The Digital Transformation of our society requires IT infrastructures to be more agile, more adaptive, and more connected than ever. At the same time, the owners of such infrastructures are confronted with an increase in regulatory pressure (e.g., the GDPR). These developments put a lot of stress on IT management and governance. To enable IT management and governance to better deal with these challenges, we propose to digitally transform IT governance and management itself by using a Digital Twin based approach. In line with this, we aim to create on ontology-driven Digital Twin for Governed IT Management (DT4GITM) framework. The goal of this framework is to act as a reference architecture for a Digital Twin based infrastructure that connects three interrelated systems: the IT governance processes, the governed IT management processes, and the managed organizational IT assets. The core of the framework involves a generic Governed IT Management (GITM) Domain Ontology, which is planned to be operationalized by a Knowledge Graph based approach that realizes an integrated view on the heterogenous data streams originating from the IT governance and management processes, and the managed IT assets. In this paper, we start by outlining the planned DT4GITM framework and the pivotal role of the GITM Domain Ontology within this. We then elaborate our incremental, and scenario-/case-driven strategy towards the development of the framework as a whole, and the GITM Domain Ontology in particular. This is followed by the elaboration of a speci c DT4GITM scenario which serves as a rst proof of principle.
The Digital Transformation of our society puts extreme pressure on IT infrastructures (i.e., the system of organizational IT assets ) and their associated management processes. As a result, IT infrastructures need to be more agile, more adaptive, and more connected than ever. At the same time, the owners of Copyright © 2021 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). these infrastructures nd themselves confronted with an increase in regulatory pressure (e.g., the GDPR).
We conceptualize the IT governance and management system as being the
whole of interrelated organizational governance assets (i.e., organizational
structures, processes, and relational mechanisms [
To enable IT governance and management to better deal with these challenges, we propose to digitally transform IT governance and management itself by using a Digital Twin approach. We posit that such digitalization and the related cultural/organizational change, make IT governance and management more apt to address the challenges that come with digital transformation and the corresponding changes to the organizational IT assets (e.g., IT sta , applications, data, infrastructure, processes, projects) and their management processes. To this end, we are working towards the creation of an ontology-driven Digital Twin for Governed IT Management (DT4GITM) framework, with a Governed IT Management (GITM) Domain Ontology at its core.
The goal of the resulting DT4GITM framework is to serve as a reference architecture for a Digital Twin based infrastructure that connects the earlier mentioned interrelated systems, involving the organizational IT assets, the associated management processes, and the IT governance processes. When applying this framework in a speci c organizational context, the framework, and the generic GITM Domain Ontology in particular, will need to be specialized to the organization-speci c context and priorities.
In developing the GITM Domain Ontology, we will mainly draw on ITIL 4 [
As mentioned before, the GITM Domain Ontology forms the core of the
DT4GITM framework. To operationalize this domain ontology, we plan to use
Knowledge Graphs [
In the remainder of this paper, we will start by outlining the proposed DT4GITM framework in Section 2. In Section 3 we then zoom in on rst steps towards the development of the GITM Domain Ontology, in particular in terms of concept maps for the COBIT 2019 and ITIL 4 frameworks. Section 4 then discusses in more detail the planned operationalization of the GITM Domain Ontology in terms of a Knowledge Graph based approach. This is followed, in Section 5, by a discussion on the incremental, and scenario-/case-driven strategy we will follow towards the overall development (and validation) of the DT4GITM framework in general, and the GITM Domain Ontology in particular. Before concluding, Section 6 presents a rst example scenario of the use of a Digital Twin in the context of Governed IT Management. 2
To guide the development of Digital Twins as data-driven and smart IT
governance systems, we propose the DT4GITM framework (see Fig. 1). An
earlier, and more COBIT-speci c, version of this framework was included in [
To provide the mirroring function (also called twinning function), the Digital Twin should be able to represent (i.e., to model) the organizational IT assets, as well as their management and governance processes. A rst key question here is \what " needs to be represented (i.e., what should be the model's contents). At the core, this question is answered by an organization-speci c ontology for IT governance, for which the DT4GITM framework provides a domain ontology (i.e., GITM Domain Ontology in Fig. 1). This domain ontology is envisioned to cover the entire governance system, as well as its evolution over time (within the organization). As discussed above, the governance system includes: (1) the system of organizational IT assets, (2) the associated management processes, and (3) the governance processes,
A second key question is \how " the relevant data and knowledge about organizational IT assets and their management and governance processes (i.e., the twinning parameters) needs to be represented. Here, we propose the use of Knowledge Graphs as they have the ability to integrate and uniformly represent heterogeneous data. The GITM Knowledge Graph (see Fig. 1) provides a reference how to consistently and uniformly represent all relevant data for IT governance, including particularly data streams from IT Governance Processes, IT Management Processes and Organizational IT Assets, which can be further related to Other Data.
