Chapter 3: Foundational Concepts and Terminology

3.10. Common Frameworks and Standards

Frameworks and standards play a vital role in Application Portfolio Management (APM) by providing structured approaches and best practices for managing, optimizing, and aligning applications with business goals. These frameworks serve as guides for organizations, ensuring that APM efforts are consistent, measurable, and aligned with industry practices.

In this section, we will explore some of the most commonly used frameworks and standards in APM, discuss their relevance, and provide insights into how organizations can adapt them to suit their specific needs.

3.10.1 The Role of Frameworks and Standards in APM

Frameworks and standards are designed to:

  • Provide Structure: Offer a systematic approach to managing the application portfolio.
  • Promote Consistency: Ensure that processes and methodologies are applied uniformly across the organization.
  • Enable Alignment: Align IT efforts with business strategies and objectives.
  • Facilitate Benchmarking: Allow organizations to measure their performance against industry standards.
  • Improve Decision-Making: Provide actionable insights and clear criteria for evaluating applications.

3.10.2 Common Frameworks in APM

  • TIME Model (Tolerate, Invest, Migrate, Eliminate):
    • Purpose: Categorizes applications based on their value, performance, and alignment with business objectives.
    • Key Benefit: Simplifies decision-making by identifying which applications to retain, improve, modernize, or retire.
    • Use Case: Suitable for organizations beginning their rationalization journey or seeking a high-level framework for portfolio assessment.
  • ITIL (Information Technology Infrastructure Library):
    • Purpose: A set of practices for IT service management (ITSM) that includes guidance on managing application lifecycles.
    • Key Benefit: Ensures that applications are aligned with IT services, focusing on governance, performance, and value delivery.
    • Use Case: Ideal for organizations with mature ITSM practices looking to integrate APM into their overall IT operations.
  • TOGAF (The Open Group Architecture Framework):
    • Purpose: A framework for enterprise architecture that includes guidelines for managing applications as part of the broader IT landscape.
    • Key Benefit: Emphasizes alignment between business goals and IT strategy, ensuring that applications support enterprise architecture goals.
    • Use Case: Effective for organizations with established enterprise architecture practices.
  • Gartner’s APM Quadrant:
    • Purpose: Categorizes applications into four quadrants—Pace-Layered Strategy, Mode 1/Mode 2, or by cost vs. value.
    • Key Benefit: Provides a visual representation of portfolio strengths and weaknesses, enabling strategic decisions.
    • Use Case: Suitable for organizations seeking an analytical approach to APM.
  • COBIT (Control Objectives for Information and Related Technologies):
    • Purpose: A governance framework that ensures IT is managed effectively to meet business goals.
    • Key Benefit: Focuses on risk management, compliance, and ensuring that IT delivers value to the business.
    • Use Case: Particularly relevant for organizations in highly regulated industries.
  • SAFe (Scaled Agile Framework):
    • Purpose: Designed for managing large-scale Agile initiatives, including application development and lifecycle management.
    • Key Benefit: Provides guidance on integrating Agile methodologies into APM.
    • Use Case: Ideal for organizations using Agile approaches to manage application development and updates.

3.10.3 Relevant Standards for APM

  • ISO/IEC 20000:
    • Description: An international standard for IT service management.
    • Relevance: Ensures consistent service delivery, including application management, through standardized processes.
  • ISO/IEC 27001:
    • Description: A standard for information security management systems (ISMS).
    • Relevance: Provides guidelines for managing application security and ensuring compliance with regulatory requirements.
  • NIST Cybersecurity Framework:
    • Description: A set of best practices for managing cybersecurity risks.
    • Relevance: Guides organizations in assessing and mitigating risks associated with applications.
  • PMBOK (Project Management Body of Knowledge):
    • Description: A standard for project management practices.
    • Relevance: Offers insights into managing application-related projects, such as development, modernization, or migration.

3.10.4 How to Choose the Right Framework or Standard

Selecting the appropriate framework or standard depends on the organization’s:

  • Maturity Level:
    • Beginners may prefer lightweight frameworks like the TIME model.
    • Advanced organizations might benefit from more comprehensive frameworks like TOGAF or ITIL.
  • Strategic Goals:
    • Focus on frameworks that align with specific goals, such as cost optimization, risk reduction, or digital transformation.
  • Industry Requirements:
    • Highly regulated industries may prioritize standards like COBIT or ISO/IEC 27001 to address compliance and risk management needs.
  • Existing Practices:
    • Leverage frameworks that complement existing methodologies, such as integrating ITIL with current ITSM processes.

3.10.5 Challenges in Adopting Frameworks and Standards

  • Overcomplexity:
    • Some frameworks may be too detailed or rigid for smaller organizations.
    • Solution: Start with the most relevant components and scale over time.
  • Resistance to Change:
    • Stakeholders may resist adopting new frameworks due to unfamiliarity or perceived effort.
    • Solution: Provide training and communicate the benefits clearly.
  • Lack of Customization:
    • Frameworks and standards may not perfectly fit the organization’s unique needs.
    • Solution: Adapt frameworks to align with organizational priorities and culture.

3.10.6 Best Practices for Leveraging Frameworks and Standards

  • Start Small:
    • Focus on a single framework or standard that addresses the most pressing APM challenges.
  • Integrate Frameworks:
    • Combine elements of multiple frameworks (e.g., ITIL for ITSM and TOGAF for enterprise architecture) for a holistic approach.
  • Establish Governance:
    • Use governance structures to ensure consistent application of frameworks and standards.
  • Measure and Adjust:
    • Regularly evaluate the effectiveness of frameworks and make adjustments based on feedback and results.

3.10.7 Key Takeaways

  • Frameworks like TIME, ITIL, and TOGAF provide structured approaches for managing application portfolios effectively.
  • Standards such as ISO/IEC 20000 and NIST Cybersecurity Framework ensure consistency, security, and compliance.
  • Organizations should choose frameworks and standards based on their maturity, goals, industry, and existing practices.

In the next section, we will explore Real-World Examples of Foundational Concepts in Action, demonstrating how organizations successfully apply these principles to improve their application portfolios.

Last Updated:
3.1. Defining Total Cost of Ownership (TCO)
3.2. Understanding Return on Investment (ROI)
3.3. Exploring Technical Debt
3.4. Application Lifecycle Stages
3.5. Introduction to the TIME Model
3.6. Application Inventory Basics
3.7. Rationalization Fundamentals
3.8. Governance Basics in APM
3.9. Key Metrics and Data Collection for APM
3.11. Real-World Examples of Foundational Concepts in Action

Join The Largest Global Network of CIOs!

Over 75,000 of your peers have begun their journey to CIO 3.0 Are you ready to start yours?
Join Short Form
Cioindex No Spam Guarantee Shield