MAPPING INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY WITH OTHER INFORMATION TECHNOLOGY STANDARDS AND BEST PRACTICES

Information Technology (IT) has become an important strategic resource that any organization has to manage. It has been recognized that IT services are crucial and strategic organizational assets, therefore, organizations are investing considerable amount of resources into the support and delivery of IT services and the systems that underpins them. Various IT standards and IT best practices are being implemented by the enterprises to support their business and IT services. A number of these standards are different from others but they contain some similarities. This study discusses these IT standards and best practices and maps their processes to ITIL. CobiT, ISO/IEC 27002-2005, Six Sigma, TOGAF, eTOM, CMMI, PCI DSS and Common Security Framework (CSF) processes will be mapped to ITIL processes. This study will show the similarities between several IT standards and ITIL that helps in adopting these standards concurrently with ITIL. ITIL and other standards have many similarities that will benefit enterprises in implementing these standards concurrently.


INTRODUCTION
In the last two decades, IT infrastructure has evolved from mainframe-centric infrastructure and centralized to geographically dispersed and distributed computing. This evolution of IT infrastructure provided more flexibility to the enterprises, but was resulting in inconsistent use of procedures and methods for technology delivery and service support. In recent years, organizations have been implementing various IT standards to have consistent IT procedures and processes including, but not limited to, CobiT, ISO/IEC 27002, ITIL, eTOM, Six Sigma, CMMI. ITIL provides the best practices for IT facility management and IT Operations. ITIL defines its procedures and processes at a level of abstraction. It is then left at organizations' discretion to implement the procedures in a way that is appropriate to their individual circumstances and requirements (Hill and Turbitt, 2006). The main focus of ITIL is on IT Service Management (ITSM), although it covers a number of areas. ITIL is a framework based on IT Service Lifecycle: which includes: Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. ITIL offers a complete, unfailing and balanced framework of best practices for ITSM and associated procedures, which promotes the quality of service for accomplishing business objectives with the use of information technology. IT Service Management is an approach through which customers are offered information Science Publications JCS systems under contract and performance is managed as a service. As such, IT service management assures actual benefit to IT organizations and business customers. IT service providers cannot afford to focus only on technology but should also consider the quality of the services they provide and the relationship with their clients. The ITIL is growing as the most frequently used guidance for many IT organizations considering, or keenly adopting a service management approach (Favelle, 2007). ITIL is based on best practices, which results in economical and well organized IT delivery. The focus of this study is various standards and best practices for IT. Section 2 "Other Important IT Standards" will introduce these IT standards; Later section 3 "Mapping of ITIL with other Standards" will explore the similarities between these standards and ITIL and finally "Conclusion" section will conclude with the findings of this study that the similarities between ITIL and various other IT based best practices makes it easy for the enterprises to implement them concurrently.

CobiT
CobiT is an acronym for Control Objectives for Information and Related Technology. It is a control framework of best practices formulated, developed and perpetuated by Information Technology Governance Institute (ITGI), the organization that comes under previously known as Information Systems Audit and Control Association (ISACA) (Tuttle and Vandervelde, 2007) for Information Technology (IT) management and IT governance. CobiT contains 34 processes for IT control and governance and provides a high level Control Objective (CO) for each of these 34 processes (Solms, 2005;Ridley et al., 2004). Being a control framework, the focus of cobiT is on IT control and governance but does not focus much on the improvement of processes. It is a supplementary toolset that supports managers to link enterprise risks, governance issues and technical problems (COBIT, 2013).

ISO/IEC 27002
The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) develops and outlines the specialized associations for worldwide standardization (Sweren, 2006). They jointly published the standard and framework for information security management ISO/IEC 20072 (Nastase et al., 2009)

TOGAF
TOGAF is a comprehensive framework for enterprise architecture developed by The Open Group which is in practice worldwide by enterprises to improve business productivity TO, 2013. It is the most noticeable and dependable enterprise architecture framework that ensures consistent standards, techniques and communication between enterprise architecture experts. Enterprise architecture specialists are well-versed with TOGAF standards; enjoy better industry standing, job success and career prospects. TOGAF benefits experts from being vendor dependent, to make use of resources more efficiently and effectively and get a higher Return on Investment (ROI). TOGAF was first published in 1995, based on the US Department of Defense Technical Architecture Framework for Information Management (TAFIM). The Open Group Architecture Forum has published consecutive versions of TOGAF at frequent intervals on the website of The Open Group TO, 2013.

Six Sigma
Six Sigma was developed by Motorola in 1985. It is a set of methods and strategies for process improvement (Tennant, 2001). Six Sigma is a business tactic that searches to identify and eliminate reasons of faults or defects or failures in business practices by focusing on outputs critical to clients. By using the statistical methods, Six Sigma measures the quality that seeks for removal of faults and defects (Antony, 2004). Implementing the core features of the six sigma procedures enables enterprises to better support their strategic decisions and growing needs for staff coaching, mentoring and training (Kawk and Anbari, 2006). It is one of the widely used framework and methodology around the globe and by top organizations such as General Electric, Motorola, Johnson and Johnson and American Express (Pande and Holpp, 2002).

eTOM eTOM is an acronym for Enhanced Telecom Operations Map developed by TeleManagement Forum
Science Publications JCS (TM Forum), is a business operations framework and process model for telecommunications service providers (Keber, 2004;Chou et al., 2008;Chou and Lee, 2008). eTOM has been widely adopted by the IT industry. eTOM can widely accept and support ITIL processes (Brenner, 2006). eTOM Business Process Framework processes has three main categories (OS, 2013). These categories have different processes that collectively help achieve the goal of eTOM to improve business processes within the enterprises.

