Global Standard and Publications

Copyright protected. Use is for Single Users only via a VHP Approved License.
For information and printed versions please see www.vanharen.net

Global Standards and Publications
Edition 2012 / 2013
Global Standards
and Publications
EDITION 2012/2013
Colophon
Title: Global Standards and Publications
Edition 2012 / 2013
Publication of: Van Haren Publishing, www.vanharen.net
Editors: Jane Chittenden
Ren Visser
Johannes W. van den Bent
ISBN Hard copy: 978 90 8753 703 6
ISBN eBook: 978 90 8753 866 8
Print: Second edition, frst impression, May 2012
Layout and design: CO2 Premedia, Amersfoort - NL
Copyright: Van Haren Publishing 2012
TRADEMARK NOTICES
ArchiMate
and TOGAF
are registered trademarks of The Open Group.

ASL
and BiSL
are registered trademarks of ASL BiSL Foundation.

COBIT
is a registered trademark of the Information Systems Audit and

Control Association (ISACA) / IT Governance Institute (ITGI).
ITIL
is a registered trademark of the Cabinet Offce.

M_o_R

MoP is a registered trademark of the Cabinet Offce.
MSP

P3O

PRINCE2

PMBOK
Guide is a registered trademark of the Project Management

Institute (PMI).
SqEME
is a registered trademark of Stichting SqEME.

TMap
is a registered trademark of Sogeti Nederland B.V.

For any further enquiries about Van Haren Publishing, please send an
e-mail to: info@vanharen.net
Although this publication has been composed with most care, author nor
editor can accept any liability for damage caused by possible errors and/or
incompleteness in this publication.
No part of this publication may be reproduced in any form by print, photo
print, microflm or any other means without written permission by the
publisher.
5
Dear readers,
In this rapidly changing IT and business environment most things
should and could be more easy. It is no wonder that methods like
Agile and Scrum are gaining popularity. New developments offer
great opportunities for those willing to make the most out of it
but it can be diffcult not to get overwhelmed.
In the current environment with constant changes and almost

infnite ways accessing information and communicating it is
essential to make communication as clear as possible and ensure
the quality of information. Van Haren Publishing makes general
Best Practices available to provide quality, practically validated
information worldwide. The use of standards and frameworks
gives everyone the same language thus minimalizing the chance
of errors due to unclear communication. Best Practices regarding
these standards and frameworks provides you with information
summarizing years of experience by the best in the industry.
Not only do we publish books on Best Practices, we also actively

and independently promote the standards and frameworks via
our freely accessible eKnowledge. To make communication on
standards everywhere a little easier, we provide you with a basic
summary of 36 relevant standards in our catalog. It is an illusion
those standards will lead to better results. More importantis the
people factor, as without people all these things dont evolve at
all. But that is beyond the service we provide, all we can do is give
a start in sharing best practice and share generic solutions. The
rest should come from you.
Kind regards,
Ivo van Haren, CEO Van Haren Publishing
6
7
Contents
1. Agile 9
2. Amsterdam Infor mation Management Model (AIM) 13
3. ArchiMate

17
4. ASL

20
5. Balanced Scorecard 23
6. BiSL

26
7. CATS CM

29
8. CMMI

32
9. COBIT

35
10. EFQM 40
11. eSCM-CL 44
12. eSCM-SP 47
13. Frameworx 50
14. ICB
53
15. ISO 9001 56
16. ISO 14000 59
17. ISO/IEC 15504 62
18. ISO/IEC 27000 series 66
19. ISO 31000 69
20. ISO 38500 72
21. ISO/IEC 20000 75
22. ITIL
2011 78
23. Lean management 82
24. M_o_R

85
25. MoP

88
26. MSP

91
27. OPBOK 94
28. P3O

97
29. PMBOK
Guide 100
30. PRINCE2

103
Contents
8
31. SABSA

106
32. Scrum 113
33. Six Sigma 117
34. SqEME

120
35. TMap
NEXT 123
36. TOGAF

126
9
1. Agile
1.1 Title/def nition
Agile software development approach
1.2 The basics
Agile software development is set of software development
methodologies based on iterative and incremental development,
where requirements and solutions evolve through collaboration
between self-organizing, cross-functional teams.
1.3 Summary
Incremental software development methods have been traced
back to 1957. Lightweight software development methods
evolved in the mid-1990s as a reaction against heavyweight
methods, which were characterized by their critics as a heavily
regulated, regimented, micromanaged, waterfall model of
development. Supporters of lightweight methods (and now agile
methods) contend that they are a return to earlier practices in
software development.
Early implementations of lightweight methods include Scrum
(1993), Crystal Clear, Extreme Programming (1996), Adaptive
Software Development, Feature Driven Development, and
Dynamic Systems Development Method (1995). These are now
typically referred to as Agile methodologies, after the Agile
Manifesto.
The Agile Manifesto was written in February 2001, at a summit
of independent-minded practitioners of several programming
methodologies.
1. Agile
10
Manifesto for Agile Software Development
We are uncovering better ways of developing
software by doing it and helping others do it.
Through this work we have come to value:
Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan
That is, while there is value in the items on
the right, we value the items on the left more.
Source: agilemanifesto.org/
The Agile Manifesto has twelve underlying principles:
1. Customer satisfaction by rapid delivery of useful software
2. Welcome changing requirements, even late in development
3. Working software is delivered frequently (weeks rather than
months)
4. Working software is the principal measure of progress
5. Sustainable development, able to maintain a constant pace
6. Close, daily co-operation between business people and
developers
7. Face-to-face conversation is the best form of communication
(co-location)
8. Projects are built around motivated individuals, who should
be trusted
9. Continuous attention to technical excellence and good design
10. Simplicity
11. Self-organizing teams
12. Regular adaptation to changing circumstances
Agile methods break tasks into small increments with minimal
planning and do not directly involve long-term planning.
1. Agile
11
Iterations are short time frames. Team composition in an agile
project is usually cross-functional and self-organizing and team
size is usually small (5-9 people.) The agile method encourages
stakeholders to prioritize their requirements on the basis of
business value.
The Agile approach is supported by the Agile Alliance, a not-for-
proft organization that wants to see Agile projects start and help
Agile teams perform. It is funded by individual memberships,
corporate memberships, and by the proceeds from the Agile
200X series of conferences. It is not a certifcation body and does
not endorse any certifcation programs.
1.4 Target audience
Anyone involved in an Agile software development project team;
including analysts, architects, developers, testers and business
customer/users; anyone supporting or managing an Agile project
team who requires a detailed understanding of the practices and
benefts of Agile software development.
1.5 Scope and constraints
Applicable to software development environments. Improved
quality; higher productivity; positive effect on business
satisfaction;
Constraints:
Works less well in istributed development efforts where teams
are not located together
Acceptance: forcing an Agile process on a development team
that is unfamiliar with the approach
1. Agile
12
Exceptions: mission-critical systems where failure is not an
option at any cost (e.g. software for surgical procedures).
1.6 Relevant links (web lin ks)
http://agilemanifesto.org/ and http://www.agilealliance.org
13
2. Amsterdam
Infor ma tion
management
Model (AIM)
The Amsterdam model for information management: A Generic
Framework for Information Management
2.2 The basics
The Amsterdam Information management Model (AIM)
provides a mapping of the relationships between organization
and information.
2.3 Summary
AIM was developed at the University of Amsterdam (paper:
Abcouwer, A.W., Maes, R. Truijens, J. (1997), Contouren voor
een generiek model voor informatie-management, Tijdschrift
Informatie en Management.). It can be used as a tool for
positioning and interrelating information management functions.
It can be applied to the areas of business-IT alignment and
sourcing, and can be of use when considering IT governance.
It offers a high level view of the entire scope of information
management; its main application is in the analysis of
organization and responsibilities.
AIM can be used to support strategic discussions in three
different ways, as shown in the diagram below (Figure 2.1):
Descriptive, orientation the framework offers a map of the
2. Amsterdam Infor mation Management Model (AIM)
14
entire information management domain, and can be used for
positioning specifc information management processes in the
organization.
Specifcation, design the framework can be used to re-
organize the information management organization, e.g. to
specify the role of the Chief Information Offcer (CIO) or
determine the responsibilities of the retained organization in
the case of outsourcing.
Prescriptive, normative the framework can be used as
a diagnostic instrument to fnd gaps in an organizations
information management, and specifcally aimed at
identifying missing interrelationships between the various
components of the framework.
On the horizontal axis, the framework distinguishes three
domains of governance:
1. Business This domain comprises all standard business
functions such as management, HR, resources and processes.
2. Information and Communication (information domain
This domain describes how information and communication
supports the business. In this domain, business requirements
are translated into the IT (technology) capabilities that are
needed to support the business.
3. Technology (IT domain) This domain specifcally describes
the development and management of IT solutions.
The vertical axis describes the three levels of governance:
Strategy (scope, core competencies and governance);
Structure (architecture and competencies);
Operations (processes and skills).
15
Figure 2.1: The Nine Square framework (het negenvlak)
AIM (originally known as the nine square framework) connects
the two dimensions of management and information as the
central components for Information Management. The dotted
line demarks the scope of Business-IT alignment.
2.4 Target audience
The framework was developed for information managers,
enterprise architects and IT architects.
Business Technology
Strategy
(direction)
Structure
(implementation)
Information/
Communication
Operations
Abcouwer, Maes and Truijens (1997)
16
The scope of the framework is the information management
domain.
This framework enables discussions on the topic of business
and IT alignment, but it does not provide information on how
organizations can actually achieve better communications
between business and IT. The framework is not a method,
and cannot be used in a descriptive way; however, it can be a
useful addition to enterprise architecture frameworks such as
TOGAF
TM
.
2.6 Relevant links (web links)
The framework can be downloaded for free from the website of
the University of Amsterdam (Dutch site): http://primavera.fee.
uva.nl.
Original paper: (Dutch)
Abcouwer, A.W., Maes, R. Truijens, J. (1997), Contouren
voor een generiek model voor informatie-management,
Tijdschrift Informatie en Management.
The model was further enhanced by Maes in the period from
1999 to 2003 in a series of working papers: (English)
Maes, R. (1999) A Generic Framework for Information
Management, Primavera workingpaper series 1999-03;
17
3. ArchiMate

ArchiMate
, an Open Group Standard

3.2 The basics
ArchiMate
is an open and independent modelling language

for Enterprise Architecture that is supported by different tool
vendors and consulting frms. ArchiMate provides instruments to
enable Enterprise Architects to describe, analyze, and visualize
the relationships among business domains in an unambiguous
way.
3.3 Summary
Developed by the members of The Open Group, ArchiMate

2.0 was released in January 2012 and is now more aligned with
TOGAF
, the worlds most popular Enterprise Architecture

framework. As a result, Enterprise Architects using the
language can improve the way key business and IT stakeholders
collaborate and adapt to change.
The standard contains the formal defnition of ArchiMate as
a visual design language, together with concepts for specifying
inter-related architectures, and specifc viewpoints for typical
stakeholders. The standard also includes a chapter addressing
considerations regarding language extensions.
The contents of the standard include the following:
The overall modelling framework that ArchiMate uses
The structure of the modelling language
A detailed breakdown of the constituent elements of the
modelling framework covering the three layers (Business/
18
3. ArchiMate

Application/Technology), cross-layer dependencies and
alignment, and relationships within the framework
Architectural viewpoints, including a set of standard
viewpoints
Optional extensions to the framework
Commentary around future direction of the specifcation
Notation overviews and summaries
ArchiMate 2.0 improves collaboration through clearer
understanding across multiple functions, including business
executives, enterprise architects, systems analysts, software
engineers, business process consultants, and infrastructure
engineers. The standard enables the creation of fully integrated
models of an organizations Enterprise Architecture, the
motivation behind it, and the programs, projects, and migration
paths to implement it. ArchiMate already follows terms defned
in the TOGAF framework, and version 2.0 of the specifcation
enables modelling throughout the TOGAF Architecture
Development Method (ADM) cycle.
3.4 Target audience
Enterprise architects, business architects, IT architects,
application architects, data architects, software architects,
systems architects, solutions architects, infrastructure architects,
process architects, domain architects, product managers,
operational managers, senior managers, project leaders, and
anyone committed to work within the reference framework
defned by an Enterprise Architecture.
19
3. ArchiMate

3.5 Scope
The role of the ArchiMate standard is to provide a graphical
language for the representation of Enterprise Architectures over
time (i.e., including transformation and migration planning),
as well as their motivation and rationale. The ArchiMate
modelling language provides a uniform representation for
diagrams that describe Enterprise Architectures, and offers
an integrated approach to describe and visualize the different
architecture domains together with their underlying relations and
dependencies.
The design of the ArchiMate language started from a set of
relatively generic concepts (objects and relations), which have
been specialized for application at the different architectural
layers for an Enterprise Architecture. The most important design
restriction on ArchiMate is that it has been explicitly designed
to be as compact as possible, yet still usable for most Enterprise
Architecture modelling tasks. In the interest of simplicity of
learning and use, ArchiMate has been limited to the concepts
that suffce for modelling the proverbial 80% of practical cases.
Offcial websites:
http://pubs.opengroup.org/architecture/archimate2-doc/
http://www.opengroup.org/archimate
20
4. ASL

ASL
(Application Services Library)

4.2 The basics
ASL (Application Services Library) is a framework and
collection of best practices for application management.
4.3 Summary
ASL (Application Services Library) was developed by a Dutch IT
service provider, PinkRoccade in the 1990s and was made public
in 2001. Since 2002 the framework and the accompanying best
practices have been maintained by the ASL BiSL Foundation.
The current version is Version 2, published in the Netherlands in
2009.
ASL is concerned with managing the support, maintenance,
renewal and strategy of applications in an economically sound
manner. The library consists of a framework, best practices,
standard templates and a self-assessment. The ASL framework
provides descriptions of all the processes that are needed for
application management.
The framework distinguishes six process clusters, which are
viewed at operational, managing and strategic levels (Figure 4.1).
The application support cluster at the operational level aims to
ensure that the current applications are used in the most effective
way to support the business processes, using a minimum of
resources and leading to a minimum of operational disruptions.
The application maintenance and renewal cluster ensures that
4. ASL

21
the applications are modifed in line with changing requirements,
usually as a result of changes in the business processes, keeping
the applications up-to-date. The connecting processes form
the bridge between the service organization cluster and the
development and maintenance cluster.
Figure 4.1: The ASL framework
The management processes ensure that the operational clusters
are managed in an integrated way.
Finally, there are two clusters at the strategic level. The aim of the
application strategy cluster is to address the long-term strategy
for the application(s). The processes needed for the long-term
strategy for the application management organization are
described in the application management organization strategy
cluster.
Application management
organization strategy
C
o
n
n
e
c
t
i
n
g
p
r
o
c
e
s
s
e
s
Application
strategy
Strategic processes
Management processes
Operational processes
Application
support
Application
maintenance & renewal
S
t
r
a
t
e
g
i
c
M
a
n
a
g
i
n
g
O
p
e
r
a
t
i
o
n
a
l
4. ASL

22
4.4 Target audience
The target audience for ASL consists of everyone who is involved
in the development and management of applications: application
support personnel, application architects and designers,
programmers, testers, and managers with responsibility for
application development or application management.
The scope of ASL is the support, maintenance, renewal, and
strategy of applications, and the management of all related
activities.
Strengths
It offers a common language and conceptual framework for
application management (maintenance and support)
It provides an overview of all the activities (from operational
to strategic) that are needed to keep applications up-to-date
with the changing needs of the organization.
It is usable in various organizations and It is part of the public
domain and owned by one single corporati on
It is supported by a not-for-proft, vendor-independent
foundation with participation by a wide range of organizations
Constraints
ASL overlaps partially with other IT Service Management
frameworks.
Offcial website of the ASL BiSL Foundation:
www.aslbislfoundation.org/en
23
5. Balanced Scorecard
5.1 Title/def nition method
Balanced Scorecard
5.2 The basics
The Balanced Scorecard is a strategic planning and management
framework that is used to to align business activities to the
vision and strategy of the organization, improve internal and
external communications, and monitor organization performance
against strategic goals.(source: Balanced Scorecard Institute)
5.3 Summary
The Balanced Scorecard was originated by Drs. Robert Kaplan
(Harvard Business School) and David Norton as a performance
measurement framework that added strategic non-fnancial
performance measures to traditional fnancial metrics to give
managers and executives a more balanced view of organi-
zational performance. The Balanced Scorecard has evolved from
its early use as a simple performance measurement dashboard to
a full strategic planning and management system. It transforms
an organizations strategic plan from a passive document into the
marching orders for the organization on a daily basis.

The Balanced Scorecard is a management system (not only a
measurement system) that enables organizations to clarify their
vision and strategy and translate them into action. It provides
feedback around both the internal business processes and
external outcomes in order to continuously improve strategic
performance and results.
24
The Balanced Scorecard has four perspectives (see Figure 5.1):
The Learning and Growth Perspective: employee training
and corporate cultural attitudes related to both individual and
corporate self-improvement.
The Business Process Perspective: internal business processes.
The Customer Perspective: customer focus and customer
satisfaction.
The Financial Perspective: fnancial and fnancial-related
data, such as risk assessment and cost-beneft data.
Figure 5.1: Four perspectives of the Balanced Scorecard
(Adapted from Robert S. Kaplan and David P. Norton, Using the Balanced
Scorecard as a Strategic Management System, Harvard Business Review
(January-February 1996): 76.; source: www.balancedscorecard.org)
Financial
To succeed
nancially, how
should we
appear to our
shareholders?
O
b
j
e
c
t
i
v
e
s
M
e
a
s
u
r
e
s
T
a
r
g
e
t
s
I
n
i
t
i
a
t
i
v
e
s
Customer
To achieve our
vision, how
should we
appear to our
customers?
To achieve our
vision, how will
we sustain our
ability to
change and
improve?
O
b
j
e
c
t
i
v
e
s
M
e
a
s
u
r
e
s
T
a
r
g
e
t
s
I
n
i
t
i
a
t
i
v
e
s
Learning and
Growth
O
b
j
e
c
t
i
v
e
s
M
e
a
s
u
r
e
s
T
a
r
g
e
t
s
I
n
i
t
i
a
t
i
v
e
s
Internal Business
Processes
Vision
and
Strategy
To satisfy our
shareholders
and customers,
what business
processes must
we excel at?
O
b
j
e
c
t
i
v
e
s
M
e
a
s
u
r
e
s
T
a
r
g
e
t
s
I
n
i
t
i
a
t
i
v
e
s
25
A Balanced Scorecard should be enhanced with cause-and-
effect relationships between measures: outcome measures (lag
indicators of past performance) and performance drivers (lead
indicators). A well-developed scorecard should contain a good
mix of these two metrics.
5.4 Target audience
Senior management; strategic planners; business managers
The Balanced Scorecard was initially developed at enterprise
level. It can easily be adapted to align IT projects, IT
departments and IT performance to the needs of the business.
The Balanced Scorecard is used extensively in business and
industry, government and non-proft organizations worldwide
Use of an IT Balanced Scorecard is one of the most effective
means to support the board and management in achieving IT
and business alignment.
Constraints:
Visions and strategies that are not actionable
Strategies that are not linked to departmental, team and
individual goals
Strategies that are not linked to long- and short-term resource
allocation
Feedback that is tactical, not stra tegic.
Offcial website of the Balanced Scorecard Institute:
www.balancedscorecard.org
Original paper: Kaplan R S and Norton D P (1992)
TheBalanced Scorecard: measures that drive performance,
Harvard Business Review Jan Feb pp. 7180.
26
6. BiSL

BiSL
(Business Information Services Library)

6.2 The basics
BiSL (Business Information Services Library) is a framework and
collection of best practices for business information management.
6.3 Summary
BiSL (Business Information Services Library) was developed by
a Dutch IT service provider, PinkRoccade and was made public
in 2005. BiSL was then transferred to the public domain and
adopted by the ASL BiSL Foundation. The current version is
Version 1.1, published in 2012.
BiSL focuses on how business organizations can improve control
over their information systems: demand for business support, use
of information systems and contracts and other arrangements
with IT suppliers. BiSL offers guidance in business information
management: support for the use of information systems in the
business processes, operational IT control and information
management.
The library consists of a framework, best practices, standard
templates and a self-assessment. The BiSL framework gives
a description of all the processes that enable the control of
information systems from a business perspective (Figure 6.1).

