COBIT Framework

  1. COBIT EDM01.01 - Evaluate the governance system.
  2. COBIT EDM01.02 - Direct the governance system.
  3. COBIT EDM01.03 - Monitor the governance system.
  4. COBIT EDM02.01 - Establish the target investment mix.
  5. COBIT EDM02.02 - Evaluate value optimization.
  6. COBIT EDM02.03 - Direct value optimization.
  7. COBIT EDM02.04 - Monitor value optimization.
  8. COBIT EDM03.01 - Evaluate risk management.
  9. COBIT EDM03.02 - Direct risk management.
  10. COBIT EDM03.03 - Monitor risk management.
  11. COBIT EDM04.01 - Evaluate resource management.
  12. COBIT EDM04.02 - Direct resource management.
  13. COBIT EDM04.03 - Monitor resource management.
  14. COBIT EDM05.01 - Evaluate stakeholder engagement and reporting requirements.
  15. COBIT EDM05.02 - Direct stakeholder engagement, communication and reporting.
  16. COBIT EDM05.03 - Monitor stakeholder engagement.
  17. COBIT APO01.01 - Design the management system for enterprise I&T.
  18. COBIT APO01.02 - Communicate management objectives, direction and decisions made.
  19. COBIT APO01.03 - Implement management processes 
  20. COBIT APO01.04 - Define and implement the organizational structures.
  21. COBIT APO01.05 - Establish roles and responsibilities.
  22. COBIT APO01.06 - Optimize the placement of the IT function.
  23. COBIT APO01.07 - Define information (data) and system ownership.
  24. COBIT APO01.08 - Define target skills and competencies.
  25. COBIT APO01.09 - Define and communicate policies and procedures.
  26. COBIT APO01.10 - Define and implement infrastructure, services and applications to support the governance and management system.
  27. COBIT APO01.11 - Manage continual improvement of the I&T management system.
  28. COBIT APO02.01 - Understand enterprise context and direction.
  29. COBIT APO02.02 - Assess current capabilities, performance and digital maturity of the enterprise.
  30. COBIT APO02.03 - Define target digital capabilities.
  31. COBIT APO02.04 - Conduct a gap analysis.
  32. COBIT APO02.05 - Define the strategic plan and road map.
  33. COBIT APO02.06 - Communicate the I&T strategy and direction.
  34. COBIT APO03.01 - Develop the enterprise architecture vision.
  35. COBIT APO03.02 - Define reference architecture.
  36. COBIT APO03.03 - Select opportunities and solutions.
  37. COBIT APO03.04 - Define architecture implementation.
  38. COBIT APO03.05 - Provide enterprise architecture services.
  39. COBIT APO04.01 - Create an environment conducive to innovation.
  40. COBIT APO04.02 - Maintain an understanding of the enterprise environment.
  41. COBIT APO04.03 - Monitor and scan the technology environment.
  42. COBIT APO04.04 - Assess the potential of emerging technologies and innovative ideas.
  43. COBIT APO04.05 - Recommend appropriate further initiatives.
  44. COBIT APO04.06 - Monitor the implementation and use of innovation.
  45. COBIT APO05.01 - Determine the availability and sources of funds.
  46. COBIT APO05.02 - Evaluate and select programs to fund.
  47. COBIT APO05.03 - Monitor, optimize and report on investment portfolio performance.
  48. COBIT APO05.04 - Maintain portfolios.
  49. COBIT APO05.05 - Manage benefits achievement.
  50. COBIT APO06.01 - Manage finance and accounting.
  51. COBIT APO06.02 - Prioritize resource allocation.
  52. COBIT APO06.03 - Create and maintain budgets.
  53. COBIT APO06.04 - Model and allocate costs.
  54. COBIT APO06.05 - Manage costs.
  55. COBIT APO07.01 - Acquire and maintain adequate and appropriate staffing.
  56. COBIT APO07.02 - Identify key IT personnel.
  57. COBIT APO07.03 - Maintain the skills and competencies of personnel.
  58. COBIT APO07.04 - Assess and recognize/reward employee job performance.
  59. COBIT APO07.05 - Plan and track the usage of IT and business human resources.
  60. COBIT APO07.06 - Manage contract staff.
  61. COBIT APO08.01 - Understand business expectations.
  62. COBIT APO08.02 - Align I&T strategy with business expectations and identify opportunities for IT to enhance the business.
