/-
  • The YaSM model does not include a specific knowledge management process.
  • YaSM takes the view that knowledge is managed and knowledge management principles are used in several service management processes. For example, the incident resolution process manages knowledge on how to deal with certain types of service incidents.
BAI09 Manage Assets
  • This COBIT process cannot be related directly to specific YaSM processes.
  • IT assets are identified and recorded by the configuration management process.
  • The availability of critical assets is ensured by appropriately designing the supporting service infrastructure and adequate operational procedures.
  • The deployment and reallocation of assets is the responsibility of the service build and operation processes, depending on the types of assets.
  • The financial process provides insight into the costs for service provisioning; this allows other processes to assess if costs can be reduced by making better use of assets.
  • Licenses are managed by the supplier management process, supported by the configuration management process.
BAI10 Manage Configu­ration
  • -/-

 

Domain: Deliver, Service and Support (DSS)

COBIT domain 'Deliver, Service and Support (DSS)' and related YaSM processes
COBIT® enabling pro­cesses Related YaSM processes Notes
DSS01 Manage Operations
  • Routine operational tasks are performed by YaSM's service operation process.
  • The management of outsourced services is the responsibility of supplier management.
DSS02 Manage Service Requests and Incidents
  • -/-
DSS03 Manage Problems
  • -/-
DSS04 Manage Continuity
  • -/-
DSS05 Manage Security Services
  • YaSM's security process is responsible for defining the organization's approach to ensuring security as well as for implementing, operating and reviewing appropriate security controls and mechanisms.
  • Some activities associated with ensuring security are also performed by other processes; for example, service operation is tasked with monitoring the infrastructure, which includes monitoring for security-related events.
DSS06 Manage Business Process Controls
  • Controls and standards to ensure the security of information assets are defined under the responsibility of YaSM's security process.
  • The enforcement of the defined controls is often achieved through suitably defined service management processes or workflows, as well as appropriate configuration of applications or document management systems. The configuration of the applications and systems may be carried out when service components are being built, or as part of service operation.

 

Domain: Monitor, Evaluate and Assess (MEA)

COBIT domain 'Monitor, Evaluate and Assess (MEA)' and related YaSM processes
COBIT® enabling pro­cesses Related YaSM processes Notes
MEA01 Monitor, Evaluate and Assess Per­formance and Con­formance
  • Process performance management and monitoring of conformance to the defined processes is the responsibility of YaSM's process for maintaining the SMS. This includes, in particular, the definition of process goals and metrics, collection of data and initiation of corrective action if required.
MEA02 Monitor, Evaluate and Assess the System of Internal Control
  • This COBIT process cannot be related directly to specific YaSM processes.
  • The system of internal control is effectively defined by specifying a number of suitable processes and policies. This means the YaSM process for maintaining the SMS is predominantly in charge of monitoring and assessing the system of internal control.
MEA03 Monitor, Evaluate and Assess Com­pliance with External Require­ments
  • YaSM's process for ensuring compliance is responsible for identifying and monitoring compliance requirements, as well as for devising suitable controls and mechanisms for fulfilling those requirements.
  • The implementation of the defined controls may be achieved in a number of ways, for example through
    • Stipulations in service agreements and service definitions
    • Mandated activities in the defined service management processes
    • Mandated operational activities
    • Technical mechanisms.

References

  • [ISACA, 2012]. - Information Systems Audit and Control Association (ISACA): COBIT 5: Enabling Processes. - Rolling Meadows, IL, USA, 2012.

External links

  • [COBIT browsing page]. -- ISACA International ("ISACA"): https://www.isaca.org/resources/cobit/. -- The COBIT resource center for governance and management of enterprise IT. - ISACA; Rolling Meadows, IL 60008, USA.

Notes

[1] COBIT® is a registered trademark of ISACA (Information Systems Audit and Control Association).
[2] ITIL® is a registered trade mark of AXELOS Limited.

Is based on: The YaSM Process Map. - Document: "YaSM and COBIT®".

By:  Stefan Kempter Author: Stefan Kempter, IT Process Maps GbR  and  Andrea Kempter Contributor: Andrea Kempter, IT Process Maps GbR, IT Process Maps.

 

COBIT® and related YaSM processes  › Domain APO  › Domain BAI  › Domain DSS  › Domain MEA