|
Standards and Regulations relevant for IT Operations and Auditing
There exist many standards and regulations which are relevant for operating IT systems. It is of essential importance to identify those standards and regulations which are relevant for an IT system in the very first project phase, as the requirements necessary to achieve compliance with those standards and regulations must be already addressed in the RFP (Request for Proposal) and in the requirements documents!
| Adding requirements to achieve compliance later will cause unexpected costs and project delay! |
There is one important thing valid for all:
DOCUMENTATION
Documentation HOW to do (instructions) and WHO (responsibility)
The application vendor's standard-handbook is not always sufficient!
Does it cover your interfaces ? Does it contain the "WHO" in your company?
Check our Template for an Operations Handbook!
Documented evidence THAT YOU DID execute tests, checks, ...
Application Controls and their Monitoring
Definitely NOT the job of UNIX-admin or DBA - read our opinion.
|
Dependencies and Correlatitions between Standards
External Documents
The following documents provided by other organizations not afiliated with us provide valuable mappings:
| CobiT | ITIL | SOX | ISO 17799 | ISO TR 13335 | TickIT |
NIST 800-14 | COSO | PCAOB | ISO 15408 |
|---|
| [1] Control Objectives for Sarbanes Oxley |
X | | X | | | | | X | X | |
| [2] Cobit Mapping |
X | X | X | X | X | X |
X | X | | X |
| [3] COBIT Mapping: Mapping of ISO/IEC 17799:2000 With COBIT | X | | |
X |
[4] ITIL-CobiT Mapping | X | X |
[5] ITIL-CobiT Mapping with Control Objectives | X | X |
| ID | Title | Publisher / Source |
|---|
| [1] | Control Objectives for Sarbanes Oxley
ISBN 1-893209-67-9 |
ITGI - IT Goverernance Institute http://www.itgi.org |
| [2] | Cobit Mapping - Overview of International IT Guidance
ISBN 1-893209-57-1 |
| [3] | COBIT Mapping: Mapping of ISO/IEC 17799:2000 With COBIT |
| [4] | ITIL-CobiT Mapping | Glenfis AG, http://www.itil.org
http://www.glenfis.ch/english/gf00-tools.html |
| [5] | ITIL-CobiT Mapping with Control Objectives |
Overview Standards and Regulations
Sarbanes Oxley Act
Templates to provided documentation and evidence
ITIL® - IT Infrastructure Library
ITIL is a trademark of the Office of Government Commerce
Although not an official standard, it is THE De-Facto Standard and without any discussion the worldwide most accepted collection of best practices for IT Service Delivery and IT Service Management.
ITIL is the "process view" of professional IT operations and addresses those topics which are asked for by auditors using CobiT's "Auditing View".
External Sources
The web links below link to content of other Organizations. Mercury Consulting Ltd. has no influence on that content.
asl - Application Service Library
ASL's goal is the professional development of application management
This is achieved by offering a framework within which the processes of application management are brought in relation to each other. The framework also serves as a steppingstone for categorising best practises that have been developed.
ASL is freely available to everyone. ASL is in the public domain. In other words, ASL is not owned by anyone and is freely available to everyone. However, in order to have a central point of contact, a foundation was set up: The ASL Foundation
http://www.aslfoundation.org/
BS15000
BS15000 is the worldwide first formal standard for IT Service Management. This standard is based on the international accepted best practise framework of ITIL. Whereas only individuals can acquire an ITIL-certification it is possible to certify an organization for BS15000.
British website: http://www.bs15000.org.uk/ | Swiss Website: http://www.bs15000.ch/
eTOM - enhanced Telecom Operations Map TM
is a business process model or framework that describes all the enterprise processes required for a service provider. The enhanced Telecom Operations Map is a registered trade mark of the TeleManagement Forum (www.tmforum.org).
CobiT® - Control Objectives for IT and related Technologies
The worldwide most popular Auditing Standard.
External Sources
CobiT® MAPPING - Overview of International IT Guidance
ITGI (IT Governance Institute) provides a very interesting document mapping the relationship of different standards.
Title: CobiT® MAPPING - Overview of International IT Guidance
Published by IT Governance Institute in 2004, www.itgi.org
ISBN 1-893209-57-1
This document evaluates following standards and compares them to CobiT:
- ITIL
- ISO/IEC 17799:2000
- ISO/IEC TR 13335
- TickIT
- NIST 800-14
- COSO
An excellent visualization of deepness and broadness of those standards shows Figure 6 on page 50:
X-Axis: narrow to broad
Y-Axis: flat to deep
As CobiT vs. ITIL is the most popular question on the web: This graphic shows:
Broadness: CobiT 85%, ITIL 55%
Deepness: CobiT 70%, ITIL 85%
The web links below link to content of other Organizations. Mercury Consulting Ltd. has no influence on that content.
Oracle® and CobiT®
We purchased following books at ISACA's bookstore and received prompt delivery.
| Title: | Oracle Database: Security, Audit and Control Features |
| ISBN: | 1-893209-58-X |
| Publisher: | IT Governance Institute, www.itgi.org and www.isaca.org |
|
| Title: | Security, Audit and Control Features Oracle Applications. A Technical and Risk Management Reference Guide |
| ISBN: | 1-893209-51-2 |
| Publisher: | IT Governance Institute, www.itgi.org and www.isaca.org |
COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute.
ISACA/ITGI does not endorse, approve or sponsor any activities identified on this web site, nor is ISACA/ITGI affiliated in any manner with this web site, the activites hereunder, or the ControlIT User Group.
Oracle is a registered trademark of Oracle Corp.
| 
