What's on this page?
The only super-framework that pulls all the existing frameworks together in a way that enables an organisation to maximise its benefit from them is the Calder-Moir IT Governance Framework.
Deploying the best practice guidance as set out in the IT Governance Standard ISO 38500, the Calder-Moir Framework identifies six business areas that can each contain separate frameworks that make up an overall IT Governance Framework:
Risk, conformance and compliance
Learn more and how to implement an overarching governance framework with the Calder-Moir Framework Toolkit
At its heart, TickITplus covers software development, maintenance and service. It is essentially a software industry implementation of the ISO 9001 Standard, the standard that details the requirements for a QMS (Quality Management System).
The aim of TickIT is to improve software quality and establish more efficient internal processes, thus reducing the likelihood of cost overruns and product failure.
TickIT provides a route for organisation to have their quality management system certified to the ISO 9001 standard by a third party. There are currently two certification bodies for TickIT, they are UKAS and SWEDAC. Detailed advice and guidance on the scope and implementation of TickIT can be found in the The scheme is currently managed by the Joint TickIT Industry Steering Committee (JTISC). The committee is made up of representatives from several different organisations including The British Computer Society, Intellect, BSI, and certification bodies.
Learn more on our dedicated TickITplus page.
ISO 27001 is an international standard that details the requirements for establishing and maintaining an Information Security Management System (ISMS). An ISMS is an organised approach by which to manage an organisations information security. It encompasses people, processes and IT systems (hardware and software).
ISO 27001 should be used in conjunction with ISO27002, which provides an implementation route for the controls found in the standard. Learn more on our dedicated ISO27001 page.
ISO 20000 is an international standard that sets out a specification for best practice process implementation for IT Service Management. It also covers the maintenance of the processes and the route to ensure their relevance and improvement.
ISO20000 enables an organisation to effectively deliver IT services to meet business and customer requirements. The standard itself has two main parts, which are:
Part 1 of the standard is the one which organisations must comply with to achieve ISO 20000 certification. Part 2 explains the requirements laid out in Part 1. Learn more on our designated ISO 20000 page.
ISO 20000 can be implemented by any type or size of organisation. However, small organisations may find implementation more complex, thus other frameworks maybe more appropriate in those circumstances.
Organisations looking for to certify to ISO 20000 will want to establish their level of compliance to the standard prior to undertaking a formal certification.
The IT Service Management Self-assessment Workbook allows the relevant person within the organisation to assess compliance to the standard and then implement policies for process improvement before undertaking formal certification.
The IT Service Capability Maturity Model (CMM) is a five level scale which allows organisations to measure their capabilities in respect of IT service delivery. It also details a route for organisations to follow to improve their service capability.
Each of the levels of the IT Service CMM detail certain best practice process areas that have to be in place before the organisation resides on that level.
As an organisation implements these best practice processes the organisation moves up to the appropriate level on the IT Service CMM, thus improving service delivery through the use of better processes. For more information please see the Software Capability Maturity Model web page.
There are not currently any organisations that are running formal accreditation schemes against the IT Service CMM, however there are third-party companies that will visit an organisation and perform a process assessment to judge the maturity of the organisations processes.
When undertaking a process assessment, there are various different methodologies that you can use. But due to the similarities between the Software CMMI, created by Carnegie Mellon University and the IT Service CMM the same methods can be used for doing a process assessment for the IT Service CMM as for the Software CMMI.
Six Sigma is an effective and adaptable measurement-based improvement methodology that can be used for delivering quality IT services. It offers a structure by which organisations can constantly improve routine IT processes, eliminating defects, waste and cost, thereby increasing service quality and customer satisfaction. The main aim of Six Sigma is to reduce variation in processes to achieve this.
Six Sigma can be used in conjunction with the ITIL (Information Technology Infrastructure Library) framework. They complement each other by the former being a measurement-based quality improvement methodology and ITIL being a best practice processed based methodology. An overview and an implementation route of how the two methodologies can be used together is provided in Six Sigma for IT Management.
There is no formal certification for an organisation against the Six Sigma framework. However one of the main parts of Six Sigma implementation is the need to train certain individuals to a high degree of familiarity to the methodology itself, so they can work on the implementation/project team.
