Standards and Frameworks

    COBIT 5

    Control Objectives for Information and Related Technologies (COBIT)

    COBIT 5 is a best-practice framework from ISACA to assist in the process of understanding, designing and implementing enterprise governance of information and technology (EGIT). COBIT 5 aims to provide globally accepted principles, practices, analytical tools and models. COBIT 5 helps enterprises to increase the trust in, and value from, their information systems. The framework was published in 2012.


    Last Updated: July 30, 2019

  • General

    COBIT 5 is provided by the Information Systems Audit and Control Association (ISACA), an international professional association focused on IT governance. COBIT 5 is an umbrella framework aligns with with a number of relevant standards, frameworks and/or regulations. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA’s Val IT, Risk IT and BMIS. The framework is also aligned with Information Technology Infrastructure Library (ITIL®) and related standards from the International Organization for Standardization (ISO).

    There are five principles under COBIT 5:

    • Meeting stakeholder needs
    • Covering the enterprise end-to-end
    • Applying a single integrated framework
    • Enabling a holistic approach
    • Separating governance from management

    COBIT 5 helps organizations to maximizing the value of intellectual property, managing risk and security and assuring compliance through effective IT governance and management. COBIT 5 applies to enterprises of all sizes, whether commercial, not-for-profit or in public sector. Its users cover the the sectors of audit and assurance, compliance, IT operations, governance, security and risk management.

    COBIT 5 can help enterprises to:

    • Maintain high-quality information to support business decisions
    • Achieve strategic goals through the effective and innovative use of IT
    • Achieve operational excellence through reliable, efficient application of technology
    • Maintain IT-related risk at an acceptable level
    • Optimize the cost of IT services and technology
    • Support compliance with relevant laws, regulations, contractual agreements and policies

    COBIT 2019

    COBIT 2019 is the latest COBIT framework from ISACA and updated COBIT 5 in various ways including:

    • the introduction of new concepts such as focus areas and design factors allow for additional guidance for tailoring a governance system to the enterprise’s needs
    • providing new coverage of data, subjects and compliance
    • an “open-source” model that allows the global governance community to provide real-time feedback and proposed enhancement which will be incorporated into the existing framework
    • more flexibility that allows user to choose both targeted project-based uses for specific problem-solving situations or comprehensive enterprise-wide adoption to drive business transformation

    While ISACA updated the COBIT framework with COBIT 2019, COBIT 5 materials are still available. In addition, ISACA will continue to support the accreditation and delivery of the COBIT 5 training and certificate schemes.



Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.