SoftExpert Software - Software for Excellence
 
Regulations
Overview
ISO 9000
ISO 14000
OHSAS 18000
ISO/TS 16949
FDA 21 CFR Part 11
FDA 21 CFR Part 820
COBIT
SOX
 

   
COBIT
 
   
   
Overview The Challenge ISOSYSTEM Compliance Mapping Industries  

Overview

Control Objectives for Information and Related Technology (COBIT) provides good practices across a domain and process framework. It presents activities in a manageable and logical structure. COBIT’s best business practices represent the consensus of experts. They are strongly focused on control and less on execution. These practices will help optimize IT-enabled investments, ensure service delivery and provide a measure against which to judge when things do go wrong.

For IT solutions to be successful in delivering business requirements, management should put an internal control system or framework in place. The COBIT control framework contributes to these needs by:

  • Making a link to the business requirements;
  • Organizing IT activities into a generally accepted process model;
  • Identifying the major IT resources to be leveraged;
  • Defining the management control objectives to be considered.

Benefits

The benefits of implementing COBIT as a governance framework over IT include:

  • Better alignment, based on a business focus;
  • A view, understandable to management, of what IT does;
  • Clear ownership and responsibilities, based on process orientation;
  • General acceptability with third parties and regulators;
  • Shared understanding amongst all stakeholders, based on a common language;
  • Fulfillment of the COSO requirements for the IT control environment.

The Challenge

Internal IT organizations are under increasing pressure to meet the business goals of their companies. This challenge can be particularly daunting because it involves complying with regulations, such as the Sarbanes-Oxley (SOX) and Basel II. Compliance requires strong corporate governance capabilities that are demonstrable to outside auditors. Because IT plays such a major role in business processes, the IT organization not only creates complexity for the business, but at the same time, provides the means to demonstrate this compliance. Organizations rely on guidelines such as COBIT to help understand and address these challenges.

Implementing COBIT is by no means a trivial task. It requires an organization to address high complexity in three areas: IT infrastructure, IT processes, and COBIT control objectives. Processes are often in silos supporting specific organizational entities, requiring a complex organizational structure to ensure compliance is maintained. Further complicating the problem is that the IT environment is in a constant state of flux. Therefore, manual processes are not viable. They are not sustainable because they are difficult to enforce and monitor. They are not cost efficient. And they depend on dedicated staff willing to maintain a reliable paper trail that can stand up to a rigorous compliance audit.

Technology plays an indispensable role in helping companies achieve the COBIT control objectives. As a result, it's important that the solution also support COBIT. Organizations need to deploy systems-based ITSM solutions to help them conquer the complexity and establish sustainability. Well planned systems-based solutions should cover the full spectrum of ITSM disciplines.

ISOSYSTEM Governance Suite is an easy-to-use, comprehensive compliance solution for automating the four COBIT domains: plan and organize; acquire and implement; deliver and support; and monitor and evaluate. The solution provides the foundation for aligning with COBIT; improving IT processes and controls; and easing compliance with regulations, industry mandates, and internal policies.

With ISOSYSTEM Governance Suite, best practices and processes are easily implemented and enforced to support the IT governance requirements of executives and boards, while also addressing the more detailed requirements of those responsible for solution and service delivery. As a result, companies can optimize IT investments, ensure value delivery and mitigate IT risk in a transparent manner.

 

ISOSYSTEM Compliance Mapping

 

ISOSYSTEM Governance Suite offers automated controls in the areas of:

