Parent Framework: COBIT 2019
Acquire and Implement
Managed Solutions Identification and Build
Establish and maintain identified
products and services (technology, business processes and workflows) in line
with enterprise requirements covering design, development, procurement/sourcing
and partnering with vendors. Manage configuration, test preparation, testing,
requirements management and maintenance of business processes, applications,
information/data, infrastructure and services.
Ensure agile and scalable
delivery of digital products and services. Establish timely and cost-effective
solutions (technology, business processes and workflows) capable of supporting
enterprise strategic and operational objectives.
BAI03.01 Design high-level
Develop and document high-level
designs for the solution in terms of technology, business processes and
workflows. Use agreed and appropriate phased or rapid Agile development
techniques. Ensure alignment with the I&T strategy and enterprise
architecture. Reassess and update the designs when significant issues occur
during detailed design or building phases, or as the solution evolves. Apply a
user centric approach; ensure that stakeholders actively participate in the design
and approve each version.
BAI03.02 Design detailed solution
Develop, document and elaborate
detailed designs progressively. Use agreed and appropriate phased or rapid
Agile development techniques, addressing all components (business processes and
related automated and manual controls, supporting I&T applications,
infrastructure services and technology products, and partners/suppliers).
Ensure that the detailed design includes internal and external service level
agreements (SLAs) and operational level agreements (OLAs).
BAI03.03 Develop solution
Develop solution components
progressively in a separate environment, in accordance with detailed designs
following standards and requirements for development and documentation, quality
assurance (QA), and approval. Ensure that all control requirements in the
business processes, supporting I&T applications and infrastructure
services, services and technology products, and partner/vendor services are
BAI03.04 Procure solution
Procure solution components,
based on the acquisition plan, in accordance with requirements and detailed
designs, architecture principles and standards, and the enterprise’s overall
procurement and contract procedures, QA requirements, and approval standards.
Ensure that all legal and contractual requirements are identified and addressed
by the vendor.
BAI03.05 Build solutions.
Install and configure solutions
and integrate with business process activities. During configuration and
integration of hardware and infrastructure software, implement control,
security, privacy and auditability measures to protect resources and ensure
availability and data integrity. Update the product or services catalogue to
reflect the new solutions.
BAI03.06 Perform quality assurance
Develop, resource and execute a
QA plan aligned with the QMS to obtain the quality specified in the requirements
definition and in the enterprise’s quality policies and procedures.
BAI03.07 Prepare for solution
Establish a test plan and
required environments to test the individual and integrated solution
components. Include the business processes and supporting services,
applications and infrastructure.
BAI03.08 Execute solution testing.
During development, execute
testing continually (including control testing), in accordance with the defined
test plan and development practices in the appropriate environment. Engage
business process owners and end users in the test team. Identify, log and
prioritize errors and issues identified during testing.
BAI03.09 Manage changes to
Track the status of individual
requirements (including all rejected requirements) throughout the project life
cycle. Manage the approval of changes to requirements.
BAI03.10 Maintain solutions.
Develop and execute a plan for
the maintenance of solution and infrastructure components. Include periodic reviews
against business needs and operational requirements.
BAI03.11 Define IT products and services and maintain the service portfolio.
Define and agree on new or
changed IT products or services and service level options. Document new or
changed product and service definitions and service level options to be updated
in the products and services
BAI03.12 Design solutions based on the defined development methodology.
Design, develop and implement
solutions with the appropriate development methodology (i.e., waterfall, Agile
or bimodal I&T), in accordance with the overall strategy and requirements.
Solution architecture ARCH
The design and communication of high-level
structures to enable and guide the design and development of integrated
solutions that meet current and future business needs. In addition to
technology components, solution architecture encompasses changes to service,
process, organisation, and operating models. The provision of comprehensive
guidance on the development of, and modifications to, solution components to
ensure that they take account of relevant architectures, strategies, policies,
standards and practices (including security) and that existing and planned
solution components remain compatible.
Systems design DESN
The design of systems to meet specified
requirements, compatible with agreed systems architectures, adhering to
corporate standards and within constraints of performance and feasibility. The
identification of concepts and their translation into a design which forms the
basis for systems construction and verification. The design or selection of
components. The development of a complete set of detailed models, properties,
and/or characteristics described in a form suitable for implementation. The
adoption and adaptation of systems design lifecycle models based on the context
of the work and selecting appropriately from predictive (plan-driven)
approaches or adaptive (iterative/agile) approaches.
Systems development management DLMG
The planning, estimating and execution of
programmes of systems development work to time, budget and quality targets. The
identification of the resources needed for systems development and how this
will be met with an effective supply capacity. The alignment of systems
development activity and deliverables with agreed architectures and standards.
The development of roadmaps to communicate future systems development plans.
The adoption and adaptation of systems development lifecycle models based on
the context of the work and selecting appropriately from predictive
(plan-driven) approaches or adaptive (iterative/agile) approaches.
User experience design HCEV
The process of iterative design to enhance user
satisfaction by improving the usability and accessibility provided when
interacting with a system, product or service. The design of users’ digital and
offline tasks, interactions and interfaces to meet usability and accessibility
requirements. The refinement of designs in response to user-centred evaluation
and feedback and communication of the design to those responsible for design,
development and implementation.