This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Jump to navigation

IT Management Frameworks

There are many different frameworks that can be used for managing the delivery of cost-effective IT services. Many frameworks only cover a specific aspect of IT (such as information security, service management, quality etc.).

On this page we will look at all the major frameworks, what they cover, how they interlink, and provide guidance and products on how to implement them.

For more information on any consultancy, training or books relating to these frameworks, please contact a member of our team on 0845 070 1750.

What's on this page?

Calder-Moir IT Framework

The only super-framework that pulls all the existing frameworks together in a way that enables an organisation to maximise its benefit from them is the Calder-Moir IT Governance Framework.

Deploying the best practice guidance as set out in the IT governance Standard ISO38500, the Calder-Moir Framework identifies six business areas that can each contain separate frameworks to make up an overall IT governance framework:

  • Business strategy
  • Risk, conformance and compliance
  • IT strategy
  • Change
  • Information technology
  • Operations

Learn more and how to implement an overarching governance framework with the Calder-Moir Framework Toolkit.

TickITplus™ – Software Quality Management

At its heart, TickITplus™ covers software development, maintenance and service. It is essentially a software industry implementation of ISO9001, the Standard which details the requirements for a QMS (Quality Management System).

The aim of TickIT is to improve software quality and establish more efficient internal processes, reducing the likelihood of cost overruns and product failure.

TickIT provides a route for organisations to have their quality management system certified to the ISO9001 Standard by a third party. There are currently two certification bodies for TickIT: UKAS and SWEDAC. Detailed advice and guidance on the scope and implementation of TickIT can be found in the TickIT Guide.

The scheme is currently managed by the Joint TickIT Industry Steering Committee (JTISC), a group comprising representatives from several different organisations including certification bodies and The British Computer Society, Intellect and BSI.

Learn more on our dedicated TickITplus page.

ISO 27001 – Information Security Management Systems

ISO 27001 is the International Standard which details the requirements for establishing and maintaining an Information Security Management System (ISMS), an organised approach for managing an organisation’s information security which encompasses people, processes and IT systems (hardware and software).

ISO 27001 should be used in conjunction with ISO27002, which provides an implementation route for its controls.

Learn more on our dedicated ISO27001 page.

ISO/IEC 20000 – ITSM Standard

ISO20000 is the International Standard which sets out a specification for best practice process implementation for IT Service Management. It also covers the maintenance of the processes and the route to ensure their relevance and improvement.

ISO20000 enables an organisation to deliver effective IT services to meet business and customer requirements. The standard itself has two main parts:

ISO20000 can be implemented by any type or size of organisation. However, small organisations may find implementation more complex, so other frameworks maybe more appropriate in those circumstances.

Organisations looking to certify to ISO20000 will want to establish their level of compliance to the standard prior to undertaking a formal certification. The IT Service Management Self-assessment Workbook allows the organisation to assess its compliance to the Standard and then implement policies for process improvement before undertaking formal certification.

Learn more on our designated ISO20000 page.

IT Service CMM – IT Service Capability Maturity Model

The IT Service Capability Maturity Model (CMM) is a five-level scale which allows organisations to measure and improve their IT service delivery capabilities. Each of the levels detail certain best practice process areas that have to be in place before the organisation resides on that level.

As an organisation implements these best practice processes the organisation moves up to the appropriate level on the IT Service CMM, improving service delivery through the use of better processes.

No organisations currently run formal accreditation schemes against the IT Service CMM, but there are third-party companies which will visit an organisation and perform a process assessment to judge the maturity of the organisation’s processes.

There are various different methodologies you can use to undertake a process assessment. Due to the similarities between the Software CMMI (created by Carnegie Mellon University) and the IT Service CMM, the same methods can be used to perform a process assessment for both.

For more information see the Software Capability Maturity Model web page.

Six Sigma – Quality and Process Improvement

Six Sigma is an effective and adaptable measurement-based improvement methodology which can be used for delivering quality IT services. The main aim of Six Sigma is to reduce variation in processes by offering a structure by which organisations can constantly improve routine IT processes and eliminate defects, waste and cost, thereby increasing service quality and customer satisfaction.