ISOSYSTEM Module COBIT Compliance and Requirements
ISOSYSTEM Performance
Performance
  • Link Business goals to IT goals.
  • Provides identification of critical dependencies and current performance.
  • Automates the establishment, management and communication of the corporate and IT strategic plan.
  • Enables the company to actively monitor current performance against goals previously defined, and report this performance to auditors and internal stakeholders in real-time.
  • Provides establishment and measurement of key performance indicators related to either business processes or to IT infrastructure elements.
  • Totally compliant with the BSC (Balanced Score Card) methodology.
ISOSYSTEM Risk
Risk
  • Manages enterprise and IT risks.
  • Risks, controls, and tests are linked for traceability.
  • Risk framework can easily be configured to a variety of organizational structures or methodologies, enabling organizations to adapt the solution to their unique systems and processes.
  • Supports a top-down risk assessment approach and a process level risk assessment approach.
  • Automate the tracking of inherent, target and residual risks.
  • Identifies and scores risks based upon significance and likelihood, and track controls related to each risk.
  • Provides a framework for establishing risk management goals and priorities, identifying action plans and ownership, and monitoring progress against goals.
  • Robust reporting features such as dashboards, heat maps and key risk indicators enabling executive monitoring of critical risks.
ISOSYSTEM Project
Project
  • Provides program and portfolio management frameworks for IT investments.
  • Ready to use, proven project management process aligned to de facto standard PMBOK approach.
  • Supports establishment and maintenance of project monitoring, measurement and management system.
  • Automates creation and management of project charters, schedules, quality plans, budgets, and communication and risk plans.
  • Native workflow engine “Team Workflow”, assures participation and commitment of all project stakeholders.
  • Automated task assignments, routing, escalation, review, and approval, increasing efficiency for the team.
  • Audit history always accessible.
  • Provides tailoring of additional and organization unique processes and reporting capabilities.
  • Provides project classification schemes. Projects associated with or impacted by COBIT processes can be tracked and managed.
  • Templates and checklists for tracking and managing changes.
  • Provides project and product development processes.
  • Provides stage-gates approach for projects, including scorecard criteria and criteria for a “go-no-go” decisions.
Service Management
  • Provides a framework for defining and managing IT services.
  • Easy-to-use catalog service builder.
  • Generic, personal and customizable workflow engine to structure the service flows and activities.
  • SLA (Service Level Agreement) Automation and Management.
  • Monitor and report end-to-end service level performance.
  • Automates and manage third-parties and suppliers services and evaluation.
Change Management
  • Automates the process of recording, assessing and prioritization of change requests.
  • Assures that any emergency and critical change follows the approved process.
  • Provides a workflow to authorize changes.
  • Manage and disseminate relevant information regarding changes.
  • Audit history always accessible.
  • Provides stage-gates approach for projects, including scorecard criteria and criteria for a “go-no-go” decisions.
ISOSYSTEM Document
Document
  • Maintains any related COBIT, process and project documentation in a secure, centralized system that can be accessed by users and auditors from virtually anywhere.
  • Automated task assignments, routing, escalation, review, and approval, increasing efficiency for the entire team.
  • Changes are automatically tracked and approvals are streamlined.
  • Enables users and auditors to search and retrieve documents faster and easily, resulting in savings in hours used.
  • Compliance history always accessible.
  • Retains documents according to company policy, anywhere from 24 hours to several years or longer. Retention can be configured by document category.
  • Document the Quality Management System.
  • Ensure only the latest document versions are used.
ISOSYSTEM Process
Process
  • Ensure processes are defined, planned and documented.
  • Ensure processes are monitored and controlled.
  • Creation of approval cycles to enable full visibility and accountability for executive management.
  • Advanced tracking and reporting capability.
  • Real-time view of a company's COBIT environment, allowing continuous monitoring and processes improvement, increasing confidence among executives, process owners, and auditors.
  • Processes can be carried out under controlled conditions: documented instructions, in-process controls, and approval of processes and controls.
ISOSYSTEM Audit
Audit
  • Audits are planned and performed.
  • Results of audits are communicated to management.
  • All findings are corrected and registered.
  • Manage any required corrective action.
  • Ensure corrective actions are carried out on time.
ISOSYSTEM Action
Action
  • Detects and records incidents and problems reports.
  • Automates the full cycle of recording, classification, investigation and diagnose of incidents and problems.
  • Provides classification (severity and impact) and escalation procedures (functional and hierarchical).
  • The causes of problems in processes or controls are identified and registered.
  • Specific problems and their causes are corrected.
  • Effectiveness of corrective actions assessed.
  • Review and disposition of nonconforming processes or controls is formalized.
  • Ensure that appropriate corrective action is decided upon and implemented.
  • Ensure that responsibility for corrective action is clearly defined.
  • Keep records of all complaints and follow-up actions.
  • Correct any deficiencies before they can cause defects in products or processes.
  • Keep records of defects, the investigation of their cause and the corrective actions.
  • Inform users (Status Update).
ISOSYSTEM Competence
Competence
  • Defines job descriptions, positions within all IT department, and identifying specified required responsibilities, authorities, and capabilities.
  • Provides a database of educational institutes and identifies specific competency courses.
  • Schedules training sessions on user-defined calendars - weekly, monthly, or annually - with automatic display of training needs that are pending in a certain period of time.
  • Displays all scheduled training sessions through timesheets, spreadsheets, and Gantt charts, then groups results based on specific IT department, or the entire company.
  • Provides tools for all kinds of competence evaluation.
  • Evaluate employee competencies and skills based on personalized evaluation forms.
  • Calculates the employees' qualification levels based on their job performance, then displays summarized results in charts based on employee, job position, or department.

 

Industries

Automotive

Banking and Finance

Energy

Food & Beverage

Manufacturing

Government entities

High-tech

Healthcare

Pharmaceutical

 
  Products | Solutions | Become a Partner | Company | Customers | News
Home | Resource Center | Information Request form | Contact us | Customer Center | Intranet Partners | Search		  
  Site Map
Copyright © SoftExpert Software - Software for Excellence