Search Posts

Category: Lifecycle

Monitor, Evaluate and Assess (COBIT 2019)

Parent PRF: COBIT 2019


01Managed Performance and Conformance Monitoring
02Managed System of Internal Control
03Managed Compliance With External Requirements
04Managed Assurance

MEA01: Managed Performance and Conformance Monitoring

Collect, validate and evaluate enterprise and alignment goals and metrics. Monitor that processes and practices are performing against agreed performance and conformance goals and metrics. Provide reporting that is systematic and timely.

Provide transparency of performance and conformance and drive achievement of goals.

MEA02: Managed System of Internal Control

Continuously monitor and evaluate the control environment, including self-assessments and self-awareness. Enable management to identify control deficiencies and inefficiencies and to initiate improvement actions. Plan, organize and maintain standards for internal control assessment and process control effectiveness.

Obtain transparency for key stakeholders on the adequacy of the system of internal controls and thus provide trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risk.

MEA03: Managed Compliance with External Requirements

Evaluate that I&T processes and I&T-supported business processes are compliant with laws, regulations and contractual requirements. Obtain assurance that the requirements have been identified and complied with; integrate IT compliance with overall enterprise compliance.

Ensure that the enterprise is compliant with all applicable external requirements.

MEA04: Managed Assurance

Plan, scope and execute assurance initiatives to comply with internal requirements, laws, regulations and strategic objectives. Enable management to deliver adequate and sustainable assurance in the enterprise by performing independent assurance reviews and activities.

Enable the organization to design and develop efficient and effective assurance initiatives, providing guidance on planning, scoping, executing and following up on assurance reviews, using a road map based on well-accepted assurance approaches.

Continual Service Improvement (ITIL)

Parent Process Reference Framework:  ITIL

Continual Service Improvement

The purpose of the CSI stage of the lifecycle with changing business needs by identifying and implementing improvements to IT services that support business processes. 

The objectives of CSI are to: 

  • Review, analyse, prioritise and make recommendations on improvement opportunities across the entire ITSM lifecycle phases – strategy, design, transition and operations 
  • Review and analyse service level achievement 
  • Identify and implement specific activities to IT service quality and improve the efficiency and effectiveness of the enabling processes 
  • Improve cost effectiveness of delivering IT services 
  • Ensure applicable quality management methods are used to support continual improvement activities 
  • Ensure that processes have clearly defined objectives and measurements that lead to actionable improvements 
  • Understand what to measure, why it is being measured and what the successful outcome should be 

CSI is based on the Plan-Do-Check-Act approach. 

  • What is the vision?  
  • Where are we now?  
  • Where do we want to be?  
  • How do we get there?  
  • Did we get there?  
  • How do we keep up the momentum?  

CSI uses a 7-step process for improvement 

  • Define the objectives. 
  • Determine what to measure. 
  • Collect the data. 
  • Process the data. 
  • Analyze the data. 
  • Present and use the information. 
  • Implement improvement 

Related Frameworks

The intent of CSI can be achieved through any improvement framework like Lean, Six Sigma,  Total Quality Management. 

Continual Service Improvement’s 7-step improvement approach closely aligned with Lean Six Sigma’s  DMAIC process approach. 


SFIA’s  Business Process Improvement skill addresses the requirements of CSI.


ITIL specialist and Masters level certification can be one path way to develop the skills in Continual Service Improvement. In addition, Lean Six Sigma certification can be considered to specialise in CSI.

ITIL Training and Certification

Supplier Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Supplier Management

The supplier management process ensures that suppliers and the services they provide are managed to support IT service targets and business expectations.  

It is essential that supplier management processes and planning are involved in all stages of the service lifecycle. 

The main objectives of the supplier management process are to: 

  • Obtain value for money from suppliers and contracts 
  • Ensure that contracts with suppliers are aligned to business needs 
  • Manage relationship with suppliers 
  • Manage supplier performance 
  • Negotiate and agree contracts with suppliers and manage them though their lifecycle 
  • Maintain a supplier policy and supporting supplier and contract management information system (SCIMS) 


Certification and Training

ITIL Training and Certification

Information Security Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Information Security Management

The purpose of the information security management process is to align IT security with business security and ensure that the confidentiality, integrity and availability of the organisation’s assets, information, data and IT services always matches the agreed needs of the business. 

The objectives of Information Security Management are to ensure that:  

  •  Information is observed by or disclosed to only those who have a right to know (confidentiality) 
  •  Information is complete, accurate, and protected against unauthorized modification (integrity) 
  • Information is available and usable when required, and the systems that provide it can appropriately resist attacks and recover from or prevent failures (availability) 
  •  Business transactions, as well as information exchanges between enterprises or with partners, can be trusted (authenticity and non-repudiation 


SFIA Information Security skill:

Certification and Training 

Information Security is a specialised area with different specialisations.

IT Service Continuity Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

IT Service Continuity Management

The purpose of the IT service continuity management process is to support the overall Business Continuity Management (BCM) process by ensuring that the IT service provider can always provide minimum agreed business continuity related service levels. To achieve this outcome, business and IT identify and manage the risks. 

