IT Management Frameworks
There are many different frameworks that can be used for managing the delivery of cost-effective IT services. However, some frameworks only cover specific aspects of IT, such as security, management of risk, procurement etc. There is no one-size fits all.
Calder-Moir IT Framework
The only super-framework that pulls all the existing frameworks together in a way that enables an organization to maximise its benefit from them is the Calder-Moir IT Governance Framework.
 |
Below we detail key aspects of most of the leading IT Management frameworks and provide links to key websites and products in the IT Governance online store which provide essential information and guidance. Order your own copy of Frameworks for IT Management: an Introduction online today. |
Please click on any of the names of the frameworks below for more information about that framework.
| TickIT | IT Service CMM | IT Balanced Scorecard |
| ISO 27001 | Six Sigma | AS 8015-2005 |
| ISO/IEC 20000 | eSCM-SP v2 | CobiT |
| M_o_R | GFIM | BiSL |
| ISPL | ITIL | ASL |
| MSP | PRINCE2 | PMBOK |
| eTOM | OPM3 |
TickIT – Software Quality Management
At its heart, TickIT covers software development, maintenance and service. It is essentially a software industry implementation of the ISO 9001 standard, the standard that details the requirements for a QMS (Quality Management System). The aim of TickIT is to improve software quality and establish more efficient internal processes, thus reducing the likelihood of cost overruns and product failure.
TickIT provides a route for organisation to have their quality management system certified to the ISO 9001 standard by a third party. There are currently two certification bodies for TickIT, they are UKAS and SWEDAC. Detailed advice and guidance on the scope and implementation of TickIT can be found in the TickIT Guide issue 5.5 (also available as a download).
The scheme is currently managed by the Joint TickIT Industry Steering Committee (JTISC). The committee is made up of representatives from several different organisations including The British Computer Society, Intellect, BSI, and certification bodies.
For more information on the scope and implementation of TickIT see the TickIT.org website.
ISO 27001 – Information Security Management Systems
ISO 27001 is an international standard that details the requirements for establishing and maintaining an information security management system (ISMS). An ISMS is an organised approach by which to manage an organisations information security. It encompasses people, processes & IT systems (hardware and software).
ISO 27001 should be used in conjunction with ISO 17799, which provides an implementation route for the controls found in the standard.
If you are looking to certify your organisation against the ISO 27001 standard then you will need fit-for-purpose tools and materials to aid with the implementation of an ISO 27001 compliant ISMS. The practical solution to this requirement for fit-for-purpose tools and materials is The No 2. Integrated toolkit. This contains vsRisk, an ISO 27001 compliant information security risk assessment tool, The Manager’s Guide to Data Security, 3rd Edition the de-facto industry guide on ISO 27001 compliance and a CD-ROM containing 400 of pages of essential templates, tools and procedures.
ISO/IEC 20000 – ITSM Standard
ISO 20000 is an international standard that sets out a specification for best practice process implementation for IT Service Management. It also covers the maintenance of the processes and the route to ensure their relevance and improvement. In short, it is a standard that enables an organisation to effectively deliver IT services to meet business and customer requirements.
The standard itself is broken down into two parts which are:
Part 1: Specification
Part 2: Code of Practice
Part 1 of the standard is the one which organisations must comply with to achieve ISO 20000 certification. Part 2 explains the requirements laid out in Part 1.
ISO 20000 can be implemented by any type or size of organisation. However, small organisations may find implementation more complex. Thus, other frameworks maybe more appropriate in those circumstances.
Organisations looking for to certify to ISO 20000 will want to establish their level of compliance to the standard prior to undertaking a formal certification. The IT Service Management Self-assessment Workbook allows the relevant person within the organisation to assess compliance to the standard and then implement policies for process improvement before undertaking formal certification.
BSI, the originators of ISO 20000 has compiled a range of books that aid organisations looking to achieve formal certification against the standard. The Achieving ISO 20000 range of books is written by the authors of the standard itself and is available from the IT Governance online store individually, or all in one package.
