ISO20000 and ITIL

By Sandeep Narang

Quality is a journey not a destination. In today's Information Technology Service Management (ITSM) space, there exists a maze of tools, technology, standards, best practices, and regulatory compliance requirements that complicate the path towards service excellence.

One such path that has gained immense popularity is ITIL or the IT Infrastructure Library, a best- practice model that can be used by organizations to implement and improve the delivery and support of IT-related services and solutions.

Contrary to popular belief, ITIL is not a service management standard, but rather a structured approach or process framework on which a growing number of ITSM standards are based. Most prominent among these ITIL-based ITSM standards are the British Standard BS15000-1:2002 and the Australian Standard AS 8018.1-2004. A South African version of the BS15000 standard also exists.

The International Organization for Standardization (ISO) recently adopted the BS15000 standard and is expected to publish the ISO 20000 standard for Service Management by 2006, although many think it likely that this effort will take longer. Adoption of a standard by ISO is not something new to the industry. In fact, ISO had previously adopted the BS7799-2:2002 security standard (in part). A complete ISO version of BS7799-2:2002 is expected to be published early next year, most likely as ISO27001.

What effect will ISO20000 have on ITIL?
While some industry analysts worry that adoption of ITIL by ISO may slow down ITIL process improvements, this does not seem to be the case. In fact, the Office of Government Commerce (OGC) is currently in the process of refreshing and enhancing the ITIL methodology. An endorsement of ITIL by ISO is almost certain to have significant benefits.

ITIL Awareness

In the U.S. adoption of BS15000 has been somewhat slow. A 2004 survey by Gartner, comprised mostly of U.S. companies, found that 58% of respondents had little or no knowledge about ITIL, and 19% of respondents were still evaluating models for standardizing their IT operations. ISO standards, on the other hand, are widely known and accepted in the U.S.

The ISO 9000 standard, for example, had approximately 8500 registered sites in the U.S. in January 1996. Today there are more than 43,400 - owing at least in part to an IRS ruling in January 2000 that many costs associated with ISO 9000 certification would be tax deductible. The number of ISO U.S. registrations is expected to rise even further with additions in the environmental, automotive, medical devices, and aerospace sectors.

ISO has, in fact, become the leading standards body across the globe. As of December 31st, 2004, ISO had developed 14,941 international standards and standards-type documents - 2,287 related to the Electronics, Information Technology and Telecommunications sectors. Given the success of ISO, to date, it is widely expected that ISO 20000 will become the most widely adopted IT standard worldwide, raising awareness and adoption of the ITIL initiative by an order of magnitude.

ISO20000 will provide significant additional benefits in the areas of change acceleration and standards interoperability.

Some of the biggest challenges IT teams face when implementing Service Management include: 1) getting the attention and commitment of senior management and 2) ensuring acceptance and adoption of managed change throughout the organization.

These "resistance bands" are considerably reduced for organizations already registered as ISO certified entities and intending to make use of ISO20000 as a progressive step towards achieving an IT specific certification. In such a scenario, an existing continuous-improvement cycle actively involves all stakeholders within the organization, while enhancing transparency and aiding and improving the Quality Management System.

ISO 20000 adoption will provide significant additional opportunities for leveraging ITIL-based ITSM and complementary standards.

ISO standards are designed to interoperate with other standards and best practices. A recent project at one of the world's largest banks involved combining the implementation of the BS15000 ITIL-based ITSM standard and the BS7799 security standard. In this case, the interoperability between these two standards greatly enhanced the project's success, with ITIL-based infrastructure processes designed and built specifically to support maintenance of security controls and compliance requirements. Many analysts consider ISO 9000 as a good starting point towards ITSM excellence.

For other effects that ISO20000 will have on ITIL, we will have to wait and watch. It is important to note, however, that ISO 20000 will not be an instant panacea for all of IT's issues and opportunities. No model or methodology can fulfill its ROI or business alignment potential "out of the box." As in t-shirts, one size simply cannot fit all. To achieve the full benefits of IT process standardization, ITIL-based ITSM should be addressed holistically along with other quality frameworks such as Six Sigma, COBIT, CMM and related ISO standards.

Sandeep Narang is an ITSM consultant with Pepperweed Consulting, an IT infrastructure and process implementation firm recently listed as an Inc. 500 fastest growing privately held company