Documentos de Académico
Documentos de Profesional
Documentos de Cultura
1 to COBIT 5 mapping 1
APO07.01 Maintain adequate and appropriate staffing. PO7.6 PO7.6 Personnel Clearance Procedures
APO07.01 Maintain adequate and appropriate staffing. PO7.8 PO7.8 Job Change and Termination
APO07.02 Identify key IT personnel. PO4.13 PO4.13 Key IT Personnel
APO07.02 Identify key IT personnel. PO7.5 PO7.5 Dependence Upon Individuals
APO07.03 Maintain the skills and competencies of personnel. PO7.2 PO7.2 Personnel Competencies
APO07.03 Maintain the skills and competencies of personnel. PO7.4 PO7.4 Personnel Training
APO07.03 Maintain the skills and competencies of personnel. DS7.1 DS7.1 Identification of Education and Training Needs
APO07.03 Maintain the skills and competencies of personnel. DS7.2 DS7.2 Delivery of Training and Education
APO07.03 Maintain the skills and competencies of personnel. DS7.3 DS7.3 Evaluation of Training Received
APO07.04 Evaluate employee job performance. PO7.7 PO7.7 Employee Job Performance Evaluation
APO07.05 Plan and track the usage of IT and business human resources. PO7.2 PO7.1 Personnel Recruitment and Retention
APO07.06 Manage contract staff PO4.14 PO4.14 Contracted Staff Policies and Procedures
APO07.06 Manage contract staff PO7.6 PO7.6 Personnel Clearance Procedures
APO08 Manage Relationships
APO08.01 Understand business expectations.
APO08.02 Identify opportunities, risk and constraints for IT to enhance the business.
APO08.03 Manage the business relationship.
APO08.04 Co-ordinate and communicate.
APO08.05 Provide input to the continual improvement of services.
APO09 Manage Service Agreements
APO09.01 Identify IT services. DS1.1 DS1.1 Service Level Management Framework
APO09.01 Identify IT services. DS1.2 DS1.2 Definition of Services
APO09.01 Identify IT services. DS1.2 DS1.2 Definition of Services
APO09.01 Identify IT services. DS1.2 DS1.2 Definition of Services
APO09.02 Catalogue IT-enabled services. DS1.1 DS1.1 Service Level Management Framework
APO09.03 Define and prepare service agreements. DS1.1 DS1.1 Service Level Management Framework
APO09.04 Monitor and report service levels. DS1.1 DS1.1 Service Level Management Framework
APO09.04 Monitor and report service levels. DS1.3 DS1.3 Service Level Agreements
APO09.04 Monitor and report service levels. DS1.4 DS1.4 Operating Level Agreements
APO09.05 Review service agreements and contracts. DS1.1 DS1.1 Service Level Management Framework
APO09.05 Review service agreements and contracts. DS1.5 DS1.5 Monitoring and Reporting of Service Level Achievements
BAI01.07 Start up and initiate projects within a programme. PO10.5 PO10.5 Project Scope Statement
BAI01.07 Start up and initiate projects within a programme. PO10.6 PO10.6 Project Phase Initiation
BAI01.08 Plan projects PO10.7 PO10.7 Integrated Project Plan
BAI01.08 Plan projects PO10.8 PO10.8 Project 5esources
BAI01.08 Plan projects PO10.12 PO10.12 Project Planning of Assurance Methods
BAI01.09 Manage programme and project quality PO10.10 PO10.10 Project Quality Plan
BAI01.10 Manage programme and project risk PO10.9 PO10.9 Project Risk Management
BAI01.11 Monitor and control projects PO10.11 PO10.11 Project Change control
PO10.13 Project Performance Measurement, Reporting and
BAI01.11 Monitor and control projects PO10.13
Monitoring
BAI01.12 Manage project resources and work packages.
BAI01.13 Close a project or iteration PO10.14 PO10.14 Project Closure
BAI01.14 Close a programme.