The objectives of ITSCM are to: 

  • Produce and maintain a set of IT service continuity plans that support the overall business continuity plans 
  • Ensure that the continuity plans are maintained in line with the changing business impacts and requirements 
  • Conduct regular risk assessment and management exercises 
  • Provide guidance to other areas of business regarding IT service continuity 
  • Ensure that appropriate continuity mechanisms are put in place 
  • Ensure the IT changes are assessed on their impact of service continuity 
  • Negotiate and agree contracts with suppliers for the provision of the necessary recovery capacity 


SFIA Continuity Management addresses the skills requirement for IT Service Continuity Management.


ITIL Training and Certification

Capacity Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Capacity Management

The purpose of Capacity Management process is to ensure that the capacity of IT services and IT infrastructure meet the agreed capacity and performance related requirements. Capacity management should consider both current and future needs of the business and address the capacity needs in a cost effective and timely manner. 

The objectives of capacity management are to: 

  • Produce and maintain an appropriate and up-to-date capacity plan, which reflects the current and future needs of the business 
  • Provide advice and guidance to other areas of the business on capacity and performance related issues 
  • Ensure that service performance achievements meet targets 
  • Assist with the diagnosis and resolution of performance and capacity related incident and problems 
  • Assess the impact of all changes on the capacity plan 
  • Ensure that proactive measures to improve the performance of services are implemented in a cost-effective manner 


SFIA Capacity Management addresses the skills required.


ITIL Training and Certification

Availability Management 

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Availability Management

The purpose of the availability management process is to ensure that the level of availability delivered in all IT services meets the agreed availability needs and service level targets. Availability management is concerned with meeting both the current and future availability needs of the business. 

The objectives of availability management are to: 

  • Produce and maintain an appropriate and up-to-date availability plan that reflects the current and future needs of the business 
  • Provide advice and guidance to all other areas of the business and IT on all availability related issues 
  • Ensure that service availability achievements meet all their agreed targets by managing services and resources related availability performance 
  • Assist with the diagnosis and resolution of all availability related incidents and problems 
  • Assess the impact of all changes on the availability plan and the availability of all services and resources 
  • Ensure that proactive measures to improve the availability of services implemented 


SFIA skill  Availability Management addresses the skills required.


ITIL Training and Certification

Service Level Management

Parent Process Reference Framework:  ITIL

Parent Lifecycle:  Service Design

Service Level Management (SLM)

The goal of ITIL Service Level Management is to ensure that agreed levels of current IT services are provided, and future services can be delivered within agreed targets. The objectives of Service Level Management are to: 

  • Define, document, agree, monitor, measure, report and review the level of IT services provided 
  • Investigate corrective actions when necessary 
  • maintain good relationships with both business and customers 
  • Ensure that specific and measurable targets are developed for all IT services 
  • Ensure clear and unambiguous expectations of the delivered service levels 
  • Implement proactive measures for service level improvement whenever costs can be justified. 


SFIA skill Service Level Management addresses the skills for SLM. SFIA considers the skill as a senior leadership skill (level 7).


ITIL Training and Certification

Deliver, Service and Support (COBIT 2019)

Parent Process Reference Framework (PRF):  COBIT

01 Managed Operations
02 Managed Service Requests and Incidents
03 Managed Problems
04 Managed Continuity
05 Managed Security Services
06 Managed Business Process Controls

DSS01: Managed Operations

Coordinate and execute the activities and operational procedures required to deliver internal and outsourced IT services. Include the execution of predefined standard operating procedures and the required monitoring activities

Deliver IT operational product and service outcomes as planned.

DSS02: Managed Service Requests and Incidents

Provide timely and effective response to user requests and resolution of all types of incidents. Restore normal service; record and fulfil user requests; and record, investigate, diagnose, escalate and resolve incidents.

Achieve increased productivity and minimize disruptions through quick resolution of user queries and incidents. Assess the impact of changes and deal with service incidents. Resolve user requests and restore service in response to incidents

DSS03: Managed Problems

Identify and classify problems and their root causes. Provide timely resolution to prevent recurring incidents. Provide recommendations for improvements.

Increase availability, improve service levels, reduce costs, improve customer convenience and satisfaction by reducing the number of operational problems, and identify root causes as part of problem resolution.

DSS04: Managed Continuity

Establish and maintain a plan to enable the business and IT organizations to respond to incidents and quickly adapt to disruptions. This will enable continued operations of critical business processes and required I&T services and maintain availability of resources, assets and information at a level acceptable to the enterprise.

Adapt rapidly, continue business operations and maintain availability of resources and information at a level acceptable to the enterprise in the event of a significant disruption (e.g., threats, opportunities, demands).

DSS05: Managed Security Services

Protect enterprise information to maintain the level of information security risk acceptable to the enterprise in accordance with the security policy. Establish and maintain information security roles and access privileges. Perform security monitoring.

Minimize the business impact of operational information security vulnerabilities and incidents.

