"> Process/Practices – Process-Symphony – ITSM Knowledge Orchestrators

Search Knowledge

Category: Process/Practices

Operations Management –DSS01 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Deliver, Service and Support (DSS)

Managed Operations

Coordinate and execute the activities and operational procedures required to deliver internal and outsourced I&T services. Include the execution of predefined standard operating procedures and the required monitoring activities.


Deliver I&T operational product and service outcomes as planned.

Management practices

DSS01.01 Perform operational procedures.

Maintain and perform operational procedures and operational tasks reliably and consistently.

DSS01.02 Manage outsourced I&T services.

Manage the operation of outsourced I&T services to maintain the protection of enterprise information and reliability of service delivery.

DSS01.03 Monitor I&T infrastructure.

Monitor the I&T infrastructure and related events. Store sufficient chronological information in operations logs to reconstruct and review time sequences of operations and other activities surrounding or supporting operations.

DSS01.04 Manage the environment.

Maintain measures for protection against environmental factors. Install specialized equipment and devices to monitor and control the environment.

DSS01.05 Manage facilities.

Manage facilities, including power and communications equipment, in line with laws and regulations, technical and business requirements, vendor specifications, and health and safety guidelines.


Database administration DBAD

The installation, configuration, upgrade, administration, monitoring and maintenance of databases. Providing support for operational databases in production use and for internal or interim purposes such as iterative developments and testing. Improving the performance of databases and the tools and processes for database administration (including automation).


Facilities management DCMA

The planning, control and management of all the facilities which, collectively, make up the IT estate. This involves provision and management of the physical environment, including space and power allocation, and environmental monitoring to provide statistics on energy usage. Encompasses physical access control, and adherence to all mandatory policies and regulations concerning health and safety at work.


IT infrastructure ITOP

The operation and control of the IT infrastructure (comprising physical or virtual hardware, software, network services and data storage) either on-premises or provisioned as cloud services) that is required to deliver and support the information systems needs of a business. Includes preparation for new or changed services, operation of the change process, the maintenance of regulatory, legal and professional standards, the building and management of systems and components in virtualised and cloud computing environments and the monitoring of performance of systems and services in relation to their contribution to business performance, their security and their sustainability. The application of infrastructure management tools to automate the provisioning, testing, deployment and monitoring of infrastructure components.


Methods and tools METL

The definition, tailoring, implementation, assessment, measurement, automation and improvement of methods and tools to support planning, development, testing, operation, management and maintenance of systems. Ensuring methods and tools are adopted and used effectively throughout the organisation.


Storage management STMG

The planning, implementation, configuration and tuning of storage hardware and software covering online, offline, remote and offsite data storage (backup, archiving and recovery) and ensuring compliance with regulatory and security requirements.


Service Requests and Incident Management – DSS02 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Deliver, Service and Support (DSS)

Managed Service Requests and Incidents

Provide timely and effective response to user requests and resolution of all types of incidents. Restore normal service; record and fulfil user requests; and record, investigate, diagnose, escalate and resolve incidents


Achieve increased productivity and minimize disruptions through quick resolution of user queries and incidents. Assess the impact of changes and deal with service incidents. Resolve user requests and restore service in response to incidents.

Management practices

DSS02.01 Define classification schemes for incidents and

service requests.

Define classification schemes and models for incidents and service requests.

DSS02.02 Record, classify and prioritize requests and incidents.

Identify, record and classify service requests and incidents and assign a priority according to business criticality and service agreements

DSS02.03 Verify, approve and fulfill service requests.

Select the appropriate request procedures and verify that the service requests fulfill defined request criteria. Obtain approval, if required, and fulfill the requests.

DSS02.04 Investigate, diagnose and allocate incidents.

Identify and record incident symptoms, determine possible causes, and allocate for resolution.

DSS02.05 Resolve and recover from incidents.

Document, apply and test the identified solutions or workarounds. Perform recovery actions to restore the I&T-related service.

