Global Standards 6th Edition E-Book

Global Standards and Trends

Other publications by Van Haren Publishing

Van Haren Publishing (VHP) specializes in titles on Best Practices, methods, frameworks and standards within four domains:

- IT Management

- Architecture (Enterprise and IT)

- Business Management and

- Project Management

Van Haren Publishing is publishing on behalf of leading organizations and companies: Agile Consortium, World Commerce and Contracting, IAOP, IPMA World, KNVI, PMI-NL, NLAIC and The Open Group.

Van Haren Publishing is part of the Van Haren Group and additional to the book publishing also provides the following services: accredited training materials and e-learning through Van Haren Learning Solutions, as well as independent professional certification via examination through Van Haren Certify.

Topics are (per domain):

IT Management

IT Service Management

FitSM, ISM®, ISO/IEC20000, IT4IT®, ITIL®, VerISM®, SAF, TRIM, XLA®

Data Management

Data literacy, Data visualization, DMBOK

IT Asset Management

HAM, ITAM, SAM

IT Security Management

BIO, ISO/IEC27001, NIS2

Test Management

CTAP

Application Management

ASL

Other

eCF, IT-CMF, Scrum

Project Management

Project Management

Half Double, ICB, ISO/IEC21500, P3.express, PM2, PMBOK Guide, Praxis, PRINCE2

Agile

Agile, Agile PM

Other

PMO

Business Management

Operations Management

Lean, Lean Six Sigma, OBM, OMC, RASCI

Contract Management

CATS CM, CATS RVM, IACCM World

Business Information Management

BiSL, DID

Artificial Intelligence

AI, Generative AI

Outsourcing

OPBOK

Enterprise Architecture

Enterprise Architecture

BIAN, TOGAF

Modeling

ArchiMate, BPMN

Software Architecture

ISAQB

Other

Open Agile Architecture

For the latest information on VHP publications, visit our website: www.vanharen.net.

Colophon

Title: Global Standards and Trends – 6th Edition

Authors: Claire Agutter, Rob Akershoek, Michiel Benda, Jan van Bon, Robert den Broeder, Andrew Campbell, Marian Carcary, Ritu Chandma, Martin Curley, Adrian Dooley, Michel Dekker, Michael Ehlers, Hans Fredriksz, Bas van Gils, Victor de Graaff, Bert Hedeman, Lex van der Helm, Dave van Herpen, Jan Heunks, Jule Hintzbergen, Wim Hoving, Andrew Josey, Declan Kavanagh, Jim Kenneally, Simon Koolstra, Mark Kouwenhoven, Bart de Lege, Alexander Lorz, Marcel Mersie, Jan-Willem Middelburg, Jan Øberg, Frank van Outvorst, Henny Portman, Nader K. Rad, Pelle Råstock, Anselm Rohrer, Arno Schilder, Ian Seward, René Sieders, Dierk Soellner, Jasper Sonnevelt, Gernot Starke, Dick Theisens, Linda Tonkes, Gunther Verheyen, Frank Wammes, Sybrand Wildeboer, XLA Institute, Anton Zandhuis, Ruben Zeegers

Publication of: Van Haren Publishing, www.vanharen.net

ISBN Hard copy: 978 94 018 1309 9

ISBN eBook: 978 94 018 1310 5

ISBN ePub: 978 94 018 1311 2

Print: First edition, first impression, May 2025

Layout and design: Coco Bookmedia, Amersfoort – NL

Copyright: © Van Haren Publishing, 2025

TRADEMARK NOTICES

ArchiMate ®, IT4IT®, Open Agile Architecture™ and TOGAF® are registered trademarks of The Open Group.

The Open Group® is a registered trademark of The Open Group.

BIAN® is a registered trademark of the Banking Industry Architecture Network e.V.

ASL® and BiSL® are registered trademarks of the Van Haren Group.

COBIT® is a registered trademark of the Information Systems Audit and Control Association (ISACA) / IT Governance Institute (ITGI).

ITIL® and PRINCE2® are registered trademarks of AXELOS.

PMBOK® Guide is a registered trademark of the Project Management Institute (PMI).

IPMA, IPMA-D, IPMA-C & ICB® are a registered trademarks the IPMA International Project Management Association.

CATS CM® and CATS RVM® are registered trademarks of CM Partners.

XLA® is a registered trademark of the XLA Institute.

For any further enquiries about Van Haren Publishing, please send an e-mail to: [email protected]

Although this publication has been composed with most care, author nor editor can accept any liability for damage caused by possible errors and/or incompleteness in this publication.

No part of this publication may be reproduced in any form by print, photo print, microfilm or any other means without written permission by the publisher.

