27.3.2015

Analyse in Relation between ITIL,COBIT,CMMI and TOGAF

FEYYAZ KAYAR feyyazkyr@hotmail.com

InformatIon TechnologyManagement and Standards

ITIL(IT Service Delivery and Support)

ITILITIL (The Information Technology Infrastructure Library) is a globally accepted approach to IT service management (ITSM). ITIL provides a cohesive set of best practices, drawn from the public and private sectors, that focus on aligning end-to-end IT services with the needs of business. Tobias International can assist with this alignment, and an implementation plan tailored for your organization.ITIL offers a framework that describes processes, procedures, tasks and checklists that may be used by an organization for establishing integration with the organization’s strategic goals, delivering value to customers/users, and maintaining a minimum level of competency. However, the framework itself is not organization-specific. Upon adopting ITIL, an organization can then establish a baseline from which it can plan, implement, and measure improvement.The processes, procedures, functions and roles that facilitate effective IT SERVİCE management are defined in the five core ITSM Lifecycle stages:

IT Service Strategy

IT Service Design

IT Service Transition

IT Service Operation

IT Continual Service Improvement

The processes of Service Support are:

Incident management Problem management Configuration management Change management Release management

The key practices of Service Delivery are:

Service level management Financial management for IT services Capacity management IT service continuity management Availability management ITIL (IT Infrastructure Library) is the most widely accepted set

of best practices in the IT service delivery domain and is complementary to COBIT.

COBIT

Control Objectives for Information and related Technology (COBIT®)provides good practices across a domain and process frameworkand presents activities in a manageable and logical structure. COBIT’s good practices represent the consensus of experts. They are strongly focused more on control, less on execution. These practices will help optimise IT-enabled investments, ensure service delivery and provide a measure against which to judge when things do go wrong. For IT to be successful in delivering against business requirements, management should put an internal control system or framework in place. The COBIT control framework contributes to these needs by:• Making a link to the business requirements• Organising IT activities into a generally accepted process model• Identifying the major IT resources to be leveraged

• Defining the management control objectives to be considered

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.

The COBIT framework

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.The process focus of COBIT 4.1 is illustrated by a process model that subdivides IT into four domains (Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed, IT standards and good practices such as COSO, ITIL, BiSL, ISO 27000,CMMI, TOGAF and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.

The COBIT 4.1 framework specification can be obtained as a complimentary PDF at the ISACA download website. (Free self-registration may be required.)COBIT 5 was released in April 2012.[4] COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS). It aligns with frameworks and standards such as Information Technology Infrastructure Library(ITIL), International Organization for Standardization (ISO), Project Management Body of Knowledge (PMBOK), PRINCE2 and The Open Group Architecture Framework (TOGAF).

COBIT has had five major releases:

In 1996, the first edition of COBIT was released. In 1998, the second edition added "Control". In 2000, the third edition was released "Management

Guidelines". In 2003, an on-line version became available.

In December 2005, the fourth edition was initially released. In May 2007, the 4.1 revision was released.

COBIT 5 was released in June 2012. It consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk ITframeworks, and also draws significantly from the Business Model for Information Security (BMIS) and ITAF. In December 2012, one add-on document was released,

COBIT 5 for information security.[5

INFORMATION CRITERIA

Information delivered to the core business processes has to fulfill certain criteria, which are summarily characterised as follows: Quality requirements:

– Effectiveness:Deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner –

Efficiency: Concerns the provision of information through the optimal (most productive and economical) use of resources

Security requirements:

– Confidentiality: Concerns the protection of sensitive information from unauthorised disclosure – Integrity: Relates to the accuracy and completeness of information, as well as to its validity in accordance with business values and expectations

– Availability: Relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.

Fiduciary requirements:

– Compliance:Deals with complying with those laws, regulations and contractual arrangements to which the business process is subject, i.e., externally imposed business criteria, as well as internal policies

– Reliability:Relates to the provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities

TOGAFThe Open Group Architecture Framework (TOGAF) is a framework forenterprise architecture which provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture.[2] TOGAF has been a registered trademark ofThe Open Group in the United States and other countries since 2011.[3]

TOGAF is a high level approach to design. It is typically modeled at four levels: Business, Application, Data, and Technology. It relies heavily on modularization, standardization, and already existing, proven technologies and products.

TOGAF – The Open Group Architecture Framework

• ABD Savunma Bakanlığı’nın (DoD) geliştirmiş olduğu TAFIM – Technical Architecture Framework for Information Management metodolojisi baz alınarak

“Open Group” tarafından 1995 yılında geliştirilmiştir. Her yıl güncellenmektedir.

• Ürün ve kurum bağımsızdır. Ancak açık sistemler kullanılan bilgi teknolojileri ortamlarına daha fazla ağırlık verilmektedir.

TOGAF – The Open Group Architecture Framework

The Benefits: A successful enterprise architecture offers your business many benefits and opportunities:

The architecture supports both the business strategy and the business model.

