Search Posts

Category: Framework

Monitor, Evaluate and Assess (COBIT 2019)

Parent PRF: COBIT 2019


01Managed Performance and Conformance Monitoring
02Managed System of Internal Control
03Managed Compliance With External Requirements
04Managed Assurance

MEA01: Managed Performance and Conformance Monitoring

Collect, validate and evaluate enterprise and alignment goals and metrics. Monitor that processes and practices are performing against agreed performance and conformance goals and metrics. Provide reporting that is systematic and timely.

Provide transparency of performance and conformance and drive achievement of goals.

MEA02: Managed System of Internal Control

Continuously monitor and evaluate the control environment, including self-assessments and self-awareness. Enable management to identify control deficiencies and inefficiencies and to initiate improvement actions. Plan, organize and maintain standards for internal control assessment and process control effectiveness.

Obtain transparency for key stakeholders on the adequacy of the system of internal controls and thus provide trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risk.

MEA03: Managed Compliance with External Requirements

Evaluate that I&T processes and I&T-supported business processes are compliant with laws, regulations and contractual requirements. Obtain assurance that the requirements have been identified and complied with; integrate IT compliance with overall enterprise compliance.

Ensure that the enterprise is compliant with all applicable external requirements.

MEA04: Managed Assurance

Plan, scope and execute assurance initiatives to comply with internal requirements, laws, regulations and strategic objectives. Enable management to deliver adequate and sustainable assurance in the enterprise by performing independent assurance reviews and activities.

Enable the organization to design and develop efficient and effective assurance initiatives, providing guidance on planning, scoping, executing and following up on assurance reviews, using a road map based on well-accepted assurance approaches.

Scaled Agile Framework-SAFe

SAFe® (Copyright © Scaled Agile, Inc) is a body of knowledge of principles, practices and competencies for Lean, Agile and DevOps.  The framework is built on the foundations of Agile and provides a structured approach for scaling up the practices across the enterprise. 

Context diagram

SAFe spans across all life cycle stages of ITIL and corresponding COBIT domains.  As SAFe principles and practices are leverage from Lean, Agile, Enterprise Architecture, DevOps practices, the emphasis is on Agility. The waterfall and control practices of ITIL, COBIT are not emphasised.  SAFe defines five competencies and four configurations. The configurations provide a clear blueprint for scalability which was lacking in other Agile frameworks.

Summary ratings:

Please refer the Rating Criteria.

SAFe is released on 2011 and has gone periodic revisions. The industry adoption among large enterprises, especially in the USA is cited. As the scope of SAFe is quite broad, there are no dedicated tools to support. However, the tools that support Agile can be leveraged. It will be good to get an integrated tool that supports the full spectrum of SAFe practices including Lean Budgets, Value Streams, Enterprise Architecture, Release Train Management etc. 

SAFe provides very good training support including certification. Accredited trainers are available in many countries.

SAFe is not intended for a formal assessment.

Longevity (4 / 5)
Industry Adoption (3 / 5)
Tool Support (2 / 5)
Training Support (5 / 5)
Assessment Support (0 / 5)

Competencies and Configurations

SAFe is organised based on competencies and “configurations”.  There are five competencies. 

Lean-Agile Leadership 

The Lean-Agile Leadership competency describes how Lean-Agile Leaders drive and sustain organizational change and operational excellence by empowering individuals and teams to reach their highest potential. They do this by learning, exhibiting, teaching, and coaching SAFe’s Lean-Agile mindset, values, principles, and practices. 

Team and Technical Agility 

The Team and Technical Agility competency describes the critical skills and Lean-Agile principles and practices that are needed to create high-performing Agile teams who create high-quality, well designed technical solutions. 

Team agility is the first half of this competency. Agile teams operate as a collaboration between the Business Owners, developers, and testers to create alignment, common understanding, and quick, predictable delivery of value. These teams have the authority and accountability to manage their own work, increasing productivity, and reducing overall speed-to-market. Agile teams commit to small batches of work, reducing feedback cycles, and adjusting to changing needs. 

