140 likes | 277 Views
Microsoft Operations Framework (MOF) 4.0. GRC and the IT Service Lifecycle. microsoft.com/MOF. What’s Included in This Presentation. MOF 4.0 – Addressing the IT Service Lifecycle. Goals and objectives: ISO 20000. Management perspective: COBIT.
E N D
Microsoft Operations Framework(MOF) 4.0 GRC and the IT Service Lifecycle microsoft.com/MOF
Goals and objectives: ISO 20000 Management perspective: COBIT MOF 4.0 Connects Service Management Standards to Practical Applications for the Community Process description: ITIL v3 Industry Standards Process guidance: MOF 4.0 MOF 4.0 Guidance Solution Accelerators Concepts, Practices Control Frameworks System Center Processes + Guidance + Tools (for Specific Scenarios) Infrastructure Automation Community
Governance GRC Guidance Compliance Risk Management Directives, Policy, Controls More prescriptive
Connect Governance, Risk, and Compliance Governance Addresses strategic planning, business/IT alignment, policy creation, and vision setting Risk tradeoff decisions Compliance with governance rules Who decides, and process to follow Risk tolerance rules Risk Addresses system threats, system vulnerability, protection of IT assets, and risks to management objectives Risk tradeoff decisions (how they were made) Impact of not complying Compliance Addresses adherence to laws, regulations, policies, standards, best practices, and frameworks
GRC Influences All Lifecycle Phases • Aiding decision making, balancing risk/benefit • tradeoffs, identifying accountabilities • Creating a strategy that manages risks and • ensures risk management is appropriate for • the activities at hand • Establishing guardrails for behaviors, • communicating expectations, and validating • performance
Governance, Risk, and Compliance Applied • Governance • Identifies decision makers and stakeholders • Determines accountability for actions and responsibility for outcomes • Addresses how expected performance will be evaluated • Risk • Employs risk management throughout the IT lifecycle: • • Business decisions • Policy adherence • • Application development • Operational procedures • Compliance • Guides behavior to make sure what takes place is what was intended • Shows how IT is performing against objectives
IT Governance • Governance determines how IT makes investments, contributes to value, and achieves goals and management objectives • Good Governance: • Manages IT services in a regulatory environment • Focuses on cost efficiencies and value contribution • Provides insight into organizational processes that result in continuous improvement and optimization initiatives
Risk Management • Risk management drives a structured approach to identifying, assessing, and managing potential threats to assets or the achievement of strategic goals • Good risk management: • Drives consistent, recurring, and comprehensive reviews of IT plans, initiatives, projects, and activities • Results in clear risk management decisions • Produces activities and internal controls that reduce risk likelihood or impact
Compliance establishes rules, guidelines, and communications to ensure an organization’s requirements are known and followed • Good compliance: • Ensures management intentions are realized • Establishes evaluation when expectations are set • Allows for effective monitoring Compliance
Make MOF GRC Work for You Features: • Specific goals, outcomes, and measures in each SMF • Clearly identified accountabilities and role types for each SMF • Objectives, risks, and controls outlined for each phase • Management reviews function as management controls • Benefits: • Clearly established accountabilities • Effective risk management • Compliance with policies, laws, and regulations
Resources • MOF Home Page: www.microsoft.com/mof • Compliance Home Page: www.microsoft.com/compliance • IT Compliance Management Guide: www.microsoft.com/downloads/details.aspx?FamilyId=BD930882-0D39-4900-9A79-B91F213ED15D&displaylang=en • Solution Accelerators Home Page: www.microsoft.com/solutionaccelerators • Contact Email: MOFpm@microsoft.com