DevOps, Agile, ITIL, COBIT and what about those ISOs? There can be a lot of confusion in the IT service management (ITSM) best practice world. But here’s the thing – ITIL, COBIT, and ISO/IEC 20000 all complement each other. So, it’s not a zero-sum game. Used well, the three approaches can be blended together to give a real boost to your service and support customer experience.
To help, here are three tips on combining ITIL, COBIT, and ISO 20000 that will help to improve your ITSM practices.
First things first, what are ITIL, COBIT, and ISO 20000?
Let’s start with the basics, if you already know what ITIL, COBIT, and ISO 20000 are, then please jump ahead to the tips:
- ITIL – which no longer stands for The IT Infrastructure Library – is a globally recognized framework for ITSM (or service management as of ITIL 4). It’ll give you detailed and practical guidance on everything from setting up a service desk to managing changes effectively. ITIL is currently on its fourth version and the latest update brings it in line with the current IT industry landscape to include Agile, DevOps, and digital transformation. The key components of the ITIL 4 framework are the ITIL service value system (SVS), the four dimensions model, and the ITIL service value chain that provides a flexible operating model for the creation, delivery, and continual improvement of services.
- COBIT – which no longer stands for Control Objectives for Information and Related Technologies – is a good-practice framework for IT management and governance created by international professional association ISACA. COBIT complements ITIL and other ITSM best practice approaches by providing a practical framework on which to base governance as well as a maturity model to facilitate continual improvement. The most recent version of COBIT is COBIT 2019.
- ISO 20000 is an internationally recognized service management standard that first came to life in 2005. It’s based on BS 15000 the world’s first standard for service management. Since its introduction, ISO 20000 has been revised twice – once in 2011 and then again in 2018.
Tip #1: Use ITIL to “start where you are”
ITIL will give you a solid grounding in service management – so, use one of ITIL 4’s guiding principles and “start where you are.” Look at what you already have in place, for example:
- Do you have an IT service desk that deals with incidents and service requests?
- Do you have the beginnings of a change control practice that manages monthly patching and any maintenance activity?
- Do any of your IT support teams document servers or applications so they can understand dependencies?
All of these existing capabilities can be built upon. So, don’t reinvent the wheel. Use the practical guidance in the ITIL framework to build upon what you have already and then improve further over time.
Tip #2: Build ITSM maturity with COBIT
Adding aspects of COBIT to your ITSM practices will help to embed them further into the organization. It will add value by helping to keep IT systems up and running, managing costs more effectively, better mastering complexity, and ensuring that IT is aligned with the business and in line with the requirements of any regulatory bodies.
A key benefit of COBIT is that it focuses on business need. If you’ve already defined your practices using ITIL, COBIT will build on these by ensuring that they’re focused on business requirements. Here are some of our favorite COBIT processes that can be used as a platform to improve on ITSM processes built on ITIL:
- EDM01: Ensured governance framework setting and maintenance. This is the process that helps to make governance a priority for the IT leadership team. It sets out how the board (which holds ultimate accountability for corporate governance) can delegate the day-to-day governance tasks to IT management such that BAU activities are completed in line with the organizations regulatory and legal obligations.
- APO01: Managed I&T management framework. This process helps ensure that a consistent management approach is in place for organizational structures, roles and responsibilities, reliable and repeatable activities, information items, policies and procedures, skills and competencies, culture and behavior, and services, infrastructure, and applications. In other words, this is the management framework for IT based on the goals of the enterprise. All too often, IT can be siloed and out of sync with the rest of the business – APO01 helps ensure that IT has an operating model that’s aligned to the needs of the rest of the organization.
- MEA03: Managed compliance with external requirements. This process helps ensure that all IT processes comply with legal, regulatory, and contractual requirements. That all requirements have been identified and complied with, as well as integrating IT compliance with the overall business compliance model.
- DSS02: Manages service requests and incidents. The purpose of this process is to help ensure that all incidents and requests are resolved in a timely and effective manner. An example of COBIT improving incident and request management is the focus on support capabilities. COBIT raises the question of if a customer is a power user of Microsoft Excel – for example, a member of the finance department working with complex spreadsheets day in, day out – will a first-line analyst from the service desk be able to support them in a meaningful way? Make sure that your people have training appropriate to the needs of the business they’re supporting.
- BAI06 Managed IT changes. This process helps enable the fast and reliable delivery of change to the business. One way that COBIT focuses on improving change management effectiveness is by tracking changes more thoroughly. From the moment they’re proposed, through to implementation in the live environment, to the evaluation of the end result. All too often we’re so focused on getting changes “over the line” that we forget to look at what happens next. So, bring in COBIT guidance to add value around reviewing the performance of implemented changes and tracking any improvement actions.
Boost stability and credibility by adding ISO 20000
ISO 20000 helps organizations evaluate how effectively they deliver services, measure service levels, and assess their operational performance. ISO 20000 isn’t a quick fix or an easy undertaking, but it gives a level of credibility that most organizations would otherwise be unable to achieve.
Corporate certification with ISO 20000 is obtained by passing a very detailed audit procedure through which an organization must show that it’s familiar with the processes and principles of the standard, provide evidence that the standard’s processes are being adhered to, and produce all of the relevant documentation that ISO 20000 calls for. The key steps include:
- Developing an internal awareness campaign about ISO 20000
- Determining a scope that makes sense for your organization. What needs to change?
- Identifying which areas of your business conform with ISO 20000 and which ones don’t
- Setting up a project for completion to ISO 20000 standards
- Getting ready for the audit by closing gaps in your business that were previously identified
- Conducting the audit and gaining, or retaining, ISO 20000 certification.
By conforming to ISO 20000 an organization is demonstrating its commitment to quality.
So many people get confused about the difference between ITIL and ISO 20000, so here it is. ITIL is a best practice framework that can be adapted to fit the needs of your organization. It isn’t an “all or nothing” situation, you can pick and choose the aspects that will add value for your customers. There is no organization-based certification, it’s only for individuals. ISO20000, on the other hand, is a standard that has to be complied with to obtain certification at an organizational level.
So, that’s our take on combining three best practice approaches. What do you think? What would you add? Please let us know in the comments.