This special version of CobiT is a baseline for many small to medium enterprises (SMEs) and other entities where IT is not mission-critical or essential for survival. It can also serve as a starting point for enterprises in their move towards an appropriate level of Control and governance of IT.
The strategic nature of IT to the business is evaluated, a self-assessment form has been developed and exceptions are reviewed. Those enterprises for whom the strategic nature of IT is relatively low, who fall within certain ranges on the self-assessment and who do not have any of the exceptions that might indicate a higher level of dependence on IT are considered SMEs.
This publication was developed in response to comments that CobiT, in its complete form, can be a bit overwhelming. Those who operate with a small IT staff often do not have the resources to implement all of CobiT. This subset of CobiT includes only those control objectives that are considered the most critical, so that implementation of CobiT's fundamental principles can take place easily, effectively and relatively quickly.