  63. COBIT APO08.03 - Manage the business relationship.
  64. COBIT APO08.04 - Coordinate and communicate.
  65. COBIT APO08.05 - Provide input to the continual improvement of services.
  66. COBIT APO09.01 - Identify I&T services.
  67. COBIT APO09.02 - Catalog I&T-enabled services.
  68. COBIT APO09.03 - Define and prepare service agreements.
  69. COBIT APO09.04 - Monitor and report service levels.
  70. COBIT APO09.05 - Review service agreements and contracts.
  71. COBIT APO10.01 - Identify and evaluate vendor relationships and contracts.
  72. COBIT APO10.02 - Select vendors.
  73. COBIT APO10.03 - Manage vendor relationships and contracts.
  74. COBIT APO10.04 - Manage vendor risk.
  75. COBIT APO10.05 - Monitor vendor performance and compliance.
  76. COBIT APO11.01 - Establish a quality management system (QMS).
  77. COBIT APO11.02 - Focus quality management on customers.
  78. COBIT APO11.03 - Manage quality standards, practices and procedures and integrate quality management into key processes and solutions.
  79. COBIT APO11.04 - Perform quality monitoring, control and reviews.
  80. COBIT APO11.05 - Maintain continuous improvement.
  81. COBIT APO12.01 - Collect data.
  82. COBIT APO12.02 - Analyze risk.
  83. COBIT APO12.03 - Maintain a risk profile.
  84. COBIT APO12.04 - Articulate risk.
  85. COBIT APO12.05 - Define a risk management action portfolio.
  86. COBIT APO12.06 - Respond to risk.
  87. COBIT APO13.01 - Establish and maintain an information security management system (ISMS).
  88. COBIT APO13.02 - Define and manage an information security risk treatment plan.
  89. COBIT APO13.03 - Monitor and review the information security management system (ISMS).
  90. COBIT APO14.01 - Define and communicate the organization's data management strategy and roles and responsibilities.
  91. COBIT APO14.02 - Define and maintain a consistent business glossary.
  92. COBIT APO14.03 - Establish the processes and infrastructure for metadata management.
  93. COBIT APO14.04 - Define a data quality strategy.
  94. COBIT APO14.05 - Establish data profiling methodologies, processes and tools.
  95. COBIT APO14.06 - Ensure a data quality assessment approach.
  96. COBIT APO14.07 - Define the data cleansing approach.
  97. COBIT APO14.08 - Manage the life cycle of data assets.
  98. COBIT APO14.09 - Support data archiving and retention.
  99. COBIT APO14.10 - Manage data backup and restore arrangements.
  100. COBIT BAI01.01 - Maintain a standard approach for program management.
  101. COBIT BAI01.02 - Initiate a program.
  102. COBIT BAI01.03 - Manage stakeholder engagement.
  103. COBIT BAI01.04 - Develop and maintain the program plan.
  104. COBIT BAI01.05 - Launch and execute the program.
  105. COBIT BAI01.06 - Monitor, control and report on the program outcomes.
  106. COBIT BAI01.07 - Manage program quality.
  107. COBIT BAI01.08 - Manage program risk.
  108. COBIT BAI01.09 - Close a program.
  109. COBIT BAI02.01 - Define and maintain business functional and technical requirements.
  110. COBIT BAI02.02 - Perform a feasibility study and formulate alternative solutions.
  111. COBIT BAI02.03 - Manage requirements risk.
  112. COBIT BAI02.04 - Obtain approval of requirements and solutions.
  113. COBIT BAI03.01 - Design high-level solutions.
  114. COBIT BAI03.02 - Design detailed solution components.
  115. COBIT BAI03.03 - Develop solution components.
  116. COBIT BAI03.04 - Procure solution components.
  117. COBIT BAI03.05 - Build solutions.
  118. COBIT BAI03.06 - Perform quality assurance (QA).
  119. COBIT BAI03.07 - Prepare for solution testing.
  120. COBIT BAI03.08 - Execute solution testing.