6. BiSL
27
Figure 6.1: The BiSL framework
The framework distinguishes seven process clusters, which are
positioned at the operational, managing and strategic levels
(Figure 6.1).
The use management cluster provides optimum, on-going
support for the relevant business processes. The functionality
management cluster structures and effects changes in information
provision. The connecting processes cluster focuses on decision
making on which changes need to be made to the information
provision, and how they are implemented within the user
organization.
The management processes cluster ensures that all the activities
within the business information management domain are
managed in an integrated way.
I-organization strategy
cluster
Information strategy
cluster
Use management cluster
Functionality
management cluster
S
t
r
a
t
e
g
i
c
M
a
n
a
g
e
m
e
n
t
Management processes
O
p
e
r
a
t
i
o
n
a
l
Connecting
processes
6. BiSL

28
There are three clusters at the strategic level, which are
concerned with the formulation of policies for information
provision and the organizations involved in this activity.
6.4 Target audience
BiSL is primarily aimed at business management, information
management and professionals who wish to improve the support
of their business processes by realizing a better automated and
non-automated information provision.
The scope of BiSL is the support, usage, maintenance, renovation
and policy of the information provision and the management of
all related activities.
Strengths
It offers a stable framework and a common language for
business information management
It is supported by a not-for-proft, vendor-independent
foundation in which a wide range of organizations participate
It flls the gap between the business and IT functions. BiSL
recognizes and addresses management issues that are
increasingly important.
Constraints
BiSL is relatively new, and therefore relatively unknown
outside the Netherlands
Offcial website of the ASL-BiSL Foundation:
www.aslbislfoundation.org/en
29
7. CATS CM

CATS CM (Contract Administration and Tracking Scenarios -
Contract Management)
7.2 The basics

CATS CM provides a proactive methodical approach to contract
management for IT service providers.
7.3 Summary
In the past fve years contract management has become an
important focus area for the IT industry, and has become a
separate governance area. Because of this development, the
need arose for a structured and verifable method for contract
management. CATS CM was developed by two Dutch experts
in the feld of contract management, Van Beckum and Vlasveld.
The method was frst published in 2008: Contract management
voor ICT op basis van CATS CM. The CATS CM method is
owned by CM Partners in the Netherlands.
In the method, contract management is defned as all related
procedures, measures, guidelines and protocols aimed at
creating, managing and proftable running of a continuously
increasing order book. The concept of Tracking Scenarios shows
how to monitor all contract management aspects with the help of
detailed and structured roadmaps.
The detailed roadmaps provide a way to manage contracts
from the moment they are signed. CATS CM consists of thirty
activities that are grouped into six blocks. Each of these six
blocks forms one stage in the contract management process.
7. CATS CM
30
The activities are interrelated, and arise from the tasks,
responsibilities and accountabilities of the contract manager.
Figure 7.1: Tracking scenarios
7.4 Target audience
CATS CM is aimed at four different categories of IT functions:
Operational managers responsible for managing contracts at
the operational level.
Contract managers that have a natural ability to manage
contract without using specifc methods. CATS CM will
provide them with a tool to further structure their work to
make it verifable and transferable.
General management that is accountable for a solid,
dependable and verifable contract management.
Contract managers for customer organizations. CATS CM
will provide them with insights on how IT service providers
organize their contract management processes.
1 Initiate 2 Plan 3 Do
5 Act 4 Check
6 Close out
1.1 Organize intake
1.2 Analyze contract le
1.3 Compose CM
essentials
1.4 Check CM task
1.5 Conduct intake
1.6 Start Contract
implementation
2.1 Review CM essentials
2.2 Adjust contract time
frame
2.3 Plan Key Meetings
series
2.4 Plan own activities
(3 months)
2.5 Plan close out
5.1 Select actions for next
contract
5.2 Consult CO
5.3 Execute actions for
current contract
4.1 CM via CATS CM?
4.2 Self-assessment and
improvement
4.3 Code of conduct?
4.4 Plan actions for
improvement
3.1 Execute CM essentials
3.2 Compose reports
3.3 Consult through KM
3.4 Monitor 100% ABC
3.5 Manage contract le
3.6 Follow code of
conduct
6.1 Close CM essentials
6.2 Organize discharges
6.3 Close Control admin
6.4 Evaluate contract
6.5 Dismantle temporary
organization
6.6 Close CM task
7. CATS CM
31
The scope of the method is contract management from the
perspective of IT service providers. CATS CM complements
other approaches such as PRINCE2
, ITIL
, ASL
and BiSL
.
Constraints:
CATS CM enables service provider organizations to make their
contract management function more effective and effcient. The
most important constraint is the abstract level of description
of the elements of the CATS CM method. It is not suitable for
inexperienced contract managers and organizations.
7.6 Relevant links (web li nks)
Information about the CATS CM method (Dutch only) can be
found at:
http://www.cmpartners.nl/de-methode-cats-cm
32
8. CMMI

CMMI
(Capability Maturity Model
Integration) Version 1.3.

8.2 The basics
CMMI is an internationally recognized process improvement
approach that helps organizations to identify where to focus their
improvement efforts along an evolutionary maturity path from ad
hoc and chaotic to mature disciplined processes.
8.3 Summary
CMMI is owned and supported by the Carnegie Mellon

Software Engineering Institute (SEI). Version 1.0 of the CMM
for Software (SW-CMM) was published in 1991; it was upgraded
to CMM Integration (CMMI) in 2000 and the current version is
Version 1.3, released in November 2010. An important change in
Version 1.3 is the addition of agile.
CMMI integrates traditionally separate organizational functions,
sets process improvement goals and priorities, provides guidance
for quality processes, and provides a point of reference for apprais-
ing current processes. The CMMI models are collections of best
practices that help organizations to improve their processes:
The CMMI for Acquisition (CMMI-ACQ) model provides
guidance on managing the supply chain to meet the needs of
the customer.
The CMMI for Development (CMMI-DEV) model supports
improvements in the effectiveness, effciency, and quality of
product and service development.
The CMMI for Services (CMMI-SVC) model provides
guidance on establishing, managing, and delivering services
8.CMMI
33
that meet the needs of customers and end users.
The People CMM provides guidance on managing and
developing the workforce.
An organization appraises its processes against the CMMI best
practices:
To determine how well its processes compare to CMMI best
practices, and to identify areas where improvement can be made
And/or to inform external customers and suppliers of how
well its processes compare to CMMI best practices
And/or to meet the contractual requirements of one or more
customers
Figure 8.1: CMMI maturity levels
Source: SCI
Organizations can use a staged approach to appraisal to identify
process maturity levels from 1 to 5 (Figure 8.1). They can also
take a more fexible continuous approach to appraisal, measuring
capability maturity in individual process areas. The appraisal
Optimizing
Quantitatively
Managed
Managed
Initial
1
2
5
4
3
Process unpredictable,
poorly controlled, and
reactive
Process measured
and controlled
Focus on continuous
process improvement
Process characterized for
for the organization
and is proactive
Process characterized for
projects and is often
reactive
Dened
8. CMMI
34
results can then be used to plan process improvements for the
organization.
8.4 Target audience
Managers responsible for process improvement programs;
project managers, process improvement specialists, project team
members; appraisals teams.
CMMI applies to teams, work groups, projects, divisions, and
entire organizations.
CMMI works best in combination with Agile, Scrum, ITIL
,
Six Sigma, COBIT
, ISO 9001, RUP
, or Lean,
Provides a common, integrated vision of improvement or
can focus on a specifc process area
Generic descriptions based on industry best practice
Supporting guidance such as roadmaps help to interpret
generic models for specifc circumstances
Constraints:
Aiming for higher maturity levels that will not achieve
increased business benefts
Rigid adherence to a staged approach trying to move every
project in the organization to the next level of maturity can be
costly and time-consuming.
Failing to interpret the generic descriptions appropriately for
the specifc needs of the or ganization.
Offcial website: www.sei.cmu.edu/cmmi/
35
9. COBIT

COBIT
9.2 The basics

Originally designed for auditors to audit the IT organisation,
COBIT 5 (Control Objectives for IT) is about linking business
goals to IT objectives (note the linkage here from vision to
mission to goals to objectives). COBIT 5 (launched April 2012)
provides metrics and maturity models to measure whether or
not the IT organisation has achieved its objectives. Additionally,
COBIT identifes the associated responsibilities of the business
process owners as well as those of the IT process owners.
9.3 Summary
COBIT (originally Control Objectives in IT) is owned and
supported by ISACA. It was released in 1996; the current version
5.0 (April 2012) brings together COBIT 4.1, Val IT 2.0 and Risk
IT frameworks.
The COBIT 5 principles and enablers are generic and useful for
enterprises of all sizes, whether commercial, not-for -proft or in
the public sector (Figure 9.1 and 9.2).
9. COBIT
36
Figure 9.1: The COBIT 5 Principles.
Processes
Organisational
Structures
COBIT 5 ENTERPRISE ENABLERS
RESOURCES
Culture, Ethics
and Behaviour
Principles, Policies and Frameworks
Information
Services
Infrastructure
Applications
People, Skills
and
Competencies
Figure 9.2: The COBIT 5 Enablers
1. Meeting
Stakeholder
Needs
5. Separating
Governance
From
Management
2. Covering the
Enterprise
End-to-end
3. Applying a
Single
Integrated
Framework
4. Enabling a
Holistic
Approach
COBIT 5
Principles
9. COBIT
37
The process reference model defnes and describes in detail a number of
governance, and management processes. It represents all the processes
normally found in an organisation relating to IT activities, thus providing a
common reference model understandable to operational IT, and business
managers, and their auditors/advisors. The process reference model
divides the processes of organisation IT into two domains governance, and
management:
COBIT 5 provides a set of 36 governance and management processes within
the framework.
The governance domain contains fve governance processes; within each
process, evaluate, direct, and monitor practices are defned.
EDM1: set and maintain the governance framework
EDM2: ensure value optimisation
EDM3: ensure risk optimisation
EDM4: ensure resource optimisation
EDM5: ensure stakeholder transparency
The four management domains, in line with the responsibility areas of plan,
build, run, and monitor (PBRM) provide end-to-end coverage of IT
Align, plan, and organise
Build, acquire, and implement
Deliver, service, and support
Monitor, evaluate, and assess
A casual look at the four management domains of COBIT 5 rapidly illustrates
its direct relationship with ITIL.
The align, plan, and organise domain relates to the service strategy and
design phases
The build, acquire, and implement domain relates to the service transition
phase
The deliver, service, and support domain relates to the service operation
phase
And fnally, the monitor, evaluate, and assess domain relates to the
continual service improvement phase
All aspects of COBIT 5 are in line with the responsibility areas of plan, build,
run and monitor. In other words, COBIT 5 follows the PDCA cycle of Plan, Do,
Check, and Act. COBIT has been positioned at a high level, and has
9. COBIT
38
been aligned and harmonised with other, more detailed, IT standards and
proven practices such as COSO2, ITIL3, ISO 27000, CMMI, TOGAF and
PMBOK. COBIT 5 acts as an integrator of these different guidance materials,
summarising key objectives under one umbrella framework that link the proven
practice models with governance and business requirements.
9.4 Target audience
Senior business management, senior IT management and auditors.
COBIT provides an umbrella framework for IT governance
across the whole of an organization. It is mapped to other
frameworks and standards to ensure its completeness of coverage
of the IT management life cycle and support its use in enterprises
using multiple IT-related frameworks and standards.
Some strong points are:
value creation through effective governance, management
enterprise information and technology (IT) assets
Business user satisfaction with IT engagement and services by
enabling business objectives
Compliance with relevant laws, regulations and policies
Constraints:
Treating COBIT as a prescriptive standard when it should be
interpreted as a generic framework to manage IT processes
and internal controls. Key themes from COBIT must be
tailored to the specifc governance needs of the organization.
9. COBIT
39
Lack of commitment from top management without their
leadership and support, the IT control framework will suffer
and business alignment of IT risks will not happen.
Underestimating the cultural change COBIT is not just
about the technical aspects of IT. The organization needs to
have a good understanding of the governance controls for the
IT risks.
Offcial ISACA website: www.isaca.org/
Further information from the IT Governance Institute:
www.itgi.org/cobit and www.itgi.org/valit

40
10. EFQM
EFQM (European Foundation for Quality Management)
Excellence Model
10.2 The basics
The EFQM Excellence Model is a management framework
for helping organizations in their drive towards excellence and
increased competitiveness. The EFQM organization does not
issue certifcates of compliance but runs comprehensive awards
and recognition programs for organizations of all sizes and
sectors.
10.3 Summary
The EFQM Excellence Model was introduced in 1992 as the
framework for assessing organizations for the EFQM Excellence
Award and is now the most widely used organizational
framework in Europe. It is reviewed every three years; the
current version was released in 2010. EFQM, based in Brussels, is
its custodian.
The Model is a non-prescriptive framework based on nine key
criteria (Figure 10.1). . Five criteria are Enablers (Leadership,
Policy and Strategy, People, Partnership and Resources and
Processes) and four are Results (Customer Results, People
Results, Society Results and Key Performance Results). The
Enabler criteria cover what an organization does; the Results
criteria cover what an organization achieves.
10. EFQM
41
Figure 10.1: The EFQM Excellence Model (Source: EFQM.org)
The EFQM Models nine boxes represent the criteria against
which to assess an organizations progress towards excellence.
At the heart of the Model lies the logic known as RADAR,
which consists of four elements: Results, Approach, Deployment,
Assessment and Review. These elements emulate and complete
the basic elements of Demings Plan, Do, Check, Act cycle by
adding specifc details that are more comprehensive.
The Model is based on the premise that excellent results in
Performance, Customers, People and Society are achieved
through Leadership driving Policy and Strategy, which is
delivered through People, Partnerships and Resources. It is
used as a basis for self-assessment, an exercise in which an
organization grades itself against the nine criteria. This exercise
helps organizations to identify current strengths and areas for
improvement against strategic goals. This gap analysis then
facilitates defnition and prioritization of improvement plans to
achieve sustainable growth and enhanced performance.
Enablers
Leadership People
Strategy
Partnerships &
Resources
Processes,
Product &
Services
People Results
Customer Results
Society Results
Key Results
Results
Learning, Creativity and Innovation
10. EFQM
42
10.4 Target audience
People who are coordinating or leading improvement or change
programs; people who are providing training, coaching or
consultancy in EFQM
The EFQM Excellence Model has an enterprise-wide scope. It
takes a holistic view to enable organizations, regardless of size or
sector to:
Assess where they are, helping them to understand their key
strengths and potential gaps in performance
Provide a common vocabulary and way of thinking about the
organization that facilitates the effective communication of
ideas, both within and outside the organization.
Integrate existing and planned initiatives, removing
duplication and identifying gaps.
Strengths:
It provides a holistic framework that systematically addresses
a thorough range of organizational quality issues and also
pays attention to impacts through the Results criteria.
It provides a clear diagnosis of an organizations activities and
is useful for planning as it links what an organization does and
what results it achieves, highlighting how they are achieved.
The Model is relatively diffcult to implement. It generates
benefts over a longer period of time; an overall organizational
strategy on excellence needs to be adopted in order to achieve
the benefts.
10. EFQM
43
Offcial EFQM website: www.efqm.org
Other useful websites:
www.ink.nl (dutch institute for quality management; runs similar
schemes like EFQM).
www.quality.nist.gov (US National Institute of Standards and
Technology).
44
11. eSCM-CL
eSCM-CL (The eSourcing Capability Model for Client
Organizations)
11.2 The basics
eSCM-CL is a best practices capability model for client
organizations seeking to improve their capabilities and
relationships when sourcing IT-enabled services; it complements
the eSCM-SP for service providers.
11.3 Summary
eSCM-CL is owned and supported by ITSqc, a spin-off from
Carnegie Mellon University. Version 1.0 was released in 2006;
the current version is version 1.11 (2010). The model has two
purposes: to give client organizations guidance that will help
them improve their capability across the sourcing life-cycle,
and to provide client organizations with an objective means
of evaluating their sourcing capability. It is organized into
Capability Areas covering major areas of sourcing expertise, with
95 Practices that address the critical capabilities needed by clients
of IT-enabled services. Each Practice is arranged along three
dimensions: Sourcing Life-cycle, Capability Area, and Capability
Level. The Sourcing Life-cycle is divided into Analysis,
Initiation, Delivery, and Completion, plus Ongoing, which
spans the entire Sourcing Lifecycle. The seventeen Capability
Areas are logical groupings of Practices that help users to
remember and intellectually manage the content of the Model.
The fve Capability Levels, numbered 1 through 5, describe an
improvement path that progresses from a limited capability to
11. eSCM-CL
45
perform sourcing up to the highest level of sustaining excellence
over time in the client organizations sourcing activities.
Client organizations who procure or source IT-enabled services,
eSCM-CL relates to IT-enabled services. It addresses a full
range of client-organization tasks, ranging from developing
the organizations sourcing strategy, planning for sourcing and
service provider selection, initiating an agreement with service
providers, managing service delivery, and completing the
agreement. Organizations can be certifed to the eSCM-CL.
Strengths
eSCM is twofold: eSCM-CL for Clients and eSCM-SP for Service
Providers. These two models are consistent, symmetrical and
complementary for each side of the client-provider relationship
and this is the strength and the uniqueness of this model. Both
models have been used to ensure alignment of processes to
build stronger partnership relationships, focus on the primary
objectives of the sourcing initiative and sourcing strategy,
whether outsourcing, insourcing or shared services.
Constraints
Fails to defne the client organization structure; rather
provides guidance to develop the sourcing functions and its
workforce
Emphasis on innovation is present; but assumes that stabilized
relationships and governance of service provision come frst
(i.e., tactical frst, strategic later).
11. eSCM-CL
46
Provides requirements (i.e., Practices) for establishing
sourcing processes, rather than providing sourcing processes
as is done by other Frameworks, such as ITIL.
Offcial ITSqc website: www.itsqc.org
eSCM-CL Model: www.vanharen-library.net/9789087535599
47
12. eSCM-SP
eSCM-SP (The eSourcing Capability Model for Service Providers)
12.2 The basics
eSCM-SP is a best practices capability model for service
providers in IT-enabled sourcing, which can be used as both
an improvement roadmap and as a certifcation standard; it
complements eSCM-CL for clients.
12.3 Summary
eSCM-SP is owned and supported by ITSqc, a spin-off from
Carnegie Mellon University. Version 1.0 was released in 2001;
the current version is version 2.02 (2009). The model has three
purposes: to give service providers guidance that will help them
improve their capability across the sourcing life-cycle, to provide
clients with an objective means of evaluating the capability of
service providers, and to offer service providers a standard to use
when differentiating themselves from competitors.
Each of the Models 84 Practices is distributed along three
dimensions: Sourcing Life-cycle, Capability Area, and Capability
Level. Capability Areas provide logical groupings of Practices
to help users better remember and intellectually manage
the content of the Model. Service providers can then build
or demonstrate capabilities in a particular critical-sourcing
function. The ten Capability Areas are Knowledge Management,
People Management, Performance Management, Relationship
Management, Technology Management, Threat Management,
Service Transfer, Contracting, Service Design & Deployment,
and Service Delivery.
12. eSCM-SP
48
The fve eSCM-SP Capability Levels indicate the level of an
organizations capability. Level 1 indicates that the organization
is providing a service. A Level 2 organization has procedures in
place to enable it to consistently meet its clients requirements.
At Level 3, an organization is able to manage its performance
consistently across engagements. Level 4 requires that an
organization is able to add value to its services through
innovation. Service providers at Level 5 have proven that they
can sustain excellence over a period of at least two years, and has
demonstrated this through successive certifcations..
Providers of IT-enabled services and their clients; regardless of
whether the service provider is an in-house provider, a shared
services unit, or an outsourced or offshore service provider.
The guidance provided in the eSCM-SP can be applied by
providers of IT-enabled services in almost all market sectors and
service areas. The eSCM-SP has been designed to complement
existing quality models.
Strengths
Most quality models focus only on design and delivery
capabilities: the eSCM-SPs Sourcing Lifecycle includes Delivery,
and also Initiation and Completion of the contract. The two
phases are often the ones most critical to successful sourcing
relationships. The Sourcing Lifecycle also includes Overall
Practices, which span these Lifecycle phases. eSCM is twofold:
eSCM-CL for Clients and eSCM-SP for Service Providers. These
two models are consistent, symmetrical and complementary
for each side of the client-provider relationship and this is the
12. eSCM-SP
49
strength and the uniqueness of this model. Both models have
been used to ensure alignment of processes to build stronger
partnerships.
Constraints
Failing to defne exact measures to be collected; the eSM-SP
requires that organizations defne the measures that they wish
to collect to manage their service delivery and relationships.
Provides requirements (i.e., Practices) for establishing service
management processes, rather than providing processes as is
done by other Frameworks, such as ITIL.
Offcial ITSqc website: www.itsqc.org
eSCM-SP Model: www.vanharen-library.net/9789087535612
50
13. Frameworx
Frameworx
13.2 The basics
The Frameworx suite of standards enables service providers to
assess and improve business performance by using a service-
oriented approach to operations and integration.
13.3 Summary
Frameworx is owned and supported by TM Forum. It is a mature
standard (1998) that is updated regularly in line with evolving
business need. The current version is 11.5 (November 2011).
Frameworx enables a service-oriented, highly automated and
effcient approach to running a service providers business
through four components (Figure 13.1).
Business Process Framework (eTOM) provides a
comprehensive, industry-agreed, multi-layered view of the
key business processes a service provider requires to run its
business.
Information Framework (SID) provides a comprehensive,
industry-agreed defnition for information that fows through
the enterprise and between service providers and their
business partners.
Application Framework (TAM) provides a model for
grouping processes and their associated information into
recognizable applications. It provides a common language
and identifcation system between buyer and supplier for all
application areas.
13. Frameworx
51
Integration Framework defnes how the processes and
information behind these systems can be automated by
defning standardized Service Oriented Architecture (SOA)-
based interfaces called Business Services (formerly called
NGOSS Contracts).
Figure 13.1: Frameworx components
Source: TM Forum
Service providers; enterprise architects
Frameworx is applicable to any service provider organization.
I
n
t
e
g
r
a
t
e
d

