The document provides an overview of integrating CMMI, COBIT, and ITIL frameworks. It begins with introducing the IT space and standards. Then it discusses COBIT in more detail, covering its focus, architecture, and maturity model. It compares COBIT to CMMI and maps COBIT processes to CMMI maturity levels. Finally, it examines how COBIT planning and organization, acquisition and implementation, and delivery and support processes relate to CMMI maturity levels.
History of IT Service Management Practices and StandardsRob Akershoek
Evolution of IT service management practices and standards from Top Gun 1 (around 1990) to Top Gun Maverick (2022)
How did the IT management evolve since 1990? When were key standards and practices introduced?
The IT management market has significantly evolved over the last few years e.g. introducing DevOps, Continuous Delivery, Agile Development, SRE and IT4IT. Managing this new multi-vendor ecosystem consisting of cloud, containers and micro-services.
Managing this new digital reality requires you to combine various practices into one integrated Digital Operating Model, to optimize end-to-end IT value streams.
Request to Fulfill Presentation (IT4IT)Rob Akershoek
The Request to Fulfill (R2F) value stream presentation. R2F is one of the four value streams of the IT4IT Reference Architecture of The Open Group.
How to manage your IT organization as a professional IT shop? Provide a self service portal for end-users and IT staff to order IT services and IT resources. Automate the entire process from request to actual deployment and provisioning.
IT4IT and DevOps Tools Landscape (2020).Rob Akershoek
Complete overview of the IT management tooling landscape 2020. Key market players / vendors in the IT4IT and DevOps tooling ecosystem. Automate and streamline your end-to-end DevOps tool chain.
History of IT Service Management Practices and StandardsRob Akershoek
Evolution of IT service management practices and standards from Top Gun 1 (around 1990) to Top Gun Maverick (2022)
How did the IT management evolve since 1990? When were key standards and practices introduced?
The IT management market has significantly evolved over the last few years e.g. introducing DevOps, Continuous Delivery, Agile Development, SRE and IT4IT. Managing this new multi-vendor ecosystem consisting of cloud, containers and micro-services.
Managing this new digital reality requires you to combine various practices into one integrated Digital Operating Model, to optimize end-to-end IT value streams.
Request to Fulfill Presentation (IT4IT)Rob Akershoek
The Request to Fulfill (R2F) value stream presentation. R2F is one of the four value streams of the IT4IT Reference Architecture of The Open Group.
How to manage your IT organization as a professional IT shop? Provide a self service portal for end-users and IT staff to order IT services and IT resources. Automate the entire process from request to actual deployment and provisioning.
IT4IT and DevOps Tools Landscape (2020).Rob Akershoek
Complete overview of the IT management tooling landscape 2020. Key market players / vendors in the IT4IT and DevOps tooling ecosystem. Automate and streamline your end-to-end DevOps tool chain.
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarITSM Academy, Inc.
To successfully achieve IT Service Management (ITSM) best practices, organizations need to adopt multiple ITSM frameworks and standards.
This presentation describes when and how to integrate the most widely used ITSM frameworks and standards, such as ITIL®, COBIT, ISO/IEC 20000 and Microsoft Operations Framework (MOF).
An overview of The Open Group IT4IT Reference Architecture. It is a vendor and product-agnostic value chain-based operating model for managing the business of IT. While providing guidance on the design, procurement and implementation of the functionality needed to run IT, it also enables the systematic tracking of the state of IT services across the service life-cycle using four value streams - Strategy to Portfolio, Request to Fulfill, Requirement to Deploy, and Detect to Correct.
Download presentation from http://opengroup.co.za/presentations
Overview of the IT4IT tooling market in 2022.
Key trends in the IT4IT / DevOps tooling market are:
- Strategic portfolio management / portfolio backlog management (scaling agile on the enterprise level integrating with Enterprise architecture and Application / Product Portfolio Management)
- On-line collaboration & communication tools supporting team of team planning, problem solving, etc.
- Value stream management (an emerging tooling category) providing visibility across the end-to-end IT value streams
- Multi-cloud discovery & visibility on usage, costs and compliance
- Integrating DevOps tool chain (e.g. CICD pipeline) with the ITSM platform and CMDB
- Integrating security, risk and compliance management into the DevOps tool chain
- AIOps and observability management, consoliding metrics, logs, events mapped to a real-time service model
- Security operations, integrating security monitoring, vulnerability scanning, etc. into end-to-end detect to correct value streams
- Enterprise Service Management (ITSM vendors providing omni-channel services across IT, HR, Facilities, Finance, etc.)
- Leveraging AI/ML in various capabilities such test management, security operations, incident management, etc.
- Sustainability management integrated in IRM/GRC platforms
And last but not least:
- Service / Product portfolio management (managing the portfolio of service/applications, supporting product centric operating models, linked to business capabilities, product owners and teams)
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
An overview of The Open Group IT4IT Reference Architecture. It is a vendor and product-agnostic value chain-based operating model for managing the business of IT. While providing guidance on the design, procurement and implementation of the functionality needed to run IT, it also enables the systematic tracking of the state of IT services across the service life-cycle.
