Cobit – Information criteria


In order to achieve the corporate objectives the information must reflect specific criteria which is described in COBIT as requirements for information specific to the individual company. Seven individual, partially overlapping information criteria for the broader security requirements from the quality and fiduciary aspects were defined as follows:

  • Effectiveness deals with the relevance and suitability of information for the business process as well as its appropriate provision in terms of time, accuracy, consistency and usability.
  • Efficiency deals with the supply of information through the optimum (most productive and most efficient) use of resources.
  • Confidentiality deals with the protection of sensitive information against unauthorized disclosure.
  • Integrity relates to the accuracy and completeness of information as well as its validity in accordance with corporate values and expectations.
  • Availability relates to the fact that information is available for the business process now and in the future. It also applies to the protection for necessary resources and their services.
  • Compliance deals with the adherence to laws, regulations and contractual agreements which the business process has to take into account, such as e.g. externally imposed criteria or internal guidelines.
  • Reliability relates to the appropriate nature of supplied information which is used by the management in order to steer the company and enable it to meet its obligations with regard to good faith and governance.
Corporate objectives and IT objectives

Whilst the information criteria represents a generic method for defining the information requirement, the generic corporate and IT objectives defined in COBIT provide a more specific basis for defining the corporate requirements and in order to develop metrics which enable the fulfillment of these objectives to be measured. Every company utilizes information technology to support business projects; these can be seen as corporate objectives for the IT.

If IT intends to deliver successful services in order to support the corporate strategy then clear responsibilities and standards should be set by the core business (the client) with regard to the requirements, as well as a clear understanding of the demand (WHAT and HOW) to be covered by the IT (the service provider).

These targets should in turn lead to clearly defined targets for the IT itself (IT objectives) which once again in turn define the IT resources and their services (corporate architecture for IT) which are required for successful performance of the tasks derived from the strategy. These objectives should all be expressed in a language which is understood by the client.

Once the aligned objectives have been defined they must be subject to monitoring in order to ensure that the actual service delivery meets the expectations. This is achieved through metrics derived from the objectives and recorded in the IT scorecard in a way that can be understood and followed by the customer and which in turn enables the service provider to focus on the internal targets.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s