B
u
sines
s
A
r
c
h
i
t
e
c
t
u
r
e
B
u
s
i
n
e
s
s

P
r
o
c
e
s
s

F
r
a
m
e
w
o
r
k
I
n
f
o
r
m
a
t
i
o
n

F
r
a
m
e
w
o
r
k
A
p
p
l
i
c
a
tio
n Framew
o
r
k
Integration
Framework
13. Frameworx
52
Frameworx aligns with Enterprise Architecture best practice
such as Service Oriented Architecture (SOA) and TOGAF; it
also aligns with COBIT and ITIL.
Strengths
Better understanding of customers through a common
customer management information model
Innovation and reduced time-to-market with streamlined end-
to-end service management
Reduced operating costs by enabling highly effcient,
automated, industry standard operations
Constraints
The wrong lead architect a chief architect who is an
ineffective leader will derail the initiative.
Focusing on the technical domain, or on individual
architecture boxes only integration and interoperability
standards are high priorities for enterprise architecture.
13.6 Relevant li nks (web links)
Offcial TM Forum website:www.tmforum.org/
TMForumFrameworx/1911/home.html
53
14. ICB

ICB
IPMA Competence Baseline

14.2 The basics
The IPMA Competence Baseline (ICB) is the competence
standard for project management, and is not restricted to any
corporate sector; the Dutch version of the ICB is called the
Nederlandse Competentie Baseline (NCB).
14.3 Summary
The International Project Management Association (IPMA) is a
leading worldwide not-for-proft project management association
with 55 member associations. IPMA published the frst offcial
version of the ICB (version 2.0) in 1999, with a small modifcation
in 2001. Version 3 was published in 2007.
A central concept is the eye of competence (Figure 14.1),
which represents the integration of all competencies of project
management as seen through the eye of the project manager
when evaluating a specifc situation. The eye represents also
clarity and vision. After processing the information received, the
competent and responsible professional in project management
takes appropriate action.
The ICB defnes 46 competence elements covering the technical
competence for project management (twenty elements), the
professional behavior of project management personnel (ffteen
elements) and the relationships with the context of the projects,
programs and portfolios (eleven elements). Each competence
14. ICB
54
element consists of a title, a description of the content, a list of
possible process steps and experience criteria required for each
IPMA level.
Figure 14.1: IPMA eye of competence
The ICB does not recommend or include specifc methodologies,
methods or tools. The subject areas are described together with
methods for determining tasks and, where they illustrate the
latter well, some examples of methods. Methods and tools may be
defned by the organization. The project manager should choose
appropriate methods and tools for a practical project situation.
IPMA offers a Four Level Certifcation program based on the
IPMA Competence Baseline (ICB):
IPMA Level-A
(Certifed Projects Director),

IPMA Level-B
(Certifed Program Manager or Certifed

Senior Project Manager)
IPMA Level-C
(Certifed Project Manager)

IPMA Level-D
(Certifed Project Management)

contextual
competences
technical
competences
behavioural
competences
14. ICB
55
The primary target audience consists of project, program and
portfolio personnel as well as general managers, who play a
role in directing them in project oriented organizations. The
secondary target audience consists of certifcation assessors, HR.
managers and trainers.
The ICB and the four-level certifcation are not about metho-
dologies or techniques, but about determining how competent
project managers are. The ICB is a competence baseline. Besides
the basic terms it only names some tasks, practices etc., and does
not describe these tasks, practices, etc. in detail.
The strength of the ICB is that it describes all the competences
together with the behavioral and contextual competences
expected from project managers and their staff. The ICB also
describes the different levels of competences for less and more
experienced project managers. None of the other frameworks
or methods for project management does this. The ICB
framework is therefore most suitable as a reference model for the
development and assessment of individual project managers.
14.6 Relevant links (web li nks)
Offcial IPMA website: www.ipma.ch
56
15. ISO 9001
ISO 9001:2008 Quality management systems Requirements
15.2 The basics
ISO 9001 is part of the ISO 9000 family of standards, and
represents an international consensus on good quality
management practices. It consists of standards and guidelines
relating to quality management systems and related supporting
standards. General guidance on the fundamentals of Quality
management systems can be found in the publication ISO
9000:2005 Fundamentals and vocabulary.
15.3 Summary
ISO 9001, owned and maintained by the International Standards
Organization (ISO) was frst published in 1987, based on
British Standards Institute (BSI) BS5750 series. ISO 9001:2000
combined the three standards9001, 9002, and 9003into one,
called 9001. The current version is ISO 9001:2008/Cor 1:2009.
TheISO 9000family addressesQuality management. This
means what the organization does to fulfll the customers quality
requirements, and applicable regulatory requirements, while
aiming to enhance customer satisfaction, and achieve continual
improvement of its performance in pursuit of these objectives.
ISO 9000:2000 has four major generic business processes
covering:
The management of resources
The quality of the product
15. ISO 9001
57
The maintenance of quality records
The requirement for continual improvement.
ISO 9001:2008 is the standard that provides a set of standardized
requirements for a quality management system, regardless
of what the user organization does, its size, or whether it is
in the private, or public sector. It is the only standard in the
family against which organizations can be certifed although
certifcation is not a compulsory requirement of the standard.
ISO 9001:2008 lays down what requirements a quality system
must meet, but does not dictate how they should be met in any
particular organization. This leaves great scope and fexibility
for implementation in different business sectors and business
cultures, as well as in different national cultures.
The other standards in the family cover specifc aspects such
as fundamentals and vocabulary, performance improvements,
documentation, training, and fnancial and economic aspects.
The quality management system standards of the ISO 9000:2000
and ISO 9000:2008 series are based on eight quality management
principles: customer focus, leadership, involvement of people,
process approach, system approach to management, continual
improvement, factual approach to decision making and mutually
benefcial supplier relationships. These principles can be used by
senior management as a framework to guide their organizations
towards improved performance.
Managers in any organization that needs to demonstrate that
it has consistent quality processes in place to meet customer
expectations; auditors
15. ISO 9001
58
ISO 9001 deals with the fundamentals of quality management
systems and with the requirements that organizations wishing
to meet the standard have to fulfll. The ISO 9001 standard is
generalized and abstract; its parts must be carefully interpreted
to make sense within a particular organization. Because they are
business management guidelines, the ISO 9001 guidelines can be
applied to a very diverse range of organizations.
A strong point of ISO 9001 is that it provides a single quality
management requirements standard that is applicable to all
organizations, products and services.
Constraints:
The process can be costly and gaining accreditation may be
time-consuming.
Offcial ISO website: www.iso.org
59
16. ISO 14000
ISO 14000 family of environmental management standards
16.2 The basics
TheISO 14000family addresses environmental management;
this describes what an organization undertakes to minimize
harmful effects on the environment caused by its activities,
and to achieve continual improvement of its environmental
performance.
Standards in this series comprise:
ISO 14001:2004 Environmental management systems
Requirements with guidance for use
ISO 14004:2004 Environmental management systems
General guidelines on principles, systems and support
techniques
16.3 Summary
ISO 14000 series is owned and maintained by ISO (International
Organization for Standardization). It is a series of international,
voluntary environmental management standards, guides and
technical reports. The frst two standards, ISO 14001:2004 and
ISO 14004:2004 deal with environmental management systems
(EMS). ISO 14001:2004 provides the requirements for an EMS
and ISO 14004:2004 gives general EMS guidelines.
The other standards and guidelines in the family address
specifc environmental aspects, including: labeling, performance
evaluation, life cycle analysis, communication and auditing.
16. ISO 14000
60
ISO 14001:2004 does not specify levels of environmental
performance. If it specifed levels of environmental performance,
they would have to be specifc to each business activity and this
would require a specifc EMS standard for each business.
ISO has many other standards dealing with specifc
environmental issues. The intention of ISO 14001:2004 is to
provide a framework for a holistic, strategic approach to the
organizations environmental policy, plans and actions.
ISO 14001:2004 gives the generic requirements for an
environmental management system. The underlying philosophy is
that whatever the organizations activity, the requirements of an
effective EMS are the same.
The EMS standards
ISO 14004:2004 provides guidelines on the elements of an
environmental management system and its implementation,
and discusses principal issues involved.
ISO 14001:2004 specifes the requirements for such an
environmental management system. Fulflling these
requirements demands objective evidence which can be
audited to demonstrate that the environmental management
system is operating effectively in conformity to the standard.
An EMS meeting the requirements of ISO 14001:2004 is a
management tool enabling an organization of any size or type to:
identify and control the environmental impact of its activities,
products or services, and to
improve its environmental performance continually, and to
16. ISO 14000
61
implement a systematic approach to setting environmental
objectives and targets, to achieving these and to
demonstrating that they have been achieved.
The target audience is any organization that needs to provide
assurance on environmental issues to internal and external
stakeholders that it is in control of the organizational processes
and activities having an impact on the environment and that it is
an environmentally responsible organization
The ISO 14000 standards address the needs of organizations
worldwide by providing a common framework for managing
environmental issues.
The generic approach helps to establish a common reference
for communicating about environmental management issues
between organizations and their customers, regulators, the
public and other stakeholders.
Because ISO 14001:2004 does not lay down levels of
environmental performance, the standard can be implemented
by a wide variety of organizations, whatever their current level
of environmental maturity.
62
17. ISO/IEC 15504
ISO/IEC 15504 series (SPICE)
17.2 The basics
The ISO/IEC 15504 standard for Information technology, also
known as SPICE (Software Process Improvement and Capability
Determination) describes a generic framework for process
assessment. ISO/IEC 15504 comprises a number of documents
(known as Parts). The following parts are available as of January
2012:
Information technology Process assessment
ISO/IEC 15504-1:2004 Part 1: Concepts and vocabulary
ISO/IEC 15504-2:2003 Part 2: Performing an assessment
ISO/IEC 15504-3:2004 Part 3: Guidance on performing an
assessment
ISO/IEC 15504-4:2004 Part 4: Guidance on use for process
improvement and process capability determination
ISO/IEC 15504-5:2012 Part 5: An exemplar software life
cycle process assessment model
ISO/IEC TR 15504-6:2008 Part 6: An exemplar system life
cycle process assessment model
ISO/IEC TR 15504-7:2008 Part 7: Assessment of
organizational maturity
ISO/IEC TS 15504-9:2011 Part 9: Target process profles
ISO/IEC TS 15504-10:2011 Part 10: Safety extension
17. ISO/IEC 15504
63
17.3 Summary
A working group was formed in 1993 to draft the international
standard and used the acronym SPICE: Software Process
Improvement and Capability Determination. The subsequent
standard, ISO/IEC 15504, is owned by the International
Standards Organization (ISO) and the International Electro
technical Commission (IEC)
The frst versions of the standard focused exclusively on
software development processes. This was expanded to cover
all related processes in a software business, for example, project
management, confguration management, quality assurance,
and so on. In a major revision to the draft standard in 2004, the
process reference model (Part 2) was removed and is now related
to ISO/IEC 12207 (Software Lifecycle Processes).The issued
standard now specifes the measurement framework and can
use different process reference models. The processes cover six
business areas:
Organization;
Management;
Engineering;
Acquisition and supply;
Support;
Operations.
The standard is often compared to CMMI. They are similar in
many aspects, but there are some signifcant differences:
Several processes in ISO/IEC 15504 have no direct equivalent
in CMMI (Operation, Audit, Management, Infrastructure and
Reuse)
17. ISO/IEC 15504
64
Organizational capability is explicitly described in CMMI
in terms of maturity levels, whereas ISO/IEC 15504 offers a
continuous representation in which organizational maturity is
implicit in the processes
Quality managers, IT assessors, IT auditors and IT consultants
The scope comprises software development processes and all
related processes in a software business.
Strengths:
ISO/IEC 15504 is publicly available through National
Standards Bodies;
It has the support of the international community;
More than 4000 assessments have been performed to date;
Major sectors are leading the pace such as automotive, space
and medical systems with industry relevant variants;
Domain-specifc models like Automotive SPICE and SPICE 4
SPACE can be derived from it;
There have been many international initiatives to support
take-up such as SPICE for small companies.
Constraints:
ISO/IEC 15504 has not yet been as successful as the CMMI.
There may be several reasons for this to be the case:
ISO/IEC 15504 is not available as free download but must be
purchased from the International Standards Organization
(ISO) website;
17. ISO/IEC 15504
65
CMM and CMMI are available as free downloads from the
Software Engineering Institute (SEI) website;
CMMI is actively sponsored (by the US Department of
Defense);
CMM was created frst, and reached critical market share
before ISO 15504 became available;
CMM has subsequently been replaced by CMMI, which
incorporates many of the ideas of ISO/IEC 15504, but also
retains the benefts of the CMM.
17. 6 Relevant links (web links)
More information is found at the International Standards
Organization (ISO) and SPICE User Group websites.
http://www.iso.org
www.spiceusergroup.org/
66
18. ISO/IEC 27000
series
ISO/IEC 27000 series: Information technology Security
techniques
18.2 The basics
ISO / IEC 27000 are a series of information security standards
developed and published by ISO and IEC; these standards
provide a globally recognized framework for best practice in
information security management.
18.3 Summary
ISO/IEC 27000 is owned by the International Standards
Organization (ISO) and the International Electro technical
Commission (IEC). ISO 27001 is a specifcation that sets out
specifc requirements, all of which must be followed, and against
which an organizations Information Security Management
System (ISMS) can be audited and certifed. All the other
Standards in the ISO 27000 family are Codes of Practice;
these provide non-mandatory best practice guidelines which
organizations may follow, in whole or in part, at their own
discretion.
Key concepts that govern the standards are:

Organizations are encouraged to assess their own information
security risks
Organizations should implement appropriate information
security controls according to their needs
Guidance should be taken from the relevant standards
18. ISO/IEC 27000 series
67
Implement continuous feedback and use of the Plan, Do,
Check, Act model
Continually assess changes in threat and risk to information
security issues.
The 27000 standards family Information technology Security
techniques Information security management systems
ISO/IEC 27000:2009 Overview and vocabulary
ISO/IEC 27001:2005 Requirements
ISO/IEC 27002:2005 Code of practice for information
security management
ISO/IEC 27003:2010 Information security management
system implementation guidance
ISO/IEC 27004:2009 Measurement
ISO/IEC 27005:2011 Information security risk management
ISO/IEC 27006:2011 Requirements for bodies providing
audit and certifcation of information security management
systems
ISO/IEC 27007:2011 Guidelines for information security
management systems auditing
ISO/IEC TR 27008:2011 Guidelines for auditors on
information security controls
ISO/IEC 27010:2012 Information security management for
inter-sector and inter-organizational communications
ISO/IEC 27011:2008 Information security management
guidelines for telecommunications organizations based on
ISO/IEC 27002
All roles responsible for IT security management in an
organization; IT security management professionals; auditors
18. ISO/IEC 27000 series
68
The family of ISO/IEC 27000 standards is broad in scope: they
are applicable to any organization, in any sector, of any size.
Strengths
By aligning itself with an ISO / IEC Standard, an organization
can:
Secure its own critical assets
Manage levels of risks
Improve and ensure customer confdence
Avoid loss of brand damage, loss of earnings or potential fnes
Evolve their information security alongside technological
developments
Constraints
Few organizations wish to formally state the scope of their
ISMS or document their risk assessment method and risk
acceptance criteria in accordance with the standard.
Many organizations lack formal procedures for reporting
security events, and mechanisms to quantify and monitor
incidents.
Business continuity plans are often either absent or outdated,
while continuity exercises are irregular and unrealistic
18. 6 Relevant links (web links)
69
19. ISO 31000
ISO 31000:2009
19.2 The basics
ISO 31000:2009 comprises principles, a framework and a process
for the management of risk that is applicable to any type of
organization in the public or private sector.
19.3 Summary
ISO 31000:2009 provides guidance on the implementation of risk
management. It was frst published as a standard in November
2009, and is owned by the International Standards Organization
(ISO). The ISO 31000 family includes:
ISO 31000:2009; Principles and Guidelines on
Implementation
ISO/IEC 31010:2009; Risk Management - Risk Assessment
Techniques
ISO Guide 73:2009; Risk Management - Vocabulary
ISO 31000 provides generic guidelines for the design, implemen-
tation and maintenance of risk management processes through-
out an organization. The scope of this approach to risk manage-
ment is to enable all strategic, management and operational tasks
of an organization throughout projects, functions, and processes
to be aligned to a common set of risk management objectives.
ISO 31000:2009 comprises three building blocks (Figure 19.1).
The First Building Block, the Risk Management Infrastructure,
states that risk management should contain the following
principles:
19. ISO 31000
70
Creates value
Integral part of organizational processes
Part of decision-making
Explicitly addresses uncertainty
Systematic, structured and timely
Based on the best available information
Tailored to the organization
Takes human and cultural factors into account
Transparent and inclusive
Dynamic, iterative and responsive to change
Facilitates continual improvement of the organization
The Second Building Block, the Risk Management Framework,
is about creating the right risk framework through management
commitment. Once commitment is established, there is a cycle of
actions that include the following steps:
1. Design
2. Implementation
3. Monitoring and review
4. Continual improvement
The Third Building Block, the Risk Management Process, was
originally adopted from the standard AS/NZS 4360:2004, which
assures that communication and monitoring is done throughout
the process.
Business managers, risk management offcers, CIOs, information
security offcer
19. ISO 31000
71
Figure 19.1: Three building blocks of ISO 31000:2009
ISO 31000:2009 can be applied throughout the life of an
organization, and to a wide range of activities, including
strategies and decisions, operations, processes, functions,
projects, products, services and assets. It can be applied to any
type of risk, whatever its nature, whether having positive or
negative consequences.
ISO 31000:2009 is a concise and well-written standard that
refects current international thinking. This is a very positive
development in the risk management standards landscape.
However, a constraint might be that it still has to prove itself. At
the present date, there are not many actual implementations in
organizations.
19.6 Relevant lin ks (web links)
Mandate & commitment
Design of framework for
managing risk
Continual improvement of the
framework
Implementing risk
management
Monitoring and review of the
framework
Risk
Management
Process
Risk
Management
Framework/
Governance
Risk Management
Infrastructure
72
20. ISO 38500
ISO/IEC 38500:2008 Corporate governance of information
technology
20.2 The basics
ISO/IEC 38500:2008 provides guiding principles for directors
of organizations (including owners, board members, directors,
partners, senior executives, or similar) on the effective, effcient,
and acceptable use of IT within their organizations.
20.3 Summary
ISO/IEC 38500:2008 is owned by the International Standards
Commission (IEC). The standard helps to clarify IT governance
from the top down by describing it as the means of directors
demonstrating to all stakeholders and compliance bodies their
effective stewardship over IT resources by ensuring that an
appropriate governance and security framework exists for all IT
activities by covering the following principles
The principles are:
Responsibility - Employees know their responsibilities both
in terms of demand and supply of IT and have the authority to
meet them.
Strategy - Business strategies should be aligned with IT
possibilities, and all IT within an organization should support
the business strategies.
Acquisition - all IT investments must be made on the basis
of a business case with regular monitoring in place to assess
whether the assumptions still hold.
20. ISO 38500
73
Performance - the performance of IT systems should lead to
business benefts and therefore it is necessary that IT supports
the business properly.
Conformance - IT systems should help to ensure that business
processes comply with legislation and regulations; IT itself
must also comply with legal requirements and agreed internal
rules.
Human behavior - IT policies, practices and decisions respects
human behavior and acknowledges the needs of all the people
in the process.
The standard consists of three parts: Scope, Framework and
Guidance.
Senior managers; members of groups monitoring the resources
within the organization; external business or technical specialists,
such as legal or accounting specialists, retail associations,
or professional bodies; vendors of hardware, software,
communications and other IT products; internal and external
service providers (including consultants); IT auditors.
ISO/IEC 38500:2008 applies to the governance of management
processes (and decisions) relating to the information and
communication services used by an organization. These
processes could be controlled by IT specialists within the
organization or external service providers, or by business units
within the organization. The standard is applicable in all types of
private and public and not-for-proft organizations independent of
their size and form and regardless of the extent of their use of IT.
20. ISO 38500
74
Strengths
The primary advantage of the ISO/IEC 38500:2008 IT
governance framework is to ensure that accountability is clearly
assigned for all IT risks and activities. This specifcally includes
assigning and monitoring IT security responsibilities, strategies
and behaviors so that appropriate measures and mechanisms
are established for reporting and responding on the current
and planned use of IT - for example, meeting the latest data
protection requirements for encryption of all portable devices
such as laptops and memory sticks used to store and transmit
personal data.
Constraints
Outsourcing: some requirements are so specifc to the
managers of IT that they cannot be imposed on the managers
of the company if their IT is outsourced. In cases such as
these, requirements will need to be secured in the contract
with the supplier of IT services.
Applying the standard in isolation: ISO 38500 is not one size
fts all. It does not replace COBIT, ITIL, or other standards
or frameworks, but, rather, it complements them by providing
a demand-side-of-IT-use focus.
20.6 Relevant links (we b links)
75
21. ISO/IEC 20000
ISO/IEC 20000-1: 2011
21.2 The basics
ISO/IEC 20000-1:2011 is a service management system (SMS)
standard, which specifes requirements for the service provider
to plan, establish, implement, operate, monitor, review, maintain
and improve an SMS. This standard consists of several parts.
21.3 Summary
ISO/IEC 20000 is owned by the International Standards
Commission (IEC). It is the international IT Service
Management standard that enables IT organizations (whether
in-house, outsourced or external) to ensure that their IT service
management processes are aligned both with the needs of the
business and with international best practice. It is based on, and
replaces, BS15000, which has now been withdrawn.
ISO/IEC 20000 helps organizations benchmark how they deliver

