Pink Elephant
The IT Service Management Experts

Pink President's Blog



David Ratcliffe Photo

David Ratcliffe, President, Pink Elephant

If you're interested in what we're doing here at Pink Elephant, then feel free to post a comment - I'll do my best to respond as quickly as I can.


My Twitter Updates

    follow me on Twitter

    Other Sites

    Other Pink Blogs



    Recent Entries


    Thursday, September 24, 2015

    My Visuals From “The 5 ITSM Projects You Should Start Doing Tomorrow Morning”

    I just finished the webinar, and here are the visuals I used. Feel free to download them:

    The session was recorded and it will be made available from Pink Elephant very soon. Watch for a further announcement and instructions!

    There was one question that I saw in the CHAT window only after we’d ended the session, it was from Sridhar Rao Patibandia:

    “What if my business has not clearly defined objectives? Or objectives that may not be aligned or benefit IT?”

    Good questions!

    I’d be surprised if your business does not have objectives defined for this year. You just need to know who to ask. In the instance that there are no objectives (which could be the case for a small business) then you have two choices:

    1. Go talk to the Executive Team and ask for this information (for a small business this may be possible). At least look for an opportunity to socialize with them the idea that you really should have some clear business objectives. I know this sounds a bit provocative, but only you will know if this is possible in your organization. If you feel the culture would support such a discussion, then go ahead. if not, try this ...

    2. If approaching the Executives is out of the question, then discuss with your peers what you THINK the business objectives could be. You’ll probably come close to figuring this out from recalling discussions, reports & communications from senior management. Only in a private company would the Executive team have secret objectives that they didn’t want to divulge. And this really is a very rare exception which, hopefully, is not the situation for you.

    If the business objectives are not aligned with the IT objectives, then your IT objectives need to change. That was the purpose of “Project 2” in my talk.

    If the business objectives do not “benefit” IT then - I’m sorry! The purpose of a business is not to serve IT, it’s the other way around. Maybe what you mean is “What if the business objectives are too much of a challenge for IT?” If that’s the case then you certainly will have a lot of work to do to review the vision, mission & objectives of IT to enable and support the business. But business objectives have to be accepted. In IT it’s our job to figure out how we can enable and support. Sure - you may not have all the resources you need right now, but that’s where strong IT leadership comes in to argue for the resources the team needs.

    Good luck!

    (0) Comments
    Posted by David Ratcliffe on 09/24 at 01:08 PM
    EventsLeadershipPractices (0) TrackbacksPermalink

    Monday, April 27, 2015

    Resilience Is Not Another Name For Security - Just Ask The Fukushima Power Plant Operator

    Security measures help us to AVOID breaches. That’s a good thing. We should all undertake cyber security, and every organization does - to some degree or another.

    Cyber resilience on the other hand goes beyond security measures to includes additional plans and actions for how to deal with the after-effects of threats that may not be preventable or predictable, or because of lapses in cyber security. Such as an employee who - with no malicious intent - works around strict policies to access corporate data from an unsecured device. Or a mischievous hacker who exploits a “back door” or “buffer overflow routine” to crash a computer system. Or a rare natural disaster that turns out to be worse that anything we thought possible (never mind probable).

    Back to the more mundane world of IT management, we’re all very familiar with the increasing rate at which software developers have to release patches to close vulnerabilities in operating systems and application software. The very nature of this work means they’re always playing catch-up. So until the patch is developed, and applied, we’re vulnerable. if all we relied upon were security measures, then we’re not being responsible. We need to at least put some thought into “what if the worst were to happen, what next?” Cue resilience.

    Consider what happened to the Fukushima Nuclear Power Plant in 2011. No matter how secure they believed they were in being able to prevent catastrophic damage from the most likely threats (including the after-effects of earthquakes and tsunamis) the Board of Audit investigating the “incident” is uncovering systematic complacency by TEPCO, the plant operator. When the tsunami hit and the reactor was flooded a bunch of resilience systems should have kicked-in to shut things down and minimize the negative effects. Sure, there’d be interruptions in power supply to the customers. And sure, they’d be a massive clean-up expense. But those “inconveniences” are part of the price of doing business in this volatile world. Instead, lack of reasonable resilience measures resulted in a full meltdown, lost lives and an astoundingly expensive de-commissioning and clean-up operation which will cost tens of billions of dollars and take 30-40 years to complete! What should have been a very bad incident became a catastrophic disaster.

