Aligning COBIT, ITIL and ISO 17799:

Guidance from the IT Governance Institute

and UK Office of Government Commerce

 

Rolling Meadows, IL, USA (3 November 2005)— Best practices such as COBIT, ITIL and ISO 17799 are being used around the world to improve performance, value and control over an organization’s IT investment. Until now, the value and purpose of these standards have been discussed mainly among IT professionals. In today’s business climate, this is not enough. Senior executives need a high-level knowledge of these standards and how they can best be integrated to effectively govern their enterprise’s IT resources.  

 

To help executives and senior business managers better understand the value of these best practices and how they should be aligned to provide the greatest value to their business, the IT Governance Institute (ITGI) and the UK Office of Government Commerce (OGC) jointly released Aligning COBIT, ITIL and ISO 17799 for Business Benefit available as a free download at www.isaca.org and www.itil.co.uk. The document is also supported by itSMF.

 

 “This publication provides an executive briefing on three of the leading bodies of knowledge—all of which were developed by international IT and business leaders—and how they can be used to make an organization stronger, more secure and better positioned for the future,” said Jim Clinch, senior analyst, Knowledge Innovation Standards and Skills Division, OGC, and co-author of Aligning COBIT, ITIL and ISO 17799.

 

According to the publication, COBIT, ITIL and ISO 17799 are valuable to the ongoing growth and success of an organization because:

·        Business managers and boards are demanding better returns from IT investments, particularly since the level of IT expenditure is generally increasing.

·        Best practices help meet regulatory requirements for IT controls in areas such as privacy and financial reporting.

·        Organizations face increasingly complex IT-related risks, such as network security.

·        Organizations can optimize costs by following standardized—rather than specially developed—approaches.

·        Best practices help organizations assess how they are performing against generally accepted standards and against their peers.

 

Aligning COBIT, ITIL and ISO 17799 also explains how the three standards work together—using COBIT as an overall control framework for IT governance, and ITIL and ISO 17799 to supply detailed, standardized processes. Each of COBIT’s 34 IT processes and high-level control objectives is mapped to specific sections of ITIL and ISO 17799.

 

“Control over IT offers great benefits for the whole business. While effective IT control certainly mitigates risks and helps companies comply with regulations, it also enables a company to take advantage of new technology and move ahead faster in the competitive marketplace,” said Gary Hardy, advisor to the ITGI Committee and co-author of the document

 

About ITGI

The IT Governance Institute® (ITGI) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT-related risks and opportunities. The IT Governance Institute developed Control Objectives for Information and related Technology (COBIT) and offers original research and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities.

 

About COBIT

COBIT® (Control Objectives for Information and related Technology®), issued by ITGI, is internationally accepted as good practice for control over information, IT and related risks. COBIT is used to implement governance over IT and improve IT controls. It contains control objectives, audit guidelines, performance and outcome metrics, critical success factors and maturity models. Much of COBIT is available for complimentary download at www.isaca.org/cobit. COBIT 4.0 will be released in fourth quarter 2005.

 

About OGC

The mission of the UK’s Office of Government Commerce (OGC) (www.ogc.gov.uk) is to work with the public sector as a catalyst to achieve efficiency, value for money in commercial activities and improved success in the delivery of programmes and projects. OGC supports the achievement of its targets through concentrating its efforts in a wide- ranging programme supporting three significant activities in public sector organisations—improving efficiency, programme and project management, and procurement. OGC provides best practice in service management (ITIL), project management (PRINCE2), programme management (MSP) and management of risk (MoR).

 

About ITIL

The IT Infrastructure Library (ITIL®) is the most widely accepted approach to IT service management in the world. ITIL provides a comprehensive and consistent set of best practices for IT service management, promoting a quality approach to achieving business effectiveness and efficiency in the use of information systems. ITIL is owned by OGC.

 

Media Contacts for ITGI

Kristen Bertholomey, +1.847.590.7455, kbertholomey@isaca.org

Deborah Vohasek, +1.847.590.7466, dvohasek@isaca.org

 

Media Contact for OGC

Adrian Ient, +44 (0)20 7271 1366,  adrian.ient@ogc.gsi.gov.uk