knowledge in is it processes and standards n.
Skip this Video
Loading SlideShow in 5 Seconds..
Knowledge in IS/IT processes and standards PowerPoint Presentation
Download Presentation
Knowledge in IS/IT processes and standards

Loading in 2 Seconds...

play fullscreen
1 / 207

Knowledge in IS/IT processes and standards - PowerPoint PPT Presentation

  • Uploaded on

Knowledge in IS/IT processes and standards. Advisor : Dr. Celeste Ng Reporters : GROUP 5 組員名單 : 951610 范博鈞 951614 林岳德 951716 林聖哲 961756 林鄭皓 971706 江宗翰 971743 張凱鈞 971744 李乃昊 971748 李柏瑾 971758 黃堃嘉 971665 羅彥騏 971766 莊舜翔.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Knowledge in IS/IT processes and standards' - maddox

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
knowledge in is it processes and standards

Knowledge in IS/IT processes and standards

Advisor:Dr. Celeste Ng

Reporters:GROUP 5


951610 范博鈞 951614 林岳德

951716 林聖哲 961756 林鄭皓

971706 江宗翰 971743 張凱鈞

971744 李乃昊 971748 李柏瑾

971758 黃堃嘉 971665 羅彥騏

971766 莊舜翔

what are the existing is it standards available for
What are the existing IS/IT standards available for
  • System Development
    • ISO15288 & ISO12207
  • System Maintenance
    • ISO27000 & BS7799
  • Software process improvement
    • IEEE1219 & ISO15504 & CMMI
  • IT Governance
    • ISO38500 & COBIT & ITIL
for system development
For System Development

ISO/IEC 15288

Systems Engineering - System Life Cycle Processes

971766 莊舜翔

iso 15288 introduction
ISO 15288-Introduction
  • The ISO/IEC 15288 is a Systems Engineering standard covering processes and life cycle stages.
  • Initial planning for the ISO/IEC 15288:2002(E) standard started in 1994 when the need for a common Systems Engineering process framework was recognised.
iso 15288 history
ISO 15288-history
  • The first edition was issued on the 1st of November 2002.
  • In 2004 this standard was adopted as IEEE 15288.
  • ISO/IEC 15288 has been updated 1 February 2008 and was edited by Stuart Arnold until 2004.

Process name



Analyze needs

Identify concepts

Develop solutions

Identify stakeholders’ need

Propose viable solutions

concept stage purpose outcomes
Concept Stage Purpose & Outcomes
  • Concept Stage Purpose:
    • Assess new business opportunities
    • Develop preliminary systems requirements
    • Design viable solution
  • Concept Stage Outcomes:
    • identify new system concepts
    • offer new capabilities
    • enhance overall performance
    • improve life cycle costs


Process name



Meet customer requirements

Determine system components

Design programs

Fabricate programs

Integrate systems

Refine system requirements

Build the system

development stage purpose outcomes
Development Stage Purpose & Outcomes
  • Development Stage Purpose:
    • meets acquirer performance requirements
  • Development Stage Outcomes
    • Evaluated and refined system requirements
    • Confirm the system meets all system requirements
    • Can become product
    • Operate order easy


Process name



Meet customer requirements

produce system

verify and validate system

Inspect and test system

Complete systems engineering

Project of system

production stage purpose outcomes
Production Stage Purpose & Outcomes
  • Production Stage Purpose:
    • produce or manufacture the system products
    • produce related supporting
  • Production Stage Outcomes:
    • Package product transfer to distribution customers


Process name



Need inadequacy

Remove the system

Backup data

Keep of system’s data

Employ systems

retirement stage purpose outcomes
Retirement Stage Purpose & Outcomes
  • Retirement Stage Purpose:provide for
    • Remove of a system
    • Related operational
    • Support services
  • Retirement Stage Outcomes:
    • Remove of waste
    • Required system decommissioning, including disposal, refurbishing, or recycling, in accordance with applicable laws and regulations
applicability of iso iec 15288
Applicability of ISO/IEC 15288
  • Key business domains
    • Aerospace
    • Telecommunications
    • Transportation systems
    • Military systems
    • Finance and Administrative systems
    • Information Technology system


for system development1
For System Development

ISO/IEC 15288

Systems Engineering - System Life Cycle Processes


a life cycle example
A Life Cycle Example
  • 1. Concept stage
  • 2. Development stage
  • 3. Production stage
  • 4. Utilization stage
  • 5. Support stage
  • 6. Retirement stage
support stage purpose
Support Stage Purpose

To provide logistics, maintenance, and support services that enable continued system operation and a sustainable service.

support stage 1

Support Stage(1)

●The Support Stage begins with providing

maintenance, logistics and other support for

the system operations and use.

support stage 2
Support Stage(2)

●This stage includes monitoring performance of the support system and services and the identification, classification, and reporting of anomalies, deficiencies, and failures of the support system and services.

support stage 3
Support Stage(3)
  • Actions to be taken as a result of identified

problems include maintenance and minor

modification of the support system and services,

major modification of the support system or

services (reference Development and

Production Stages).

support stage 4
Support Stage(4)
  • During this stage the support system and services can evolve under different versions or configurations.
  • presumed that the organization has available the support which includes the support sites, facilities, equipment and tools, trained support personnel; and maintenance manuals and procedures.
support stage outcomes 1
Support Stage Outcomes(1)

1. Trained personnel who will maintain and provide other support services.

2. Organizational interfaces with the operating and production organizations that ensure problem resolution and corrective actions.