    At the Cyber Risk & Resilience Summit events we’re presenting in Washington D.C. & London in June, we will be discussing not only what good resilience practices look like, but how they can be institutionalized.

    (22) Comments
    Posted by David Ratcliffe on 04/27 at 10:31 AM
    EventsLeadershipPractices (0) TrackbacksPermalink

    Wednesday, April 22, 2015

    Avoid The Headlines!

    This past February at Pink15 I expressed the opinion that it’s time we paid more attention to the increasingly diverse threats to our cyber assets.

    The justification for this has never been more obvious. Every single day - and I mean EVERY SINGLE DAY! - there are new stories of data, services or infrastructure being compromised.

    The causes? Either our own carelessness and complacency, or the mischief-makers! (Could be cyber criminals, or could be thrill seeking youngsters with some new skills and too much time on their hands).

    If you still need convincing, set your browser’s Home Page to Information Week’s “Dark Reading” website for a few days and see what pops up every morning.

    Also, take a look at the FireEye website with the real-time threat map depicting hacks-in-action.

    Or this one here from Kaspersky.

    It’s time to acknowledge this is a vital issue.

    And when I say “vital” I really mean VITAL. In the military when something is “vital” it means “get it done, or we die”. For us in business, paying attention to cyber threats by doing risk management and building resiliency, is vital. If we don’t do it - we could go out of business. According to Inc., 60% of small businesses will fail within 6 months of a cyber attack. It’s as simple as that.

    Of course when we hear about organizations like ....

    Target - who had credit card details of up to 70m customers stolen

    Sony - who suffered 3 separate high-profile breaches in 2014. (You can find more information yourself by doing your own web search with the keywords “Sony” and “cyber breach”, because, who knows there may be even more than 3 by the time you read this!)

    JP Morgan - who - as a result of hacking - had personal records of 76m households and 7m small businesses stolen

    US Department of Veterans Affairs - who payed out $20m to settle a class action lawsuit because an employee lost a laptop containing a database of 26.5m personal records of veterans and active duty personnel

    .... we think “Well that’s their problem. Nothing to do with me!”

    Really? According to Misha Glenny - the opening keynote speaker at our upcoming Cyber Risk & Resilience Summit in June - “There are two types of organizations. Those who know they’ve been hacked. And those who don’t know they’ve been hacked.”

    So even putting aside the risks to our cyber assets through our own carelessness (losing a laptop) and complacency (“it can’t happen to us”) - according to Glenny, we’re ALL going to be hacked at some point!

    So isn’t it time you made the effort to learn more about the scope of this problem, and what you can do about it? You can start by coming along to the Summit in June. We can’t promise your organization will not “hit the headlines”, but what we can promise is that when it does happen, what you learn at the Summit will have helped you to minimize the damage.

    That’s what we mean by “cyber resilience”.

    (4) Comments
    Posted by David Ratcliffe on 04/22 at 03:17 PM
    CertificationEventsIndustry NewsLeadershipPractices (0) TrackbacksPermalink

    Friday, January 16, 2015

    The Next Challenge For ITSM Leaders

    The subject of “ITSM leadership” has been close to my heart for a few years now. So much so that we decided to launch a new annual event in 2012 - the “ITSM Leadership Forum” - to provide insights and advice to the people in ITSM charged with embracing a vision and leading their IT organization to enable positive business results. I felt as an ITSM community we had not done enough to stay ahead of the curve - which is one of the prime tenets of good leadership. Over the next two years, in 2013 and 2014, the event became a solid date in the calendar for many of our respected industry thinkers and practitioners. (Watch out for the 2015 program - to be published soon!)

    As social media emerged in 2010-2012 we seemed to miss the boat to provide leadership to our businesses. And now, in 2014 & 2015, it’s starting to look like Cyber Security & Resilience could be the next big thing many of us just watch happen! For example, how many organizations have actually changed policies for email as a result of the Sony hacking scandal?. Is that just Sony’s problem? Or could it happen here? Remember, the damage was less about theft or destruction of assets (money, data, etc.) and more about embarrassment and brand damage. It wasn’t the technology that actually wrote those mean and unprofessional emails! We wouldn’t let our people make such remarks in a public speech, or an interview, or in an external letter. So why is it allowed internally? I think it’s time we extended our policies for professional behaviour to the heretofore world of trusted internal emails!

