Many practitioners in the industry try to learn/approach a domain through a framework or standard – where it should be the other way around!  Understanding the specific nature, context and challenges of a domain can make selection and adoption of standards and framework much more beneficial. Understanding the context of  Service management –> IT Service Management and then look at ITIL and/or ISO/IEC 20000 is a case in point. Many attempt to understand IT Service management domain through ITIL and ISO/IEC 20000. 

This problem is not limited to ITSM domain alone. It is equally applicable to Information Security, IT governance etc. 

Just blogged my thoughts on the same on our Wings2i official blog: http://wings2i.wordpress.com/2013/05/23/understand-the-domain-and-then-use-a-framework-or-standard/

Your feedback and comments are welcome

It is high-time the Information controls (especially Information security controls) move into a mode of ‘Protecting’ (‘Provide and Protect’ – the phrase I borrowed from a colleague, as I liked it very much! or even better: “Protect and enable“) than ‘Controlling’.

Many organizations get into a false sense of achievement in ‘control’ and ‘compliance’  by putting stringent information security controls (technical or procedural) – to the extend of restricting or handicapping the business itself!

Here are a couple real-life cases I had experienced recently:

  • In a global organization where they hired me as a consultant – I had to go in to discussions with just a notepad; as getting an external laptop inside involved a huge procedure and a series of justifications and approvals! The team didnt find it ‘worth the pain’. Talk about productive output from an external consultant you are hiring!
  • A corporate where i was conducting ITIL workshops opted NOT to go for a prometric exam conducted in their premise (though we all agreed that could be the most optimal and cost effective option for them) – Since getting an external server connected to their network involved (in their words), ‘too much of procedures’ and ‘too much of pain to get all approvals etc’.

Here we can argue on all the sides – justifying the actions of all parties involved, with fairly genuine arguments on all sides.

Add on to this – a negative perception created in the mind of business users.  (more…)