TOGAF

The Open Group Architecture Framework (TOGAF) is a framework for Enterprise Architecture which provides a comprehensive approach to the design, planning, implementation, and governance of an enterprise information architecture. It has been developed by Architecture Forum of the Open Group and has continuously evolved since the mid 1990’s. It is provided to organizations free of charge, for their own internal non commercial purposes.

TOGAF is an architecture framework that:

  • describe a methodology for defining an information system in terms of a set of building blocks
  • show how the building blocks fit together
  • contain a set of tools
  • provide a common vocabulary
  • include a list of recommended standards
  • include a list of compliant products that can be used to implement the building blocks

 

The architecture is typically modeled at four levels or domains:

 

Business (or business process) architecture which defines the business strategy, governance, organization, and key business processes of the organization
  • Applications architecture which provides a blueprint for the individual application systems to be deployed, the interactions between the application systems, and their relationships to the core business processes of the organization
  • Data architecture which describes the structure of an organization's logical and physical data assets and the associated data management resources
  • Technical architecture or Technology architecture which describes the hardware, software and network infrastructure needed to support the deployment of core, mission-critical applications


For further information please visit:

www.opengroup.org

 



Microsoft Operations Framework (MOF)

Microsoft® Operations Framework (MOF) 4.0, completed in early 2008, delivers practical guidance for everyday IT practices and activities, helping users establish and implement reliable, cost-effective IT services. It encompasses the entire IT lifecycle by integrating:

 

  • Community-generated processes for planning, delivering, operating, and managing IT
  • Governance, risk, and compliance activities
  • Management reviews
  • Microsoft Solutions Framework (MSF) best practices

 

Structure of MOF 4.0

MOF 4.0 describes the IT service lifecycle in terms of three phases and a foundational layer:

The Plan Phase focuses on ensuring that, from its inception, a requested IT service is reliable, policy-compliant, cost-effective, and adaptable to changing business needs.

The Deliver Phase concerns the envisioning, planning, building, stabilization, and deployment of requested services.

The Operate Phase deals with the efficient operation, monitoring, and support of deployed services in line with agreed-to service level agreement (SLA) targets.

The Manage Layer helps users establish an integrated approach to IT service management activities through the use of risk management, change management, and controls. It also provides guidance relating to accountabilities and role types. MOF organizes IT activities and processes into Service Management Functions (SMFs).


For further information please visit:

http://technet.microsoft.com/en-us/library/cc506049.aspx

 



ISO/IEC 20000

ISO/IEC 20000 (formerly BS 15000) is a standard setting out the requirements for an IT Service Management System.

It consists of two parts: A specification which defines the requirements for an organisation to deliver managed services of an acceptable quality for its customers and a code of practice which describes the best practices for Service Management processes within the scope of ISO/IEC 20000.

The standard is based on the best practice foundation of the IT Infrastructure Library (ITIL) from the Office of Government Commerce (OGC). ISO/IEC 20000 introduces a service culture and provides the methodologies to deliver services that meet defined business requirements and priorities in a manageable way. It also:

Specifies a number of closely related service management processes
 
  • Identifies that relationships exist between these processes, and that these relationships will be dependent on their application within an organisation
  • Provides guideline objectives and controls to enable an organisation to deliver managed services

 

ISO/IEC 20000 specifies five key groups’ service management processes;
 
Service Delivery Processes - including Service Level Management, Availability Management and Capacity Management
  • Relationship Processes - those involving the interfaces between the service provider and both customers and suppliers
  • Resolution Processes - those focused on incidents being resolved or prevented
  • Control Processes - those involved with managing changes, assets and configurations
  • Release Process - looking at the roll-out of new or changed software/hardware

For further information please visit:

www.isoiec20000certification.com/index.asp

 



ISO/IEC 27000

The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

The series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series) and environmental protection (the ISO 14000 series).

The series is a deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organizations of all shapes and sizes. All organizations are encouraged to assess their information security risks, and then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarized by Deming's "plan-do-check-act" approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents.

At present, four of the standards in the series are publicly available (ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005, ISO/IEC 27006) while several more are under development.

ISO/IEC 27000 is scheduled for publication ‘by 2009’. Its scope is to specify the fundamental principles, concepts and vocabulary for the ISO/IEC 27000 (information security management system) series of documents.”