CMMI
Capability Maturity Model Integration is a framework that defines and measures processes and practices. CMMI is a proven technique for performance management CMMI Institute, 2013. Organizations using CMMI can predict cost, schedule and quality within business results that separates it from other frameworks and models. CMMI has 3 core areas of interests: acquisition, services and development which consists of 22 processes, out of which 16 are core processes (SEI, 2013).

PCI DSS
PCI DSS stands for Payment Card Industry Data Security Standard which are information security standards developed by PCI Security Standards Council used worldwide (PCISSC, 2013). It consists of policies and processes which intend to maintain and improve the security of debit/credit and other electronic card transactions and guard cardholders' data against abuse and fraud. It was developed to enable broad adoption of same and consistent data security methods globally (PCIDSS, 2010).

Common Security Framework (CSF)
In 2009, The Health Information Trust Alliance (HITRUST) in collaboration with healthcare, Information technology and information security experts developed a Common Security Framework (CSF) (Akowuah et al., 2012). It provides enterprises especially within the healthcare industry with the required organization, detail and transparency related to information security (Akowuah et al., 2012;HITRUST, 2013a). Organizations that generate, store or exchange important health and financial information can use CSF which is the first IT security standard developed explicitly for healthcare data and information (Akowuah et al., 2012).

ITIL and CobiT
The COBIT mainly focuses on control and governance of IT. Being a control only framework, it is insubstantial for process improvement (Cater-Steel et al., 2006). In COBIT 4.1, 13 high-level control objectives are derivative of the service support and service delivery areas of ITIL (Hill and Turbitt, 2006). The COBIT can be vital in help-desk, problem and incident, configuration, change and release managements for service support capacity and capacity, service level, financial, service continuity and availability management for service delivery area (Hoekstra and Conradie, 2002;Wallhoff, 2004). COBIT 5 consists of a group of 37 management and governance procedures (COBIT 5, 2012). Table 1 will show the processes from COBIT 5 that can be mapped to ITIL.

ITIL and ISO/IEC 27002
According to International standard organizations website, ISO/IEC 27002 is envisioned as a universal and practical framework to develop organizational security policies, effective security administration and to develop confidence in inter-organizational activities. ISO/IEC 27002 help ITIL in help desk, problem/incident, configuration, change and release managements as well as finance management and service level agreement, capacity, IT service continuity and availability managements (Hoekstra and Conradie, 2002;Wallhoff, 2004). Implementing ITIL can enhance and improve common IT processes and controls, whereas ISO/IEC 27002 can be employed to inculcate security in those controls and processes. ISO/IEC 27002 is composed of best practices of procedures and control objectives within the area of Information Security Management (ISO, 2013). Table 2 shows the ISO/IEC 27002 processes that can be mapped to ITIL.

ITIL and TOGAF
A main element of TOGAF is Architecture Development Method (ADM) that identifies the processes for developing enterprise architecture (Tang et al., 2004). TOGAF and ITIL are both frameworks based on community best practices and follow a process approach (Sante and Ermers, 2009). ITIL concentrates on IT Service Management whereas TOGAF focuses on Enterprise Architecture (Sante and Ermers, 2009).   Table 3 shows ADM phases of TOGAF that can be mapped to ITIL (2011).

ITIL and Six Sigma
Six Sigma outlines a process improvement methodology that acts upon statistical calculation and measurement, motivates improvement of quality and helps decrease functional costs (Aazadnia and Fasanghari, 2008). Six Sigma uses project management approach to identify the problems and errors in any business or technological process in the desire to improve these processes. Table 4 shows the Six Sigma processes that can be mapped to ITIL.

ITIL and eTOM
There are three main categories in the eTOM business process framework which have different processes. Table 5 shows the eTOM processes that can be mapped to ITIL.

ITIL and CMMI
Capability Maturity Model Integration is a framework that defines and measures processes and practices. CMMI has 3 core areas of interest: These three core areas have 22 processes out of which 16 are core processes. Table 6 shows the processes of CMMI that can be mapped to ITIL. Table 5. eTOM processes mapped with ITIL processes ETOM ITIL Resource development and management ITIL service transition-service asset and configuration management Service management and operations ITIL service operation-normal service operation, helpdesk Resource management and operations ITIL service operation-normal service operation ITIL service transitionservice Asset and configuration management Knowledge and research management Configuration management, problem management Financial and asset management ITIL Service transition-change management, service asset and configuration management Strategic and enterprise planning ITIL service strategy-business strategy and it strategy

ITIL and PCI DSS
PCI DSS is an information security standard developed by PCI Security Standards Council for the security of payment cards holders' data against misuse and fraud (PCIDSS, 2010). Table 7 shows the PCI DSS control objectives that can be mapped to ITIL.

ITIL and CSF
The CSF is comprised of two modules namely Information Security Implementation Manual and Standards and Regulations Mapping. The Implementation Manual of CSF comprises of 13 security control groups and consists of 42 control objectives. Table 8 shows the categories of CSF that can be mapped to ITIL (HITRUST, 2013b).

CONCLUSION
There has been an increase in the use of IT based best practices and standards over the past decade as the need to align business with IT has been realized. Every IT standard has its own purpose and advantages which forces the IT organizations to implement multiple Science Publications JCS standards to achieve their business/IT alignment, to improve IT service quality and to achieve consistent IT processes throughout the enterprise. This study compared the processes of other IT standards and best practices and mapped their processes to ITIL. It is evident from the comparison that all the standards considered for this study have some similarities with ITIL, which may help enterprises to implement these standards concurrently with ITIL to improve their IT services and business productivity. Aazadnia, M. and M. Fasangharim, 2008