The IT Process layer defines the policies and processes for managing IT infrastructure and operations, taking into account IT Governance and Application Lifecycle Management (ALM). It includes the alignment of IT processes to support business functions and the organization’s goals. This layer is about the definition, measurement, and correlation of IT processes to ensure a full audit trail with targeted reporting to enable transparency across all processes and compliance requirements.

This layer is one of the points in the model where IT and business intersect. IT exists to run the business, and IT evolves to support its changing requirements. IT Process includes defining processes associated with Key Performance Indicators (KPIs). Measuring process effectiveness across the organization lets you make appropriate improvements. Good IT processes can move IT from being merely tactical to having strategic business impact across the platform. ALM components in IT Process help IT rapidly build and adapt applications to support dynamically changing business requirements. Strict lifecycle management on deployed operating systems, for example keeps costs down by reducing the number of platform versions applications can be deployed on.

Business policies define IT processes. For example, extensive auditing throughout a large company’s enterprise IT architecture, uncommon ten years ago, exist today because governmental requirements such as Sarbanes-Oxley and HIPAA require detailed tracking. These regulations created new business policies, which in turn triggered IT processes.