In this section, the acquisition and implementation of technology is carried out, integrated into the business process of the company. The solutions must be aligned to all the quality processes of the business, guaranteeing that all the processes are executed properly, contemplating a technological infrastructure that streamlines the operations of the company. Below we will detail the 7 COBIT domain processes to acquire and implement.
Domain 2: Acquire and Deploy
1. P01 Purchase Analysis: This step determines who from our technology team will carry out the implementation of these solutions. In case of not having a technology team, a provider must be determined, for this it is important to generate a feasibility study of each provider, a risk analysis of the characteristics that they offer us, helping to minimize costs when acquiring any solution. . My advice in this process is that the requirements identified by the business area can be transmitted very well.
2. P02 Standards: To acquire a solution, it is important to define the quality controls that will help us establish the minimum expected in a solution, whether it can be developed for us by an internal team or by a provider. These quality standards should include: programming practices, security patterns, configuration practices, high-level design patterns, standards when generating a system-level update, application audit controls, etc.
3. P03 Infrastructure and technological architecture: In this step it is important to measure what the company needs at the level of infrastructure and architecture, it is a difficult job for those companies that do not have a technical team, but within my recommendations is to be able to count the solutions with which account the company to determine how big our infrastructure should be and what type of architecture should be used to interact between these solutions. In addition to this, it is important to identify the level of use of each solution, this will help us determine the number of expected users and measure the concurrency that is expected, avoiding errors in performance and performance issues. Finally, it is important to know the offer in the market, identifying the one that best suits our needs, contemplating: costs, risks, vulnerabilities, reliability, security, useful life, etc.
4. P04 Training and Documentation: Prior to selecting an internal team to develop the solution or an external provider, it is important to determine the minimum documentation required. Infrastructure manuals, architecture, functional/technical documentation for each requirement raised by the business area, database documentation, integration documentation, user manuals, deployment, user training, etc. must be considered. This will help us to guarantee the correct use of the solution, before its start and afterward, contemplating maintenance and continuous improvement issues.
5. P05 IT Selection: It is important to define and structure a procedure for the acquisition and selection of suppliers, this will help us define the contractual arrangements that must be considered, the monetary terms, time, quality standards, the minimum documentation required, etc. This procedure must contemplate the acquisition of IT resources, people, hardware, software and services.
6. P06 Change control: Continuous improvement in a company helps us to be aware that all systems must be constantly updated, for this reason it is advisable to monitor and evaluate the company’s solutions, this will allow us to determine when it is necessary to make any improvements. within a system. The improvements in the systems must be documented, defining through a procedure the steps to follow to generate a maintenance, emergency, patch, etc. This will help us to maintain an increase in the productivity of our solutions and create new business opportunities in the company.
7. P07 Quality: The last process deals with the definition of the quality process in the systems, the development of a system must be tested in a quality environment that allows different business users to generate their tests simulating a productive system. The quality process must cover the migration instructions, the release processes and the transaction to the production environment and its post-implementation review. Be careful, until now we have talked about quality when a system is already stable, but the technical team that develops the system or provider must consider the tests of each module, guaranteeing that the client’s requirements are fully addressed, that tests are contemplated functional, non-functional, performance and performance, ensuring continuous quality improvement.
Conclusion: Acquiring a solution is not an easy task since it must be aligned with the company’s strategy and vision, and it must comply with all the predefined standards to ensure that the integration and acquisition strategy is a complete success.