Rolling Meadows, IL, USA (10 November 2008)—In the current economy, enterprises worldwide are struggling to achieve growth and governance at an affordable cost without compromising the business, its customers, and the integrity and security of their information systems. To help them accomplish this daunting task, the nonprofit, independent IT Governance Institute (ITGI), in conjunction with the UK Office of Government Commerce (OGC), has released Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit, a complimentary guide on how to use these frameworks and standards together for maximum governance and value.
The publication is available as a free download at www.isaca.org/COBITmappings.
“This guidance helps enterprises implement effective and transparent governance without reinventing the wheel,” said Gary Hardy, CGEIT, a founder of the ITGI COBIT Steering Committee. “Enterprises should use COBIT as an overall control framework to focus on priority areas and quick wins and ITIL and ISO/IEC 27002 to provide more detailed guidance regarding service management and security. This will ensure both breadth and depth of governance that is efficient to deploy.”
Control Objectives for Information and related Technology (COBIT) is a globally accepted set of tools organized into a framework that executives and IT professionals at all organizations can use to ensure their information technology (IT) is helping them achieve their goals and objectives. Based on industry standards and best practices, COBIT enables enterprises to direct their IT for optimal advantage, reduce IT-related risks and increase confidence in the information provided by IT. It enables clear policy development and good practice for IT management, increases the value organizations can attain from IT and helps manage compliance. COBIT 4.1 is freely available for download from www.itgi.org.
Developed by the OGC, ITIL (IT Infrastructure Library) is the most widely accepted best practice for IT service management. Version 3 consists of 27 detailed processes organized into five high-level processes described in five core publications. ITIL V3 also introduced the concept of the service life cycle, which is described in the sixth ITIL publication.
Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 27002:2005 provides a standard for developing and maintaining security standards and management practice to improve information security management.
Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 is of particular value for enterprises that are undergoing change or restructure.
“In merger and acquisition situations, the mappings of COBIT to other frameworks and standards, including ITIL and ISO/IEC 27002, are especially helpful,” said Robert Stroud, international vice president of ITGI and IT governance evangelist at CA. “If the other organization involved uses a different standard or guidance, the mapping clarifies how processes from both organizations fit together.”
The IT Governance Institute (ITGI) (www.itgi.org) is a nonprofit, independent research entity that provides guidance for the global business community on issues related to the governance of IT assets. ITGI was established by the nonprofit membership association ISACA in 1998 to help ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed, and IT performance is measured. ITGI developed COBIT and Val IT, and offers original research and case studies to help enterprise leaders and boards of directors fulfill their IT governance responsibilities and help IT professionals deliver value-adding services.
With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 9,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.
Kristen Kessinger, +1.847.660.5512, firstname.lastname@example.org
Deborah Vohasek, +1.847.660.5566, email@example.com
Joanne Duffer, +1.847.660.5564, firstname.lastname@example.org
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008