I was recently reminded of something that Malcolm Fry – a well-known expert in the IT service management (ITSM) community – said at the Service Desk and IT Support (SITS) event in the UK many moons ago: “When are we going to stop lying? No one is going to do all of ITIL”. I’ve known Malcolm for a long time now, and we agree on so many things, and this is definitely one of them. It also raises the opportunity of ISO 20000 in the context of ITIL.
This article looks at how the ISO 20000 international standard for ITSM can help organizations to make the most of ITIL best practice or any other approach.
Why do we make it so hard to consume ITSM best practice?
Despite Malcolm’s comment – which was probably heard by far too few people – many IT organizations get pushed to “implement” ITIL, and don’t know how to do it. Leaving to one side for a moment the argument that you can’t “implement” ITIL because it’s only guidance on good practice, many faced with the challenge start by looking at the core ITIL 2011 books (all 5 of them). And anyone faced with this extensive body of knowledge would be forgiven for being overwhelmed by the sheer size and volume of content. In the past, I’ve told people to get a life and not bother reading the ITIL books (slightly tongue-in-cheek but with a serious message). I’d like to take this a bit further and provide some practical advice for those being challenged to “implement” ITIL and the opportunity of ISO 20000.
Start with the ISO 20000 standard
Start by ignoring ITIL for a moment and look at the ISO 20000 standard – it’s a much easier read. Part 1 only has 26 pages of content and this is the only bit you need at this stage. Plus, you don’t even need to read it – you can find a qualified ISO 20000 consultant to talk you through it and articulate the value and benefits in an hour. We usually do this for our customers free of charge.
I usually describe ISO 20000 as being the minimum level at which you can demonstrate you’re competent at ITSM. It’s not designed to be the absolute pinnacle of best practice, it’s supposed to be what you need to be able to demonstrate that you adequately support your organization.
If you don’t measure up against the requirements of the ISO 20000 standard, then you need to improve – and to do it quickly.
Consider taking a business service management approach
Business service management (BSM) is about understanding how the corporate technology function supports their business colleagues and customers. ISO 20000 requires you to demonstrate how well you do this, and therefore can be seen as a necessary step in BSM.
However, it’s not just a “tick in the box” exercise – you get real value from using ISO 20000 as it includes the most necessary parts of an effective ITSM capability. Many might find ITIL 2011 too difficult (which is something I’m hopeful the upcoming ITIL update will address) and most organizations will never need to do all of ITIL (which is why ITIL has always been sold as “adopt and adapt”).
Remember that ITIL is suggested good practice, it’s not designed to be implemented, it’s there as guidance. So, use the bits that help you and ignore the bits that don’t.
Using ISO 20000 and ITIL
ISO 20000 might be much more useful to you in initially developing your ITSM capability and delivering improved and tangible value to your organization and customers.
The ISO 20000 standard is framework agnostic, so you could use it even if you don’t use ITIL at all. The language and structure is based on ITIL, but applies equally well to VeriSM, COBIT, IT4IT, or other approaches, individually or in combination as part of an Integrated Management System (what VeriSM would refer to as the “Management Mesh”). In effect it specifies the minimum amount of ITSM capability you need to be a competent service provider (internal or external).
So, in my opinion, ISO 20000 an excellent place to start, and could just give you exactly what you need to meet business, customer, and IT needs/demands and help realize significant benefits in terms of efficiency and effectiveness across your organization (through the use of ITSM best practice).
In fact, if you are – like many IT organizations – looking to undertake an ITSM capability/maturity assessment prior to your planned ITSM improvement activities, it’s worth getting an assessment of where you are against the ISO 20000 standard.
This can act as a baseline for your continual service improvement (CSI), and it typically only takes a couple of days to perform. This will tell you exactly where you are in your ITSM/BSM maturity, and identify many opportunities for benefits and value (efficiency and service quality improvements, cost reduction, etc.). So, why wouldn’t you look at ISO 20000?
Matthew Burrows
Matthew Burrows currently serves on the SFIA Council, is Chair of the itSMF International Ethics Review Board, and contributes to the Service Management industry and the development of best practice – including as Design Authority for SFIA.
He is Director and Principal Consultant of BSMimpact, an ISO/IEC 20000 qualified consultant and auditor, and SFIA Accredited Consultant, specialising in implementing pragmatic business service management solutions rather than just theoretical consulting. He has considerable practical and operational experience of Service Management.
Matthew’s authoring credits include SFIA (Skills Framework for the Information Age), Service Management, Portfolio and Programme Management methodologies, white papers, books, articles and publications.
2 Responses
To begin it is always nice to read someones thoughts about BSM, especially because it has to little attention and looking at its benefits most modern organizations should have it implemented by default. I have a retail background and around 20 years experience with APM and BSM in all sorts of organizations and situations. Therefore I have to make some remarks about your article, as there is certainly some truth in what you write. But also some elements which wrongly read do more harm than good.
First, the remark from Malcolm is basically a lie in itself, simply because the foundation of ITIL never has and never will say that you have to implement everything. I don’t know the situation in which Malcolm made this statement (perhaps a specific audience needed this kind of sentence), so maybe I should say Malcolm didn’t speak the entire truth about ITIL. ITIL is a framework which for the lesser educated means it’s simple a toolbox. And with every toolbox, you only use the tools that you need for a specific situation. In other words, ITIL fits every organization and any situation as long as you, the person who wants to use the ITIL toolbox, knows and understands that organization and therefore are able to pick the right tool(s). And that is the problem ITIL faces, many of us so called IT Experts/Architects/Consultants or whatever new name comes up, do not know the actual organization because most of us are simply hired for the job and to often are too limited to look beyond IT and look at the real organization and how IT and ITIL tools fit in and add value to that business. So in my opinion the problem is not ITIL vs ISO20000, but having the right person with the right set of skills for the job…..
But comparing ITIL with ISO/IEC 20000 is a nice thing in itself. ITIL is not prescriptive which ISO20000 is by definition. ITIL suggests what can be used in certain situations, while ISO20000 hard demands that you comply to 256 requirements. In favor of ISO20000 this means that you know what is needed to be able to have that certification, and you can work towards that goal. But it doesn’t mean it is a better fit for an organization that wants to implement BSM, because BSM is not entitled to IT only, and therefore depends on much more within an organization than simply be ISO/IEC20000 compliant or have ITIL partially or completely implemented. BSM is about Managing a Business Service, which is basically the same as with SCM which means Managing a Supply Chain. The added value of BSM lies not in ISO20000, but in the fact that you measure and monitor the entire chain, End2End, and know whenever something happens, what is causing it, what the effect is on the production of the chain and which mitigation measures have to be taken to reduce the impact. In short, IT is only a very limited part of that process.
I truly mean it when I say that I am a huge fan of reading these kind of articles. So please do continue writing them, regardless my, and hopefully others, remarks.
Quite an insightful read on how to go about using ISO/IEC 20000 and ITIL..