TABLE OF CONTENTS
1. What is IT4IT framework
2. The benefits of implementation of the IT4IT framework
3. IT4IT framework components
4. IT4IT Value Streams
5. IT4IT Reference Architecture
6. About Architecture Center Ltd
7. References
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
Architecting Next Generatio IT Operating Models Using IT4IT and SFIASukumar Daniel
A case study of a Transformation Initiative to move a Third Party from Traditional Mechanic Shop Mentality to a Customisation Studio Mentality by causing a paradigm Shift in Ways of Working
Itil 4 "management practices as sets of organizational resources designed for performing work or accomplishing an objective"
The mindmap includes links to posts where the practice is explained in more detail.
ITIL® is a registered trademark of AXELOS Limited.
https://www.axelos.com/
General management practices
Strategy management
Portfolio management
Architecture management
Service financial management
Workforce and talent management
Continual improvement
Measurement and reporting
Risk management
Information security management
Knowledge management
Organizational change management
Project management
Relationship management
Supplier management
Service management practices
Business analysis
Service catalogue management
Service design
Service level management
Availability management
Capacity and performance management
Service continuity management
Monitoring and event management
Service desk
Incident management
Service request management
Problem management
Release management
Change enablement
Service validation and testing
Service configuration management
IT asset management
Technical management practices
Deployment management
Infrastructure and platform management
Software development and management
ITIL 4 service value chain data flows (input and outputs)Rob Akershoek
High level overview of the Service value chain activities and information flows (input/outputs) based upon ITIL 4 from AXELOS (ITIL 4 Foundation).
Mapping of the ITIL value chain activities to the IT4IT value streams as defined by The Open Group IT4IT Standard.
Donna Knapp, ITSM Academy's Curriculum Development Manager / Author
ITSM Academy was so excited to introduce ITIL 4 in our January webinar. We can tell our 300+ audience members were excited as well by the number of questions we did get to answer. Join us in February for an extended Q&A session and the latest ITIL 4 news.
Global trends in IT
- Process management
- Frameworks with maturity and continual improvements
- Frameworks used in IT for governance, operation and solution
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarITSM Academy, Inc.
To successfully achieve IT Service Management (ITSM) best practices, organizations need to adopt multiple ITSM frameworks and standards.
This presentation describes when and how to integrate the most widely used ITSM frameworks and standards, such as ITIL®, COBIT, ISO/IEC 20000 and Microsoft Operations Framework (MOF).
An overview of The Open Group IT4IT Reference Architecture. It is a vendor and product-agnostic value chain-based operating model for managing the business of IT. While providing guidance on the design, procurement and implementation of the functionality needed to run IT, it also enables the systematic tracking of the state of IT services across the service life-cycle using four value streams - Strategy to Portfolio, Request to Fulfill, Requirement to Deploy, and Detect to Correct.
Download presentation from http://opengroup.co.za/presentations
Overview of the IT4IT tooling market in 2022.
Key trends in the IT4IT / DevOps tooling market are:
- Strategic portfolio management / portfolio backlog management (scaling agile on the enterprise level integrating with Enterprise architecture and Application / Product Portfolio Management)
- On-line collaboration & communication tools supporting team of team planning, problem solving, etc.
- Value stream management (an emerging tooling category) providing visibility across the end-to-end IT value streams
- Multi-cloud discovery & visibility on usage, costs and compliance
- Integrating DevOps tool chain (e.g. CICD pipeline) with the ITSM platform and CMDB
- Integrating security, risk and compliance management into the DevOps tool chain
- AIOps and observability management, consoliding metrics, logs, events mapped to a real-time service model
- Security operations, integrating security monitoring, vulnerability scanning, etc. into end-to-end detect to correct value streams
- Enterprise Service Management (ITSM vendors providing omni-channel services across IT, HR, Facilities, Finance, etc.)
- Leveraging AI/ML in various capabilities such test management, security operations, incident management, etc.
- Sustainability management integrated in IRM/GRC platforms
And last but not least:
- Service / Product portfolio management (managing the portfolio of service/applications, supporting product centric operating models, linked to business capabilities, product owners and teams)
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
An overview of The Open Group IT4IT Reference Architecture. It is a vendor and product-agnostic value chain-based operating model for managing the business of IT. While providing guidance on the design, procurement and implementation of the functionality needed to run IT, it also enables the systematic tracking of the state of IT services across the service life-cycle.
TABLE OF CONTENTS
1. What is IT4IT framework
2. The benefits of implementation of the IT4IT framework
3. IT4IT framework components
4. IT4IT Value Streams
5. IT4IT Reference Architecture
6. About Architecture Center Ltd
7. References
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
Architecting Next Generatio IT Operating Models Using IT4IT and SFIASukumar Daniel
A case study of a Transformation Initiative to move a Third Party from Traditional Mechanic Shop Mentality to a Customisation Studio Mentality by causing a paradigm Shift in Ways of Working
Itil 4 "management practices as sets of organizational resources designed for performing work or accomplishing an objective"
The mindmap includes links to posts where the practice is explained in more detail.