Six Sigma can be used in conjunction with the ITIL® (Information Technology Infrastructure Library) framework.

There is no formal certification for an organisation against the Six Sigma framework. However, one of the main parts of Six Sigma implementation is the need to train certain individuals to a high degree of familiarity with the methodology itself so that they can work on the implementation/project team.

Various levels of qualification are available for these individuals to demonstrate their level of competence in Six Sigma. Black Belt, for example, certifies the individual is a highly experienced Six Sigma practitioner; Green Belt demonstrates that an individual has trained in Six Sigma and is qualified to work on the implementation/project team under the direction of a Six Sigma Black Belt.

Formal training and certification in these qualifications are available from Motorola Solutions, the creators of Six Sigma methodology. Study guides and text books are available for both exams:

eSCM-SP v2: eSourcing Capability Model for Service Providers, Version 2

The eSourcing Capability Model was developed by the IT Services Qualification Center (ITSqc) at Carnegie Mellon University and a group of independent organisations. It aims to provide a best practice framework that IT service providers (usually outsourced) can use to develop and improve their ability to deliver high quality IT services while minimising costs and risks to their clients.

The model itself has five levels, each of which indicates the quality level of the provider’s IT services. Organisations can attain formal certification against the model itself. For a free copy of the model, associated publications and more information, please see the ITSqc website.

IT Balanced Scorecard

The IT Balanced Scorecard is a metrics-based mechanism that can be used to enable better IT performance and facilitate the alignment of IT with overall business goals. The Balanced Scorecard (BSC) mechanism itself was originally developed on an enterprise-wide level by Robert Kaplan and David Norton.

When implementing the IT Balanced Scorecard there are many issues to consider. Jessica Keyes lays the groundwork for implementing the scorecard approach and successfully integrating it with corporate strategy in her comprehensive book Implementing the IT Balanced Scorecard: Aligning IT with Corporate Strategy.

AS 8015-2005

AS 8015 – 2005 is an Australian standard for IT governance. This Standard provides guiding principles that senior management such as directors, business owners and senior executives can use for the effective and acceptable use of IT and communications technology within their organisation.

The standard itself can be implemented within any type or size of organisation, whether it is a small company, large government department or a charity. AS 8015-2005 provides principles, a model and vocabulary that mesh together to form an effective framework for the effective governance of IT.

Formal certification against the standard is not currently available.

COBIT® – Control Objectives for Information and related Technology

COBIT® (Control Objectives for Information and related Technology) is a best practice framework that lays out a set of generally accepted measures, indicators, and processes to assist managers, auditors, and IT users in maximising the benefits derived through the use of information technology and in developing appropriate IT governance and control within an organisation.

COBIT 5 was published in early 2012, superseding COBIT 4. It incorporates the governance activities of ISO38500 (Corporate Governance of IT), including activities of the complementary ISACA® frameworks Val IT, Risk IT, BMIS and ITAF as well as other areas of IT governance. Learn more on our designated COBIT 5 page, where you can find information about official manual and training courses.

M_o_R® – Management of Risk

M_o_R® (Management of Risk) was originally developed by the UK Office of Government Commerce (OGC) as a methodology to deal with the effective control of risk. It is used in both public and private sectors internationally.

M_o_R can be used by any type or size of organisation to identify, manage, reduce and eliminate risk. An in-depth resource for organisations looking to use M_o_R has been provided by the Cabinet Office in the form of the official M_o_R manual – Management of Risk: Guidance for Practitioners – 2007 Edition, which should be used as the official source of best practice information relating to the management of risk.

The 2007 version of the M_o_R methodology improved on such areas as:

  • corporate governance and internal control;
  • M_o_R process, which was updated and expanded to reflect current thinking; and
  • M_o_R Principles, which was expanded to reflect the requirements of corporate governance and internal control.

It also features an updated glossary which reflects a common language used across M_o_R®, PRINCE2® and MSP® and is aligned with BSI's emerging risk standards.

You can purchase a copy of the new M_o_R manual – Management of Risk: Guidance for Practitioners – 2007 Edition here.

There are two levels of official qualification available for practitioners: the Foundation and Practitioner. Training courses in M_o_R, including the exams, are available from Accredited Training Providers (ATOs), training organisations approved by the APM Group, the official accreditor of the exams on behalf of the Cabinet Office.