The basis for the virtual processing function is the Digital Twin based infrastructure that synchronizes the organization-speci c ontology and the modeled organizational IT assets and their management and governance processes (i.e., virtual processing is driven by the data captured in the Digital Twin's Knowledge Graph). The operation of this function follows the Sense-Think-Act
Fig. 1. The Digital Twin for Governed IT Management (DT4GITM) Framework
paradigm of Control Theory [
A foundational element in the realization of an IT governance Digital Twin is the
GITM Domain Ontology, as it de nes more precisely what the virtual entity will
be concerned with, in terms of the concepts in the domain, their relationships
and properties, as well as possible constraints. In general, within the eld of
Applied Ontology, a domain ontology enables one to de ne what (can) exist(s)
in a given domain [
The DT4GITM framework thus o ers a domain ontology as a conceptual basis for developing organization-speci c ontologies for GITM. When developing an IT governance Digital Twin in the context of a speci c organization, the generic domain ontology will need to be situated to the speci c concerns of that organization (e.g., privacy, security, costs). A design process that is driven by the GITM Domain Ontology, ensures that relevant IT governance concepts, and their properties, relationships and constraints, are accurately represented in the organization-speci c ontology. This design process also involves de ning which twinning parameters are relevant given the speci c IT governance concerns of an organization.
To operationalize our vision of DT4GITM as a reference architecture for developing IT governance Digital Twins, the GITM Domain Ontology should at least cover the concepts of the COBIT 2019 and ITIL 4 frameworks. This can later be complemented with more speci c concepts from relevant other standards.
In moving towards a rst version of such a GITM Domain Ontology, we already produced concept maps of the COBIT 2019 (see Section 3.1) and ITIL 4 (see Section 3.2) frameworks. First considerations of relating these two concept maps are also presented in Section 3.3 whereas a formal integration is on our agenda for future research. The concept maps use an informal way to graphically distinguish concepts (blue rectangles with rounded corners), concept properties (yellow circles), and concept instances (green squares). 3.1
There have been some proposals for describing the ontology underlying previous
versions of COBIT [
Fig. 2 shows a concept map containing the concepts of COBIT's main guidance towards IT governance practitioners. Key concepts include: Governance Components { Factors that, individually or collectively, contribute to the good operations of the enterprise's governance system over Information Technology (IT).
achieved for IT to contribute positively to enterprise goals. The objective is either a governance objective or a management objective. There are ve governance objectives and 35 management objectives described in the COBIT 2019 Core Model (i.e., the main focus area of the COBIT 2019 framework). Such an objective always relates to one process and a collection of governance components of other types to help achieve the objective.
agement objectives for areas of governance or management activity. There is one governance domain and there are four management domains. Focus Area { A governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components (e.g., COBIT 2019 Core Model, cybersecurity, privacy, SMEs, and DevOps). Processes { Describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs that support achievement of overall IT-related goals.
of a particular process, with metrics to measure achievement of the practice. Activity { Work to be performed, as part of a governance or management practice, at a certain capability level. 3.2
To obtain a more complete description of organizational IT assets and their
management processes we will (as already hinted at in the introduction) primarily
draw on concepts from the ITIL 4 framework for IT service management [
Fig. 3 shows a concept map for the key concepts as identi ed in the ITIL
4 framework [
ces designed for performing work or accomplishing an objective. There are 34 ITSM practices in the ITIL 4 framework: 14 general management practices, 17 service management practices, and three technical management practices. Generic Value Chain Activity { Steps that an organization takes in the creation of value. There are six generic value chain activities in ITIL 4: plan, improve, engage, design and transition, obtain/build, deliver and support. Guiding Principle { A recommendation that guides an organization in all circumstances, regardless of changes in its goals, strategies, types of work, or management structure.