IT Service CMM – IT Service Capability Maturity Model
The IT Service Capability Maturity Model (CMM) is a five level scale which allows organisations to measure their capabilities in respect of IT service delivery. It also details a route for organisations to follow to improve their service capability.
Each of the levels of the IT Service CMM detail certain best practice process areas that have to be in place before the organisation resides on that level. So as an organisation implements these best practice processes the organisation moves up to the appropriate level on the IT Service CMM. Thus improving service delivery through the use of better processes.
There are not currently any organisations that are running formal accreditation schemes against the IT Service CMM, however there are third-party companies that will visit an organisation and perform a process assessment to judge the maturity of the organisations processes.
When undertaking a process assessment, there are various different methodologies that you can use. But due to the similarities between the Software CMMI, created by Carnegie Mellon University and the IT Service CMM the same methods can be used for doing a process assessment for the IT Service CMM as for the Software CMMI. Effective advice and guidance on conducting process assessments is provided in CMMI Assessments: Motivating Positive Change. The book is written by two of the leading experts on conducting process assessments.
Individuals wishing to obtain a concise introduction to the model will find IT Service CMM: a pocket guide of great value. It supplies a complete overview of the IT Service CMM, how it can be applied to improve your organisation, and sufficient knowledge to continue your study of the IT Service CMM with the model specification itself.
Six Sigma – Quality and Process Improvement
Six Sigma is an effective and adaptable measurement-based improvement methodology that can be used for delivering quality IT services. It offers a structure by which organisations can constantly improve routine IT processes, eliminating defects, waste and cost, thereby increasing service quality and customer satisfaction. The main aim of Six Sigma is to reduce variation in processes to achieve this.
Six Sigma can be used in conjunction with the ITIL (Information Technology Infrastructure Library) framework. They complement each other by the former being a measurement-based quality improvement methodology and ITIL being a best practice processed based methodology. An overview and an implementation route of how the two methodologies can be used together is provided in Six Sigma for IT Management.
There is no formal certification for an organisation against the Six Sigma framework. However one of the main parts of Six Sigma implementation is the need to train certain individuals to a high degree of familiarity to the methodology itself. So they can work on the implementation/project team.
Various levels of qualification are available for these individuals to demonstrate their level of competence in Six Sigma. One of these levels is Black Belt – this certifies the individual is a highly experienced Six Sigma practitioner. Another is Green Belt – which demonstrates an individual has trained in Six Sigma and is qualified to work on the implementation/project team under the direction of a Six Sigma Black Belt.
Formal training and certification in these qualifications are available from Motorola, the creators of Six Sigma methodology. Study guides and text books are available for both exams such as
- The McGraw-Hill 36 Hour Six Sigma Course,
- Six Sigma Demystified - A Self-Teaching Guide &
- Six Sigma For Green Belts And Champions.
All provide valuable information when studying for the Six Sigma exams.
eSCM-SP v2: eSourcing Capability Model for Service Providers, Version 2
The eSourcing Capability Model was developed by the IT Services Qualification Center (ITSqc) at Carnegie Mellon University and a group of independent organisations. The aim of model is to provide a best practice framework that IT service providers (usually outsourced) can use to develop and improve their ability to deliver high quality IT services, while minimising costs and risks to their clients, thus allowing them to demonstrate the quality of their services and provide a route for their clients to differentiate them from their competitors.
The model itself has 5 levels, each of which donates the level maturity (quality) of the provider’s IT services. Organisations can attain formal ceritifcation against the model itself.
For a free copy of the model, associated publications and more information please see the ITsqc website.
IT Balanced Scorecard
The IT Balanced Scorecard is a metrics based mechanism that can used to enable better IT performance and enable alignment between the overall business goals and IT. It provides managers with important performance metrics that drive success.
When implementing the IT Balanced Scorecard there are a lot of issues to consider, Jessica Keyes lays the groundwork for implementing the scorecard approach, and successfully integrating it with corporate strategy in her book, Implementing the IT Balanced Scorecard: Aligning IT with Corporate Strategy. The book provides a comprehensive "how-to" approach to implementing the Balanced Scorecard in an IT environment.
