IVI Framework Viewer

The Capability Assessment Management (CAM) capability is the ability of the organization to conduct current state evaluations and plan improvements for its portfolio of IT capabilities. Current state evaluations involve gathering and documenting data about the specific IT capabilities in the organization. The results then inform the planning and execution of improvement actions to deal with any deficiencies. The Capability Assessment Management (CAM) capability covers:

• Selecting an overarching capability framework and mapping other frameworks used in the organization to it.
• Managing continuous improvement of the organization’s IT capabilities.
• Securing appropriate senior management sponsorship for IT capability improvement.
• Promoting organizational buy-in and incentivizing participation in capability improvement evaluation and planning.
• Planning, preparing, and conducting capability evaluations.
• Setting IT capability targets and defining development roadmaps for key IT capabilities.

The Enterprise Architecture Management (EAM) capability is the ability to plan, design, manage, and control the conceptualization of systems, processes, and/or organizations, and the relationships between them. The conceptualization may be layered to represent specific types of relationships – for example, those between applications, business services, internal IT services, security, networking, data storage, and so on. The Enterprise Architecture Management (EAM) capability covers:

• Establishing principles to guide the design and evolution of systems, processes, and/or organizations.
• Providing a framework, including models or templates, that articulates the business, the technical architecture, and the relationships between them.
• Providing the architecture vision, roadmap, and governance, together with the approaches required for managing their life cycle.
• Managing the architectural skills and architecture resourcing.
• Communicating the impact of enterprise architecture activities.

The Information Security Management (ISM) capability is the ability to manage approaches, policies, and controls that safeguard the integrity, confidentiality, accountability, usability, and availability of information.

The Knowledge Management (KM) capability is the ability to identify, capture, classify, analyse, share, and exploit knowledge to improve organizational performance.

The People Asset Management (PAM) capability is the ability to meet the organization's requirements for an effective IT workforce.

Personal data differs from other business data in that its ownership lies with the person to whom it refers and not the custodian company. This confers rights on the data subject, including the right to the privacy of the data. The custodian can vindicate the data subjects' right to privacy partly by protecting data from unauthorised access through access controls and other protection approaches, such as firewalls and physical isolation. Such measures (discussed in chapter 22, Information Security Management (ISM)), are designed to safeguard all data and information, while ‘data protection’ as discussed in this chapter refers primarily to the additional measures needed to protect personal or sensitive personal data, and to satisfy the legal obligations imposed on the custodian.

The Personal Data Protection (PDP) capability is the ability to develop, deploy, and implement policies, systems, and controls for processing personal and sensitive personal data relating to living persons in all digital, automated, and manual forms. It ensures that the organization safeguards the right to privacy of individuals whose information it holds, and that the organization uses personal data strictly for legitimate business purposes.

Policies, systems, and controls encompass and give effect to relevant standards and regulations, which may differ from country to country. The organization must consider the jurisdictions in which the data is acquired, processed, stored, and in some cases through which it is transmitted to identify what regulations are relevant.

The Personal Data Protection (PDP) capability covers:

• Processing personal data throughout its life-cycle.
• Maintaining the quality and integrity of personal data.
• Identifying and communicating data protection regulations and standards.
• Raising awareness and establishing a privacy culture.
• Managing data protection relationships and agreements with third parties.
• Communicating information (on database registrations, data breaches, audit data and so on) with statutory data protection officers.
• Managing data privacy risks and conducting privacy impact analysis assessments.
• Managing data subject rights.
• Identifying and applying applicable data protection standards and regulations.
• Verifying the effectiveness of data protection policies.

The Programme Management (PGM) capability is the ability to assemble and assign resources to identify, select, approve, oversee, and deliver value from programme co-ordinated components (i.e. subprogrammes and projects). Managing the programme will prioritize, monitor, track, analyse, and report on programmes and programme components. It will also leverage component synergies.

The Project Management (PM) capability is the ability to assign resources to initiate, plan, execute, monitor, control, and close projects that deliver project objectives within agreed variances of cost, timeliness, quality, and scope of works. Projects are temporary (PMI, 2017b) and may deliver temporary or semi-permanent infrastructure, new capabilities, unique or new products or services, learning and awareness that a business can leverage.

The Relationship Management (REM) capability is the ability to analyse, plan, maintain, and enhance relationships between the IT function and the rest of the business.

The Research, Development and Engineering (RDE) capability is the ability to investigate, acquire, develop, and evaluate technologies, solutions, and usage models that are new to the organization and might offer value. The Research, Development and Engineering (RDE) capability covers:

• Ensuring that research into new technologies is managed appropriately, so that risk to the organization is minimized, while opportunities are maximized.
• Linking research into new technology to potential usage models that can benefit business units.
• Coordinating a research pipeline of promising new technology projects, through a series of phased investment decisions, as understanding of feasibility and relevance is enhanced.
• Managing the research portfolio to better align with business goals.
• Instilling an organizational culture that promotes research and innovation.
• Measuring the value contributed by technology research activities.

The Service Provisioning (SRP) capability is the ability to manage the life cycle of IT services to satisfy business requirements. This includes ongoing activities relating to operation, maintenance, and continual service improvement, and also transitional activities relating to the design and introduction of services, their deployment, and their eventual decommissioning. The Service Provisioning (SRP) capability includes:

• Defining and describing the services provided by the IT function.
• Managing the IT services catalogue.
• Managing IT service configuration.
• Managing IT service availability.
• Managing the IT service desk.
• Managing requests, incidents, and problems.
• Managing access to IT services.
• Addressing requests for new IT services and decommissioning unwanted IT services.
• Managing IT service levels and service level agreements (SLAs).

The Solutions Delivery (SD) capability is the ability to design, develop, validate, and deploy IT solutions that effectively address the organization's business requirements and opportunities.

The Technical Infrastructure Management (TIM) capability is the ability to manage an organization's IT infrastructure across its complete life cycle of:

• Transitional activities including building, deploying, and decommissioning.
• Operational activities including day-to-day operations, maintenance, and continuous improvement.

The User Experience Design (UED) capability is the ability to proactively consider the needs of users at all stages in the life cycle of IT services and solutions.

The User Training Management (UTM) capability is the ability to provide training that will improve user proficiency in the use of business applications and other IT-supported services.