3. Maintained system product and services and the provision of all related support services, including logistics, to the operational sites.

4. Provide product and service maintenance and correct design deficiencies.

support stage outcomes 2
Support Stage Outcomes(2)

5. A spare parts inventory sufficient to satisfy operational availability goals.

6. Plans and decision criteria for exiting the next stage.

7. Current risks and mitigating actions identified.

8. Transition to Retirement or the next stage in the system life cycle model.



for system development2
For System Development

ISO/IEC 12207

ISO for software Development


what is iso iec 12207
What is ISO/IEC 12207?


ISO standard for software lifecycle processes.

standard that defines all the tasks required for developing and Maintaining software.


three primary life cycle processes
Three primary life cycle processes
  • primary life cycle processes
  • supporting life cycle processes
  • organizational life cycle
  • processes
primary life cycle processes
Primary life cycle processes
  • Acquisition process
  • Supply process
  • Development process
  • Operation process
  • Maintenance process
iso iec 12207 for software development
ISO/IEC 12207 for software Development
  • Project
  • Process implementation
  • Software installation
  • Software acceptance support
  • System
  • System requirements analysis
  • System architectural design
  • System integration
  • System qualification testing
  • Software
  • Software requirements analysis
  • Software architectural design
  • Software detailed design
  • Software coding and testing
  • Software integration
  • Software qualification testing
iso iec 12207 for software development1
ISO/IEC 12207 for software Development
  • Process implementation
  • Define software life cycle
  • model.
  • Select and use standards,
  • tools, languages.
  • Document development
  • plans.
  • Deliver all needed products


iso iec 12207 for software development2
ISO/IEC 12207 for software Development
  • System requirements analysis
  • Specify system requirements.
  • System architectural design
  • Establish top-level architecture.
iso iec 12207 for software development3
ISO/IEC 12207 for software Development
  • Software requirements analysis
  • Document software requirements.
  • comprehensive description of the intended purpose and environment for software under development.
iso iec 12207 for software development4
ISO/IEC 12207 for software Development
  • Software architectural design
  • Transform requirements into
  • architecture.
  • Document top-level design for
  • interfaces.
  • Document top-level design for
  • database.
  • Document preliminary user
  • documentation.
  • Document preliminary test requirements.
iso iec 12207 for software development5
ISO/IEC 12207 for software Development
  • Software detailed design
  • Document design for each component.
  • Document design for interfaces.
  • Document design for database.
  • Update user documentation.
  • Document unit  test requirements.
  • Update integration test requirements.
iso iec 12207 for software development6
ISO/IEC 12207 for software Development
  • Software Construction
  • Software coding and testing
  • Document and tests each unit,
  • database .
  • Conduct and document unit
  • testing.
  • Update user documentation.
  • Update integration test requirements.
  • Evaluate code and test results
iso iec 12207 for software development7
ISO/IEC 12207 for software Development
  • Software integration
  • Document integration plans.
  • Conduct and document
  • integration tests.
  • Update user documentation.
  • Document qualification tests.
iso iec 12207 for software development8
ISO/IEC 12207 for software Development
  • Software qualification testing
  • Conduct and document qualification
  • testing.
  • Update user documentation.
  • Prepare product for next phase.
iso iec 12207 for software development9
ISO/IEC 12207 for software Development
  • System integration
  • Integrate software with hardware
  • & others.
  • Document integration tests.
  • System qualification testing
  • Conduct and document
  • qualification tests.
  • Prepare product for installation
iso iec 12207 for software development10
ISO/IEC 12207 for software Development
  • Software installation
  • Plan installation in target
  • environment.
  • Software acceptance support
  • Support acquirer's acceptance
  • tests.
  • Deliver product per contract.
  • Provide training per contract.
  • does not specify the details of how to implement or perform the activities and tasks included in the processes
  • does not imply that such documents be developed or packaged separately or combined in some fashion.


for system maintenance
For System Maintenance

ISO/IEC 12207

ISO for System Maintenance

971748 李柏瑾


A Recommended Software Maintenance Process

1.The process starts with the requirement to maintain a software product and ends with the retirement of the software product.

