Establish, implement, and maintain an information technology process framework.
CONTROL ID 13648
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a strategic plan., CC ID: 12784
This Control has the following implementation support Control(s):
Include maturity models in the Information Technology process framework., CC ID: 13652
Include relationships between Information Technology process structures in the Information Technology process framework., CC ID: 13651
Include Information Technology process structures in the Information Technology process framework., CC ID: 13650
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Proper IT operation requires complete and correct acquisition of the present and planned IT systems, e.g. for checking, servicing, troubleshooting and maintenance of IT systems. For drawing up of a security concept it will be sufficient to obtain an overview on the grouped IT systems. (§ 8.1.5 Subsection 1 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
Everything required to deliver, maintain or support networks and information systems necessary for the operation of essential functions is determined and understood. This includes data, people and systems, as well as any supporting infrastructure (such as power or cooling). (A3. ¶ 1, NCSC CAF guidance, 3.1)
Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It s… (PO4.1 IT Process Framework, CobiT, Version 4.1)