The Balanced Scorecard (BSC) mechanism itself was originally developed on an enterprise wide level by Robert Kaplan and David Norton. In their latest book, Alignment: How to Apply the Balanced Scorecard to Corporate Strategy, they show how today's companies can unlock unrealised value from enterprise synergies by applying the BSC. This book can aid with the alignment of IT with organisational strategy.
AS 8015-2005
AS 8015 – 2005 is an Australian standard for IT Governance. The standard provides guiding principles that senior management, such as directors, business owners, senior executives, can use for the effective, efficient, and acceptable use of IT and communications technology within their organisation.
The standard itself can be implemented within any type or size of organisation, whether it is a small company, large government department or a charity. AS 8015-2005 provides principles, a model and vocabulary, that mesh together to form an effective framework for the effective governance of IT.
Formal certification against the standard is not currently available.
An electronic version of AS 8015-2005 is available for purchase from the IT Governance online store.
CobiT - Control Objectives for Information and related Technology
CobiT (Control Objectives for Information and related Technology) is a best practice framework that lays out a set of generally accepted measures, indicators, and processes.
These assist managers, auditors, and IT users in maximising the benefits derived through the use of information technology and in developing appropriate IT governance and control within an organisation.
Following the Enron scandal and passage of the Sarbanes-Oxley Act many organisations are now using CobiT as a tool in their IT SOX compliance initiatives. Sarbanes-Oxley IT Compliance Using Open Source Tools, Second Edition is a toolkit for any organisation looking for a cost-effective means of achieving Sarbanes-Oxley IT compliance. This ground-breaking, fully integrated book and bootable “live” CD provide all the information and Open Source tools for organisations to use to achieve IT SOX compliance.
No formal certification against the COBIT framework for organisations or individuals is available.
Copies of the COBIT manual are available from the IT Governance online store for immediate purchase and dispatch.
M_o_R – Management of Risk
M_o_R (Management of Risk) is a methodology that deals with the effective control of risk. M_o_R was originally developed by the UK Office of Government Commerce (OGC). It is used in both public and private sectors internationally.
M_o_R can be used by any type or size of organisation to identify, manage, reduce and eliminate risk. An in-depth resource for organisations looking to use M_o_R has been provided by the OGC themselves in the form of the official M_o_R manual – Management of Risk: Guidance for Practitioners - 2007 Edition. It should be used as the official source of best practice information relating to the management of risk.
A major update to the M_o_R methodology has just been completed (March 2007). The new version of the M_o_R methodology has been strengthened in areas such as corporate governance and internal control, M_o_R process - updated and expanded to reflect current thinking, M_o_R Principles - expanded to reflect the requirements of corporate governance and internal control. It also features an update glossary reflecting a common language used across M_o_R, PRINCE2 and MSP and that is aligned with BSI's emerging risk standards. Purchase a copy of the new M_o_R manual – Management of Risk: Guidance for Practitioners - 2007 Edition for more info!
There are two levels of official qualification available for practitioners. These are the Foundation and Practitioner, these allow Risk Management practitioners to demonstrate their level of competence in the M_o_R methodology. Training courses in M_o_R (including the exams) are available from ATOs (Accredited Tratining Providers), which are approved training organisations by the APM Group, the official accreditor of the exams on behalf of the OGC.
Individuals looking for a good study guide to aid them with the preparation for M_o_R exams will find Risk Management Based on M_o_R – A Management Guide a very useful book. It sets out the M_o_R methodology in plain simple English, providing an easy read.
The M_o_R & Risk Management Starter Kit contains all the essential books for preparing for the M_o_R exams:
- Management of Risk Guidance for Practitioners - 2007 Edition
- Risk Management Based on M_o_R – A Management Guide
- Enterprise Risk Assessment & Business Impact Analysis Best Practices,
- M_o_R Pocketbook
Generic Framework for Information Management
The Generic Framework for Information Management is an information management model which can be applied by any organisation to better align IT with organisational strategy. It is predominantly used in the Netherlands by consultants, but also has been used by large organisations.