DSS06: Managed Business Process Controls

Define and maintain appropriate business process controls to ensure that information related to and processed by in-house or outsourced business processes satisfies all relevant information control requirements. Identify the relevant information control requirements. Manage and operate adequate input, throughput and output controls (application controls) to ensure that information and information processing satisfy these requirements.

Maintain information integrity and the security of information assets handled within business processes in the enterprise or its outsourced operation.

Build, Acquire and Implement (COBIT 2019)

Parent Process Reference Framework (PRF):   COBIT

01 Managed Programs
02 Managed Requirements Definition
03 Managed Solutions Identification and Build
04 Managed Availability and Capacity
05 Managed Organisational Change
06 Managed IT Changes
07 Managed Change Acceptance and Transitioning
08 Managed Knowledge
09 Managed Assets
10 Managed Configuration
11Managed Projects

BAI01: Managed Programs

Manage all programs from the investment portfolio in alignment with enterprise strategy and in a coordinated way, based on a standard program management approach. Initiate, plan, control, and execute programs, and monitor expected value from the program.

Realize desired business value and reduce the risk of unexpected delays, costs and value erosion. To do so, improve communications to and involvement of business and end users, ensure the value and quality of program deliverables and follow up of projects within the programs, and maximize program contribution to the investment portfolio.

BAI02: Managed Requirements Definition

Identify solutions and analyze requirements before acquisition or creation to ensure that they align with enterprise strategic requirements covering business processes, applications, information/data, infrastructure and services. Coordinate the review of feasible options with affected stakeholders, including relative costs and benefits, risk analysis, and approval of requirements and proposed solutions.

Create optimal solutions that meet enterprise needs while minimizing risk.

BAI03: Managed Solutions Identification and Build

Establish and maintain identified products and services (technology, business processes and workflows) in line with enterprise requirements covering design, development, procurement/sourcing and partnering with vendors. Manage configuration, test preparation, testing, requirements management and maintenance of business processes, applications, information/data, infrastructure and services.

Ensure agile and scalable delivery of digital products and services. Establish timely and cost-effective solutions (technology, business processes and workflows) capable of supporting enterprise strategic and operational objectives.

BAI04: Managed Availability and Capacity

Balance current and future needs for availability, performance and capacity with cost-effective service provision. Include assessment of current capabilities, forecasting of future needs based on business requirements, analysis of business impacts, and assessment of risk to plan and implement actions to meet the identified requirements.

Maintain service availability, efficient management of resources and optimization of system performance through prediction of future performance and capacity requirements.

BAI05: Managed Organisational Change

Maximize the likelihood of successfully implementing sustainable enterprisewide organizational change quickly and with reduced risk. Cover the complete life cycle of the change and all affected stakeholders in the business and IT.

Prepare and commit stakeholders for business change and reduce the risk of failure.

BAI06: Managed IT Changes

Manage all changes in a controlled manner, including standard changes and emergency maintenance relating to business processes, applications and infrastructure. This includes change standards and procedures, impact assessment, prioritisation and authorisation, emergency changes, tracking, reporting, closure and documentation.

Enable fast and reliable delivery of change to the business. Mitigate the risk of negatively impacting the stability or integrity of the changed environment.

BAI07: Managed Change Acceptance and Transitioning

Formally accept and make operational new solutions, including implementation planning, system and data conversion, acceptance testing, communication, release preparation, promotion to production of new or changed business processes and IT services, early production support, and a post-implementation review.

Implement solutions safely and in line with the agreed expectations and outcomes.

BAI08: Managed Knowledge

Maintain the availability of relevant, current, validated and reliable knowledge and management information to support all process activities and to facilitate decision making related to the governance and management of enterprise IT. Plan for the identification, gathering, organizing, maintaining, use and retirement of knowledge.

Provide the knowledge and information required to support all staff in the governance and management of enterprise I&T and allow for informed decision making.

BAI09: Managed Assets

Manage IT assets through their life cycle to make sure that their use delivers value at optimal cost, they remain operational (fit for purpose), and they are accounted for and physically protected. Ensure that those assets that are critical to support service capability are reliable and available. Manage software licenses to ensure that the optimal number are acquired, retained and deployed in relation to required business usage, and the software installed is in compliance with license agreements.

Account for all IT assets and optimize the value provided by their use.

BAI10: Managed Configuration

Define and maintain descriptions and relationships among key resources and capabilities required to deliver I&T-enabled services. Include collecting configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository.

Provide sufficient information about service assets to enable the service to be effectively managed. Assess the impact of changes and deal with service incidents.

BAI11: Managed Projects

Manage all projects that are initiated within the enterprise in alignment with enterprise strategy and in a coordinated way based on the standard project management approach. Initiate, plan, control and execute projects, and close with a post-implementation review

Realize defined project outcomes and reduce the risk of unexpected delays, costs and value erosion by improving communications to and involvement of business and end users. Ensure the value and quality of project deliverables and maximize their contribution to the defined programs and investment portfolio.

Next Page »