    I can assure you that we aren’t waiting for the next ITSM Leadership Forum in August to reinforce good leadership practices. In just a few weeks many of us will be at Pink15, and the program there is rich in guidance for the aspiring, and incumbent, ITSM leader. We have two whole tracks aimed at leaders: “The 3 I’s of Leadership” and “CIO Forum”.

    Over the next couple of weeks I’ll profile some of the sessions in these tracks I feel are not to be missed. So come back here over the next few days and join me in whetting our collective appetites for Pink15!

    (0) Comments
    Posted by David Ratcliffe on 01/16 at 03:31 PM
    EventsIndustry NewsLeadershipPractices (0) TrackbacksPermalink

    Monday, January 05, 2015

    Cyber Insecurity Comes As Much From People As From Technology

    These days I’m doing lots of reading about cyber insecurity - seems like there’s a never ending series of security breaches related to IT hitting the news every day. (I won’t bore you with the list - you know what I mean, they’ve been in all the papers!)

    For the layman is appears that our computer systems are just not robust and resilient enough. But when you scratch below the surface there’s more to it than that. We’ve always been good at blaming the computers when something goes wrong. IT folks seemed to have a free pass for years when their poor planning and lack of testing resulted in downtime. The reason for the outage, or screwed up data, was simply described as “... a computer error ...”

    But today we’re all a bit more knowledgeable and demanding as IT consumers and we won’t be fobbed off with that type of excuse anymore. We have our own devices and personal data, and the average person is their own IT organization - from strategist to support officer. However, I think we still put too much emphasis on the power and role of the infrastructure and have not yet fully realized the responsibilities of the users - that’s us!

    Cyber security is as much about human behaviour as it is about the latest security systems and technologies. For example, that smartphone you’re carrying around has a ton of security capabilities built into it, but if you leave the device laying around with no passcode to prevent unauthorized access .... well, you don’t need me to spell out how all that corporate data can be compromised.

    This whole human dimension on security is illustrated perfectly by Eugene Spafford, Professor of Computer Science at Purdue University when he says ...

    “Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.”

    Get the message now?

    As I said, I’m spending time researching this subject - in preparation for some very important new Pink events later this year. Starting with Pink15 - the 19th Annual IT Service Management Conference in Las Vegas next month - where we will, as usual, address a host of ITSM issues, best practices in Lean IT, and more. We’ll also be introducing news about our inaugural 1st Annual Pink Elephant Cyber Resilience Summits (in Washington D.C. and London, UK) in June.

    There’ll be some preliminary Cyber Resilience sessions at Pink15 to whet our appetite, including some advanced news of the new Cyber Resilience Best Practice from Axelos.

    I hope to see you in Las Vegas! Meanwhile, think about what you can do to keep your data and infrastructure safe. And when you hear news of the next high profile security breach, try to resist the temptation to giggle. Instead, think to yourself “How can I be sure that won’t happen to us?”

    You might not know what else to do to be more cyber secure, but you can always be more cyber resilient.

    (1) Comments
    Posted by David Ratcliffe on 01/05 at 05:22 PM
    EventsIndustry NewsPractices (0) TrackbacksPermalink

    Tuesday, October 28, 2014

    Pink University To Deliver “Fit For Purpose”.

    Looking ahead to “PinkNORTH” on December 8-9 there are a couple of immediate thoughts that struck me.

    Firstly, this is our first ITSM Conference in Canada since we presented the “2nd Annual IT Service Management Conference & Exhibition” in Toronto in 1998. That’s right! While we’ve done lots of other events with specialized themes in Canada over the years, our BIG annual conference is now presented in Las Vegas each year but the 1st and 2nd Annual Conferences were presented in downtown Toronto. It’s good to be back!

    Secondly, one of the main tracks is called “Pink University”. Here we present information and guidance on how to adopt and work with IT management best practices, such as COBIT & ITIL, etc. This really speaks to the heart of what Pink Elephant is all about - providing knowledge on practices that can be adapted and adopted to enable valuable business results. “Adapted” being the key here - not just translating some theoretical concepts in a one-size-fits-all way, but making sure that good practices truly are fit for purpose.

    It seems that this really resonates with ITSM practitioners because we already have more sign-ups for PinkNORTH than we expected at this stage - and we’re still about 6 weeks out! So thanks to all those Canucks who’ve already reserved their places; and if you haven’t yet - what are you waiting for?!

    I hope to see you there!

