3 Mart 2016 Perşembe

ITIL, Cobit and ISO27001




ITIL, Cobit and ISO27001
Governance framework is for help businesses and organizations implement best practice in their particular fields. IT governance framework should answer some key questions, such as how the IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from the investment it’s making.There are three big governance frameworks for those operating in the Information Technology space are ITIL (Information Technology Infrastructure Library), ISO 27001 (International Standards Organisation) and COBIT (Control Objectives for Information and Related Technology). 
 

ITIL

          

ITIL is stand for Information Technology Library. ITIL is a set of framework for managing IT Service Level and is focused on how IT Services should be used to underpin business goals and objectives.  . Originally developed by the UK government in the 1980s to standardise their growing IT use, it is now used by institutions and businesses of all shapes and sizes. Although ITIL is quite similar with COBIT in many ways, but the basic difference is Cobit set the standard by seeing the process based and risk, and in the other hand ITIL set the standard from basic IT service.








COBIT


Cobit is stand for Control Objective over Information and Related Technology. COBIT is a governance framework aimed at regulatory compliance and risk management.The Cobit main function is to help the company, mapping their IT process to ISACA(Information System Control Standard)  best practices standard. Cobit usually choosen by the company who performing information system audit, whether related to financial audit or general IT audit.





ISO 27001





ISO 27001 is a "Management System”  focused on information security standards.It describes a number of best practice guidelines for ensuring electronic data is maintained in a safe and secure manner. 

ISO27001  is much more different between COBIT and ITIL, because ISO27001 is a security standard, so it has smaller but deeper domain compare to COBIT and ITIL.



AREA

COBIT
ITIL
ISO27001
Function

Mapping IT Process

Mapping IT Service Level Management

Information Security Framework

Area

4 Process and
34 Domain

9 Process
10 Domain

Issuer
ISACA
OGC
ISO Board

Implementation

Information System Audit

Manage Service Level

Compliance to security standard

Consultant
Accounting Firm
IT Consulting Firm
IT Consulting firm

IT Consulting firm, Security Firm, Network Consultant









Implement priority

Implement  priority depends on your company and your requirement. Most of company start to implemented Cobit first because its cover general information system. And after that they usually choose between ITIL or ISO27001.

Another consideration is about budget and authoritive. Cobit implementation usually run from internal audit budget and ITIL or ISO27001 usually performed using IT departement budget. This consideration usually makes what kind of standard to implemented first become depend on management policy.