2.The requirement to maintain software should be included in a system’s specification and may include very specific language with warrantees, maximum time to fix, penalties for bad bug, life cycle description for migration to new version of operating system and hardware within certain time periods.

3.An organization structure must be establish to fix problems, adapt software to new environments, and implement enhancements.

4.Maintenance must be considered as a normal part of a software lifecycle.


The ISO/EIC 12207 Maintenance Process

Purpose is to establish a process that is controllable. This helps

1.reduce effort,

2.improve quality,

3.reduce risks ,

4.keep customers happier. Customer and maintainers each have responsibilities.


The ISO/EIC 12207 Maintenance Process


Inputs: required inputs into an activity

Controls: provides controls (checks and evaluations) of an activity

Support: items that support an activity like defined processes or metric collections

Outputs: outputs from an activity


The ISO/EIC 12207 Maintenance Process



The ISO/EIC 12207 Maintenance Process



The ISO/EIC 12207 Maintenance Process



The ISO/EIC 12207 Maintenance Process



The ISO/EIC 12207 Maintenance Process



The ISO/EIC 12207 Maintenance Process




for system maintenance1
For System Maintenance


Information technology&

Information Security Management Systems

971748 李柏瑾


What is BS7799?

  • Part 1. The code of practice for information security systems
  • Part 2. Specification for Information Security Management Systems - ISMS
  • Destination:
  • Establishing an effective Information Security Management System. Enable companies to manage information security.

BS7799-Part 1


  • This standards prescribes requirements 10 domain:

1. Security Policy

2. Organizational Security

3. Asset Classification and Control

4. Personnel Security

5. Physical and Environmental Security

6. Communications and operations management

7. Access Control

8. Systems development and maintenance

9. Business Continuity Management

10. Compliance



ISMS Process Phases

  • Software process through a defined maintenance process that includes the following phases:


ISMS Process Phases

  • The basic process model includes:






Project Initiation

  • Ensure the commitment of senior management. Select and train members of the initial project team.
  • Select and train members of the initial project team.

Project Initiation

Train members of the initial project team.

Project Initiation





Definition of the ISMS

  • Identify the scope and limits of the information security management framework.
  • This step is crucial to the success of the project.

Definition of the ISMS

Identify the scope and limits

Definition of the ISMS

ISMS scope




Risk Assessment

  • Diagnose the level of compliance with ISO 17799.
  • Compile an inventory of the assets to be protected and assess them.
  • Identify and evaluate threats and vulnerabilities.

Risk Assessment

Identify and evaluate threats and vulnerabilities.

The impact of threats and vulnerabilities

Risk Assessment



Risk Treatment

  • Find out how selecting and implementing the right controls can enable an organization to reduce risk to an acceptable level.

Risk Treatment

Find out how selecting and implementing

Risk management objectives

Risk Treatment

Alternative way


Select the management control objectives

  • Select control goal determination and measure choice.

Select the management control objectives

Select control goal

Select the management control objectives

BS7799 control goal

Control goal


Definition of the ISMS

  • Learn how to validate your management framework and what must be done before you bring in an external auditor for BS 7799-2 certification.
  • Learn more about the steps performed by external auditors and find out about BS7799-2 accredited certification bodies.



Control goal


Audit Conclusion



for software process improvement
For Software Process Improvement


Institute of Electrical and Electronic Engineers

Standard for Software Maintenance

971758 黃堃嘉

ieee std 1219 1998 standard for software maintenance
IEEE Std 1219-1998, Standard for Software Maintenance



Process Name


  • Comprised of 7 phases
    • Problem Identification
    • Analysis
    • Design
    • Implementation
    • System Test
    • Acceptance Test
    • Delivery
ieee std 1219 1998 model
IEEE Std 1219-1998 model

