Cobit 5

Download as pdf or txt
Download as pdf or txt
You are on page 1of 3

: Enabling Processes

BAI09 Process Practices, Inputs/Outputs and Activities


Management Practice Inputs Outputs
BAI09.01 Identify and record current assets. From Description Description To
Maintain an up-to-date and accurate record of all
BAI03.04 Updates to asset inventory Asset register APO06.01
IT assets required to deliver services and ensure
BAI10.03
alignment with configuration management and financial
management. BAI10.02 Configuration repository Results of physical BAI10.03
inventory checks BAI10.04
DSS05.03
Results of fit-for-purpose APO02.02
reviews
Activities
1. Identify all owned assets in an asset register that records current status. Maintain alignment with the change management and configuration
management processes, the configuration management system, and the financial accounting records.
2. Identify legal, regulatory or contractual requirements that need to be addressed when managing the asset.
3. Verify the existence of all owned assets by performing regular physical and logical inventory checks and reconciliation including the use of software
discovery tools.
4. Verify that the assets are fit for purpose (i.e., in a useful condition).
5. Determine on a regular basis whether each asset continues to provide value and, if so, estimate the expected useful life for delivering value.
6. Ensure accounting for all assets.
Management Practice Inputs Outputs
BAI09.02 Manage critical assets. From Description Description To
Identify assets that are critical in providing service
Communication of planned APO08.04
capability and take steps to maximise their reliability
maintenance downtime
Build, Acquire and Implement

and availability to support business needs.


Maintenance agreements Internal
Activities
1. Identify assets that are critical in providing service capability by referencing requirements in service definitions, SLAs and the configuration
management system.
2. Monitor performance of critical assets by examining incident trends and, where necessary, take action to repair or replace.
3. On a regular basis, consider the risk of failure or need for replacement of each critical asset.
4. Maintain the resilience of critical assets by applying regular preventive maintenance, monitoring performance, and, if required, providing alternative
and/or additional assets to minimise the likelihood of failure.
5. Establish a preventive maintenance plan for all hardware, considering cost-benefit analysis, vendor recommendations, risk of outage, qualified
personnel and other relevant factors.
6. Establish maintenance agreements involving third-party access to organisational IT facilities for on-site and off-site activities (e.g., outsourcing).
Establish formal service contracts containing or referring to all necessary security conditions, including access authorisation procedures, to ensure
compliance with the organisational security policies and standards.
7. Communicate to affected customers and users the expected impact (e.g., performance restrictions) of maintenance activities.
8. Ensure that remote access services and user profiles (or other means used for maintenance or diagnosis) are active only when required.
9. Incorporate planned downtime in an overall production schedule, and schedule the maintenance activities to minimise the adverse impact on
business processes.

164
Chapter 5
COBIT 5 Process Reference Guide Contents

BAI09 Process Practices, Inputs/Outputs and Activities (cont.)


Management Practice Inputs Outputs
BAI09.03 Manage the asset life cycle. From Description Description To
Manage assets from procurement to disposal to ensure
Approved asset Internal
that assets are utilised as effectively and efficiently as
procurement requests
possible and are accounted for and physically protected.
Updated asset register BAI10.03
Authorised asset BAI10.03
retirements
Activities
1. Procure all assets based on approved requests and in accordance with the enterprise procurement policies and practices.
2. Source, receive, verify, test and record all assets in a controlled manner, including physical labelling, as required.
3. Approve payments and complete the process with suppliers according to agreed-on contract conditions.
4. Deploy assets following the standard implementation life cycle, including change management and acceptance testing.
5. Allocate assets to users, with acceptance of responsibilities and sign-off, as appropriate.
6. Reallocate assets whenever possible when they are no longer required due to a change of user role, redundancy within a service, or retirement
of a service.
7. Dispose of assets when they serve no useful purpose due to retirement of all related services, obsolete technology or lack of users.
8. Dispose of assets securely, considering, e.g., the permanent deletion of any recorded data on media devices and potential damage to the environment.
9. Plan, authorise and implement retirement-related activities, retaining appropriate records to meet ongoing business and regulatory needs.
Management Practice Inputs Outputs
BAI09.04 Optimise asset costs. From Description Description To
Regularly review the overall asset base to identify

Build, Acquire and Implement


Results of cost APO02.02
ways to optimise costs and maintain alignment with
optimisation reviews
business needs.
Opportunities to reduce APO02.02
asset costs or
increase value
Activities
1. On a regular basis, review the overall asset base, considering whether it is aligned with business requirements.
2. Assess maintenance costs, consider reasonableness, and identify lower-cost options, including, where necessary, replacement with new alternatives.
3. Review warranties and consider value for money and replacement strategies to determine lowest-cost options.
4. Review the overall base to identify opportunities for standardisation, single sourcing, and other strategies that may lower procurement, support and
maintenance costs.
5. Use capacity and utilisation statistics to identify underutilised or redundant assets that could be considered for disposal or replacement to lower costs.
6. Review the overall state to identify opportunities to leverage emerging technologies or alternative sourcing strategies to reduce costs or increase value
for money.

165
: Enabling Processes

BAI09 Process Practices, Inputs/Outputs and Activities (cont.)


Management Practice Inputs Outputs
BAI09.05 Manage licences. From Description Description To
Manage software licences so that the optimal number of
Register of software BAI10.02
licences is maintained to support business requirements
licences
and the number of licences owned is sufficient to cover
the installed software in use. Results of installed MEA03.03
licence audits
Action plan to adjust APO02.05
licence numbers
and allocations
Activities
1. Maintain a register of all purchased software licences and associated licence agreements.
2. On a regular basis, conduct an audit to identify all instances of installed licenced software.
3. Compare the number of installed software instances with the number of licences owned.
4. When instances are lower than the number owned, decide whether there is a need to retain or terminate licences, considering the potential to save on
unnecessary maintenance, training and other costs.
5. When instances are higher than the number owned, consider first the opportunity to uninstall instances that are no longer required or justified, and
then, if necessary, purchase additional licences to comply with the licence agreement.
6. On a regular basis, consider whether better value can be obtained by upgrading products and associated licences.

BAI09 Related Guidance


Related Standard Detailed Reference
Build, Acquire and Implement

ITIL V3 2011 Service Transition, 4.3 Service Asset and Configuration Management

166

You might also like