What You Need to Know About "ITIL Compliant"

Suddenly every vendor has ITIL. Most IT operational tools claim to “support ITIL” or to be “ITIL compliant." Recently one vendor announced they are seeking “ITIL certification,” no less.

The ones that infuriate me are those that map ITIL keywords to discrete features of their product; with varying degrees of compliance with the actual meaning of the word: “Oooh! Oooh! IT Continuity. We do that. The administrator can do a backup."

ITIL is technology-agnostic. You can do ITIL with Post-it notes, and the way things are going it won’t be long before 3M are advertising Post-it notes as “ITIL compliant."

The fact is vendors are full of it when it comes to ITIL. It is far too easy to slap the word "ITIL" on an operations tool. This only serves to debase what ITIL means and to confuse the community (I've got more to say about the debasement of terminology at my blog).

You can sympathize with the vendors (as much as one can). They can hardly ignore ITIL, yet OGC and itSMF both let an opportunity slip by when they ignored product compliance. No doubt they had good reasons for standing aloof from the whole sordid business but they have left unregulated an area that cries out for some control.

Today, there is no formal independent certification of ITIL compliance for tools. Pink Elephant provides PinkVerify commercial licensed certification but, in my experience, this is not a good indicator of compliance to some of the criteria that follows.

OGC set up individual professional certification early on, and now finally ISO/IEC has given us organisational certification (the 20000 standard). The product vendors have no choice but to make their own claims, and nowhere to go other than Pink to verify them in the event their claims are in fact correct.

But it seems to me there are some obvious criteria for a reasonable person's definition of “ITIL compliant." So if you adopt ITIL, ask your prospective vendor these questions about their supposedly ITIL-compliant or ITIL-supporting tool (including some PinkVerified ones):

Who says it is compliant or that it supports ITIL? To what maturity and in what capabilities? Just because they think it supports Incident Management at maturity Level 2 is of little relevance if you need a service level management tool to get you to maturity 4.

How many of their product designers are certified ITIL masters? Is the chief product architect? If none, then who are the ITIL masters who consult on design? Ask for a conference call to discuss compliance.

Just because your vendor uses ITIL terminology that does not mean they support ITIL. The ITIL processes are clearly defined in the red and blue books. If it doesn’t work to these processes (and a wide range of the variants that arise at implementation) it doesn’t support ITIL. It is too easy to change the words on a few screens and declare compliance.

Part of the benefit of any standard framework is standard terms, so that new staff, service providers, auditors, trainers and contractors can all quickly understand your organisation and communicate clearly. So it is not OK if an incident is called something other than an incident (especially if an incident is called a problem and a problem is called a fault). Confusion will be endless.