CONIG®

v1.5

CONVERGED INFORMATION

GOVERNANCEFRAMEWORK

CONIG® (Converged Information Governance) is a governance framework

developed by TAC A.S. addressing information and related technologies. Its main

focus is INFORMATION. CONIG® is based on models that are widely used for

Information Technologies, Corporate Governance as well as Business Governance.

Introduced in 2009 by TAC A.S., CONIG® is a reference framework that consists of

components of various models, best-practices, framework and standards. All of the

underlying frameworks and best practices are widely accepted in the industry. While

they might bring different perspectives and differ in nuances the common goal of all

these frameworks and best practices is the assurance of provisioning of IT services,

business services, and other enabler services.

CONIG® aims to find the right balance between internal control approach focusing

on control objectives and performance management approach focusing on

achievement of value targets for the organization.

It aims effective and efficient utilization of service and customer focused resources

and capabilities to ensure that the IT organizations’ activities are aligned with

business objectives. It ensures that desired quality, security and compliance

requirements of produced and offered services are met.

In general the purpose of CONIG is providing processes, structures and other related

models to govern and manage the lifecycles of IT resources and capabilities of an

organization to provide IT services to its clients at an acceptable level of cost and

resource utilization.

At the core, CONIG® has PROCESS and IT SERVICE approach.

CONIG® defines INFORMATION as a valuable ASSET for the business. It is based on

IT Services and provides a MANAGEMENT SYSTEM FRAMEWORK that includes

MODELS consisting of PROCESSES for the governance and management of

TECHNOLOGY based IT Services that are used for storing, processing,

communicating and utilization of this INFORMATION.

About CONIG®v1.5

EPAM - Enhanced Process Architecture Model

ELCA - Enterprise Layered Chambered Architecture

TCM - Transition Change Model

A.T.M.A.C.A. (Agile Timely Mature Adaptive Creative Adroid)

CMAM - Capability Maturity Assessment Model

OAM - IT Organization Assessment Model

CCM - Control Compliance Model

CSIM - Continual Systemic Improvement Model

VAR - Value at Risk Model

CONIG®v1.5 Components

. is the process architecture model of CONIG Framework , defining and describing in

detail a number of governance and management processes

. has an objective that is to provide a detailed method and a set of supporting tools

for developing an IT process architecture. It may be used freely by any organization

wishing to adopt CONIG for use within that organization

. represents all of the processes normally found in an enterprise relating to IT

activities

. is intentionally composed of a common sense approach to service enabled process

management – do what works and what works is adapting a common framework of

practices that unite all areas of IT service provision toward a single aim – delivering

value to the business

. is expected to provide structure, stability and strength to information management

and governance capabilities with durable principles, methods and tools

. offers a common reference model understandable to operational IT and business

managers

. is a complete and comprehensive reference model: It is not norm model, that's

why, each enterprise shall define its own process set, taking into account its

resources and capabilities

. relies upon enhanced and converged architecture of globally accepted frameworks,

best practices and standards. So the architecture of processes is structured in

aligned with different authoritative requirements

EPAM - Enhanced Process Architecture Model

. is the information architecture model of "enablers" of

CONIG Framework

. has an objective that is to provide a detailed method and a

set of supporting tools - for developing an enterprise

information architecture. It may be used freely by any

organization wishing to adopt CONIG for use within that

organization

. defines "enterprise" as any collection of organizations that

has a common set of goals

. ELCA relies upon "layered" and " chambered" architecture

of CONIG Enablers. So the architecture of enterprise

information is structured in aligned with the lifecycles of

enablers

ELCA - Enterprise Layered Chambered

Architecture

. is the transition change model of CONIG Framework

. has four main lifecycles entities;

- Requirement

- Project / Program

- Fast Transition / Fast Track

- Operational Change

. has objectives that are to;

- Set customer expectations on how the performance and use of the new or changed

IT service(s) can be used to enable business change

- Enable the business change to integrate a release into the business processes and

services

- Ensure that there is a business justification;

• for initiating the project/FT (documented in an outline Business Case)

• all the necessary authorities exist for initiating the project/FT

- Manage requirements of the project/FT’s products and product components and to

ensure alignment between those requirements and the project/FT’s plans and work

products

- Plan the work required for project/FT initiation establish and maintain plans that

define project/FT activities

- Ensure management direction and control which are provided throughout the

project/FT’s life, and that the project/FT remains viable

- Quantitatively manage the project/FT to achieve the project/FT’s established quality

and process performance objectives

- Manage the acquisition of products and services from suppliers

- Provide the information needed for the Boards (tCAb, pCAB) to assess the

continuing viability of the project/FT – including the aggregated risk exposure

- Ensure risks and issues are kept under control

- Ensure that team managers, team members and suppliers are clear as to what is to

be produced and what is the expected effort, cost or timescales

- Provide an understanding of the project/FT’s progress so that appropriate corrective

actions can be taken when the project/FT’s performance deviates significantly from the

plan

- Ensure that changes are recorded and evaluated, and that authorized changes are

prioritized, planned, tested, implemented, documented and reviewed in a controled

manner

• defines transition and change pipeline starges&gates, processes and information items

