Glenfis AG

ITIL V3 COBiT V4.1 Mapping Overview

Seite 1 von 6

ITIL V3 - Cobit 4th Mapping

Service Strategy

Service Design

Service Transition Service Asset & Configuration Mgmt

Service Operation

Continual Service Improvement

Service Measurement & Control x x

Transition Planning & Support

PO
PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10

Plan & Organise

Define a Strategic IT Plan Define the Information Architecture Determine Technological Direction Define the IT Processes, Organisation and Relationships Manage the IT Investment Communicate Management Aims and Direction Manage IT Human Resources Manage Quality Assess and Manage IT Risks Manage Projects x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x

AI
AI1 AI2 AI3 AI4 AI5 AI6 AI7

Acquire & Implement

Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Enable Operation and Use Procure IT Resources Manage Changes Install and Accredit Solutions and Changes x x x x x x x x x x x x x x x x x x x x x x x x

DS
DS1 DS2 DS3 DS4 DS5 DS6 DS7 DS8 DS9 DS10 DS11 DS12 DS13

Deliver & Support

Define and Manage Service Levels Manage Third-Party Services Manage Performance and Capacity Ensure Continuous Service Ensure Systems Security Identify and Allocate Costs Educate and Train Users Manage Service Desk and Incidents Manage the Configuration Manage Problems Manage Data Manage Physical Environment Manage Operations x x x x x x x x x x x x x x x x x x x x x x x x

ME
ME1 ME2 ME3 ME4

Monitor and Evaluate

Monitor and Evaluate IT Performance Monitor and Evaluate Internal Control Ensure Regulatory Compliance Provide IT Governance x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x

ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office, and is used hereby GLENFIS AG under licence from and with the permission of OGC. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

(c) Glenfis AG

www.glenfis.ch www.itil.org www.ISO20000.ch

Return on Investment on CSI V 2.0

Release & Deployment Mgmt

Service Validation & Testing

IT Service Continuity Mgmt

Information Security Mgmt

IT Financial Management

Service Catalogue Mgmt

Service Portfolio Mgmt

Incident Management

Strategy Generation

Service Level Mgmt

Request Fulfilment

Service Reporting

Availability Mgmt

Knowledge Mgmt

Capacity Mgmt

Supplier Mgmt

Problem Mgmt

Demand Mgmt

Change Mgmt

Access Mgmt

Event Mgmt

Evaluation

Glenfis AG

ITIL V3 COBiT V4.1 Mapping Overview

Seite 2 von 6

ITIL Service Management Process

1. Strategy Generation Define the market Develop the offerings Develop strategic assets Prepare for execution 2. IT Financial Management Service Valuation Service Provisioning models and analysis Funding Business Impact Analysis (Financial Value) Chargeback Return on Investment 3. Service Portfolio Management Define Services & Ensure Business Case Analyse portfolio Value & prioritize Approve & Authorize Services and Resources Charter Services and allocate Resources 4. Demand Management Core Services and Support Services Developing differentiated Offerings Service Level Packages (SLPs) Segmentation 5. Service Catalogue Management Agreeing and documenting a service definition Interfacing with Service Portfolio Management Producing and Maintaining a Service Catalogue Interfacing with Business & IT Service Continuity Mgmt Interfacing with support teams, suppliers and configuration mgmt 6. Service Level Management Designing SLA frameworks Determine, document and agree requirements & produce SLRs Monitor service performance against SLA Collate, measure and improve customer satisfaction Produce service reports Conduct service reviews and instigate improvements within an SIP Review and revise SLAs, Service Scope and underpinning agreements Develop contacts and relationship Compliants and compliments Determine Legel Requirements, Compliance 7. Availability Management Monitor, measure, analyse and report service and component availability Unavailability analysis The expanded incident lifecycle Service failure analysis Identifying Vital Business Functions (VBF) Designing for availability Designing for recovery Risk Analysis and Management (for availability of Services) Planned and preventive maintenance