ITIL® is a registered trademark of AXELOS Limited.
https://www.axelos.com/
General management practices
Strategy management
Portfolio management
Architecture management
Service financial management
Workforce and talent management
Continual improvement
Measurement and reporting
Risk management
Information security management
Knowledge management
Organizational change management
Project management
Relationship management
Supplier management
Service management practices
Business analysis
Service catalogue management
Service design
Service level management
Availability management
Capacity and performance management
Service continuity management
Monitoring and event management
Service desk
Incident management
Service request management
Problem management
Release management
Change enablement
Service validation and testing
Service configuration management
IT asset management
Technical management practices
Deployment management
Infrastructure and platform management
Software development and management
ITIL 4 service value chain data flows (input and outputs)Rob Akershoek
High level overview of the Service value chain activities and information flows (input/outputs) based upon ITIL 4 from AXELOS (ITIL 4 Foundation).
Mapping of the ITIL value chain activities to the IT4IT value streams as defined by The Open Group IT4IT Standard.
Donna Knapp, ITSM Academy's Curriculum Development Manager / Author
ITSM Academy was so excited to introduce ITIL 4 in our January webinar. We can tell our 300+ audience members were excited as well by the number of questions we did get to answer. Join us in February for an extended Q&A session and the latest ITIL 4 news.
Global trends in IT
- Process management
- Frameworks with maturity and continual improvements
- Frameworks used in IT for governance, operation and solution
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. Section 1: The IT Space
IT Strategy
Data and
Operations Center
Application
Development
Service
Desk
IT-Enabled
Services
3
The Standards
Standard
Parent
Org.
Industry
Sponsor
Group
4
2
3. Gartner’s Review of Models
5
Application Management
Application Management
CMMI
Domain
Plan
Define
Application
Development
Design
Build
Service
Management
Deploy
Operate Support Optimize
Source: ITIL: Application Management (2002, p.7)
6
3
4. Section 2: COBIT
COBIT:
• Control OBjectives for Information and related Technology
• 3rd edition—July 2000
Sponsorship:
• Open standard of IT Governance Institute
• Published by ISACA – The Information Systems Audit and Control
Association & Foundation
• Certified Information Systems Auditor certification – 23,000+ auditors
Focus:
• IT Governance - How does executive management fulfill its
responsibilities with respect to IT?
• Audit of IT operations
7
Source: COBIT Management Guidelines (2000)
Approach to Using COBIT
Manage IT-related business risks:
• base use on business objectives in the COBIT Framework
• select IT processes and controls appropriate for the organization
from the COBIT Control Objectives
• operate from the organization business plan
• assess procedures and results with COBIT Audit Guidelines
• assess status of the organization, identify critical success factors,
measure performance with the COBIT Management Guidelines
To develop a sound set of processes:
• choose Control Objectives that fit the business objectives
• identify industry models that provide guidance for supporting
processes (CMMI, People CMM, ITIL, …)
8
4
5. COBIT Architecture
34 Information Technology control objectives:
• 11 planning and organization
• 6 acquisition and implementation
• 13 delivery and support
• 4 monitoring
318 detailed control objectives & audit guidelines:
• 3-30 detailed control objectives per process
Each IT process is supported by:
• 8-10 Critical Success Factors
• 5-7 Key Goal Indicators
• 6-8 Key Performance Indicators
9
Source: COBIT Management Guidelines (2000)
Evaluating COBIT Processes
Critical Success Factors:
• Management’s key issues to control and actions to take
• Focused on implementing and controlling the right processes
Key Goal Indicators:
• Indicators of whether an IT process has achieved its goals
• Focused on monitoring achievement of goals
Key Performance Indicators:
• Measures of how well an IT process is performing
• Focused on monitoring performance to predict goal achievement
10
Source: COBIT Management Guidelines (2000)
5
6. Architectural Comparison
COBIT
CMMI
Control objectives
Process Areas
Detailed control objectives
Practices
Critical success
factors
Key goal
indicators
Key performance
indicators
Practice level goals
Measures in Directing
Implementation
Measures in Directing
Implementation
Architectural comparison is suggestive of relationships, but the
mapping between these elements is not exact.
Font sizes indicate relative scope of the element between models.
11
COBIT’s Maturity Model
Level 5
Optimised
Processes refined to level of best practice
Automation integrates workflow
Level 4
Managed
Process compliance monitored & measured
Constant improvement, some automation
Level 3
Defined
Standard, documented procedures based on
existing practice with no process assurance
Level 2
Repeatable
Similar procedures followed by people
performing the same task, but no training
Level 1
Initial
Ad hoc processes developed case by case
Recognition of issues to be addressed
Level 0
Complete lack of recognizable processes
No recognition of issues to be addressed
Non-existent
Non12
Source: COBIT Management Guidelines (2000)
6
7. Prescriptive
Models that assign a specific
set of process areas to each
maturity level and require that
for an organization to be rated
at a specific level, all process
areas at that level and all
lower levels must be
implemented. Each process
area usually contains a
collection of practices for
implementing that process.
