CobiT definition:
Organisations have processes for the acquisition, implementation and upgrade of the technology infrastructure. This requires a planned approach to acquisition, maintenance and protection of infrastructure in line with agreed-upon technology strategies and the provision of development and test environments. This ensures that there is ongoing technological support for business applications.
Control over the IT process of
Acquire and maintain technology infrastructure
that satisfies the business requirement for IT of
acquiring and maintaining an integrated and standardised IT infrastructure
by focusing on
providing appropriate platforms for the business applications in line with the defined IT architecture and technology standards
is achieved by
- Producing a technology acquisition plan that aligns to the technology infrastructure plan
- Planning infrastructure maintenance
- Implementing internal control, security and auditability measures
and is measured by
- Percent of platforms that are not in line with the defined IT architecture and technology standards
- Number of critical business processes supported by obsolete (or soon-to-be-obsolete) infrastructure
- Number of infrastructure components that are no longer supportable (or will not be in the near future)
Control objectives:
AI3 Acquire and Maintain Technology Infrastructure
AI3.1 Technological Infrastructure Acquisition Plan
AI3.2 Infrastructure Resource Protection and Availability
AI3.3 Infrastructure Maintenance
AI3.4 Feasibility Test Environment
Check out the links for details on the control objectives.
No related posts.