New guide aligning Cobit 4.1, ITIL V3 and ISO 27002 helps enterprises achieve maximum governance and value in a volatile economy

In the current economy, enterprises worldwide are struggling to achieve growth and governance at an affordable cost without compromising the business, its customers, and the integrity and security of their information systems. To help them accomplish this daunting task, the non-profit, independent IT Governance Institute (ITGI), in conjunction with the UK Office of Government Commerce (OGC), has released Aligning Control Objectives for Information and related Technology (Cobit) 4.1, IT Infrastructure Library (ITIL) V3 and ISO/IEC 27002 for Business Benefit, a complimentary guide on how to use these frameworks and standards together for maximum governance and value.

The publication is available as a free download at http://www.isaca.org/COBITmappings.

“This guidance helps enterprises implement effective and transparent governance without reinventing the wheel,” said Gary Hardy, CGEIT, a founder of the ITGI Cobit Steering Committee. “Enterprises should use Cobit as an overall control framework to focus on priority areas and quick wins and ITIL and ISO/IEC 27002 to provide more detailed guidance regarding service management and security. This will ensure both breadth and depth of governance that is efficient to deploy.”

Cobit is a globally accepted set of tools organised into a framework that executives and IT professionals at all organisations can use to ensure their information technology (IT) is helping them achieve their goals and objectives. Based on industry standards and best practices, Cobit enables enterprises to direct their IT for optimal advantage, reduce IT-related risks and increase confidence in the information provided by IT. It enables clear policy development and good practice for IT management, increases the value organisations can attain from IT and helps manage compliance. Cobit 4.1 is freely available for download from www.itgi.org.

Developed by the OGC, ITIL is the most widely accepted best practice for IT service management. Version 3 consists of 27 detailed processes organised into five high-level processes described in five core publications. ITIL V3 also introduced the concept of the service life cycle, which is described in the sixth ITIL publication.

Published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 27002:2005 provides a standard for developing and maintaining security standards and management practice to improve information security management.

Aligning Cobit 4.1, ITIL V3 and ISO/IEC 27002 is of particular value for enterprises that are undergoing change or restructure.

“In merger and acquisition situations, the mappings of Cobit to other frameworks and standards, including ITIL and ISO/IEC 27002, are especially helpful,” said Robert Stroud, international vice-president of ITGI and IT governance evangelist at CA. “If the other organisation involved uses a different standard or guidance, the mapping clarifies how processes from both organisations fit together.”