Models that provide a simple
scale for assigning a level of
maturity to a single process
based on a generalized
characterization of its
behavior or results without
requiring that any specific
attributes be implemented.
Processes are appraised
independently and can be
rated at different levels
Models that provide a simple
scale for appraising the
attributes of an organization
and assign it to a level of
maturity based on a
generalized characterization
of its behavior or results
without requiring that specific
processes be implemented
Single process
Level to Which Best
Practices Are Characterized
Models that assign a specific
set of process attributes to
each maturity level and
require that for a process to be
rated at a specific level, all the
attributes at that level and all
lower levels must be
implemented for that process.
Processes are appraised
independently and can be
rated at different levels
Descriptive
Maturity Model Types
Organizational
Focus of the Transformation
13
Prescriptive
Descriptive
Level to Which Best
Practices Are Characterized
Maturity Model Types
CMMI
Continuous
CMMI People
Staged CMM
COBIT
ITIL Maturity
Model
ITIL Org.
Growth
Single process
14
Crosby Quality
Maturity Grid
Organizational
Focus of the Transformation
7
8. COBIT Maturity Evaluations
Maturity comparisons for each IT process:
15
Company
status
Industry
status
Industry
guidelines
Op
tim
ise
d
Ma
na
ge
d
De
fi n
ed
tia
l
Ini
No
n-e
xis
t
AI7
Re
pe
ata
ble
Status of organization’s current process
Status of best in class industry process
Status of current industry standard guidelines
Strategic objective for organizational improvement
en
t
•
•
•
•
Company
objective
Source: COBIT Management Guidelines (2000)
COBIT-MM vs. CMMs
Not mapped to CMM’s view of maturity:
• Level 2 uses local procedures
• Level 3 compliance is not left to individuals
• Level 4 measurement focused on compliance not stability or
predictability
• Weak focus on continual improvement
• COBIT-MM is evolving and will include an assessment method
COBIT uses the continuous approach
• Process focus, not organizational focus
• No roadmap for implementation
Confuses process maturity and auditability
16
8
9. Planning & Organization—1
COBIT
Process Maturity Framework
PO1—Define a strategic IT
plan—align IT opportunities
with business requirements and
ensure accomplishment
Level 3 issue
PO2—Define the information
architecture—optimize the
organization and integration of
information systems
Level 3 issue
PO3—Determine technological
direction—exploit current and
emerging technology to achieve
business strategy
Level 3 issue
PO4—Define the IT organization
and relationships—deliver
the right IT services
CMMI—no clear referent
CMMI—no clear referent
CMMI—no clear referent
CMMI L3—OEI
Level 3 issue
Source: COBIT Management Guidelines (2000)
17
Planning & Organization—2
COBIT
Process Maturity Framework
PO5—Manage the IT
investment—ensure funding
and control of financial
resources
Level 3 issue
PO6—Communicate
management aims and
directions—ensure user
awareness of directions
Level 2 issue
PO7—Manage human
resources—sustain a
motivated, competent workforce
& ensure individual contributions
PO8—Ensure compliance with
external requirements—
meet legal, regulatory, and
contractual obligations
18
CMMI—no clear referent
CMMI GP2.1—Policy
People CMM
CMMI—OT
Level 3 issue
CMMI L2—REQM, PPQA
CMMI L3—RD, VAL
Source: COBIT Management Guidelines (2000)
9
10. Planning & Organization—3
COBIT
Process Maturity Framework
PO9—Assess risks—support
management decisions and
reduce threats
PO10—Manage projects—set
priorities and deliver on time and
within budget
CMMI L2—REQM, PP, PMC
CMMI L3—IPM, RSKM
PO11—Manage quality—meet IT
customer requirements
19
CMMI L2—PP
CMMI L3—RSKM
CMMI L2—REQM
CMMI L3—RD, TS, VER, VAL
Source: COBIT Management Guidelines (2000)
Acquisition & Implementation—1
COBIT
Process Maturity Framework
AI1—Identify automated
solutions—ensure effective,
efficient approach to satisfy user
requirements
AI2—Acquire and maintain
application software—
provide automated functions to
support business processes
CMMI L2—SAM
CMMI L3—RD, TS, VA, IPM, ISM
AI3—Acquire and maintain
technology infrastructure—
provide appropriate platforms to
support business applications
CMMI L2—CM
CMMI L3—RD, TS
AI4—Develop and maintain
procedures—ensure proper
use of applications and technical
solutions deployed
20
CMMI L2—REQM, SAM
CMMI L3—RD, TS, RM, DAR,
ISM
CMMI L3—RD, TS
Source: COBIT Management Guidelines (2000)
10
11. Acquisition & Implementation—2
COBIT
Process Maturity Framework
AI5—Install and accredit
systems—confirm that solution
is fit for intended purpose
AI6—Manage changes—minimize
disruption, unauthorized
changes, and errors
21
CMMI L3—VER, VAL
CMMI L2—REQM, CM
Source: COBIT Management Guidelines (2000)
Delivery and Support—1
COBIT
Process Maturity Framework
DS1—Define and manage
service levels—establish a
common understanding of the
level of service required