The main function of the Generic Framework for Information Management is for the high-level analysis of organisational and responsibility issues. It provides a map for the entire information management domain to be used for positioning of information management issues that are currently under discussion in the organisation, assigning responsibility and as a diagnostic tool.
For more information on the Generic Framework for Information Management see the PrimaVera Working Paper on creating the framework.
BiSL - Business Information Services Library
The Business Information Services Library (BiSL) is a public domain framework for the effective control of the organisations information systems. The current owner of the BiSL copyright is the ASL Foundation, however it was originally developed by PinkRoccade (now part of Getronics).
BiSL consists of a framework of processes, a library of best practices and publications that are available from ASL Foundation website. BiSL is primarily used in the Netherlands and provides guidance in the areas of operational IT control, information systems in the organisations processes and information management.
The main aim of BiSL is provide a tool which can be utilised to improve the performance of IT and of information system management departments and aid with the improvement of internal business processes.
More information on understanding and selecting the right standard / framework for your organisation and more details on BiSL can be found in Implementing Leading Standards for IT Management.
For more information on BiSL see the ASL Foundation website.
ISPL – the Information Services Procurement Library
The Information Service Procurement Library is a European best-practice method for tendering and delivering IT projects and services. It is used by both customer and supplier organisations, and in both the public and private sectors.
ISPL helps establish a professional relationship between the customer and supplier organisations. It sets out clear best practice outsourcing strategy that is tailorable / scaleable and aids with the preparation of key documents for the outsourcing tendering process such as the request for proposal. It also it aids in construction of the project contract and delivery plan and covers monitoring of the project during the delivery phase.
For organisation looking to gain more of an understanding of ISPL, or to use the methodology more productively, IT Services Procurement based on ISPL - a Pocket Guide provides an easy-to-read overview of the methodology. It also provides a handy reference for those who implement ISPL in their job.
Qualifications are available for individuals in ISPL. For further information on these qualifications and ISPL itself see the ISPL web page.
ITIL – The IT Infrastructure Library
ITIL (The IT Infrastructure Library) is a best practice framework for the effective delivery of IT as a service. Originally created by the CCTA (Central Computers and Telecommunications Agency, now the OGC, UK Office of Government Commerce), ITIL has now become the de-facto standard for IT Service Management worldwide.
ITIL provides a comprehensive set of best-practice guidelines & processes on all aspects of managing IT as an end-to-end service, that are tailorable and scaleable to suit any size or type of organisation and that can also be used in any IT service environment be it internal or external.
ITIL has recently undergone a major face lift. The new version of ITIL (Version 3) was released on the 30 May 2007. Version 3 is different to Version 2 in that it takes an integrated service lifecycle approach, rather than being organised around the concepts of IT service support and IT service delivery.
ITIL - Version 2
Core advice and guidance on the ITIL version 2 framework is provided in the official Version 2 OGC ITIL manuals, which are provided individually or in one complete set as part of the Complete ITIL Library package from the IT Governance online store. Interactive CD-ROM versions of all of the core Version 2 ITIL titles are also available from the IT Governance online store, either individually or in the Complete ITIL CD-ROM Library.
The qualification scheme supporting ITIL is currently undergoing a period of change. Version 2 and Version 3 examinations are both available. For more on the qualification scheme please follow this link. has been provided to support the methodology. There are three types of ITIL version 2 certification available. They are Foundation, Practitioner and Manager.
Various different study options are available for the above ITIL Version 2 / IT Service Management exams, for instance for the Foundation certificate you can either attend a classroom training course or if you are looking for a more convenient way to study at your own time and at your own pace IT Governance offer a range ITIL Foundation distance learning courses either with the exam fee included or excluded. We also offer a 6 month web-based subscription to the ITIL Foundation course.
After implementing ITIL within any organisation there is the need for metrics programme to allow for ongoing process improvement. In his book Measuring ITIL, Randy A. Steinberg layouts a clear plan for establishing and implementing an ITIL metrics programme. Also included with the book is a CD containing an IT Service Management modelling tool to aid with calculation of metrics.
Measuring ITIL is also available in our IT Management Metrics and Quality Starter Kit, which contains some of the essential ITIL and IT Service Management metrics books all in one package.
