Sounding the theme that compliance should be baked into everyday IT management processes, BMC Software Inc has just finished mapping its business service management (BSM) offerings to the IT Governance Institute’s COBiT framework.
The COBiT framework was created by the Information Systems Audit and Control Association (ISACA), in conjunction with its affiliate, the IT Governance Institute (ITGI) back in 1992, as an outgrowth of corporate audit activities. COBiT, and other frameworks such as ITIL, has gained new attention thanks to enactment of Sarbanes-Oxley and other laws.
BMC’s move is a bit different from those of its systems management rivals, in that most have focused on compliance with the ITIL (IT Infrastructure Libraries) framework, which covers IT service management and delivery.
For instance, virtually every vendor with a product managing some aspect of IT infrastructure has is will be adding a Configuration Management Database (CMDB), which is mandated by ITIL as the base of all change management processes. BMC, likes rivals, has already begun the process of molding its product set around ITIL.
But BMC’s current move echoes a recent effort by ISACA to map COBiT controls to ITIL, because IT governance and service management have obvious synergies. And its move echoes those of enterprise app vendors like Oracle, which last summer added COBiT controls to its Internal Controls Manager Product, which is part of E-Business suite.
COBiT itself is comprised of a series of nearly three dozen controls, such as Assess and Manage IT Risks, Manage Projects, Acquire and Maintain Application Software, and Define and Manage Service Levels that spell out what comprises IT governance.
And so, when BMC mapped what its BSM software does, it assumed that COBiT processes such as Ensure Regulatory Compliance were partially covered by its offering, while Ensure System Security, Identify and Allocate Costs, Manage Problems, Manage the Configuration and others were direct hits.