YaSM and COBIT: Difference between revisions

• LP1: Set the strategic direction
• SP1: Set up and maintain the service mgmt. system

• These COBIT processes cannot be related directly to specific YaSM processes.
• The YaSM process for setting up the service management system (SMS) is responsible for defining, maintaining, reviewing and improving a set of suitable service management processes and policies. This includes the processes and policies related to governance.
• The strategic process ensures at the strategic level that the service provider's objectives and those of the customers are aligned, that best use is made of available resources, and that enterprise risk is identified and managed.
• The defined strategic objectives are typically achieved by executing suitable strategic initiatives.

EDM02 Ensure Benefits Delivery

EDM03 Ensure Risk Optimi­sation

EDM04 Ensure Resource Optimi­sation

EDM05 Ensure Stake-holder Transpa­rency

• SP1: Set up and maintain the service mgmt. system

• The YaSM process for setting up the SMS is in charge of defining and maintaining a set of suitable service management processes and policies. This includes aspects such as communicating the service provider's objectives, establishing responsibilities, tracking compliance with the defined policies and processes, and continually improving the processes.

• LP1: Set the strategic direction

• -/-

• LP1: Set the strategic direction
• SP1: Set up and maintain the service mgmt. system
• SP4: Manage config. infor­mation

• This COBIT process cannot be related directly to specific YaSM processes.
• A number of YaSM processes maintain information which is generally under-stood to be part of the enterprise architecture, for example:
  • The process for setting up the SMS maintains a model of the organization's processes.
  • The configuration management process maintains a configuration model, which typically includes information about applications and their inter­relationships.
  • The strategic process contains activities to produce a roadmap for the future development of the technical infrastructure.

• LP1: Set the strategic direction
• SP3: Manage customer relation­ships
• SP11: Manage suppliers

• YaSM's strategic process gathers information about the latest available technologies and assesses how these may be applied to offer innovative services or to improve service economics.
• This is supported by customer relation-ship management, which provides inputs related to the customers' needs and plans for the future, as well as by supplier management, which contributes information on new or enhanced services offered by external service suppliers.

• LP1: Set the strategic direction
• SP2: Maintain the service portfolio
• SP4: Manage config. infor­mation
• SP12: Manage service financials

• The strategic process decides which strategic initiatives ("programs") are to be executed and allocates the required funds, in cooperation with financial management. Once the programs have been initiated, the strategy manager will monitor their progress and take corrective action if required.
• The financial management process tracks the budget against actual expenses and reviews the investments to verify if the expected benefits have been realized.
• The portfolio of services is maintained by the service portfolio management process.
• The portfolio of assets is maintained by the configuration management process.

• SP12: Manage service financials

• -/-

• LP2: Design new or changed services
• LP4: Operate the services
• SP1: Set up and maintain the service mgmt. system
• SP10: Manage human resources

• YaSM's human resources management process is tasked with developing the skills required to provide the service provider's range of services.
• The required staffing levels for new services or processes are determined during the service design stage.
• Once services and processes are implemented, tracking of human resources usage and planning of staffing levels is done as part of service and process operation.

• SP3: Manage customer relation­ships

• -/-

• LP2: Design new or changed services
• LP4: Operate the services
• LP5: Improve the services
• SP2: Maintain the service portfolio
• SP3: Manage customer relation­ships

• The service portfolio process identifies the services, maintains the service portfolio and publishes service catalogues, as appropriate.
• The customer relationship process is in charge of signing service agreements with the customers; the properties of those services are defined in service definitions, which are prepared in the service design stage.
• Service operation is responsible for monitoring service levels and producing corresponding reports.
• Service improvement will conduct periodic service reviews, which typically include reviews of the service agreements.

• LP4: Operate the services
• SP11: Manage suppliers

• YaSM's supplier management process has overall responsibility for managing supplier relationships and contracts.
• It is supported by service operations, which monitors the quality levels of services provided by external suppliers.

• LP2: Design new or changed services
• LP4: Operate the services
• LP5: Improve the services

• This COBIT process cannot be related directly to specific YaSM processes.
• YaSM is particularly concerned with managing service quality. This is achieved through defining the required service quality levels during the service design stage, measuring the achieved service levels during service operation, and continually improving the services as required.

• LP1: Set the strategic direction
• SP7: Ensure security
• SP8: Ensure continuity

• Risks affecting the service provider's business model as a whole are assessed during strategic reviews. This may lead to the definition and implementation of suitable responses to the identified strategic risks.
• A number of other YaSM processes are tasked with managing risks of particular types, for example security risks or risks associated with critical, disruptive events.