Lifecycle Stage
Service Strategy

Process
PO 1 P0 1 PO 1 PO 4 PO 10 PO 5 DS 6 PO 5 PO 5 PO 5 DS6 PO 5 PO 1 PO 1 PO 1 PO 1 PO 1 PO 1 PO 1 PO 1 PO 1 PO 3 DS DS DS DS DS DS DS DS DS DS DS DS DS DS PO PO ME DS DS DS DS DS DS DS DS DS DS 1 1 1 1 1 1 1 1 1 1 1 1 1 1 4 4 3 3 3 3 3 3 3 3 3 3 3

Control Objective
PO 1.0 PO 1.1 PO 1.3 PO 4.13 PO 10.1 PO DS PO PO PO DS PO PO PO PO PO PO PO PO PO PO PO 5.0 6.2 5.4 5.3 5.5 6.3 5.5 1.6 1.6 1.6 1.6 1.6 1.2 1.2 1.2 1.2 3.0

Description
Define a Strategic IT Plan IT Value Management Assessment of Current Capability and Performance Key IT Personal Programme Management Framework Manage the IT Investment Identify and Allocate Costs Cost Management IT Budgeting Benefit Management Cost Model and Charging Benefit Management IT Portfolio Management IT Portfolio Management IT Portfolio Management IT Portfolio Management IT Portfolio Management Business - IT Alignment Business - IT Alignment Business - IT Alignment Business - IT Alignment Determine technical Direction Define and Manage Service Levels Definition of Service Service Level Management Frameworks Service Level Management Frameworks Service Level Management Frameworks Service Level Management Frameworks Define and Manage Service Levels Service Level Framework Service Level Agreements Monitoring and Reporting of Service Level Agreements Monitoring and Reporting of Service Level Agreements Monitoring and Reporting of Service Level Agreements Review of Service Level Agreements and Contracts Review of Service Level Agreements and Contracts Relationships Relationships Ident. of Ext Legal, Regulatory and Contractual Compliance Req. Resource Availability Resource Availability Resource Availability Resource Availability Resource Availability Resource Availability Resource Availability Resource Availability Resource Availability Resource Availability

Service Strategy

Service Strategy

Service Strategy

Service Design

DS 1.0 DS 1.2 DS 1.1 DS 1.1 DS 1.1 DS 1.1 DS 1.0 DS 1.1 DS 1.3 DS 1.5 DS 1.5 DS 1.5 DS 1.6 DS 1.6 PO 4.15 PO 4.15 ME 3.1 DS DS DS DS DS DS DS DS DS DS 3.4 3.4 3.4 3.4 3.4 3.4 3.4 3.4 3.4 3.4

Service Design

Service Design

(c) Glenfis AG

www.glenfis.ch www.itil.org www.ISO20000.ch

V 2.0

Glenfis AG

ITIL V3 COBiT V4.1 Mapping Overview

Seite 3 von 6

ITIL Service Management Process

Production of the Projected Service Outage (PSO) document Availability Testing Schedule 8. Capacity Management Business Capacity Management Service Capacity Management Component Capacity Management Utilization Monitoring Response Time Monitoring Exploitation of new technology Threshold management and control Demand Management Modelling and trending Application sizing 9. IT Service Continuity Management Initiation - Policy setting Specify terms of reference and scope Allocate resources Define the project organization and control structure Agree project and quality plans Business Impact Analyses for requirements Risk analysis IT Service Continuity Strategy Risk response measures Implementation Risk reduction and Standby arrangements Organization and Disaster Recovery Planning Initial and ongoing testing Ongoing Education, Awareness and training Regular Reviews Change Management