DS2—Manage third party
services—ensure that third
party responsibilities are defined
and met
CMMI L2—SAM
CMMI L3—ISM
DS3—Manage performance and
capacity—ensure that
adequate capacity is available
and used to best effect
CMMI L3—RD, TS
DS4—Ensure continuous
service—make IT services
available and minimize business
impact in case of disruption
22
CMMI L2—REQM, PP, PMC
CMMI L3—IPM
CMMI—no clear referent
Level 2&3 issue
Source: COBIT Management Guidelines (2000)
11
12. Delivery and Support—2
COBIT
Process Maturity Framework
DS5—Ensure system security—
safeguard information against
unauthorized use, disclosure,
modification, damage, or loss
Level 2&3 issue
DS6—Identify and allocate
costs—ensure awareness of
costs attributable to IT services
Level 3 issue
CMMI—no clear referent
CMMI—no clear referent
DS7—Educate and train users—
ensure users make effective use
of technology and are aware of
responsibilities
DS8—Assist and advise
customers—ensure problems
experienced by users are
resolved
23
People CMM
CMMI L3—OT
CMMI—no clear referent
Level 3 issue
Source: COBIT Management Guidelines (2000)
Delivery and Support—3
COBIT
DS9—Manage the
configuration—prevent
unauthorized alteration, verify
existence, provide change mgt.
DS10—Manage problems and
incidents—ensure problems
and incidents are resolved and
causes investigated
Process Maturity Framework
CMMI L2—CM
CMMI—no clear referent
Level 3 issue
DS11—Manage data—ensure data
remains complete, accurate, and
valid during input, update, and
storage
DS12—Manage facilities—provide
physical environment that
protects people and equipment
against hazards
24
CMMI L2—PP, PMC
People CMM—WE
Source: COBIT Management Guidelines (2000)
12
13. Delivery and Support—4
COBIT
DS13—Manage operations—
ensure IT support functions are
performed regularly in an orderly
fashion
25
Process Maturity Framework
CMMI—no clear referent
Level 3 issue
Source: COBIT Management Guidelines (2000)
Monitoring—1
COBIT
Process Maturity Framework
M1—Monitor the processes—
ensure achievement of
performance objectives set for IT
processes
M2—Assess internal control
adequacy—ensure
achievement of internal control
objectives for IT processes
CMMI L2—PMC
CMMI L3—IPM
M3—Obtain independent
assurance—increase
confidence and trust among IT,
customers, and suppliers
CMMI L2—PPQA
M4—Provide for an independent
audit—ensure proper use of
applications and technical
solutions deployed
26
CMMI L2—PMC
CMMI L2—PPQA
Source: COBIT Management Guidelines (2000)
13
14. CMMI-COBIT Coverage
COBIT
Planning and
Organization
Acquisition and
Implementation
CMMI
CMMI provides light support for achieving
organization-wide objectives, but better support
for objectives with greater project focus such as
requirements, risks, quality, and project mgt.
CMMI provides excellent coverage for achieving
acquisition and implementation objectives
Delivery and
Support
CMMI’s management processes can be translated
to support the management of service levels,
third parties, capacity, problems, and data;
however continuous operation and user support
services are not well covered in CMMI
Monitoring
CMMI provides for monitoring functions at the
project level, but does not involve audit controls
at the organizational level
27
CMMI-COBIT Summary
CMMI and COBIT have different objectives:
• COBIT focuses on governance of all IT functions
• CMMI focuses on improving application development processes
CMMI and COBIT are complementary:
• Use COBIT to appraise overall management of IT
• Use CMMI to appraise the maturity of application development
Use CMMI to guide the implementation of
control processes for:
• acquisition and implementation processes
• project management processes
• some delivery and support processes
28
14
16. ITIL Publication Framework
Planning to Implement Service Management
T
h
e
B
u
s
i
n
e
s
s
31
Service
Management
Service
Support
The
Business
Perspective
ICT
Infrastructure
Management
Service
Delivery
Security
Management
Application Management
T
h
e
T
e
c
h
n
o
l
o
g
y
Source: ITIL: Planning to Implement Service Management (2002, p.4)
ITIL Topic Areas—1
Service Delivery:
•
•
•
•
•
Service level management
Financial management for IT services
Capacity management
IT service continuity management
Availability management
Service Support:
32
•
•
•
•
•
•
Service desk
Incident management
Problem management
Change management
Release management
Configuration management
16
17. ITIL Topic Areas—2
ICT Infrastructure Management:
•
•
•
•
Design and planning
Deployment
Operations
Technical support
Applications Management:
•
•
•
•
•
Managing business value
Aligning delivery strategy with business drivers
Application management lifecycle
Organizing roles and functions
Control methods and techniques
33
ITIL Topic Areas—3
Planning to Implement Service Mgt
Security Management
Software Asset Management
The Business Perspective
34
17
18. ITIL-Related Models
HP ITSM Reference Model
IBM IT Process Model
ITIL
Microsoft MOF
Etc., etc., etc.