DREAM. LEARN. ACHIEVE.

The Van Haren Group emphasizes the value of shared knowledge and best practices to help organizations avoid redundancy and achieve success in a rapidly evolving environment. By simplifying communication and maintaining high-quality information, we advocate for the use of standards and frameworks to establish a common language and reduce errors within organizations.

Van Haren Group highlights the critical role of people in effectively applying these standards and frameworks. To support this, Van Haren Group provides accessible publications, high-quality learning solutions, and certifications designed to help professionals and students understand and apply best practices. These materials are developed in collaboration with industry experts and knowledge partners like IPMA International and The Open Group.

We are committed to investing in these areas to support professional growth and development in the years to come.

In today’s age of Artificial Intelligence, Van Haren Group recognizes the transformative potential of AI technologies across industries. By integrating AI-driven solutions and insights into our offerings, we empower organizations to harness innovation, automate complex processes, and make data-driven decisions. Our resources are designed to address the challenges and opportunities posed by AI, ensuring professionals remain at the forefront of this technological evolution.

Van Haren Group highlights the critical role of people in effectively applying standards, frameworks, and AI tools. To support this, we provide accessible publications, high-quality learning solutions, and certifications tailored to bridge the gap between AI theory and practice. Collaborating with industry experts and knowledge partners like IPMA International and The Open Group, we deliver resources that integrate AI expertise with traditional best practices.

Recognizing the importance of practical skills alongside theoretical knowledge, Van Haren Group focuses on competence-based resources to foster essential skills and competencies, including those vital for AI adoption. From understanding machine learning frameworks to leveraging AI for strategic decision-making, we are committed to equipping professionals with the tools and skills necessary to thrive in the AI-driven future.

Together, we empower individuals and organizations to dream, learn, and achieve. With a foundation rooted in industry expertise, a focus on human skills, and a forward-looking approach to AI, Van Haren Group is your partner in navigating the challenges and seizing the opportunities of the digital age.

Enjoy your journey,

team Van Haren,

Ivo van Haren, CEO

Van Haren GroupPortfolio

IP Distribution Van Haren Publishing has the know-how of enabling authors and communities to communicate in the form of IP Distribution. It is the main product that we distribute around the world via a complex eco-system of multiple channels. Our overall objective is to ensure that IP Distribution and the communities involved continue to grow.

Publishing Van Haren Publishing manages the publishing process from start to finish. Our extensive portfolio in the field of IT & IT Management, Enterprise Architecture, Business Management, and Project Management is a testament to the high-quality level of all our publications. For us, a publication means any content that can be delivered in the format of a hardcopy book, ebook, or ePub.

Courseware These are accredited, ready-to-give, high-quality course materials for trainers and students. Take a look at our portfolio on www.vanharen.net. Organizations only pay per candidate and can give high-quality training without having to worry about version control, revisions, accreditation, personalization, or delivery.

eLearning Van Haren Learning Solutions creates its own eLearning content. To better support our partners, we have also successfully secured access to high-quality materials from various suppliers, enabling us to offer a diverse and comprehensive portfolio.

Created by experts, we offer everything from professional certifications to personal development. By using the latest technology, we make learning simple, engaging, and effective. Whether you’re looking to boost your career or acquire new skills, Van Haren eLearning supports you every step of the way.

Exam An examination is a well-executed practice to measure if a person has mastered a level of knowledge sufficiently enough. We take away many of the challenges of doing an exam by including a free practice exam set-up in the same examination environment. Our exams can be done any-where-any-time- on any device.

Certification Van Haren Learning Solutions provides professional certification including social badge for those who passed our exams. Our exams are always backed by the communities that practice in the certifications we provide. This guarantees quality certifications, and all of our certification activities are ISO 17024 compliant.

Accreditation We can also accredit organizations and audit them. We do this to guarantee they are compliant with the quality standard to provide accredited training on a best practice governed by Van Haren Learning Solutions. Organizations are audited on their quality management system, trainers, and training material.

