Archive by Author

On ITIL, VeriSM, IT4IT, ITCMF, practices and principles…

Although the interest in ITIL is declining on a global scale, AXELOS (the owner of ITIL) is still acting as before: a new version of ITIL will be launched in Q1 2019 and this new version is ready to support you in coping with the “Fourth Industrial revolution”. Quite a statement. And it’s now again identified with a number (‘4’) instead of a year (‘2019’) – something they said they wouldn’t do again…

This new ITIL version is “best practice” again, instead of just “good practice”. As AXELOS says: “Research has confirmed that ITIL remains best practice for the ITSM industry“. They know this, even before ITIL 4 has been developed and published.

This means that the announced update of ITIL was postponed at least half a year. The core elements will remain the same and all current certifications will continue to be recognized. This implies that ITIL 4 will only cover extensions. The new version says it will include practical guidance on how practices such as DevOps, Agile and Lean are associated with ITIL. But wasn’t that the claim that was already made by VeriSM, half a year ago?

And have they learned from the past? AXELOS now says they have a “Team of Lead Architects” instead of just one Lead Architect. That sounds like a reward system for the involved individuals: “I am a Lead Architect for ITIL, hire me”. And instead of a select team of senior experts, they now have “The ITIL Development Group”, covering more than 2,000 members and they’re asking for even more. Ever tried to produce a book with more than 100 participants? I can assure you that this either leads to one hell of a job, or to ignoring their contributions. Unless they simply don’t contribute, of course. AXELOS claims to already have a group of participants of >2,000, so that may explain part of the delay. Anyway, the new approach yells ‘practice’ all over.

And what about IT4IT?

Launched in 2015 by the Open Group, based on the HP & Accenture repository, it delivered a full-blown practice-based framework, like the ones we know from ITIL and COBIT. Was IT4IT the next threat to the IT market? The horribly complex ”reference architecture” seems to emphasize the vendor business model of complexity once again. Announced as a “game changer” at its launch, it is hardly heard of any more. More on IT4IT: here.

And what’s happening to VeriSM, in the mean time?

VeriSM was launched at the end of 2017, as an alternative approach, based on existing “best practices”. It immediately created a series of books, consultancy profiles, training programmes and exams – completely analogous to the business stategy of AXELOS, but with a set of business partners that was chased away by AXELOS in it’s effort to boost ITIL turnover with just one exam partner. After an overwhelming flood of attention in the first months of 2018, it seems to slow down a bit now, as people are asking the big question “what help does VeriSM bring me as a practitioner?”. The answer seems to be more in terms of “understanding how to approach and apply various existing best practices”, than in terms of providing specific support that wasn’t already covered elsewhere. This actually holds a promise of a bit more “principle” than the traditional practice-based approaches, but unfortunately VeriSM doesn’t deliver the solution with that promise: it remains with a high-level analysis of options to be used for a service management architecture, but it doesn’t deliver the architecture itself. Read more on VeriSM.

And IT-CMF, the product of the Innovation Value Institute?

Offering an integrated management toolkit, covering more than 30 management disciples, with organizational maturity profiles, assessment methods, and improvement roadmaps for each, this academic product may be considered a well-kept secret. It’s used within large organizations, it’s very practical, and it leans on more than just best practices. But again, IT-CMF offers predominantly practice support, be it on a more strategic level than the frameworks I mentioned above. Read more on IT-CMF here.

Practices or principles?

All of these frameworks still lean heavily on practices. Promoted by consultancy firms and supported by tool vendors, they illustrate a focus on where the current problems are felt, i.e. where their money is made. Solutions are always fitted into terms of provider offerings, not in terms of organizations learning to manage their own business in better ways. This approach is predominantly executable.

This is opposite to recent strategies followed in the Netherlands, where methods are gaining traction. These methods support principle-based strategies that aim for improving the control capabilities of organizations, by stimulating a self-learning path based on the understanding and application of management systems that follow a clear service management architecture. These approaches are predominantly learnable and they enable a well-considered application of a wide array of practices (from the popular frameworks).

These methods are still low in volume, as they do no provide an easy business model for supporting vendors: the focus is on improving the customer’s capabilities, and the result of that strategy is likely to end the provider’s turnover rather sooner than later. Nevertheless, more and more organizations are adopting these method-based approaches, as they obviously add value in a much simpler and more sustainable way than the traditional complexity-based offerings of the “ITIL industry”.

The method-based approaches have some very critical benefits over the traditional practice-based approaches:

  • The organization invests in its own capabilities, climbing up the value-based maturity ladder.
  • The level of control is accelerating, enabling the organization to save themselves better and better.
  • Services can better be aligned to customer’s requirements, as the organization is more in control of its own service delivering capabilities.
  • Tools can better be aligned to operational requirements, as the organization is more in control and it has more of a service management architecture in place.
  • It saves the organization “a bundle”, as they don’t have to hire or buy external resources at the traditional level any more.