35
The ITIL Processes
ITIL Process
CMMI PA
Configuration Management
Configuration Management
Change Management
Configuration Management
Release Management
Configuration Management
Incident Management
Problem Management
Verification, Causal Analysis & Res.
Service Desk
Service Level Management
Capacity Management
Financial Mgt. for IT Services
Customer Relationship Management
ICT Infrastructure Management
Application Management
RM, TS, PI, VE, VA, ISM
Security Management
Environmental Infrastructure
36
Project Management
PP, PMC, SAM, ISM, SAM
Source: ITIL: Service Support (2002, p.11-16)
18
19. Application Mgt. Lifecycle
Application development
Requirements
Requirements
CMMI
domain
Optimize
Optimize
Operate
Operate
Design
Design
Build
Build
Deploy
Deploy
Service management
37
Source: ITIL: Application Management (2002, p.7)
ITIL-AM: Requirements
ITIL Application Management
CMMI
Functional requirements
RM-Manage requirements:
• Obtain understanding of requirements
Non-functional requirements
• Obtain commitment to requirements
Usability requirements
• Manage requirements changes
Change cases
• Maintain bi-directional traceability
• Identify inconsistencies between project work and
Testing requirements
requirements
Requirements management checklist
RD-Develop customer requirements
Organization of the requirements team • Elicit needs
• Develop the customer requirements
RD-Develop product requirements
• Establish product & product-component reqts.
• Allocate product-component reqts.
• Identify interface requirements
RD-Analyze and validate requirements
• Establish operational concepts & scenarios
• Establish definition of required functionality
• Analyze requirements
• Analyze requirements to achieve balance
• Validate reqts with comprehensive models
38
Source: ITIL: Application Management (2002), CMMI (2003)
19
20. ITIL-AM: Design
ITIL Application Management
Design for non-functional
requirements/manageability
Risk-driven scheduling
Managing tradeoffs
Application-independent design
guidelines and application
frameworks
Design management checklist
Problems with design guidelines
Testing the requirements
Organization of the design team
CMMI
TS-Select product component
solutions
•Develop detailed alternatives and selection
criteria
•Evolve operational concepts & scenarios
•Select product component solutions
TS-Develop the design
•Design the product or product component
solution
•Establish a technical data package
•Design interfaces using criteria
•Perform make, buy, or reuse analyses
TS-Implement the product design
•Implement the design
•Develop product support documentation
39
Source: ITIL: Application Management (2002) ), CMMI (2003)
ITIL-AM: Build—1
ITIL Application Management
Consistent coding conventions
Application-independent building
guidelines
Operability testing
Build management checklist
Organization of the build team
CMMI
PI-Prepare for product integration
•Determine integration sequence
•Establish the integration environment
•Establish integration procedures and criteria
PI-Ensure interface compatibility
•Review interface description for
completeness
•Manage interfaces
PI-Assemble product deliver product
•confirm readiness for integration
•Assemble product components
•Evaluate assembled components
•Package and deliver the product or
component
40
Source: ITIL: Application Management (2002) ), CMMI (2003)
20
21. ITIL-AM: Build—2
ITIL Application Management
Consistent coding conventions
Application-independent building
guidelines
Operability testing
Build management checklist
Organization of the build team
CMMI
VE-Prepare for verification
•Select work products for verification
•Establish the verification environment
•Establish verification procedures and criteria
VE-Perform peer reviews
•Prepare for peer reviews
•Conduct peer reviews
•Analyze peer review data
VE-Analyze selected work products
•Perform verification
•Analyze verification results and identify
corrective action
41
Source: ITIL: Application Management (2002) ), CMMI (2003)
ITIL-AM: Deploy
ITIL Application Management
CMMI
Planning the deployment
Approving the deployment
Distributing applications
Pilot deployments
Deployment management checklists
Organization of the deployment team
42
Source: ITIL: Application Management (2002)
21
22. ITIL-AM: Operate
ITIL Application Management
CMMI
Day-to-day maintenance activities to
maintain service levels
Application state
Benefits of an application
Operations management checklist
Organization of the operations team
43
Source: ITIL: Application Management (2002)
ITIL-AM: Optimize
ITIL Application Management
CMMI
Application review process
Optimization management checklist
Organization of the optimization team
44
Source: ITIL: Application Management (2002)
22
23. Service Delivery Processes
Availability
Management
Service Level
Management
Requirements
Targets,
Achievements
Capacity
Management
Financial
Management
Alerts &
exceptions,
Changes
45
Continuity
Management
Source: ITIL: Planning to Implement Service Management (2002, p.7)
ITIL-SD: Service Level Mgt.
