« What is ITIL? (Free Introductory Guide) | Main | Root Cause Analysis for Beginners (and something for the rest of us!) »

ITIL, CoBIT and ISO: Overlap Or Complement?

By Jean-Pierre Garbani with Laura Koetzle and Thomas Powell.

In this excellent article the authors attempt to highlight the real differences between ITIL, CoBIT and ISO. Originally published on the CIO website.

To quote the article directly, “Today, Forrester estimates that 30% of $1 billion-plus companies are experimenting with ITIL and between 12% and 13% have implemented ITIL. However, ITIL is relatively weak in security controls and weaker yet in metrics and outsourcing, two areas where ISO and COBIT shine.”

"The three different best practices frameworks cover different domains:-

ISO 17799. This international standard — of which International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) released a revised version in June 2005 — aims to improve the practices and organizations around information security. It defines a global approach to security management that touches the responsibilities and organizations responsible for security as well as the policies, critical asset classification, and risk management. It is best used when security certification and overall definition of all security processes — logical and physical — is needed and basic rules for security defined.

ITIL. Originally created by the UK government, ITIL summarizes best practices for the implementation of IT management processes. ITIL defines the processes to be implemented to deliver and support IT services (most of the time, IT services today equal applications) focusing on the business (IT’s customer). The ITIL philosophy revolves around the service desk as a communication platform and the configuration management database (CMDB).

COBIT. COBIT compiles an up-to-date international set of generally accepted control objectives for day-to-day use by business managers and IT managers. It addresses IT governance and the key performance indicators associated with process improvement. At first glance, COBIT seems to overlap considerably with ITIL, but COBIT has clearly been influenced by problems raised by the insurance industry. Mergers and acquisitions, unification of processes, outsourcing and audits are main chapters of the COBIT framework.

Here are the strengths and weaknesses of each:-

ISO 17999 provides security controls. It does not provide implementation guidance and does not specifically address how these processes fit into the overall IT management processes.

ITIL is strong on delivery and support processes. It describes how to structure operational processes but is weak on security controls and processes.

COBIT is focused on controls and metrics. It also lacks a security component but provides a more global view of IT processes at the IT organization management principles than ITIL.

ISO, ITIL, And COBIT: Complementary Or Overlapping?

Looking at these three frameworks, we reach the conclusion that they do in fact complement each other: you can supplement the IT operational process strengths of ITIL with the critical success factors (CSF) and key performance indicators (KPI) of COBIT, and both can make good use of the security processes and controls defined in ISO.

Examples of complementary elements between ITIL Service Support, COBIT, and ISO are:-

Incident management. Defined as an ITIL service support process, it has an ISO complement in case of security incidents as well as a COBIT delivery and support chapter.

Problem management. The COBIT delivery and support chapter defines incident and problem management processes that complement the ITIL problem management process.

Change, configuration, and release management. These ITIL processes have a direct complement in COBIT’s change management and configuration changes as well as in ISO’s operational change control, controls against viruses, and third-party security requirements.

COBIT and ISO also provide guidance, key indicators, and controls for the definition of service-level agreements, capacity planning, availability management, and business continuity, which complement ITIL service delivery processes."

Obviously we should add to this mix the introduction of ISO20000 the new international standard for IT Service Management.

Resources: -

Read the Full Article Here

Want an Overview of ISO20000? Read it Here

Need more information on ISO20000? Find it Here

Need more on information CoBIT? Find it Here

April 26, 2006 in ISO20000, ITIL Best Practice |

Digg This | Save to del.icio.us

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451f61c69e200d8352b1d5553ef

Listed below are links to weblogs that reference ITIL, CoBIT and ISO: Overlap Or Complement?:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Categories

Learn About ITIL

Recent Comments

Archives

More...

Categories

Recent Posts

About

My Photo

About ITIL

ITIL Books

Notable Sites and Blogs

Latest...

Subscribe to this blog's feed

ITIL Training Latest

    follow me on Twitter

    Social Bookmarks

    • Social Bookmarks
      Click To Bookmark
      Add to: Del.icio.us Add to: StumbleUpon Add to: Furl Add to: Google Add to: Technorati Information

    Success Strategies

    • Success Strategies
      Success Strategies for the Crazy Busy