microsoft operations framework (mof) 4.0 microsoft.com/mof
TRANSCRIPT
What’s Included in This Presentation• Take a comprehensive look at governance, risk, and
compliance through MOF 4.0GRC in MOF 4.0
• Get a basic understanding of how the MOF model can help show you immediate results
Service Management Functions
• Learn more about how MOF fits into the bigger pictureMOF in Context
• Look at new compliance challenges and how MOF deals with themCompliance Challenges
• Understand how addressing GRC affects your organizationGRC Guidance
• See how MOF connects and addresses governance, risk, and compliance
Connect Governance, Risk, and Compliance
• Learn how MOF incorporates GRC into each lifecycle phase
GRC Throughout the Lifecycle
• Get a closer look at governance, risk, and compliance Focus on G, R, and C
• See how the elements of GRC are applied and integrated into the lifecycle phasesGRC Applied & Integrated
• Learn how MOF’s features produce resultsMake GRC Work for You
• Link to helpful GRC resources Resources
MOF 4.0 Connects Service Management Standards to Practical Applications for the Community
Industry Standards
Control Frameworks
Concepts, Practices
MOF 4.0Guidance
Processes + Guidance + Tools(for Specific Scenarios)
Infrastructure Automation
Community
Goals and objectives: ISO 20000
Management perspective: COBIT
Process description: ITIL v3
Process guidance: MOF 4.0
Solution Accelerators
System Center
Connect Governance, Risk, and Compliance
GovernanceAddresses
strategic planning, business/IT alignment,
policy creation, and vision setting
RiskAddresses system threats,
system vulnerability, protection of IT assets, and
risks to management objectives
ComplianceAddresses adherence to
laws, regulations, policies, standards,
best practices, and frameworks
Risk tradeoff decisions(how they were made)
Impact of not complying
Risk tradeoff decisions
Compliance with governance rules
Risk tolerance
rules
Who decides,
and process
to follow
• Aiding decision making, balancing risk/benefit tradeoffs, identifying accountabilities
• Creating a strategy that manages risks and ensures risk management is appropriate for the activities at hand
• Establishing guardrails for behaviors, communicating expectations, and validating performance
GRC Influences All Lifecycle Phases
Governance• Identifies decision makers and stakeholders• Determines accountability for actions and responsibility
for outcomes• Addresses how expected performance will be evaluated
Risk• Employs risk management throughout the IT lifecycle:
• Business decisions • Policy adherence• Application development • Operational procedures
Compliance• Guides behavior to make sure what takes place is what
was intended• Shows how IT is performing against objectives
Governance, Risk, and Compliance Applied
IT Governance
Governance determines how IT makes investments, contributes to value, and achieves goals and management objectives
Good Governance: • Manages IT services in a regulatory
environment• Focuses on cost efficiencies and value
contribution• Provides insight into organizational processes
that result in continuous improvement and optimization initiatives
Risk Management
Risk management drives a structured approach to identifying, assessing, and managing potential threats to assets or the achievement of strategic goals
Good risk management: • Drives consistent, recurring, and comprehensive
reviews of IT plans, initiatives, projects, and activities
• Results in clear risk management decisions• Produces activities and internal controls that
reduce risk likelihood or impact
Compliance
Compliance establishes rules, guidelines, and communications to ensure an organization’s requirements are known and followed
Good compliance: • Ensures management intentions are realized• Establishes evaluation when expectations are set• Allows for effective monitoring
Make MOF GRC Work for You
Features:• Specific goals, outcomes, and measures in each SMF• Clearly identified accountabilities and role types for
each SMF• Objectives, risks, and controls outlined for each phase• Management reviews function as management
controls
Benefits:• Clearly established accountabilities• Effective risk management• Compliance with policies, laws, and
regulations
Resources
• MOF Home Page: www.microsoft.com/mof
• Compliance Home Page: www.microsoft.com/compliance
• IT Compliance Management Guide: www.microsoft.com/downloads/details.aspx?FamilyId=BD930882-0D39-4900-9A79-B91F213ED15D&displaylang=en
• Solution Accelerators Home Page: www.microsoft.com/solutionaccelerators
• Contact Email: [email protected]