managed services, measure service levels and assess their
performance. It is broadly aligned with, and draws strongly on,
ITIL
The standard has two main parts, both with the general title
Information technology - Service management, which enables IT
service providers to identify how to enhance the quality of service
they deliver to their customers, both internal and external:
Part 1: Specifcation (ISO/IEC 20000-1:2011) provides
requirements for IT service management and is relevant to
21. ISO/IEC 20000
76
those responsible for initiating, implementing or maintaining
IT service management in their organization.
Part 2: Code of practice (ISO/IEC 20000-2:2005) represents
an industry consensus on guidance to auditors and assistance
to service providers planning service improvements or to be
audited against ISO/IEC 20000-1:2011.
The other parts provide additional guidance on a more detailed
level for specifc areas like: scope defnition and applicability
of ISO/IEC 20000-1 (part 3), Process reference model (part 4),
Exemplar implementation plan for ISO/IEC 20000-1 (part 5).
ISO 20000 uses the process-based approach of other management
system standards such ISO 27001:2005, ISO 9001:2008 and ISO
14001:2004, including the Plan-Do-Check-Act (PDCA) cycle and
requirement for continual improvement.
Organizations can have their IT service management systems

independently certifed as conforming to the requirements of
ISO/IEC 20000-1:2011.
ISO 20000-3 provides essential information on writing a scope
for a service management system (SMS) as well as providing
information on implementing an ISO/IEC 20000-1 SMS.
IT service providers; internal IT units; auditors
ISO/IEC 20000 is appropriate to IT service provider
organizations. It is suitable for all industry sectors and to all sizes
of organization except the very smallest (where a wide ranging
ISO 9000 certication is more appropriate).
21. ISO/IEC 20000
77
The traditional use of a formal standard is to achieve formal
certication; it is also helpful as a benchmark and guide to
implementing best practice processes. The inherent nature of
its unambiguously expressed requirements allows meaningful
period- by-period comparisons, which can deliver a measure
of improvement in a service providers processes. ISO 20000
can assist an organization in benchmarking its IT service
management, improving its services, demonstrating an ability
to meet customer requirements and create a framework for an
independent assessment.
Constraints
To achieve wide and comprehensive coverage, the standard
addresses only the generically valid core elements of the service
management processes; it can never describe the full set of
processes/procedures that an individual service provider will
require to deliver effective and efcient, customer-focused
services.
21.6 Relevant links (web link s)
78
22. ITIL
2011
ITIL
2011 edition
22.2 The basics
ITIL
is the most widely accepted approach to IT service

management in the world; it focuses on aligning IT services with
the needs of the business.
22.3 Summary
ITIL was created in the 1980s by the UK governments
CCTA (Central Computer and Telecommunications Agency)
with the objective of ensuring better use of IT services and
resources. ITIL is now owned by the Cabinet Offce, part of HM
Government; the current version is ITIL 2011 (published July
2011), which updates ITIL v3.
ITIL advocates that IT servicesmust be aligned to the needs
of the business and underpin the corebusiness processes.It
provides guidance to organizations on how touse ITas a tool
to facilitate businesschange, transformation and growth. The
ITIL best practices are described in fvecore guides that map the
entire ITIL Service Lifecycle (Figure 22.1).
Service Strategy understanding who the IT customers
are, the service offerings to meet their needs, and the IT
capabilities and resource to deliver the services
Service Design - assures that new and changed services are
designed effectively to meet customer expectations, including
the technology, architecture and processes that will be required
22. ITIL

2011
79
Figure 22.1: The ITIL service lifecycle
Source: the Cabinet Offce
Service Transition - the service design is built, tested and
moved into production to assure that the business customer
can achieve the desired value
Service Operation - delivers the service on an ongoing basis,
including managing disruptions to service and supporting
end-users
Continual Service Improvement - measures and improves
the service levels, the technology and the effciency and
Continual Service
Improvement
Service
Design
Service
Strategies
Service
Operation
Service
Transition
C
o
n
t
i
n
u
a
l

S
e
r
v
i
c
e
I
m
p
r
o
v
e
m
e
n
t
C
o
n
t
i
n
u
a
l

S
e
r
v
i
c
e
I
m
p
r
o
v
e
m
e
n
t
ITIL
Governance Methods
K
n
o
w
l
e
d
g
e

&

S
k
i
l
l
s
S
p
e
c
i
a
l
i
t
y

T
o
p
i
c
s
S
t
a
n
d
a
r
d
s

A
l
i
g
n
m
e
n
t
C
a
s
e

S
t
u
d
i
e
s
T
e
m
p
l
a
t
e
s
S
c
a
l
a
b
i
l
i
t
y
Q
u
ic
k
W
in
s Q
u
a
lif
c
a
tio
n
s
S
t
u
d
y

A
i
d
s
E
x
e
c
u
t
i
v
e

I
n
t
r
o
d
u
c
t
i
o
n
22. ITIL

2011
80
effectiveness or processes. It incorporates many of the same
concepts articulated in the Deming Cycle of Plan-Do-
Check-Act
IT service providers and IT professionals in a wide range of roles
IT Service Management lifecycle from service strategy through
design,transition, live operation and continuous improvement.
Used in organizations large and small, across many different
sectors worldwide.
Supported by quality services from a wide range of providers
including examination institutes, accredited training providers
and consultancies, software and tool vendors.
The updated guidance refects the latest international standards
relating to service management, including the 2011 edition of
ISO/IEC 20000.
Strengths
Universally accepted as the good practice guidance for IT
Service Management, with process and service focus
Supported by a vast community of ITIL practitioners,
gathered around itSMF (IT Service Management Forum)
22. ITIL

2011
81
Constraints
When implementing ITIL-based IT Service Management
processes in an IT provider organization, the most common
pitfalls are:
Narrow focus on the IT Units technology and process
perspectives to gain incremental improvements (the
organization should be embarking on a radical transformation
journey to run IT as a business)
Failing to do an assessment before implementing ITIL
practices (identifying how the current organization structure
compares to the ITIL framework and the changes to the
organization and its culture that will be needed)
Short term expectations (it is not a quick fx, achieved with
just a handful of personnel trained and the purchase of some
ITIL tools).
Offcial ITIL website: www.itil-offcialsite.com
82
23. Lean management
Lean management
23.2 The basics
Lean is a business model and collection of methods that aim
to achieve customer value through helping to eliminate waste
while delivering quality products on time and at least cost; lean
management embodies these principles.
23.3 Summary
Lean manufacturing is a management philosophy derived mostly
from the Toyota Production System (TPS) The principles of lean
have been widely disseminated in the international best-seller
book called The Machine That Changed the World, co-authored
by Womack, Jones, and Roos, which was published in 1990. There
is no formal methodology; lean knowledge-sharing is enabled by
the Lean Enterprise Institute and Lean Global Network, not-for-
proft organizations whose aim is to accelerate the diffusion of
lean knowledge.
Lean focuses on maximizing customer value while minimizing
waste. It means creating more value for customers with fewer
resources. A lean organization understands customer value and
focuses its key processes to continuously increase it. The ultimate
goal is to provide perfect value to the customer through a perfect
value creation process that has zero waste.
To accomplish this, lean thinking changes the focus of
management from optimizing separate technologies, assets,
23. Lean management
83
and vertical departments to optimizing the fow of products
and services through entire value streams that fow horizontally
across technologies, assets, and departments to customers.
Lean IT is the extension of lean manufacturing and lean services
principles to the development and management of information
technology (IT) products and services. Its central concern,
applied in the context of IT, is the elimination of waste, where
waste is work that adds no value to a product or service.
Lean management is very much about asking the right questions
rather than providing the right answers.
A fve-step thought process guides the implementation of lean
thinking (Figure 23.1.)
Figure 23.1: Five-step thought process for implementing lean thinking
1. Identify
Value
2. Map
the Value
Stream
3. Create
Flow
4.
Establish
Pull
5. Seek
Perfection
23. Lean management
84
Specify value from the standpoint of the end customer by
product family.
Identify all the steps in the value stream for each product
family, eliminating whenever possible those steps that do not
create value.
Make the value-creating steps occur in tight sequence so the
product will fow smoothly toward the customer.
As fow is introduced, let customers pull value from the next
upstream activity.
As value is specifed, value streams are identifed, wasted
steps are removed, and fow and pull are introduced, begin
the process again and continue it until a state of perfection is
reached in which perfect value is created with no waste.
Process owners and teams involved in process improvement
The scope of lean management is the creation of customer value
through eliminating wasteful steps in a process; it must exceed
a single function and should ideally be across a whole supply
chain to obtain maximum beneft. Lean is very successful in the
elimination of waste; it has a proven track record in signifcant
process improvement
Constraints
One of the hardest challenges a lean team will face is the degree
to which individual lean successes will invariably uncover new
problems and greater challenges
23.6 Relevant links (web l inks)
Offcial website: www.lean.org/
85
24. M_o_R

M_o_R
(Management of Risk)
24.2 The basics
Management of Risk, M_o_R is a structured framework and
process for taking informed decisions about the risks that affect
an organization, at strategic, program, project or operational level.
24.3 Summary
M_o_R
was frst published in 2002; its current version is the

Third Edition (2010). The approach was originally designed for
use by the UK Government and is owned by the Cabinet Offce.
It is now used in the public and private sectors alike.
Management of Risk is of enterprise-wide importance, and can
be applied to the three core elements of a business (Figure 26.1):
Strategic business direction
Change turning strategy into action, including program,
project and change management
Operational day-to-day operation and support of the business
In this way, the strategy for managing risk should be managed
from the top of the organization while being embedded into the
normal working routines and activities of the organization.
There are eight principles, which are consistent with corporate
governance principles and the international standard for risk
management ISO 31000: 2009. The principles are: Aligns with
objectives; Fits the context; Engages stakeholders; Provides
clear guidance; Informs decision-making; Facilitates continual
24. M_o_R
86
improvement; Creates a supportive culture; Achieves measurable
value.
Figure 26.1: The three core elements of business where M_o_R can be applied
An overall strategic framework, including a policy document,
is also of key importance. It needs to include the following
elements: risk identifcation; risk evaluation; setting acceptable
levels of risk; identifying suitable responses to risks; risk
ownership; implementing responses to risks; gaining assurance
about the effectiveness of the responses; embedding, reporting
and review.
Once a framework is in place, a common approach can be used
across the business, bringing together disparate risk disciplines
and functions into a consolidated and consistent approach.
Business managers, risk management offcers, CIO, information
security offcer; program and project managers
Strategic
Change
Operational
Future direction of the
business
Day-to-day operations including
People, Processes, Information
Security, H&S, Business Continuity
Turning strategy into action
(including Programme, Project
and Change Control)
24. M_o_R
87
M_o_R is appropriate for any type of organization regardless of
its size, complexity, location, or sector.
Strengths
Improved corporate decision making through the effective
communication of risk exposure throughout the organization;
An open and supportive approach to the identifcation,
analysis and communication of risk;
Better awareness in all personnel of the cost and beneft
implications of their actions.
Constraints
In practice, it is often diffcult to ensure that all risk related
disciplines and resulting work are captured within a consolidated
view of risk, as there can be a tendency to work in segregated
functional areas especially in larger organizations.
Offcial websites:
http://www.best-management-practice.com
www.mor-offcialsite.com
88
25. MoP

MoP (Management of Portfolios)
25.2 The basics
MoP is a framework for understanding, prioritizing and
planning a portfolio of business change initiatives; it is a
coordinated collection of strategic processes and decisions that
together enable the most effective balance of organizational
change and business as usual.
25.3 Summary
The MoP guide was published in the United Kingdom by the
Cabinet Offce in 2011. The guide addresses the question of what
changes, programs and projects should be undertaken by an
organization today and tomorrow, and those it should support
in the future. Its primary aim is to support those with strategic
or change portfolio responsibility to make appropriate change
investment decisions in a logical, transparent and effcient way.
Portfolio management is not concerned with the detailed
management of the projects and programs; rather, it approaches
the management of change projects and programs from a
strategic viewpoint.
MoP addresses the challenges of Run the Business vs. Change
the Business. Organizations expend energy on running their
operations well. Most organizations also adopt and embed
consistent program, project and change management methods.
MoP provides the interface between these elements.
25. MoP
89
Portfolio management aims to address the following fundamental
questions:
Are we doing the right things?
Are we doing these things right?
Most signifcantly, are we realizing all the benefts in terms
of more effective services and effciency savings from the
changes we are implementing?
The mechanisms by which these questions are answered
are incorporated in the MoP framework (Figure 25.1). This
framework brings together the key activities required to
successfully defne and deliver a portfolio of change whilst
ensuring resources are used effciently.
Figure 25.1: MoP framework
Portfolio delivery
Senior
management
Commitment
Energized
change culture
Governance
alignment
Strategy
alignment
Portfolio
Ofce
Portfolio denition
Energy
25. MoP
90
This framework consists of two portfolio management cycles,
portfolio defnition and portfolio delivery, and of fve portfolio
management principles:
Senior management commitment
Governance alignment
Strategy alignment
Portfolio Offce
Energized change culture
Senior management, people responsible for governance and all
those with strategic or change portfolio responsibility.
The scope of the method comprises the different decision
making processes around strategic change initiatives within
organizations. MoP is part of the Best Management Practice
methods developed by the Cabinet Offce. This means that it is
fully aligned with PRINCE2
, MSP
and P3O
.
The MoP guidance claims that it helps organizations to
understand which change initiatives contribute most to their
strategy and enable them to make informed decisions about their
overall status, prioritization, risk and benefts. The approach is
new (2011).
Offcial websites:
http://www.mop-offcialsite.com/
91
26. MSP

MSP
(Managing Successful Programs)

26.2 The basics
MSP
(Managing Successful Programs) is a systematic approach

to managing programs of business change to achieve outcomes
and realize benefts that are of strategic importance.
26.3 Summary of the method
MSP (Managing Successful Programs) was frst published in 1999
by the UK Offce of Government Commerce (OGC). It is now
owned by the Cabinet Offce, part of
HM Government, which published the fourth edition in 2011.
MSP describes best practice for managing programs of business
change. Within MSP a program is defned as a portfolio of
projects and (business) activities that are coordinated and
managed as units. The goal is to achieve outcomes, and realize
benefts that are of strategic importance.
The MSP framework is based on three core concepts (see Figure
26.1): principles, governance themes and transformational fow.
MSP principles (outer ring); these are derived from lessons
learned in programs with both positive and negative results.
They represent common factors that underpin the success of
any program of transformational change
MSP governance themes (middle ring); these themes show
how an organizations approach to program management
needs to be defned, measured and controlled. The gover-
26. MSP
92
nance themes allow organizations to put in place the right
leadership, delivery team, robust organization structures,
controls and control information (e.g. blueprint, business
case, quality and assurance strategy), giving the best chance
of delivering the planned outcomes and realizing the desired
benefts.
MSP transformational fow (inner circle); this fow provides a
route through the lifecycle of a program from its conception
through to delivering the new capability, transitioning to the
desired outcomes, realizing the benefts and fnally closing the
program.
Figure 26.1: MSP framework
Source: The Cabinet Offce
Remaining aligned
with corporate strategy
Key
Inner circle
Second ring
Outer ring
Transformational ow
Governance themes
Principles
Programme
organization
L
e
a
r
n
i
n
g

f
r
o
m

e
x
p
e
r
i
e
n
c
e
D
e
s
i
g
n
i
n
g

a
n
d

d
e
l
i
v
e
r
i
n
g

a
c
o
h
e
r
e
n
t

c
a
p
a
b
i
l
i
t
y
A
d
d
i
n
g

v
a
l
u
e
F
o
c
u
s
i
n
g

o
n

t
h
e

b
e
n
e
t
s

a
n
d
t
h
r
e
a
t
s

t
o

t
h
e
m
E
n
v
i
s
i
o
n
i
n
g

a
n
d

c
o
m
m
u
n
i
c
a
t
i
n
g
a

b
e
t
t
e
r

f
u
t
u
r
e
Q
u
a
l
i
t
y

a
n
d

a
s
s
u
r
a
n
c
e
m
a
n
a
g
e
m
e
n
t
R
i
s
k

a
n
d

i
s
s
u
e
m
a
n
a
g
e
m
e
n
t
T
h
e

b
u
s
i
n
e
s
s

c
a
s
e
P
la
n
n
in
g
a
n
d c
o
n
t
r
o
l
B
lu
e
p
r
in
t d
e
s
ig
n
a
n
d
d
e
liv
e
r
y
B
e
n
e
t
s
m
a
n
a
g
e
m
e
n
t
L
e
a
d
e
r
s
h
i
p

a
n
d
s
t
a
k
e
h
o
l
d
e
r
e
n
g
a
g
e
m
e
n
t
L
e
a
d
i
n
g

c
h
a
n
g
e
V
i
s
i
o
n
Identifying a
Programme
Dening a
Programme
Closing a
Programme
Delivering the
Capability
M
a
n
a
g
i
n
g
t
h
e

T
r
a
n
c
h
e
s
Realizing the
Benets
E
s
t
a
b
l
i
s
h
R
e
v
i
e
w
a
n
d
p
r
e
p
a
r
e
26. MSP
93
The main target audience is senior executives, program managers
and business change managers. However, all roles involved in
business change (such as business and functional managers and
other stakeholders) may fnd it useful to understand the principles
of program management.
The scope of the method comprises all the processes and
activities within the program management lifecycle.
Strengths
MSP is a best practice method in program management with:
A focus on achieving outcomes and realizing benefts;
A good description of the characteristics and concepts of
program management;
A focus on added value and management of risks;
Clear terms of reference for all roles within the program
management structure;
A focus on processes: it describes all processes and activities
within these processes of program management;
Outlines for all program management products.
MSP can be seamlessly combined with the PRINCE2
project
management approach. They have both been developed as
best practice by the Cabinet Offce, and they contain a similar
process-based management approach.

