"> Lifecycle/Service Value System – Page 2 – Process-Symphony – ITSM Knowledge Orchestrators

Search Knowledge

Category: Lifecycle/Service Value System

Organizational Change Management – BAI05 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Organisational Change

Maximize the likelihood of successfully implementing sustainable enterprisewide organizational change quickly and with reduced risk. Cover the

complete life cycle of the change and all affected stakeholders in the business and IT.


Prepare and commit stakeholders for business change and reduce the risk of failure.

Management Practices

BAI05.01 Establish the desire to change.

Understand the scope and impact of the desired change. Assess stakeholder readiness and willingness to change. Identify actions that will motivate stakeholder acceptance and participation to make the change work successfully.

BAI05.02 Form an effective implementation team.

Establish an effective implementation team by assembling appropriate members, creating trust, and establishing common goals and effectiveness measures.

BAI05.03 Communicate desired vision.

Communicate the desired vision for the change in the language of those affected by it. The communication should be made by senior management and include the rationale for, and benefits of, the change; the impacts of not making the change; and the vision, the road map and the involvement required of the various stakeholders.

BAI05.04 Empower role players and identify short-term wins.

Empower those with implementation roles by assigning accountability. Provide training and align organizational structures and HR processes. Identify and communicate short-term wins that are important from a change-enablement perspective.

BAI05.05 Enable operation and use.

Plan and implement all technical, operational and usage aspects so all those who are involved in the future state environment can exercise their responsibility.

BAI05.06 Embed new approaches.

Embed new approaches by tracking implemented changes, assessing the effectiveness of the operation and use plan, and sustaining ongoing awareness through regular communication. Take corrective measures as appropriate (which may include enforcing compliance).

BAI05.07 Sustain changes.

Sustain changes through effective training of new staff, ongoing communication campaigns, continued commitment of top management, monitoring of adoption and sharing of lessons learned across the enterprise.


Change implementation planning and management CIPM

The definition and management of the process for deploying and integrating new digital capabilities into the business in a way that is sensitive to and fully compatible with business operations.


Organisation design and implementation ORDI

The planning, design and implementation of an integrated organisation structure and culture including the workplace environment, locations, role profiles, performance measurements, competencies and skills. The facilitation of changes needed to adapt to changes in technologies, society, new operating models and business processes. The identification of key attributes of the required culture and how these can be implemented and reinforced to bring about improved organisational performance.


Change (IT) Management – BAI06 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed IT Changes

Manage all changes in a controlled manner, including standard changes and emergency maintenance relating to business processes, applications

and infrastructure. This includes change standards and procedures, impact assessment, prioritization and authorization, emergency changes,

tracking, reporting, closure, and documentation.


Enable fast and reliable delivery of change to the business. Mitigate the risk of negatively impacting the stability or integrity of the changed environment.

Management practices

BAI06.01 Evaluate, prioritize and authorize change requests.

Evaluate all requests for change to determine the impact on business processes and I&T services, and to assess whether change will adversely affect the operational environment and introduce unacceptable risk.

Ensure that changes are logged, prioritized, categorized, assessed, authorized, planned and scheduled.

BAI06.02 Manage emergency changes.

Carefully manage emergency changes to minimize further incidents. Ensure the emergency change is controlled and takes place securely. Verify that emergency changes are appropriately assessed and authorized after the change.

BAI06.03 Track and report change status.

Maintain a tracking and reporting system to document rejected changes and communicate the status of approved, in-process and complete changes. Make certain that approved changes are implemented as planned.

BAI06.04 Close and document the changes.

Whenever changes are implemented, update the solution, user documentation and procedures affected by the change.


Change management – CHMG

The management of change to the service infrastructure including service assets, configuration items and associated documentation. Change management uses requests for change (RFC) for standard or emergency changes, and changes due to incidents or problems to provide effective control and reduction of risk to the availability, performance, security and compliance of the business services impacted by the change.


Change Acceptance (IT) and Transitioning – BAI07 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Change Acceptance and Transitioning

Formally accept and make operational new solutions. Include implementation planning, system and data conversion, acceptance testing,

communication, release preparation, promotion to production of new or changed business processes and I&T services, early production support, and

a post-implementation review.


Implement solutions safely and in line with the agreed expectations and outcomes.

Management Practice

BAI07.01 Establish an implementation plan.