    (0) Comments
    Posted by David Ratcliffe on 10/28 at 09:21 AM
    EventsPractices (0) TrackbacksPermalink

    Monday, October 20, 2014

    My Session Materials From Fusion14

    This is what I presented this afternoon How_To_Justify_An_ITSM_Improvement_Project_To_Executive_Management.pdf

    (0) Comments
    Posted by David Ratcliffe on 10/20 at 05:57 PM
    EventsLeadershipPractices (0) TrackbacksPermalink

    Tuesday, July 08, 2014

    Summary Of 35 Global Standards We Refer To In IT Service Management

    I just received an email from good buddy Ivo van Haren (CEO of Van Haren Puiblishing). He’s sent me a copy of one of VHP’s latest publications “Global Standards & Publications”.

    It contains an easy-to-read description of lots of the various frameworks, methodologies, standards & bodies of knowledge we use in ITSM. Stuff like Agile, Lean IT, CMMI, Scrum, TOGAF, BiSL, Six Sigma and many, many more.

    It’s a free download so click on the link and catch up on what you’ve been meaning to find out about!

    (2) Comments
    Posted by David Ratcliffe on 07/08 at 11:11 AM
    BooksPractices (6) TrackbacksPermalink

    Thursday, June 12, 2014

    The Shock & Surprise Of Business Objectives!

    Over the past couple of weeks I talked about “Business Objectives” at the series of Science Of Metrics seminars in the USA (see my previous blog post).

    In my session I mentioned that Peter Drucker had claimed around 90% of people do not know the current objectives for their business. Well, from my experience of asking 200+ people - the answer is actually more like 99.9%!!

    Can you believe it?

    Virtually no one in ITSM knows the goals for their business in 2014! I’m not talking about the overall vision or mission for the business (say, “To be the first choice for customers when they are looking for ......”) - but the specific objectives the executive team have set for the current fiscal period.

    Usually it’s stuff like “Grow revenues by xx%”, or “Return to profitability ...”, or “Launch this new product range ....”, or “Enter this new market ....”, or “Open xxx new stores ...”. These are all goals which are precise and measurable. They involve supporting projects and results which might be challenging, yes. But they need to be vividly clear and easy to understand.

    Everyone in the organization, not just in IT Service Management, should know what the business is striving for this year. Not just the overall purpose of why we exist and the approach we take, but the specific outcomes we need to achieve this year if we’re going to be successful

    I was stunned that no one - yes, no one! - was able to quickly answer my simple question “Give me an example of one of your organization’s current business objectives.”

    If you cannot answer this question, then how do you know that what you’re doing every day is adding any value?

    (1) Comments
    Posted by David Ratcliffe on 06/12 at 12:04 PM
    EventsLeadershipPractices (0) TrackbacksPermalink

    Tuesday, February 04, 2014

    Pink Interviews Peter Hepworth, CEO, Axelos

    The “Best Management Practices” (including PRINCE 2 and ITIL) previously owned by the British government’s Cabinet Office are now owned and managed by Axelos. We recently sat down with Peter Hepworth, the CEO of Axelos, to ask him about his vision for the future of Axelos and the eco-system of services that surrounds the BMPs. You can read the full interview here.

    Also, you can meet with Peter and his team at Pink14 - the 18th Annual IT Service Management Conference & Exhibition - later this month in Las Vegas. They’ll be participating in at least two workshop sessions; providing you plenty of opportunities to ask them whatever you want!

    (0) Comments
    Posted by David Ratcliffe on 02/04 at 11:27 AM
    CertificationEventsIndustry NewsLeadershipPractices (0) TrackbacksPermalink

    Monday, January 13, 2014

    Pink14: It’s Not ALL About The Internet. Or Is It?

    It’s just over 4 weeks until our 18th Annual International ITSM Conference & Exhibition.

    I’ve spent the last few days getting myself just a little bit excited about the prospect of connecting with old and new friends and learning about some of the evolutionary trends affecting ITSM. Some of these trends have been around for a while (cloud, BYOD, mobile, social media) but they continue to evolve through the development of new technologies, services and the new habits of people. Other trends are grabbing our attention and will surely be talking points for many more years ahead, such as 3D printing and increasing concerns over privacy. And with the convergence of BYOD, mobile and innovative cloud-based services we’re now hearing about “The Internet of Things”!