For more information for all these products, please visit our website: www.vanharen.net

Contents

IT MANAGEMENT

ASL®

Baseline Informatiebeveiliging Overheid (BIO)

COBIT®

CTAP

DAMA-DMBOK

Data Literacy

Data Visualization

DevOps

Experience Management (XM) and Experience Level Agreements (XLAs)

FitSM

Generative AI

iSAQB Software Architecture

ISM

IT Asset Management

IT-CMF

ITIL®

NIS2

SAF

Scrum

VeriSMTM

PROJECT MANAGEMENT

Agile

Half Double

ICB®

Kanban

P3.express

PM2

PMBOK® Guide

PMO (Project Management Office)

PRINCE2®

ENTERPRISE ARCHITECTURE

ArchiMate®

BIAN®

IT4ITM™

Open Agile Architecture™

TOGAF®

BUSINESS MANAGEMENT

Balanced Scorecard

BiSL®

CATS CM®

CATS RVM®

Growth Hacking

Lean Six Sigma

OBM

OPBOK

Operating Model Canvas

RASCI methodTM

Thoughtleader Development Model

ASL®

1 TITLE/CURRENT VERSION

ASL® 3 – Application Services Library for Application Management

2 THE BASICS

ASL is the framework for application management, based on best practice. ASL provides an approach for managing and optimizing the application portfolio and life cycle of all applications, with the goal to maximize business outcome and user experience, while containing costs, reducing risk, and ensuring compliance.

The application landscape in most organizations has grown in complexity over the years, consisting of hundreds of applications delivered by a multi-vendor ecosystem covering SaaS applications and/or packaged-based software running on a private or public cloud. The challenge is to rationalize, modernize and optimize the application portfolio, reduce technology debt, as well as deliver new features faster and safer, while improving sustainability, reducing cost and ensuring compliance to an increasing number of regulatory requirements.

ASL is designed to address these challenges by providing a management framework that covers all processes for planning, developing, maintaining, and supporting applications throughout their entire life cycle, from ideation to retirement. It ensures that applications, and the entire portfolio, continue to meet the changing requirements and needs of the organization.

ASL integrates several best practices into a comprehensive application management framework, including BiSL, Agile development, DevOps and IT service management.

3 SUMMARY

ASL provides a best practice process framework covering all activities to manage the life cycle of applications and related vendors. It is designed to address a hybrid technology landscape, including SaaS, packaged software, and custom-built applications, and supports a hybrid delivery model encompassing waterfall/project delivery, Agile development, and DevOps.

Figure: High level scheme of the ASL3 framework

The ASL framework consists of the following process clusters, as illustrated in the Figure:

Strategic Portfolio Management: Managing the portfolio of applications and initiatives (projects or epics) aligned with strategic goals and architectural roadmaps.

Develop and Maintain: Designing and configuring changes in applications (e.g., configuring SaaS or standard software packages) to fulfill new business needs or regulatory requirements, performing periodic technology upgrades, fixing issues (including security vulnerabilities), and implementing other improvements.

Connecting Processes: Coordinating change and release activities to enable controlled deployment of changes into the production environment.

Operations and Support: Managing day-to-day operations to ensure continuous operations and providing support by resolving potential issues and fulfilling service requests.

Supporting Processes: Managing allocated resources (funding/budget, people, and licenses), costs, risks, and vendors involved in the ecosystem.

4 TARGET AUDIENCE

ASL is designed for organizations that rely on many business applications to enable their business success and support their employees and customers in their digital journeys.

The target audience is everyone involved in managing the application portfolio and related initiatives/projects, involved in the development and maintenance of applications, and/or application support. This includes for example the following roles:

• Application portfolio managers

• IT managers

• Application managers and product owners

• Software developers and application specialists involved in application development (and operations)

• Application support specialists

• Business analysts

• Architects

• People involved in managing the costs, risks and compliance of applications

5 SCOPE AND CONSTRAINTS

ASL focuses on managing and optimizing the end-to-end application landscape within an organization. This includes any type of application, such as SaaS, standard software packages, and custom-built software, regardless of the delivery model, including project delivery, Agile development, and/or DevOps.

ASL manages the entire life cycle of all applications, encompassing planning, design, development, maintenance (and improvement), and continuous operations. ASL helps to rationalize and modernize the application landscape, reduce technology debt, and drive strategic change and continuous improvement.

ASL ensures that applications deliver the expected value/outcome while managing costs, risks, and ensuring compliance.

ASL integrates well with other practices to build a comprehensive management system, including BiSL, TOGAF, ITIL, DevOps, FinOps, Cyber security, and Agile development.

6 RELEVANT WEBSITE

www.vanharen.net

ASL® 2 – Een framework voor applicatiemanagement

Language: English, Dutch

ISBN 9789087533120 (NL)

ASL® 3 Foundation (Courseware beta version)

Language: Dutch

Product code 9789401811798

ASL® 3 Foundation

Product code 04008ASL3FNLP

Baseline Informatie-beveiliging Overheid (BIO)

1 TITLE/ CURRENT VERSION

BIO2, Baseline Informatiebeveiliging Overheid

2 THE BASICS

If you work for the Dutch government, you will deal with the BIO.

3 SUMMARY

Within the Netherlands, government bodies must comply with regulations regarding the Baseline Information Security Government, also known as BIO.

