Penjelasan COBIT 4.0 Framework from wikipedia
COBIT structure
COBIT covers four domains:
- Plan and Organize
- Acquire and Implement
- Deliver and Support
- Monitor and Evaluate
Plan and Organize
The Plan and Organize domain covers the use of information & technology and how best it can be used in a company to help achieve the company’s goals and objectives. It also highlights the organizational and infrastructural form IT is to take in order to achieve the optimal results and to generate the most benefits from the use of IT. The following table lists the IT processes contained in the Planning and Organization domain.
| PO1 | Define a Strategic IT Plan and direction |
| PO2 | Define the Information Architecture |
| PO3 | Determine Technological Direction |
| PO4 | Define the IT Processes, Organization and Relationships |
| PO5 | Manage the IT Investment |
| PO6 | Communicate Management Aims and Direction |
| PO7 | Manage IT Human Resources |
| PO8 | Manage Quality |
| PO9 | Assess and Manage IT Risks |
| PO10 | Manage Projects |
Acquire and Implement
The Acquire and Implement domain covers identifying IT requirements, acquiring the technology, and implementing it within the company’s current business processes. This domain also addresses the development of a maintenance plan that a company should adopt in order to prolong the life of an IT system and its components. The following table lists the IT processes contained in the Acquire and Implement domain.
| AI1 | Identify Automated Solutions |
| AI2 | Acquire and Maintain Application Software |
| AI3 | Acquire and Maintain Technology Infrastructure |
| AI4 | Enable Operation and Use |
| AI5 | Procure IT Resources |
| AI6 | Manage Changes |
| AI7 | Install and Accredit Solutions and Changes |
Deliver and Support
The Deliver and Support domain focuses on the delivery aspects of the information technology. It covers areas such as the execution of the applications within the IT system and its results as well as the support processes that enable the effective and efficient execution of these IT systems. These support processes include security issues and training. The following table lists the IT processes contained in the Deliver and Support domain.
| DS1 | Define and Manage Service Levels |
| DS2 | Manage Third-party Services |
| DS3 | Manage Performance and Capacity |
| DS4 | Ensure Continuous Service |
| DS5 | Ensure Systems Security |
| DS6 | Identify and Allocate Costs |
| DS7 | Educate and Train Users |
| DS8 | Manage Service Desk and Incidents |
| DS9 | Manage the Configuration |
| DS10 | Manage Problems |
| DS11 | Manage Data |
| DS12 | Manage the Physical Environment |
| DS13 | Manage Operations |
Monitor and Evaluate
The Monitor and Evaluate domain deals with a company’s strategy in assessing the needs of the company and whether or not the current system still meets the objectives for which it was designed and the controls necessary to comply with regulatory requirements. Monitoring also covers the issue of an independent assessment of the effectiveness of IT system in its ability to meet business objectives and the company’s control processes by internal and external auditors. The following table lists the IT processes contained in the Monitor and Evaluate domain.
| ME1 | Monitor and Evaluate IT Processes |
| ME2 | Monitor and Evaluate Internal Control |
| ME3 | Ensure Regulatory Compliance |
| ME4 | Provide IT Governance |
No comments:
Post a Comment