It may be clear that – as long as vendor strategies are the dominant forces for innovation of service management strategies – only customers that have strong leadership in place, will be able to profit from these method-based strategies.

Introducing a Service Management Method

evolutionThe Netherlands are way ahead of other countries in terms of systematically and methodically improving service organizations – at least that’s what I think.

I’ve decided to write a series of 10 blogs on this topic, not on my own website, but at LinkedIn.

 

 

 

 

 

In these blogs, I will describe:

  1. Introducing a Service Management Method
  2. The Origin of Service Management Methods
  3. Context and Mission of a Service Management Method
  4. Elements of a Service Management Method
  5. Deploying a Service Management Method
  6. Deliverables of a Service Management Method
  7. The SMM deployment: formal, light or DIY
  8. Practical goals of a Service Management Method
  9. The budget structure of a Service Management Method introduction
  10. Cost reduction and DIY projects with an SMM

Taken all together, these blogs should provide a manual for any organization outside of the Netherlands, to at least understand what has been going on here for the last 15 years. Any questions? Respond at the LinkedIn blogs or send a direct personal message through this website.

 

Mathematics and IT Management, or “What are objectives of COBIT’s management processes?”

COBIT 5 clearly describes the COBIT process reference model as just “an example of a process model”. It then says that any local process model would do, if it only covers the basic governance and management objectives:

“In theory, an enterprise can organize its processes as it sees fit, as long as the basic governance and management objectives are covered. Smaller enterprises may have fewer processes; larger and more complex enterprises may have many processes, all to cover the same objectives.”

This means that we would have to be able to define an alternative process model that complies with this requirement of “covering the basic governance and management objectives”. If we could find that, it would make COBIT available to smaller and less complex organizations, which IMHO would be “a good thing”.

COBIT 5 lists three main governance objectives: benefits realization, risk optimization and resource optimization. Generic objectives of the larger group of management processes are not defined; COBIT only says:

“Practices and activities in management processes cover the responsibility areas of PBRM enterprise IT, and they have to provide end-to-end coverage of IT.”

The COBIT 5 core book defines processes through the following statements:

  • “Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.”
  • “A collection of practices influenced by the enterprise’s policies and procedures that takes inputs from a number of sources (including other processes), manipulates the inputs and produces outputs (e.g., products, services).”

It then says:

  • “Process controls are generic control objectives…”

Looking at a description of a single process, I only find fields covering “purpose” and “goal“, but not a field for “objectives“.
The definition of objective is: “Statement of a desired outcome“.
There is no use of the term “outcome” in the practice or in the process definitions.

This leaves me with the question: “What are objectives of COBIT’s management processes?”.

These objectives would be required to demonstrate that an alternative process model complies to the COBIT requirement of “covering the basic governance and management objectives”. But where are these objectives described so I can test the alternative process model against these requirements?

My question was however answered by a good friend from the field of standards and frameworks, Geoff Harmer, a great expert. Geoff explained that the outcomes appear in the Process Assessment Model (PAM): Using COBIT 5 (the “PAM book”) in Chapter 3 pp. 15-114. E.g. For process DSS02 Manage Service Requests and Incidents the outcomes are:

  • DSS02-01 IT-related services are available for use
  • DSS02-02 Incidents are resolved according to agreed-on service levels
  • DSS02-03 Service requests are dealt with according to agreed-on service levels and to the satisfaction of users.

The Process Assessment Model (PAM) requires processes that are going to be assessed to be defined using a Process Reference Model (PRM) and a PRM must be conformant with the ISO 15504 Information Technology — Process Assessment’s viewpoint and that is what the PAM book does. This means Process Purpose, Outcomes, Base Practices and Work Products (i,e, inputs and outputs) must be defined for each COBIT 5 Process.

So, in fact, the objectives and the outcomes I was looking for are there in COBIT, but they are called goals (in or Process goals (in the Enabling processes book).

Geoff goes on and then explains that what are called Base Practices in the PAM book are called Management Practices in the Enabling Processes book (or Governance Practices for the governance processes: EDM01, EDM02, EDM03, EDM04 and EDM05). Management practices are equivalent to what earlier versions of COBIT called Control Objectives.

And then I realized that COBIT is an acronym for Control Objectives for Information and related Technology.

I must admit that I’m rather lost with all of this. Actually is supports my opinion that the IT industry is making things much more complex than it should be. After all, if you can’t explain it clearly in a few words, how is it ever going to work for us?