Establish an implementation plan that covers system and data conversion, acceptance testing criteria, communication, training, release preparation, promotion to production, early production support, a fallback/back-up plan, and a post-implementation review. Obtain approval from relevant parties.

BAI07.02 Plan business process, system and data conversion.

Prepare for business process, I&T service data and infrastructure migration as part of the enterprise’s development methods. Include audit trails and a recovery plan should the migration fail.

BAI07.03 Plan acceptance tests.

Establish a test plan based on enterprise wide standards that define roles, responsibilities, and entry and exit criteria. Ensure that the plan is approved by relevant parties.

BAI07.04 Establish a test environment.

Define and establish a secure test environment representative of the planned business process and IT operations environment in terms of performance, capacity, security, internal controls, operational practices, data quality, privacy requirements and workloads.

BAI07.05 Perform acceptance tests.

Test changes independently, in accordance with the defined test plan, prior to migration to the live operational environment.

BAI07.06 Promote to production and manage releases.

Promote the accepted solution to the business and operations. Where appropriate, run the solution as a pilot implementation or in parallel with the old solution for a defined period and compare behavior and results.

If significant problems occur, revert to the original environment based on the fallback/back-up plan. Manage releases of solution components.

BAI07.07 Provide early production support.

For an agreed period of time, provide early support to users and I&T operations to resolve issues and help stabilize the new solution.

BAI07.08 Perform a post-implementation review.

Conduct a post-implementation review to confirm outcome and results,identify lessons learned, and develop an action plan. Evaluate actual performance and outcomes of the new or changed service against expected performance and outcomes anticipated by the user or customer.


Business process testing BPTS

The planning, design, management, execution and reporting of business process tests and usability evaluations. The application of evaluation skills to the assessment of the ergonomics, usability and fitness for purpose of defined processes. This includes the synthesis of test tasks to be performed (from statement of user needs and user interface specification), the design of an evaluation programme, the selection of user samples, the analysis of performance, and inputting results to the development team.


Release and deployment RELM

The management of the processes, systems and functions to package, build, test and deploy changes and updates (which are bounded as “releases”) into a live environment, establishing or continuing the specified service, to enable controlled and effective handover to operational management and the user community. The application of automation to improve the efficiency and quality of releases.


Service acceptance SEAC

The achievement of formal confirmation that service acceptance criteria have been met, and that the service provider is ready to operate the new service when it has been deployed. (Service acceptance criteria are used to ensure that a service meets the defined service requirements, including functionality, operational support, performance and quality requirements).


Testing TEST

The planning, design, management, execution and reporting of tests, using appropriate testing tools and techniques and conforming to agreed process standards and industry specific regulations. The purpose of testing is to ensure that new and amended systems, configurations, packages, or services, together with any interfaces, perform as specified (including security requirements) , and that the risks associated with deployment are adequately understood and documented. Testing includes the process of engineering, using and maintaining testware (test cases, test scripts, test reports, test plans, etc) to measure and improve the quality of the software being tested.


User experience evaluation USEV

Validation of systems, products or services, to assure that the stakeholder and organisational requirements have been met, required practice has been followed, and systems in use continue to meet organisational and user needs. Iterative assessment (from early prototypes to final live implementation) of effectiveness, efficiency, user satisfaction, health and safety, and accessibility to measure or improve the usability of new or existing processes, with the intention of achieving optimum levels of product or service usability.


Knowledge Management – BAI08 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Knowledge

Maintain the availability of relevant, current, validated and reliable knowledge and management information to support all process activities and to facilitate decision making related to the governance and management of enterprise I&T. Plan for the identification, gathering, organizing,maintaining, use and retirement of knowledge.


Provide the knowledge and information required to support all staff in the governance and management of enterprise I&T and allow for informed decision making.

Management practices

BAI08.01 Identify and classify sources of information for governance and management of I&T.

Identify, validate and classify diverse sources of internal and external information required to enable governance and management of I&T, including strategy documents, incident reports and configuration information that progresses from development to operations before going live.

BAI08.02 Organize and contextualize information into knowledge.

Organize information based on classification criteria. Identify and create meaningful relationships among information elements and enable use of information. Identify owners, and leverage and implement enterprise defined information levels of access to management information and knowledge resources.

BAI08.03 Use and share knowledge.

Propagate available knowledge resources to relevant stakeholders and communicate how these resources can be used to address different needs (e.g., problem solving, learning, strategic planning and decision making).

BAI08.04 Evaluate and update or retire information.