Lifecycle Stage

Process
DS 3 DS 3

Control Objective
DS 3.4 DS 3.4 DS 3.0 DS 3.1 DS3.2 DS 3.3 DS 3.5 DS 3.5 PO 3.3 DS 3.5 DS 3.3 DS 3.3 DS 3.3 DS 4.0 DS 4.1 DS 4.1 DS 4.1 DS 4.1 DS 4.1 DS 4.1 PO 9.4 PO 9.5 DS 4.2 AI 3.1 DS 4.4 DS 4.5 DS 4.6 DS 4.10 AI 6.2 DS DS DS PO DS DS DS DS DS DS DS DS DS DS AI AI AI AI 5.0 5.1 5.2 9.4 5.2 5.9 5.9 5.2 2.0 2.1 2.3 2.2 2.2 2.4 4.1 4.1 4.1 4.1

Description
Resource Availability Resource Availability Manage Performance and Capacity Performance and Capacity Planning Current Performance and Capacity Future Performance and Capacity Monitoring and Reporting Monitoring and Reporting Monitor Future Trends and Regulation Monitoring and Reporting Future Performance and Capacity Future Performance and Capacity Future Performance and Capacity Ensure Continuous Service IT Continuity Framework IT Continuity Framework IT Continuity Framework IT Continuity Framework IT Continuity Framework IT Continuity Framework Risk Assessment Risk Response IT Continuity Plan Technological Infrastructure Acquisition Plan Maintenance of the IT Continuity Plan Testing of the continuity plan IT Continuity Plan Training Post-resumption Review Impact Assessment, Prioritization and Authorization Ensure Systems Security Management of IT Security IT Security Plan Risk Assessment Management of IT Security Malicious Software Prevention, Detection and Correction Malicious Software Prevention, Detection and Correction IT Security Plan Manage Third-Party Services Identification of all Supplier Relationships Supplier Risk Management Supplier Relationship Management Supplier Relationship Management Supplier Performance Monitoring Planning for Operational Solution Planning for Operational Solution Planning for Operational Solution Planning for Operational Solution Manage Changes Change Status Tracking and Reporting

Service Design

DS DS DS DS DS DS PO DS DS DS DS

3 3 3 3 3 3 3 3 3 3 3

Service Design

DS 4 DS 4 DS 4 DS 4 DS 4 DS 4 DS 4 PO 9 PO 9 DS 4 AI 3 DS 4 DS 4 DS 4 DS 4 AI 6 DS DS DS PO DS DS DS DS DS DS DS DS DS DS 5 5 5 9 5 5 5 5 2 2 2 2 2 2

10. Information Security Management Service Design Production, review and revision of an overall Information Security Policy Communication, Implementation and enforcement of Security Policy Assessment and classification of all information assets and documentation Implementation, review and revision and improvement security controls Monitor and management of all security breaches and major security incidents Analysis, reporting and reduction of the volumes and impact of security breaches and incidents Schedule and completion of security reviews, audits and penetration tests 11. Supplier Management Service Design Evaluation of new suppliers and contracts Supplier categorization and maintenance Supplier and Contracts Database (SCD) Establishing new suppliers and contracts Supplier and Contract Management and performance Contract renewal and/or termination 12. Transition Planning & Support Transition Strategy Prepare for Service Transition Planning and coordinating Service Transition 13. Change Management Planning and controlling changes Service Transition

AI 4 AI 4 AI 4 AI 4 AI 6 AI 6

Service Transition

AI 6.0 AI 6.4

(c) Glenfis AG

www.glenfis.ch www.itil.org www.ISO20000.ch

V 2.0

Glenfis AG

ITIL V3 COBiT V4.1 Mapping Overview

Seite 4 von 6

ITIL Service Management Process

Change and release scheduling Communications Change decision making and change authorization Ensuring there are remediation plans Chang Advisory Board Emergency Change Handling Measurement and control Management Reporting Understanding the impact of change Continual improvement 14. Service Asset & Configuration Management Configuration Management and Planning Configuration Identification Configuration Control Status accounting and reporting Verification and audit 15. Release & Deployment Management Release and deployment planning Preparation for build, test and deployment Build and test Service testing and pilots Plan and prepare for deployment Perform transfer, deployment and retirement Verify deployment Early life support Review and close deployment Review and close Service Transition 16. Service Validation and Testing Validation and Test Management Plan and Design Test Verify test plan and test design Prepare test environment Perform tests Evaluate exit criteria and report Test clean up and close 17. Evaluation Evaluation plan Understanding the intended effect of a change Understanding the unintended effect of a change Factors for considering the effect of a service change Evaluation of predicted performance Evaluation of actual performance Risk assessment 18. Knowledge Management Knowledge Management Strategy Knowledge Transfer Data and Information Management Using the service knowledge management system 19. Incident Management