The M_o_R & Risk Management Starter Kit contains all the essential books for preparing for the M_o_R exams:

  • Management of Risk Guidance for Practitioners – 2007 Edition
  • Risk Management Based on M_o_R – A Management Guide
  • Enterprise Risk Assessment & Business Impact Analysis Best Practices
  • M_o_R Pocketbook

Generic Framework for Information Management

The Generic Framework for Information Management is an information management model which can be applied by any organisation to better align IT with organisational strategy. It is predominantly used in the Netherlands by consultants, but has also been used by large organisations.

The main function of the Generic Framework for Information Management is for the high-level analysis of organisational and responsibility issues. It provides a map for the entire information management domain to be used for the positioning of information management issues, assigning responsibility, and as a diagnostic tool.

BiSL – Business Information Services Library

The Business Information Services Library (BiSL) is a public-domain framework for the effective control of an organisation’s information systems. The current owner of the BiSL copyright is the ASL Foundation, but it was originally developed by PinkRoccade (now part of Getronics).

BiSL consists of a framework of processes, a library of best practices, and publications available from ASL Foundation website. BiSL is primarily used in the Netherlands and provides guidance in the areas of operational IT control, information systems in the organisations processes and information management.

The main aim of BiSL is to provide a tool which can be utilised to improve the performance of IT and of information system management departments and aid with the improvement of internal business processes.

For more information on BiSL see the ASL Foundation website.

ISPL – the Information Services Procurement Library

The Information Service Procurement Library is a European best practice method for tendering and delivering IT projects and services. It is used by both customer and supplier organisations, and in both the public and private sectors.

ISPL helps establish a professional relationship between the customer and supplier organisations. It sets out clear best practice outsourcing strategy that can be tailored and scaled as required, and aids with the preparation of key documents for the outsourcing tendering process (such as the request for proposal). It also it aids in the construction of project contracts and delivery plans, and covers monitoring of the project during the delivery phase.

Qualifications are available for individuals in ISPL. For further information on these qualifications and ISPL itself, see the ISPL website.

ITIL – The IT Infrastructure Library

ITIL is a best practice framework for the effective delivery of IT as a service. ITIL has now become the de facto standard for IT Service Management worldwide. ITIL is centred on the five core publications of the ITIL Lifecycle suite, each of which addresses a specific area of IT Service Management:

ITIL has a series of qualifications available to ITSM professionals, and is also very useful to organisations looking to achieve ISO20000 certification. Learn more about ITIL and ITIL qualifications on our designated ITIL page.

eTOM – Enhanced Telecom Operations Map

Enhanced Telecom Operations Map (eTOM) is not specifically an IT management framework, but is in fact the most widely accepted and used business process standard in the telecoms sector worldwide. eTOM describes a full range of business processes required by a service provider, and defines the key mechanisms and how they interact.

Due to the major overlap of the IT and telecommunications sectors, eTOM, ITIL, COBIT and other frameworks and standards are being used more and more in conjunction with each other. (For instance eTOM can be used to support the planning and organisation phase of the COBIT IT control cycle.)

For more information on eTOM see the TM Forum website.

ASL – Application Services Library

The Application Services Library (ASL) is a public domain, mainly European, framework for the management, enhancement and renewal of business applications. ASL does not focus on supporting the application itself, but focuses on supporting business processes using information systems (for example managing and maintaining the application (software), databases, documentation, availability, programming, system development, design and impact analysis).

Accreditation against the ASL framework is available on an individual and organisation wide basis. For more on these certifications and other information on ASL see the ASL Foundation website.

MSP – Managing Successful Programmes

Managing Successful Programmes (MSP) is a methodology used predominantly by organisations in the UK and Europe. The aim of MSP is to provide organisations with an effective tool to manage programmes in order to achieve a goal at a strategic level so that the organisation can achieve benefits and improvements in its business. It is often used for IT programmes.

Programme Management should not be confused with Project Management. Programme Management is an organised and systematic approach to setting up and managing a programme. Programmes are made up of multiple projects identified by an organisation that together will deliver some defined objective or goal for the organisation. A programme can only succeed if the projects within it succeed.

