Governance, Risk, and Compliance Service Management Function
Published: April 25, 2008 | Updated: October 10, 2008
Position of the GRC SMF Within the MOF IT Service Lifecycle
The MOF IT service lifecycle encompasses all of the activities and processes involved in managing an IT service: its conception, development, operation, maintenance, and—ultimately—its retirement. MOF organizes these activities and processes into Service Management Functions (SMFs), which are grouped together in lifecycle phases. Each SMF is anchored within a lifecycle phase and contains a unique set of goals and outcomes supporting the objectives of that phase. The SMFs can be used as stand-alone sets of processes, but it is when SMFs are used together that they are most effective in ensuring service delivery at the desired quality and risk levels.
The Governance, Risk, and Compliance (GRC) SMF belongs to the Manage Layer, the foundation of the MOF IT service lifecycle. The following figure shows the place of the GRC SMF within the Manage Layer, as well as the location of the Manage Layer within the IT service lifecycle.
Figure 1. Position of the GRC SMF within the IT service lifecycle
Before you use this SMF, you may want to read the following MOF 4.0 guidance to learn more about the MOF IT service lifecycle and the Manage Layer:
Why Use the GRC SMF?
This SMF should be useful to those who make tradeoff decisions for how IT resources will be used to meet goals and deliver business value; for those needing to manage risk from many sources, not only IT security risk; and for those who need to make sure IT activities comply with regulations and directives. This SMF discusses guidelines and principles for GRC to be performed during processes and activities throughout the IT service lifecycle.
It addresses how to do the following:
- Establish IT governance.
- Assess, monitor, and control risk.
- Comply with directives.