• SP7: Ensure security

• -/-

• SP6: Manage projects

• -/-

• LP2: Design new or changed services

• -/-

• LP2: Design new or changed services
• LP3: Build new or changed services
• SP2: Maintain the service portfolio
• SP11: Manage suppliers

• The service design process designs the solution components which are built and tested by the service build process.
• Supplier management is tasked with procuring components from external suppliers.
• The service portfolio process is responsible for updating the service portfolio.

• LP2: Design new or changed services
• LP3: Build new or changed services
• LP4: Operate the services
• LP5: Improve the services

• Both YaSM and COBIT stipulate that service availability and capacity must be managed, but YaSM does not contain specific capacity and availability management processes. Rather, service capacity and availability is treated as an aspect of services to be managed through the service lifecycle processes.

• LP1: Set the strategic direction
• LP2: Design new or changed services
• LP3: Build new or changed services
• SP1: Set up and maintain the service mgmt. system

• This COBIT process cannot be related directly to specific YaSM processes.
• If significant organizational changes are required, YaSM suggests implementing such changes by way of defining and executing strategic initiatives. Communicating the vision and empowering the implementation team is thus the responsibility of the strategic process.
• The actual implementation of the organizational changes may be performed, for example, by the process responsible for setting up and maintaining the SMS.

• SP5: Assess and coordinate changes

• -/-

• LP2: Design new or changed services
• LP3: Build new or changed services
• SP6: Manage projects

• YaSM's service design process will define the approach for developing new or significantly changed services, including any required supporting infrastructure. Project management is responsible for the detailed planning of service development projects.
• The actual implementation of new services is performed by the service build process.

• -/-

• The YaSM model does not include a specific knowledge management process.
• YaSM takes the view that knowledge is managed and knowledge management principles are used in several service management processes. For example, the incident resolution process manages knowledge on how to deal with certain types of service incidents.

• LP2: Design new or changed services
• LP3: Build new or changed services
• LP4: Operate the services
• SP4: Manage config. infor­mation
• SP11: Manage suppliers
• SP12: Manage service financials

• This COBIT process cannot be related directly to specific YaSM processes.
• IT assets are identified and recorded by the configuration management process.
• The availability of critical assets is ensured by appropriately designing the supporting service infrastructure and adequate operational procedures.
• The deployment and reallocation of assets is the responsibility of the service build and operation processes, depending on the types of assets.
• The financial process provides insight into the costs for service provisioning; this allows other processes to assess if costs can be reduced by making better use of assets.
• Licenses are managed by the supplier management process, supported by the configuration management process.

• SP4: Manage config. infor­mation

• -/-

• LP4: Operate the services
• SP11: Manage suppliers

• Routine operational tasks are performed by YaSM's service operation process.
• The management of outsourced services is the responsibility of supplier management.

• LP4.6: Resolve incidents and service requests

• -/-

• LP4.7: Resolve problems

• -/-

• SP8: Ensure continuity

• -/-

• LP4: Operate the services
• SP7: Ensure security

• YaSM's security process is responsible for defining the organization's approach to ensuring security as well as for implementing, operating and reviewing appropriate security controls and mechanisms.
• Some activities associated with ensuring security are also performed by other processes; for example, service operation is tasked with monitoring the infrastructure, which includes monitoring for security-related events.

• LP3: Build new or changed services
• LP4: Operate the services
• SP1: Set up and maintain the service mgmt. system
• SP7: Ensure security

• Controls and standards to ensure the security of information assets are defined under the responsibility of YaSM's security process.
• The enforcement of the defined controls is often achieved through suitably defined service management processes or workflows, as well as appropriate configuration of applications or document management systems. The configuration of the applications and systems may be carried out when service components are being built, or as part of service operation.

• SP1: Set up and maintain the service mgmt. system

• Process performance management and monitoring of conformance to the defined processes is the responsibility of YaSM's process for maintaining the SMS. This includes, in particular, the definition of process goals and metrics, collection of data and initiation of corrective action if required.

• SP1: Set up and maintain the service mgmt. system

• This COBIT process cannot be related directly to specific YaSM processes.
• The system of internal control is effectively defined by specifying a number of suitable processes and policies. This means the YaSM process for maintaining the SMS is predominantly in charge of monitoring and assessing the system of internal control.

• LP4: Operate the services
• SP1: Set up and maintain the service mgmt. system
• SP9: Ensure compliance

• YaSM's process for ensuring compliance is responsible for identifying and monitoring compliance requirements, as well as for devising suitable controls and mechanisms for fulfilling those requirements.
• The implementation of the defined controls may be achieved in a number of ways, for example through
  • Stipulations in service agreements and service definitions
  • Mandated activities in the defined service management processes
  • Mandated operational activities
  • Technical mechanisms.