11Related guidance (SO Appendix A)
This chapter summarizes the frameworks, best practices, standards, models and quality systems that complement ITIL practices.
11.1ITIL GUIDANCE AND WEB SERVICES
ITIL is part of the Best Management Practice portfolio, published by TSO. Further information can be found at:
www.best-management-practice.com
and on the official ITIL site at: www.itil-officialsite.com
The ITIL glossary is accessed via the official ITIL site.
11.2QUALITY MANAGEMENT SYSTEM
It is helpful to align service management processes with any quality management system already present in an organization. Total Quality Management (TQM) and ISO 9000:2005 are widely used, as is the Plan-Do-Check-Act (PDCA) cycle, often referred to as the Deming Cycle.
More information can be found at www.iso.org and www.deming.org
11.3RISK MANAGEMENT
Every organization should implement some form of risk management, appropriate to its size and needs. Risk is usually defined as ‘uncertainty of outcome’, and can have both positive and negative effects. Management of Risk (M_o_R®), ISO 31000, Risk IT and ISO/IEC 27001 all provide guidance related to risk management. See Appendix G in ITIL Service Operation (Cabinet Office, 2011) for further description of risk management.
11.4GOVERNANCE OF IT
Governance defines the rules, policies and processes an organization needs to follow, and makes sure they are implemented consistently.
There are two ISO standards that relate to governance. ISO 9004 provides board and executive level guidance, and ISO/IEC 38500 provides for corporate governance.
11.5COBIT
Control OBjectives for Information and related Technology (COBIT) is a governance and control framework for IT management. COBIT looks at what needs to be achieved, and ITIL provides complementary guidance about how to achieve it.
Further information can be found at www.isaca.org and www.itgi.org
11.6ISO/IEC 20000 SERVICE MANAGEMENT SERIES
ISO/IEC 20000 is the standard for ITSM, applying to both internal and external service providers, although the standard is currently to be extended with the development of Parts 3 and 4:
- ISO/IEC 20000-1:2011 Part 1: Service management system requirements
- ISO/IEC 20000-2:2012 Part 2: Guidance on the application of service management systems
- ISO/IEC 20000-3:2012 Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1
- ISO/IEC 20000-4:2007 Part 4: Process reference model
- ISO/IEC 20000-5:2010 Part 5: Exemplar implementation plan for ISO/IEC 20000-1
- BIP 0005: A manager’s guide to service management
- BIP 0015: IT service management: self-assessment workbook (currently assesses against ITIL V2, to be revised via ITIL V3 complementary publications).
These documents provide a standard against which organizations can be assessed and certified with regard to the quality of their ITSM processes.
An ISO/IEC 20000 certification scheme was introduced in December 2005. A number of auditing organizations are accredited within the scheme to assess and certify organizations as compliant to the ISO/IEC 20000 standard and its content. The standard and ITIL are aligned, and ITIL best practices can help an organization looking to achieve ISO accreditation.
Further information can be found at www.iso.org or www.isoiec20000certification.com
11.7ENVIRONMENTAL MANAGEMENT AND GREEN AND SUSTAINABLE IT
IT is a major user of energy, but can also support cultural and environmental changes as part of a green initiative. Green IT is about environmentally sustainable computing, from design through to disposal.
ISO 14001 is a series of standards related to an environment management system. Further details can be found at www.iso.org
11.8ISO STANDARDS AND PUBLICATIONS FOR IT
There are many ISO standards and publications with relevance for IT and ITIL. Further details can be found at www.iso.org
Relevant examples include:
- ISO 9241: covers aspects that may affect the utility of a service
- ISO/IEC JTC1: deals with IT standards and publications
- The SC27 sub-committee develops ISO/IEC 27000, which relates to information security management
- The SC7 sub-committee develops other relevant standards including ISO/IEC 20000 (service management), ISO/IEC 15504 (process assessment or SPICE) and ISO/IEC 19770 (software asset management).
11.9ITIL AND THE OSI FRAMEWORK
The Open Systems Interconnection (OSI) framework was developed by ISO at the same time as ITIL V1 was written. Common expressions such as installation, moves, additions and changes (IMAC) are OSI terminology, although IT practitioners may not realize this.
11.10PROGRAMME AND PROJECT MANAGEMENT
Programme management can be used to deliver complex pieces of work, using interrelated projects. Managing Successful Programmes (MSP®) provides guidance related to programme management.
Portfolio, Programme and Project Offices (P3O®) provides guidance on managing these three areas together.
Project management guidance is found in PRojects IN Controlled Environments (PRINCE2®) and the Project Management Body of Knowledge (PMBOK).
Details of the above publications can be found at:
11.11ORGANIZATIONAL CHANGE
The organizational aspects of IT change need to be considered to ensure that changes are successful. Kotter’s eight steps for organizational change (www.johnkotter.com) are referenced in ITIL Service Transition and ITIL Continual Service Improvement (Cabinet Office, 2011). See section on further guidance for details.
11.12SKILLS FRAMEWORK FOR THE INFORMATION AGE
Skills Framework for the Information Age (SFIA) provides a common framework for IT skills. This supports job standardization, skills audits and skills planning exercises.
SFIA is a two-dimensional matrix showing areas of work and levels of responsibility. Further information can be found at www.sfia-online.org
11.13CARNEGIE MELLON: CMMI AND eSCM FRAMEWORKS
The Capability Maturity Model Integration (CMMI) is a process improvement approach applicable to projects, divisions or entire organizations.
The eSourcing Capability Model for Service Providers (eSCM-SP) is a framework to improve the relationship between IT service providers and customers.
SCAMPI assessments can be carried out against CMMI-Standard CMMI Appraisal Method for Process Improvement. More information can be found at www.cmmiinstitute.com
11.14BALANCED SCORECARD
The balanced scorecard approach to strategic management was developed by Drs Robert Kaplan and David Norton. It views an organization from four perspectives to balance out the financial perspective which drives many decisions. The perspectives are:
- Learning and growth
- Business process
- Customer
- Financial.
The scorecard can be applied to IT quality performance and service operation performance. More information can be found at www.scorecardsupport.com
Six Sigma is a data-driven process improvement approach. It identifies defects that lead to improvement opportunities. Six Sigma tries to reduce process variation. It has two primary sub-methodologies:
- DMAIC – define, measure, analyse, improve, control
- DMADV – define, measure, analyse, design, verify.
Further information can be found online, including Six Sigma overviews and training.