The architecture is flexible enough to respond to new market requirements and changes.

The architecture guarantees an optimum basis for business intelligence.

The complexity of the architecture and therefore of the IT is reduced.

The advantages and disadvantages of various architectures are known.

Business Needs and Challenges:

Infrastructure and Security

Business Technology

Technology Transformation

Cost Optimization

Global Sourcing

CloudComputing

CMMI

Dünya genelinde kabul gören CMMI yazılım geliştirme sertifikasını almaya giden yol Rational Software‘den geçiyor

Dünya standartlarında yazılım geliştirmek çoğu yazılım evinin hayalidir. Türkiye’deki yazılım evleri, geliştirdikleri yazılımlarda dünya standartlarını yakalamak için büyük bir gayret gösteriyorlar. Yazılım geliştirmede, proje yönetimi belli bir kaliteyi yakalamak için çok önemli. IBM’in Rational Software çözümü ise proje yönetimini bir adım öteye taşıyarak, toplam yazılım geliştirme yönetimini, geliştiricilere sunuyor.

Bireyler için MCSE, CCNA sertifikaları varsa, yazılım evleri için de CMMI (Capability Maturity Model Integration) adlı bir sertifika var. Uluslararası işlerde firmalar CMMI sertifikasına sahip yazılım evlerini tercih ediyorlar. Rational Software sunduğu yazılım kalite yönetimi araçları ile bu sertifikanın alınmasını kolaylaştırıyor.

.

Büyük Yazılımcıların Tercihi

Rational Software IBM tarafından geçtiğimiz sene 2.5 milyar dolara satın alındı. Rational’ın IBM bünyesine geçmesiyle birlikte IBM Türkiye’de bu ürüne büyük önem vermeye başladı. Şu an Türkiye’deKoç Sistem, Akbank, Yapı Kredi, Turkcell, Telsim gibi büyük firmalarda ve savunma sektörüne yazılım geliştiren yazılım firmalarında Rational Software etkin bir şekilde kullanılıyor.

IBM’in Türkiye’deki Rational Software stratejisi hakkında IBM Satış Yöneticisi Server Tanfer ile görüştük. Rational Software’e büyük önem verdiklerini belirten Server Tanfer şunları söyledi: “Rational’da iki türlü büyüme bekliyoruz. Bunların

birincisi kapsama alanı olarak büyüme. Bu güne kadar Rational’la hiç tanışmamış firmalara ulaşmaya çalışıyoruz. Bununla ilgili olarak Yazılım Mühendisleri Günleri gerçekleştirdik. Önümüzdeki dönemde kapsama alanı ve müşteri sayısında büyük artış bekliyoruz. İkinci büyüme ise teknolojik olarak ürünlerin hızlı gelişmesinde olacak. IBM bir şirket satın aldığı zaman bilgi aktarımı yapıyor. Bu bilgi aktarımı Rational’a da başladı. Bu nedenle önümüzdeki dönem Rational’ın teknolojisi çok hızlı bir ivme ile gelişecek.”

Ağırlık Savunma ve Telekomda

Rational Software, bünyesinde proje yönetimi, yazılım modelleme, kalite yönetimi, kod ve sunum yönetimi, değişiklik yönetimi, gereksinim yönetimi ve dokümantasyon yönetimi modüllerini içeriyor. Bu modüller ister ayrı ayrı, isterse tam paket olarak alınabiliyor. IBM Rational Software’ı kanal üzerinden satıyor. Rational Software IBM bünyesine katılmadan önce Türkiye’de Bildem firması tarafından temsil ediliyordu. Bildem şu an IBM çözüm ortağı olarak Rational satışlarına devam ediyor. Rational’ın Türkiye’deki en gözde müşterileri savunma ve telekom sektörüne yazılım geliştiren firmalar. Bu tarz yazılımlarda hata kabul edilemez olduğundan dolayı, yazılım yönetimi büyük önem taşıyor. Yazılım yönetimi için Rational kullanan firmalar, daha etkin ve güvenli yazılımlar geliştirebiliyorlar.

Rational’ın maliyeti kullanılan modüllere göre değişiyor. Server Tanfer kurulumun şekline göre maliyetin kullanıcı başına 1-2 bin dolar seviyelerinden başladığını belirterek, kurumlara ürün ile ilgili her türlü destek ve danışmanlığı verdiklerini söylüyor.

Background of CMMI

Level1- InitialAt maturity level 1, processes are usually ad hoc and chaotic. The organization usually does not provide a stable environment. Success in these organizations depends on the competence and heroics of the people in the organization and not on the use of proven processes.Maturity level 1 organizations often produce products and services that work; however, they frequently exceed the budget and schedule of their projects.Maturity level 1 organizations are characterized by a tendency to over commit, abandon processes in the time of crisis, and not be able to repeat their past successes.