System Test


Problem Identification




Acceptance Test

problem identification
Problem Identification

Uniquely Identify Change Request

Enter Request into Repository

Assign ID number

Classify type of maintenance

Preliminary Estimate

Prioritize Modification

Assign an MR to modification schedules


Change Request

Change Request

MR=Modification Request



Conduct Tech Review

Verify Documentation Update

Verify Test Strategy

Identify Safety and Security Issues

Feasibility Report

Detailed Analysis Report

Updated Requirements

Preliminary Modification List

Test Strategy

Implementation Plan

Validated Change Request

System Documentation

Repository Information

Feasibility Analysis

Detailed Analysis


Conduct software Inspection

Verify Design is Documented

Complete Traceability of Requirement to Design

Identify affected modules

Modify module documentation

Create Test Cases

Identify documentation update requirements

Analysis Phase Output

System Documentation

Source Code, Database

Revised Modification List

Updated Design Baseline

Updated Test Plan

Revised Detailed Analysis

Verified Requirements

Documented Constraints and Risks


Conduct software Inspection

Ensure that unit and integration testing are preformed

Results of Design Phase

System Documentation

Project Documentation

Source Code, Database

Coding and unit testing


Risk analysis

Test-readiness review

Updated software and documents

Statement of Risk

Test-Readiness Review Report

system test
System Test

Place under SCM: Software code, MRs, Test Documentation

System functional test

Interface testing

Regression Testing

Test-readiness review

Updated software documents

Test-Readiness Review Report

Updated System

Tested Fully Integrated System

Test Reports

Test-Readiness Review Report

Regression Testing=Retesting to detect faults introduced by modification

SCM=Software configuration management

MR=Modification Request


acceptance test
Acceptance Test

Execute Acceptance Tests

Report Test Results

Conduct Functional Audit

Establish New Baseline

Place Acceptance Test Documentation Under SCM

Fully Integrated System

Test-Readiness Review Report

Acceptance Test Plans

Acceptance Test Cases

Acceptance Test Procedures

Functional acceptance tests

Interoperability testing

Regression testing

New System Baseline

FCA Report

Acceptance Test Report

FCA= Functional Configuration Audit




Arrange Physical Configuration Audit

Complete Version Description Document

Complete Updates to Status Accounting Database


Version Description Document

Conduct PCA

Notify user community

System for backup

Installation and train customer

Tested/Accepted System

PCA=physical configuration audit

reference material
Reference material

IEEE Software Certification Meets New Standard



CDSA-- Certification and Training for Software Professionals

Document download



for software process improvement1
For Software Process Improvement

ISO/IEC TR 15504

Information technology — Software process assessment

951716 林聖哲

iso iec tr 15504 components
ISO/IEC TR 15504 Components

Part 1

Concepts and introductory guide

Part 9


Part 7

Guide for process improvement

Part 8

Guide for supplier

capability determination

Part 6

Guide to competency of assessors

Part 3

Performing an assessment

Part 4

Guide to performing

An assessment

Part 2

A reference model for process and capability

Part 5

Assessment model and Indicator guidance

iso iec tr 15504 7 scope
ISO/IEC TR 15504-7 Scope

invoking a software process assessment

using the results of a software process assessment

measuring software process effectiveness and improvement effectiveness

identifying improvement actions aligned to business goals

iso iec tr 15504 7 scope cont
ISO/IEC TR 15504-7 Scope (cont.)

using a process model compatible with the reference model defined in ISO/IEC TR 15504-2 as a framework for improvement

issues related to organizational culture in the context of software process improvement

dealing with management issues for software process improvement

step1 examine the organization s needs and business goals
Step1: Examine the organization's needs and business goals
  • A process improvement program starts with the recognition of the organization's needs and business goals. This recognition could be derived from any of the following:
    • formulation of a mission statement or a long-term vision
    • analysis of organization's business goals
step1 examine the organization s needs and business goals cont
Step1: Examine the organization's needs and business goals (cont.)
  • analysis of the organization's current shared values
  • the organization's readiness to undertake a process improvement program
  • data on quality costs
  • other internal or external stimuli
step2 initiate process improvement step3 prepare for and conduct a process assessment
Step2: Initiate process improvementStep3: Prepare for and conduct a process assessment
  • Prepare assessment input:
    • Sponsor
    • Competent assessor
    • Assessment purpose
    • Assessment scope
    • Assessment Constraints
  • Conduct a process assessment
step4 analyze assessment output and derive action plan
Step4: Analyze assessment outputand derive action plan
  • Identify and prioritize improvement areas
    • Analyse assessment results
    • Analyse the organization's needs and improvement goals
    • Analyse effectiveness measurements
    • Analyse the risks in not achieving improvement goals
step4 analyze assessment output and derive action plan cont
Step4: Analyze assessment outputand derive action plan (cont.)
    • Analyze risks of improvement action failure
    • List improvement areas
  • Define specific improvement goals and set targets
  • Derive action plan
step5 implement improvements
Step5:Implement improvements

Operational approach to implementation

Detailed implementation planning

Implementing improvement actions

Monitoring the process improvement project

step6 confirm improvements
Step6:Confirm improvements

Improvement targets

Organizational culture

Re-evaluate risks

Re-evaluate cost-benefit

step7 sustain improvement gains step8 monitor performance
Step7:Sustain improvement gainsStep8:Monitor performance

Monitoring performance of the software process

Reviewing the process improvement program



for software process improvement2
For Software Process Improvement


Capability Maturity Model Integration

951610 范博鈞

what is cmmi
What is CMMI?
  • Capability Maturity Model Integration (CMMI) is a process imporvement approach whose goal is to help organizations improve their performance.
  • The U.S. Department of Defense entrust Carnegie Mellon University Software Engineering Institute(SEI).
  • CMMI can be used to guide process improvement across a project, a division, or an entire organization.
maturity level

Level 5 (Optimizing)