Measure the use and evaluate the currency and relevance of information. Update information or retire obsolete information.



Knowledge management KNOW

The systematic management of vital knowledge to create value for the organisation by capturing, sharing, developing and exploiting the collective knowledge of the organisation to improve performance, support decision making and mitigate risks. The development of a supportive and collaborative knowledge sharing culture to drive the successful adoption of technology solutions for knowledge management. Providing access to informal, tacit knowledge as well as formal, documented, explicit knowledge by facilitating internal and external collaboration and communications.


Certification and Training

Knowledge-Centered Service (KCS®) is a best practice methodology that provides a detailed description of knowledge management principles and practices for service organisations to work more effectively. The KCS methodology is developed and maintained by the Consortium for Service Innovation, a non-profit alliance of service organizations. 

The KCS Academy is the certifying body for KCS and the source for KCS resources. The KCS Academy offers KCS certification for people (KCS Fundamentals, KCS Practices and KCS Trainer) and KCS Verified and Aligned designations for tools and services.

Assets Management – BAI09 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Assets

Manage I&T assets through their life cycle to make sure that their use delivers value at optimal cost, they remain operational (fit for purpose), and they are accounted for and physically protected. Ensure that those assets that are critical to support service capability are reliable and available.

Manage software licenses to ensure that the optimal number are acquired, retained and deployed in relation to required business usage, and the software installed is in compliance with license agreements.


Account for all I&T assets and optimize the value provided by their use.

Management practices

BAI09.01 Identify and record current assets.

Maintain an up-to-date, accurate record of all I&T assets that are required to deliver services and that are owned or controlled by the organization with an expectation of future benefit (including resources with

economic value, such as hardware or software). Ensure alignment with configuration management and financial management.

BAI09.02 Manage critical assets.

Identify assets that are critical in providing service capability. Maximize their reliability and availability to support business needs.

BAI09.03 Manage the asset life cycle.

Manage assets from procurement to disposal. Ensure that assets are utilized as effectively and efficiently as possible and are accounted for and physically protected until appropriately retired.

BAI09.04 Optimize asset value.

Regularly review the overall asset base to identify ways to optimize value in alignment with business needs.

BAI09.05 Manage licenses.

Manage software licenses to maintain the optimal number of licenses and support business requirements. Ensure that the number of licenses owned is sufficient to cover the installed software in use.


Asset management ASMG

The management of the lifecycle for all managed assets (hardware, software, intellectual property, licences, warranties etc) including security, inventory, compliance, usage and disposal, aiming to protect and secure the corporate assets portfolio, optimise the total cost of ownership and sustainability by minimising operating costs, improving investment decisions and capitalising on potential opportunities. Knowledge and use of international standards for asset management and close integration with security, change, and configuration management are examples of enhanced asset management development.


Systems installation/decommissioning HSIN

The installation, testing, implementation or decommissioning and removal of cabling, wiring, equipment, hardware and associated software, following plans and instructions and in accordance with agreed standards. The testing of hardware and software components, resolution of malfunctions, and recording of results. The reporting of details of hardware and software installed so that configuration management records can be updated.


Configuration Management – BAI10 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Configuration

Define and maintain descriptions and relationships among key resources and capabilities required to deliver I&T-enabled services. Include collecting

configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository.


Provide sufficient information about service assets to enable the service to be effectively managed. Assess the impact of changes and deal with service incidents.

Management practices

BAI10.01 Establish and maintain a configuration model.

Establish and maintain a logical model of the services, assets, infrastructure and recording of configuration items (CIs), including the relationships among them. Include the CIs considered necessary to manage services effectively and to provide a single, reliable description of the assets in a service.

BAI10.02 Establish and maintain a configuration repository and baseline.

Establish and maintain a configuration management repository and create controlled configuration baselines.

BAI10.03 Maintain and control configuration items.

Maintain an up-to-date repository of configuration items (CIs) by populating any configuration changes.

BAI10.04 Produce status and configuration reports.

Define and produce configuration reports on status changes of configuration items.

BAI10.05 Verify and review integrity of the configuration repository.

Periodically review the configuration repository and verify completeness and correctness against the desired target.


