Risk standard up for review

An international standard aimed at reducing IT risks is now up for review.


An international standard aimed at reducing IT risks is now up for review.

An "exposure draft" of the upcoming COBIT 4.1 Process Assessment Model (PAM) is now available on the ISACA website.

COBIT is a globally accepted set of tools that helps minimise IT-related risks and aims to maximise the benefits of technology investment. COBIT acts as an integrator of more detailed international IT standards and guidance.

The PAM provides a process capability assessment based on ISO/IEC 15504 and COBIT.

After conducting a global survey to determine market need, ISACA, the worldwide information security professionals organisation, found that 89 percent of the nearly 1,400 respondents expressed a need for a "rigorous and reliable IT process capability assessment".

“Since COBIT’s release, many organisations have been using it to assess and improve their IT processes. However, until now there hasn’t been a consistent and reliable assessment approach,” said Roger Southgate, a member of the COBIT Assessment Process (CAP) development team.

He added, “ISACA’s COBIT Assessment Process and the Process Assessment Model provide this consistency and reliability, so business and IT executives will have confidence in the assessment process and the quality of the results as they maximise the business value of their IT investments.”

The final PAM is expected to be available for use in the third quarter of 2011.

The first public introductory workshop on the PAM took place at the Infosecurity Europe show in April in London. The COBIT framework is available as a free download.

Now read ISACA: Policy and technology key to reducing e-discovery risks

"Recommended For You"

Rethinking advanced technology for maintenance IT project management: The standards of change