The Baseline Information Security Government (BIO) was introduced as the standard framework for information security within the Dutch government. With the introduction of BIO2 in 2025, the government aligns with the European NIS2 directive, further tightening the duty of care regarding information security. BIO2 is based on internationally recognized standards such as ISO/IEC 27001 and provides an integrated framework that enables governments to effectively manage risks in an increasingly complex digital world.

In an era where information is crucial for citizens, entrepreneurs, and government organizations, BIO2 helps protect sensitive and confidential data. It offers practical guidelines to ensure continuity and security, thereby strengthening trust in digital collaboration.

4 TARGET AUDIENCE

This baseline is intended for those who work in the national government, municipalities, water boards, or provinces and are involved in the implementation or continuation of the Baseline Information Security Government. It may also be useful for those who hold a position related to it, such as government advisors or employees of organizations that provide services to the government.

5 SCOPE AND CONSTRAINTS

The BIO describes the implementation of information security and is mandatory for the national government, municipalities, water boards, and provinces.

6 RECOMMENDED READING

Implementing and handling resources:

https://www.bio-overheid.nl

BIO Self-Assessment:

https://www.cip-overheid.nl/producten-en-diensten/producten?product=BIO-SA

Baseline Informatiebeveiliging Overheid (BIO) gebaseerd op de ISO 27002:2022

Language: Dutch

ISBN 9789401810456

Certified BIO2 Professional-Foundation (CBP-F)

ISBN 9789401812773

Certified BIO2 Professional (CBP) – Baseline Informatiebeveiliging Overheid

Product code VHLSCBPBIO2FB

COBIT®

1 TITLE/ CURRENT VERSION

COBIT® 2019

2 THE BASICS

Originally designed for auditors to audit the IT organization, COBIT (Control Objectives for Information and Related Technology) is about linking business goals to IT objectives (note the linkage here from vision to mission to goals to objectives).

The whole COBIT 2019 focusses on: how can your organization do governance, how does the organization keep understanding all the external reasons to exist and internal drivers to be what the organization wants to be. Additionally, COBIT identifies the associated responsibilities of the business process owners as well as those of the IT process owners.

3 SUMMARY

COBIT is owned and supported by ISACA. It was released in 1996; the current version is COBIT®2019.

The COBIT principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector (Figures 1 and 2).

COBIT 2019 updates the framework for modern enterprises by addressing new trends, technologies and security needs.

The framework still plays nicely with other IT management frameworks such as ITIL, CMMI and TOGAF, which makes it a great option as an umbrella framework to unify processes across an entire organization.

New concepts and terminology have been introduced in the COBIT Core Model, which includes 40 governance and management objectives for establishing a governance program. The performance management system now allows more flexibility when using maturity and capability measurements. Overall, the framework is designed to give businesses more flexibility when customizing an IT governance strategy.

Figure 1: The COBIT® 2019 principles

Figure 2: The COBIT® 2019 enablers

COBIT 2019 components

COBIT 2019 Framework – Introduction and methodology: The main guide that introduces the basic COBIT principles alongside the structure of the overall framework.

COBIT 2019 Framework – Governance and management objectives: A companion guide that dives into the COBIT Core Model and 40 governance and management objectives. Each objective is described including its purpose, how it connects with the enterprise and how it aligns goals.

COBIT 2019 Design Guide: A companion guide that offers in-depth guidance for developing a uniquely tailored governance system for your organization.

COBIT 2019 Implementation Guide: The fourth companion guide in the framework, which guides businesses through implementing the governance strategy once it’s developed. This includes best practices, ways to avoid pitfalls and how to integrate your COBIT 2019 strategy with your COBIT 5 strategy.

COBIT principles and benefits

One major change to COBIT 2019 is that it now encourages feedback from the practitioner community. You will be able to purchase the COBIT 2019 Design Guide, but ISACA has also released a crowdsourced version of COBIT where practitioners can leave comments, suggest improvements or propose new concepts and ideas.

The COBIT framework is designed to be more prescriptive to guide companies in developing a governance strategy, while also allowing organizations to more comfortably tailor a unique best-fits governance strategy. It defines the “components to build and sustain a governance system: processes, policies and procedures, organizational structures, information flows, skills, infrastructure, and culture and behaviors”. Formerly referred to as ‘enablers’ in COBIT 5, these components better define what businesses need for a strong governance system.

COBIT best suits clients that use multiple frameworks — such as ITIL, ISO/IEC 2000 and CMMI — with certain silos within IT using their own framework or standard. It’s also well suited to organizations that are required to follow specific regulatory guidelines from the government and local authorities.