Technical agility, the second half of this competency, defines the Agile Software Engineering principles and practices teams use to deliver solutions quickly and reliably. Agile Software Engineering adds Lean-Agile values and principles and eXtreme Programming (XP) practices, agile modeling, proven approaches for software design, and more. 

DevOps and Release-on-Demand 

The DevOps and Release on Demand competency describes how implementing DevOps and a continuous delivery pipeline provides the enterprise with the capability to release value, in whole or in part, at any time necessary to meet market and customer demand. 

Business Solutions and Lean Systems 

The Business Solutions and Lean Systems Engineering competency describes how to apply Lean-Agile principles and practices to the specification, development, deployment, and evolution of large, complex software applications and cyber-physical systems. 

Lean Portfolio Management 

The Lean Portfolio Management competency describes how an enterprise implements Lean approaches to strategy and investment funding, Agile portfolio operations, and Lean governance. 

Configurations are determined depending of the scope of the implementation.  

There are four configurations: 

Essential SAFe:  

The Essential SAFe configuration is the basic building block for all SAFe configurations and is the simplest starting point for implementation. It provides the Lean-Agile Leadership competency, the Team and Technical Agility competency, and the DevOps and Release on Demand competency. 

Large Solution SAFe: 

The Large Solution SAFe configuration introduces the Business Solutions and Lean Systems Engineering competency, which supports those building the largest and most complex solutions that require multiple Agile Release Trains and Suppliers, but do not require portfolio-level considerations. 

Portfolio SAFe: 

The Portfolio SAFe configuration provides the Lean Portfolio Management competency which aligns portfolio execution to enterprise strategy. It organizes development around the flow of value through one or more value streams. 

Portfolio SAFe provides business agility through principles and practices for portfolio strategy and investment funding, Agile portfolio operations, and Lean governance. 

Full SAFe 

The Full SAFe configuration includes all Five Core Competencies of the Lean Enterprise. It is the most comprehensive version of the Framework and supports enterprises that build and maintain a portfolio of large and complex solutions.


SAFe requires multiple skills including Governance, Enterprise Architecture, Portfolio Management, Systems Development and Management, Software Design,

SFIA skills includes both predictive project management (water-fall approach) and adaptive approaches like Agile.


Enterprise Architecture

Portfolio Management

Project Management

Systems Development and Management

Software Design

Programme Management

Project Management


SAFe provides a wide range of training courses.


SAFe essential can be implemented with existing Agile tool sets.





Lean Six Sigma

Lean Six Sigma is a structured methodology to improve the business and IT processes. Depending upon the scope of implementation Lean Six Sigma can be defined as philosophy, methodology, tool set or metrics. 1

Lean Six Sigma is a combination of two improvement methodologies – “Lean” and “Six Sigma”. Lean focuses on reducing the non-value activities in a process sequence of delivering a service/product to customers.  Six-Sigma is a structured approach employing various statistical tools to improve the performance.

In the current business environment, “Lean” can be deployed without combining with Six-Sigma. However,  Six-Sigma is always deployed as “Lean Six Sigma”.

Summary ratings:

Please refer the Rating Criteria.

Six Sigma is based on statistical process control which is centuries old. The Six Sigma as we know was introduced by Motorola and publicly shared after 1988.

The focus of industry adoption in the context of IT Service Management or Enterprise Service Management is not as high as the adoption in manufacturing sector.

Lean Six Sigma practitioners use statistical tools include Advanced Excel, SPSS and Minitab.  These are generic tools and not tailored for Six Sigma and IT Service Management.

Until a decade ago, each enterprise adopted their own Lean Six Sigma certification programs. The curriculum and rigour varied between the companies. Currently there are independent certification providers.

Lean Six Sigma does not support any assessment.