DSS02.06 Close service requests and incidents.

Verify satisfactory incident resolution and/or fulfilment of requests,and close.

DSS02.07 Track status and produce reports.

Regularly track, analyze and report incidents and fulfilment of requests. Examine trends to provide information for continual improvement.


Application Support ASUP

The provision of application maintenance and support services, either directly to users of the systems or to service delivery functions. Support typically includes investigation and resolution of issues and may also include performance monitoring. Issues may be resolved by providing advice or training to users, by devising corrections (permanent or temporary) for faults, making general or site-specific modifications, updating documentation, manipulating data, or defining enhancements Support often involves close collaboration with the system’s developers and/or with colleagues specialising in different areas, such as Database administration or Network support.


Customer service support CSMG

The management and operation of one or more customer service or service desk functions. Acting as a point of contact to support service users and customers reporting issues, requesting information, access, or other services. The delivery of customer service through multiple channels including human, digital, self-service and automated.


Incident management USUP

The processing and coordination of appropriate and timely responses to incident reports, including channelling requests for help to appropriate functions for resolution, monitoring resolution activity, and keeping clients appraised of progress towards service restoration.


Network support  NTAS

The provision of network maintenance and support services. Support may be provided both to users of the systems and to service delivery functions. Support typically takes the form of investigating and resolving problems and providing information about the systems. It may also include monitoring their performance. Problems may be resolved by providing advice or training to users about the network’s functionality, correct operation or constraints, by devising work-arounds, correcting faults, or making general or site-specific modifications.


Problems Management – DSS03 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Deliver, Service and Support (DSS)

Managed Problems

Identify and classify problems and their root causes. Provide timely resolution to prevent recurring incidents. Provide recommendations for improvements.


Increase availability, improve service levels, reduce costs, improve customer convenience and satisfaction by reducing the number of operational problems, and identify root causes as part of problem resolution.

Management Practice

DSS03.01 Identify and classify problems.

Define and implement criteria and procedures to identify and report problems. Include problem classification, categorization and prioritization.

DSS03.02 Investigate and diagnose problems.

Investigate and diagnose problems using relevant subject matter experts to assess and analyze root causes.

DSS03.03 Raise known errors.

As soon as root causes of problems are identified, create known-error records, document appropriate workarounds and identify potential solutions.

DSS03.04 Resolve and close problems.

Identify and initiate sustainable solutions addressing the root cause. Raise change requests via the established change management process, if required, to resolve errors. Ensure that the personnel affected are aware of the actions taken and the plans developed to prevent future incidents from occurring.

DSS03.05 Perform proactive problem management.

Collect and analyze operational data (especially incident and change records) to identify emerging trends that may indicate problems. Log problem records to enable assessment.


Problem Management – PBMG

The resolution (both reactive and proactive) of problems throughout the information system lifecycle, including classification, prioritisation and initiation of action, documentation of root causes and implementation of remedies to prevent future incidents.


Continuity Management – DSS04 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Deliver, Service and Support (DSS)

Managed Continuity

Establish and maintain a plan to enable the business and IT organizations to respond to incidents and quickly adapt to disruptions. This will enable continued operations of critical business processes and required I&T services and maintain availability of resources, assets and information at a level acceptable to the enterprise.


Adapt rapidly, continue business operations and maintain availability of resources and information at a level acceptable to the enterprise in the event of a significant disruption (e.g., threats, opportunities, demands).

Management practices

DSS04.01 Define the business continuity policy, objectives and scope.

Define business continuity policy and scope, aligned with enterprise and stakeholder objectives, to improve business resilience.

DSS04.02 Maintain business resilience.

Evaluate business resilience options and choose a cost-effective and viable strategy that will ensure enterprise continuity, disaster recovery and incident response in the face of a disaster or other major incident or disruption.

DSS04.03 Develop and implement a business continuity response.

