IT Management Frameworks
There are many different frameworks that can be used for managing the delivery of cost-effective IT services. Many frameworks only cover a specific aspect of IT (such as information security, service management, quality etc.).
On this page we will look at all the major frameworks, what they cover, how they interlink, and provide guidance and products on how to implement them.
For more information on any consultancy, training or books relating to these frameworks, please contact a member of our team on +44 (0) 845 070 1750.
What's on this page?
Calder-Moir IT Framework
The only super-framework that pulls all the existing frameworks together in a way that enables an organisation to maximise its benefit from them is the Calder-Moir IT Governance Framework.
Deploying the best practice guidance as set out in the IT governance Standard ISO38500, the Calder-Moir Framework identifies six business areas that can each contain separate frameworks to make up an overall IT governance framework:
Risk, conformance and compliance
Learn more and how to implement an overarching governance framework with the Calder-Moir Framework Toolkit.
TickITplus – Software Quality Management
TickITplus is a certification scheme designed to establish a benchmark for IT and software quality. It supersedes the TickIT scheme.
At its heart, TickITplus enables an organisation to select a level of capability they want to attain in their IT processes (there are currently five levels codified in TickITplus) and then work toward improving the maturity of their processes to meet that level. The organisation can then be assessed by a certification body to establish if it has achieved the adequate level of maturity to be certified as meeting that level of maturity.
There are currently three certification bodies for TickITplus: DNV, LRQA and BSI. Detailed advice and guidance on the TickITplus scheme can be found in the Base Process Library and Core Scheme Requirements.
The scheme is currently managed by the Joint TickIT Industry Steering Committee (JTISC), a group comprising representatives from several different organisations including certification bodies and The British Computer Society, TechUK and BSI.
Learn more on our dedicated TickITplus page.
ISO 27001 – Information Security Management Systems
ISO 27001 is the International Standard which details the requirements for establishing and maintaining an Information Security Management System (ISMS), an organised approach for managing an organisation’s information security which encompasses people, processes and technology.
ISO 27001 should be used in conjunction with ISO27002, which provides implementation guidance and controls.
Learn more on our dedicated ISO27001 page.
ISO/IEC 20000 – ITSM Standard
ISO20000 is the International Standard which sets out a specification for a service management system (SMS). It also covers ongoing maintenance and continual improvement.
ISO20000 enables an organisation to deliver effective IT services to meet business and customer requirements. The standard itself has two main parts:
ISO20000 can be implemented by any type or size of organisation. However, small organisations may find implementation more complex, so other frameworks maybe more appropriate in those circumstances.
Organisations looking to certify to ISO20000 will want to establish their level of compliance to the standard prior to undertaking a formal certification.
Learn more on our ISO20000 page.
IT Service CMM – IT Service Capability Maturity Model
The IT Service Capability Maturity Model (CMM) is a five-level scale which allows organisations to measure and improve their IT service delivery capabilities. Each of the levels detail certain best practice process areas that have to be in place before the organisation resides on that level.
As an organisation implements these best practice processes the organisation moves up to the appropriate level on the IT Service CMM, improving service delivery through the use of better processes.
No organisations currently run formal accreditation schemes against the IT Service CMM, but there are third-party companies which will visit an organisation and perform a process assessment to judge the maturity of the organisation’s processes.
There are various different methodologies you can use to undertake a process assessment. Due to the similarities between the Software CMMI (created by Carnegie Mellon University) and the IT Service CMM, the same methods can be used to perform a process assessment for both.
For more information see the Software Capability Maturity Model web page or the IT Service CMM website.
Six Sigma – Quality and Process Improvement
Six Sigma is an effective and adaptable measurement-based improvement methodology which can be used for delivering quality IT services. The main aim of Six Sigma is to reduce variation in processes by offering a structure by which organisations can constantly improve routine IT processes and eliminate defects, waste and cost, thereby increasing service quality and customer satisfaction.
Six Sigma can be used in conjunction with the ITIL (Information Technology Infrastructure Library) framework.