Various levels of qualification are available for these individuals to demonstrate their level of competence in Six Sigma. One of these levels is Black Belt – this certifies the individual is a highly experienced Six Sigma practitioner. Another is Green Belt – which demonstrates an individual has trained in Six Sigma and is qualified to work on the implementation/project team under the direction of a Six Sigma Black Belt.
Formal training and certification in these qualifications are available from Motorola Solutions, the creators of Six Sigma methodology. Study guides and text books are available for both exams:
The eSourcing Capability Model was developed by the IT Services Qualification Center (ITSqc) at Carnegie Mellon University and a group of independent organisations. The aim of model is to provide a best practice framework that IT service providers (usually outsourced) can use to develop and improve their ability to deliver high quality IT services, while minimising costs and risks to their clients, thus allowing them to demonstrate the quality of their services and provide a route for their clients to differentiate them from their competitors.
The model itself has 5 levels, each of which donates the level maturity (quality) of the provider’s IT services. Organisations can attain formal certification against the model itself. For a free copy of the model, associated publications and more information please see the ITsqc website.
The IT Balanced Scorecard is a metrics based mechanism that can used to enable better IT performance and enable alignment between the overall business goals and IT. It provides managers with important performance metrics that drive success.
When implementing the IT Balanced Scorecard there are a lot of issues to consider, Jessica Keyes lays the groundwork for implementing the scorecard approach, and successfully integrating it with corporate strategy in her book, Implementing the IT Balanced Scorecard: Aligning IT with Corporate Strategy. The book provides a comprehensive "how-to" approach to implementing the Balanced Scorecard in an IT environment.
The Balanced Scorecard (BSC) mechanism itself was originally developed on an enterprise wide level by Robert Kaplan and David Norton. In their book Alignment: How to Apply the Balanced Scorecard to Corporate Strategy, they show how today's companies can unlock potential value from enterprise synergies by applying the BSC. This book can aid with the alignment of IT with organisational strategy.
AS 8015 – 2005 is an Australian standard for IT Governance. The standard provides guiding principles that senior management, such as directors, business owners, senior executives, can use for the effective, efficient, and acceptable use of IT and communications technology within their organisation.
The standard itself can be implemented within any type or size of organisation, whether it is a small company, large government department or a charity. AS 8015-2005 provides principles, a model and vocabulary, that mesh together to form an effective framework for the effective governance of IT. Formal certification against the standard is not currently available.
CobIT (Control Objectives for Information and related Technology) is a best practice framework that lays out a set of generally accepted measures, indicators, and processes. These assist managers, auditors, and IT users in maximising the benefits derived through the use of information technology and in developing appropriate IT governance and control within an organisation.
CobIT 5 was published in early 2012 replacing CobIT 4. It incorporates the governance activities of ISO 38500 (Corporate Governance of IT), including activities of the complementary ISACA frameworks Val IT, Risk IT, BMIS and ITAF as well as other areas of IT governance. Learn more on our designated CobIT 5 page where you can find information about official manual and training courses.
M_o_R (Management of Risk) is a methodology that deals with the effective control of risk. M_o_R was originally developed by the UK Office of Government Commerce (OGC now Cabinet Office). It is used in both public and private sectors internationally.
M_o_R can be used by any type or size of organisation to identify, manage, reduce and eliminate risk. An in-depth resource for organisations looking to use M_o_R has been provided by the Cabinet Office themselves in the form of the official M_o_R manual – Management of Risk: Guidance for Practitioners - 2007 Edition. It should be used as the official source of best practice information relating to the management of risk.
The 2007 version of the M_o_R methodology strengthened - over the previous version - in areas such as corporate governance and internal control, M_o_R process - updated and expanded to reflect current thinking, M_o_R Principles - expanded to reflect the requirements of corporate governance and internal control. It also features an update glossary reflecting a common language used across M_o_R, PRINCE2 and MSP and that is aligned with BSI's emerging risk standards. Purchase a copy of the new M_o_R manual – Management of Risk: Guidance for Practitioners - 2007 Edition here.