You can probably imagine why I prefer mathematics over IT management 😉

ISO makes a mess of (IT) Service Management

FRAMEWORKS-137x206If you want to comply with international guidelines for (IT) service management, should you apply ISO9001 to your service management domain, should you apply ISO20000 because it claims to do exactly that, or should you use the ISO/IEC TR 90006 guidelines that describe how to apply ISO9001 to IT Service Management and how to integrate it with ISO20000? As so often, I’m completely lost….

 

ISO20000 was supposed to be the international standard for IT Service Management. It was published in 2005 by means of a fast track voting procedure, based on the British standard BS15000, after two voting rounds – the first one didn’t get enough support to promote BS15000 to an international standard. A bit of lobbying did the trick, and the ITIL-based British standard got its international status. As you may expect, the regular commercial circus applied to the new situation. The industry developed products and services around the standard, and the regular cat-fight between providers, including the itSMF, started, distracting the business from the content of what was supposed to be delivered.

ISO20000 was delivered in 2005 by the ISO Sub Committee 7 of the Joint Technical Committee 1, aiming for something that obviously wasn’t there: a quality standard on IT service management. Obviously – in their eyes – ISO9001 wasn’t sufficient to cover the guidance for quality management in the IT service management domain.

Six years later, ISO20000:2011 was released to align closer to ….. yessss…. …..drums …… ISO9001!

ISO9001 had been subject to some serious re-engineering, because it devaluated in the nineties, being abused through scoping tricks and other ‘smart’ use of the label. It was revised in 2000, and again in 2008, putting more weight on the customer perspective, but it had lost most its former position. Nevertheless it had a powerful community of users (and of course providers of derivatives). This community was not too happy with the results of ISO20000. After all, ISO9001 already pretended to deliver the standard on service management….

As usual in markets where money is to be made and where business positions are getting lost, the call for a ‘better’ standard got louder and louder. But would the ISO organization allow for yet a third standard for the IT service management domain?
No – they pulled the TR rabbit out of the hat.

Technical Report

A TR is Technical Report, of an entirely informative nature, used in exceptional circumstances, when ISO has run into information that should be published, but cannot be published in the format of a regular standard. That – clearly – was the case here: a third standard was totally unacceptable, and neither one of the two involved parties was willing to merge into the other.

So here it is: ISO/IEC TR 90006:2013, explaining how we could use both ISO9001 and ISO20000-1, applying ISO9001 to IT service management, and integrating it with ISO20000. Do you still follow?
The introduction and scope clauses of ISO/IEC TR 90006 state:

‘This Technical Report provides guidelines for the application of ISO 9001:2008 to IT service management. It also provides guidelines for the integration of a quality management system (QMS) and a service management system (SMS).

This Technical Report provides a comparison of the requirements of ISO 9001:2008 and ISO/IEC 20000-1:2011. It highlights those areas where there is the greatest similarity between the two management systems, and where there are differences between the two.’

TR 90006 has endless tables that explain the differences in meaning of ISO9001 terms and ISO20000-1 terms. Without setting either one as the standard to be used in practice. It explains the difference between Quality Management Systems and Service Management Systems. It illustrates which processes are described in ISO20000-1 that are missing in ISO9001 and vice versa, but as usual it discusses practices instead of processes. Etc. Etc.

Synergy!

“One business benefit of an integrated management system can be that the organization does not have two management systems with duplicating and contradictory requirements.”

This quote from the TR 90006 actually says that multiple ISO standards that are supposed to support the same environment, can contradict each other…. TR 90006 then continues with statements that integrating ISO9001 and ISO20000-1 would deliver various forms of synergy in processes, systems, etc…. Wow!! Do you still follow? Who would have thought of that?

Synergy?

Now, if we accept that ISO9001 does not align fully to the goals and requirements of ISO20000-1, and ISO20000-1 does not align fully to the goals and requirements of ISO9001, why not just improve the one, or the other, or better: improve both, so they would align to the sum of the parts? Just imagine: ISO20000 could then be moved to the position of an ISO9000 sub standard, describing how the ISO9001 requirements apply to an IT service management environment…..
But no – that would be asking too much of ISO.

This can only be a sign of vested interests in the communities defending the separate standards. Obviously, the ISO organization has no control over this, or they would not have published an “exceptional” TR that re-establishes both existing standards in their respective position.

Options?

Now, where would you put your money? In the ISO9001 standard that was devaluated so dearly, but still is the official quality management standard? In the ISO20000-1 standard that has only been successfully deployed in a small number of countries, and that is still not adopted in any significant numbers, even after 10 years? Or in an integration of the two, although they obviously do not align easily? Or perhaps in none of them?

Value

Let me be clear: there is much value to be found in ISO9001 as well as in ISO20000-1, even though the risk of running into the usual pitfalls of complexity is significant. But applying it the way we have done for decades now, is definitely not delivering the value we expect to get from it.