There is no formal certification for an organisation against the Six Sigma framework. However, one of the main parts of Six Sigma implementation is the need to train certain individuals to a high degree of familiarity with the methodology itself so that they can work on the implementation/project team.
Various levels of qualification are available for these individuals to demonstrate their level of competence in Six Sigma. Black Belt, for example, certifies the individual is a highly experienced Six Sigma practitioner; Green Belt demonstrates that an individual has trained in Six Sigma and is qualified to work on the implementation/project team under the direction of a Six Sigma Black Belt.
Formal training and certification in these qualifications are available from Motorola Solutions, the creators of Six Sigma methodology. Study guides and text books are available for both exams:
Two International Standards have now been released on the Six Sigma methodology, they are:
IT Balanced Scorecard
The IT Balanced Scorecard is a metrics-based mechanism that can be used to enable better IT performance and facilitate the alignment of IT with overall business goals. The Balanced Scorecard (BSC) mechanism itself was originally developed on an enterprise-wide level by Robert Kaplan and David Norton.
When implementing the IT Balanced Scorecard there are many issues to consider. Jessica Keyes lays the groundwork for implementing the scorecard approach and successfully integrating it with corporate strategy in her comprehensive book Implementing the IT Balanced Scorecard: Aligning IT with Corporate Strategy.
ISO38500 – The International Standard for Corporate Governance of IT (IT Governance)
ISO38500 relates to the governance of management processes and decisions relating to an organisation’s information and communication services. ISO38500 is the first international Standard for IT governance, and provides an efficient and effective framework for IT governance, leading to better alignment of IT with organisational decisions. The advice and guidance in this Standard is applicable whatever the size or type of organisation, whether it is in the corporate, public or not-for-profit sector. It is not only applicable to directors but also provides essential guidance on the appropriate governance of IT to all key members of staff. Visit our information page for further information on IS038500.
COBIT is a control framework that provides best practices, tools and guidance for the effective management and governance of enterprise IT.
COBIT 5 was published in early 2012, superseding COBIT 4.1. It builds and expands on the guidance in COBIT 4.1 by integrating many frameworks and standards, including ISACA©’s VAL IT and Risk IT, ITIL, and ISO standards including ISO 38500 and ISO27001.
Learn more on our COBIT 5 page, where you can find information about the official manual and training courses.
M_o_R – Management of Risk
M_o_R (Management of Risk) was originally developed by the UK Office of Government Commerce (OGC) as a methodology to deal with the effective control of risk. It is used in both public and private sectors internationally.
M_o_R can be used by any type or size of organisation to identify, manage, reduce and eliminate risk. An in-depth resource for organisations looking to use M_o_R has been provided by AXELOS in the form of the official M_o_R manual – Management of Risk: Guidance for Practitioners – 2010 Edition, which should be used as the official source of best practice information relating to the management of risk.
There are two levels of official qualification available for practitioners: the Foundation and Practitioner. Training courses in M_o_R, including the exams, are available from Accredited Training Providers (ATOs).
The M_o_R & Risk Management Starter Kit contains the essential books for preparing for the M_o_R exams:
Management of Risk Guidance for Practitioners – 2010 Edition
M_o_R Pocketbook - 2010 Edition
BiSL – Business Information Services Library
The Business Information Services Library (BiSL) is a public-domain framework for the effective control of an organisation’s information systems. The current owner of the BiSL copyright is the ASL BiSL Foundation.
BiSL consists of a framework of processes, a library of best practices, and publications available from ASL BiSL Foundation website. BiSL is primarily used in the Netherlands and provides guidance in the areas of operational IT control, information systems in the organisations processes and information management.
The main aim of BiSL is to provide a tool which can be utilised to improve the performance of IT and of information system management departments and aid with the improvement of internal business processes.
For more information on BiSL see the ASL BiSL Foundation website.
ITIL – The IT Infrastructure Library
ITIL is a best practice framework for the effective delivery of IT services that add value. ITIL has now become the de facto standard for IT Service Management worldwide. ITIL is centred on the five core publications of the ITIL Lifecycle Publication Suite, each of which addresses a specific area of IT Service Management:
ITIL has a series of qualifications available to ITSM professionals, and is also very useful to organisations looking to achieve ISO20000 certification. Learn more about ITIL and ITIL qualifications on our ITIL page.