Lifecycle Stage

Process
AI AI AI AI AI AI AI AI AI AI 6 6 6 6 6 6 6 6 6 6 9 9 9 9 9 9

Control Objective
AI AI AI AI AI AI AI AI AI AI DS DS DS DS DS DS AI AI AI AI AI AI AI AI AI AI AI AI AI AI AI AI AI AI AI 6.4 6.4 6.2 6.1 6.1 6.3 6.4 6.4 6.2 6.1 9.0 9.1 9.2 9.1 9.1 9.3 7.0 7.3 7.2 7.6 7.6 7.3 7.8 7.9 7.8 7.9 7.9 7.6 7.4 7.2 7.2 7.4 7.6 7.7 7.7

Description
Change Status Tracking and Reporting Change Status Tracking and Reporting Impact Assessment, Prioritization and Authorization Change Standards and Procedures Change Standards and Procedures Emergency Changes Change Status Tracking and Reporting Change Status Tracking and Reporting Impact Assessment, Prioritization and Authorization Change Standards and Procedures Manage the Configuration Configuration Repository and Baseline Identification and Maintenance of Configuration Items Configuration Repository and Baseline Configuration Repository and Baseline Configuration Integrity review Install and Accredit Solutions and Changes Implementation Plan Test Plan Testing of Changes Testing of Changes Implementation Plan Promotion to Production Post Implementation Review Promotion to Production Post Implementation Review Post Implementation Review Testing of Changes Test Environment Test Plan Test Plan Test Environment Testing of Changes Final Acceptance Test Final Acceptance Test Project Performance Measurement, Reporting and Monitoring Project Performance Measurement, Reporting and Monitoring Project Performance Measurement, Reporting and Monitoring Project Performance Measurement, Reporting and Monitoring Project Performance Measurement, Reporting and Monitoring Project Performance Measurement, Reporting and Monitoring Project Performance Measurement, Reporting and Monitoring Risk Assessment Knowledge Transfer to Operations and Support Staff Knowledge Transfer to Operations and Support Staff Knowledge Transfer to Operations and Support Staff Enterprise Information Architecture Model Knowledge Transfer to Operations and Support Staff Manage Service Desk and Incidents

Service Transition

DS DS DS DS DS DS

Service Transition

AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 AI 7 PO 10 PO 10 PO 10 PO 10 PO 10 PO 10 PO 10 PO 9 AI 4 AI 4 AI 4 PO 2 AI 4 DS 8

Service Transition

Service Transition

PO 10.13 PO 10.13 PO 10.13 PO 10.13 PO 10.13 PO 10.13 PO 10.13 PO 9.4 AI 4.4 AI 4.4 AI 4.4 PO 2.1 AI 4.4 DS 8.0

Service Transition

Service Operation

(c) Glenfis AG

www.glenfis.ch www.itil.org www.ISO20000.ch

V 2.0

Glenfis AG

ITIL V3 COBiT V4.1 Mapping Overview

Seite 5 von 6

ITIL Service Management Process

Incident Identification Incident Logging Incident categorization Incident prioritization Initial diagnosis Incident escalation Investigation and diagnosis Resolution and recovery Incident closure 20. Event Management Event occurs Event notification Event detection Event filtering Significance of events Event correlation Trigger Response selection Review and actions Close event 21. Request Fulfilment Menu selection Financial approval Other approval Fulfilment Closure 22. Problem Management Problem detection Problem logging Problem categorization Problem prioritization Workarounds Raising a known Error record Problem resolution Problem closure Major Problem review Errors detect in the development environment 23. Access Management Requesting access Verification Providing rights Monitoring identity status Logging and tracking access Removing or restricting rights 24. Reporting Define targeted Audience Define Business Views Agreement on what to monitor and report Monitor against Service Level targets Reporting workloads, trends non-compliance