  121. COBIT BAI03.09 - Manage changes to requirements.
  122. COBIT BAI03.10 - Maintain solutions.
  123. COBIT BAI03.11 - Define IT products and services and maintain the service portfolio.
  124. COBIT BAI03.12 - Design solutions based on the defined development methodology.
  125. COBIT BAI04.01 - Assess current availability, performance and capacity and create a baseline.
  126. COBIT BAI04.02 - Assess business impact.
  127. COBIT BAI04.03 - Plan for new or changed service requirements.
  128. COBIT BAI04.04 - Monitor and review availability and capacity.
  129. COBIT BAI04.05 - Investigate and address availability, performance and capacity issues.
  130. COBIT BAI05.01 - Establish the desire to change.
  131. COBIT BAI05.02 - Form an effective implementation team.
  132. COBIT BAI05.03 - Communicate desired vision.
  133. COBIT BAI05.04 - Empower role players and identify short-term wins.
  134. COBIT BAI05.05 - Enable operation and use.
  135. COBIT BAI05.06 - Embed new approaches.
  136. COBIT BAI05.07 - Sustain changes.
  137. COBIT BAI06.01 - Evaluate, prioritize and authorize change requests.
  138. COBIT BAI06.02 - Manage emergency changes.
  139. COBIT BAI06.03 - Track and report change status.
  140. COBIT BAI06.04 - Close and document the changes.
  141. COBIT BAI07.01 - Establish an implementation plan.
  142. COBIT BAI07.02 - Plan business process, system and data conversion.
  143. COBIT BAI07.03 - Plan acceptance tests.
  144. COBIT BAI07.04 - Establish a test environment.
  145. COBIT BAI07.05 - Perform acceptance tests.
  146. COBIT BAI07.06 - Promote to production and manage releases.
  147. COBIT BAI07.07 - Provide early production support.
  148. COBIT BAI07.08 - Perform a post-implementation review.
  149. COBIT BAI08.01 - Identify and classify sources of information for governance and management of I&T.
  150. COBIT BAI08.02 - Organize and contextualize information into knowledge.
  151. COBIT BAI08.03 - Use and share knowledge.
  152. COBIT BAI08.04 - Evaluate and update or retire information.
  153. COBIT BAI09.01 - Identify and record current assets.
  154. COBIT BAI09.02 - Manage critical assets.
  155. COBIT BAI09.03 - Manage the asset life cycle.
  156. COBIT BAI09.04 - Optimize asset value.
  157. COBIT BAI09.05 - Manage licenses.
  158. COBIT BAI10.01 - Establish and maintain a configuration model.
  159. COBIT BAI10.02 - Establish and maintain a configuration repository and baseline.
  160. COBIT BAI10.03 - Maintain and control configuration items.
  161. COBIT BAI10.04 - Produce status and configuration reports.
  162. COBIT BAI10.05 - Verify and review integrity of the configuration repository.
  163. COBIT BAI11.01 - Maintain a standard approach for project management.
  164. COBIT BAI11.02 - Start up and initiate a project.
  165. COBIT BAI11.03 - Manage stakeholder engagement.
  166. COBIT BAI11.04 - Develop and maintain the project plan.
  167. COBIT BAI11.05 - Manage project quality.
  168. COBIT BAI11.06 - Manage project risk.
  169. COBIT BAI11.07 - Monitor and control projects.
  170. COBIT BAI11.08 - Manage project resources and work packages.
  171. COBIT BAI11.09 - Close a project or iteration.
  172. COBIT DSS01.01 - Perform operational procedures.
  173. COBIT DSS01.02 - Manage outsourced I&T services.
  174. COBIT DSS01.03 - Monitor I&T infrastructure.
  175. COBIT DSS01.04 - Manage the environment.
  176. COBIT DSS01.05 - Manage facilities.
  177. COBIT DSS02.01 - Define classification schemes for incidents and service requests.
  178. COBIT DSS02.02 - Record, classify and prioritize requests and incidents.