Develop a business continuity plan (BCP) and disaster recovery plan (DRP) based on the strategy. Document all procedures necessary for the enterprise to continue critical activities in the event of an incident.

DSS04.04 Exercise, test and review the business continuity plan (BCP)

and disaster response plan (DRP).

Test continuity on a regular basis to exercise plans against predetermined outcomes, uphold business resilience and allow innovative solutions to be developed.

DSS04.05 Review, maintain and improve the continuity plans.

Conduct a management review of the continuity capability at regular intervals to ensure its continued suitability, adequacy and effectiveness. Manage changes to the plans in accordance with the change control process to ensure that continuity plans are kept up to date and continually reflect actual business requirements.

DSS04.06 Conduct continuity plan training.

Provide all concerned internal and external parties with regular training sessions regarding procedures and their roles and responsibilities in case of disruption.

DSS04.07 Manage backup arrangements.

Maintain availability of business-critical information.

DSS04.08 Conduct post-resumption review.

Assess the adequacy of the business continuity plan (BCP) and disaster response plan (DRP) following successful resumption of business processes and services after a disruption.


Continuity management COPL

The provision of service continuity planning and support, as part of, or in close cooperation with, the function which plans business continuity for the whole organisation. The identification of information systems which support critical business processes. The assessment of risks to critical systems’ availability, integrity and confidentiality. The co-ordination of planning, designing, testing and maintenance procedures and contingency plans to address exposures and maintain agreed levels of continuity.


Security Service Management–DSS05 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Deliver, Service and Support (DSS)

Managed Security Service

Protect enterprise information to maintain the level of information security risk acceptable to the enterprise in accordance with the security policy.


Minimize the business impact of operational information security vulnerabilities and incidents.

Management Practice

DSS05.01 Protect against malicious software.

Implement and maintain preventive, detective and corrective measures (especially up-to-date security patches and virus control) across the enterprise to protect information systems and technology from malicious software (e.g., ransomware, malware, viruses, worms, spyware, spam).

DSS05.02 Manage network and connectivity security.

Use security measures and related management procedures to protect information over all methods of connectivity.

DSS05.03 Manage endpoint security.

Ensure that endpoints (e.g., laptop, desktop, server, and other mobile and network devices or software) are secured at a level that is equal to or greater than the defined security requirements for the information processed, stored or transmitted.

DSS05.04 Manage user identity and logical access.

Ensure that all users have information access rights in accordance with business requirements. Coordinate with business units that manage their own access rights within business processes.

DSS05.05 Manage physical access to I&T assets.

Define and implement procedures (including emergency procedures) to grant, limit and revoke access to premises, buildings and areas, according to business need. Access to premises, buildings and areas should be justified, authorized, logged and monitored. This requirement applies to all persons entering the premises, including staff, temporary staff, clients, vendors, visitors or any other third party.

DSS05.06 Manage sensitive documents and output devices.

Establish appropriate physical safeguards, accounting practices and inventory management regarding sensitive I&T assets, such as special forms, negotiable instruments, special-purpose printers or security tokens.

DSS05.07 Manage vulnerabilities and monitor the infrastructure for

security-related events.

Using a portfolio of tools and technologies (e.g., intrusion detection tools), manage vulnerabilities and monitor the infrastructure for unauthorized access. Ensure that security tools, technologies and detection are integrated with general event monitoring and incident management.


Information security SCTY

The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.


Penetration testing PENT

The assessment of organisational vulnerabilities through the design and execution of penetration tests that demonstrate how an adversary can either subvert the organisation’s security goals or achieve specific adversarial objectives. Penetration testing may be a stand-alone activity or an aspect of acceptance testing prior to an approval to operate. The identification of deeper insights into the business risks of various vulnerabilities.


Security administration SCAD

The provision of operational security management and administrative services. Typically includes the authorisation and monitoring of access to IT facilities or infrastructure, the investigation of unauthorised access and compliance with relevant legislation.