Level 3


Level 2


Level 1


Maturity Level
maturity level cont
Maturity Level (cont.)
  • Level 1 : Initial
  • Handling project clueless.
  • This level of organization is a mess and full of uncertainty.
  • Level 2 : Repeatable
  • Developing certain activities (ex : interview , people training… and so on) which is reusable method.
  • Establish a basic labor practice to execute the responsibilities and training is the main goal.
maturity level cont1
Maturity Level (cont.)
  • Level 3 : Defined
  • Integrating software engineering and management processes as a system.
  • Identifying the organization’s common needs and the various units of knowledge and skills.
  • Established and improving the organization’s set of standard processes over time.
maturity level cont2
Maturity Level (cont.)
  • Level 4: Managed
  • Develope a mechanism by high-performance, competency-based team to deploy its capabilities more efficiently .
  • Level 5 : Optimizing
  • Emphasizing the continuous improvement of individual ability in the maturity level is this organization's main features.
  • Revising continually to reflect changing business objectives , and using as criteria in managing process improvement.
process areas cont
Process Areas (cont.)
  • Level 2 process areas
  • CM - Configuration Management
  • MA - Measurement and Analysis
  • PMC - Project Monitoring and Control
  • PP - Project Planning
  • PPQA - Process and Product Quality Assurance
  • REQM - Requirements Management
  • SAM - Supplier Agreement Management
process areas cont1
Process Areas (cont.)
  • Level 3 process areas
  • DAR - Decision Analysis and Resolution
  • IPM - Integrated Project Management
  • OPD - Organizational Process Definition
  • OPF - Organizational Process Focus
  • OT - Organizational Training
  • PI - Product Integration
  • RD - Requirements Development
  • RSKM - Risk Management
  • TS - Technical Solution
  • VAL - Validation
  • VER - Verification
process areas cont2
Process Areas (cont.)
  • Level 4 process areas
  • OPP - Organizational Process Performance
  • QPM - Quantitative Project Management
  • Level 5 process areas
  • CAR - Causal Analysis and Resolution
  • OPM - Organizational Performance Management
cmmi implementation steps

Secure Sponsorship and Funding

Take Core Training

Form a Process Group

Prepare Your Organization for


Know Where You Are

Know Where You Are Going

Track Your Progress

Communicate and Coordinate

CMMI Implementation Steps
cmmi implementation steps1
CMMI Implementation Steps
  • 1. Secure Sponsorship and Funding

Ensure that your process improvement program has a senior management sponsor and funding.

  • 2. Take Core Training

To understand basic concepts of the CMMI Product Suite, attend Introduction to CMMI for Development v1.3 or Introduction to CMMI for Services.

cmmi implementation steps2
CMMI Implementation Steps
  • 3. Prepare Your Organization for Change.

Treat process improvement as a project. Establish the business reasons and the business goals for the effort.

  • 4. Form a Process Group.

This group coordinates process improvement activities across the enterprise and exists for the duration of the process improvement activity

cmmi implementation steps3
CMMI Implementation Steps
  • 5. Know Where You Are.

Do a survey to gather data from managers, project leads, and workers to gauge cultural opportunities and barriers to change.

  • 6. Know Where You Are Going.

Using the same format as the picture of where you are, create a picture of where you want to be.

cmmi implementation steps4
CMMI Implementation Steps
  • 7. Communicate and Coordinate.

Share the plan with everyone who will be affected and listen to their comments.

  • 8. Track Your Progress.

Compare the picture of where you are to the one of where you want to be.

cmmi implementation steps5
CMMI Implementation Steps

Software Engineering Institute, SEI



team of cmmi
Team of CMMI
  • Steering Committee
  • Set the strategic direction and long-term goals
  • Development of company-level decision-making
  • Promotion Committee
  • Developing or approving the decision making process, audit process system files
  • Investigating the problems of the quality system and suggesting issues of how to improve
  • Tracking the effectiveness of quality systems and Improve the situation of fault.
team of cmmi cont
Team of CMMI (cont.)
  • Process Improvement Team
  • Establishing implement policies of CMMI (R) and standards for various types of project implementation process
  • Planning and implementation of promotional effortsCombine and analysis the data of process implementation
  • Coordinating and integratiing the various department leaders and project manager to participate in process improvement activities
team of cmmi cont1
Team of CMMI (cont.)
  • Quality Assurance Group
  • Planning to promote the department’s quality assurance work
  • Executing assessment of product sampling to assess the quality of the project products
  • Executing internal audit to assess the degree of process compliance
  • Productivity increase about 10% to 20% increase.
  • Product error rate was reduced by approximately one order of magnitude.
  • The prediction and control of the project increased to about 40% to 50%.
  • Software enhance each maturity level can be reduced about 5% to 10% of development costs.


for it governance
For IT Governance

ISO 38500

International Standard for Corporate Governance of IT

971706 江宗翰


What is ISO/IEC 38500

1.Corporate governance of information technology standard

2.Provides a framework for effective governance of IT to assist organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.