• TCM relies upon "stage&gate" architecture. So the architecture of TCM is structured in

aligned with the lifecycles of enablers

TCM - Transition Change Model

• is the IT Service/Product analyze design development model of CONIG

Framework has six main lifecycles entities;- Requirement (HLR, ILR, SLR)

- Iteration / Sprint

- Service Aspects (Functional, Capability, Resource)

- Test Cases

- Release Unit / Release Package

- Deployment Order

• has objectives that are ;- Early delivery of working software

- Qality is built into the IT Services — everyone involved in quality

- Defect prevention (stopping them from getting beyond the requirements)

- CIear acceptance criteria

- EarIy involvement of all key players

- Surprises to the business on delivery

- Growth of (test) team skills

- Regression averse - more testing than ever

- Risk based approach to development — the most important bits are done first

- Good collaboration - knowledge of project

- Status, outcomes and progress is clearly and honestly displayed for all to see

- Less "formal'" defects

- Release unit and identification

- Release design options and considerations

- Release and deployment models

- Release and deployment planning

- Preparation for build, test and deployment

- Service testing and pilots

- Perform transfer, deployment and retirement

- Verify deployment

- Early life support

A.T.M.A.C.A.Agile Timely Mature Adaptive Creative Adroid

• has advantages;

- Grouping of requirements into small increments with minimal planning

- Stakeholders' voice about the product and the plan

- No direct long-term planning

- Short development cycles of two to four weeks

- Daily communication through short meetings to State what one did since the last

meeting, what one will be working on until the next meeting, and what, if anything, is

impeding the progress

- Through these meetings, it becomes easy to discover any issue early and increase

offline communication

- Development progress measured through bum down chaıl and completed

requirement (HLR, ILR, SLR) backlog items

- Team members afticulate upfront about their responsibilities and roadblocks

- Self-organizing and self-managing teams

• leads to faster delivery of software.- Agile methods are iterative development methods that aim to reduce

development overhead and so produce software faster

- Extreme programming includes practices such as systematic testing, continuous

improvement and customer involvement

- The approach to testing is a particular strength where executable tests are

developed before the code is written.

- Rapid application development environments include database programming

languages, form generation tools and links to office applications

- A throw-away prototype is used to explore requirements and design options

- When implementing a throw-away prototype, start with the requirements you

least understand; in incremental development, start with the best-understood

requirements.

• defines transition and change pipeline iterations, processes, information items

and work products

• benefits the organization by helping it to- Increase the quality of the deliverables

- Cope better with change (and expect the changes)

- Provide better estimates while spending less time creating them

- Be more in control of the project schedule and state

As a result, A.T.M.A.C.A. projects achieve higher customer satisfaction rates.

• A.T.M.A.C.A. relies upon agile and lean architecture. So the architecture of

A.T.M.A.C.A. is structured in aligned with the lifecycles of enablers

A.T.M.A.C.A.Agile Timely Mature Adaptive Creative Adroid

. is the capability maturity assessment model of

"processes" of CONIG Framework

. is intended as a comprehensive reference model for

state-of-the-practice process improvement. The

CMAM defines the fundamental IT processes of

information management and governance and specific

capabilities that constitute a gradated path to

maturity. It allows organizations to evaluate

themselves against documented best practices -like

COBIT, ITIL, ISO27001, ISO20000, ISO 22301, eSCM-

determine gaps, and improve management of process

enablers across functional, line of business, and

geographic boundaries.

. CMAM relies upon "maturities" and " capabilities" of

CONIG Process Enablers. So the improvements of

enterprise IT is structured in aligned with the lifecycles

of processes.

CMAM - Capability Maturity

Assessment Model

OAM is a systematic process for obtaining valid information about the performance of an

organization and the factors that affect its performance. It focuses on the functioning of

organizations as the primary unit of analysis.

Outline of the approach being based on observing the relationships among staffs and

organization units, OAM represents a particular way of looking at organizational structure

and design. It gives attention to issues such as planning, delivering, operating, the delegation

of authority, organizational control, role cascade and definitions, boundaries, responsibilities,

and accountabilities.

