Browse > Home / Project Management News / OGC and ITGI collaborate on official ITIL/COBIT mapping

OGC and ITGI collaborate on official ITIL/COBIT mapping

November 11, 2005 @ erp4it from alphasong

Vote This Post DownVote This Post Up (No Ratings Yet)
Loading ... Loading ...


The producers of the (ITGI) and (OGC/ITSMF) standards have published an official mapping between CobiT and ITIL, which also references ISO 17799. (Since ISO didn't co-author this, I don't consider the ISO mapping official.)

This is a useful piece of work, but I must admit to some mixed feelings. There are various areas where the standard is not covered by at all, including ... DATA MANAGEMENT AND DAMA PEOPLE TAKE NOTE ... all of the guidance around data management. To re-iterate this key point: recognizes the importance of data management; currently does not (although it did in the past).

When a control objective is completely not addressed by , they left the line blank, which is fine. I have more concern about areas where the material is cited as coverage, especially when volumes other than Service Delivery and Service Support are brought in. The Service Delivery and Service Support volumes are the best known parts of by far, they are the basis for all the available training and certification, and they are what people mean when they say they are "doing ." These key volumes have helped standardize language and establish a working consensus as to the kernel of operational IT management. However, has always been more ambitious than that, with its volumes on Application, Security, ICT, and Business Perspective.

These other volumes are more of a mixed bag, unfortunately. As a whole, the library has many useful pieces, but it is far from a canonical framework for all things IT - there are too many gaps, which this mapping makes obvious, and established practitioners in fields such as security and applications development have not rushed to the material.

on the other hand IS quite a comprehensive framework. While it is a set of control objectives, KPIs/KRIs, and maturity models, and does not go into implementation or best practices, much can be inferred from the framework's sinews, and its coverage of the IT lifecycle is complete.

My concern is that this mapping may lead people to think they need look no further than the ascribed coverage for a given control objective. For example, the Acquire and Implement control objectives are repeatedly mapped to the Application Management volume, which (while I have reviewed it favorably) is at best secondary material compared to the rich guidance on delivering systems available from the core practitioners in the fields of software engineering and enterprise architecture.

To summarize: Use this mapping - it's quite handy, but ...

If the objective maps to something in the Service Delivery or Service Support volumes, you may not need to look further, as those volumes are becoming the de facto gold standard for the material they cover.

If the objective maps to some other volume, it may have useful guidance, but you almost certainly have more homework to do. It doesn't end there.

Iconoclastically,

Charlie


This article is syndicated from erp4it . The original article is available here. Read more in Project Management News .

Tags: ,
Reminder : PMToolbox has ZERO tolerance to copyright violation and agrees to follow strictly PMI's Professional Responsibility. That's why each post on this site includes a link to the original version at its source site.

Related Posts

Comments

Got something to say?