The latest version of MSP was released in 2007, and has been updated to reflect the latest changes and developments in best practice. It also has a simplified structure and a new layout highlighting the methodology's key themes.

MSP provides organisations with a set of best-practice principles and processes for use when managing a programme. These are outlined by the Cabinet Office, the authors of the MSP methodology in the MSP Manual.

No organisation-wide accreditation is available for organisations using the MSP method. However, organisations can now have the level of their Programme Management methods and processes assessed by external consultants against one of several external maturity models. This allows organisations to benchmark their method and processes against a set of proven best-practices and determine a route to improvement.

More information on these maturity models can be found on the APM Group website.

MSP qualifications (Foundation, Intermediate and Practitioner) are available on an individual basis. Individuals studying for these qualifications can either attend a classroom based training course or use a distance learning package accredited by the APM Group.

PRINCE2 – Projects in Controlled Environments

Projects in Controlled Environments (PRINCE2) is a structured method for managing all types of project in any size or type of organisation. PRINCE2 covers the management, control, organisation and delivery of a project.

PRINCE2 is often used for the management of projects within an MSP framework. It is the de facto Project Management standard in the UK, and has also been widely adopted in countries all over the world.

An in-depth description of the PRINCE2 project management method is provided in the PRINCE2 Manual – Managing Successful Projects with PRINCE2, which has been designed to be a role-specific handbook for project managers, team managers and project support.

The two levels of examination (accredited by the APM Group) available on an individual basis in the PRINCE2 Method are Foundation and Practitioner. The Cabinet Office, the creator of PRINCE2, provides essential advice and guidance on both exams in Passing the PRINCE2 Exams. This book has been updated to reflect the latest changes in PRINCE2 and provides multiple choice questions and specimen answers to typical project management situations.

PRINCE2 Practitioners have to re-register every three to five years by sitting and passing a Practitioner-level re-registration examination. Passing the PRINCE2 Exams will also be of aid to individuals studying for this exam.

Find out everything you need to know on PRINCE2 on our designated page.

PMBOK – Project Management Body of Knowledge

The Project Management Body of Knowledge (PMBOK) is a Project Management standard developed by the Project Management Institute (PMI) institute in the United States. PMBOK consists of processes and knowledge areas that are generally accepted as best practice in the Project Management field.

PMBOK can be applied to any type or size of project, whether in the public, private or not-for-profit sectors. The PMBOK standard has also been adopted internationally by the IEEE as IEEE 1490-2003.

The Project Management Institute’s PMBOK Guide, 5th Edition is an essential reference for every Project Management practitioner's library.

Find out everything you need about PMBOK on our designated information page.

OPM3 – Organisational Project Management Maturity Model

The Organisational Project Management Maturity Model (OPM3) was first published by the Project Management Institute (PMI) in the United States in 2003, and provides a route by which organisations of any type or size can advance their strategic goals through the application of Project Management principles and practices.

The OPM3 is made up of three key interlocking elements: the knowledge element, the assessment element, and the improvement element.

  • The knowledge element (found in the OPM3 Knowledge Foundation book and online on the OPM3 website) allows organisations to discover best practices, and shows them how to use the information contained in OPM3.
  • The assessment element allows organisations to evaluate their current level of maturity and establish areas in need of improvement by using an online database tool on the PMI website.
  • If the organisation takes the decision to undertake a path to higher maturity, then the improvement element will provide the organisation with the information needed to achieve their goal. This information is also delivered via the OPM3 website.

In short, OPM3 will help organisations align their organisational goals with the successful completion of projects and give them a better understanding of their organisational Project Management maturity.

OPM3 also provides valuable information to organisations to help them plan projects to improve their maturity while conserving resources.

For more information on OPM3, the PMI has provided an in-depth yet easily comprehensible overview of the framework in Organisational Project Management Maturity Model (OPM3) Overview. This book is essential reading for anyone considering using OPM3.

More information on OPM3 can be found on the PMI website.

BUY IT Governance books

IT Governance Today: a Practitioner's Handbook

Buy now

+44 (0) 845 070 1750
live chat support software