Towards a New Approach For Combining The IT Frameworks
Added on 2022-10-17
6 Pages3120 Words199 Views
Towards a New Approach For Combining The IT Frameworks
Samir BAHSANI1, Alami SEMMA2 and Noura SELLAM3
1 Department of Mathematics and Computer Science, Faculty of Science and Techniques,
Hassan 1 University
Settat, Morocco
2 Department of Mathematics and Computer Science, Faculty of Science and Techniques,
Hassan 1 University
Settat, Morocco
3 Department of Communication Systems, INPT
National Institute of Posts and Telecommunications
Rabat, Morocco
Abstract
There are various IT frameworks and best practices supporting
Information Systems. Each has its own strenghts but none of
them satisfies all of the IS requirements independently. In this
paper we are studying the possibilities of pooling of the most
used frameworks: ITIL, Cobit, PMbok, CMMI, ISO 27001, Val
IT and eTOM.
The result of this paper is meant to present a Unified Maturity
Model combining IS standards and IT frameworks concurrently
in order to get a greater insight on the information system’
maturity and improve the enterprise’s IT services.
Keywords: Information systems, governance, frameworks,
pooling, maturity of Information Systems.
1. Introduction
It is within such a turbulent economic environment marked
by a challenging growth [1] and perpetual change on
different business aspects that a company seeks to increase
its capacity to quickly change its strategies concerning
management, resources and market [2]. These
organizational and technological changes must be regarded
as an opportunity because they allow the company to re-
position itself effectively to ensure a continuous flow of
market insights into their business or taking part of the
competitive market by offering new products and services
[3].
In this context, many frameworks, technical and IS
management standards have emerged following these
challenges. Some standards that are inspired from business
good practices promote continuous improvement and help
ensure the quality and continuity of IT services.
These standards can be mentioned among others: ITIL
(Information Technology Infrastructure Library) for the
production and life cycle management of IT, COBIT
(Control Objectives for Information and related
Technology) for governance, IS0 27001 (International
Organization for Standardization) for security, PMP
(project Management Professional) for project
management, CMMI (Capability Maturity Model
Integration) for the evaluation of the system development,
hardware and/or software, Val IT (Value of Information
Technology) that deals with the issue of creating value by
the Information System Direction (ISD) projects that are
offering an evaluation of IT investments [4].
Whatever the adopted framework is, its implementation
should bring new management concepts regarding
processes and contribute to the improvement of product
and service development process, customer satisfaction
and economy of time and that of resources [5].
In this article we study the possibilities of pooling of
several IT standards.
2. Positioning of IT Frameworks in the Value
Chain
The Value Chain is a set of the required steps to produce a
company's added value. The Value Chain of an ISD is a set
of functional blocks involved in the creation process of the
IS value used in the business [6].
Therefore, every ISD should have its own Value Chain.
For our part, we propose the following generic
representation of the IT Value Chain.IJCSI International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, January 2015
ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784
www.IJCSI.org1182015 International Journal of Computer Science Issues
Samir BAHSANI1, Alami SEMMA2 and Noura SELLAM3
1 Department of Mathematics and Computer Science, Faculty of Science and Techniques,
Hassan 1 University
Settat, Morocco
2 Department of Mathematics and Computer Science, Faculty of Science and Techniques,
Hassan 1 University
Settat, Morocco
3 Department of Communication Systems, INPT
National Institute of Posts and Telecommunications
Rabat, Morocco
Abstract
There are various IT frameworks and best practices supporting
Information Systems. Each has its own strenghts but none of
them satisfies all of the IS requirements independently. In this
paper we are studying the possibilities of pooling of the most
used frameworks: ITIL, Cobit, PMbok, CMMI, ISO 27001, Val
IT and eTOM.
The result of this paper is meant to present a Unified Maturity
Model combining IS standards and IT frameworks concurrently
in order to get a greater insight on the information system’
maturity and improve the enterprise’s IT services.
Keywords: Information systems, governance, frameworks,
pooling, maturity of Information Systems.
1. Introduction
It is within such a turbulent economic environment marked
by a challenging growth [1] and perpetual change on
different business aspects that a company seeks to increase
its capacity to quickly change its strategies concerning
management, resources and market [2]. These
organizational and technological changes must be regarded
as an opportunity because they allow the company to re-
position itself effectively to ensure a continuous flow of
market insights into their business or taking part of the
competitive market by offering new products and services
[3].
In this context, many frameworks, technical and IS
management standards have emerged following these
challenges. Some standards that are inspired from business
good practices promote continuous improvement and help
ensure the quality and continuity of IT services.