Business Process Controls management -DSS06 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Deliver, Service and Support (DSS)

Managed Business Process Controls

Define and maintain appropriate business process controls to ensure that information related to and processed by in-house or outsourced business processes satisfies all relevant information control requirements. Identify the relevant information control requirements. Manage and operate adequate input, throughput and output controls (application controls) to ensure that information and information processing satisfy these requirements.


Maintain information integrity and the security of information assets handled within business processes in the enterprise or its outsourced operation.

Management Practice

DSS06.01 Align control activities embedded in business processes with

enterprise objectives.

Continually assess and monitor the execution of business process activities and related controls (based on enterprise risk), to ensure that processing controls align with business needs.

DSS06.02 Control the processing of information.

Operate the execution of the business process activities and related controls, based on enterprise risk. Ensure that information processing is valid, complete, accurate, timely and secure (i.e., reflects legitimate and authorized business use).

DSS06.03 Manage roles, responsibilities, access privileges and levels of authority.

Manage business roles, responsibilities, levels of authority and segregation of duties needed to support the business process objectives. Authorize access to all information assets related to business information processes, including those under the custody of the business, IT and third parties. This ensures that the business knows where the data are and who is handling data on its behalf.

DSS06.04 Manage errors and exceptions.

Manage business process exceptions and errors and facilitate remediation, executing defined corrective actions and escalating as necessary. This treatment of exceptions and errors provides assurance of the accuracy and integrity of the business information process.

DSS06.05 Ensure traceability and accountability for information events.

Ensure that business information can be traced to an originating business event and associated with accountable parties. This discoverability provides assurance that business information is reliable and has been processed in accordance with defined objectives.

DSS06.06 Secure information assets.

Secure information assets accessible by the business through approved methods, including information in electronic form (e.g., portable media devices, user applications and storage devices, or other methods that create new assets in any form), information in physical form (e.g., source documents or output reports) and information during transit. This benefits the business by providing end-to-end safeguarding of information.


Information security SCTY

The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.


Security Administration SCAD

The provision of operational security management and administrative services. Typically includes the authorisation and monitoring of access to IT facilities or infrastructure, the investigation of unauthorised access and compliance with relevant legislation.


Program Management – BAI01 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Program

Manage all programs from the investment portfolio in alignment with enterprise strategy and in a coordinated way, based on a standard program management approach. Initiate, plan, control, and execute programs, and monitor expected value from the program.


Realize desired business value and reduce the risk of unexpected delays, costs and value erosion. To do so, improve communications to and involvement of business and end users, ensure the value and quality of program deliverables and follow up of projects within the programs, and maximize program contribution to the investment portfolio.

Management practices

BAI01.01 Maintain a standard approach for program management.

Maintain a standard approach for program management that enables governance and management review, decision-making and delivery management activities. These activities should focus consistently on business value and goals (i.e., requirements, risk, costs, schedule and quality targets).

BAI01.02 Initiate a program.

Initiate a program to confirm expected benefits and obtain authorization to proceed. This includes agreeing on program sponsorship, confirming the program mandate through approval of the conceptual business case, appointing program board or committee members, producing the program brief, reviewing and updating the business case, developing a benefits realization plan, and obtaining approval from sponsors to proceed.

BAI01.03 Manage stakeholder engagement.

Manage stakeholder engagement to ensure an active exchange of accurate, consistent and timely information for all relevant stakeholders. This includes planning, identifying and engaging stakeholders and managing their expectations.

BAI01.04 Develop and maintain the program plan.

Formulate a program to lay the initial groundwork. Position it for successful execution by formalizing the scope of the work and identifying deliverables that will satisfy goals and deliver value. Maintain and update the program plan and business case throughout the full economic life cycle of the program, ensuring alignment with strategic objectives and reflecting the current status and insights gained to date.

BAI01.05 Launch and execute the program.

