Infogov and GRC

ITIL v3 may be automated from within the Proteus EnterpriseTM governance, risk and compliance utility from UK firm Information Governance Limited.

The Information Technology Infrastructure Library (ITIL) is a customisable framework of good practices designed to promote quality computing services in the information technology sector. As an IT Service Management (ITSM) framework, ITIL provides a systematic approach to the provisioning and management of IT services, from inception through design, implementation, operation and continual improvement. The processes identified and described within ITIL are supplier and platform independent and apply to all aspects of IT infrastructure. Since the mid 1990s, ITIL has been generally considered a de facto international standard for IT Service Management.

ITIL v3’s core volumes are as follows:

- Service Strategy focuses on the identification of market opportunities for which services could be developed in order to meet a requirement on the part of internal or external customers. The output is a strategy for the design, implementation, maintenance and continual improvement of the service as an organizational capability and a strategic asset. Key areas of this volume are Service Portfolio Management and Financial Management.

- Service Design focuses on the activities that take place in order to develop the strategy into a design document which addresses all aspects of the proposed service, as well as the processes intended to support it. Key areas of this volume are Availability Management, Capacity Management, Continuity Management and Security Management.

- Service Transition focuses on the implementation of the output of the service design activities and the creation of a production service or modification of an existing service. There is an area of overlap between Service Transition and Service Operation. Key areas of this volume are Change Management, Release Management, Configuration Management and Service Knowledge Management.

- Service Operation focuses on the activities required to operate the services and maintain their functionality as defined in the Service Level Agreements with the customers. Key areas of this volume are Incident Management, Problem Management and Request Fulfilment. A new process added to this area is Event Management, which is concerned with normal and exception condition events.

- Continual Service Improvement focuses on the ability to deliver continual improvement to the quality of the services that the IT organization delivers to the business. Key areas of this volume are Service Reporting, Service Measurement and Service Level Management.
ITIL v3 uses the word “continual” as opposed to ITIL v2’s references to “continuous” service improvement (CSIP). Continual implies an activity that is undertaken on a phased, regular basis as part of a process. Continuous is more suitable for the definition of activities intended to operate without pause, such as the ultimate goal of availability.

There are a number of other titles available for ITIL version 3 including an Introduction, Study Guides, Key Element Guides details of which can be found within the Official ITIL site. This site also contains details of the examinations available for ITIL Version 3.

Proteus EnterpriseTM provides a convenient and easy mechanism to implement ITIL v3. It also enables large, medium and small enterprises to manage multiple standards such as those in Financial-GRC, IT-GRC and Operational-GRC within the same tool, and is designed to assist in delivering the key benefits of good information security governance:

- Improved trust in customer relationships
- Protecting the organization’s reputation
- Decreasing likelihood of violations of privacy and potential liabilities
- Providing greater confidence when interacting with trading partners
- Enabling new and better ways to process electronic transactions
- Reducing operational costs by providing predictable outcomes
- Mitigating risk factors that may interrupt the process

The Control Objectives in ITIL v3 are fundamental to good Governance, and automation of the initial and ongoing management of this standard is highly recommended. Enterprise-wide visibility of the success of those controls is also vital because stakeholders and Boards want assurance that controls and risks are being managed. This visibility is provided through the Proteus RiskView™ module. This bridges the gap between the technical, regulatory compliance, risk communities and senior management within your organization. RiskViewTM distils, displays and reports on an enormous amount of information gathered from within your organization and displays it within a real time dashboard view. The web-server design makes deployment and access as simple and efficient as possible whilst retaining central coordination.

Proteus enables compliance-based management of risks, enterprise-wide – internationally because of its web-based design features. Large enterprises are experiencing an ever-increasing burden of regulation and legislation against which they have to demonstrate compliance. To make matters worse, this myriad of legislation occurs in different areas, for example financial regulation (Sarbanes Oxley), corporate governance, environmental issues, health & safety and industry sector specific.

This problem is not going away and is further compounded by having to map the standards against the company’s business processes. Proteus EnterpriseTM enables this mapping, therefore exposing the areas of non-compliance, the potential financial consequences, and the need to combine this with other existing risk management practices.

Proteus EnterpriseTM enables any standard to be automated, and in national languages too. We have a growing library of questionnaires so call or email with your particular requirement.
Information Governance Limited has extended its Licence Agreement with the British Standards Institute for its 14th year, enabling the embedding and automation of BSI Standards within the Proteus range of GRC software solutions. The BSI’s top standards for automation are Infogov’s priority.

Proteus EnterpriseTM was developed so that companies and institutions can comprehensively tackle varied and complex governance, risk, compliance and fraud challenges together. It is the world’s most mature single, combined GRC web-based utility. We started the GRC automated convergence revolution and a member of our management team conceived and authored the world’s first fraud management standard, soon to be published as BSI PAS 8000.

Governance, Risk, and Compliance or ‘GRC’ is about organizations focusing on attaining compliance with laws, regulations and standards and sustaining that compliance thereafter whilst identifying, quantifying, preventing or avoiding the identified risks in the market place, business and supply chain. Holistically, enterprise and operational compliance requirements and risks will increasingly be managed together. Corporate governance, IT governance, financial risk, strategic risk, operational risk, IT risk, corporate compliance, business continuity, employment/labour compliance, privacy compliance are all aspects of GRC.
Proteus EnterpriseTM, InfoGov’s software solution, provides such essential capability as compliance, supplier audit, remediation, action planning, incident management, business impact analysis, business continuity, asset management, risk assessment, policy management, management information and reporting in the form of a graphical ‘dashboard’.

ITIL v3 automation can be achieved with Proteus EnterpriseTM by contacting Infogov at contact@infogov.co.uk - more information is available at www.infogov.co.uk.