26.6 Relevant links (w eb links)
Offcial websites: www.best-management-practice.com
www.msp-offcialsite.com/
94
27. OPBOK
OPBOK (Outsourcing Professional Body of Knowledge)
27.2 The basics
OPBOK (Outsourcing Professional Body of Knowledge) provides
a set of best practices from around the globe for the design,
implementation and management of outsourcing contracts,
including a code of ethics and business practices for outsourcing
professionals.
27.3 Summary
OPBOK (Outsourcing Professional Body of Knowledge) is
owned and maintained by the International Association of
Outsourcing Professionals (IAOP). which was formed in 2005
by a consortium of leading companies involved in outsourcing as
customers, providers, and advisors. OPBOK was frst published
in 2006; the current version is Version 9, which refects major
updates from IAOP of the commonly accepted practices and
skills required to ensure outsourcing success. It is the basis for
IAOPs Certifed Outsourcing Professional
qualifcation and
certifcation programs.
OPBOK describes the generally accepted set of knowledge and
practices applicable to the successful design, implementation, and
management of outsourcing contracts. It provides:
a framework for understanding what outsourcing is and how it
fts within business operations
the knowledge and practice areas generally accepted as
critical to outsourcing success
a glossary of terms commonly used in outsourcing deals and
contracts.
27. OPBOK
95
OPBOK is divided into 10 knowledge areas covering major areas
of outsourcing expertise. The OPBOK framework is based on a
fve-stage outsourcing process (Figure 27.1).
Figure 27.1: OPBOK 5-stage outsourcing process
Source: IAOP
Targeted principally at outsourcing professionals who are buyers,
providers and advisors in the outsourcing industry; also of
interest
to senior management in buying organizations;trainers and
academics addressing outsourcing topics;
The scope of OPBOK is governance and defning a strategic
approach to outsourcing, governance, identifying and
communicating business requirements, selecting and qualifying
providers, gaining internal buy-in, creating project teams, and
getting value for money and return on investment.
5-Stage Outsourcing Process
Idea
Stage
Assessment/
Planning
Stage
Implemen-
tation Stage
Transition
Stage
Management
Stage
APPROPRIATE REAL DEAL EXECUTE OPERATE
Develop Concept
High level ops review
Identify Corp direction
Perform Situation
Analysis & Identify
Outsourcing
Opportunity
Get Executive
Sponsor
Assign Steering
Committee
Analyze Current
Processes &
Functions
Dene Proposed
Processes &
Functions
Dene User Needs
Perform Risk Analysis
Develop business
case (with plan)
Issue RFP
Finalize Deal
Structure & Terms
Develop & Negotiate
Contract
Develop Human
Resource and Asset
Transfer Plan
Develop
Communications
Plan
Develop Governance
Plan
Detailed Transition
Plan (with pilot)
Implement New
Organization Structure
Transfer People,
Assets, functions
and/or Processes
Develop Training Plan
Perform Daily
Management
Activities
Monitor Performance
Implement
Relationship
Management Process
Institute Change
Management Process
27. OPBOK
96
OPBOK and Carnegie Mellons eSourcing Capability Models
(eSCMs) are becoming the most relevant outsourcing standards.
OPBOK complements eSCM-CL (eSCM for clients). OPBOK
focuses on outsourcing of any service (but only outsourcing).
eSCM-CL focuses on sourcing of IT-enabled services and covers
multiple types of sourcing, including outsourcing, insourcing,
and shared services. OPBOK is used as the basis for individual
certifcation the Certifed Outsourcing Professional (COP),
while eSCM-CL supports organizational appraisal, evaluation,
and certifcation.
Strengths
OPBOK refects the best practice of outsourcing professionals
worldwide, including the make or break factors that can
affect any outsourcing initiative
Pitfalls
OPBPK does not address insourcing or shared services.
Offcial website http://www.iaop.org/
97
28. P3O

P3O
(Portfolio, Program and Project Offces)

28.2 The basics
P3O
(Portfolio, Program and Project Offces) is a decision

enabling/delivery-support model for all business change within
an organization, typically providing support through a Portfolio
Offce, a Program Management Offce, a Project Support Offce
or any combination of these delivery support functions.
28.3 Summary
P3O (Portfolio, Program and Project Offces) was published in
2008 by the UK Offce of Government Commerce (OGC); it is
now owned by the Cabinet Offce, part of HM Government.
P3O offers guidance for setting up and running support offces,
for all levels of change within an organization. It offers advice
to organizations on current best practice thinking about what
previously was referred to as PSO (Program or Project Support
Offce) or PMO (Program or Project Management Offce).
The main functions of a P3O/ PMO in an organization are to
facilitate:
Informing senior managements decision making on
prioritization, risk management and development of resources
across the organization to successfully deliver their business
objectives (portfolio management)
Identifcation and realization of outcomes and benefts
through programs and projects
28. P3O
98
Delivery of programs and projects within time, cost, quality
and other organizational constraints
As a decision enabling/delivery support model, P3O may be
a single permanent offce, e.g. Portfolio Offce (strategically
focused), a Strategy or Business Planning Unit, a Centre of
Excellence, or an Enterprise/Corporate Program Offce. It may
also be a linked set of offces e.g. Portfolio Offce, Program
Offces and Project Offces; or it may be a permanent or
temporary mix of central and localized services.
Figure 28.1: P3O model for large organizations
Hub Portfolio/
Programme Ofce
Hub Portfolio/
Programme Ofce
(permanent)
Scrutiny and Challenge
Reporting
Planning
Assurance
Tailored standards
Flexible Resource Pool
(permanent)
Scrutiny and Challenge
Reporting
Planning
Assurance
Tailored standards
Flexible Resource Pool
Centre of
Excellence
Standards
Training
Coaching
Assurance
Good Practice
Knowledge
Management
Tools
Consultancy
Organization
Portfolio Ofce
(permanent)
Strategy support
Prioritization
Benets
Management
Dashboards
Programme
Ofce
(temporary-set up
to support a specic
initiative)
Project
Ofce
(temporary-set up
to support a specic
initiative)
28. P3O
99
Portfolio managers, senior managers, program directors,
consultants, portfolio-, program- or project- offce managers
who are involved in or responsible for optimizing, developing or
re-energizing the organizational decision process to translate
business strategy effectively into concrete actions, programs or
projects.
The scope of the method is the support structures and processes
around strategic change initiatives and their delivery via
programs and projects within organizations
P3O is part of the Best Management Practice methods developed
by the Cabinet Offce. This means it is fully aligned with
PRINCE2
, MSP
and MoP
.
The P3O guidance claims that the method can signifcantly
increase an organizations chances of successfully delivering
its strategy, reducing benefts lost and delivering programs and
projects more cost effectively. The approach is fairly new and not
yet widely adopted.
28.6 Relevant links (web lin ks)
Offcial web sites:
http://www.p3o-offcialsite.com/
100
29. PMBOK
Guide
A Guide to the Project Management Body of Knowledge
(PMBOK
Guide).
29.2 The basics
A Guide to the Project Management Body of Knowledge
(PMBOK
Guide) is a guide providing a comprehensive set

of knowledge, concepts, techniques and skills for the project
management profession.
29.3 Summary of the method
The PMBOK
Guide is a publication of the Project Management

Institute, an entity that is recognized as governing the discipline.
PMI was founded in 1969 in the US and has become one of the
principal professional non-proft organizations in the specialism.
The frst edition was published in 1996; the latest English-language
PMBOK
Guide - Fourth Edition, was released in December 2008.

The PMBOK
Guide is process-based: it describes work as being

accomplished by processes. This approach is consistent with
other management standards such as ISO/IEC 9001:2008 and
the Software Engineering Institutes CMMI. Processes overlap
and interact throughout a project or its various phases. Processes
are described in terms of inputs (documents, plans, designs, etc.),
tools and techniques (mechanisms applied to inputs) and outputs
(documents, products, etc.)
The guide identifes 42 processes that fall into fve basic process
groups and nine knowledge areas that are typical for almost every
project.
29. PMBOK
Guide
101
The fve process groups are Initiating; Planning; Executing;
Monitoring and Controlling; and Closing.
The nine knowledge areas are Project Integration Management,
Project Scope Management, Project Time Management, Project
Cost Management, Project Quality Management, Project Human
Resource Management, Project Communications Management,
Project Risk Management and Project Procurement Management.
Each of the nine knowledge areas contains the processes that
need to be accomplished within its discipline in order to achieve
effective management of a project. Each of these processes also
falls into one of the fve basic process groups, creating a matrix
structure such that every process can be related to one knowledge
area and one process group.
All roles with an interest in project management, such as
senior executives, program and project managers, project team
members, members of a project offce, customers and other
stakeholders, consultants and other specialists.
PMBOK
Guide is a generic approach that can be applied to any

project.
Strengths
Extensive participation by different industry sectors and
organizations that are using project management all over the
world
Recognized as a world class standard in the profession
Generic; it can be applied to any project
29. PMBOK
Guide
102
Focus on process, similar to other frameworks and standards
in use such as ITIL
, COBIT
and ISO
Evolution and continuous improvement in line with modern
concepts of quality
Certifcation programs (PMP and CAPM) associated and
guaranteed deployment of accreditation skills from all over
the world.
Constraints
The PMBOK
Guide is not exhaustive: some aspects of

implementation practice are missing
Real life examples of the use of the tools are incomplete.
Offcial PMI website: www.pmi.org/
103
30. PRINCE2

PRINCE2
(PRojects IN Controlled Environments)

30.2 The basics
PRINCE2 is a process-based project management approach
suitable for any type of project; it is a de facto standard used
extensively by the UK public sector and is widely recognized and
used in the private sector, both in the UK and internationally.
30.3 Summary
PRINCE was developed for IT projects by the UK Central
Computer and Telecommunications Agency (CCTA) and frst
released in 1989. It was renamed PRINCE2 when revised in 1996
to make it applicable to all types of projects. PRINCE2 is now
owned by the Cabinet Offce, part of HM Government. The latest
version was published in 2009 in two volumes:
Managing Successful Projects with PRINCE2 (for people who
work on projects on a daily basis)
Directing Successful Projects with PRINCE2 (for people who
lead or sponsor a project).
The key features of PRINCE2 are:
Its focus on business justifcation
A defned organization structure for the project management
team
Its product-based planning approach
Its emphasis on dividing the project into manageable and
controllable stages
Its fexibility to be applied at a level appropriate to the project.
30. PRINCE2
104
PRINCE2 comprises a set of principles, a set of control themes,
a process lifecycle and guidance on matching the method to the
projects environment. The control themes are those aspects
of project management that need to be addressed continually
throughout the project lifecycle. They provide guidance on how
the processes should be performed. The set of PRINCE2 themes
describes:
How baselines for benefts, risks, scope, quality, cost and
time are established (in the Business Case, quality and plans
themes)
How the project management team monitors and controls
the work as the project progresses (in the progress, quality,
change and risk themes).
The organization theme supports the other themes with a
structure of roles and responsibilities with clear paths for
delegation and escalation.
PRINCE2 also provides a process model for managing a project
(Figure 30.1). This consists of a set of activities that are required
to direct, manage and deliver a project.
Figure 30.1: PRINCE2 process model
Pre-Project
Initiation
stage
Subsequent
delivery stage(s)
Final delivery
stage
Directing
Starting
up a
Project
Managing
a Stage
Boundary
Managing
a Stage
Boundary
Managing
a Stage
Boundary
Managing
a Stage
Boundary
Closing
a Project
Closing
a Project
Managing Product Delivery Managing Product Delivery
Managing
Product Delivery
Managing
Product Delivery
Directing a Project Directing a Project
Controlling a Stage Controlling a Stage Controlling a Stage Controlling a Stage
Initiating
a Project
Initiating
a Project
Managing
Delivering
30. PRINCE2
105
Project managers, project team members; senior management
involved in the decision-making activities of the project.
PRINCE2 is a generic project management approach that can be
used for any type of project.
PRINCE2 complements MSP
(Managing Successful Programs);

the two approaches were developed together with the intention of
seamless ft between them.
Strengths
PRINCE2 can be applied to any type of project
It provides a common vocabulary and approach
PRINCE2 integrates easily with industry-specifc models
The product focus clarifes what the project will deliver, and to
which agreed quality standards
Constraints
PRINCE2 is not a complete answer to project management. It
does not contain topics such as leadership or any soft skills, and
neither does it contain techniques such as network planning and
Gantt charts. These methods and techniques can, however, be
incorporated with PRINCE2 without any problem.
30.6 Relevant link s (web links)
Offcial websites:
www.best-management-practice.com
www.prince-offcialsite.com/
106
31. SABSA
31.1 Title / Def nition

SABSA
31.2 The basics

SABSA
is a framework for developing risk-driven enterprise

information security and information assurance architectures
and for delivering security infrastructure solutions that support
critical business initiatives. It is an open standard, comprising a
number of frameworks, models, methods and processes, free for
use by all, with no licensing required for end-user organizations
who make use of the standard in developing and implementing
architectures and solutions.
31.3 Summary
Although SABSA grew up in the information risk / assurance /
security domain it is now widely recognized as the leading
methodology for developing business operational risk based
architectures in general. SABSA is now the Open Groups frame-
work of choice for integrating with TOGAF
to fulfll not only

the need for a security architecture development methodology
but, more importantly, to apply SABSAs Business Attributes
Profling method across the entire enterprise architecture domain
as a means to engage with stakeholders and manage business
requirements. It adds value to the TOGAF ADM by providing
a robust, repeatable, consistent process for aligning business
requirements with the development of operational capabilities in
the form of people, processes and technology solutions. It brings
to TOGAF a defned method for requirements management,
something that has been lacking in previous releases of TOGAF
up to and including TOGAF version 9.
31. SABSA
107
SABSA does not replace or compete with other risk-based
standards and methods - rather it provides an overarching
framework that enables all other existing standards to be
integrated under the single SABSA framework, enabling joined
up, end-to-end architectural solutions. Thus ISO 2700x, CobiT
,

ISF SoGP
, ITIL
, etc. and industry standards such as ETSI

standards, Basel III and Solvency II are all capable of being
brought together into a SABSA-based integrated compliance
framework.
In terms of risk philosophy SABSA aligns fully with ISO 31000,
COSO
and M_o_R
, all of which present the concept of risk as

being one of uncertainty of outcome, with risks embracing both
(positive) opportunities and (negative) threats (Figure 31.1).
Figure 33.1 Opportunities and threats SABSA
To do business is to take risk by evaluating the risk/reward
balance and setting risk appetite to a level that is confortable
for the risk taker. With this philosophy in mind, all business
decisions are risk management decisions, and it is from this
standpoint that SABSA views the world. Risk is good for
Negative
Outcomes
Risk Context
Positive
Outcomes
Threats
Loss Event
Likelihood of
threat
materialising
Likelihood of
opportunity
materialising
Likelihood of
strength
exploited
Asset
value
Asset
value
Positive
impact
value
Overall
benet
value
Overall
likelihood
of benet
Benecial Event
Likelihood of
weakness
exploited
Overall
likelihood
of loss
Overall
loss
value
Negative
impact
value
Assets
at Risk
Opportunities
31. SABSA
108
business, so long as it is maintained within the organizations
risk appetite. SABSA is the frst architectural development
methodology to introduce a reliable method for measuring risk
appetite and monitoring operational performance against that
appetite. It achieves this through application of the Business
Attributes Profling technique, which produces as output a
customized balanced scorecard.
Other key features of SABSA include:
SABSA IPR is owned, governed and protected by The
SABSA Institute.
The SABSA framework is not related to any IT solutions
supplier or other type of supplier and is completely vendor-
neutral.
The SABSA framework is scalable, that is, it can be
introduced in a small scope and then rolled out to subsequent
areas and systems, and thus implemented incrementally.
The SABSA framework may be used in any industry sector
and in any organization whether privately or publicly owned,
including commercial, industrial, government, military or
charitable organizations.
The SABSA framework can be used for the development
of architectures and solutions at any level of granularity of
scope, from a project of limited scope to an entire enterprise
architectural framework.
The SABSA framework is continually maintained and
developed and up-to-date versions are published from time to
time.
The SABSA Model covers the whole lifecycle of operational
capabilities (Figure 31.2) and comprises six layers (Figure 31.3).
31. SABSA
109
Strategy &
Planning
Manage &
Measure
Design
Implement
Figure 31.2 Lifecycle of operational capabilities SABSA
Figure 31.3 Six layers of SABSA
For each horizontal layer there is also a vertical analysis based
on the six questions: What (assets)? Why (motivation)? How
(process and technology)? Who (people)? Where (location)?
When (time)? This leads to a six-by-six cell matrix called the
SABSA Master Matrix (Figure 31.4).
SABSA Vitality Model
SABSA Maturity Prole
SABSA Assurance Model and Process
SABSA Governance Model and Process
SABSA Risk Model and Risk Management Process
SABSA Lifecycle Model and Process
SABSA Service Management Matrix: SABSA Processes
SABSA Master Architecture Matrix: SABSA Artefacts
Contextual Architecture: The Business View
Business Wisdom and Business Decision Making
Conceptual Architecture: The Architects Vision
The Big Picture, Business Attributes Prole & Risk Objectives
Logical Architecture: The Designers View
Information, Services, Processes, Applications
Physical Architecture: The Builders / Constructors View
Data, Mechanisms, Infrastructure, Platforms
Component Architecture: The Tradesmans View
Products, Tools, Specic Standards, Technologies
S
e
r
v
i
c
e

M
a
n
a
g
e
m
e
n
t

A
r
c
h
i
t
e
c
t
u
r
e
:
T
h
e

S
e
r
v
i
c
e

M
a
n
a
g
e
r
s

V
i
e
w
S
e
r
v
i
c
e

M
a
n
a
g
e
m
e
n
t

A
c
t
i
v
i
t
i
e
s
,

P
r
o
c
e
s
s
e
s
a
n
d

M
o
n
i
t
o
r
i
n
g
31. SABSA
110
Figure 31.4 SABSA Master Matrix
C
O
N
T
E
X
T
U
A
L
A
R
C
H
I
T
E
C
T
U
R
E
A
S
S
E
T
S

(
W
h
a
t
)
B
u
s
i
n
e
s
s

D
e
c
i
s
i
o
n
s
B
u
s
i
n
e
s
s

K
n
o
w
l
e
d
g
e
&

R
i
s
k

S
t
r
a
t
e
g
y
R
i
s
k

M
a
n
a
g
e
m
e
n
t
O
b
j
e
c
t
i
v
e
s
S
t
r
a
t
e
g
i
e
s

f
o
r
P
r
o
c
e
s
s

A
s
s
u
r
a
n
c
e
R
o
l
e
s

&
R
e
s
p
o
n
s
i
b
i
l
i
t
i
e
s
D
o
m
a
i
n

F
r
a
m
e
w
o
r
k
T
i
m
e

M
a
n
a
g
e
m
e
n
t
F
r
a
m
e
w
o
r
k
B
u
s
i
n
e
s
s

A
t
t
r
i
b
u
t
e
s
P
r
o
f
l
e
E
n
a
b
l
e
m
e
n
t

&
C
o
n
t
r
o
l

O
b
j
e
c
t
i
v
e
s
;
P
o
l
i
c
y

A
r
c
h
i
t
e
c
t
u
r
e
P
r
o
c
e
s
s

M
a
p
p
i
n
g
F
r
a
m
e
w
o
r
k
;
A
r
c
h
i
t
e
c
t
u
r
a
l
S
t
r
a
t
e
g
i
e
s

f
o
r

I
C
T
O
w
n
e
r
s
,

C
u
s
t
o
d
i
a
n
s
a
n
d

U
s
e
r
s
;
S
e
r
v
i
c
e

P
r
o
v
i
d
e
r
s

&
C
u
s
t
o
m
e
r
s
S
e
c
u
r
i
t
y

D
o
m
a
i
n
C
o
n
c
e
p
t
s

&
F
r
a
m
e
w
o
r
k
T
h
r
o
u
g
h
-
L
i
f
e

R
i
s
k
M
a
n
a
g
e
m
e
n
t
F
r
a
m
e
w
o
r
k
I
n
f
o
r
m
a
t
i
o
n

A
s
s
e
t
s
D
o
m
a
i
n

P
o
l
i
c
i
e
s
I
n
f
o
r
m
a
t
i
o
n

F
l
o
w
s
;
F
u
n
c
t
i
o
n
a
l
T
r
a
n
s
f
o
r
m
a
t
i
o
n
s
;
S
e
r
v
i
c
e

O
r
i
e
n
t
e
d
A
r
c
h
i
t
e
c
t
u
r
e
E
n
t
i
t
y

S
c
h
e
m
a
;
T
r
u
s
t

M
o
d
e
l
s
;
P
r
i
v
i
l
e
g
e

P
r
o
f
l
e
s
D
o
m
a
i
n

D
e
f
n
i
t
i
o
n
s
;
I
n
t
e
r
-
d
o
m
a
i
n
a
s
s
o
c
i
a
t
i
o
n
s

&
i
n
t
e
r
a
c
t
i
o
n
s
S
t
a
r
t

T
i
m
e
s
,
L
i
f
e
t
i
m
e
s

&
D
e
a
d
l
i
n
e
s
D
a
t
a

A
s
s
e
t
s
R
i
s
k

M
a
n
a
g
e
m
e
n
t
P
r
a
c
t
i
c
e
s
P
r
o
c
e
s
s
M
e
c
h
a
n
i
s
m
s
H
u
m
a
n

I
n
t
e
r
f
a
c
e
I
C
T

I
n
f
r
a
s
t
r
u
c
t
u
r
e
M
a
n
a
g
e
m
e
n
t
S
c
h
e
d
u
l
e
D
a
t
a

D
i
c
t
i
o
n
a
r
y

&
D
a
t
a

I
n
v
e
n
t
o
r
y
R
i
s
k

M
a
n
a
g
e
m
e
n
t
R
u
l
e
s

&
P
r
o
c
e
d
u
r
e
s
A
p
p
l
i
c
a
t
i
o
n
s
;
M
i
d
d
l
e
w
a
r
e
;
S
y
s
t
e
m
s
;

S
e
c
u
r
i
t
y
M
e
c
h
a
n
i
s
m
s
U
s
e
r

I
n
t
e
r
f
a
c
e

t
o

I
C
T
S
y
s
t
e
m
s
;

A
c
c
e
s
s
C
o
n
t
r
o
l

S
y
s
t
e
m
s
H
o
s
t

P
l
a
t
f
o
r
m
s
,
L
a
y
o
u
t
&

N
e
t
w
o
r
k
s
T
i
m
i
n
g

&
S
e
q
u
e
n
c
i
n
g

o
f
P
r
o
c
e
s
s
e
s

a
n
d
S
e
s
s
i
o
n
s
I
C
T

C
o
m
p
o
n
e
n
t
s
R
i
s
k

A
n
a
l
y
s
i
s

T
o
o
l
s
;
R
i
s
k

R
e
g
i
s
t
e
r
s
;
R
i
s
k

M
o
n
i
t
o
r
i
n
g

a
n
d
R
e
p
o
r
t
i
n
g

T
o
o
l
s
R
i
s
k

M
a
n
a
g
e
m
e
n
t
T
o
o
l
s

&

S
t
a
n
d
a
r
d
s
P
r
o
c
e
s
s

T
o
o
l
s

&
S
t
a
n
d
a
r
d
s
P
e
r
s
o
n
n
e
l

M
a
n
m
e
n
t
T
o
o
l
s

&

S
t
a
n
d
a
r
d
s
L
o
c
a
t
o
r

T
o
o
l
s

&
S
t
a
n
d
a
r
d
s
S
t
e
p

T
i
m
i
n
g

&
S
e
q
u
e
n
c
i
n
g

T
o
o
l
s
I
C
T

P
r
o
d
u
c
t
s
,
i
n
c
l
u
d
i
n
g

D
a
t
a
R
e
p
o
s
i
t
o
r
i
e
s

a
n
d
P
r
o
c
e
s
s
o
r
s
T
o
o
l
s

a
n
d

P
r
o
t
o
c
o
l
s
f
o
r

P
r
o
c
e
s
s

D
e
l
i
v
e
r
y
I
d
e
n
t
i
t
i
e
s
;