BAI02.01 Define and maintain business functional and technical requirements. AI1.1 AI1.1 Definition and Maintenance of Business Functional and
Technical Requirements
AI1.3 Feasibility Study and Formulation of Alternative Courses of
BAI02.02 Perform a feasibility study and formulate alternative solutions AI1.3
Action
BAI02.03 Manage requirements risk. AI1.2 AI1.2 Risk Analysis Report
BAI02.04 Obtain approval of requirements and solutions. AI1.4 AI1.4 Requirements and Feasibility Decision and Approval
BAI03.01 Design high-level solutions AI2.1 AI2.1 High-level Design
BAI03.01 Design high-level solutions AI2.4 AI2.4 Application Security and Availability ;
BAI03.02 Design detailed solution components AC1 AC1 Source Data Preparation and Authorisation
BAI03.02 Design detailed solution components AI2.2 AI2.2 Detailed Design
BAI03.02 Design detailed solution components AI2.4 AI2.4 Application Security and Availability ;
BAI03.03 Develop solution components. AC1 AC1 Source Data Preparation and Authorisation
BAI03.03 Develop solution components. AI2.4 AI2.4 Application Security and Availability ;
AI2.5 Configuration and Implementation of Acquired Application
BAI03.03 Develop solution components. AI2.5
Software
BAI03.03 Develop solution components. AI2.7 AI2.7 Development of Application Software
BAI03.03 Develop solution components. AI3.2 AI3.2 Infrastructure Resource Protection and Availability
BAI03.04 Procure solution components. AI2.7 AI2.7 Development of Application Software
BAI03.04 Procure solution components. AI3.1 AI3.1 Technological Infrastructure Acquisition Plan
BAI03.04 Procure solution components. AI5.1 AI5.1 Procurement Control
BAI03.05 Build solutions. AC1 AC1 Source Data Preparation and Authorisation
BAI03.05 Build solutions. AI2.3 AI2.3 Application Control and Auditability
BAI03.05 Build solutions. AI2.4 AI2.4 Application Security and Availability ;
COBIT 5 to CobiT 4 mapping 15
DSS01.01 Perform operational procedures. DS11.1 DS11.1 Business Requirements for Data Management
DSS01.01 Perform operational procedures. DS11.6 DS11.6 Security Requirements for Data Management
DSS01.01 Perform operational procedures. DS13.1 DS13.1 Operations Procedures and Instructions
DSS01.01 Perform operational procedures. DS13.2 DS13.2 Job Scheduling
DSS01.02 Manage outsourced IT services
DSS01.03 Monitor IT infrastructure DS13.3 DS13.3 IT Infrastructure Monitoring
DSS01.04 Manage the environment DS12.1 DS12.1 Site Selection and Layout
DSS01.04 Manage the environment DS12.4 DS12.4 Protection Against Environmental Factors
DSS01.05 Manage facilities. DS12.1 DS12.1 Site Selection and Layout
DSS01.05 Manage facilities. DS12.5 DS12.5 Physical Facilities Management
DSS02 Manage Service Requests and Incidents
DSS02.01 Define incident and service request classification schemes. DS5.6 DS5.6 Security Incident Definition
DSS02.01 Define incident and service request classification schemes. DS8.2 DS8.2 Registration of Customer Queries
DSS02.01 Define incident and service request classification schemes. DS9.1 DS9.1 Configuration Repository and Baseline
DSS02.02 Record, classify and prioritise requests and incidents. DS8.2 DS8.2 Registration of Customer Queries
DSS02.03 Verify, approve and fulfil service requests. AI3.2 AI3.2 Infrastructure Resource Protection and Availability
DSS02.03 Verify, approve and fulfil service requests. DS8.2 DS8.2 Registration of Customer Queries
DSS02.04 Investigate, diagnose and allocate incidents. DS8.3 DS8.3 Incident Escalation
DSS02.05 Resolve and recover from incidents. DS8.4 DS8.4 Incident Closure
DSS02.05 Resolve and recover from incidents. DS9.3 DS9.3 Configuration Integrity Review
DSS02.06 Close service requests and incidents. DS8.4 DS8.4 Incident Closure
DSS02.07 Track status and produce reports. DS8.5 DS8.5 Reporting and Trend Analysis
DSS03 Manage Problems
DSS03.01 Identify and classify problems. DS10.1 DS10.1 Identification and Classification of Problems
DSS03.02 Investigate and diagnose problems. DS10.2 DS10.2 Problem Tracking and Resolution
DSS03.03 Raise known errors. DS10.3 DS10.3 Problem Closure
DSS03.04 Resolve and close problems. DS10.3 DS10.3 Problem Closure
DS10.4 Integration of Configuration, Incident and Problem
DSS03.05 Perform proactive problem management. DS10.4
Management
DSS04 Manage Continuity
DSS04.01 Define the business continuity policy, objectives and scope DS4.1 DS4.1 IT Continuity Framework
DSS04.02 Maintain a continuity strategy. DS4.1 DS4.1 IT Continuity Framework
DSS04.02 Maintain a continuity strategy. DS4.4 DS4.4 Maintenance of the IT Continuity Plan
DSS04.03 Develop and implement a business continuity response. DS4.2 DS4.2 IT Continuity Plans
DSS04.03 Develop and implement a business continuity response. DS4.7 DS4.7 Distribution of the IT Continuity Plan
DSS04.04 Exercise, test and review the BCP. DS4.3 DS4.3 Critical IT Resources
DSS04.04 Exercise, test and review the BCP. DS4.8 DS4.8 IT Services Recovery and Resumption
