1.1 General This International Standard establishes a common framework for application management processes with well-defined terminology that can be referenced by the software industry. It contains processes, activities, and tasks that apply during the stage of operation and use from the point of view of the supplier organization that enhances, maintains, and renews the application software and the software-related products such as data-structures, architecture, designs, and other documentation. This International Standard applies to the supply, maintenance, and renewal of applications, whether performed internally or externally with respect to the organization that uses the applications. Application management comprises all of the tasks, responsibilities, and activities with the aim that the support of business processes by applications continues to meet the requirements and needs of the organizations that use these applications throughout the entire life span of their business processes. This International Standard therefore focuses on the following: day-to-day management of applications (the software) and the related data structures and support of costumer organizations, including handling calls such as incidents and service requests; maintenance and renewal of applications and data structures in accordance with changing requirements and needs; opportunities, threats, and changes in the business and/or technology that influence the future of the applications and, based on that, the strategy for maintaining and renewing the applications; organization and strategy of application management organizations. Before retirement, the life cycle of an application consists of two important stages: the stage of initial development of the application and the stage of operation and use (when the software is in use, in operation, supported, modified, and renewed). This stage of operation and use is the subject of this International Standard. The initial development of an application is not within the scope of this International Standard, however the project that is responsible for the initial development has to take the requirements of the application management organization that will enhance and maintain the application into consideration. This means that the application management organization will ask the project to deliver initial requirements, architecture products, design, standards, and other documentation, in order to use these products during enhancement and maintenance. In the stage of operation and use, the following three domains play a role: business information management representing the business and end users of the application (use); IT infrastructure management hosting the application (operation) and maintaining the technical infrastructure; application management supporting the use and the operation; maintaining and renewing the application software and data structures. Business information management constitutes the demand side of information technology (IT) and information provisioning. Business information management is responsible for supporting users in the use of the information provisioning and represents the business organization as the client of the ITsuppliers. Business information management acts as the customer of the IT organizations (application management plus IT infrastructure management). Specific tasks of business information management include the following: support of end users in how the information provisioning are to be used; define how information and IT are to look like (the functionality, the appearance, etc); advise and support business management with the prioritization of requirements and management of their budgets for IT; assign work to IT providers and monitor their delivered services; define long term policy and plans regarding the information provisioning. IT infrastructure management is responsible for managing the operation of the information system, including maintaining the infrastructure (e.g. network, hardware), running the software, and data processing. In brief, this is the organization that runs the information systems and aims to keep the infrastructure in good order. The activities of business information management and IT infrastructure management are closely related to application management but not within the scope of this International Standard. Application management is responsible for the management and maintenance of the application and definition of the data structures used in databases and data files. This form of management requires knowledge of software programming, information system development, design, day-to-day management of applications, and application maintenance. Core qualities of the application management personnel are in-depth knowledge of the customer or (at least) in-depth knowledge of the customer’s business processes and in-depth knowledge of the existing applications (application objects), design, architecture, etc. This International Standard consists of the following three levels of processes: operational; managerial; strategic. These process levels and the processes are interconnected with one another. Figure 3 provides an overview of the processes within each of the process levels. There are no separate processes defined for security, issues, risks, and/or vulnerability. These topics form an important part of the Continuity Management Process, but they are also part of other processes. Security, for instance, is an important part of the functionality of the application, so it is addressed in the Impact Analysis process and dealt with within the specifications of the application and defined in the Software Design Process and also within the service levels and, therefore, specified in the Agreement Management and Supplier Management Processes. Other processes which deal with these topics are the management processes planning and control, quality management and financial management, and, for instance, the strategic process technology definition, where risk and vulnerability are important features.