  179. COBIT DSS02.03 - Verify, approve and fulfill service requests.
  180. COBIT DSS02.04 - Investigate, diagnose and allocate incidents.
  181. COBIT DSS02.05 - Resolve and recover from incidents.
  182. COBIT DSS02.06 - Close service requests and incidents.
  183. COBIT DSS02.07 - Track status and produce reports.
  184. COBIT DSS03.01 - Identify and classify problems.
  185. COBIT DSS03.02 - Investigate and diagnose problems.
  186. COBIT DSS03.03 - Raise known errors.
  187. COBIT DSS03.04 - Resolve and close problems.
  188. COBIT DSS03.05 - Perform proactive problem management.
  189. COBIT DSS04.01 - Define the business continuity policy, objectives and scope.
  190. COBIT DSS04.02 - Maintain business resilience.
  191. COBIT DSS04.03 - Develop and implement a business continuity response.
  192. COBIT DSS04.04 - Exercise, test and review the business continuity plan (BCP) and disaster response plan (DRP).
  193. COBIT DSS04.05 - Review, maintain and improve the continuity plans.
  194. COBIT DSS04.06 - Conduct continuity plan training.
  195. COBIT DSS04.07 - Manage backup arrangements.
  196. COBIT DSS04.08 - Conduct post-resumption review.
  197. COBIT DSS05.01 - Protect against malicious software.
  198. COBIT DSS05.02 - Manage network and connectivity security.
  199. COBIT DSS05.03 - Manage endpoint security.
  200. COBIT DSS05.04 - Manage user identity and logical access.
  201. COBIT DSS05.05 - Manage physical access to I&T assets.
  202. COBIT DSS05.06 - Manage sensitive documents and output devices.
  203. COBIT DSS05.07 - Manage vulnerabilities and monitor the infrastructure for security-related events.
  204. COBIT DSS06.01 - Align control activities embedded in business processes with enterprise objectives.
  205. COBIT DSS06.02 - Control the processing of information.
  206. COBIT DSS06.03 - Manage roles, responsibilities, access privileges and levels of authority.
  207. COBIT DSS06.04 - Manage errors and exceptions.
  208. COBIT DSS06.05 - Ensure traceability and accountability for information events.
  209. COBIT DSS06.06 - Secure information assets.
  210. COBIT MEA01.01 - Establish a monitoring approach.
  211. COBIT MEA01.02 - Set performance and conformance targets.
  212. COBIT MEA01.03 - Collect and process performance and conformance data.
  213. COBIT MEA01.04 - Analyze and report performance.
  214. COBIT MEA01.05 - Ensure the implementation of corrective actions.
  215. COBIT MEA02.01 - Monitor internal controls.
  216. COBIT MEA02.02 - Review effectiveness of business process controls.
  217. COBIT MEA02.03 - Perform control self-assessments.
  218. COBIT MEA02.04 - Identify and report control deficiencies.
  219. COBIT MEA03.01 - Identify external compliance requirements.
  220. COBIT MEA03.02 - Optimize response to external requirements.
  221. COBIT MEA03.03 - Confirm external compliance.
  222. COBIT MEA03.04 - Obtain assurance of external compliance.
  223. COBIT MEA04.01 - Ensure that assurance providers are independent and qualified.
  224. COBIT MEA04.02 - Develop risk-based planning of assurance initiatives.
  225. COBIT MEA04.03 - Determine the objectives of the assurance initiative.
  226. COBIT MEA04.04 - Define the scope of the assurance initiative.
  227. COBIT MEA04.05 - Define the work program for the assurance initiative.
  228. COBIT MEA04.06 - Execute the assurance initiative, focusing on design effectiveness.
  229. COBIT MEA04.07 - Execute the assurance initiative, focusing on operating effectiveness.
  230. COBIT MEA04.08 - Report and follow up on the assurance initiative.
  231. COBIT MEA04.09 - Follow up on recommendations and actions.