Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.1 - IT Process Framework

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.1 - IT Process Framework is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
13 Members
0 Online
4199 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


IT Process Framework

Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It should provide integration amongst the processes that are specific to IT, enterprise portfolio management, business processes and business change processes. The IT process framework should be integrated into a quality management system (QMS) and the internal control framework.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Consistent approach for the definition of IT processes
  • Organisation of key activities into logical, interdependent processes
  • Clear definition of ownership of and responsibility for processes and key activities
  • Reliable and repeatable execution of key activities
  • Flexible and responsive IT processes
  Risk Drivers
  • Framework not being accepted by the business and IT processes not being related to business requirements
  • Incomplete framework of IT processes
  • Conflicts and unclear interdependencies amongst processes
  • Overlaps between activities
  • Inflexible IT organisation
  • Gaps between processes
  • Duplication of processes

View Control Practices  help

Hide Control Practices  help

  1. Identify IT processes required to realise the IT strategic plan.
  2. Define and implement a framework to enable the definition and follow-up of process goals, measures, controls and maturity.
  3. Define relationships and touchpoints (e.g., inputs/outputs) amongst the IT processes, enterprise portfolio management and business processes.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 102 total

Must be a Topic member to contribute
View All »
Downloads
Posted by ISACA 1175 days ago
Downloads
Posted by ISACA 1185 days ago
Downloads
Posted by ISACA 2260 days ago
Books
Posted by ISACA 145 days ago
Books
Posted by ISACA 264 days ago
Books
Posted by ISACA 478 days ago

Events & Online Learning: 11 total

15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
Miami, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 172 total

Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 3, 2017
by Guy Pearce
The relationship between cyber security and the regulatory requirements for data governance, data stewardship and enterprise data management is set to strengthen.
Volume 3, 2017
by Indrajit Atluri, CRISC, CISM, CEH, CISSP, CSSLP, HCISPP, ITILv3
The resolve to address IoT device security at various levels—hardware and software, government and enterprise, consumers and services—is widespread.
Volume 3, 2017
by Vasant Raval, DBA, CISA, ACMA, and Rajesh Sharma, Ph.D., ITIL-F, Six Sigma Black Belt
Success does not teach much, if anything; it is the failure that provides lessons to do better in the future.
Volume 3, 2017
by Ed Gelbstein, Ph.D.
This column continues the exploration of this topic by focusing on the Data Management Body of Knowledge (DMBOK) and what it does not cover.
Volume 3, 2017
by Shemlse Gebremedhin Kassa, CISA, CEH
The first steps in information security strategic planning in any form of business are risk management and risk evaluation.

Wikis: 2 total

Blog Posts: 64 total

The PCI Council has announced some new information on the upcoming version of PCI - Version 3.2.  Find out the latest here: http:/www.lbmcinformationsecurity.com/blog
Posted By : Stewart141 | 1 comments
Places where the relevant principles of COBIT map to COSO 2013 principles* are marked as Yes. .ExternalClassAA9D49C4D9F042DC96DF42A7B720A8E8 table {;} .ExternalClassAA9D49C4D9F042DC96DF42A7B720A8E8 .font51287 {color:black;font-size:9.0pt;font-weig...
Posted By : Sugandh | 0 comments
30 Mar 2017
When you think about your company information security, a greatest image come into your mind: * if my storage device crashed;* if my flashcopy in other storage device crashed too;* if my backup tape was in flame;* if my archive data was missed;* if my sec...
Posted By : MGPlay | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
Cyber Security Program the way I have often observed in various organization over the years, is lead with piecemeal approach. There is no holistic view or review of the same and the Cyber Security team, often to be counted on fingers, is left to fend the...
Posted By : Mayank | 0 comments
31 Dec 2016
The Mobile Maritime Hub 2009-2050 is an strategic plan that started in 2009, in Vilanova i La Geltrú, a coastal town, to promote maritime, nautical, fishing and scientific activities in a seaside region, by a properly use of the technological tools existi...
Posted By : ramoncod | 0 comments