Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business ITSM An Overview of the COBIT Framework
ITSM

An Overview of the COBIT Framework

By SolarWinds MSP
17 April, 2019

For decades, managing IT functions has been an integral part of successfully achieving business goals. These functions have evolved over time, and today, considerations relating to cloud computing, big data, and mobility are the keys to success for many organizations. Of course, businesses want to take advantage of the latest tech capabilities. But the key to using IT successfully is actually more fundamental: adhering to IT governance best practices. For that, businesses large and small may want to turn to defined IT governance frameworks like COBIT. 

When it comes to incorporating IT functions, challenging questions can arise for business leaders, administrators in various departments, and, of course, IT professionals, whether in-house or managed services providers (MSPs). In every industry, organizations need frameworks to help implement governance strategies across siloed departments. At the same time, MSPs must be aware of how businesses use COBIT, and how their responsibilities and scope may be informed by customers’ IT governance frameworks. 

What is the COBIT framework? 

The COBIT acronym originally stood for “Control Objectives for Information and Related Technology,” although this longer version of the name is no longer used. The framework was originally developed by Information Systems Audit and Control Association (ISACA) in 1996, and focused specifically on financial auditing in IT environments. The second-most-recent version (from 2012), COBIT 5, incorporated governance activities like ISO 38500 and other ISACA frameworks while emphasizing IT governance for business success. A 2013 add-on included more information for risk management. 

The COBIT framework provides a set of best-practice controls around information technology, allowing businesses to add value through IT decisions while mitigating possible risks. With COBIT, a business has a high-level roadmap for developing and managing IT governance practices. It’s a supportive tool that bridges the gap between business and technical issues and gives stakeholders better risk management and COBIT compliance around their specific processes. With COBIT, a business gets the metrics, maturity models, and best practices that allow them to measure how objectives and processes are coordinating and succeeding. 

What is COBIT 2019? 

Released in 2018, the most recent version of this IT governance framework, COBIT 2019, is designed to evolve at the pace of modern business and technology. This version will have more frequent updates and will come with flexible, collaborative governance strategies specifically designed to address the rapid deployment of cutting-edge tech. It will also come with new concepts and terminology, including 40 governance and management objectives for better customization of IT governance strategies. 

The 2019 version has incorporated user feedback for several key improvements. This version includes an open-source model that encourages a quicker update cycle. By facilitating better alignment with global standards, this rapid update cycle makes COBIT more relevant across the world. There are now more online, collaborative features for ongoing support and additional tools for measuring IT performance. Other areas of focus include cloud computing and cybersecurity.

The overall structure of COBIT 2019 includes:

  • Introduction and Methodology: This section outlines the basic COBIT principles and explains the framework as a whole. 
  • Governance and Management Objectives: This section discusses the COBIT core model, including the 40 governance and management objectives.  
  • Design Guide: This section goes into depth on how to develop a governance strategy that suits the unique needs of an organization. 
  • Implementation Guide: This section gives best practices for how a business could implement its specific strategy.

COBIT 2019 also includes concepts that are specifically tailored to the needs of small and medium-sized businesses (SMBs). Although COBIT may be more common at the enterprise level, SMBs can also benefit from its principles. For MSPs, this new focus on SMBs means that a broader range of potential clients may look for a tech professional familiar with COBIT. 

What is the purpose of COBIT? 

The ultimate purpose of the COBIT framework is to ensure that IT investments are being prioritized in a way that helps businesses achieve their objectives without incurring additional IT risk. To that end, COBIT focuses on the following concepts: 

  • Frameworks: Good information should support business decisions. IT governance frameworks link IT processes to an enterprise’s requirements. 
  • Process Descriptions: Process-focused specifications are flexible for businesses, but also useful—processes are always results-oriented. These descriptions provide a reference model in a common vernacular that all stakeholders can consider when planning, building, and monitoring.
  • Control Objectives: COBIT encourages businesses to consider objectives around control and responsibility to ensure they can effectively negotiate IT risk.
  • Management Guidelines: A business needs a set of tools for assigning responsibility, as well as for self-assessing and approving IT measures. COBIT provides metrics to assess proper performance.
  • Maturity Models: COBIT maturity models help businesses measure the capability of their processes in order to understand their progress and set priorities for improvement. 

All these focal points help business leaders identify responsibility through their organization, then use clearer communication to build and monitor high-level IT implementation. With COBIT, a business has a single roadmap for governance, risk, and compliance, as well as better insights into their ROI on IT services. For a new company, using a framework like COBIT may help fast-track their IT success without missing important elements. 