Launch and execute the program to acquire and direct the resources needed to accomplish the goals and benefits of the program as defined in the program plan. In accordance with stage-gate or release review

criteria, prepare for stage-gate, iteration or release reviews to report progress and make the case for funding up to the following stage-gate or release review.

BAI01.06 Monitor, control and report on the program outcomes.

Monitor and control performance against plan throughout the full economic life cycle of the investment, covering solution delivery at the program level and value/outcome at the enterprise level. Report performance to the program steering committee and the sponsors.

BAI01.07 Manage program quality.

Prepare and execute a quality management plan, processes and practices that align with quality management standards (QMS). Describe the approach to program quality and implementation. The plan should be formally reviewed and agreed on by all parties concerned and incorporated into the integrated program plan.

BAI01.08 Manage program risk.

Eliminate or minimize specific risk associated with programs through a systematic process of planning, identifying, analyzing, responding to, monitoring and controlling the areas or events with the potential to cause unwanted change. Define and record any risk faced by program management.

BAI01.09 Close a program.

Remove the program from the active investment portfolio when there is agreement that the desired value has been achieved or when it is clear it will not be achieved within the value criteria set for the program.


Programme management PGMG

The identification, planning and coordination of a set of related projects within a programme of business change, to manage their interdependencies in support of specific business strategies and objectives. The maintenance of a strategic view over the set of projects, providing the framework for implementing business initiatives, or large-scale change, by conceiving, maintaining and communicating a vision of the outcome of the programme and associated benefits. (The vision, and the means of achieving it, may change as the programme progresses). Agreement of business requirements, and translation of requirements into operational plans. Determination, monitoring, and review of programme scope, costs, and schedule, programme resources, inter-dependencies and programme risk.


Benefits management BENM

Establishing an approach for forecasting, planning and monitoring the emergence and effective realisation of anticipated benefits. Identifying and implementing the actions needed to optimise the business impact of individual and combined benefits. The confirmation of the achievement of expected benefits.


Requirements Definition Management – BAI02 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Requirements Definition

Identify solutions and analyze requirements before acquisition or creation to ensure that they align with enterprise strategic requirements covering business processes, applications, information/data, infrastructure and services. Coordinate the review of feasible options with affected stakeholders, including relative costs and benefits, risk analysis, and approval of requirements and proposed solutions.


Create optimal solutions that meet enterprise needs while minimizing risk.

Management practices

BAI02.01 Define and maintain business functional and technical


Based on the business case, identify, prioritize, specify and agree on business information, functional, technical and control requirements covering the scope/understanding of all initiatives required to achieve the expected outcomes of the proposed I&T-enabled business solution.

BAI02.02 Perform a feasibility study and formulate alternative solutions.

Perform a feasibility study of potential alternative solutions, assess their viability and select the preferred option. If appropriate, implement the selected option as a pilot to determine possible improvements.

BAI02.03 Manage requirements risk.

Identify, document, prioritize and mitigate functional, technical and information processing-related risk associated with the enterprise requirements, assumptions and proposed solution.

BAI02.04 Obtain approval of requirements and solutions.

Coordinate feedback from affected stakeholders. At predetermined key stages, obtain approval and sign-off from the business sponsor or product owner regarding functional and technical requirements, feasibility studies, risk analyses and recommended solutions.


Requirements definition and management REQM

The elicitation, analysis, specification and validation of requirements and constraints to a level that enables effective development and operations of new or changed software, systems, processes, products and services. The management of requirements throughout the whole of the delivery and operational life cycle of the software, system, processes, products or services. The negotiation of trade-offs that are both acceptable to key stakeholders and within budgetary, technical, regulatory, and other constraints. The adoption and adaptation of requirements management lifecycle models based on the context of the work and selecting appropriately from plan-driven/predictive approaches or more adaptive (iterative and agile) approaches.


User experience analysis UNAN

The identification, analysis, clarification and communication of the context of use in which applications will operate, and of the goals of products, systems or services. Analysis and prioritisation of stakeholders’ user experience needs and definition of required system, product or service attributes, behaviour and performance. The definition and management of user experience and user accessibility requirements for all potential users.