These standards can be mentioned among others: ITIL
(Information Technology Infrastructure Library) for the
production and life cycle management of IT, COBIT
(Control Objectives for Information and related
Technology) for governance, IS0 27001 (International
Organization for Standardization) for security, PMP
(project Management Professional) for project
management, CMMI (Capability Maturity Model
Integration) for the evaluation of the system development,
hardware and/or software, Val IT (Value of Information
Technology) that deals with the issue of creating value by
the Information System Direction (ISD) projects that are
offering an evaluation of IT investments [4].
Whatever the adopted framework is, its implementation
should bring new management concepts regarding
processes and contribute to the improvement of product
and service development process, customer satisfaction
and economy of time and that of resources [5].
In this article we study the possibilities of pooling of
several IT standards.
2. Positioning of IT Frameworks in the Value
Chain
The Value Chain is a set of the required steps to produce a
company's added value. The Value Chain of an ISD is a set
of functional blocks involved in the creation process of the
IS value used in the business [6].
Therefore, every ISD should have its own Value Chain.
For our part, we propose the following generic
representation of the IT Value Chain.IJCSI International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, January 2015
ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784
www.IJCSI.org1182015 International Journal of Computer Science Issues
Fig. 1 IS Value Chain.
The information system is divided into series of activities
which are linked by several standards and frameworks. The
position of each framework in the IS Value Chain is based
on their nature and purpose.
Fig. 2: Position of standards in the IS Value Chain.
The frameworks used across the Value Chain give a clear
vision about the area of intervention of each standard and
the kind of contribution expected for the IS.
3. Comparative Study of IT Frameworks
In order to address the challenges of the ISD, the
implementation of good practice and governance standards
is considered as one of the most optimized processes, the
choice of adopting a specific standard depends on the
desired objective and requirements.
For a complete overview on the large covered areas of the
ISD and deeply on a particular concern of the Direction, a
detailed mapping is necessary to identify both the selection
criteria benchmarks and the links between them, and the
positioning of standards in the ISD value chain.
The table below provides a wide view of the coverage of
ISD concerns by the most used standards in the governance
of Information Systems.
The selected classification criteria are:
Concern: We designate the types of activities
that concern all of the Information System
Direction. Such as the control and audit of
information systems, management of the service's
production, project management and security
management etc.
The associated standards: Some standards are a
continuation of the other, such as the case of Val
IT with Cobit and ISO 27001 with 27000.
Compatibility with other standards: Some
standards are used jointly and compatibility
between some standards is more obvious than
others.
Approach: The standards usually have a main
purpose: Either a process approach, a maturity
model or a set of good practices.
In fact, however that an IS concern is addressed by several
frameworks at a time, each one has its own vocation and
specialty, e.g. ITIL is known for its strength in the
treatment of the IS operations and services’ management,
PMP is made primarily to manage projects. To select the
areas of crosscutting concern, it is important to classify
them as generic categories in order to cover several
themes.
The map above allows having a global view on the links
between standards and their opportunities for synergy and
mutual use. However, positioning in the value chain is still
needed to link the reference to the categories of IS
activities.
Our study compared the IT standards 'processes and best
practices and maps them. As a result of the comparison, all
standards considered have some similarities. Each standard
supports the IS concerns partially, moderately or fully
which can help companies to implement these standards
together to improve their IT services and their business
productivity.IJCSI International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, January 2015
ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784
www.IJCSI.org1192015 International Journal of Computer Science Issues
The information system is divided into series of activities
which are linked by several standards and frameworks. The
position of each framework in the IS Value Chain is based
on their nature and purpose.
Fig. 2: Position of standards in the IS Value Chain.
The frameworks used across the Value Chain give a clear
vision about the area of intervention of each standard and
the kind of contribution expected for the IS.
3. Comparative Study of IT Frameworks
In order to address the challenges of the ISD, the
implementation of good practice and governance standards
is considered as one of the most optimized processes, the
choice of adopting a specific standard depends on the
desired objective and requirements.
For a complete overview on the large covered areas of the
ISD and deeply on a particular concern of the Direction, a
detailed mapping is necessary to identify both the selection
criteria benchmarks and the links between them, and the
positioning of standards in the ISD value chain.
The table below provides a wide view of the coverage of
ISD concerns by the most used standards in the governance
of Information Systems.
The selected classification criteria are:
Concern: We designate the types of activities
that concern all of the Information System
Direction. Such as the control and audit of
information systems, management of the service's
production, project management and security
management etc.
The associated standards: Some standards are a
continuation of the other, such as the case of Val
IT with Cobit and ISO 27001 with 27000.
Compatibility with other standards: Some
standards are used jointly and compatibility
between some standards is more obvious than
others.
Approach: The standards usually have a main
purpose: Either a process approach, a maturity
model or a set of good practices.