J
o
b
D
e
s
c
r
i
p
t
i
o
n
s
;

R
o
l
e
s
;
F
u
n
c
t
i
o
n
s
;

A
c
t
i
o
n
s

&
A
c
c
e
s
s

C
o
n
t
r
o
l

L
i
s
t
s
N
o
d
e
s
,

A
d
d
r
e
s
s
e
s
a
n
d

o
t
h
e
r

L
o
c
a
t
o
r
s
T
i
m
e

S
c
h
e
d
u
l
e
s
;
C
l
o
c
k
s
,

T
i
m
e
r
s

&
I
n
t
e
r
r
u
p
t
s
S
e
r
v
i
c
e

D
e
l
i
v
e
r
y
M
a
n
a
g
e
m
e
n
t
A
s
s
u
r
a
n
c
e

o
f
O
p
e
r
a
t
i
o
n
a
l
C
o
n
t
i
n
u
i
t
y

&
E
x
c
e
l
l
e
n
c
e
R
i
s
k

A
s
s
e
s
s
m
e
n
t
;
R
i
s
k

M
o
n
i
t
o
r
i
n
g

&
R
e
p
o
r
t
i
n
g
;
R
i
s
k

T
r
e
a
t
m
e
n
t
M
a
n
a
g
e
m
e
n
t

&
S
u
p
p
o
r
t

o
f

S
y
s
t
e
m
s
,
A
p
p
l
i
c
a
t
i
o
n
s

&
S
e
r
v
i
c
e
s
A
c
c
o
u
n
t
P
r
o
v
i
s
i
o
n
i
n
g
;

U
s
e
r
S
u
p
p
o
r
t
M
a
n
a
g
e
m
e
n
t
M
a
n
a
g
e
m
e
n
t

o
f
B
u
i
l
d
i
n
g
s
,

S
i
t
e
s
,
P
l
a
t
f
o
r
m
s

&
N
e
t
w
o
r
k
s
M
a
n
a
g
e
m
e
n
t

o
f
C
a
l
e
n
d
a
r

a
n
d
T
i
m
e
t
a
b
l
e
O
p
e
r
a
t
i
o
n
a
l

R
i
s
k
M
a
n
a
g
e
m
e
n
t
P
r
o
c
e
s
s

D
e
l
i
v
e
r
y
M
a
n
a
g
e
m
e
n
t
P
e
r
s
o
n
n
e
l
M
a
n
a
g
e
m
e
n
t
M
a
n
a
g
e
m
e
n
t

o
f
E
n
v
i
r
o
n
m
e
n
t
T
i
m
e
M
a
n
a
g
e
m
e
n
t
I
n
v
e
n
t
o
r
y

o
f
I
n
f
o
r
m
a
t
i
o
n
A
s
s
e
t
s
R
i
s
k

M
a
n
a
g
e
m
e
n
t
P
o
l
i
c
i
e
s
P
r
o
c
e
s
s

M
a
p
s

&
S
e
r
v
i
c
e
s
E
n
t
i
t
y

&

T
r
u
s
t
F
r
a
m
e
w
o
r
k
D
o
m
a
i
n

M
a
p
s
C
a
l
e
n
d
a
r

&
T
i
m
e
t
a
b
l
e
T
a
x
o
n
o
m
y

o
f
B
u
s
i
n
e
s
s

A
s
s
e
t
s
,
i
n
c
l
u
d
i
n
g

G
o
a
l
s

&
O
b
j
e
c
t
i
v
e
s
O
p
p
o
r
t
u
n
i
t
i
e
s
&

T
h
r
e
a
t
s

I
n
v
e
n
t
o
r
y
I
n
v
e
n
t
o
r
y

o
f
O
p
e
r
a
t
i
o
n
a
l
P
r
o
c
e
s
s
e
s
O
r
g
a
n
i
s
a
t
i
o
n
a
l
S
t
r
u
c
t
u
r
e

&

t
h
e
E
x
t
e
n
d
e
d

E
n
t
e
r
p
r
i
s
e
I
n
v
e
n
t
o
r
y

o
f
B
u
i
l
d
i
n
g
s
,

S
i
t
e
s
,
T
e
r
r
i
t
o
r
i
e
s
,
J
u
r
i
s
d
i
c
t
i
o
n
s
,

e
t
c
.
T
i
m
e

d
e
p
e
n
d
e
n
c
i
e
s
o
f

b
u
s
i
n
e
s
s
o
b
j
e
c
t
i
v
e
s
B
u
s
i
n
e
s
s

T
i
m
e
D
e
p
e
n
d
e
n
c
e
B
u
s
i
n
e
s
s

G
e
o
g
r
a
p
h
y
B
u
s
i
n
e
s
s
G
o
v
e
r
n
a
n
c
e
B
u
s
i
n
e
s
s

P
r
o
c
e
s
s
e
s
B
u
s
i
n
e
s
s

R
i
s
k
M
O
T
I
V
A
T
I
O
N

(
W
h
y
)
P
R
O
C
E
S
S

(
H
o
w
)
P
E
O
P
L
E

(
W
h
o
)
L
O
C
A
T
I
O
N

(
W
h
e
r
e
)
T
I
M
E

(
W
h
e
n
)
C
O
N
C
E
P
T
U
A
L
A
R
C
H
I
T
E
C
T
U
R
E
L
O
G
I
C
A
L
A
R
C
H
I
T
E
C
T
U
R
E
P
H
Y
S
I
C
A
L
A
R
C
H
I
T
E
C
T
U
R
E
C
O
M
P
O
N
E
N
T
A
R
C
H
I
T
E
C
T
U
R
E
S
E
R
V
I
C
E
M
A
N
A
G
E
M
E
N
T
A
R
C
H
I
T
E
C
T
U
R
E
31. SABSA
111
The sixth layer, the service management layer, is overlaid on the
other fve layers and further vertically analyzed to produce the
fve-by-six cell SABSA Service Management Matrix.
33.4 Target audience of the method
CIO, CRO, IT strategists and planners, IT architects, IT
development managers and project leaders, software managers
and architects, network managers and architects, information
security managers, advisors, consultants and practitioners,
auditors.
SABSA is a generic architectural development framework that
can be used for the operational-risk-based development and
maintenance of operational capabilities in any type of business
organization.
Strengths
The SABSA model is generic and can be the starting point for
any organization, but by going through the process of analysis
and decision-making implied by its structure, it becomes specifc
to the enterprise, and is fnally highly customized to a unique
business model. It becomes the enterprise operational risk
management architecture. SABSA is not a cookbook full of
ready-to-cook recipes rather it is a guiding framework for those
who would be the chef de cuisine so that they can devise their
own recipes to satisfy their customers appetites.
Constraints
To gain the full benefts of SABSA an organization needs to
move on from a small scope proof-of-concept project towards
adopting SABSA on an enterprise-wide level. This of course
31. SABSA
112
requires buy-in and support at the most senior executive levels,
which can be a challenge to those who champion the adoption of
the framework.
Offcial SABSA website: www.sabsa.org. The TOGAF-SABSA
white paper can also be found at www.opengroup.or g
113
32. Scrum
Scrum
32.2 The basics
Scrum is an iterative, incremental framework for project
management often deployed in Agile software development.
32.3 Summary
Scrum is an Agile method (an iterative and incremental
approach) for completing complex projects. Scrum was originally
formalized for software development projects, but works well for
any complex, innovative scope of work.
Why Is It Called Scrum?
When Jeff Sutherland created the scrum process in 1993, he borrowed
the term scrum from an analogy put forth in a 1986 study by Takeuchi and
Nonaka, published in the Harvard Business Review. In that study, Takeuchi
and Nonaka compare high-performing, cross-functional teams to the scrum
formation used by Rugby teams.
Source: www.Scrumalliance.org
The Scrum Guide is the offcial Scrum Body of Knowledge. It
was written by Ken Schwaber and Jeff Sutherland, co-creators of
Scrum.
The Scrum framework is summarized in the Sprint Cycle
(see Figure 32.1).
32. Scrum
114
Figure 32.1 Scrum Sprint Cycle
A Sprint Cycle consists of the following steps:
A Product Owner creates a prioritized wish-list called a
Product Backlog.
During Sprint planning, the team pulls a small chunk from
the top of that wish-list, a Sprint Backlog, and decides how to
implement those pieces.
The team has a certain amount of time, a Sprint, to complete
its work - usually two to four weeks - but meets each day to
assess its progress (daily Scrum).
The Sprint Burn Down chart shows implementation progress
during a single Sprint
Along the way, the ScrumMaster keeps the team focused on
its goal.
At the end of the Sprint, the work should be potentially
ready to hand to a customer, put on a store shelf, or show to a
stakeholder.
The Sprint ends with a Sprint Review and retrospective.
As the next Sprint begins, the team chooses another chunk of
the Product Backlog and begins working again.
The cycle repeats itself until suffcient items in the Product
Backlog have been completed, the budget is depleted, or a
Product Backlog
Sprint Backlog
Sprint
4 weeks
Release
Sprint review
meeting
Daily meetings
Sprint burn down
32. Scrum
115
deadline arrives. Which of these milestones marks the end of
the work is entirely up to that specifc project. No matter which
impetus stops work, Scrum ensures that the most valuable work
has been completed when the project ends.
The two main roles in Scrum are the Product Owner, who
represents the customer and manages all requirements (adds
requirements with a detailed description, prioritizes requirements
and plans releases); and the ScrumMaster, who helps the team
to follow Scrum process. The ScrumMaster facilitates the daily
Scrum meetings, manages any problems, supports the Product
Owner, and removes obstacles to team progress.
Any member of a project team.
The scope of Scrum was originally intended for software
development projects, but it is now also used for delivering any
kind of complex projects.
Strengths
Productivity increases (from 10% to 400% depending on
team, environment, project, agile experience, etc.)
Continuous development process improvement
Communication improvement inside development team and
between Scrum team and customer
Minimized time-to-market via frequent releases.
Constraints
Requires a lot of preparation/planning;
Focus on supporting tools;
32. Scrum
116
Does not work well if team culture does not allow for roles as
required in a cross functional team.
www.Scrumalliance.org
www.scrum.org
http://www.scrummethodology.org/
117
33. Six Sigma
Six Sixma
33.2 The basics
Six Sigma is a structured, disciplined and rigorous approach and
methodology for process improvement through identifying and
eliminating defects. Six Sigma is a business management strategy,
originally developed by Motorola, USA in 1986
33.3 Summary
The use of Six Sigma as a measurement standard is based on
the concept of the normal curve, dating from the 1920s, when
Shewhart demonstrated that three sigma (standard deviations)
from the mean is a point where a process requires correction.
In the mid-1980s Motorola engineers started to measure defects
in millions per opportunities to provide adequate detail in
measuring quality levels. The term Six Sigma was coined in that
period by one of the involved engineers, Smith.
Six Sigma refers to the statistical notion of having a 99.99 per cent
confdence of achieving specifed results. A greater sigma implies
a lower expected Defects per Million Opportunities (DMO)
for defect or error. The statistical representation of Six Sigma
describes quantitatively how a process is performing. To achieve
Six Sigma a process must not produce more than 3.4 defects
per million opportunities, where a defect is defned as anything
outside customer specifcations.
33. Six Sigma
118
Six Sigma can be perceived at three levels:
1. Metric: 3,4 Defects Per Million Opportunities (DPMO)
2. Methodology:
DMAIC (Defne-Measure-Analyze-Improve) is a
structured problem solving roadmap and tools.
DMADV (Defne-Measure-Analyze-Design-Verify) is
a data driven quality strategy for designing product and
processes
DFSS (Design For Six Sigma) is an approach for the
deployment of Six Sigma
3. Philosophy: reduce variation in the business and take
customer-focused, data-driven decisions by implementing
an measurement-based strategy that focuses on process
improvement and variation reduction through the application
of Six Sigma improvements projects.
Six Sigma uses a set of quality management techniques, including
statistical information, and creates a unique infrastructure of
people within the organization (Black Belts, Green Belts, etc.)
who are experts in Six Sigma. Each Six Sigma project carried out
within an organization follows a defned sequence of steps and
has quantifed project targets (such as cost reduction and/or proft
increase).
Six Sigma can be used by anybody who is involved in process
improvement such as business analysts, engineers, project
managers and advisors.
33. Six Sigma
119
The scope of Six Sigma is any process in any type of organization
from manufacturing to transactions and from product to service
where an approach and methodology is needed for eliminating
defects.
Six Sigma is complementary to lean approaches, which focus on
the elimination of wasteful process activities. Some practitioners
have combined Six Sigma ideas with lean thinking to create a
methodology called Lean Six Sigma.
Strengths
A secure, rigorous and structured method;
A fact based approach (statistical instead of based on
intuition);
Trained resources with appropriate skills
Fast implementation.
Constraints
Using Six Sigma for processes with a low volume of output.
This can produce unreliable results.
Not enough statistical knowledge available in order to be able
to use sophisticated statistical methods. Extensive training is
needed for correct use of the approach.
International Society of Six Sigma Professionals :
http://www.isssp.com/
A Six Sigma knowledge database website: www.isixsigma.com
120
34. SqEME

SqEME
Process Management.
34.2 The basics
SqEME
is an open standard for developing process-centered

architectures of an enterprise; it views processes from the
perspectives of four complementary windows. It is owned by the
not-for-proft organization Stichting SqEME in the Netherlands.
34.3 Summary
SqEME
was developed by a Dutch network of private and

public organizations, consultancy agencies and independent
advisors. SqEME was published in 2002 and in 2007 the SqEME
Foundation was established. The current version of SqEME is
Edition 2008
SqEME enables organizations to recognize, design, control,
manage and improve their processes; it also supplies a set of
consistent and coherent modeling techniques. A key assumption
in the method is the professional maturity of the employee.
The focus is not on what the employee has to do in detail, but
on the surrounding system. It is on cooperation and the fow of
information between employees. It investigates how the different
parts of the organization are tuned to each other and how the
intra-organization messaging takes place.
The thinking model that forms the basis of the SqEME

method is visualized by means of four windows. These four
windows are called Constitution, Chemistry, Construction and
Correspondence (Figure 34.1).
34. SqEME
121
The Constitutional window is concerned with questions of a
constitutional nature:
What are the key result areas of the enterprise?
What are the activities that can be distinguished within the
key result areas?
What interaction patterns connect the constituent activities?
The Correspondence window is used to obtain a picture of the
dynamics of the enterprise in operation. It is about monitoring
the business. Do business processes proceed as visualized and
agreed upon and do the processes perform in line with their
objectives?
Figure 34.1: The SqEME windows
Source: SqEME
The Chemistry window concentrates on the cohesion in the
enterprise, the interaction between the involved professionals.
This window shows primarily the quality of the interaction and
the communication patterns.
Constitution Chemistry
Correspondence Construction
34. SqEME
122
The Construction window offers the most tangible view on the
enterprise with a focus on deployment and implementation.
These four windows make it possible to look at organizations
differently not the vertical lines of the hierarchical structure, but
the processes and their interrelatedness within the organization
Anyone who is involved in business process modeling and process
improvement.
The scope of SqEME is process improvement enterprise-wide.
Strengths
The SqEME
method makes it possible to describe the design

of an organization in a subtle but unambiguous way. It also
offers a complete set of consistent and coherent modeling
techniques.
The method has proven itself in practice. SqEME
is being
applied to Dutch organizations within the industrial, service
and not-for-proft sectors.
Constraints
It can take a long time to model all the business processes in a
detailed way. One of the main messages is Good is good enough.
Offcial website of SqEME
Foundation: www.sqeme.org (Dutch

only)
(Links to English language publications can be found under the
heading Boeken)
123
35. TMap
NEXT
TMap
NEXT (Test Management Approach)

35.2 The basics
TMap is a business-driven software testing methodology that
can be adapted to test situations in most environments and has
evolved into a de facto standard worldwide for structured testing
of information systems.
35.3 Summary
TMap was created in 1995 by Sogeti Nederland BV, part of
Capgemini SA. The current version, TMap NEXT was published
in 2006. It creates a more process focused description of the test
process, and puts more emphasis on the business objectives as
guidance for the testing process.
TMap NEXT can be summarized in four essentials:
It is based on a business-driven test management (BDTM)
approach. TMap NEXT supports the justifcation of IT in the
business case for the project, translating it to the activity of
testing. This enables the client to manage the test process on
the rational and economic grounds of business objectives.
It describes a comprehensive structured test process, from test
execution through test management, which includes ample
tips and examples. The process consists of:
A master test plan, managing the total test process
Acceptance and system tests
Development tests
Supporting processes
35 TMap
NEXT
124
It contains a complete tool set: technique descriptions and
organizational and infrastructure support.
It is an adaptive method that is suitable for test situations in
most environments (such as new development, maintenance,
waterfall / iterative / agile development, customized or
package software, outsourcing)
The total test effort is related to the risks of the system to be
tested for the organization. The deployment of people, resources
and budget focuses on those parts of the system that are most
important to the organization.
At various points in the testing program, the client is involved in
making choices. The advantage is that the test process matches
the wishes and requirements and therefore the expectations of
the organization as adequately as possible.
The method is aimed at test managers, test coordinators and
testers.
Testing of software in all the phases of the lifecycle and in any
environment where structured testing is required.
Strengths
The client has control over the process.
The test manager communicates and reports in the
terminology of the client with information that is useful in the
clients context.
At the master test plan level, detailing can be as intensive as
required or possible.
35 TMap
NEXT
125
Constraints
It is important to customize TMap to ft a specifc situation by
making a selection from all of the TMap elements. After the
approach has been tried out (pilot), it can be rolled out in the
organization.
Offcial website:
http://www.tmap.net (Dutch)
http://www.tmap.net/en (English)
126
36. TOGAF

TOGAF
, an Open Group Standard

36.2 The basics
TOGAF
the Enterprise Architecture standard used by the

worlds leading organizations to improve business effciency.
36.3 Summary
TOGAF
, an Open Group Standard, is a proven Enterprise

