Other frameworks & Standards

We can always ask: “What’s in a name?”. But the fact of the matter is most often than not, the name (or title) is of utmost important in setting perceptions and acceptance, when it comes to books, standards and other key documentations at least.

ISO/IEC 20000, the standard has evolved with specific focus on IT Service management.  However, in its 2011 edition of the standard, there seemed to be a clear effort to elevate the standard to a generic Service Management focus – to make it applicable to any Service organizations, IT or non-IT.

A major roadblock in this elevation and global acceptance as a generic standard could be the term that remained in its title: “Information Technology (IT)”. The standard title remains to be: “Information technology — Service management”.

I have written in an earlier post regarding the confusion that exists in this matter.

I have come across more than one organization (Non-IT) who are hesitant to adopt ISO/IEC 20000 – just because the standard title specifically refer to Information Technology infrastructure Library.

I do understand there could be internal, technical reasons within ISO to keep the title as is; however, it is also important to understand the majority of the adopters and practitioners remain unaware of (or quite understandably, don’t care) about them.

And we can also see that this is not just an issue with the ISO/IEC 20000 standard alone.

The global standard for Information Security , ISO/IEC 27001 also carries the title:  “Information technology — Security techniques — Information security management systems”. (This is retained in the latest, 2013 edition as well). (more…)

I finally managed (delay due to my work and other pressures) to go through the ‘Standard+Case’ (S+C) approach that Rob England (The ITSkeptic) has come up through the Basic Service management site as well as the recently released book of his (Haven’t got to the book myself yet, will get soon!).

The concept and approach is definitely pretty interesting and useful in an ITSM (and of course generic Service management) context – more specifically in service support world of incidents, Service requests and problems.

ITIL® has been dividing the support requests (or tickets in a more popular terminology) into Incidents, Service Requests, Problems, Change requests, Access requests etc  – to be handled by respective, best-practice driven, processes.  The process–driven approach of ITIL® (which the framework has been trying to shrug-off not-so-successfully through the Lifecycle approach of V3 and 2011 editions) has been often criticized to create process-silo in organizations.

The S+C approach kind of cuts the support domain in a different plane. Irrespective of the request to IT  is incident, Service request, Problem , change or any other , the approach to the response can be broadly classified into two:

  • Standard: Predefined because they deal with a known situation, known solution, well defined actions etc.
  • Case: An unknown or unfamiliar situation that rely on the knowledge, skills and professionalism of the person dealing with them

ITIL® has references to concepts to practices such as Incident models, Request models etc which in a way relate to the Standard cases. However, it is not as distinctly and prominently established as would be, if someone adopts an approach like the S+C model.

The key points that I like about the model and approach are:

  • It is complementary to ITIL®or any other models. It doesn’t try to say ITIL® is wrong and hence here is the alternate way of doing ITSM. I have a strong belief in the basic structure and principles of ITIL®, and anything that complements or enhances or fine-tunes the existing principles are the ones I personally, would want to adopt.
  • It is very simple(as opposite to ‘complicated’ and not to ‘difficult’) yet powerful– small organizations and those organizations who are not familiar with and/or established the concepts of Incident, Problems, Service requests etc. can still adopt the approach onto their existing practices.
  • Easier way of communicating to business or non-IT and agreeing on timelines, SLAs etc. As Rob has mentioned in the introduction to the model, it is a terminology/approach already in use in many other service scenarios such as hospitals, law and order, etc.
  • The approach of ‘adaptive case management’ and not trying to put Cases into a defined process – this has been a concerning factor for me in ITIL® problem management,  to some extent in Incident/Major Incident handling and in some instances of business requests for new/changed services.

However, the following points are also worthwhile to be noted: (more…)

Some of the definitions of terms in ISO/IEC 20000 fall short of expectations from an international standard, to say the least.

Of course, Improvements are visible such as this:

ISO/IEC 20000: 2005 defined “Service Provider” as: “the organization aiming to achieve lSO/lEC 20000”!.

ISO/IEC 20000: 2011 has a better definition: “organization or part of an organization that manages and delivers a service or services to the customer”.

However, more concerning are definitions which can create conflict or misinterpretation such as that of Incident are still existing:

The ISO20k:2011 defines Incident as:  “Unplanned interruption to a service, a reduction in the quality of a service or an event that has not yet impacted the service to the customer Though there is no official acknowledgement, it is very clear that this is adopted from ITIL® V3. But in that case, it is a case of incorrect or incomplete adoption. Here is why:

The latter part of the definition, which I underlined above says “or an event that has not yet impacted the service to the customer” – Now this dangerously equates ALL events to Incidents! An event is something that affects the service (mostly exception events causing interruption or reduction in quality) or that doesn’t affect a service (warnings and regular operation events). With this loose definition,
all three types of events can now fall under the bracket of Incidents.

It may not be a major issue of compliance from ISO/IEC 20000 context – where there is no separate Event management process. However the following questions needs clarity:

  • Does ISO/IEC 20000 view entire event management process as a subset of Incident management? In such a case, the controls specified under Incident management don’t seem to be enough to take care of the requirements of an event management process.
  • So will every event trigger Incident management process? I hope this is not what is implied by the standard.
  • What is the meaning of the word event that is used by the standard in multiple places? Unfortunately there is no definition of the same.

Here are some other definitions in ISO/IEC 20000 that may create misinterpretations and confusions:


While IT evolved through cycles of improved capabilities, complexities and business dependency, IT Service providers started realizing and embracing the concept of IT Service Management.

 The approach of extending IT Services (in terms of facilitated business outcomes) to the business/customer, and relieving them from the complexities of the technology and operations behind it, has definitely put IT in a right track of Business-IT alignment and Integration. Various frameworks and standards like ITIL®, ISO/IEC 20000, COBIT etc has played a very crucial role in bringing the Service perspective into IT.

IT was “Infrastructure” management or “Application management” or “Operations” management. The concept of IT Service Management has shifted the mainstream focus from those underlying responsibilities and components to ‘Services’ (facilitating of business outcomes). The approach enabled the business and Customers to focus on “What” they receive in terms of outcomes from IT; rather than on “How” they were delivered.

Then the Cloud burst happened. I mean then the concept of ‘Cloud’ evolved!

The IT industry – probably deprived of using favourite technology discussions by all these “Service” talks in mainstream – grabbed it by both
hands; some even behaving as if this is one of the biggest invention after fire! Debates are all around – will frameworks like ‘ITIL’ survive such a cloud burst?

Many didn’t realize – or tend to ignore the fact that all these mainstream focus on Cloud in business circles is moving the whole Business-IT relationship a step back – to the era of “Infrastructure” management.

Cloud in ITSM
Change in ITSM with Cloud

Let us not forget the expected output of IT to business is still in the same lines as the “pre-cloud times” (!) – A facility to send emails, a business application functionality, a workflow capability, an automated information processing and so on. The “What” remains the same. Of course, the “How” is changed by Cloud – for the better, in terms of efficiency, scalability and cost-effectiveness; or at least supposed to be so.

On a lighter note, we can say – ‘CLOUD are not really beneficial to mankind and the world – but the RAIN is’!

 Having said this – the concept of Cloud is a significant development in IT. It can bring in huge advantages that can get converted into business value of IT. The complexities and challenges associated with Cloud need to be assessed and addressed. The benefits of this new way of managing IT need to be highlighted.

All these are essential; but not at the cost of shifting focus from the all-important business outcomes of IT. Hence the whole Cloud adoption will gain huge benefits by adopting ITSM best practices and standards into the complexities and capabilities of Cloud, rather than resisting or writing them off.