ManagedAt maturity level 2, an organization has achieved all the specific and generic goals of the maturity level 2 process areas. In other words, the projects of the organization have ensured that requirements are managed and that processes are planned, performed, measured, and controlled.The process discipline reflected by maturity level 2 helps to

ensure that existing practices are retained during times of stress. When these practices are in place, projects are performed and managed according to their documented plans.At maturity level 2, requirements, processes, work products, and services are managed. The status of the work products and the delivery of services are visible to management at defined points.Commitments are established among relevant stakeholders and are revised as needed. Work products are reviewed with stakeholders and are controlled.The work products and services satisfy their specified requirements, standards, and objectives.

DefinedAt maturity level 3, an organization has achieved all the specific and generic goals of the process areas assigned to maturity levels 2 and 3.At maturity level 3, processes are well characterized and understood, and are described in standards, procedures, tools, and methods.A critical distinction between maturity level 2 and maturity level 3 is the scope of standards, process descriptions, and procedures. At maturity level 2, the standards, process descriptions, and procedures may be quite different in each specific instance of the process (for example, on a particular project). At maturity level 3, the standards, process descriptions, and procedures for a project are tailored from the organization’s set of standard processes to suit a particular project or organizational unit. The organization’s set of standard processes includes the processes addressed at

maturity level 2 and maturity level 3. As a result, the processes that are performed across the organization are consistent except for the differences allowed by the tailoring guidelines.Another critical distinction is that at maturity level 3, processes are typically described in more detail and more rigorously than at maturity level 2. At maturity level 3, processes are managed more proactively using an understanding of the interrelationships of the process activities and detailed measures of the process, its work products, and its services.

Quantittatively Managed

At maturity level 4, an organization has achieved all the specific goals of the process areas assigned to maturity levels 2, 3, and 4 and the generic goals assigned to maturity levels 2 and 3.At maturity level 4 Subprocesses are selected that significantly contribute to overall process performance. These selected subprocesses are controlled using statistical and other quantitative techniques.Quantitative objectives for quality and process performance are established and used as criteria in managing processes. Quantitative objectives are based on the needs of the customer, end users, organization, and process implementers. Quality and process performance are understood in statistical terms and are managed throughout the life of the processes.For these processes, detailed measures of process performance are collected and statistically analyzed. Special

causes of process variation are identified and, where appropriate, the sources of special causes are corrected to prevent future occurrences.Quality and process performance measures are incorporated into the organization.s measurement repository to support fact-based decision making in the future.A critical distinction between maturity level 3 and maturity level 4 is the predictability of process performance. At maturity level 4, the performance of processes is controlled using statistical and other quantitative techniques, and is quantitatively predictable. At maturity level 3, processes are only qualitatively predictable.

Optimizing

At maturity level 5, an organization has achieved all the specific goals of the process areas assigned to maturity levels 2, 3, 4, and 5 and the generic goals assigned to maturity levels 2 and 3.Processes are continually improved based on a quantitative understanding of the common causes of variation inherent in processes.Maturity level 5 focuses on continually improving process performance through both incremental and innovative technological improvements.Quantitative process-improvement objectives for the organization are established, continually revised to reflect changing business objectives, and used as criteria in managing process improvement.The effects of deployed process improvements are measured and evaluated against the quantitative process-improvement

objectives. Both the defined processes and the organization’s set of standard processes are targets of measurable improvement activities.Optimizing processes that are agile and innovative depends on the participation of an empowered workforce aligned with the business values and objectives of the organization. The organization’s ability to rapidly respond to changes and opportunities is enhanced by finding ways to accelerate and share learning. Improvement of the processes is inherently part of everybody’s role, resulting in a cycle of continual improvement.A critical distinction between maturity level 4 and maturity level 5 is the type of process variation addressed. At maturity level 4, processes are concerned with addressing special causes of process variation and providing statistical predictability of the results. Though processes may produce predictable results, the results may be insufficient to achieve the established objectives. At maturity level 5, processes are concerned with addressing common causes of process variation and changing the process (that is, shifting the mean of the process performance) to improve process performance (while maintaining statistical predictability) to achieve the established quantitative process-improvement objectives.

RESOURCEShttps://wordpress.com/stats/feyyazkayar.wordpress.comhttp://www.central2013.eu/fileadmin/user_upload/Downloads/outputlib/Innotrain_Systematiz ation_2011_04_05_FINAL.PDF https://chapters.theiia.org/rochester/Events/Presentations%20Archive/IT-Governance-2013- 12-11.pdf http://www.itsm.hr/baza%20znanja/Mapping%20ITILV3%20COBIT41.pdf http://www.itu.dk/courses/SISM/E2013/ITU%20IT%20Governance%20and%20Service%20 Management%202013.10.10%20v0.1.pdf http://vaughanmerlyn.com/tag/cobit/ http://thisiswhatgoodlookslike.com/tag/togaf/ http://www.saci.inf.br/togaf.html http://www.selectbs.com/process-maturity/what-is-capability-maturity-model-integration http://www.broadswordsolutions.com/what-is-cmmi/