Architecture methodology and framework used by the worlds
leading organizations to improve business effciency. It is the
most prominent and reliable Enterprise Architecture standard,
ensuring consistent standards, methods, and communication
among Enterprise Architecture professionals. Enterprise
Architecture professionals fuent in TOGAF standards enjoy
greater industry credibility, job effectiveness, and career
opportunities. TOGAF helps practitioners avoid being locked
into proprietary methods, utilize resources more effciently and
effectively, and realize a greater return on investment.
TOGAF has been continuously evolved and improved by the
members of The Open Group since it was frst published by them
in 1995. The Open Group is a global consortium that enables the
achievement of business objectives through IT standards. With
more than 400 member organizations, the diverse membership
spans all sectors of the IT community customers, systems and
solutions suppliers, tool vendors, integrators and consultants, as
well as academics and researchers.
36. TOGAF
127
TOGAF Version 9.1 is a maintenance update to TOGAF 9,
addressing comments raised since the introduction of TOGAF
9 in 2009. It retains the major features and structure of TOGAF
9, thereby preserving existing investment in TOGAF, and adds
further detail and clarifcation to what is already proven.
The standard is divided into seven parts:
PART I (Introduction): This part provides a high-level
introduction to the key concepts of Enterprise Architecture
and in particular the TOGAF approach. It contains the
defnitions of terms used throughout TOGAF and release
notes detailing the changes between this version and the
previous version of TOGAF.
PART II (Architecture Development Method): This is the
core of TOGAF. It describes the TOGAF Architecture
Development Method (ADM) a step-by-step approach to
developing an Enterprise Architecture.
PART III (ADM Guidelines & Techniques): This part
contains a collection of guidelines and techniques available for
use in applying TOGAF and the TOGAF ADM.
PART IV (Architecture Content Framework): This part
describes the TOGAF content framework, including a
structured metamodel for architectural artifacts, the use of re-
usable architecture building blocks, and an overview of typical
architecture deliverables.
36. TOGAF
128
PART V (Enterprise Continuum & Tools): This part discusses
appropriate taxonomies and tools to categorize and store the
outputs of architecture activity within an enterprise.
PART VI (TOGAF Reference Models): This part provides
a selection of architectural reference models, which includes
the TOGAF Foundation Architecture and the Integrated
Information Infrastructure Reference Model (III-RM).
PART VII (Architecture Capability Framework): This
part discusses the organization, processes, skills, roles,
and responsibilities required to establish and operate an
architecture function within an enterprise.
Figure 38.1: Components of TOGAF
Source: The Open Group
Needs of the business shape
non-architectural aspects of business operation
Informs the size, structure, and
culture of the capability
Effective operation of the
Architecture Capability ensures
realization of the Business Vision
Business Capability drives the
need for Architecture Capability
Maturity
The Architecture Capability
operates a method
Business need feeds into the
method, identifying problems
to be addressed
The method renes
understanding of business need
The method produces content to be
stored in the Repository, classied
according to the Enterprise Continuum
The method delivers new
business solutions
Operational changes update the
Enterprise Continuum and
Repository
The Enterprise Continuum and
Repository inform the business
of current state
Learning from business operation creates
new business need
Sets targets, KPIs, plans, and
budgets for architecture roles
TOGAF Capability Framework
TOGAF ADM &
Content Framework
TOGAF Enterprise Continuum and Tools
Architecture Capability
Framework
(Part VII)
Architecture
Development Method
(Part II)
Business
Capabilities
Business
Vision and
Drivers
Architecture
Content
Framework
(Part IV)
Enterprise Continuum
and Tools
(Part V)
TOGAF Reference
Models (Part VI)
ADM Guidelines and
Techniques (Part III)
The Open Group
36. TOGAF
129
Central to TOGAF is the Architecture Development Method
(documented in TOGAF, Part II). The architecture capability
(documented in TOGAF, Part VII) operates the method. The
method is supported by a number of guidelines and techniques
(documented in TOGAF, Part III). This produces content to be
stored in the repository (documented in TOGAF, Part IV), which
is classifed according to the Enterprise Continuum (documented
in TOGAF, Part V). The repository is initially populated with the
TOGAF Reference Models (documented in TOGAF, Part VI).
Enterprise architects, business architects, IT architects,
IT architects, data architects, systems architects, solutions
architects; architecture service providers and tools suppliers
36.5 Scope
TOGAF can be used for developing a broad range of different
Enterprise Architectures.
TOGAF complements, and can be used in conjunction
with, other frameworks that are more focused on specifc
deliverables for particular vertical sectors such as Government,
Telecommunications, Manufacturing, Defense, and Finance.
The key to TOGAF is the method the TOGAF Architecture
Development Method (ADM) for developing an Enterprise
Architecture that addresses business needs.
TOGAF covers the development of four related types of
architecture. These four types of architecture are commonly
accepted as subsets of an overall Enterprise Architecture, all of
which TOGAF is designed to support. They are shown below:
36. TOGAF
130
Architecture Type Description
Business
Architecture
The business strategy, governance, organization, and
key business processes.
Data Architecture The structure of an organizations logical and physical
data assets and data management resources.
Application
Architecture
A blueprint for the individual applications to be deployed,
their interactions, and their relationships to the core
business processes of the organization.
Technology
Architecture
The logical software and hardware capabilities that are
required to support the deployment of business, data,
and application services. This includes IT infrastructure,
middleware, networks, communications, processing, and
standards.
36 .6 Relevant links (web links)
Offcial website of The Open Group: www.opengroup.org/togaf/
132
our global publishing partners include:
Please Note
All titles are published in English unless otherwise indicated. All
ISBNs indicate the English edition. ISBNs for all of our published and
forthcoming titles, including non-English editions, are available on our
website. All prices are shown in euros and are correct as of January
2012. They are excluding tax and delivery, and may be subject to
change. Currency conversions into non-euro denominations adopt the
IACCM
133
current exchange rate on the day on which the order is processed,
so some prices may be subject to the f uctuations in the exchange
rate. Please note covers are for illustration purposes.
FREE! Sample chapters from all of our titles can be viewed on our
website at www.vanharen.net or via the Amazon LookInside and
Google Book Search initiatives.
33. Six Sigma
135
The Van Haren Publishing eServices
Our eServices offer information regarding Best Practices and world
wide standards. This information is made available to you through
different formats:
The eKnowledge base offers free access into our
unique collection of Best Practice whitepapers.
Additionally, practice exams can be downloaded and
Best Practice templates are available to support the
implementation of frameworks within your organization.
The eLibrary contains all information on:
IT Management (ITIL, ASL en BiSL)
Projectmanagement (PRINCE2 en PMBoK)
IT Architecture (TOGAF, Archimate)
Business Management (ISO 20000, 27001/2)
Here you can download the most recent and up-to-
date eBook publications to stay completely informed
regarding the latest developments within your area of
expertise.
The eShop allows you to browse through all titels,
offering summaries, indexes and even expert
recommendations. When you have made your choice
you can place your order in your favorite media format:
hard copy or eBook.
149,-
p.p.p.a.
FREE
IT Service Management
An easy-to-read introduction into the entire ITIL V3 Library
All specif cations of APMGs syllabus for the
ITIL 2011 Edition Foundation certif cation
The description of ITIL processes is now directly related to the
service life cycle phases
Includes the new processes in ITIL 2011 Edition
Readers comments:
no single book have I recommended more highly than this.It
consolidates the focus and understanding of the core ITIL books
in an easy-to-read and eff cient manner. No fuss no f uff. Without
exception its the one-book reference to
Languages: English
Available formats: hard copy,
eBook
English
39,95
NEW
Foundations of
ITIL
2011 Edition
ISBN 978 90 8753 674 9
136
Passing the ITIL
Foundation Exam:
2011 Edition
ISBN 978 90 8753 6640
This Exam Guide provides a clear and concise
explanation of the exam structure
Key preparation texts for the ITIL Foundation
exams
Sample exam questions, sample answers and
hints and tips
Nederlands
Available formats: hard copy, eBook
English
29,95
ITIL
A Pocket Guide 2011 Edition

ISBN 978 90 8753 676 3
New version of this bestselling title based on
ITIL 2011 Edition, formally licensed by APMG
Save time: get the key points of ITIL 2011 in
this concise guide
Quality content, also great as study material for
ITIL Foundation exam
Languages: English
Available formats: hard copy, eBook, ePub
English
15,95
NEW
Passing the ITIL
Intermediate Exams
The Study Guide
ISBN 978 90 8753 020 4
This book helps people prepare for the ITIL

Intermediate qualif cation exams
Contains tips for selecting the appropriate
course and preparation
Aditionally, this book gives tips on reading and
understanding the syllabi, and sample questions
Languages: English
English
39,95
NEW
NEW
137
Languages: English, Dutch, German, Italian, Japanese, Spanish, Turkish, French
Available formats: hard copy, eBook, ePub (Dutch, English)
English
15,95
2007
edition
ITIL
V3 Foundation Exam
The Study Guide
ISBN 978 90 8753 069 3
A complete and thorough explanation of all key
concepts
Clear text that fully aligns with Exam
specif cations
This book is endorsed by APMG, the off cial
OGC Accreditor
Foundations of ITIL
V3
ISBN 978 90 8753 057 0
An easy-to-read introduction into the entire ITIL
V3 Library
Covers both the ITIL Service Lifecycle and the
ITIL processes and functions
OGC Accreditor
Languages: English, Korean
Languages: English, Dutch, French, German, Italian, Korean, Spanish, Japanese
Available formats: hard copy, eBook, ePub (Dutch)
English
22,50
2007
edition
English
39,95
2007
edition
138
ITIL
V3 A Pocket Guide
ISBN 978 90 8753 102 7
Key content great for Foundation Exam
Preparation
A globally popular pocket guide and a quick,
portable reference tool
OGC Accreditor
ISO/IEC 20000 An Introduction
ISBN 978 90 8753 081 5
Includes the selected text of the
ISO/IEC 20000 Standard!
The def ning literature for the ISO 20000 exam
and certif cation
Provides a systematic approach to IT Service
Management quality
Implementing ISO/IEC 20000
Certifcation The Roadmap
ISBN 978 90 8753 082 2
A quick and accessible guide to a universally
adopted standard
A sister publication to the hugely successfultitle
Introduction to ISO/IEC 20000
Detailed case study material supports the
practical nature of this title
Languages: English, Spanish, Japanese, German, French, Dutch (only eBook),
Brazilian/Portuguese, Chinese
English
49,95
Languages: English
Languages: English, German, Japanese, Italian, Spanish
English
39,95
English
15,95
ISO/IEC 20000-1:2011
A Pocket Guide
ISBN 978 90 8753 682 4
A Pocket Guide to ISO 20000, the new
IT service management standard
A well-known standard adopted by many
organisations globally
Key content great for EXIN and TV SD exam
preparation
NEW
139
Covers Attitude, Behaviour and Culture concepts that are
critical to make ICT really happen
35 fantastic case studies and examples from industry experts
of where things can go wrong and how to make them right
Used globally by leading consultants and trainers in the f eld
The sister publication to the well-known ABC Card Deck and
the new ABC of ICT Exercise Workbook
Assess worst practices and take f rst practical steps in solving
them
Readers comments:
Your ABC book is excellent. Its the best explained set of business
change tools that Ive ever seen....
Kevin Holland, Programme Head, NHS Connecting for Health
Languages: English
Available formats:
hard copy, eBook
English
39,95
ABC of ICT
An Introduction
The Off cial ABC
Introduction
ISBN 978 90 8753 140 9
140
Languages: English
English
22,50
ABC of ICT The Exercise Workbook
ISBN 978 90 8753 142 3
A great training tool to use toidentify your
team improvement needs
The exercises can be integrated into your ITIL
and ITSM Training
Helps develop the people skills vital to realizing
successful ICT Change
ABC of ICT Card Deck
The ABC of ICT Training Aid
ISBN 978 90 8753 138 6
Addresses the impact of Attitude, Behaviour
and Culture on IT projects
A valuable instrument for training and
consulting companies
A humorous deck of cards, supporting rge
serious learning lessons
Languages: English
English
9,95
141
Metrics for IT Service Management
ISBN 978 90 77212 69 1
Approach to measuring deliverables within
Service Management operations
A general guide to the design, implementation
and use of metrics
Contains practical sheets for immediate
day-to-day use
Implementing Metrics for
ISBN 978 90 8753 114 0
Includes unique CD containing
Metrics Templates
Provides a management framework aligned
with ITIL best practices
Compatible with CoBit and supporting
ISO/IEC 20000
Metrics for IT Service Management:
Designing for ITIL
ISBN 978 90 8753 648 0

Practical Metrics for ITIL and ISO 20000
Implementation
Best Practice Guidance for use within Service
Operations
Written by the Author of the Industry Bible:
Metrics for IT Service Management
Languages: English, Chinese, Russian
English
39,95
Languages: English
Available formats:
hard copy, eBook
English
49,95
Languages: English
English
39,95
includes CD
NEW
142
The ITIL

Process Manual
Key Processes and their Application
ISBN 978 90 8753 650 3
Pulls together the main processes found in
ITIL and ISO 20000
Easy to implement for small to medium sized
companies
Best practice interfaces between processes
and practical guidance with great templates
Languages: English
English
39,95
IT Service Management from Hell:
A Guide to Worst Practices
ISBN 978 90 77212 21 9
A humorous guide to ITIL and other
Best Practice techniques
Good examples of how NOT to do
Service Management
An impertinent look at the worst in the
industry, illustrated with great cartoons
IT Service-portfoliomanagement:
Maximaliseer de waarde van IT
ISBN 978 90 8753 644 2
Het ontwikkelen en beheren van een
portfolio aan (IT-)diensten
Vele herkenbare voorbeelden, zowel binnen
als buiten de IT
Maximaliseer de waarde van IT voor uw
onderneming
Languages: English
English
12,00
Languages: Nederlands
Dutch
39,95
NEW
143
Capacity Management -
A Practitioner Guide
ISBN 978 90 8753 519 3
Covers details of what capacity management
is all about
Provides comprehensive templates and
checklists
Practitioner guide aligns with ISO / IEC 20000
and ITIL
IT Financial Management -
ISBN 978 90 8753 501 8
The practitioner guide provides a
comprehensive guide to the core process
A must-have guide to f nancial skills for
IT managers
Practitioner guide aligns with ISO / IEC 20000
and ITIL
The Service Catalog -
ISBN 978 90 8753 571 1
Practical guidance on building a Service
Catalog
Focuses on IT community relationship with the
business and users
Includes practical templates and guidance on
key documents such as OLAs and SLAs
Languages: English
English
39,95
Languages: English
English
39,95
Languages: English (Japanese 2011)
English
39,95
144
Frameworks for IT Management
ISBN 978 90 77212 90 5
Covers the 22 most important frameworks in
use, in a neutral and objective way
The off cial recommended reading for Exin
exams
Reliable and consistent information can be
used as introduction or reference guide
Frameworks for IT Management
A Pocket Guide
ISBN 978 90 8753 087 7
Covers the 26 most important frameworks for
quality management in IT organizations
Indispensable for the student and the
experienced practitioner alike
Complete list of the included frameworks can
be found on the website
Languages: English, German, Japanese, Chinese
English
39,95
Languages: English, Dutch
English
15,95
The IT Factory
ISBN 978 90 8753 686 2
A complete guide for new approaches to
dynamic IT delivery
Aligns with Supply Chain best practice with
practical implementation guidance
Innovative approach designed to support cloud
and virtualization
Languages: English
English
39,95
145
Six Sigma for IT Management
ISBN 978 90 77212 30 1
Combining the Six Sigma approach with ITIL
best practice
Coherent view and guidance for using the
Six Sigma approach
A quantitative methodology of continuous
improvement
Six Sigma for IT Management
A Pocket Guide
ISBN 978 90 8753 029 7
The pocket guide provides succinct guidance
and concise explanations
Merges ITIL and Six Sigma methodologies into
a single unif ed approach
Based on the introductory guide Six Sigma for
IT Management
Languages: English, Korean, Chinese
English
39,95
Languages: English
English
15,95
ITSM Process Assessment
Supporting ITIL
ISBN 978 90 8753 564 3

Use TIPA to improve processed with
ISO 15504
Prepares you for off cial ISO 20000
certif cation
Uniquely combines ITIL principles with
ISO 15504
Languages: English
English
39,95
146
IT Governance and Security
Implementing IT Governance:
A Practical Guide to Global Best
Practices in IT Management
ISBN 978 90 8753 119 5
Comprehensive approach to IT / Business
Alignment, Planning, Execution and Governance
Provides readers with a structured and
practical solution
Uses the best of the best principles available
today
Languages: English
Available formats:
hard copy, eBook
English
39,95
Implementing IT Governance
A Pocket Guide
ISBN 978 90 8753 216 1
Necessary to develop, execute and sustain a
robust and effective IT governance environment
IT governance as focal point to create
alignment between IT and the business
Brings together every critical aspect relating to
IT governance
Languages: English
Available formats:
hard copy, eBook
English
15,95
Foundations of Information
SecurityBased on ISO 27001
and ISO 27002
ISBN 978 90 8753 568 1
Covers the specif cations of the EXIN exam
ISFS (Information Security Foundations)
Includes an appealing case text that clarif es
the theory
Includes a large number of exercises and an
ISFS sample exam in the end of the book
Languages: English,
Dutch
Available formats: hard
copy, eBook
English
29,95
147
Languages: English
Available formats:
hard copy, eBook
English
39,95
Information Security Management
with ITIL V3
ISBN 978 90 8753 552 0
Provides insight and gives background about
what is going to be managed
Explains what Information Security
Management is about and its objectives
Gives practical advice how to put Information
Security Management into practice
Information Security based on
ISO 27001/ISO 27002
A Management Guide
ISBN 978 90 8753 540 7
Provides an overview of the two international
information security standards
Describes how ISO 27001 and ISO 27002
interact
Guide organizations in the development of best
practice information security systems
Languages: English
Available formats:
hard copy, eBook
English
22,50
Languages: English
Available formats:
hard copy, eBook
English
22,50
Implementing Information Security
based on ISO 27001/ISO 27002
A Management Guide
ISBN 978 90 8753 541 4
Covers the Information Security ISO standards
based on ISO 27001 / ISO 27002
Implementing and achieving certif cation of
internationally recognised ISO standards
A succinct guide for those requiring a guide to
implementation issues
148
Open Enterprise Security
Architecture (O-ESA)
A Framework and Template for Policy-Driven Security
ISBN 978 90 8753 6725
Covers key policy-driven security approach
essential to any organization
A framework and template on Open Enterprise
Security Architecture (O-ESA)
Published by the well-respected, independent,
global organization The Open Group
Languages: English
English
39,95
Open Information Security
Management Maturity Model (O-ISM3)
ISBN 978 90 8753 665 7
Supports the common frameworks such as ISO
9000, ISO 27000, COBIT, ITIL and many more
Published by the well-respected, independent,
global organization The Open Group
Practical process-based approach encourages
continuous improvement
Languages: English
English
29,95
149
Information Management
Establishes a bridge between IT and business processes
Describes a process framework for business information
management and information management
Supports BiSL Foundation exam
Readers comments:
We are now better equipped to make choices and identify
the relationships between assignments in advance (Ruud van
Ravenswaaij, Fortis using BiSL)
eBook
English
39,95
BiSL
A Framework
for Business
Information
Management
ISBN 978 90 8753 702 9
150
Information Management
BiSL
Pocket Guide
ISBN 978 90 8753 702 9
Describes the best way to manage and execute
business information management
A public domain standard which is consistent
with ITIL and ASL
A case history developed throughout the text
illustrates the implementation of BiSL
Business informatie management en
BiSL in de praktijk
ISBN 978 90 8753 405 9
Handvatten voor inrichting en uitvoering van
business informatiemanagement
Praktische, direct toepasbare informatie over
BiSL door eenvoudige modellen
Gebaseerd op input van de Nederlandse politie
en het ministerie van Defensie
BiSL Kaartspel
ISBN 978 90 8753 303 8
Het BiSL-kaartspel is gebaseerd op het
BiSL-framework
De kaarten representeren de elementen uit het
framework
Leuk om spelenderwijs het BiSL-gedachte goed
te leren
Languages: English (summer 2012), Dutch
English
22,50
English
39,95
Dutch
15,95
151
Application Management
ASL
2 A Framework for Application

Management
ISBN 978 90 8753 313 7
This book supports the Exam
ASL Foundation
ASL is a publica domain process framework for
application management
This book is the off cial manual of ASL2, an
improved version of the 2001 framework
Languages: English (spring 2012), Dutch
English
39,95
Languages: English, Dutch (summer 2012)
English
15,95
ASL
2 - Pocket Guide
ISBN 978 90 8753 643 5
ASL2 is an evolutionary improvement on the
succesful ASL framework
Comprehensive introduction to the basic
principles of ASL2
Complementary to other frameworks like
BiSL and ITIL
NEW
NEW
152
Application Management
ASL A Management Guide
ISBN 978 90 77212 84 4
The ONLY public domain application
management standard in the world!
Introduces the basic concepts of ASL through
realistic work scenarios
How to adopt best practices to help reduce
costs and improve service quality
English
22,50
153
Enterprise and IT Architecture
The Off cial hard copy publication of The Open Group
Architecture Framework
TOGAF is an open industry standard of enterprise architecture
What is an architecture framework? What kind of
architecture are we talking about?
How does my organization benef t from using TOGAF?
This book provides the answers!
TOGAF 9 complements, and can be used in conjunction with,
other frameworks that are more focused on specif c aspects of
architecture
Readers comments:
Nothing less than a breakthrough in the world of Enterprise and
IT Architecture, Ron Tolido, CTO Capgemini on TOGAF 9
Languages: English
eBook, ePub
English
75,00
TOGAF
Version 9.1
Off cial TOGAF
Series
ISBN 978 90 8753 679 4
154
TOGAF
Version 9.1 Enterprise Edition

A Pocket Guide
Off cial TOGAF
Series
ISBN 978 90 8753 678 7
The Off cial Open Group Pocket Guide for
TOGAF Version 9
A compact introduction to the new version
of TOGAF
Provides an excellent overview of all major new
concepts
TOGAF
9 Foundation Study Guide

Preparation for the TOGAF 9 Part 1
Examination
Off cial TOGAF
Series
ISBN 978 90 8753 681 7
Study Guide for Preparing for the TOGAF 9
Part 1 Examination
Indepth coverage on preparing and taking the
TOGAF 9 Part 1 Examination
This study guide is specif cally designed to help
individuals prepare for certif cation
TOGAF
9 Certifed Study Guide