Longevity (5 / 5)
Industry Adoption (4 / 5)
Tool Support (3 / 5)
Training Support (3 / 5)
Assessment Support (0 / 5)

Context Diagam

Lean Six Sigma can be implemented as part of Continual Service Management life cycle of ITIL.  It should be noted that Lean Six Sigma is not specific to IT and can be used to improve any business process.


Lean Six Sigma typically follows the following process approach.2. The approach can be tailored by different projects depending upon the nature of improvement or design.  The process stages need not be linear and often involve iterative loops.

  • Define the problem, improvement activity, opportunity for improvement, the project goals, and customer (internal and external) requirements.
  • Measure process performance.
  • Analyze the process to determine root causes of variation, poor performance (defects).
  • Improve process performance by addressing and eliminating the root causes.
  • Control the improved process and future process performance.

Related Frameworks/processes:

ITIL Continual Service Improvement


SFIA’s  Business Process Improvement

Certification and Training

There are two major certification bodies for Lean Six Sigma. The ASQ certification requires an examination and completion of a project for Black Belt Certification.

The International Association for Six Sigma Certification (IASSC) is a Professional Association that is an independent certification body that accredits training providers.  IASSC certifications do not mandate project completion as a requirement of certification

No review box found! Insert a valid box ID.

Continual Service Improvement (ITIL)

Parent Process Reference Framework:  ITIL

Continual Service Improvement

The purpose of the CSI stage of the lifecycle with changing business needs by identifying and implementing improvements to IT services that support business processes. 

The objectives of CSI are to: 

  • Review, analyse, prioritise and make recommendations on improvement opportunities across the entire ITSM lifecycle phases – strategy, design, transition and operations 
  • Review and analyse service level achievement 
  • Identify and implement specific activities to IT service quality and improve the efficiency and effectiveness of the enabling processes 
  • Improve cost effectiveness of delivering IT services 
  • Ensure applicable quality management methods are used to support continual improvement activities 
  • Ensure that processes have clearly defined objectives and measurements that lead to actionable improvements 
  • Understand what to measure, why it is being measured and what the successful outcome should be 

CSI is based on the Plan-Do-Check-Act approach. 

  • What is the vision?  
  • Where are we now?  
  • Where do we want to be?  
  • How do we get there?  
  • Did we get there?  
  • How do we keep up the momentum?  

CSI uses a 7-step process for improvement 

  • Define the objectives. 
  • Determine what to measure. 
  • Collect the data. 
  • Process the data. 
  • Analyze the data. 
  • Present and use the information. 
  • Implement improvement 

Related Frameworks

The intent of CSI can be achieved through any improvement framework like Lean, Six Sigma,  Total Quality Management. 

Continual Service Improvement’s 7-step improvement approach closely aligned with Lean Six Sigma’s  DMAIC process approach. 


SFIA’s  Business Process Improvement skill addresses the requirements of CSI.


ITIL specialist and Masters level certification can be one path way to develop the skills in Continual Service Improvement. In addition, Lean Six Sigma certification can be considered to specialise in CSI.

ITIL Training and Certification

Supplier Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Supplier Management

The supplier management process ensures that suppliers and the services they provide are managed to support IT service targets and business expectations.  

It is essential that supplier management processes and planning are involved in all stages of the service lifecycle. 

The main objectives of the supplier management process are to: 

  • Obtain value for money from suppliers and contracts 
  • Ensure that contracts with suppliers are aligned to business needs 
  • Manage relationship with suppliers 
  • Manage supplier performance 
  • Negotiate and agree contracts with suppliers and manage them though their lifecycle 
  • Maintain a supplier policy and supporting supplier and contract management information system (SCIMS) 


Certification and Training

ITIL Training and Certification

Information Security Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Information Security Management

The purpose of the information security management process is to align IT security with business security and ensure that the confidentiality, integrity and availability of the organisation’s assets, information, data and IT services always matches the agreed needs of the business. 

