BAI01 - Managed programs

BAI01.01 Maintain a standard approach for program management.

BAI01.02 Initiate a program.
BAI01.03 Manage stakeholder engagement.
BAI01.04 Develop and maintain the program plan.
BAI01.05 Launch and execute the program.
BAI01.06 Monitor, control and report on the program outcomes.
BAI01.07 Manage program quality.
BAI01.08 Manage program risk.
BAI01.09 Close a program.
BAI02 - Managed requirements definition
BAI02.01 Define and maintain business functional and technical requirements.
BAI02.02 Perform a feasibility study and formulate alternative solutions.
BAI02.03 Manage requirements risk.
BAI02.04 Obtain approval of requirements and solutions.
BAI03 - Managed solutions identification and build
BAI03.01 Design high-level solutions.
BAI03.02 Design detailed solution components.
BAI03.03 Develop solution components.
BAI03.04 Procure solution components.
BAI03.05 Build solutions.
BAI03.06 Perform quality assurance (QA).
BAI03.07 Prepare for solution testing.
BAI03.08 Execute solution testing.
BAI03.09 Manage changes to requirements.
BAI03.10 Maintain solutions.
BAI03.11 Define IT products and services and maintain the service portfolio.
BAI03.12 Design solutions based on the defined development methodology.
BAI04 - Managed availability and capacity
BAI04.01 Assess current availability, performance and capacity and create a baseline.
BAI04.02 Assess business impact.
BAI04.03 Plan for new or changed service requirements.
BAI04.04 Monitor and review availability and capacity.
BAI04.05 Investigate and address availability, performance and capacity issues.
EDM01 - Ensured governance framework setting and maintenance BAI05 - Managed organizational changes

BUILD, ACQUIRE AND IMPLEMENT

EDM01.01 Evaluate the governance system. BAI05.01 Establish the desire to change.
EDM01.02 Direct the governance system. BAI05.02 Form an effective implementation team.
EVALUATE, DIRECT AND MONITOR

EDM01.03 Monitor the governance system. BAI05.03 Communicate desired vision.