There are two levels of official qualification available for practitioners. These are the Foundation and Practitioner, these allow Risk Management practitioners to demonstrate their level of competence in the M_o_R methodology. Training courses in M_o_R (including the exams) are available from ATOs (Accredited Training Providers), which are approved training organisations by the APM Group, the official accreditor of the exams on behalf of the Cabinet Office.
The M_o_R & Risk Management Starter Kit contains all the essential books for preparing for the M_o_R exams:
Management of Risk Guidance for Practitioners - 2007 Edition
Risk Management Based on M_o_R – A Management Guide
Enterprise Risk Assessment & Business Impact Analysis Best Practices,
The Generic Framework for Information Management is an information management model which can be applied by any organisation to better align IT with organisational strategy. It is predominantly used in the Netherlands by consultants, but also has been used by large organisations.
The main function of the Generic Framework for Information Management is for the high-level analysis of organisational and responsibility issues. It provides a map for the entire information management domain to be used for positioning of information management issues that are currently under discussion in the organisation, assigning responsibility and as a diagnostic tool.
For more information on the Generic Framework for Information Management see the PrimaVera Working Paper on creating the framework.
The Business Information Services Library (BiSL) is a public domain framework for the effective control of the organisations information systems. The current owner of the BiSL copyright is the ASL Foundation, however it was originally developed by PinkRoccade (now part of Getronics).
BiSL consists of a framework of processes, a library of best practices and publications that are available from ASL Foundation website. BiSL is primarily used in the Netherlands and provides guidance in the areas of operational IT control, information systems in the organisations processes and information management.
The main aim of BiSL is provide a tool which can be utilised to improve the performance of IT and of information system management departments and aid with the improvement of internal business processes. For more information on BiSL see the ASL Foundation website.
The Information Service Procurement Library is a European best-practice method for tendering and delivering IT projects and services. It is used by both customer and supplier organisations, and in both the public and private sectors.
ISPL helps establish a professional relationship between the customer and supplier organisations. It sets out clear best practice outsourcing strategy that is tailorable / scaleable and aids with the preparation of key documents for the outsourcing tendering process such as the request for proposal. It also it aids in construction of the project contract and delivery plan and covers monitoring of the project during the delivery phase.
Qualifications are available for individuals in ISPL. For further information on these qualifications and ISPL itself see the ISPL website.
ITIL (The IT Infrastructure Library) is a best practice framework for the effective delivery of IT as a service. ITIL has now become the de-facto standard for IT Service Management worldwide. ITIL is centred on the five core publications of the ITIL Lifecycle suite, each addressing a specific area of IT Serviec Management. These publications are:
ITIL has a series of qualifications available to ITSM professionals and ITIL is also very useful to organisations looking to achieve ISO 20000 certification. Learn more about ITIL and ITIL qualifications on our designated ITIL page.
Enhanced Telecom Operations Map (eTOM) is not specifically an IT management framework, it is in fact the most widely accepted and used business process standard in the telecoms sector worldwide. eTOM describes a full range of business processes required by a service provider and defines the key mechanisms and how they interact.
Due to the major overlap of the IT and telecommunications sectors eTOM , ITIL, COBIT and other frameworks and standards are being used more and more in conjunction with each other. For instance eTOM can be used in supporting the planning and organisation phase of the CobiT IT control cycle. Also, eTOM can be mapped to ITIL framework to combine the strengths of both.
For more information on eTOM see the TM Forum website.
The Application Services Library (ASL) is a public domain, mainly European framework for the management, enhancement and renewal of business applications. ASL does not focus on supporting the application itself. It focuses on supporting the business processes using information systems i.e. managing and maintaining the application (software), databases, documentation, availability, programming, system development, design and impact analysis.
Accreditation against the ASL framework is available on an individual and organisation wide basis. For more on these certifications and other information on ASL see the ASL Foundation website.
Managing Successful Programmes (MSP) is a methodology that is used predominantly by organisations in the UK and Europe. The aim of MSP is to provide organisations with an effective tool to manage programmes to achieve a goal at a strategic level so that the organisation can achieve benefits and improvements in its business. It is often used for IT programmes.
should not be confused with Project Management
. Programme Management is an organised and systematic approach to setting up and managing a programme. Programmes are made up of multiple projects identified by an organisation that together will deliver some defined objective, or goal, for the organisation. A programme can only succeed if the projects within it succeed.