My advise? Quit the whole charade, look at the other end of the stick, get your management system in order, and get in control of your service management by adopting a straightforward method. It has been proven in practice that it will save you the cost of ‘implementing’ any of the aforementioned standards (or large parts of others like ISO27000), it prepares you for any new ‘contemporary’ set of requirements from your external regulators (who follow the ISO standards), and it will simplify the way your service organization works, in such a way, that you will finally be able to do what you were meant to do: support your customers in a simple, understandable, and effective way.

It’s already there, you just have to pick it up…

Have a peek at Service Management Architecture and Service Management Methods, to see what’s available out there…

Is IT4IT the next threat to the IT Management market?

AAEAAQAAAAAAAALeAAAAJGU3ODBlNTE1LWY3OTItNDVmMy05M2VmLTA4NDgwNzU5OTQ1MQThe Open Group has adopted a new product: the IT4IT reference framework. The market seems to be responding well to this new leaf at the IT management tree.

As usual, consultants will be jumping the bandwagon to profit from from this great new opportunity to distinguish themselves from the competition, and to deliver the next big thing in their consultancy portfolio.Customers will simply have to follow up, as they really shouldn’t miss this great opportunity to solve all their problems with this magic stick.

 

Am I judging too hard? Too cynical? Maybe. But that may help to get the message across.

Why should a warning be in place here? After all:

  • the model works from an architecture point of view….
  • the model embraces popular frameworks and standards…
  • the model is supported by several large, global vendors…
  • the model is owned/managed by a global consortium of 450+ member organizations…

That should be a guarantee for success and value delivered, wouldn’t it? After all, ITIL (with the itSMF and now Axelos as the managing party) and COBIT (managed by ISACA) had the same signature, and these frameworks delivered great value to our world – in the sense that they delivered more value than cost. Haven’t they?

“The cost of ITIL and associated products can be ciphered in the order of 1 trillion dollars.”

And these illustrious frameworks were developed by the best minds available. The leading vendor companies in the market put all their knowedge together to bring us the solution. They provided the authors for the frameworks and the accompanying books. And they will provide the products that will help us solve it in our practice.

By the way – who created that mess? And who profits from it?

Now we have IT4IT. Initially set up by a number of vendors (Accenture, CapGemini, HP, PwC) and some user organizations (Shell a.o.), but then transferred to the Open Group, where it was handled by again some of the global leading consulting organizations and a number of user organizations (read Geoff Harmer’s analysis). The faces of IT4IT now are Accenture, HP, and of course a few customer organizations to avoid the idea of a commercial interest (Shell, Achmea).

Is IT4IT new?

Not really:

  • it adopts Porter’s Value Chain, published in 1985
  • it largely adopts the three-fold model of prof. Maarten Looijen, published in the late 1980’s (until recently a well-hidden asset of Dutch information management theory)
  • it follows the SAME model, documented as early as the mid 1990’s

Then why should this be the magic stick?

  • Because large vendors push it? History has demonstrated clearly that there is a huge risk in that strategy…
  • Because it embraces popular frameworks? If these frameworks have not delivered the solution, then why would you base a new one on the old ones? Adopting the popular frameworks unfortunately is a guarantee that the historical errors in terms of process management are inherited.
  • Because it is process-based? Unfortunatly, IT4IT also finds its roots in a best practice approach, where processes have essentially been ignored and results were based on procedure and work instruction level instead.
  • Because it adopts an architecture starting point? Now there we have an argument… At least this offers the opportunity of a more solid, principle-based approach that could align with any practice. A Service Management Architecture (SMA) has long been missing in this market.

How can we profit from this opportunity….?

  • as usual: be critical, beware of the hype
  • as usual: don’t trust the majority of vendors who want to sell you a solution, unless you have completely understood what they actually offer
  • as usual: find yourself a methodical approach, and then use the offered frameworks as references for your dot on the horizon.

Should you avoid IT4IT? Definitely not. It encompasses some major improvements compared to the ‘old school’ frameworks. I invite everyone to read more about it.

Should you adopt IT4IT as-is? Definitely not, like you should not adopt any of the other frameworks as-is. IT4IT is not a method. It provides guidance, but you will only be able to achieve your result effectively and efficiently if you have your own management system firmly in place.

Is IT4IT a threat for the IT management market? For vendors, it’s a great new asset to profit from ignorant customers, delivering complexity that generates turn-over. For customers, it’s a great opportunity to adopt some architecture into their management system. For both, it’s a great opportunity to take a step forward towards value delivery, both in consulting and in IT service management. It can get you closer to the long desired business-IT alignment. But I’m afraid only a limited number of vendors and customers will be able to really profit from this – as history has shown so abundantly.