ISO/IEC 27000 will contain the fundamentals and vocabulary, in other words:

 

  • An overview of the ISO27k standards showing how they are used collectively to plan, implement, certify and operate an ISMS, with a basic introduction to information security, risk management and management systems Carefully-worded definitions for the information security-related terms as they are used throughout the ISO27k standards.

 

When released, ISO/IEC 27000 will be free of charge since (a) it introduces and promotes ISO27k as a whole; and (b) there is value in spreading an agreed set of definitions as widely as possible to bring some stability to the field of information security.

For further information please visit:

www.iso.org
www.iec.ch/

 



Capability Maturity Model Integration (CMMI)

Capability Maturity Model® Integration (CMMI) is a process improvement approach that provides organizations with the essential elements of effective processes. It can be used to guide process improvement across a project, a division, or an entire organization. CMMI helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes.

CMMI best practices enable organizations to do the following:

 

  • more explicitly link management and engineering activities to their business objectives expand the scope of and visibility into the product lifecycle and engineering activities to ensure that the product or service meets customer expectations
  • incorporate lessons learned from additional areas of best practice (e.g., measurement, risk management, and supplier management)
  • implement more robust high-maturity practices
  • address additional organizational functions critical to their products and services
  • more fully comply with relevant ISO standards


For further information please visit:

www.sei.cmu.edu

 

 


Six Sigma

Six Sigma is a business management strategy, originally developed by Motorola that today enjoys wide-spread application in many sectors of industry.

Six Sigma seeks to identify and remove the causes of defects and errors in manufacturing and business processes. It uses a set of quality management methods, including statistical methods, and creates a special infrastructure of people within the organization ("Black Belts" etc.) who are experts in these methods. Each Six Sigma project carried out within an organization follows a defined sequence of steps and has quantified financial targets (cost reduction or profit increase).

Six Sigma asserts:

 

  • Continuous efforts to achieve stable and predictable process results (i.e. reduce process variation) are of vital importance to business success.
  • Manufacturing and business processes have characteristics that can be measured, analyzed, improved and controlled.
  • Achieving sustained quality improvement requires commitment from the entire organization, particularly from top-level management.

 

Features that set Six Sigma apart from previous quality improvement initiatives include –

 

  • A clear focus on achieving measurable and quantifiable financial returns from any Six Sigma project.
  • An increased emphasis on strong and passionate management leadership and support.
  • A special infrastructure of "Champions," "Master Black Belts," "Black Belts," etc. to lead and implement the Six Sigma approach
  • A clear commitment to making decisions on the basis of verifiable data, rather than assumptions and guesswork.


Its two key methodologies are:

 

  • DMAIC (define, measure, analyse, improve, control) and
  • DMADV (design, measure, analyse, design, verify).

 
DMAIC is used to improve an existing business process and DMADV is used to create new product or process designs.


Information and links to relevant legislation, standards and frameworks in the Service Management industry:

ASL

ASL (Applications Services Library) is the only public domain standard in the world, dedicated to application management; the maintenance and control, enhancement and renovation of applications. In this framework all relevant processes are described to deliver a full applications management service to the customer/business organisation.

The framework brings the processes together, categorises best practices, as well as creating a glossary of terminology that makes it easier for parties concerned with applications management to communicate with each other.

As a public domain process framework everybody can use the knowledge provided in this framework and it’s related 'best practices'.

The ASL Bill Foundation (formerly ASL foundation) is responsible for the maintenance and renewal of the framework and the related 'best practices'. It seeks to bring business and IT closer together.


For further information about ASL visit:

www.aslbislfoundation.org

 


COBIT

What Is COBIT ™?

The Control Objectives for Information and related Technology (COBIT) is an open standard for IT control and security; a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992.

It consists of 6 components: Executive Summary, Management Guidelines, Control Objectives, COBIT Framework, Audit Guidelines, and Implementation Toolset.

It provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in understanding their IT systems and decide the level of security and control that is necessary to protect their companies assets through the development of an IT governance model.

For further information visit:

www.isaca-central.org.uk/cobit

 


Sarbanes - Oxley Act

The Sarbanes-Oxley Act came into force in July 2002 and introduced major changes to the regulation of corporate governance and financial practice. It is named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects, and it set a number of non-negotiable deadlines for compliance.

The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. The Act contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law.

The Act establishes a new quasi-public agency, the Public Company Accounting Oversight Board, or PCAOB, which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.

As far as compliance is concerned, the most important sections within the Act are 302, 401, 404, 409, 802 and 906.

 



To include further information or add links to this section please email full details to BPLcontent@tso.co.uk