Info-Tech Research Group sees strong interest among IT decision makers in the relationship between Sarbanes-Oxley (SOX) compliance and the IT Infrastructure Library (ITIL) framework. There is, however, no straightforward connection between the two, even though certain applications of ITIL can help with SOX compliance.
The Issue
Designing secure internal controls for financial reporting and establishing auditability for IT systems are important steps in meeting the requirements of SOX and other legislation. However, ITIL does not address governance in a comprehensive way and cannot be used on its own to ensure SOX compliance. This is largely because ITIL is heavily focused on the help desk and “IT as a service” and not on control objectives.