ISACA COBIT 2019

International

5 domains

40 controls

COBIT 2019 framework for governance and management of enterprise IT. 40 objectives across 5 domains.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (5)

APO Align-Plan-Organize

14 controls

Controls in the APO Align-Plan-Organize domain of ISACA COBIT 2019 — 14 controls
Code	Title	Description
APO01	Managed I&T Management Framework	Implement a consistent I&T management approach that meets enterprise governance requirements.
APO02	Managed Strategy	Provide a holistic view of the current business and I&T environment, future direction, and initiatives required to migra...
APO03	Managed Enterprise Architecture	Establish a common architecture consisting of business process, information, data, application and technology architectu...
APO04	Managed Innovation	Maintain an awareness of information technology and related service trends, identify innovation opportunities, and plan...
APO05	Managed Portfolio	Execute the strategic direction set for investments in line with the enterprise architecture vision and the desired char...
APO06	Managed Budget and Costs	Manage the IT-related financial activities in both the business and IT functions, covering budget, cost and benefit mana...
APO07	Managed Human Resources	Provide a structured approach to ensure optimal structuring, placement, decision rights, and skills of human resources.
APO08	Managed Relationships	Manage the relationship between the business and IT in a formalized and transparent way.
APO09	Managed Service Agreements	Align IT-enabled services with enterprise needs through agreement on service definitions, levels, and reporting.
APO10	Managed Vendors	Manage I&T-related services and products provided by third parties to deliver enterprise requirements.
APO11	Managed Quality	Define and communicate quality requirements in all processes, procedures and the related enterprise outcomes. Enable con...
APO12	Managed Risk	Continually identify, assess, and reduce I&T-related risk within the levels of tolerance set by the enterprise.
APO13	Managed Security	Define, operate, and monitor a system for information security management.
APO14	Managed Data	Achieve and sustain effective management of data assets across the data lifecycle.

BAI Build-Acquire-Implement

11 controls

Controls in the BAI Build-Acquire-Implement domain of ISACA COBIT 2019 — 11 controls
Code	Title	Description
BAI01	Managed Programs	Manage all programs from the investment portfolio in alignment with enterprise strategy and in a coordinated way.
BAI02	Managed Requirements Definition	Identify solutions and analyze requirements before acquisition or creation to ensure alignment with strategic requiremen...
BAI03	Managed Solutions Identification and Build	Establish and maintain identified solutions in line with enterprise requirements covering design, development, procureme...
BAI04	Managed Availability and Capacity	Balance current and future needs for availability, performance and capacity with cost-effective service provision. Inclu...
BAI05	Managed Organizational Change	Maximize the likelihood of successfully implementing sustainable enterprise-wide organizational change quickly and with...
BAI06	Managed IT Changes	Manage all changes in a controlled manner including standard, emergency, and operational changes to mitigate risk.
BAI07	Managed IT Change Acceptance and Transitioning	Formally accept and operationalize new solutions including implementation planning, system conversion, and acceptance te...
BAI08	Managed Knowledge	Maintain availability of relevant, current, validated, and reliable knowledge to support all process activities.
BAI09	Managed Assets	Manage IT assets through their life cycle to maximize value, control cost, manage risk, and support decision-making.
BAI10	Managed Configuration	Define and maintain definitions and relationships between key IT resources and capabilities required to deliver IT-enabl...
BAI11	Managed Projects	Manage all projects from the investment portfolio in alignment with enterprise strategy and in a coordinated way, based...

DSS Deliver-Service-Support

6 controls

Controls in the DSS Deliver-Service-Support domain of ISACA COBIT 2019 — 6 controls
Code	Title	Description
DSS01	Managed Operations	Coordinate and execute the activities and operational procedures required to deliver internal and outsourced IT services...
DSS02	Managed Service Requests and Incidents	Provide timely and effective response to user requests and resolution of all types of incidents.
DSS03	Managed Problems	Identify and classify problems and their root causes and provide timely resolution to prevent recurring incidents. Provi...
DSS04	Managed Continuity	Establish and maintain a plan to enable the business and IT to respond to incidents and disruptions in order to continue...
DSS05	Managed Security Services	Protect enterprise information to maintain the level of risk acceptable in accordance with the security policy.
DSS06	Managed Business Process Controls	Define and maintain appropriate business process controls to ensure that information related to and processed by in-hous...

EDM Evaluate-Direct-Monitor

5 controls

Controls in the EDM Evaluate-Direct-Monitor domain of ISACA COBIT 2019 — 5 controls
Code	Title	Description
EDM01	Ensured Governance Framework Setting and Maintenance	Establish and maintain a governance framework that aligns enterprise governance of I&T with overall enterprise governanc...
EDM02	Ensured Benefits Delivery	Optimize value contribution to the business from I&T-enabled investments, services, and assets.
EDM03	Ensured Risk Optimization	Ensure that I&T-related risk does not exceed risk appetite and tolerance, and that impact is identified and managed.
EDM04	Ensured Resource Optimization	Ensure adequate and sufficient business and IT-related resources (people, process, technology) are available to support...
EDM05	Ensured Stakeholder Engagement	Ensure stakeholders are identified, engaged, and that performance and conformance reporting meets their needs.

MEA Monitor-Evaluate-Assess

4 controls

Controls in the MEA Monitor-Evaluate-Assess domain of ISACA COBIT 2019 — 4 controls
Code	Title	Description
MEA01	Managed Performance and Conformance Monitoring	Collect, validate, and evaluate enterprise and alignment goals and metrics; monitor that processes perform against agree...
MEA02	Managed System of Internal Control	Continually monitor and evaluate the control environment and effectiveness of internal controls.
MEA03	Managed Compliance with External Requirements	Evaluate that IT processes and IT-supported business processes are compliant with laws, regulations, and contractual req...
MEA04	Managed Assurance	Plan, scope and execute assurance initiatives to comply with internal requirements, laws, regulations and strategic obje...

Frequently Asked Questions

What is ISACA COBIT 2019?

ISACA COBIT 2019 is a compliance framework from International with 5 domains and 40 controls. COBIT 2019 framework for governance and management of enterprise IT. 40 objectives across 5 domains. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does ISACA COBIT 2019 have?

ISACA COBIT 2019 has 40 controls organised across 5 domains. The largest domains are APO Align-Plan-Organize (14 controls), BAI Build-Acquire-Implement (11 controls), DSS Deliver-Service-Support (6 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does ISACA COBIT 2019 map to?

ISACA COBIT 2019 does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.

How do I get started with ISACA COBIT 2019 compliance?

Start your ISACA COBIT 2019 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISACA COBIT 2019 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 40 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 769 frameworks.

Get Started Free →

Free forever — no credit card required