BLOG

The Building Blocks of Production Support: ITIL and COBIT

Posted by Srinivas Pachigolla on 08 Apr 2019

As an electronic bill presentment and payment (EBPP) solution provider, Production Support is one of the most critical services that we offer to our clients. This allows them to focus on the results of their electronic bill payments program rather than the people, technology, and processes that help keep it running. In doing so, we can deliver the most seamless experience to our community.

Our Production Support capability is guided by two core approaches that help set appropriate expectations with our clients while allowing us to deliver the best service possible. They include the Information Technology Infrastructure Library and Control Objectives for Information and Related Technologies. Here’s an overview of these two approaches, and their related disciplines, that form our foundation of Production Support.

ITIL - Information Technology Infrastructure Library (ITIL)

The ITIL is a library that provides a framework of best practices for delivering information technology (IT) services. The ITIL Service Lifecycle has five phases including Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. Here’s a brief overview of each phase of the lifecycle:

  • Service Strategy - provides guidance on how to design, develop, and implement IT Service Management
  • Service Design - provides guidance on how to design/develop services and IT Service Management processes that support existing strategies
  • Service Transition - teaches IT professionals and their colleagues to manage changes efficiently with limited disruption
  • Service Operation - offers guidance on practical aspects of daily business operations; helps ensure smooth delivery of services to customers with minimal interruptions
  • Continual Service Improvement - helps professionals identify areas for improvement

While an individual can receive ITIL certifications, it’s important to note that organizations cannot. Rather, individuals that achieve ITIL certifications can help implement these practices within their organizations.

Related: Information Technology Service Management (ITSM)

ITSM is a holistic approach that shapes how organizations manage IT services for their customers. It ensures that processes, people, and technology are properly aligned to help a business meet its goals while constantly evolving to meet changing needs. Software solutions that support ITSM are typically designed to align with ITIL best practice recommendations.

Related: ISO 20000

Published by the International Organization for Standardization (ISO) and the International Electoral Commission (IEC), ISO 20000 is a global set of service delivery standards that outlines requirements for an ITSM system. Businesses can gain certification by proving that they’re following best practices. This is different from ITIL, which provides certification for individuals rather than businesses.

While ISO 20000 and ITIL complement one another, they also have some key differentiators. The major difference is that there are “must do” guidelines applicable to ISO 20000 that work with ITIL’s best practice framework.

Related: Capability Maturity Model Integration (CMMI and CMMI-SVC)

CMMI is a framework for software industries that includes regular evaluation by the CMMI Institute. Companies are rated on their maturity level, with the goal of achieving a high level (Level 5 is the top). CMMI can be used to guide process improvement for a specific project, division, or organization.

CMMI defines the following maturity levels:

  1. Initial - unpredictable, reactive processes that are poorly controlled
  2. Managed - processes (often reactive) that are characterized for projects
  3. Defined - proactive processes characterized for the organization; projects tailor their processes from an organization’s standards
  4. Quantitatively Managed - measured and controlled processes
  5. Optimizing - process improvement

For service providers, a variation called the CMMI-SVC model is used to apply CMMI best practices. These best practices are designed to help deliver quality services both to customers and end users.

Control Objectives for Information and Related Technologies (COBIT)

COBIT is a framework created by ISACA for IT management and IT governance. COBIT provides, “an implementable set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers."

COBIT components include:

  • Framework - organizes IT governance objectives and good practices by IT domains and processes; links them to business requirements
  • Process Descriptions - provides a common language for the organization
  • Control Objectives - creates a complete set of high-level requirements for management
  • Management Guidelines - helps assign responsibility, agree on objectives, measure performance, and illustrate interrelationships with other processes
  • Maturity Models - assesses maturity/capability per process; aids in addressing gaps

In my next blog, I’ll take a closer look at the five phases of the ITIL Service Lifecycle.

Srinivas Pachigolla Sr. Manager, Operations & GRC Srinivas has extensive professional experience in information security, risk, and governance. He is a member of Alacriti's GRC Team that maintains compliance with PCI DSS, HIPAA/HiTECH, SOC (SSAE18), FFIEC, NIST, and other applicable regulations and standards. Srinivas manages a team of risk and security specialists that perform functions including risk identification, assessment, and treatment.