Compared with other IT governance frameworks, COBIT has a specific focus on security, risk management, and information governance. COBIT 2019 does not emphasize figuring out IT strategies and architecture, but instead focuses on governing and managing IT across an organization. It doesn’t help a business perform specific IT functions but takes a higher-level approach to implementing information technology for business success. 

The COBIT framework isn’t just for an IT department or MSP—in fact, it’s designed to be used throughout a business. Technology is an integral part of processes across many organizations and operations; marketing, sales, HR, administration, and more may use or manage certain IT functions. These parts of the business are also accountable as “process owners,” and must have some responsibility for the IT deployed within their operations. They will still look for guidance from an IT professional, of course, but COBIT can give them a framework that helps control the activities within their specific department and ensure their use of IT helps them achieve business objectives while mitigating risk. 

For an MSP, it’s important to figure out which IT decision rights they have. Ideally, they will be granted enough decision-making leeway to fulfill their contracted services according to their typical business model. At the same time, not all IT accountability should rest on an MSP’s shoulders—something the COBIT model makes clear—and departments throughout a business should recognize their distinct IT responsibilities.

While it has traditionally been an enterprise-level governance structure, the latest version of COBIT makes provisions for small and medium businesses as well, meaning MSPs may find these guidelines relevant for clients of all sizes. Overall, IT governance can be contractually determined, leading to improved effectiveness and better alignment between the MSP and the business.

What is the COBIT maturity model?

The COBIT maturity model is based on the Capability Maturity Model Integration (CMMI), which is the standard for information technology when it comes to operational efficiency. This model for optimizing development processes can help organizations streamline their process improvements, basing their behaviors on practices that decrease development risks. 

The CMMI model evaluates process and service development, the establishment and management of services, and the acquisition of products and services. It provides measurable benchmarks that help businesses keep their IT decisions cost-effective and progressive. With CMMI, businesses can vet their vendors and resolve process problems. Businesses may eventually reach Level 4 or 5 COBIT maturity, which suggests an organization’s processes are either running off quantitative data and successfully avoiding risks or are fully optimized and stable yet flexible enough to respond to new opportunities.

What are the five principles of COBIT? 

For MSPs, it’s worthwhile to have an understanding of COBIT’s basic principles—considering that these principles are also at the heart of other governance frameworks like TOGAF, an enterprise architecture framework that helps improve business efficiency. These principles are designed to be somewhat generic so they can be applicable for organizations across various industries: 

  • Meet Stakeholder Needs: This means adding value through realizing IT benefits and resource use while mitigating risk.
  • Cover the Enterprise End-to-End: This refers to the consideration of all business processes and functions that relate to information technology.
  • Apply a Single, Integrated Framework: This means applying unified standards across the business.
  • Enable a Holistic Approach: This means considering the seven COBIT “enablers,” including “People, Skills, and Competencies,” and “Culture, Ethics, and Behavior.”
  • Separate Governance from Management: This means that the planning, building, running, and monitoring stages are separate from specific governance functions like monitoring, evaluating, and decision-making.

What are COBIT and ITIL?

COBIT and ITIL are both IT governance frameworks, but there are a number of differences between the two. Some say COBIT is the “why” and ITIL is the “how,” although this is somewhat oversimplified. COBIT focuses on generating value for the business through investments in IT while simultaneously mitigating risks. ITIL, formerly an acronym for Information Technology Infrastructure Library, is focused on managing IT services across their lifecycle, which is typically considered a more foundational starting place for IT development. COBIT builds on top of ITIL processes with a control framework for structuring those processes. While ITIL is almost always necessary for a business, there are existing alternatives to COBIT.

MSPs may encounter businesses that only use ITIL or use both ITIL and COBIT, and they should be familiar with the thought processes behind both approaches. Businesses invest in these frameworks to ensure their IT is functional and provides real value, and MSPs may need to be prepared to work within this framework as they provide many of the actual IT-related services those businesses hope to leverage.

If you are an MSP, you should be sure to do your research on IT governance frameworks, develop best practices for your own business, and understand what your customers may ask of you. Explore our blog for more information about crafting an IT strategy for your business.

Additional Resources: 

  • 6 Ways IT Teams Can Help Reduce Rework and Unproductive Labor
  • How to Keep Your IT Skills Up to Date
  • 7 Common Mistakes Growing MSPs Can Make
You might also like...
ITSM

What is Partition Management?

ITSM

Physical Server vs. Virtual Server

ITSM

Thin Provisioning Explained

ITSM

Servers vs. Workstations Overview

ITSM

Dynamic DNS Overview

ITSM

Windows PowerShell Uses

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.