COBIT 5 to CobiT 4 mapping 18
DSS04.05 Review, maintain and improve the continuity plan DS4.5 DS4.5 Testing of the IT Continuity Plan
DSS04.06 Conduct continuity plan training DS4.4 DS4.4 Maintenance of the IT Continuity Plan
DSS04.07 Manage backup arrangements DS4.6 DS4.6 IT Continuity Plan Training
DSS04.08 Conduct post-resumption review. DS4.9 DS4.9 Offsite Backup Storage
DSS04.08 Conduct post-resumption review. DS11.2 DS11.2 Storage and Retention Arrangements
DSS04.08 Conduct post-resumption review. DS11.3 DS11.3 Media Library Management System
DSS04.08 Conduct post-resumption review. DS11.5 DS11.5 Backup and Restoration
DSS04.09 DS4.10 DS4.10 Post-resumption Review
DSS05 Manage Security Services
DSS05.01 Protect against malware. DS5.9 DS5.9 Malicious Software Prevention, Detection and Correction
DSS05.02 Manage network and connectivity security. DS5.10 DS5.10 Network Security
DSS05.02 Manage network and connectivity security. DS5.11 DS5.11 Exchange of Sensitive Data
DSS05.03 Manage endpoint security. DS5.8 DS5.8 Cryptographic Key Management
DSS05.04 Manage user identity and logical access. DS5.3 DS5.3 Identity Management
DSS05.04 Manage user identity and logical access. DS5.4 DS5.4 User Account Management
DSS05.05 Manage physical access to IT assets. DS5.7 DS5.7 Protection of Security Technology
DSS05.05 Manage physical access to IT assets. DS12.1 DS12.1 Site Selection and Layout
DSS05.05 Manage physical access to IT assets. DS12.2 DS12.2 Physical Security Measures
DSS05.05 Manage physical access to IT assets. DS12.3 DS12.3 Physical Access
DSS05.06 Manage sensitive documents and output devices. DS13.4 DS13.4 Sensitive Documents and Output Devices
DSS05.07 Monitor the infrastructure for security-related events. DS5.5 DS5.5 Security Testing, Surveillance and Monitoring
DSS05.08 DS11.4 DS11.4 Disposal
DSS05.08 DS11.6 DS11.6 Security Requirements for Data Management
DSS06 Manage Business Process Controls
DSS06.01 Align control activities embedded in business processes with enterprise objectives
DSS06.02 Control the processing of information. AC1 AC1 Source Data Preparation and Authorisation
DSS06.02 Control the processing of information. AC2 AC2 Source Data Collection and Entry
DSS06.02 Control the processing of information. AC3 AC3 Accuracy, Completeness and Authenticity Checks
DSS06.02 Control the processing of information. AC4 AC4 Processing Integrity and validity
DSS06.02 Control the processing of information. AC5 AC5 Output Review, Reconciliation and Error Handling
DSS06.02 Control the processing of information. AC6 AC6 Transaction Authentication and Integrity
DSS06.03 Manage roles, responsibilities, access privileges and levels of authority AC1 AC1 Source Data Preparation and Authorisation
DSS06.04 Manage errors and exceptions. DS11.2 DS11.2 Storage and Retention Arrangements
DSS06.05 Ensure traceability of information events DS11.6 DS11.6 Security Requirements for Data Management
DSS06.06 Secure information assets.
DSS08.02 PO4.11 PO4.11 Segregation of Duties
COBIT 5 to CobiT 4 mapping 19
MEA01.05 Ensure the implementation of corrective actions. ME1.6 ME1.6 Remedial Actions
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA02.01 Monitor internal controls ME2.1 ME2.1 Monitoring of Internal Control Framework
MEA02.01 Monitor internal controls ME2.2 ME2.2 Supervisory Review
MEA02.01 Monitor internal controls ME2.6 ME2.6 Internal Control at Third Parties
MEA02.02 Review business process controls effectiveness ME2.1 ME2.1 Monitoring of Internal Control Framework
MEA02.03 Perform control self-assessments. ME2.4 ME2.4 Control Self-assessment
MEA02.04 Identify and report control deficiencies. ME2.3 ME2.3 Control Exceptions
MEA02.04 Identify and report control deficiencies. ME2.7 ME2.7 Remedial Actions
MEA02.05 Ensure that assurance providers are independent and qualified. ME4.7 ME4.7 Independent Assurance
MEA02.06 Plan assurance initiatives. ME2.5 ME2.5 Assurance of Internal Control
MEA02.06 Plan assurance initiatives. ME4.7 ME4.7 Independent Assurance
MEA02.07 Scope assurance initiatives. ME2.5 ME2.5 Assurance of Internal Control
MEA02.07 Scope assurance initiatives. ME4.7 ME4.7 Independent Assurance
MEA02.08 Execute assurance initiatives. ME2.5 ME2.5 Assurance of Internal Control
MEA02-08 Execute assurance initiatives. ME4.7 ME4.7 Independent Assurance
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
ME3.1 Identification of External Legal, Regulatory and Contractual
MEA03.01 Identify external compliance requirements. ME3.1
Compliance Requirements
MEA03.02 Optimise response to external requirements. ME3.2 ME3.2 Optimisation of Response to External Requirements
MEA03.03 Confirm external compliance ME3.3 ME3.3 Evaluation of Compliance With External Requirements
MEA03.04 Obtain assurance of external compliance. ME3.4 ME3.4 Positive Assurance of Compliance
MEA03.04 Obtain assurance of external compliance. ME3.5 ME3.5 Integrated Reporting