The objectives of Information Security Management are to ensure that:  

  •  Information is observed by or disclosed to only those who have a right to know (confidentiality) 
  •  Information is complete, accurate, and protected against unauthorized modification (integrity) 
  • Information is available and usable when required, and the systems that provide it can appropriately resist attacks and recover from or prevent failures (availability) 
  •  Business transactions, as well as information exchanges between enterprises or with partners, can be trusted (authenticity and non-repudiation 


SFIA Information Security skill:

Certification and Training 

Information Security is a specialised area with different specialisations.

IT Service Continuity Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

IT Service Continuity Management

The purpose of the IT service continuity management process is to support the overall Business Continuity Management (BCM) process by ensuring that the IT service provider can always provide minimum agreed business continuity related service levels. To achieve this outcome, business and IT identify and manage the risks. 

The objectives of ITSCM are to: 

  • Produce and maintain a set of IT service continuity plans that support the overall business continuity plans 
  • Ensure that the continuity plans are maintained in line with the changing business impacts and requirements 
  • Conduct regular risk assessment and management exercises 
  • Provide guidance to other areas of business regarding IT service continuity 
  • Ensure that appropriate continuity mechanisms are put in place 
  • Ensure the IT changes are assessed on their impact of service continuity 
  • Negotiate and agree contracts with suppliers for the provision of the necessary recovery capacity 


SFIA Continuity Management addresses the skills requirement for IT Service Continuity Management.


ITIL Training and Certification

Capacity Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Capacity Management

The purpose of Capacity Management process is to ensure that the capacity of IT services and IT infrastructure meet the agreed capacity and performance related requirements. Capacity management should consider both current and future needs of the business and address the capacity needs in a cost effective and timely manner. 

The objectives of capacity management are to: 

  • Produce and maintain an appropriate and up-to-date capacity plan, which reflects the current and future needs of the business 
  • Provide advice and guidance to other areas of the business on capacity and performance related issues 
  • Ensure that service performance achievements meet targets 
  • Assist with the diagnosis and resolution of performance and capacity related incident and problems 
  • Assess the impact of all changes on the capacity plan 
  • Ensure that proactive measures to improve the performance of services are implemented in a cost-effective manner 


SFIA Capacity Management addresses the skills required.


ITIL Training and Certification

Availability Management 

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Availability Management

The purpose of the availability management process is to ensure that the level of availability delivered in all IT services meets the agreed availability needs and service level targets. Availability management is concerned with meeting both the current and future availability needs of the business. 

The objectives of availability management are to: 

  • Produce and maintain an appropriate and up-to-date availability plan that reflects the current and future needs of the business 
  • Provide advice and guidance to all other areas of the business and IT on all availability related issues 
  • Ensure that service availability achievements meet all their agreed targets by managing services and resources related availability performance 
  • Assist with the diagnosis and resolution of all availability related incidents and problems 
  • Assess the impact of all changes on the availability plan and the availability of all services and resources 
  • Ensure that proactive measures to improve the availability of services implemented 


SFIA skill  Availability Management addresses the skills required.


ITIL Training and Certification

Service Level Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Service Level Management (SLM)

The goal of ITIL Service Level Management is to ensure that agreed levels of current IT services are provided, and future services can be delivered within agreed targets. The objectives of Service Level Management are to: 

  • Define, document, agree, monitor, measure, report and review the level of IT services provided 
  • Investigate corrective actions when necessary 
  • maintain good relationships with both business and customers 
  • Ensure that specific and measurable targets are developed for all IT services 
  • Ensure clear and unambiguous expectations of the delivered service levels 
  • Implement proactive measures for service level improvement whenever costs can be justified. 


SFIA skill Service Level Management addresses the skills for SLM. SFIA considers the skill as a senior leadership skill (level 7).


ITIL Training and Certification

Next Page »