Governance, Risk, and Compliance Service Management Function

Published: April 25, 2008   |   Updated: October 10, 2008

Position of the GRC SMF Within the MOF IT Service Lifecycle

The MOF IT service lifecycle encompasses all of the activities and processes involved in managing an IT service: its conception, development, operation, maintenance, and—ultimately—its retirement. MOF organizes these activities and processes into Service Management Functions (SMFs), which are grouped together in lifecycle phases. Each SMF is anchored within a lifecycle phase and contains a unique set of goals and outcomes supporting the objectives of that phase. The SMFs can be used as stand-alone sets of processes, but it is when SMFs are used together that they are most effective in ensuring service delivery at the desired quality and risk levels.

The Governance, Risk, and Compliance (GRC) SMF belongs to the Manage Layer, the foundation of the MOF IT service lifecycle. The following figure shows the place of the GRC SMF within the Manage Layer, as well as the location of the Manage Layer within the IT service lifecycle.

Figure 1. Position of the GRC SMF within the IT service lifecycle

Before you use this SMF, you may want to read the following MOF 4.0 guidance to learn more about the MOF IT service lifecycle and the Manage Layer:

• MOF Overview
• Manage Layer Overview

Why Use the GRC SMF?

This SMF should be useful to those who make tradeoff decisions for how IT resources will be used to meet goals and deliver business value; for those needing to manage risk from  many sources, not only IT security risk; and for those who need to make sure IT activities comply with regulations and directives. This SMF discusses guidelines and principles for GRC to be performed during processes and activities throughout the IT service lifecycle.  

It addresses how to do the following:

• Establish IT governance.
• Assess, monitor, and control risk.
• Comply with directives.