ITIL - Version 3
The latest version of ITIL (Version 3) takes a different approach to IT service management than Version 2. It adopts an integrated service lifecycle approach, rather than being organised around the concepts of IT service support and IT service delivery.
Five new core books authored by the OGC, and published by the TSO have now been released to support Version 3. They are:
The above ITIL version 3 publications are available in the following formats: soft cover, PDF download & as 1 year online subscriptions. Also, all of the above ITIL v3 core books can be purchased as part of The ITIL Lifecycle Publication Suite. This suite of the ITIL Version 3 core titles is available in soft cover, PDF download and 1 year online subscription versions.
eTOM – Enhanced Telecom Operations Map
Enhanced Telecom Operations Map (eTOM) is not specifically an IT management framework, it is in fact the most widely accepted and used business process standard in the telecoms sector worldwide.
eTOM describes a full range of business processes required by a service provider and defines the key mechanisms and how they interact.
Due to the major overlap of the IT and telecommunications sectors eTOM , ITIL, COBIT and other frameworks and standards are being used more and more in conjunction with each other. For instance eTOM can be used in supporting the planning and organisation phase of the CobiT IT control cycle. Also, eTOM can be mapped to ITIL framework to combine the strengths of both.
For more information on eTOM see the TM Forum website.
ASL – Application Services Library
The Application Services Library (ASL) is a public domain, mainly European framework for the management, enhancement and renewal of business applications. ASL does not focus on supporting the application itself. It focuses on supporting the business processes using information systems i.e. managing and maintaining the application (software), databases, documentation, availability, programming, system development, design and impact analysis.
Organisation looking for a more information on ASL and its processes will find ASL, Application Services Library: A Management Guide a handy easy to read reference. It explains what ASL is and how it can help your organisation.
For a more in-depth, yet still easy-to-read book on ASL, IT Governance offers ASL, A Framework for Application Management via our online store. This book offers a complete overview of ASL and an in-depth description of the application management processes.
Accreditation against the ASL framework is available on an individual and organisation wide basis. For more on these certifications and other information on ASL see the ASL Foundation website.
MSP – Managing Successful Programmes
Managing Successful Programmes (MSP) is a methodology that is used predominantly by organisations in the UK and Europe. The aim of MSP is to provide organisations with an effective tool to manage programmes to achieve a goal at a strategic level so that the organisation can achieve benefits and improvements in its business. It is often used for IT programmes.
The latest version of MSP was released in 2007 and has been updated to reflect the latest changes and developments in best practice. It also has a simplified structure and new layout highlighting the the methodology's key themes.
MSP provides organisations with a set of best-practice principles and processes for use when managing a programme. These are outlined by the OGC, the authors of the MSP methodology in the MSP manual, which is called Managing Successful Programmes -2007 Edition. This manual is available in the following formats: soft cover, PDF download and 1 year online subscription.
If as an organisation you are new to the concepts covered by MSP and want an easy-to-read yet in-depth introduction to the methodology then this is provided in the form of a book called Introduction to Programme Management: based on MSP. This book provides a clear no-nonsense overview of MSP in clear and plain English.
No organisation wide accreditation is available for organisations using the MSP method. However organisations can now have the level of their Programme Management methods and processes assessed by external consultants against one of several external benchmarks (Maturity models). This allows organisations to benchmark their method & processes against a set of proven best-practices and determine a route to improvement. More information on these maturity models can be found on the APM Group website.
MSP qualifications are available on an individual basis. The levels of these qualifications are Foundation, Intermediate and Practitioner. Individuals studying for these qualifications can either attend a classroom based training course or use a distance learning package that has been accredited by the APM Group, the accreditors of the MSP examinations. A range of accredited MSP distance learning training courses is available from the IT Governance online store.
PRINCE2 - Projects in Controlled Environments
Projects in Controlled Environments (PRINCE2) is a structured method for managing all types and size of project, in any type or size of organisation. PRINCE2 covers the management, control, organisation and delivery of a project.