Provide a framework of principles for Directors to use when evaluating, directing and monitoring the use of IT in their organizations.

‧Assuring stakeholders that they can have confidence in the organization's corporate governance of IT

‧Informing/guiding Directors in governing the use of IT in their organization

‧Providing a basis for objective evaluation of the corporate governance of IT

‧intended to guide those involved in designing and implementing the management system of those policies and processes that support governance.


Framework for Good Corporate Governance of IT

  • Activities





‧6 principles for good corporate governance of IT

    • Responsibility
    • Strategy
    • Acquisition
    • Performance
    • Conformance
    • Human Behavior


Examine and make judgment on the current and future use of IT.

2. Consider the external or internal pressures acting upon the business, such as technological change, economic and social trends, and political influences.

3. Undertake evaluation continually, as pressures change.

4. Take account of both current and future business needs.



1.Have responsibility for, and direct preparation and implementation of plans and policies.

2.Ensure that the transition of projects to operational status is properly planned and managed.

3.Encourage a culture of good governance of IT in their organization by requiring managers to provide timely information, to comply with direction and to conform with the six principles of good governance.

4.Direct the submission of proposals for approval to address identified needs.



Monitor, through appropriate measurement systems, the performance of IT. They should reassure themselves that performance is in accordance with plans, particularly with regard to business objectives.

2. Make sure that IT conforms with external obligations (regulatory, legislation, common law, contractual) and internal work practices.


The six principles (1)

Principle 1: Responsibility

Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT.

Principle 2: Strategy

The organization’s business strategy takes into account the current and future capabilities of IT.

Principle 3: Acquisition

IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision making.


The six principles (2)

Principle 4: Performance

IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.

Principle 5: Conformance

IT complies with all mandatory legislation and regulations.

Principle 6: Human Behavior

IT policies, practices and decisions demonstrate respect for Human Behavior, including the current and evolving needs of all the ‘people in the process’.



Directors should govern IT through three main tasks:

─Evaluate the current and future use of IT.

─Direct preparation and implementation of plans and policies to

ensure that use of IT meets business objectives.

─Monitor conformance to policies, and performance

against the plans.



Model for Corporate Governance of IT


Guidance for the corporate governance of IT

Principle 1: Responsibility

Evaluate assigned responsibilites


Direct plans according to

assigned responsbilites


Monitor assigned resposibilities



Guidance for the corporate governance of IT

Principle 2: Strategy

Evaluate developments and

business processes


Direct preparation and use of plans and policies


Monitor the process of approved IT proposals



Guidance for the corporate governance of IT

Principle 3: Acquisition

Evaluate options for providing IT


Direct that IT assets whether be acquired or not


Monitor IT investments



Guidance for the corporate governance of IT

Principle 4: Performance

Evaluate the risk to continued operation of the business


Ensure allocation of sufficient resouces


Monitor the extent to which IT does support the business



Guidance for the corporate governance of IT

Principle 5: Conformance

Evaluate the organiztion’s internal conformance


Direct that all actions relating to IT be ethical


Monitor IT compliance and comformance



Guidance for the corporate governance of IT

Principle 6: Human Behavior

Evaluate IT activities


Direct that IT activities are consistent with identified human behavior



Monitor IT activities to ensure that remain relevant



for it governance1
For IT Governance


Control Objectives for Information &

related Technology

951614 林岳德

control objectives for information related technology
Control Objectives for Information & related Technology
  • COBIT was first released in 1996.
  • Developed by the international Information Systems Audit and Control Association (ISACA)
  • COBIT is an IT governance framework and supporting toolset.
control objectives for information related technology1
Control Objectives for Information & related Technology

The process focus of COBIT is illustrated by a process model that subdivides IT into four domains

  • Plan and Organize
  • Acquire and Implement
  • Deliver and Support
  • Monitor and Evaluate
cobit domains
  • Plan and Organise (PO)

Provides direction to solution delivery (AI) and service delivery (DS).

  • Acquire and Implement (AI)

Provides the solutions and passes them to be turned into services.

  • Deliver and Support (DS)

Receives the solutions and makes them usable for end users.

