Services, Infrastructure, and Applications

Services, Infrastructure, and Applications: COBIT 2019 Foundation Guide

Introduction to Services, Infrastructure, and Applications

Services, Infrastructure, and Applications form one of the key governance system components in COBIT 2019 Foundation. This guide provides a comprehensive understanding of this critical element and how to approach exam questions about it.

Why Services, Infrastructure, and Applications Matter

In today's digital-driven business environment, understanding the interplay between services, infrastructure, and applications is crucial for effective IT governance. Here's why this component is important:

• Business Value Delivery: These elements directly support the delivery of IT services that enable business objectives. Organizations cannot achieve their goals without a well-aligned combination of services, infrastructure, and applications.
• Risk Management: Improper management of these components can lead to service outages, security breaches, and compliance violations. Effective governance minimizes these risks.
• Resource Optimization: Understanding how services, infrastructure, and applications interact allows organizations to optimize spending and improve efficiency.
• Stakeholder Confidence: Demonstrating control over these components builds trust with customers, regulators, and investors.
• Strategic Alignment: These components must align with business strategy to ensure IT investments support organizational goals.

What Are Services, Infrastructure, and Applications?

Services

IT Services are the offerings that an organization provides to its users and customers. In the context of COBIT 2019, services include:

• Cloud services and Software-as-a-Service (SaaS)
• Infrastructure-as-a-Service (IaaS)
• Platform-as-a-Service (PaaS)
• On-premises services
• Hybrid service models
• Business process support services

Services define what is delivered to customers and end-users, and they form the interface between IT and the business.

Infrastructure

IT Infrastructure comprises the foundational technology assets that support service delivery. This includes:

• Hardware (servers, storage devices, network equipment)
• Data centers and facilities
• Networks and connectivity
• Virtualization platforms
• Cloud infrastructure
• Security infrastructure (firewalls, intrusion detection systems)
• Backup and disaster recovery systems
• Monitoring and management tools

Infrastructure forms the foundation upon which services and applications operate. It is typically non-visible to end-users but critical for reliability and performance.

Applications

Applications are software programs and solutions that process business data and deliver functionality to users. Examples include:

Applications bridge the gap between infrastructure and services, converting raw computing power into business value.

The Relationship Between Services, Infrastructure, and Applications

These three components work together in a layered model:

Business Services (Top Layer) are what users and customers experience. These services depend on Applications (Middle Layer) which process data and provide functionality. Applications, in turn, rely on Infrastructure (Bottom Layer) to compute, store, and transmit data.

For example:

• Service: Online banking platform
• Application: Banking software that processes transactions
• Infrastructure: Servers, networks, and storage that run the banking application 24/7

How Services, Infrastructure, and Applications Work Together

Integrated Governance Model

COBIT 2019 emphasizes that effective governance requires managing these three components as an integrated system, not in isolation:

1. Service Design
Organizations must first define the services they intend to deliver. This service definition drives requirements for applications and infrastructure. Poor service design will cascade into inappropriate application selection and infrastructure investment.

2. Application Portfolio Management
Organizations maintain a portfolio of applications that deliver the defined services. Key activities include:

• Cataloging all applications and their business value
• Assessing application health and retirement readiness
• Managing application lifecycles
• Ensuring applications meet business requirements
• Managing application dependencies and integrations

3. Infrastructure Planning and Management
Infrastructure must be designed and managed to support the selected applications and services. This requires:

• Capacity planning to meet service demands
• Performance monitoring and optimization
• Availability and resilience management
• Infrastructure security and compliance
• Cost optimization and efficiency

4. Service Level Management
Once designed, services must be delivered consistently. This involves:

• Defining service level agreements (SLAs) with customers
• Monitoring service performance against SLAs
• Managing incidents and problems that affect services
• Ensuring user satisfaction
• Continuous improvement of service delivery

Key Governance Principles

Alignment: Services, applications, and infrastructure must be aligned with business strategy and objectives. Misalignment wastes resources and fails to deliver value.

Accountability: Clear ownership and accountability must be established for each component and for the overall integrated system.

Transparency: Organizations must have visibility into the relationship between business services and underlying technical components.

Optimization: Governance should drive continuous optimization of these components to improve value delivery and efficiency.

Common Challenges and Solutions

Challenge 1: Legacy Applications
Organizations often maintain older applications that don't align with current business needs.
Solution: Implement application retirement or modernization programs as part of portfolio management.

Challenge 2: Infrastructure Silos
Infrastructure may be managed separately from services and applications, leading to inefficiencies.
Solution: Adopt integrated service management practices that bridge these components.

Challenge 3: Lack of Visibility
Organizations may not understand how applications depend on infrastructure or how services rely on applications.
Solution: Document and maintain service dependency maps and application-to-infrastructure mappings.

Challenge 4: Cost Control
Without proper governance, costs can spiral due to inefficient service delivery or redundant applications and infrastructure.
Solution: Implement cost management practices tied to service delivery and business value.

Exam Tips: Answering Questions on Services, Infrastructure, and Applications

Tip 1: Remember the Layered Model

Always think of services, infrastructure, and applications as three layers of a stack:

• Top Layer (Services): What business users and customers experience
• Middle Layer (Applications): Software that delivers functionality
• Bottom Layer (Infrastructure): Hardware and foundational systems

When answering exam questions, identify which layer is being discussed and ensure your answer addresses the correct level.

Tip 2: Focus on Integration and Alignment

COBIT 2019 emphasizes that these components should not be managed in isolation. Exam questions often test whether you understand how changes in one component affect others. Look for answer options that mention:

• Alignment with business objectives
• Service level management
• Dependency management
• End-to-end service delivery
• Integrated governance

Avoid answers that treat these components as separate silos.