Business analysis BUAN

The methodical investigation, analysis, review and documentation of all or part of a business in terms of business goals, objectives, functions and processes, the information used and the data on which the information is based. The definition of requirements for improving processes and systems, reducing their costs, enhancing their sustainability, and the quantification of potential business benefits. The collaborative creation and iteration of viable specifications and acceptance criteria in preparation for the deployment of information and communication systems. The adoption and adaptation of business analysis approaches based on the context of the work and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.


Solution Identification and Build Management – BAI03 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Solutions Identification and Build

Establish and maintain identified products and services (technology, business processes and workflows) in line with enterprise requirements covering design, development, procurement/sourcing and partnering with vendors. Manage configuration, test preparation, testing, requirements management and maintenance of business processes, applications, information/data, infrastructure and services.


Ensure agile and scalable delivery of digital products and services. Establish timely and cost-effective solutions (technology, business processes and workflows) capable of supporting enterprise strategic and operational objectives.

Management practices

BAI03.01 Design high-level solutions.

Develop and document high-level designs for the solution in terms of technology, business processes and workflows. Use agreed and appropriate phased or rapid Agile development techniques. Ensure alignment with the I&T strategy and enterprise architecture. Reassess and update the designs when significant issues occur during detailed design or building phases, or as the solution evolves. Apply a user centric approach; ensure that stakeholders actively participate in the design and approve each version.

BAI03.02 Design detailed solution components.

Develop, document and elaborate detailed designs progressively. Use agreed and appropriate phased or rapid Agile development techniques, addressing all components (business processes and related automated and manual controls, supporting I&T applications, infrastructure services and technology products, and partners/suppliers). Ensure that the detailed design includes internal and external service level agreements (SLAs) and operational level agreements (OLAs).

BAI03.03 Develop solution components.

Develop solution components progressively in a separate environment, in accordance with detailed designs following standards and requirements for development and documentation, quality assurance (QA), and approval. Ensure that all control requirements in the business processes, supporting I&T applications and infrastructure services, services and technology products, and partner/vendor services are addressed.

BAI03.04 Procure solution components.

Procure solution components, based on the acquisition plan, in accordance with requirements and detailed designs, architecture principles and standards, and the enterprise’s overall procurement and contract procedures, QA requirements, and approval standards. Ensure that all legal and contractual requirements are identified and addressed by the vendor.

BAI03.05 Build solutions.

Install and configure solutions and integrate with business process activities. During configuration and integration of hardware and infrastructure software, implement control, security, privacy and auditability measures to protect resources and ensure availability and data integrity. Update the product or services catalogue to reflect the new solutions.

BAI03.06 Perform quality assurance (QA).

Develop, resource and execute a QA plan aligned with the QMS to obtain the quality specified in the requirements definition and in the enterprise’s quality policies and procedures.

BAI03.07 Prepare for solution testing.

Establish a test plan and required environments to test the individual and integrated solution components. Include the business processes and supporting services, applications and infrastructure.

BAI03.08 Execute solution testing.

During development, execute testing continually (including control testing), in accordance with the defined test plan and development practices in the appropriate environment. Engage business process owners and end users in the test team. Identify, log and prioritize errors and issues identified during testing.

BAI03.09 Manage changes to requirements.

Track the status of individual requirements (including all rejected requirements) throughout the project life cycle. Manage the approval of changes to requirements.

BAI03.10 Maintain solutions.

Develop and execute a plan for the maintenance of solution and infrastructure components. Include periodic reviews against business needs and operational requirements.

BAI03.11 Define IT products and services and maintain the service portfolio.

Define and agree on new or changed IT products or services and service level options. Document new or changed product and service definitions and service level options to be updated in the products and services


BAI03.12 Design solutions based on the defined development methodology.

