Over a recent years, a major driver for the widespread implementation of COBIT™, particularly in the United States, has been the Sarbanes-Oxley Act. This is a hugely influential piece of corporate governance legislation, which was first published in 2002, in the wake of a number of very high profile corporate and financial scandals.
COBIT frequently provides the major control framework introduced to address the demands of this act. although a nummber of other approaches are also in common use.
The main processes in this context are often considered to be:
- Aquire or Develop application software
- Aquire Technology Infrastructure
- Develop and maintain Policies and Procedures
- Install and Test Application Software and Technology Infrastructure
- Manage Changes
- Define and Manage Service levels
- Manage Third Party Services
- Ensure System ecurity
- Manage the Configuration
- Manage Problems and Incidents
- Manage Data
- Manage Operations
... although this should not be considered to be a definitive list.
As this is an area of growing interest, the User Group invites input in terms of papers, articles, or substantive information postings to our on-board forum (see the item above for further information and details on the forum).