Lifecycle Stage

Process
DS DS DS DS DS DS DS DS DS 8 8 8 8 8 8 8 8 8

Control Objective
DS DS DS DS DS DS DS DS DS 8.2 8.2 8.2 8.2 8.2 8.3 8.3 8.3 8.4

Description
Registration of Customer Registration of Customer Registration of Customer Registration of Customer Registration of Customer Incident Escalation Incident Escalation Incident Escalation Incident Closure Queries Queries Queries Queries Queries

Service Operation

DS DS DS DS DS DS DS DS DS DS DS

13 13 13 13 13 13 13 13 13 13 13 8 8 8 8 8 8

DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS 13.3 DS DS DS DS DS DS 8.1 8.1 8.1 8.1 8.1 8.1

IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring IT Infrastructure Monitoring Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Manage Problems Identification and Classification of Problems Identification and Classification of Problems Identification and Classification of Problems Identification and Classification of Problems Problem Tracking and Resolution Problem Tracking and Resolution Problem Tracking and Resolution Problem Closure Problem Closure Knowledge Transfer to Operations and Support Staff User Account Management User Account Management Identity Management User Account Management User Account Management User Account Management User Account Management Monitor and Evaluate IT Performance Monitoring Approach Definition and Collection of Monitoring Data Monitoring Approach Performance Assessment Monitoring of Internal Control Framework/Integrated Reporting

Service Operation

DS DS DS DS DS DS

Service Operation

DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 DS 10 AI 4 DS 5 DS5 DS5 DS5 DS5 DS5 DS5 ME 1 ME 1 ME 1 ME 1 ME 1 ME 2/ME 3

DS 10 DS 10.1 DS 10.1 DS 10.1 DS 10.1 DS 10.2 DS 10.2 DS 10.2 DS 10.3 DS 10.3 AI 4.4 DS DS DS DS DS DS DS 5.3 5.3 5.2 5.3 5.3 5.3 5.3

Service Operation

Continual Service Improvement

ME 1.0 ME 1.1 ME 1.2 ME 1.1 ME 1.4 ME 2.1/ME 3.5

(c) Glenfis AG

www.glenfis.ch www.itil.org www.ISO20000.ch

V 2.0

Glenfis AG

ITIL V3 COBiT V4.1 Mapping Overview

Seite 6 von 6

ITIL Service Management Process

25. Service Measurement & Control Developing a Service Management Framework Defining what to measure Setting targets Service Management process measurement Creating a measurement framework grid Interpreting and using metrics Interpreting metrics Using measurement and metrics Creating scorecard and reports 26. Return on Investment on CSI Creating a return on Investment Establishing the business case Measuring benefits achieved

Lifecycle Stage
Continual Service Improvement

Process
ME ME ME ME ME ME ME ME ME ME ME ME ME ME 1 1 1 1 1 1 2 2 1 1 4 4 4 4

Control Objective
ME ME ME ME ME ME ME ME ME ME ME ME ME ME 1.3 1.3 1.2 1.3 1.1 1.1 2.2 2.2 1.4 1.5 4.3 4.3 4.3 4.3

Description
Monitoring Method Monitoring Method Definition and Collection of Monitoring Data Monitoring Method Monitoring Approach Monitoring Approach Supervisory Review Supervisory Review Performance Assessment Board and Executive Reporting Value Delivery Value Delivery Value Delivery Value Delivery

Continual Service Improvement

(c) Glenfis AG

www.glenfis.ch www.itil.org www.ISO20000.ch

V 2.0