ITIL Service Delivery
Planning service delivery
CMMI
PP
Service catalogue
Service level requirements
Service level agreement
PP SG 3
Operational level agreements
PP SG 3
Monitor and report service delivery
PMC
Service improvement program
46
REQM, RD
OPF, OID
Source: ITIL: Service Delivery (2001)
23
24. ITIL-SD: Financial Mgt.
ITIL Service Delivery
CMMI
Budgeting
IT accounting system
IT charging system
Planning IT financial mgt
Implementing IT financial mgt
Financial operation and reporting
Managing variances
47
Source: ITIL: Service Delivery (2001)
ITIL-SD: Capacity Mgt.
ITIL Service Delivery
CMMI
Business capacity management
Service capacity management
Resource capacity management
Monitoring
PMC SG1
Analysis
OPP
Tuning
OPP, OID
Implementation
Demand management
Modeling
QPM
Application sizing
Capacity planning
48
Source: ITIL: Service Delivery (2001)
24
25. ITIL-SD: Continuity Mgt.—1
ITIL Service Delivery
CMMI
Initiate business continuity mgt.
Business impact analysis
Risk assessment
RSKM
Business continuity strategy
Org. and implementation planning
PP
Implement standby arrangements
Develop recovery plans
Implement risk reduction measures
RSKM
Develop procedures
OPD, TS
Initial testing
49
PP
VER
Source: ITIL: Service Delivery (2001)
ITIL-SD: Continuity Mgt.—2
ITIL Service Delivery
CMMI
Education and awareness
OT
Review and audit
VER, PPQA
Tuning
Change management
Training
OT
Assurance
50
CM
VAL, PPQA
Source: ITIL: Service Delivery (2001)
25
26. ITIL-SD: Availability Mgt.
ITIL Service Delivery
CMMI
Availability requirements
Failure impact analysis
CAR
Availability targets
REQM
Availability measures and reporting
MA
Monitoring and trend analysis
PMC SG1
Availability problem detection
PMC SG2
Availability problem prevention
PMC SG2
Availability planning
51
REQM, RD
PP
Source: ITIL: Service Delivery (2001)
Service Support Processes
Incident
Management
Incidents
Problem
Management
Changes
Releases
Change
Management
Release
Management
Configuration
Management
Repository
52
Configuration
Management
Source: ITIL: Planning to Implement Service Management (2002, p.6)
26
27. ITIL-SS: Incident Mgt.
ITIL Service Support
CMMI
Incident detection and recording
Classification and initial support
Investigation and diagnosis
Resolution and recovery
Incident closure
Ownership, monitoring, tracking, and
communication
53
Source: ITIL: Service Support (2000)
ITIL-SS: Problem Mgt.
ITIL Service Support
CMMI
Problem identification and recording
Problem classification
CAR SP1.1
Problem investigation and diagnosis
VER SP3.2, CAR SP1.2
Error identification and recording
VER SP3.2
Error assessment
VER SP3.2
Error resolution recording
VER SP3.2
Error closure
VER SP3.2
Problem/error resolution recording
54
Source: ITIL: Service Support (2000)
27
28. ITIL-SS: Configuration Mgt.
ITIL Service Support
CMMI
Configuration management planning
CM GP2.2
Configuration identification
CM SP1.1
Control of configuration items
CM SP1.2, SP2.2
Configuration status accounting
CM SP3.1
Configuration verification and audit
CM SP3.2
CMDB backups, archives, and
housekeeping
CM SP1.2
Configuration management service
55
Source: ITIL: Service Support (2000)
ITIL-SS: Change Mgt.—1
ITIL Service Support
CMMI
Planning the implementing of
operational processes
Change logging and filtering
CM SP2.1
Allocation of priorities
CM SP2.1
Change categorization
CM SP2.1
Change Advisory Board meetings
CM SP2.2
Impact and resource assessment
CM SP2.1
Change approval
CM SP2.2
Change scheduling
CM SP2.2
Change building, testing, and
implementation
56
CM GP2.2
CM SP2.2
Source: ITIL: Service Support (2000)
28
29. ITIL-SS: Change Mgt.—2
ITIL Service Support
CMMI
Urgent change scheduling
Urgent change building, testing, and
implementation
CM SP2.2
Change review
CM SP2.2
Reviewing the change management
process for efficiency & effectiveness
CM GP2.8, GP2.9, P2.10
Roles and responsibilities
57
CM SP2.2
CM GP2.4
Source: ITIL: Service Support (2000)
ITIL-SS: Release Mgt.
ITIL Service Support
Release planning
CMMI
CM GP2.2
Designing, building, and configuring a CM SP1.3
release
Release acceptance
VE SP3.1
Rollout planning
CM GP2.2
Communication, preparation, and
training
Distribution and installation
58
Source: ITIL: Service Support (2000)
29
30. ICT Infrastructure Mgt.
Design and planning
Deployment
Operation
Technical support
59
Source: ITIL: ICT Infrastructure Management (2002, p.9)
ITIL-ICT: Design & Planning
ITIL ICT Infrastructure Mgt.