  • Monitor and Evaluate (ME)

Monitors all processes to ensure that the direction provided is followed.

information criteria1
Information Criteria
  • Effectiveness
  • Efficiency
  • Confidentiality
  • Integrity
  • Availability
  • Compliance
  • Reliability of Information
it resources1
IT Resources
  • Applications are the automated user systems and manual procedures that process the information.
  • Information is the data, in all their forms, input, processed and output by the information systems in whatever form is used by the business.
  • Infrastructure is the technology and facilities that enable the processing of the applications.
it resources cont
IT Resources(cont.)
  • People are the personnel required to plan, organise, acquire, implement, deliver, support, monitor and evaluate the information systems and services. They may be internal, outsourced or contracted as required.
plan and organize
Plan and Organize
  • PO1 Define a strategic IT plan
  • PO2 Define the information architecture
  • PO3 Determine the technological direction
  • PO4 Define the IT organization and relationships
  • PO5 Manage the IT investment
  • PO6   Communicate management aims and direction
  • PO7 Manage human resources
  • PO8 Ensure compliance with external


  • PO9   Assess risks
  • PO10 Manage projects
  • PO11 Manage quality
acquire and implement
Acquire and Implement
  • AI1 Identify automated solutions
  • AI2 Acquire and maintain application software
  • AI3 Acquire and maintain technology infrastructure
  • AI4 Develop and maintain procedures
  • AI5 Install and accredit systems
  • AI6 Manage changes  
deliver and support
Deliver and Support
  • DS1 Define and manage service levels
  • DS2 Manage third-party services
  • DS3 Manage performance and capacity
  • DS4 Ensure continuous service
  • DS5   Ensure systems security
  • DS6 Identify and allocate costs
  • DS7 Educate and train users
  • DS8   Assist and advise customers
  • DS9 Manage the configuration
  • DS10 Manage problems and incidents
  • DS11 Manage data
  • DS12 Manage facilities
  • DS13 Manage operations
monitor and evaluate
Monitor and Evaluate
  • M1 Monitor the processes
  • M2 Assess internal control adequacy
  • M3 Obtain independent assurance
  • M4 Provide for independent audit  


for it governance2
For IT Governance


Information Technology Infrastructure Library

Part of ServiceSupport

971744 李乃昊


IT Service Management is a process-based practice intended to align the delivery of information technology services with needs of the enterprise.

Emphasizing benefits to customers.

ITSM involves a paradigm shift from managing IT as stacks of individual components .

Focusing on the delivery of end-to-end services using best practice process models. 

itsm 4 quadrants
ITSM 4 Quadrants
  • 1.People
  • 2.Organization
  • 3.Process-------ITIL
  • 4.Technology


  • Version 1
    • IT = Technology Provider (Functional Base)
  • Version 2
    • Service Provider (Process Oriented)
  • Version 3
    • Strategic Partner (Lifecycle management)
itil v2

ITIL is a set of concepts and practices for Information Technology Services Management (ITSM), IT development and IT operations.

ITIL gives detailed descriptions of a number of important IT practices.

ITIL Provides comprehensive checklists, tasks and procedures that any IT organization can tailor to its needs.

ITIL is a globally recognized collection of best practices for information technology (IT) service management.


Information flow modularization

For manage IT Infrastructureincluding hardware, software, organization communicating, process, documents and employee.


Help Desk

5 management process modules of

IT Service Support

5 it service support
5 IT Service Support

1. Incident Management

2. Problem Management

3. Change Management

4. Release Management

5. Configuration Management

service support help desk
Service Support(Help Desk)
  • The biggest task of help desk is to record , solve and monitor all the problem of the IT service support process.(ex. Accept RFC ,Request for change)
  • The ways to contact help desk can be by phones ,fox ,email ,and online services.
  • Help desk can be:

Customer ,back office support , service support、service delivery、other related processes

incident management
Incident Management

 An Incident is any event which is not part of the standard operation of a service .

Which causes, or may cause, an interruption to, or a reduction in the quality of that service.

Incident Management is to restore normal service operation as quickly as possible with minimum disruption to the business.

problem management
Problem Management

Problem Control is to turn problems into Known Errors.

Error Control can propose the relevant solutions.

A problem is a condition often identified as a result of multiple incidents that exhibit common symptoms.

A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a work-around.

change management
Change Management

Change Management aims to ensure that standardised methods and procedures are used for efficient handling of all changs.

A change is "an event that results in a new status of one or more configuration items " 

release management
Release Management

It is used by the software migration team for platform-independent and automated distribution of software and hardware.

Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management.

the goals of release management include
The goals of release management include:

Planning the rollout of software

Designing and implementing procedures for the distribution and installation of changes to IT systems

Effectively communicating and managing expectations of the customer during the planning a

Controlling the distribution and installation of changes to IT systemsnd rollout of new releases

configuration management
Configuration Management

Configuration Management is the management and traceability of every aspect of a configuration from beginning to end.