Configuration management CFMG

The planning, management, control and governance of organisational, project and service assets and artefacts. The identification, classification and specification of configuration items (CIs) and their inter-relationships. Identifying the configuration and version of source code, software, systems, documents and service dependent CIs at distinct points in time. Systematically controlling changes to the configuration and maintaining the integrity and traceability of the configuration throughout the project, system and/or service life cycle. Identifying and documenting the functional and physical characteristics of CIs, controlling changes to those characteristics, recording and reporting change processing and implementation status. Verifying and auditing CIs for data quality and compliance with specified internal and external requirements.


Projects Management – BAI11 (COBIT 2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Projects

Manage all projects that are initiated within the enterprise in alignment with enterprise strategy and in a coordinated way based on the standard project management approach. Initiate, plan, control and execute projects, and close with a post-implementation review.


Realize defined project outcomes and reduce the risk of unexpected delays, costs and value erosion by improving communications to and involvement of business and end users. Ensure the value and quality of project deliverables and maximize their contribution to the defined programs and investment portfolio.

Management practices

BAI11.01 Maintain a standard approach for project management.

Maintain a standard approach for project management that enables governance and management review, decision-making and delivery management activities. These activities should focus consistently on

business value and goals (i.e., requirements, risk, costs, schedule and quality targets).

BAI11.02 Start up and initiate a project.

Define and document the nature and scope of the project to confirm and develop a common understanding of project scope among stakeholders. The definition should be formally approved by the project sponsors.

BAI11.03 Manage stakeholder engagement.

Manage stakeholder engagement to ensure an active exchange of accurate, consistent and timely information that reaches all relevant stakeholders. This includes planning, identifying and engaging stakeholders and managing their expectations.

BAI11.04 Develop and maintain the project plan.

Establish and maintain a formal, approved, integrated project plan (covering business and IT resources) to guide project execution and control throughout the life of the project. The scope of projects should be clearly defined and tied to building or enhancing business capability.

BAI11.05 Manage project quality.

Prepare and execute a quality management plan, processes and practices that align with quality management standards (QMS). Describe the approach to project quality and implementation. The plan should be formally reviewed and agreed on by all parties concerned and incorporated into the integrated project plans.

BAI11.06 Manage project risk.

Eliminate or minimize specific risk associated with projects through a systematic process of planning, identifying, analysing, responding to, monitoring and controlling the areas or events with potential to cause unwanted change. Define and record any risk faced by project management.

BAI11.07 Monitor and control projects.

Measure project performance against key project performance criteria such as schedule, quality, cost and risk. Identify any deviations from expected targets. Assess the impact of deviations on the project and overall program and report results to key stakeholders.

BAI11.08 Manage project resources and work packages.

Manage project work packages by placing formal requirements on authorizing and accepting work packages and assigning and coordinating appropriate business and IT resources.

BAI11.09 Close a project or iteration.

At the end of each project, release or iteration, require the project stakeholders to ascertain whether the project, release or iteration delivered the required results in terms of capabilities and contributed as expected to program benefits. Identify and communicate any outstanding activities required to achieve planned results of the project

and/or benefits of the program. Identify and document lessons learned for future projects, releases, iterations and programs.


Project management PRMG

The management of projects, typically (but not exclusively) involving the development and implementation of business processes to meet identified business needs, acquiring and utilising the necessary resources and skills, within agreed parameters of cost, timescales, and quality. The adoption and adaptation of project management methodologies based on the context of the project and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.


Data Management – APO14 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Align Plan and Organise

Managed Data

Achieve and sustain effective management of the enterprise data assets across the data life cycle, from creation through delivery, maintenance and archiving.


Ensure effective utilization of the critical data assets to achieve enterprise goals and objectives.

Management practices

APO14.01 Define and communicate the organization’s data management strategy and roles and responsibilities.

Define how to manage and improve the organization’s data assets, in line with enterprise strategy and objectives. Communicate the data management strategy to all stakeholders. Assign roles and responsibilities to ensure that corporate data are managed as critical assets and the data management strategy is implemented and maintained in an effective and sustainable manner.

APO14.02 Define and maintain a consistent business glossary.

Create, approve, update and promote consistent business terms and definitions to foster shared data usage across the organization.

APO14.03 Establish the processes and infrastructure for metadata management.

Establish the processes and infrastructure for specifying and extending metadata about the organization’s data assets, fostering and supporting data sharing, ensuring compliant use of data, improving responsiveness to business changes and reducing data-related risk

APO14.04 Define a data quality strategy.

Define an integrated, organization wide strategy to achieve and maintain the level of data quality (such as complexity, integrity, accuracy, completeness, validity, traceability and timeliness) required to support the business goals and objectives.

