- Identify assets that are critical in providing service capability. Maximize their reliability and availability to support business needs. Some actions include
- Maintain the resilience of critical assets by applying regular preventive maintenance. Monitor performance and, if required, provide alternative and/or additional assets to minimize the likelihood of failure.
- Establish a preventive maintenance plan for all hardware, considering cost/benefit analysis, vendor recommendations, risk of outage, qualified personnel and other relevant factors.
- Establish maintenance agreements involving third-party access to organizational I&T facilities for on-site and off-site activities (e.g., outsourcing). Establish formal service contracts containing or referring to all necessary security and privacy conditions, including access authorization procedures, to ensure compliance with the organizational security/privacy policies and standards. (Source COBIT 2019 BAI09.02)
- Manage software licenses to maintain the optimal number of licenses and support business requirements. Some actions include
- Ensure that the number of licenses owned is sufficient to cover the installed software in use. On a regular basis, conduct an audit to identify all instances of installed licensed software.
- Compare the number of installed software instances with the number of licenses owned. Ensure that the license compliance measurement method is compliant with the license and contractual requirements. (source COBIT 2019 BAI09.05)