Business Process Framework (eTom)
The Business Process Framework (eTom) is a critical component of the TM Forum’s blueprint for enabling successful change and transformation within an organisation. The blueprint is called Frameworx.
The Business Process Framework (eTom) offers a catalogue of key business processes that are required to run a successful service-focused business. It has three major process areas, they are:
Strategy, Infrastructure and Product
For more information on eTOM see the TM Forum website.
ASL – Application Services Library
The Application Services Library (ASL) is a public domain, mainly European, framework, developed by the ASL BiSL Foundation, which provides guidance with supporting best practices for designing and carrying out effective application management. ASL does not focus on supporting the application itself, but focuses on supporting business processes using information systems (for example managing and maintaining the application (software), databases, documentation, availability, programming, system development, design and impact analysis).
Accreditation against the ASL framework is available on an individual and organisation wide basis. For more on these certifications and other information on ASL see the ASL BiSL Foundation website.
MSP – Managing Successful Programmes
Managing Successful Programmes (MSP) is a methodology used around the world. The aim of MSP is to provide organisations with an effective tool to manage programmes in order to achieve a goal at a strategic level so that the organisation can achieve benefits and improvements in its business. It is often used for IT programmes.
Programme Management should not be confused with Project Management. Programme Management is an organised and systematic approach to setting up and managing a programme. Programmes are made up of multiple projects identified by an organisation that together will deliver some defined objective or goal for the organisation. A programme can only succeed if the projects within it succeed.
MSP is usually used in combination with PRINCE2, the project management methodology from AXELOS.
MSP provides organisations with a set of best-practice principles and processes for use when managing a programme. These are outlined by AXELOS, the authors of the MSP methodology in the MSP Manual.
PRINCE2 – Projects in Controlled Environments
Projects in Controlled Environments (PRINCE2) is a structured method for managing all types of project in any size or type of organisation. PRINCE2 covers the management, control, organisation and delivery of a project.
PRINCE2 is often used for the management of projects within an MSP framework. It is the de facto Project Management standard in the UK, and has also been widely adopted in countries all over the world.
An in-depth description of the PRINCE2 project management method is provided in the PRINCE2 Manual – Managing Successful Projects with PRINCE2, which has been designed to be a role-specific handbook for project managers, team managers and project support.
There are currently three levels of PRINCE2 qualifications available to inidividuals. AXELOS, the owner of PRINCE2, provides essential advice and guidance on both of the Foundation and Practitioner exams in Passing the PRINCE2 Exams. This book has been updated to reflect the latest changes in PRINCE2 and provides multiple choice questions and specimen answers to typical project management situations.
PRINCE2 Practitioners have to re-register every three to five years by sitting and passing a Practitioner-level re-registration examination. Passing the PRINCE2 Exams will also be of aid to individuals studying for this exam.
Find out everything you need to know on PRINCE2 on our page.
PMBOK – Project Management Body of Knowledge
The Project Management Body of Knowledge (PMBOK) is a library of best practices in the field of project management developed by the Project Management Institute® (PMI®) institute in the United States. PMBOK consists of processes and knowledge areas that are generally accepted as best practice in the Project Management field.
PMBOK can be applied to any type or size of project, whether in the public, private or not-for-profit sectors. The PMBOK standard has also been adopted internationally by the IEEE as IEEE 1490.
The Project Management Institute’s PMBOK Guide, 5th Edition is an essential reference for every project management practitioner's library.
Find out everything you need about PMBOK on our information page.
OPM3 – Organisational Project Management Maturity Model
The Organisational Project Management Maturity Model (OPM3), published by the Project Management Institute (PMI), is a maturity model that can be used to benchmark the current maturity of the organisation’s portfolio, programme and project processes and drive improvement.
OPM3 is made up of three key interlocking elements: the knowledge element, the assessment element, and the improvement element.
You can purchase OPM3 from the IT Governance Webshop.More information on OPM3 can be found on the PMI website.