The latest version of MSP was released in 2007 and has been updated to reflect the latest changes and developments in best practice. It also has a simplified structure and new layout highlighting the methodology's key themes.
MSP provides organisations with a set of best-practice principles and processes for use when managing a programme. These are outlined by the Cabinet Office, the authors of the MSP methodology in the MSP Manual.
No organisation wide accreditation is available for organisations using the MSP method. However organisations can now have the level of their Programme Management methods and processes assessed by external consultants against one of several external benchmarks (Maturity models). This allows organisations to benchmark their method & processes against a set of proven best-practices and determine a route to improvement. More information on these maturity models can be found on the APM Group website.
MSP qualifications are available on an individual basis. The levels of these qualifications are Foundation, Intermediate and Practitioner. Individuals studying for these qualifications can either attend a classroom based training course or use a distance learning package that has been accredited by the APM Group, the accreditors of the MSP examinations.
Projects in Controlled Environments (PRINCE2) is a structured method for managing all types and size of project, in any type or size of organisation. PRINCE2 covers the management, control, organisation and delivery of a project.
PRINCE2 is often used for management of projects within an MSP framework. It is also the de-facto Project Management standard in the UK, but has also been widely adopted in countries all over the world.
An in-depth description of the PRINCE2 project management method is provided in the PRINCE2 Manual – Managing Successful Projects with PRINCE2 – it has been designed to be a role-specific handbook for project managers, team managers and project support.
Examinations are available on an individual basis in the PRINCE2 Method. These are accredited by the APM Group. The two levels of examination available are Foundation and Practitioner. The Cabinet Office, the creators of the PRINCE2, provide essential advice and guidance on both exams in Passing the PRINCE2 Exams. This book has been updated to reflect the latest changes in PRINCE2 and provides multiple choice questions and specimen answers to typical project management situations. PRINCE2 Practitioners have to re-register every 3-5 years, by sitting and passing a Practitioner-level re-registration examination. Passing the PRINCE2 Exams will also be of aid to individuals studying for this exam.
Find out everything you need to know on PRINCE2 on our designated page
The Project Management Body of Knowledge (PMBOK) is a Project Management standard developed by the Project Management Institute (PMI) institute in the United States. PMBOK consists of processes and knowledge areas that are generally accepted as best-practice in the Project Management field.
PMBOK can be applied to any type or size of project, whether be in the public, private or not-for-profit sectors. The PMBOK standard has also been adopted internationally by the IEEE as IEEE 1490-2003.
A complete in-depth manual on PMBOK is provided by the PMI in the form of the PMBOK Guide, 5th Edition. It is an essential reference for every Project Management practitioner's library.
Find out everything you need about PMBOK on our designated information page.
OPM3 stands for 'Organisational Project Management Maturity Model'. It was first published by the Project Management Institute (PMI) in the United States in 2003. OPM3 provides a route by which organisations can advance their strategic goals through the application of Project Management principles and practices, and can be applied in any type or size of organisation.
The Organisational Project Management Maturity Model is made up of three key interlocking elements which are knowledge element, assessment element, improvement element. The knowledge element found in the OPM3 Knowledge Foundation book and online on the OPM3 website allows organisations to discover best-practices and shows them how to use the information contained in OPM3.
The assessment element allows organisations to evaluate their current level of maturity and establish areas in need of improvement. This is done using an online database tool on the PMI website.
If the organisation takes the decision to undertake a path to higher maturity, then the improvement element comes into play. This provides the organisation with the information needed to achieve their goal. This information is also delivered via the OPM3 website.
In short, OPM3 will help organisations align their organisational goals with the successful completion of projects and give them a better understanding of their organisational Project Management maturity. OPM3 also provides valuable information to organisations to help them plan projects to improve their maturity while conserving resources.
For more information on OPM3 the PMI has provided an in-depth yet easy to understand overview of the framework itself in a book called Organisational Project Management Maturity Model (OPM3) Overview. This book is essential reading for anyone considering using OPM3.
More information on OPM3 can be found on the PMI website.