Download Spanish (1.2M)
Provide feedback on this document
Visit the COBIT (4.1 and earlier) Implementation Knowledge Center community
Visit the ISO/IEC 27000 Series Knowledge Center community
Visit the ITIL Knowledge Center community
This project was developed with the Office for Government Commerce (OGC) to update the very popular management briefing first produced in 2005. The briefing applies generally to all IT best practices but focuses on three specific practices and standards that are becoming widely adopted around the world. It has been updated to reflect the latest versions:
- ITIL V3—Published by the UK government to provide a best practice framework for IT service management
- COBIT 4.1—Published by ITGI and positioned as a high-level governance and control framework over IT processes
- ISO/IEC 27002:2005—Published by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) ato provide a framework of a standard for information security management
IT best practices need to be aligned to business requirements and integrated with one another and with internal procedures. COBIT can be used at the highest level, providing an overall governance and control framework based on an IT process model that should suit every organization generically. Specific practices and standards such as ITIL and ISO/IEC 27002 cover discrete areas and can be mapped to the COBIT framework, thus providing a hierarchy of guidance materials.
The briefing explains to business users and senior management the value of IT best practices and how harmonization, implementation and integration of best practices may be made easier.
The appendices provide mappings:
- COBIT to sections of ITIL and ISO/IEC 27002
- ITIL key topics to COBIT
- ISO/IEC 27002 classifications to COBIT