ISACA has updated its COBIT framework and issued some accompanying guidance to help companies refresh their information and technology governance.
COBIT 2019 updates the 7-year-old COBIT 5 framework to provide a more comprehensive, more practical framework for the management and governance of IT systems. COBIT is a commonly accepted framework for the governance and management of enterprise information and technology, which ISACA says has been downloaded more than 1 million times by enterprises in all sectors around the globe.
With the framework update, ISACA has developed four documents to help companies refresh their IT governance frameworks. An introduction document explains the key concepts of the new framework, and a second document describes 40 core governance and management objectives, along with their related processes and components. A design guide explores design factors that can influence governance, with a workflow for planning a tailored governance system, and an implementation guide provides a roadmap for transition from COBIT 5 to COBIT 2019.
ISACA describes COBIT as “an umbrella framework,” aligning itself to a number of other relevant standards, frameworks, and regulations. The framework is meant to neither copy, nor contradict, other guidance. Instead, it provides equivalent statements or references to related guidance.
“COBIT is the framework that helps us govern and management information and technology,” says Mark Thomas, a COBIT trainer and founder of Escoute Consulting. That includes addressing concerns of cyber-security, he says, like those that surfaced in the latest breach involving Marriott. “This is the latest framework that can help companies either prepare for an attack, reduce the likelihood, or increase their responsiveness.”
ISACA is an organization of professionals in IT audit, risk, governance, and security. Its frameworks have formed the backbone of IT governance for commercial enterprises for at least two decades.