APO14.05 Establish data profiling methodologies, processes and tools.

Implement standardized data profiling methodologies, processes, practices, tools and templates that can be applied across multiple data repositories and data stores.

APO14.06 Ensure a data quality assessment approach.

Provide a systematic approach to measure and evaluate data quality according to processes and techniques, and against data quality rules.

APO14.07 Define the data cleansing approach.

Define the mechanisms, rules, processes, and methods to validate and correct data according to predefined business rules.

APO14.08 Manage the life cycle of data assets.

Ensure that the organization understands, maps, inventories and controls its data flows through business processes over the data life cycle, from creation or acquisition to retirement.

APO14.09 Support data archiving and retention.

Ensure that data maintenance satisfies organizational and regulatory requirements for availability of historical data. Ensure that legal and regulatory requirements for data archiving and retention are met.

APO14.10 Manage data backup and restore arrangements.

Manage availability of critical data to ensure operational continuity.


Data management DATM

The management of practices and processes to ensure the security, quality, integrity, safety and availability of all forms of data and data structures that make up the organisation’s information. The management of data and information in all its forms and the analysis of information structure (including logical analysis of taxonomies, data and metadata). The development of innovative ways of managing the information assets of the organisation.


Data modelling and design DTAN

The development of models to represent and communicate data requirements and to enable organisations to understand their data assets and the relationships between real-world entities. The investigation, analysis and scoping of data requirements to support the development of software systems, data integration and data retrieval activities. The iteration, review and maintenance of data requirements and data models.


Information assurance INAS

The protection of integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost effective manner to ensure stakeholder confidence.


Information governance IRMG

The overall governance of how all types of information, structured and unstructured, whether produced internally or externally, are used to support decision-making, business processes and digital services. Encompasses development and promotion of the strategy and policies covering the design of information structures and taxonomies, the setting of policies for the sourcing and maintenance of the data content, and the development of policies, procedures, working practices and training to promote compliance with legislation regulating all aspects of holding, use and disclosure of data.


Security Management – APO13 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Align Plan and Organise

Managed Security

Define, operate and monitor an information security management system.


Keep the impact and occurrence of information security incidents within the enterprise’s risk appetite levels.

Management practices

APO13.01 Establish and maintain an information security management system (ISMS).

Establish and maintain an information security management system (ISMS) that provides a standard, formal and continuous approach to information security management, enabling secure technology and business processes that are aligned with business requirements.

APO13.02 Define and manage an information security and privacy risk treatment plan.

Maintain an information security plan that describes how information security risk is to be managed and aligned with enterprise strategy and enterprise architecture. Ensure that recommendations for implementing security improvements are based on approved business cases, implemented as an integral part of services and solutions development, and operated as an integral part of business operation.

APO13.03 Monitor and review the information security management system (ISMS).

Maintain and regularly communicate the need for, and benefits of, continuous improvement in information security. Collect and analyse data about the information security management system (ISMS), and improve its effectiveness. Correct nonconformities to prevent recurrence.


Information security SCTY

The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.


Risk Management-APO12 (COBIT2019)

Managed Risk

Continually identify, assess and reduce I&T-related risk within tolerance levels set by enterprise executive management.


Integrate the management of I&T-related enterprise risk with overall enterprise risk management (ERM) and balance the costs and benefits of managing I&T-related enterprise risk.

Management practices

APO12.01 Collect data.

Identify and collect relevant data to enable effective I&T-related risk identification, analysis and reporting.

APO12.02 Analyze risk.

Develop a substantiated view on actual I&T risk, in support of risk decisions.

APO12.03 Maintain a risk profile.

Maintain an inventory of known risk and risk attributes, including expected frequency, potential impact and responses. Document related resources, capabilities and current control activities related to risk items.

APO12.04 Articulate risk.

Communicate information on the current state of I&T-related exposures and opportunities in a timely manner to all required stakeholders for appropriate response.

APO12.05 Define a risk management action portfolio.

Manage opportunities to reduce risk to an acceptable level as a portfolio.

APO12.06 Respond to risk.

Respond in a timely manner to materialized risk events with effective measures to limit the magnitude of loss.


Business risk management BURM

The planning and implementation of organisation-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, reduction or non-availability of energy supply or inappropriate disposal of materials, hardware or data.


Information assurance INAS

The protection of integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost effective manner to ensure stakeholder confidence.


Next Page » « Previous Page