CMMI
Strategic management
Review current position
Define desired state
Design and implement a plan
Review progress of the plan
Source: ITIL: ICT Infrastructure Management (2002)
60
30
32. ITIL-ICT: Technical Support
ITIL ICT Infrastructure Mgt.
CMMI
Research and development
Supplier management
Document management
63
SAM, ISM
PP SG 2
Source: ITIL: ICT Infrastructure Management (2002)
BS 15000 Processes
Service Delivery Processes
Capacity Management
Service Level
Management
Service Continuity
and Availability
Management
Service Reporting
Control Processes
Information
Security
Management
Budgeting and
Accounting for
IT Services
Configuration Management
Release
Process
Release Management
Change Management
Resolution
Processes
Relationship
Processes
Incident Management
Problem Management
64
Business
Relationship
Management
Supplier Management
Source: BS 15000-2: Service Management (2003)
32
33. Maturity of IT Organizations
Organization Growth Model
Influence on the business
high
Value chain
Business focus
Stage 5
Stage 4
Customer focus Stage 3
Product/Service Stage 2
Technology
Stage 1
low
65
Source: ITIL: Planning to Implement Service Management (2002, p.27)
ITIL’s Maturity Model
Level
Characterization
1
Little process management activity.
Loosely defined processes and procedures, totally
reactive, irregular unplanned activities
2
Process activities are uncoordinated, without
direction, focused on process effectiveness.
Defined processes and procedures, largely reactive
3
Documented process with process owner, but no
formal recognition of its role in IT.
Clearly defined and occasionally proactive
4
Process fully accepted in IT, with targets based on
business goals. Proactive and integrated with
other IT service management processes
5
Process has strategic objectives that are
institutionalized, self-contained improvements
creating a pre-emptive capability.
Initial
Repeatable
Defined
Managed
Optimized
66
Source: ITIL: Planning to Implement Service Management (2002, p.187-190)
33
34. IT-Business Alignment
Business objectives should
be reflected in all levels of IT.
Key Business
Drivers
Business
Function
SLAs
Service Level
Requirements
IT Service
OLAs
Operational Level
Requirements
IT System
Process
Requirements
Strategic
Alignment
Objectives
Model
(SOAM)
67
IT Processes
Skill
Requirements
IT People
Technology
Requirements
Technology
Application
Characteristics
Applications
Data
Characteristics
Data
Infrastructure
Characteristics
Infrastructure
Source: ITIL: Application Management (2002, p.14)
Rethinking Issues by Level
Project level configuration management issues in
CMMI space may become organizational issues in IT
CM
CMMI
Content
System components,
documentation, tools,
environment, etc.
Service components
Control
Under local control
Not under local control
Level
Level 2 - project
Level 2 – local unit
Level 3 – service-wide
New
issue
(project)
IT
(system components,
service processes, forms,
training, etc.)
(different functional units)
Transaction integrity
68
34
35. Using ITIL and CMMI
ITIL and CMMI best apply to different parts of
the IT organization:
• Use CMMI in application development
• Use CMMI in ICT Infrastructure projects
• Use ITIL in IT operations and services
The problem—service level application
activities:
• Option 1—treat each modification/enhancement as a project—
CMMI (may require translation)
• Option 2—treat the service level agreement as a project—CMMI
(requires translation)
• Option 3—treat the service level agreement as a service—ITIL
69
Summary
CMMI, COBIT, and ITIL (BS 15000) provide
complementary models for different IT
functions:
• Use CMMI and ITIL to implement practices that support COBIT
control objectives
• Apply CMMI or ITIL to appropriate parts of the IT organization
• Select appraisal/certification methods based on appropriateness
of fit to the IT processes to be assessed
Draw from all standards when designing and
implementing processes to ensure a more
complete and robust implementation
70
35
36. Relevant Websites
www.itgi.org
www.isaca.org
IT Governance Institute
Information Systems Audit and Control Assoc.
www.itil.co.uk
www.itsmf.com
UK Office of Government Commerce
IT Service Management Forum
www.sei.cmu.edu Software Engineering Institute
National Defense Industrial Assoc.
www.ndia.org
71
Dr. Bill Curtis
Bill Curtis is the Chief Process Officer of Borland Software Corp. Prior to its
acquisition by Borland, he was the Co-founder and Chief Scientist of
TeraQuest in Austin, Texas. He is a former Director of the Software
Process Program in the Software Engineering Institute at Carnegie Mellon
University. He is a co-author of the Capability Maturity Model for Software,
and is the principal architect of the People CMM. Prior to joining the SEI,
Dr. Curtis directed research on advanced user interface technologies and
the software design process at MCC, developed a global software
productivity and quality measurement system at ITT’s Programming
Technology Center, evaluated software development methods in GE Space
Division, and taught statistics at the University of Washington.
P.O. Box 126079
9108 Benview Court
Fort Worth, Texas 76126-0079
1-817-228-2994
curtis@borland.com
72
36