EDM02 - Ensured benefits delivery BAI05.04 Empower role players and identify short-term wins.
EDM02.01 Establish the target investment mix. BAI05.05 Enable operation and use.
EDM02.02 Evaluate value optimization. BAI05.06 Embed new approaches.
EDM02.03 Direct value optimization. BAI05.07 Sustain changes.
EDM02.04 Monitor value optimization. BAI06 - Managed IT changes
EDM03 - Ensured risk optimization BAI06.01 Evaluate, prioritize and authorize change requests.
EDM03.01 Evaluate risk management. BAI06.02 Manage emergency changes.
EDM03.02 Direct risk management. BAI06.03 Track and report change status.
EDM03.03 Monitor risk management. BAI06.04 Close and document the changes.
EDM04 - Ensured resource optimization BAI07 - Managed IT change acceptance and transitioning
EDM04.01 Evaluate resource management. BAI07.01 Establish an implementation plan.
EDM04.02 Direct resource management. BAI07.02 Plan business process, system and data conversion.
EDM04.03 Monitor resource management. BAI07.03 Plan acceptance tests.
EDM05 - Ensured stakeholder engagement BAI07.04 Establish a test environment.
EDM05.01 Evaluate stakeholder engagement and reporting requirements. BAI07.05 Perform acceptance tests.
EDM05.02 Direct stakeholder engagement communication and reporting. BAI07.06 Promote to production and manage releases.
EDM05.03 Monitor stakeholder engagement. BAI07.07 Provide early production support.
APO01 - Managed I&T management framework BAI07.08 Perform a post-implementation review.
APO01.01 Design the management system for enterprise I&T. BAI08 - Managed knowledge
APO01.02 Communicate management objectives, direction and decisions made. BAI08.01 Identify and classify sources of information for governance and management of I&T.
APO01.03 Implement management processes (to support the achievement of governance and management objectives). BAI08.02 Organize and contextualize information into knowledge.
APO01.04 Define and implement the organizational structures. BAI08.03 Use and share knowledge.
APO01.05 Establish roles and responsibilities. BAI08.04 Evaluate and update or retire information.
APO01.06 Optimize the placement of the IT function. BAI09 - Managed assets
APO01.07 Define information (data) and system ownership. BAI09.01 Identify and record current assets.
APO01.08 Define target skills and competencies. BAI09.02 Manage critical assets.
APO01.09 Define and communicate policies and procedures. BAI09.03 Manage the asset life cycle.
APO01.10 Define and implement infrastructure, services and applications to support the governance and management system. BAI09.04 Optimize asset value.
APO01.11 Manage continual improvement of the I&T management system. BAI09.05 Manage licenses.
APO02 - Managed strategy BAI10 - Managed configuration
APO02.01 Understand enterprise context and direction. BAI10.01 Establish and maintain a configuration model.
APO02.02 Assess current capabilities, performance and digital maturity of the enterprise. BAI10.02 Establish and maintain a configuration repository and baseline.
APO02.03 Define target digital capabilities. BAI10.03 Maintain and control configuration items.
APO02.04 Conduct a gap analysis. BAI10.04 Produce status and configuration reports.
APO02.05 Define the strategic plan and road map. BAI10.05 Verify and review integrity of the configuration repository.
APO02.06 Communicate the I&T strategy and direction. BAI11 - Managed projects
APO03 - Managed enterprise architecture BAI11.01 Maintain a standard approach for project management.
APO03.01 Develop the enterprise architecture vision. BAI11.02 Start up and initiate a project.
APO03.02 Define reference architecture. BAI11.03 Manage stakeholder engagement.
APO03.03 Select opportunities and solutions. BAI11.04 Develop and maintain the project plan.
APO03.04 Define architecture implementation. BAI11.05 Manage project quality.
APO03.05 Provide enterprise architecture services. BAI11.06 Manage project risk.
APO04 - Managed innovation BAI11.07 Monitor and control projects.
APO04.01 Create an environment conducive to innovation. BAI11.08 Manage project resources and work packages.
APO04.02 Maintain an understanding of the enterprise environment. BAI11.09 Close a project or iteration.
APO04.03 Monitor and scan the technology environment. DSS01 - Managed operations
APO04.04 Assess the potential of emerging technologies and innovative ideas. DSS01.01 Perform operational procedures.
APO04.05 Recommend appropriate further initiatives. DSS01.02 Manage outsourced I&T services.
APO04.06 Monitor the implementation and use of innovation. DSS01.03 Monitor I&T infrastructure.
APO05 - Managed portfolio DSS01.04 Manage the environment.
APO05.01 Determine the availability and sources of funds. DSS01.05 Manage facilities.
APO05.02 Evaluate and select programs to fund. DSS02 - Managed service requests and incidents
APO05.03 Monitor, optimize and report on investment portfolio performance. DSS02.01 Define classification schemes for incidents and service requests.
APO05.04 Maintain portfolios. DSS02.02 Record, classify and prioritize requests and incidents.
APO05.05 Manage benefits achievement. DSS02.03 Verify, approve and fulfil service requests.
APO06 - Managed budget and costs DSS02.04 Investigate, diagnose and allocate incidents.
APO06.01 Manage finance and accounting. DSS02.05 Resolve and recover from incidents.
APO06.02 Prioritize resource allocation. DSS02.06 Close service requests and incidents.
APO06.03 Create and maintain budgets. DSS02.07 Track status and produce reports.
APO06.04 Model and allocate costs. DSS03 - Managed problems
ALIGN, PLAN AND ORGANIZE

DELIVER, SERVICE AND SUPPORT

APO06.05 Manage costs. DSS03.01 Identify and classify problems.