Tip 3: Know the Governance Objectives

Understand that governance of services, infrastructure, and applications aims to:

• Deliver IT services that support business goals
• Optimize value from technology investments
• Manage risks effectively
• Ensure compliance with regulations
• Achieve operational excellence

When facing exam questions, look for answers that align with these governance objectives.

Tip 4: Recognize Lifecycle Stages

Each component has a lifecycle:

Applications: Selection → Implementation → Operation → Maintenance → Retirement
Infrastructure: Planning → Procurement → Deployment → Operation → Upgrade/Retirement
Services: Design → Transition → Delivery → Review → Improvement

Exam questions may ask what activities should occur at each stage. Ensure you understand the appropriate actions for each lifecycle phase.

Tip 5: Identify Stakeholders and Responsibilities

Questions about services, infrastructure, and applications often involve multiple stakeholders:

• Business Leadership: Sets service requirements and funding
• IT Leadership: Manages applications and infrastructure
• Service Owners: Accountable for service delivery
• Application Owners: Responsible for application portfolio
• Infrastructure Teams: Operate and maintain infrastructure

Look for answer options that assign appropriate responsibility to the correct stakeholder.

Tip 6: Watch for Risk and Compliance Keywords

Governance of these components inherently involves managing risks. Exam questions may include keywords related to:

• Security and access controls
• Availability and disaster recovery
• Compliance with regulations
• Data protection and privacy
• Audit trails and monitoring
• Change management

Choose answers that address risk management and compliance requirements, not just technical functionality.

Tip 7: Understand Performance Metrics

COBIT emphasizes measurement and monitoring. Know that governance includes:

• Service Metrics: Availability, performance, user satisfaction
• Application Metrics: Functionality, reliability, security posture
• Infrastructure Metrics: Capacity utilization, response times, uptime

Exam questions may ask how to monitor or measure these components. Look for answers that include metrics and KPIs.

Tip 8: Recognize Governance vs. Management

COBIT distinguishes between governance (strategic decision-making) and management (operational execution). When answering questions:

• Governance answers: Focus on strategy, policy, oversight, decision-making
• Management answers: Focus on execution, monitoring, problem-solving, optimization

Identify whether the question is asking about governance or management activities.

Tip 9: Consider Cost-Benefit Analysis

Governance decisions about services, infrastructure, and applications should be driven by cost-benefit considerations. Exam answers that mention:

• Business value realization
• Return on investment (ROI)
• Total cost of ownership (TCO)
• Risk-adjusted returns

are typically more complete and aligned with COBIT principles.

Tip 10: Apply the RACI Model

COBIT uses Responsible, Accountable, Consulted, Informed (RACI) frameworks to clarify roles. When questions ask about responsibilities:

• Responsible: Who does the work?
• Accountable: Who is ultimately accountable for outcomes?
• Consulted: Who should be involved in decisions?
• Informed: Who needs to know about decisions/outcomes?

Select answers that correctly assign responsibilities using RACI principles.

Sample Exam Questions and Approaches

Sample Question 1

Question: An organization is implementing a new cloud-based customer relationship management (CRM) system to support its sales department. Which of the following represents the correct relationship between the service, application, and infrastructure components?

A) The CRM application is the service delivered to sales users
B) The cloud-based infrastructure hosts the CRM application, which delivers the customer management service
C) The service is the customer management capability, delivered through the CRM application running on cloud infrastructure
D) The infrastructure and application are the same thing in cloud computing

Analysis: This question tests understanding of the layered model. The correct answer is C. It identifies that the service (customer management) is delivered through an application (CRM) that runs on infrastructure (cloud). Answer B is close but less complete, and A and D are incorrect because they conflate different layers.

Sample Question 2

Question: A company experiences frequent outages of its email service. After investigation, the cause is identified as insufficient infrastructure capacity. From a governance perspective, what is the primary issue?

A) The infrastructure team is not skilled enough
B) Service levels were not defined and communicated to users
C) Infrastructure capacity was not aligned with service requirements
D) The email application needs to be upgraded

Analysis: This question tests understanding of alignment and governance. The correct answer is C. It identifies a governance failure—misalignment between service requirements and infrastructure capacity. This is a governance issue (failure to ensure alignment), not just a technical problem. Answer A addresses capability (management), B addresses communication (symptom), and D proposes an incorrect solution.

Sample Question 3

Question: Which of the following activities best represents integrated governance of services, infrastructure, and applications?

A) Each department (applications, infrastructure, services) defines its own strategy and objectives
B) A service owner documents business requirements, which drive application selection and infrastructure design
C) Infrastructure planning is completed before application requirements are determined
D) Service delivery is managed separately from infrastructure and application management

Analysis: This question tests whether you understand integration. The correct answer is B. It shows how service requirements drive decisions about applications and infrastructure, demonstrating integrated governance. Answers A and D explicitly describe silos (poor governance), and C shows incorrect sequencing.

Key Takeaways for Exam Success

• Services, infrastructure, and applications form an integrated system that must be managed cohesively
• Services represent what business users experience; applications deliver functionality; infrastructure provides the foundation
• Governance requires alignment of these components with business objectives
• Clear accountability and transparency are essential across all three components
• Lifecycle management applies to each component
• Risk management, compliance, and cost optimization are inherent governance responsibilities
• Stakeholder roles and responsibilities must be clearly defined
• Performance measurement and monitoring are critical governance activities

Conclusion

Understanding Services, Infrastructure, and Applications as integrated governance system components is fundamental to COBIT 2019 Foundation knowledge. By grasping how these three layers work together to deliver business value while managing risk and optimizing costs, you'll be well-prepared to answer exam questions on this topic. Remember that COBIT emphasizes alignment, integration, and governance (not just technical management), so always look for answer options that reflect these principles.