 The configurations are stored in a configuration management database (CMDB) which consists of entities, called Configuration Items (CI)




for it governance3
For IT Governance


Information Technology Infrastructure Library

Part of Service Delivery

971743 張凱鈞

five processes of service delivery
Five Processes of Service Delivery

Service Level Management

Availability Management

Capacity Management

IT Service Continuity Management

Financial Management for IT Services

service level management
Service Level Management
  • Goals
    • Maintain and improve IT Service quality
    • Constant cycle of agree, monitor, report and act
    • Better relationship with Customer
  • Benefits
    • Services designed to meet SLRs
    • Improved relationship with satisfied Customers
    • Clear roles and responsibilities

*SLR : Service Level Requirements

service level management process flow 1
Service Level ManagementProcess Flow(1)
  • Established Function
    • Planning
    • Implementation
  • Implement SLAs
    • Catalog of Services
    • Draft
    • Negotiate
    • Review UCs and OLAs
    • Agree SLAs

*SLA : Service Level Agreements

*OLA : Operating Level Agreements

*UC : Underpinning Contract

service level management process flow 2
Service Level Management Process Flow(2)
  • Manage the ongoing process
    • Monitor
    • Report
    • Review
  • Periodic reviews
    • Review SLAs, OLAs and UCs
    • Review SLM process
availability management
Availability Management
  • Goals
    • Deliver cost-effective & sustained Availability
    • Determine business requirements
    • Provide alternatives & costing to fill gaps
    • Monitor & measure to ensure Availability is provided
    • Continuous improvement to optimize
  • Benefits
    • Identify shortfalls, identify & implement corrections
    • Business & User perspective to ensure optimal usage
concept of availability management
Concept of Availability Management



Continuing operations

highly availability

Can be sustained

Reduce the interruption of a predictable impact on users

Reduce unpredictable interruption impact on users

To avoid any interruption to the user impact

availability management process flow 2
Availability Management Process Flow(2)
  • Define business Availability requirements
  • Analysis IT infrastructure and review capability
  • Agree Availability requirements
  • Identify Specify serviceability requirements
  • Identify Specify reliability, resilience and maintenance requirements
  • Test for meeting Availability requirements
  • Monitor compliance to Availability requirements
capacity management
Capacity Management
  • Goals
    • Ensure cost justifiable IT Capacity always exists
    • Match Capacity to current & future Business needs
  • Benefits
    • Increased efficiency and cost savings
    • Reduced risk
    • More confident forecasts
    • Add value to applications lifecycle
capacity management process flow 2
Capacity ManagementProcess Flow(2)
  • Implementation
    • Ensure that resources that service vital business functions and all services covered by Service Level Agreements are monitored.
  • Monitoring
    • Monitoring should be implemented through a Request for Change and then remain active until a future Request for Change authorizes retirement.
  • Analysis
    • Analysis should occur proactively to investigate trends and anticipate Problems.
  • Tuning
    • Resource optimization will occur when an Analysis reveals a weakness.
financial management
Financial Management
  • Goals
    • Cost effective stewardship of IT resources
    • Account fully for spend on IT Services
    • Attribute costs to appropriate Services
    • Provide detailed business cases for Changes
  • Benefits
    • Increased confidence in budgeting
    • Accurate cost information
    • More efficient use of IT resources
    • Increased IT professionalism
financial management process flow 2
Financial ManagementProcess Flow(2)
  • Identify business IT requirements
    • The process of Financial Management should be based upon an annual budget.
  • Create IT operational plan (including Budgets)
    • Predict the money required to run IT Services for a given period
    • Ensure that actual spend can be compared with predicted spend at any point
    • Reduce the risk of overspending
financial management process flow 3
Financial ManagementProcess Flow(3)
  • Analysis the cost(Accounting)
    • Account for the money spent in providing IT Services
    • Calculate the cost of providing IT Services to both internal and external Customers
    • Perform cost-benefit or Return-on-Investment analyses
    • Identify the cost of Changes
  • Charges
    • Recover the costs of the IT Services from the Customers of the service
  • Feedback of proposed changes to business
    • Management to ensure that the required services are delivered with cost-effective utilization of the capacity.
it service continuity management
IT Service ContinuityManagement
  • Goals
    • Support overall Business Continuity Management
    • Ensure IT resources can be recovered within required and agreed business timescales
  • Benefits
    • Comply with regulatory requirements
    • Improve relationship with Business
    • Competitive advantage
it service continuity management process flow 2
IT Service Continuity Management Process Flow(2)
  • Stage1 Initiation
    • Initiate BCM
  • Stage2 Define Requirements and Strategy
    • Business Impact Analysis
    • Risk Assessment
    • Business Continuity Strategy
it service continuity management process flow 3
IT Service Continuity Management Process Flow(3)
  • Stage3 Implementation
    • Organization and Implementation Planning
    • Implement Risk Reduction Measures
    • Implement Stand-by Arrangements
    • Develop Recovery Plans
    • Develop Procedures
    • Initial Testing
it service continuity management process flow 4
IT Service Continuity Management Process Flow(4)
  • Stage4 Operational Management
    • Education and Awareness
    • Training
    • Review and Audit
    • Testing
    • Change Management
    • Assurance
itil certification
ITIL Certification

The ITIL Certification Management Board (ICMB) manages ITIL certification.

EXIN and BCS/ISEB(the British Computer Society) are the examination providers , provide ITIL exams and accredit ITIL training providers .