APO07 - Managed human resources DSS03.02 Investigate and diagnose problems.
APO07.01 Acquire and maintain adequate and appropriate staffing. DSS03.03 Raise known errors.
APO07.02 Identify key IT personnel. DSS03.04 Resolve and close problems.
APO07.03 Maintain the skills and competencies of personnel. DSS03.05 Perform proactive problem management.
APO07.04 Assess and recognize/reward employee job performance. DSS04 - Managed continuity
APO07.05 Plan and track the usage of IT and business human resources. DSS04.01 Define the business continuity policy, objectives and scope.
APO07.06 Manage contract staff. DSS04.02 Maintain business resilience.
APO08 - Managed relationships DSS04.03 Develop and implement a business continuity response.
APO08.01 Understand business expectations. DSS04.04 Exercise, test and review the business continuity plan (BCP) and disaster response plan (DRP).
APO08.02 Align I&T strategy with business expectations and identify opportunities for IT to enhance the business. DSS04.05 Review, maintain and improve the continuity plans.
APO08.03 Manage the business relationship. DSS04.06 Conduct continuity plan training.
APO08.04 Coordinate and communicate. DSS04.07 Manage backup arrangements.
APO08.05 Provide input to the continual improvement of services. DSS04.08 Conduct post-resumption review.
APO09 - Managed service agreements DSS05 - Managed security services
APO09.01 Identify I&T services. DSS05.01 Protect against malicious software.
APO09.02 Catalog I&T-enabled services. DSS05.02 Manage network and connectivity security.
APO09.03 Define and prepare service agreements. DSS05.03 Manage endpoint security.
APO09.04 Monitor and report service levels. DSS05.04 Manage user identity and logical access.
APO09.05 Review service agreements and contracts. DSS05.05 Manage physical access to I&T assets.
APO10 - Managed vendors DSS05.06 Manage sensitive documents and output devices.
APO10.01 Identify and evaluate vendor relationships and contracts. DSS05.07 Manage vulnerabilities and monitor the infrastructure for security-related events.
APO10.02 Select vendors. DSS06 - Managed business process controls
APO10.03 Manage vendor relationships and contracts. DSS06.01 Align control activities embedded in business processes with enterprise objectives.
APO10.04 Manage vendor risk. DSS06.02 Control the processing of information.
APO10.05 Monitor vendor performance and compliance. DSS06.03 Manage roles, responsibilities, access privileges and levels of authority.
APO11 - Managed quality DSS06.04 Manage errors and exceptions.
APO11.01 Establish a quality management system (QMS). DSS06.05 Ensure traceability and accountability for information events.
APO11.02 Focus quality management on customers. DSS06.06 Secure information assets.
APO11.03 Manage quality standards, practices and procedures and integrate quality management into key processes and solutions. MEA01 - Managed performance and conformance monitoring
APO11.04 Perform quality monitoring, control and reviews. MEA01.01 Establish a monitoring approach.
APO11.05 Maintain continuous improvement. MEA01.02 Set performance and conformance targets.
APO12 - Managed risk MEA01.03 Collect and process performance and conformance data.
APO12.01 Collect data. MEA01.04 Analyze and report performance.
APO12.02 Analyze risk. MEA01.05 Ensure the implementation of corrective actions.
MONITOR, EVALUATE AND ASSESS

APO12.03 Maintain a risk profile. MEA02 - Managed system of internal control

APO12.04 Articulate risk. MEA02.01 Monitor internal controls.
APO12.05 Define a risk management action portfolio. MEA02.02 Review effectiveness of business process controls.
APO12.06 Respond to risk. MEA02.03 Perform control self-assessments.
APO13 - Managed security MEA02.04 Identify and report control deficiencies.
APO13.01 Establish and maintain an information security management system (ISMS). MEA03 - Managed compliance with external requirements
APO13.02 Define and manage an information security and privacy risk treatment plan. MEA03.01 Identify external compliance requirements.
APO13.03 Monitor and review the information security management system (ISMS). MEA03.02 Optimize response to external requirements.
APO14 - Managed data MEA03.03 Confirm external compliance.
APO14.01 Define and communicate the organization’s data management strategy and roles and responsibilities. MEA03.04 Obtain assurance of external compliance.
APO14.02 Define and maintain a consistent business glossary. MEA04 - Managed assurance
APO14.03 Establish the processes and infrastructure for metadata management. MEA04.01 Ensure that assurance providers are independent and qualified.
APO14.04 Define a data quality strategy. MEA04.02 Develop risk-based planning of assurance initiatives.
APO14.05 Establish data profiling methodologies, processes and tools. MEA04.03 Determine the objectives of the assurance initiative.
APO14.06 Ensure a data quality assessment approach. MEA04.04 Define the scope of the assurance initiative.
APO14.07 Define the data cleansing approach. MEA04.05 Define the work program for the assurance initiative.
APO14.08 Manage the life cycle of data assets. MEA04.06 Execute the assurance initiative, focusing on design effectiveness.
APO14.09 Support data archiving and retention. MEA04.07 Execute the assurance initiative, focusing on operating effectiveness.
APO14.10 Manage data backup and restore arrangements. MEA04.08 Report and follow up on the assurance initiative.
MEA04.09 Follow up on recommendations and actions.