In fact, however that an IS concern is addressed by several
frameworks at a time, each one has its own vocation and
specialty, e.g. ITIL is known for its strength in the
treatment of the IS operations and services’ management,
PMP is made primarily to manage projects. To select the
areas of crosscutting concern, it is important to classify
them as generic categories in order to cover several
themes.
The map above allows having a global view on the links
between standards and their opportunities for synergy and
mutual use. However, positioning in the value chain is still
needed to link the reference to the categories of IS
activities.
Our study compared the IT standards 'processes and best
practices and maps them. As a result of the comparison, all
standards considered have some similarities. Each standard
supports the IS concerns partially, moderately or fully
which can help companies to implement these standards
together to improve their IT services and their business
productivity.IJCSI International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, January 2015
ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784
www.IJCSI.org1192015 International Journal of Computer Science Issues
Table 1: IS concerns’ area of coverage by IT Frameworks
IS Concerns /Framework
Manage Budget
Manage Competences
Manage quality and intern
control
Manage risks
Manage services
Manage changes
Manage needs
Manage incidents
Manage problems
Manage put into production
Manage configurations
Assist client
Manage projects
Develop IT solutions
Manage supplier
relationship
Manage billing
Manage security and
continuity
Manage communication
Manage legal compliance
Manage quality
Manage capacity
Manage availability
Approach adopted
Associated standards
Compatible standards
ITIL +++ +++ +++ +++ +++ +++ +++ + ++ ++ ++ +++ +++ Process based on
client satisfaction ISO 20000
ISO 20000
ISO27001
CMMI
COBIT
COBIT + + ++ + ++ ++ + + + ++ + + + ++ ++ + ++ +
Indicators and
metrics.
Process
ITIL, ISO
17799,
COSO
PMBOK ++ + + + + + +++ + +
Model of « best
practices »
organized on 44
process
CMMI
ISO 9001
CMMI +++ + + ++ +++ ++ ++
Approach by
process and
« maturity » Models
Six Sigma ITIL
COBIT
ISO
27001 +++ ++
Best practices and
action plans to
ensure a good level
of security
ISO 27000,
ISO 27002,
ISO 27003,
ISO 27004,
ISO 27005,
ISO 27006/7
COBIT
ITIL
CMMI
Val IT + + + + + Best practices COBIT
COBIT
ITIL
CMMI
eTOM + + ++ + + + + + + + ++ ++ ++ ++ ++ +++ +++ ++ ++ +++ +++ +++ By process
The following
Tm-forum to
be
considered:
E-tom, TAM,
SID and TNA
COBIT
ITIL
27001
+ Partially supported.
++ Moderately supported.
+++ Fully supportedIJCSI International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, January 2015
ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784
www.IJCSI.org1202015 International Journal of Computer Science Issues
IS Concerns /Framework
Manage Budget
Manage Competences
Manage quality and intern
control
Manage risks
Manage services
Manage changes
Manage needs
Manage incidents
Manage problems
Manage put into production
Manage configurations
Assist client
Manage projects
Develop IT solutions
Manage supplier
relationship
Manage billing
Manage security and
continuity
Manage communication
Manage legal compliance
Manage quality
Manage capacity
Manage availability
Approach adopted
Associated standards
Compatible standards
ITIL +++ +++ +++ +++ +++ +++ +++ + ++ ++ ++ +++ +++ Process based on
client satisfaction ISO 20000
ISO 20000
ISO27001
CMMI
COBIT
COBIT + + ++ + ++ ++ + + + ++ + + + ++ ++ + ++ +
Indicators and
metrics.
Process
ITIL, ISO
17799,
COSO
PMBOK ++ + + + + + +++ + +
Model of « best
practices »
organized on 44
process
CMMI
ISO 9001
CMMI +++ + + ++ +++ ++ ++
Approach by
process and
« maturity » Models
Six Sigma ITIL
COBIT
ISO
27001 +++ ++
Best practices and
action plans to
ensure a good level
of security
ISO 27000,
ISO 27002,
ISO 27003,
ISO 27004,
ISO 27005,
ISO 27006/7
COBIT
ITIL
CMMI
Val IT + + + + + Best practices COBIT
COBIT
ITIL
CMMI
eTOM + + ++ + + + + + + + ++ ++ ++ ++ ++ +++ +++ ++ ++ +++ +++ +++ By process
The following
Tm-forum to
be
considered:
E-tom, TAM,
SID and TNA
COBIT
ITIL
27001
+ Partially supported.
++ Moderately supported.
+++ Fully supportedIJCSI International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, January 2015
ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784
www.IJCSI.org1202015 International Journal of Computer Science Issues
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Introduction to ITIL BRMlg...
|6
|610
|58