Preparation for the TOGAF 9 Part 2
Examination
Off cial TOGAF
Series
ISBN 978 90 8753 680 0
Gives an overview of every learning objective
beyond the foundation level
Specif cally designed to help individuals prepare
for certif cation
Especially intended for professionals and
architects
Languages: English, French, German, Dutch
Languages: English
Languages: English
English
15,95
English
39,95
English
39,95
155
SOA Source Book
Off cial The Open Group Series
ISBN 978 90 8753 503 2
The SOA Source Book will help enterprise
architects to use SOA effectively
What is SOA and how to evaluate SOA features
in business terms
How to use The Open Group Architecture
Framework (TOGAF) for SOA
Archimate
2.0
A Pocket Guide
ISBN 978 90 8753 6961
Archimate is simple but comprehensive enough
to provide a good structuring mechanism
Archimate incorporates modern ideas of the
service orientation paradigm
Off cial pocket version from the globally
respected The Open Group
Archimate
2.0 Specifcation
ISBN 978 90 8753 692 3
Archimate is simple but comprehensive enough
to provide a good structuring mechanism
The two enterprise architecture standards of
The Open Group complement each other
Tool support for the ArchiMate language is
already commercially available
Languages: English
English
29,95
Languages: English
Languages: English
English
15,95
English
37,95
NEW
NEW
156
Wegwijzer voor methoden bij
Enterprise-architectuur
ISBN 978 90 8753 097 6
Dit boek is ontwikkeld vanuit de afdeling
Architectuur van het Ngi
Ondersteuning bij het kiezen en gebruiken van
elf enterprise-architectuurmethoden
Bevat interviews met toonaangevende
anterprise-architecten
English
22,50
Sturen op samenhang op basis van GEA
ISBN 978 90 8753 406 6
Dit boek beschrijft het framework General
Enterprise Architecturing (GEA)
Verslag van de totstandkoming van dit nieuwe
gedachtegoed
Duidelijke uitleg en praktische toepassing aan
de hand van praktijksituaties
Dutch
39,95
Bedrijfsarchitectuur - Werken aan een
samenhangende bedrijfsinrichting
ISBN 978 90 8753 353 3
Een boek over bedrijfsarchitectuur bestemd
voor managers n informatiemanagers
Beschrijft werkzame oplossingen voor
bedrijfsarchitectuur
Gebaseerd op jarenlange ervaring van de
auteurs en in uiteenlopende organisaties
Dutch
44,95
157
Beter met Architectuur
Een integrale aanpak van de informatievoorziening in
de Zorgsector
ISBN 978 90 8753 625 1
Dit boek gaat over de algemene
informatievoorziening in de zorg
Juiste informatie op de juiste plaats
beschikbaar stellen
Dit boek gaat ook over informatietechnologie
(IT) in de zorg
Dutch
22,50
158
Project Management
Project Management based on
PRINCE
2009 Edition
ISBN 978 90 8753 496 7
This book is the off cially licensed material for
PRINCE2 2009
Contains lists serving as reference material for
all project types and sizes
Pass your PRINCE2 Foundation exams,
endorsed by APMG
PRINCE2 2009 Edition -
A Pocket Guide
ISBN 978 90 8753 544 5
This pocket guide is based on PRINCE2 2009
Edition
Quick introduction and structured overview of
the PRINCE2 method
This pocket guide is endorsed by APMG, the
OGC Accreditor
Passing the PRINCE2 2009 Edition
Foundation exam Exam guide
ISBN 978 90 8753 622 0
Basic understanding of the PRINCE2 method
and to pass the PRINCE2 foundation exam
The content of this book is based on
PRINCE2 2009 Edition
For the exam specif cations this book has been
based on the PRINCE2 2009 - Syllabus V1.1.
Languages: English, Dutch, German, French
Languages: English
English
29,95
English
15,95
English
22,50
159
Project Management
PRINCE2 2009 Edition -
Quick Reference Card
ISBN 978 90 8753 565 0
Summary and visual overview of PRINCE2
2009 approach
Reference cards for anyone using or learning
PRINCE2 in one handy fold out
Only available per set of 5 Quick Reference
Cards
PRINCE2 in Practice: A practical
approach to creating project
management documents
ISBN 978 90 8753 328 1
A practical approach for formal reporting in
management documents
Provides the reader with practical help for
implementing PRINCE2
Also great for post training implementation
guidance
PRINCE2 voor opdrachtgevers
Management Guide - 4
de
druk
ISBN 978 90 8753 304 5
Vierde druk, aangepast aan PRINCE2 Editie
2009
Vijf principes van succesvol
opdrachtgeverschap
Bestemd voor zowel opdrachtgevers als
projectmanagers
Languages: English, German
Languages: English
English
29,95
English
29,95
Dutch
22,50
160
Project Management
PRINCE2 in de Praktijk -
Management Guide-
7 valkuilen, 100 tips
ISBN 978 90 8753 305 2
Praktische toepassing van PRINCE2 Editie
2009
Door 7 valkuilen en 100 tips wordt de
methode hanteerbaarder
Een must-have voor alle professionals die
betrokken zijn bij PRINCE2-projecten
Effectief sturing geven aan Projecten -
Praktische handvatten voor
opdrachtgevers
ISBN 978 90 8753 493 6
Goed opdrachtgeverschap is belangrijk voor
het slagen van projecten
Voor iedereen die opdrachtgever wil worden
van n of meer projecten
Boek is methodeonafhankelijk te gebruiken
(maar heeft als uitgangspunt PRINCE2)
Dutch
22,50
Dutch
29,95
161
Project Management
MINCE
A Framework for
Organizational Maturity
ISBN 978 90 8753 047 1
Maturity is in effect the sum total of a
corporation
How do organizations achieve and maintain
competitive advantage
Explains how to meet and take advantage of
change
Organisaties Veranderen met
Programmas
Bruggen slaan tussen lijn en projecten
ISBN 978 90 8753 227 7
Hoe overheid en bedrijfsleven externe
uitdagingen en eigen ambities realiseren
Op basis van onderzoek naar de praktijk van
grootschalige verandertrajecten
Identif catie van de succesfactoren en
voorwaarden
Verandermanagement
Basisprincipes en praktijk
ISBN 978 90 8753 689 3
Alle belangrijke zaken die te maken hebben met
veranderingen in organisaties
Belangrijkste theorien en opvattingen over
verandermanagement
Het is een onmisbaar studieboek voor het
examen Change Management Foundation
Languages: English
English
39,95
Dutch
39,95
Dutch
29,95
NEW
162
Project Management
De weg naar projectsucces 4de druk -
Resultaat bereiken met mensen
ISBN 978 90 8753 311 3
Alweer de vierde herziene druk van deze
klassieker in projectmanagement
Ruim aandacht voor de meest recente
ontwikkelingen in projectmanagement
De toenemende invloed van het Anglo-
Amerikaanse managementdenken
Dutch
39,95
Better practices of Project
management based on IPMA-C and
IPMA-D
ISBN 978 90 8753 647 3
Essential study book for anyone studying for the
IPMA-D or IPMA-C exams
Provides the theoretical and practical
background on all 46 competence elements
Based on the leading literature in Project
Management
Competence profles, Certifcation
levels and Functions in the project
management feld - Based on ICB
version 3 - 2nd revised edition
ISBN 978 90 8753 683 1
Reference model for the development of
function prof les for the PMO
Complete function building for the project
management f eld
This off cial publication is endorsed by IPMA
Chapter NL
Languages: English
English
69,95
English
22,50
163
Project Management
NCB versie 3 Nederlandse
Competence Baseline
ISBN 978 90 8753 026 6
Versie 3 van de Nederlandse Competence
Baseline (NCB)
Bevat de belangrijkste onderwerpen en
aspecten van projectmanagement
Beschrijft de hoofdlijnen van het
certif ceringproces van IPMA
Languages: Nederlands, gebonden
English
39,95
Wegwijzer voor methoden bij
Projectmanagement - 2de geheel
herziene druk
ISBN 978 90 8753 639 8
Objectieve vergelijking van de 10 grootste
Nederlandse methoden
Combinatie van kwalitatieve en kwantitatieve
benadering
De mogelijkheid om alleen delen van een
methode te gebruiken die zinvol zijn
copy, eBook
Dutch
39,95
Wegwijzer voor modellen voor
organisatievolwassenheid bij
projectmanagement
ISBN 978 90 8753 168 3
Beschrijft individuele kenmerken van de vier
belangrijkste volwassenheidsmodellen
Legt uit hoe de geselecteerde
volwassenheidsmodellen zich verhouden
Geeft aan wat de sterke en zwakke kanten van
de geselecteerde volwassenheidsmodellen zijn
copy, eBook
Dutch
29,95
164
Project Management
Projectmanagement op basis van NCB
versie 3 IPMA-C en IPMA-D 2de druk
ISBN 978 90 8753 670 1
Het eerste en enige boek met de volledige
leerstof voor IPMA-C en IPMA-D
In deze tweede druk is de inhoud aangepast
aan de nieuwe CITO-eindtermen, versie 2011
Voor iedereen die in aanraking komt met
projectmanagement
Projectmanagement voor het
HBO obv IPMA-D
Voor iedereen die zich wil opleiden voor
projectmanagement
Bestaat uit een theorieboek, bijbehorend
werkboek en een website
Opzet van het theorieboek is in de volgorde
waarin een project wordt aangepakt
Projectmanagement voor het HBO op
basis van IPMA-D - Theorieboek
ISBN 978 90 8753 497 4
Projectmanagement voor het HBO obv
IPMA-D - Werkboek
ISBN 978 90 8753 498 1
copy, eBook
copy, eBook
Dutch
39,95
Dutch
25,00
English
69,95
165
Project Management
A Pocket Companion to PMIs
PMBOK
Guide (updated version)

PM series
ISBN 978 90 8753 697 8
This Pocket Edition supplies a summary of the
PMBOK Guide
This pocket guide is based on the PMBOK
Guide Fourth Edition;
Deals with the key issues and themes within
project management and PMBOK
A Guide to the Project Management
Body of Knowledge (PMBoK
Guide)
4th edition - Nederlandstalige uitgave
PM series
ISBN 978 90 8753 307 6
De de-facto standaard voor
projectmanagement-professionals
Bevat de basisgebruiken op het gebied van
projectmanagement
Nederlandse vertaling van de vierde druk van
de internationale bestseller
Lexicon voor Project-, programma
en portfoliomanagement
Management Guide
PM series
ISBN 978 90 8753 326 7
Bevat 540 specif eke termen en 30
acroniemen uit de dagelijkse praktijk
Om het uniforme gebruik van deze termen en
acroniemen te stimuleren
Is bedoeld voor project-, programma- en
portfoliomanagers en hun opdrachtgevers
Languages: English,
German
Available formats:
hard copy, eBook
copy, eBook
copy, eBook
English
15,95
English
54,95
Dutch
22,50
166
Project Management
DSDM - Een introductie - DSDM versie
4.2 en Atern versie 1.0
ISBN 978 90 77212 73 8
Het eerste Nederlandstalige boek dat een
volledige beschrijving biedt van DSDM
Het boek bestaat uit een theorie en een praktijk
deel
Het boek vormt een goede basis om Atern te
leren kennen, de opvolger van DSDM.
Het Project Management Offce
Management Guide
ISBN 978 90 8753 134 8
Bij projectmanagement moet ook de (lijn)
organisatie meegroeien
Hoe zou een PMO binnen een organisatie er uit
moeten zien
Project Support biedt meer dan alleen een
uitvoerend karakter
Project Management Offce
implementeren op basis van P3O
ISBN 978 90 8753 546 9

Voor iedereen die betrokken is bij de opzet of
inrichting van een PMO
Biedt handvatten voor het effectief besturen en
inrichten van een veranderorganisatie
Uitleg op welke wijze 3PO organisaties
ondersteuning kan bieden
copy, eBook
copy, eBook
copy, eBook
Dutch
29,95
Dutch
22,50
Dutch
22,50
167
Program Management
Programmamanagement op basis van
MSP MSP Edition 2007
ISBN 978 90 8753 141 6
Deze nieuwe druk is aangepast aan MSP
Edition 2007
Inhoud van dit boek is een uitstekende
voorbereiding op het MSP Foundation examen
Mede door de bijlagen een onmisbaar
naslagwerk voor MSP
MSP 2011 Edition
Quick Reference Card (Set of 5)
ISBN 978 90 8753 684 8
Visual and textual summary of MSP 2011
Edition approach
Reference cards combined in one handy fold
out
Endorsed by Best Practice User GROUP NL
and ideal for training purposes
Programmamanagement op basis van
MSP 2011 Edition
ISBN 978 90 8753 691 6
Deze nieuwe druk is aangepast aan MSP 2011
Edition;
De inhoud van dit boek is een uitstekende
voorbereiding op het MSP Foundation examen
Toegankelijke inhoud door heldere tekst en vele
afbeeldingen
Languages: English
Dutch
39,95
Dutch
39,95
29,95
per set
NEW
NEW
168
Risk Management
Risk Management:
The Open Group Guide
ISBN 978 90 8753 663 3
Supports many approaches: COSO, ITIL,
ISO/IEC 27002, COBIT, OCTAVE and more
Covers Taxonomy, Risk Assessment and
Application of the FAIR approach
Refers to Information Security: a pivotal issue in
todays market
M_o_R
2010 Edition
Quick Reference Card (Set of 5)
ISBN 978 90 8753 690 9
Visual and textual summary the M_o_R
2010
Edition approach
Reference cards combined in one handy fold
out
Endorsed by Best Practice User GROUP NL
and ideal for training purposes
Risicomanagement op basis van
M_o_R
en NEN/ISO 31000
ISBN 978 90 8753 656 5
Een brede inleiding over de internationale
ontwikkelingen m.b.t. risicomanagement
Nederlandse standaarden: COSO, NEN /
ISO31000:2009 en M_o_R
Ook ter voorbereiding op het M_o_R
Foundation examen
Languages: English
Languages: English
English
29,95
English
22,50
29,95
per set
NEW
NEW
169
Outsourcing
eSourcing Capability Models
(eSCM-Set)
ISBN 978 90 8753 606 0
The ITSqc Series brings readers and users the
ITSqc best practices
Series includes the acclaimed eSCM models on
e-sourcing
Used worldwide by major IT sourcing f rms,
clients and advisors
eSourcing Capability Model
for Client Organizations
(eSCM-CL)
ISBN 978 90 8753 559 9
Supports client organizations to successfully
delegate IT-intensive business activities
Practical details of the full range of client-
organization tasks
Guidance to complement existing quality
models, standards and sourcing frameworks.
eSourcing Capability Model
for Service Providers
(eSCM-SP)
ISBN 978 90 8753 561 2
Provides clients with an objective means of
evaluating the capability of service providers
Offers service providers a standard to
differentiate themselves from competitors
Designed to be used with other well-known
standards and guidance
Languages: English
Available formats:
hard copy, eBook
Languages: English
Available formats:
hard copy, eBook
Languages: English
Available formats:
hard copy, eBook
English
125,-
English
75,00
English
75,00
170
Outsourcing Outsourcing
Contract and Commercial Management
IACCM Series
ISBN 978 90 8753 627 5
A complete Reference Guide for all involved
with Contract and Commercial management
Also enriched with practical guidance and
checklists
Aligns with the off cial IACCM qualif cation and
training
Outsourcing Professional
Body of Knowledge
(OPBOK)
ISBN 978 90 8753 613 8
Aligns with the IAOP COP qualif cation and
training
Gives full guidance on the critical factors in any
outsourcing program
An additional template in Word fomat is also
available
Languages: English
Available formats:
hard copy, eBook
Languages: English
Available formats:
hard copy, eBook
English
59,95
English
49,95
IT Outsourcing
An Introduction
ISBN 978 90 8753 492 9
New, revised edition based on the best
practices in IT Outsourcing
Used as a study guide for introduction courses
in sourcing
Endorsed by Platform Outsourcing Netherlands
(PON)
Languages: English
Available formats:
hard copy, eBook
English
29,95
171
Outsourcing
IT Outsourcing Part 1
Contracting the Partner
ISBN 978 90 8753 030 3
A guide for Procurement Professionals asked
to procure in this specialist area
Ideal background for IT Managers who have to
manage contracts post contract award
Critical skill requirement as organizations focus
on core competencies
IT Outsourcing Part 2:
Managing the Sourcing Contract
Management Guide
ISBN 978 90 8753 616 9
Expert guide to provide practical and concise
advise on best practices
Includes: contractmanagement, governance
frameworks and relationshipmanagement
a collaborative customer-driven business
approach.
Languages: English
Languages: English
Available formats:
hard copy, eBook
English
22,50
English
22,50
172
Outsourcing Outsourcing
Implementing Strategic Sourcing
ISBN 978 90 8753 579 7
Based on experiences in implementing and
sustaining global sourcing
Key guidance on the foundations, management,
risk, governance and legal
Successful principles for business development
from a service provider perspective
Languages: English
English
39,95
Grip op processen in organisaties
2de druk
ISBN 978 90 8753 688 6
Toelichting en voorbeelden van de stappen in
een ontwerpproces.
Legt een relatie tussen het ontwerpen van een
proces en de vervolgstappen bij de inrichting
Het behandelt hoofdlijnen van theoretische
achtergrondkennis
Procesarchitectuur als
veranderinstrument - Strategische
ambities realiseren met
bedrijfsprocessen
ISBN 978 90 8753 550 6
Behandelt de vijf hoofdstappen van de
procesarchitectuur
Complete integrale casus met vele praktische
tips en zicht op de valkuilen
Theoretische achtergrondkennis en een
heldere blik op veranderende organisaties
Dutch
49,95
Dutch
49,95
NEW
173
Business Process Management
Process Management
based on SqEME

ISBN 978 90 8753 136 2
Open standard for developing a processed
centered architecture
Innovativa and practical approach to precess-
centered thinking
For everyone involved in the change process in
a process-driven organization
SqEME
Process Management
A Pocket Guide
ISBN 978 90 8753 137 9
Explains the thearetical and practical essentials
on SqEME
Constitution, Correspondence, Chemistry and
Construction
Practical essentials: supported by real-life case
studies
Languages: English
Languages: English
English
29,95
English
15,95
174
Business Management Business Management
IT voor managers
ISBN 978 90 8753 621 3
Voor iedereen die zelf geen IT-er is maar er wel
meer van wil begrijpen
In korte hoofdstukjes komen uiteenlopende
IT-onderwerpen aan de orde
Alle belangrijke IT-themas in begrijpelijke taal
uitgelegd
Timemanagement:
Slim Taakmanagement -
Op basis van Microsoft Outlook
ISBN 978 90 8753 610 7
Voor mensen die hun eigen productiviteit willen
verhogen
Draagt oplossingen aan voor alledaagste
problemen in het werk en priv
Simpele basistechnieken op een begrijpelijke
manier uitgelegd
English
22,50
English
22,50
175
Business Management
Get ready for Cloud Computing
A comprehensive guide to Virtualization
and Cloud Computing
ISBN 978 90 8753 640 4
An introduction to cloud computing and its
enabling technology.
Explains the visions, concept and models behind
cloud computing.
How you can incorporate them in your
IT infrastructure.
Cloud Computing for Business
The Open Group Series
ISBN 978 90 8753 657 2
The book has been specif cally designed for
business managers
Expertly highlights all the benef ts that can be
achieved via Cloud
The book is published by the globally respected
Open Group
IT Business Management: Solutions
from SAP - A Pocket Guide
ISBN 978 90 8753 620 6
The book covers the globally recognized tool
and discipline
Promotes the concept of running IT like a
business
The book covers risk, resources, IT, supply and
demand
Languages: English
Languages: English
Languages: English
English
29,95
English
39,95
English
15,95
176
Quality Management Quality Management
The Sarbanes-Oxley Act
An Introduction
SOX Series
ISBN 978 90 8753 083 9
This book is a must-have for anyone
implementing SOX
Introduction covers all sections of the
Sarbanes-Oxly Act
Provides actionable advice for implementation
using GASP
The EFQM Excellence Model for
Assessing Organizational Performance
A Management Guide
ISBN 978 90 8753 027 3
Provides a concise history and background of
EFQM
Practical assessment techniques, scoring tools
and comparison tables
Step-by-step guidance on the application of
EFQM
Languages: English
Languages: English
English
39,95
English
22,50
177

Global Standard and Publications

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Global Standard and Publications

Încărcat de

Drepturi de autor:

Formate disponibile

Copyright protected. Use is for Single Users only via a VHP Approved License.

For information and printed versions please see www.vanharen.net

are registered trademarks of The Open Group.

are registered trademarks of ASL BiSL Foundation.

is a registered trademark of the Information Systems Audit and

is a registered trademark of the Cabinet Offce.

is a registered trademark of the Cabinet Offce.

is a registered trademark of the Cabinet Offce.

is a registered trademark of the Cabinet Offce.

is a registered trademark of the Cabinet Offce.

Guide is a registered trademark of the Project Management

is a registered trademark of Stichting SqEME.

is a registered trademark of Sogeti Nederland B.V.

In the current environment with constant changes and almost

Not only do we publish books on Best Practices, we also actively

3.1 Title/def nition

, an Open Group Standard

is an open and independent modelling language

, the worlds most popular Enterprise Architecture

4.1 Title/def nition

(Application Services Library)

6.1 Title/def nition

(Business Information Services Library)

7.1 Title/def nition

7.2 The basics

8.1 Title/def nition

(Capability Maturity Model

Integration) Version 1.3.

, ISO 9001, RUP

9.1 Title/def nition

9.2 The basics

IPMA Competence Baseline

(Certifed Projects Director),

(Certifed Program Manager or Certifed

(Certifed Project Manager)

(Certifed Project Management)

Key concepts that govern the standards are:

ISO/IEC 20000 helps organizations benchmark how they deliver

Organizations can have their IT service management systems

is the most widely accepted approach to IT service

24.1 Title/def nition

was frst published in 2002; its current version is the

25.1 Title/def nition

26.1 Title/def nition

(Managing Successful Programs)

(Managing Successful Programs) is a systematic approach

28.1 Title/def nition method

(Portfolio, Program and Project Offces)

(Portfolio, Program and Project Offces) is a decision

Guide) is a guide providing a comprehensive set

Guide is a publication of the Project Management

Guide - Fourth Edition, was released in December 2008.

Guide is process-based: it describes work as being

Guide is a generic approach that can be applied to any

Guide is not exhaustive: some aspects of

30.1 Title/def nition

(PRojects IN Controlled Environments)

(Managing Successful Programs);

31.1 Title / Def nition

31.2 The basics

is a framework for developing risk-driven enterprise

to fulfll not only

, etc. and industry standards such as ETSI