OAM aims to help an organization defining and improving its overall performance through

analyzing its service portfolios, process areas, relationship, organizational skills and

information items. The factors embedded in the delivery, relations, competency and

contextual environment all influence the performance of governing an organization. The

overall organizational performance is defined in terms of effectiveness (mission fulfillment),

efficiency (accuracy, timeliness and value of service and program delivery), ongoing relevance

(the extent to which the organization adapts to changing conditions and its environment),

and financial viability.

OAM is suitable to the nature of how the IT organization operates. It also posits that

organizational performance should be examined in relation to the organization’s producing

outcome capability and external environment.

OAM provides mappings with SFIA (skills framework for the information age) and hence

provides practical implementation guidance for designing IT organization and talent

management in it.

OAM - IT Organization Assessment Model

. is the control compliance model of "enablers" of CONIG Framework

. has an objective that is to provide a detailed method and a set of supporting

tools - for developing an internal control architecture. It may be used freely by

any organization wishing to adopt CONIG for use within that organization in

order to comply authoritative requirements

. has detail objectives;

- Document controls and details

- Test controls

- Review controls

- Identify control deficiencies

- Issue and Remediation Management

- Report on control status

- Maintain controls

- Test control once and rely on results for many regulations

- Incorporate policy and risk management into compliance management

- Identify external compliance requirements (authoritative requirements)

- Optimise response to authoritative requirements

- Confirm authoritative requirements

- Obtain assurance of authoritative requirements

. establish mappings among "internal controls" and "authoritative

requirements"

. defines quatitative scoring model for "internal controls" and "authoritative

requirements" based on tests and audit finding

CCM - Control Compliance Model

. is the continual systemic improvement model of CONIG Framework

. has an objective that is to ensure continual systemic improvement of the IT value

enablers in fulfilling the relevant business objectives of the organization.

. identifies process improvements

. is expected to result in measurable and meaningful improvements in enablers

performance. In addition, the organization should systematically implement processes and

technology that will enable meeting quality and performance objectives of the enablers.

. focuses on continual process and IT service improvements in relation to business goals

. establishes the principles and framework for continual improvement and quality

enhancements across all aspects of the organization's activities

CONIG CSIM is committed to ensuring that the quality of service is constantly monitored

and that planning, procedures and fınancial resources are in place to ensure systematic

improvement, and to enhance efficiency and effectiveness for the benefıt of the enterprise

and its stakeholders. The enterprise's commitment to the provision of quality IT service is

underpinned by a Continual Systemic Improvement Model - CSIM - that applies to every

activity of the organization. The CONIG CSIM will support and enhance policies,

procedures and implemented key IT controls within a continual systemic improvement

cycle to ensure that IT services delivered by the enterprise:

. meet customer needs

. meet stakeholder needs

. are delivered in a quality assured manner

. are equivalent in standard in timely manner

The CONIG CSIM Framework will also meet the requirements of converged ISO standards,

autohoritative requirements of regulatory bodies and, national and international laws

. The enterprise can identify the following key areas of activity which make up the CONIG

CSIM:

. IT services

. assessment validation

. governance

. planning and review

. policy and procedure

. stakeholder feedback

. staff reviews

. course and curriculum reviews

. internal audit and self assessment

. benchmarking of IT service outcomes and the teaching and learning environment

CSIM - Continual Systemic Improvement Model

. is the value at risk model of "enablers" of CONIG Framework

. has an objective that is to provide a detailed method and a set of supporting

tools - for developing an risk model. It may be used freely by any organization

wishing to adopt CONIG for use within that organization in order to create

value from risk management

. has detail objectives;

- Ability to customize or tailor the risk profiles and risk detections

- Ability to schedule, notify, conduct, review and approve risk evaluations

for enablers, business processes, business objectives and other parts of the

organization

- Ability to define and test controls and use results in the risk evaluation

process

- Ability to define and monitor key risk indicators (risk magnitude value, risk

magnitude score) and use results in the risk evaluation process

- Ability to identify issues associated with risk evaluations

- Ability to track and manage remediation/improvement items associated

with issues identified

- Ability to take action to address issues identified

- Ability to monitor the environment for risk and notify appropriate

stakeholders when there has been a change in the risk profile

- Ability to report on the status, schedule or performance of risk

management activities

. establish mappings among "enablers", "risk detections", "risk profiles",

"impacts","internal controls" and "authoritative requirements"

. defines quatitative scoring model for "risk detections" and "risk profiles"

based on risk assessments and other management system information items

VAR – Value at Risk Model

Since our foundation in 1999, we are helping our clients to

identify and implement performance improvement opportunities. We work Togetherwith our clients in a trust-based cooperation to improve,

mature and transform their IT and business processes. Our methodology based on best-practices

is an innovative and unique approach.

Today TAC is divided into three major business

segments :

Consulting | Technology | Education Each segment is specialized in complementary services that operate in concert to maximize value for our clients.

About TAC