Value Stream { A speci c combination of value chain activities and practices, designed for a speci c scenario, that describes a series of steps an organization undertakes to create and deliver products and services to consumers. Provides a complete guide to the activities, practices, and roles involved to realize an intended outcome.
As we will discuss in Section 5, we will follow a (real world) case-driven approach
in the development of the DT4GITM framework in general, and the GITM
Domain Ontology in particular. In doing so, we also plan to include (relevant
parts of) existing ontologies for ITIL (see e.g. [
In developing the GITM Domain Ontology, it will be necessary to integrate/ align the concepts from ITIL 4 and COBIT 2019.
When comparing the concept maps of COBIT 2019 and ITIL 4, we already see that the guidance provided in an ITIL 4 Value Stream is comparable in terms of purpose and granularity to the guidance provided in a COBIT 2019 Governance and Management Practice, making ITIL 4 Value Stream steps similar to COBIT 2019 activities. The guidance provided in ITIL 4 is, however, more detailed and more situation-speci c. For instance, ITIL 4 describes responsible
Fig. 3. Concept Map of the ITIL 4 Framework roles, inputs/outputs, resources and operations to be performed at the level of individual value stream steps, whereas COBIT 2019 describes responsible/ accountable roles and information items owing in and out at the more aggregate level of practices. Further di erences are that ITIL 4 does not cover IT governance responsibilities and activities, while COBIT 2019 also has a broader view of IT management, extending beyond developing and improving the IT service management capability. For instance, processes such as budget management, innovation management, and data management are not covered in ITIL 4. On the other hand, an ITIL ITSM practice such as service catalogue management, is present in COBIT 2019, but only at the activity level, so with much less comprehensive guidance. 4
The GITM Domain Ontology, and its organization speci c re nement, also denes the twinning parameters (i.e., data about organizational IT assets and their management and governance processes) that are relevant to an organization and its speci c IT governance concerns. As mentioned above, to represent these twinning parameters and to integrate them with other relevant data and knowledge representations, including data from external sources (see Fig. 1), we plan to use a Knowledge Graph based approach.
The GITM Knowledge Graph component of our framework provides a reference of how such Knowledge Graphs can be constructed. Furthermore, it describes the visualization and formalization capabilities that such Knowledge Graphs should o er to allow for human interpretation of the information and machine processing of the data, respectively. Operationally, the GITM Knowledge Graph component consists of a set of tools that realize interactive visualizations (e.g., Visual Analytics tools, Business Intelligence dashboards) and e cient querying of the vast amounts of IT governance related data in order to support decision making.
Metrics for IT governance and management performance indicators can be operationalized as prede ned queries which can be easily parameterized and executed by business users. Moreover, powerful Knowledge Graph platforms like Stardog1, fed with the data of the organization-speci c IT governance Digital Twin's Knowledge Graph, enable the application of advanced AI algorithms to also proactively respond to environmental or internal changes of the organizational IT assets and their management processes.
Consequently, the realization of the GITM Knowledge Graph will have to cater for the fact that the Workforce (see Fig. 1) has diverse backgrounds and roles with regards to IT governance and management. The DT4GITM framework needs to make the data-driven and AI-enabled algorithms accessible and comprehensible in adequate graphical user interfaces to be applicable. 5
Since the DT4GITM framework, and the GITM Domain Ontology that is part
of it, are artifacts designed as solutions for solving problems related to the
challenges posed by the Digital Transformation to IT governance, we will use a
Design Science Research methodology [
As discussed before, the conceptual models of COBIT 2019 and ITIL 4 require more elaboration in terms of their performance indicators such that sensors and data streams can be de ned. Speci c concerns/qualities, such as security, performance, costs, etc, are also likely to lead to a need to re ne the GITM Domain Ontology. This process will also be driven by the needs of example scenarios and real-world cases, which will also result in requirements on the actual GITM Domain Ontology.
