COBIT

Control Objectives for Information Technologies, or COBIT, is a framework created by the Information Systems Audit and Control Association (ISACA) for IT governance and management. It is designed to help organizations manage the quality and reliability of their information systems.

Why Do Organizations Use COBIT?

COBIT is a well-recognized, established framework that can be applied to any organization in any industry. It is particularly beneficial for organizations that depend on technology for reliable and relevant information, such as organizations that sell software or provide cloud services to other businesses.

The COBIT framework links business goals with IT infrastructure and contains four domains:

  • Planning and Organization
  • Delivering and Support
  • Acquiring and Implementation
  • Monitoring and Evaluating

Under each domain, COBIT outlines descriptions for planning, building, running, and monitoring all IT processes. COBIT also provides a list of requirements that have been considered for effective IT business control, maturity models to help assess the maturity and capability of every process, and management guidelines.

Organizations can demonstrate their commitment to sound IT governance by enrolling their IT, risk management, and audit professionals in a certification program to become proficient in applying the COBIT methodology to the management of IT systems.

Key requirements of (Framework)

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
  • Advise students annually of their rights under FERPA.

  • Obtain signed, written consent from a student before a school official, administrator, career services staff member, or faculty member releases personally identifiable information to an employer, third-party recruiter, or resume referral database.

  • Train staff and faculty members with respect to FERPA requirements and prohibitions

  • Notify employers, employment agencies, contract recruiters, resume databases, and other entities that student records are subject to FERPA, and such entities cannot subsequently disclose these records without student consent.

  • Notify third parties that improper disclosure will result in future denials of access to such records.

  • Define and communicate to students what information will be considered directory information prior to disclosure and provide students with a reasonable time to notify the education institution if they want to restrict access to directory information.

  • Draft and maintain policies with regard to the retention of records that pertain to the disclosure of information for health and publicly safety concerns.

  • Review and revise any and all third-party agreements to ensure such agreements comply with FERPA requirements.

  • Implement policies for responding to data breaches.

Enforcement and penalties for non-compliance

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Image

Get the latest from Hyperproof

Stay ahead of the risk and compliance curve. Get the latest regulation updates and analysis, guidance on achieving continuous compliance, and exclusive opportunities. Sign up for Hyperproof's bimonthly newsletter.
Stay in-the-know