PRINCE2 is often used for management of projects within an MSP framework. It is also the de-facto Project Management standard in the UK, but has also been widely adopted in other countries in the EU and Commonwealth.
An in-depth description of the PRINCE2 project management method is provided in the PRINCE2 manual – Managing Successful Projects with PRINCE2 (also available on CD-ROM) – in the latest version of the manual (2005) inconsistencies have been ironed and improvements have been made to product-based planning and process diagrams after consultation the international user community.
Examinations are available on an individual basis in the PRINCE2 Method. These are accredited by the APM Group. The two levels of examination available are Foundation and Practitioner. The OGC, the creators of the PRINCE2, provide essential advice and guidance on both exams in Passing the PRINCE2 Exams (also available on CD). This book has been updated to reflect the latest changes in PRINCE2 and provides multiple choice questions and specimen answers to typical project management situations.
PRINCE2 Practitioners have to re-register every 3-5 years, by sitting and passing a Practitioner-level re-registration examination. Passing the PRINCE2 Exams will also be of aid to individuals studying for this exam.
If you, as an individual, or your organisation need more of an understanding of PRINCE2 then Project Management Based on PRINCE2 provides an in-depth yet easy-to-read introduction to the methodology.
All of the above PRINCE2 books are available from the IT Governance online store and are included in our PRINCE2 Starter Kit, which also includes other essential PRINCE2 reading for anyone studying for their Foundation examination or who is new to Project Management.
PMBOK – Project Management Body of Knowledge
The Project Management Body of Knowledge (PMBOK)is a Project Management standard developed by the Project Management Institute (PMI) institute in the United States. PMBOK consists of processes and knowledge areas that are generally accepted as best-practice in the Project Management field.
PMBOK can be applied to any type or size of project, whether be in the public, private or not-for-profit sectors. The PMBOK standard has also been adopted internationally by the IEEE as IEEE 1490-2003.
A complete in-depth manual on PMBOK is provided by the PMI in the form of the PMBOK Guide, 3rd Edition (also available on CD-ROM). It is an essential reference for every Project Management practitioner’s library.
A comprehensive qualification scheme is available for individuals looking to demonstrate their knowledge of PMBOK. There are two main levels of PMI project management qualification these are CAPM and PMP. The former is very much an introductory qualification, while the latter is very much a high-level Project Management qualification.
Candidates that study for either of these qualifications have to demonstrate a certain level of knowledge of Project Management and PMBOK, and/or a certain level of education in Project Management. Both qualifications entail candidates taking comprehensive exams. Exam guides for both the CAPM and PMP exams are available from the IT Governance online store.
PMI (as of 2006) have introduced a new qualification for Programme Management called Programme Management Professional (PgMP), for more information on this and the other PMI Project Management qualifications see the PMI website.
OPM3 - Organisational Project Management Maturity Model
OPM3 stands for 'Organisational Project Management Maturity Model'. It was first published by the Project Management Institute (PMI) in the United States in 2003. OPM3 provides a route by which organisations can advance their strategic goals through the application of Project Management principles and practices, and can be applied in any type or size of organisation.
The Organisational Project Management Maturity Model is made up of three key interlocking elements which are knowledge element, assessment element, improvement element. The knowledge element found in the OPM3 Knowledge Foundation book and online on the OPM3 website allows organisations to discover best-practices and shows them how to use the information contained in OPM3.
The assessment element allows organisations to evaluate their current level of maturity and establish areas in need of improvement. This is done using an online database tool on the OPM3 website.
If the organisation takes the decision to undertake a path to higher maturity, then the improvement element comes into play. This provides the organisation with the information needed to achieve their goal. This information is also delivered via the OPM3 website.
In short, OPM3 will help organisations align their organisational goals with the successful completion of projects and give them a better understanding of their organisational Project Management maturity. OPM3 also provides valuable information to organisations to help them plan projects to improve their maturity while conserving resources.
For more information on OPM3 the PMI has provided an in-depth yet easy to understand overview of the framework itself in a book called Organisational Project Management Maturity Model (OPM3) Overview. This book is essential reading for anyone considering using OPM3.
More information on OPM3 can be found on the OPM3 website.
