在IT Space里,我们谈到的,无非就是下面几类:
* IT Strategy
* Application Development
* Data and Operations Center
* IT-Enabled Services
* Service Desk
而CobiT、CMMI和ITIL,就是一些可供应用的Guidance或,framework或是业界的best practices之类,下面比较它们的详细不同。
先谈CobiT和CMMI(基于CobiT4.1和CMMI for Development 1.2两个当前最新版本).
1、CobiT和CMMI各自覆盖的范畴
COBiT--CMMI Coverage
COBiT
CMMI
Planning and Organization-----Provides direction to solution delivery(AI) and service delivery (DS), This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realisation of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organisation as well as technological infrastructure should be put in place.
CMMI provides light support for achieving organization-wide objectives, but better support for objectives with greater project focus such as requirements, risks, quality, and project mgt.
Acquisition and Implementation-----Provides the solutions and passes them to be turned into services. To realise the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered by this domain to make sure the solutions continue to meet business objectives
CMMI provides excellent coverage for achieving acquisition and implementation objectives
Delivery and Support-----Receives the solutions and makes them usable for end users, This domain is concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities
CMMI’s management processes can be translated to support the management of service levels,third parties, capacity, problems, and data;however continuous operation and user support services are not well covered in CMMI
Monitor and Evaluate-----Monitors all processes to ensure that the direction provided is followed, All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain addresses performance management, monitoring of internal control, regulatory compliance and governance
CMMI provides for monitoring functions at the project level, but does not involve audit controls at the organizational level
2、CMMI各过程域
下表是CMMI for Development 1.2的22个过程域的分组及各自所属的成熟度水平:
连续式分组中的范畴Category
过程域Process Area
阶段式分组中的成熟度Maturity Level
Process Management
流程管理
Organizational Process Focus (OPF) 组织流程焦点
3
Organizational Process Definition +IPPD (OPD+IPPD)组织流程定义
3
Organizational Training (OT) 组织培训
3
Organizational Process Performance (OPP) 组织流程绩效
4
Organizational Innovation and Deployment (OID)组织变革和布署
5
Project Management
项目管理
Project Planning (PP)项目计划
2
Project Monitoring and Control (PMC)项目监控和控制
2
Integrated Project Management +IPPD (IPM+IPPD)集成化项目管理
3
Risk Management (RSKM)风险管理
3
Supplier Agreement Management (SAM)供应商契约(/协议/合同)管理
2
Quantitative Project Management (QPM)项目定量管理
4
Engineering
工程
Requirements Development (RD)需求开发
3
Requirements Management (REQM)需求管理
2
Technical Solution (TS)技术解决方案
3
Product Integration (PI)产品集成
3
Validation (VAL) 确认
3
Verification (VER)验证
3
Support
支撑
Configuration Management (CM)配置管理
2
Process and Product Quality Assurance (PPQA)流程和产品质量保证
2
Measurement and Analysis (MA)度量和分析
2
Decision Analysis and Resolution (DAR)决策分析和解决方案
3
Causal Analysis and Resolution (CAR)因果分析和解决方案
5
3、CobiT各过程域,以及和CMMI的比较
详见下表:
COBiT
CMMI Process Maturity Framework
Plan and Organise
PO1 Define a Strategic IT Plan
CMMI—no clear referent
Level 3 issue
PO2 Define the Information Architecture
CMMI—no clear referent
Level 3 issue
PO3 Determine Technological Direction
CMMI—no clear referent
Level 3 issue
PO4 Define the IT Processes, Organisation and Relationships
CMMI L3—OID,OPD
Level 3 issue
PO5 Manage the IT Investment
CMMI—no clear referent
Level 3 issue
PO6 Communicate Management Aims and Direction
CMMI GP2.1—Policy
Level 2 issue
PO7 Manage IT Human Resources
People CMM
CMMI—OT
Level 3 issue
PO8 Manage Quality
CMMI L2—REQM
CMMI L3—RD, TS, VER, VAL
PO9 Assess and Manage IT Risks
CMMI L2—PP
CMMI L3—RSKM
PO10 Manage Projects
CMMI L2—REQM, PP, PMC
CMMI L3—IPM, RSKM
Acquire and Implement
AI1 Identify Automated Solutions
CMMI L2—REQM, SAM
CMMI L3—RD, TS, RM, DAR,
ISM
AI2 Acquire and Maintain Application Software
CMMI L2—SAM
CMMI L3—RD, TS, VA, IPM, ISM
AI3 Acquire and Maintain Technology Infrastructure
CMMI L2—CM
CMMI L3—RD, TS
AI4 Enable Operation and Use
AI5 Procure IT Resources
CMMI L3—RD, TS
AI6 Manage Changes
CMMI L2—REQM, CM
AI7 Install and Accredit Solutions and Changes
CMMI L3—VER, VAL
Deliver and Support
DS1 Define and Manage Service Levels
CMMI L2—REQM, PP, PMC
CMMI L3—IPM
DS2 Manage Third-party Services
CMMI L2—SAM
CMMI L3—ISM
DS3 Manage Performance and Capacity
CMMI L3—RD, TS
DS4 Ensure Continuous Service
CMMI—no clear referent
Level 2&3 issue
DS5 Ensure Systems Security
CMMI—no clear referent
Level 2&3 issue
DS6 Identify and Allocate Costs
CMMI—no clear referent
Level 3 issue
DS7 Educate and Train Users
People CMM
CMMI L3—OT
DS8 Manage Service Desk and Incidents
CMMI—no clear referent
Level 3 issue
DS9 Manage the Configuration
CMMI L2—CM
DS10 Manage Problems
CMMI—no clear referent
Level 3 issue
DS11 Manage Data
CMMI L2—PP, PMC
DS12 Manage the Physical Environment
People CMM—WE
DS13 Manage Operations
CMMI—no clear referent
Level 3 issue
Monitor and Evaluate
ME1 Monitor and Evaluate IT Performance
CMMI—no clear referent
CMMI L2&3&4 issue,include :
CMMI L4—OPP
CMMI L3—IPM,VAL,VER
CMMI L2—PMC, PPQA
ME2 Monitor and Evaluate Internal Control
ME3 Ensure Compliance With External Requirements
ME4 Provide IT Governance
4、CobiT和CMMI的比较小结
⑴ CMMI and COBIT have different objectives
• COBIT focuses on governance of all IT functions
• CMMI focuses on improving application development processes
⑵ CMMI and COBIT are complementary
• Use COBIT to appraise overall management of IT
• Use CMMI to appraise the maturity of application development
⑶ Use CMMI to guide the implementation of control
processes for
• acquisition and implementation processes
• project management processes
• some delivery and support processes |