Design, develop and implement solutions with the appropriate development methodology (i.e., waterfall, Agile or bimodal I&T), in accordance with the overall strategy and requirements.


Solution architecture ARCH

The design and communication of high-level structures to enable and guide the design and development of integrated solutions that meet current and future business needs. In addition to technology components, solution architecture encompasses changes to service, process, organisation, and operating models. The provision of comprehensive guidance on the development of, and modifications to, solution components to ensure that they take account of relevant architectures, strategies, policies, standards and practices (including security) and that existing and planned solution components remain compatible.


Systems design DESN

The design of systems to meet specified requirements, compatible with agreed systems architectures, adhering to corporate standards and within constraints of performance and feasibility. The identification of concepts and their translation into a design which forms the basis for systems construction and verification. The design or selection of components. The development of a complete set of detailed models, properties, and/or characteristics described in a form suitable for implementation. The adoption and adaptation of systems design lifecycle models based on the context of the work and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.


Systems development management DLMG

The planning, estimating and execution of programmes of systems development work to time, budget and quality targets. The identification of the resources needed for systems development and how this will be met with an effective supply capacity. The alignment of systems development activity and deliverables with agreed architectures and standards. The development of roadmaps to communicate future systems development plans. The adoption and adaptation of systems development lifecycle models based on the context of the work and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.


User experience design HCEV

The process of iterative design to enhance user satisfaction by improving the usability and accessibility provided when interacting with a system, product or service. The design of users’ digital and offline tasks, interactions and interfaces to meet usability and accessibility requirements. The refinement of designs in response to user-centred evaluation and feedback and communication of the design to those responsible for design, development and implementation.


Availability and Capacity Management – BAI04 (COBIT2019)

Parent Framework: COBIT 2019

Domain: Build, Acquire and Implement

Managed Availability and Capacity

Balance current and future needs for availability, performance and capacity with cost-effective service provision. Include assessment of current capabilities, forecasting of future needs based on business requirements, analysis of business impacts, and assessment of risk to plan and implement actions to meet the identified requirements.


Maintain service availability, efficient management of resources and optimization of system performance through prediction of future performance and capacity requirements.

Management practices

BAI04.01 Assess current availability, performance and capacity and create a baseline.

Assess availability, performance and capacity of services and resources to ensure that cost-justifiable capacity and performance are available to support business needs and deliver against service level agreements (SLAs). Create availability, performance and capacity baselines for future Comparison

BAI04.02 Assess business impact.

Identify important services to the enterprise. Map services and resources to business processes and identify business dependencies. Ensure that the impact of unavailable resources is fully agreed on and accepted by the customer. For vital business functions, ensure that availability requirements can be satisfied per service level agreement (SLA).

BAI04.03 Plan for new or changed service requirements.

Plan and prioritize availability, performance and capacity implications of changing business needs and service requirements.

BAI04.04 Monitor and review availability and capacity.

Monitor, measure, analyze, report and review availability, performance and capacity. Identify deviations from established baselines. Review trend analysis reports identifying any significant issues and variances. Initiate actions where necessary and ensure that all outstanding issues are addressed.

BAI04.05 Investigate and address availability, performance and capacity issues.

Address deviations by investigating and resolving identified availability, performance and capacity issues.


Availability management AVMT

The definition, analysis, planning, measurement, maintenance and improvement of all aspects of the availability of services, including the availability of power. The overall control and management of service availability to ensure that the level of service delivered in all services is matched to or exceeds the current and future agreed needs of the business, in a cost effective manner.


Capacity management CPMG

The planning, design and management of the capability, functionality and sustainability of service components (including hardware, software, network resources and software/infrastructure as a Service) to meet current and forecast needs in a cost-efficient manner aligned to the business. The modelling of both long-term changes and short-term variations in the level of capacity required to execute the service. The deployment of techniques to control the demand and add/reduce capacity in a cost effective, timely manner to meet changes in demand.


Next Page »