For the GITM Domain Ontology, this leads to the situation as depicted in
Fig. 4. The triangle represents the ontology, involving di erent levels of
genericity. At the top, we nd a foundational ontology (e.g., UFO [
Foundational ontology IT generic IT & concern specific Organisation specific scenarios & cases applications Blockchain, Cloud solutions, etc. Driven by concrete scenarios and cases, this IT generic ontology can then be re ned further (and iteratively validated and improved) towards (1) considerations pertaining to speci c information technologies, and (2) speci c concerns/qualities. This IT & concern speci c part of the ontology is still organization agnostic. In other words, for a speci c organization, with its priorities, technology choices, etc., further re nements will be necessary. For the DT4GITM framework, as a reference architecture, only the three higher levels of the (strati ed) ontology will be included, where the DT4GITM framework is also foreseen to include guidelines (designed using a Situational Method Engineering approach) for specializing the generic core to an organization speci c ontology.
What is also hinted at in Fig. 4 is the further evolution of the ontology when applying it in di erent organizations. Here, it is expected to see the strongest evolution for the lower layers while the upper layers { especially the foundational ontology { should remain stable. 6
wireless access point would be represented in the organization's GITM Knowledge Graph as an instance of an organization-speci c IT asset concept in the GITM Domain Ontology (e.g., wireless communication device). The Knowledge Graph would relate it to other relevant information such as its location (i.e., the warehouse), its state, etc. Data streams from the access point logs and a sensor would be in place to automatically detect failures, and such failure signals would change the state of the device in the Knowledge Graph. A rule-based component would automatically qualify the incident as a Priority 2 incident which would directly trigger its resolution. The Knowledge Graph comprises information of the workforce and their roles. A network support engineer would be contacted who would then actuate the resolution procedure. Most likely, she would rst replace the access point in order to immediately enable the forklift driver to resume the standard way of working. The Knowledge Graph incorporates data from the Con guration Management System (CMS) that describes the con guration of the warehouse access points to properly function within the organization's network. Moreover, the Knowledge Graph enables the network support engineer to execute a query that would help her identifying similar access points that are currently either not in use or dispensable.
The data about the failure would also be available for further analysis. For instance, accumulating failure data of wireless access points could be used for developing a predictive maintenance model, in the hope that next time a replacement is installed already before the device actually breaks. Moreover, feedback gained from all involved persons of this value stream will be collected and analyzed in the Knowledge Graph in order to learn about the quality of the implemented resolution in particular as well as on the incident management in general.
As the example scenario illustrates the connectedness of IT assets and governance/management processes realized through the Digital Twin based infrastructure, allows for directed and timely reactive and proactive responses of the IT governance/management system. But also, the ontology-driven approach induces a certain robustness in the system (as suggested in Fig. 4), making the system more adaptive and IT governance and management more agile. For instance, further warehouse automation would replace forklift drivers by robots that are actuated by the warehouse control system. The wireless access point would be replaced by built-in IoT devices. This would only a ect the organization-speci c GITM Domain Ontology, but not the IT & concern speci c, IT generic, and foundational layers of the GITM Domain Ontology of the DT4GITM framework. In other words, it would be clear how to adapt the organization-speci c Knowledge Graph to the new situation and to gure out the required changes to the rule-based component. 7
The Digital Transformation of our society requires IT infrastructures to be more agile, more adaptive, and more connected than ever. In the paper at hand we argue for a digital transformation of IT governance and management itself by proposing the Digital Twin for Governed IT Management (DT4GITM) framework that applies the concept of Digital Twins to IT governance. The conceptual backbone of DT4GITM is a domain ontology that aims to formally represent the concepts, properties, and relationships of COBIT 2019 and ITIL 4 frameworks, amongst other relevant standards and frameworks for IT governance and management.
The paper described the conceptual outline of the DT4GITM framework and elaborated on our strategy for developing the GITM Domain Ontology. The potential bene ts of using the framework were exempli ed by means of a hardware incident management scenario from ITIL 4. We believe this paper establishes a meaningful foundation for research in the direction of digital transformation of IT governance and management. Our plans for the near future are to apply and evolve the DT4GITM framework and the GITM Domain Ontology in real case studies.