🌐 Live Medical Devices & Diagnostics

COBIT 2019 Framework — Governance and Management Objectives

ISACA framework for enterprise IT governance and management covering 40 objectives across alignment, delivery, risk, and resource optimisation. Applies to organisations managing enterprise IT.

5

Rules extracted

263

Obligations decomposed

52.6x

Avg obligations per rule

🌐 International

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

5

Rules

Decomposed

263

Obligations

52.6x

Decomposition ratio

Each rule is decomposed into an average of 52.6 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 263 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in COBIT 2019 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
COBIT 2019 Framework — Governance and Management Objectives
Regulatory body
Information Systems Audit and Control Association
Jurisdiction
🌐 International
Document type
standard
Effective date
April 1, 2019
Industry
Medical Devices & Diagnostics

Who this applies to

all enterprises regardless of size or industryIT governance and management functionsboards of directors and governing bodiesIT management and operations teamsinternal audit and assurance functions

Key requirements

  • 40 governance and management objectives across 5 domains
  • EDM: Evaluate, Direct and Monitor (5 governance objectives)
  • APO: Align, Plan and Organize (14 management objectives)
  • BAI: Build, Acquire and Implement (11 management objectives)
  • DSS: Deliver, Service and Support (6 management objectives)
  • MEA: Monitor, Evaluate and Assess (4 management objectives)
  • management practices for each objective
  • capability levels and process assessment

Frequently asked questions about COBIT 2019

What is COBIT 2019?
ISACA framework for enterprise IT governance and management covering 40 objectives across alignment, delivery, risk, and resource optimisation. Applies to organisations managing enterprise IT.

Who does COBIT 2019 apply to?
COBIT 2019 applies to all enterprises regardless of size or industry, IT governance and management functions, boards of directors and governing bodies, IT management and operations teams, internal audit and assurance functions.

How many obligations does COBIT 2019 contain?
AuditDSS has decomposed COBIT 2019 into 263 atomic obligations from 5 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of COBIT 2019?
The key requirements include: 40 governance and management objectives across 5 domains, EDM: Evaluate, Direct and Monitor (5 governance objectives), APO: Align, Plan and Organize (14 management objectives), BAI: Build, Acquire and Implement (11 management objectives), DSS: Deliver, Service and Support (6 management objectives), MEA: Monitor, Evaluate and Assess (4 management objectives), management practices for each objective, capability levels and process assessment.

How can I assess my COBIT 2019 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 263 COBIT 2019 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces COBIT 2019?
COBIT 2019 is enforced in International by Information Systems Audit and Control Association.

When did COBIT 2019 come into effect?
COBIT 2019 became effective on April 1, 2019.

What industry does COBIT 2019 apply to?
COBIT 2019 is primarily relevant to the Medical Devices & Diagnostics industry. AuditDSS covers 64 regulations in this industry sector.

Build a COBIT 2019 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for COBIT 2019 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering COBIT 2019 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine COBIT 2019 with other regulations into a single unified compliance pack for your business.

Build COBIT 2019 compliance pack

Already have a policy? Assess it against COBIT 2019

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 263 obligations

Your document is scored against every obligation in COBIT 2019. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Medical Devices & Diagnostics

🇺🇸 Live

Anti-Kickback Statute

38 rules, 1,238 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

SOCI Act 2018

10 rules, 32 obligations
🇦🇺 Live

TGA Act 1989

13 rules, 199 obligations

Assess your COBIT 2019 compliance

Upload your document and get a risk-scored gap analysis against 263 COBIT 2019 obligations in under 5 minutes.

Start assessment Browse all regulations