    Everytime I think about any of these subjects I wonder “How does this affect ITSM?” That’s what we need to be considering. I plan to share with you my views in Wednesday’s half-day workshop “The ITSM Leadership MasterClass”.

    Looking forward to hearing your views and experiences at Pink14!

    Are you ready?

    (0) Comments
    Posted by David Ratcliffe on 01/13 at 12:30 PM
    EventsIndustry NewsLeadershipPractices (0) TrackbacksPermalink

    Thursday, November 07, 2013

    My Session Materials From Today’s 9th Annual ITSM Conference in Mexico City

    Today I presented “How To Justify An IT Business Alignment Project To Executive Management” at Pink’s 9th Annual ITSM Conference here in Mexico City.

    I began my talk by explaining how today - November 7 - is a very, very, very significant day for me, and how it is actually linked to today’s topic - “Alignment”.

    Thank you to all the wonderful people who spoke to me afterwards with warmth in their hearts and smiles on their faces. You know who you are! And my very best wishes especially to Roberto. Good luck, buddy!

    Today’s session materials are here.

    (2) Comments
    Posted by David Ratcliffe on 11/07 at 08:24 PM
    EventsLeadershipPractices (0) TrackbacksPermalink

    Wednesday, October 30, 2013

    A Customer Service Agent Trying Their Best With A Wacky Process

    A few weeks ago I was doing some personal online banking and found myself using my bank’s chat feature. This is where you have a back-and-forth “conversation” with a Customer Service Agent in the browser window instead of actually speaking over the phone. On reflection I wonder how a live phone conversation might have been different from what we typed to each other. What do you think?

    You are currently number 2 in the queue.
    Thank you for your patience. An advisor will be with you shortly.
    You are currently number 1 in the queue.
    You are now connected with an adviser.

    Priyanka: Hi, you’re chatting with Priyanka. May I take your name please?
    DAVID: David Ratcliffe
    Priyanka: Hi David, how may I help you today? 
    DAVID: I have been trying to make a payment to an individual and I get to the step where it says I need a card reader ...
    DAVID: ... the system seems to think I don’t have a card reader, but I do have one. I picked it up in the branch.
    DAVID: It has not been set up yet though.
    DAVID: When I try to set it up I am told I don’t have one yet and I need to order it.
    Priyanka: Please be informed that you will need the card reader in order to make online payments.
    DAVID: I have the card reader right here.
    Priyanka: I understand that you have received a card reader from the branch and you can definitely use it, however, to activate the card reader feature on your online banking, you need to order a card reader from your own online banking.
    Priyanka: You will be able to use the card reader that you have after two working days of ordering one from your online banking.
    Priyanka: May I help you with the steps to order?
    DAVID: Really? So even though I got one in the branch some time ago I can’t start using it now?
    Priyanka: I am sorry you need to order the card reader from your online banking.
    DAVID: I am confused. Why do I need to order a card reader when I already have one??
    Priyanka: As the card reader that you have is received from branch, you will not be able to use this for making online payments.
    DAVID: But that’s what I discussed with the person in the branch. She told me to take a card reader so I can make my online payments. what will this card reader do for me if I can’t make online payments?
    Priyanka: I can understand your concern.  I sincerely apologise for the inconvenience caused to you. Once you order the card reader online you will be able to use this card reader also after two working days.
    DAVID: So I “order” a card reader online. But I don’t actually get a new card reader. Instead after 2 working days I can start using the card reader I already have. Is that it?
    Priyanka: Once you order the card reader online. It should be with you within 15 days. However, you can use the card that you have after two working days of ordering the card reader online.
    DAVID: So I end up with 2 card readers???
    Priyanka: Yes.
    DAVID: OK - I’m speechless!
    Priyanka: As it is mandatory to order one card reader online from your own online banking id.
    Priyanka: I can understand your concern.  I sincerely apologise for the inconvenience caused to you.
    DAVID: I guess I just have to wait then.
    DAVID: Thank you.
    Priyanka: You are most welcome.
    Priyanka: Thanks for your understanding in this matter. 
    Priyanka: Thanks for chatting with me. Have a great day ahead. 
    Priyanka: Bye and Take Care. 
    DAVID: Well, to be honest I don’t understand. It seems like such a silly process. But I understand it’s not your fault.
    DAVID: Thank you, good-bye.

    (0) Comments
    Posted by David Ratcliffe on 10/30 at 10:16 AM
    Practices (0) TrackbacksPermalink

    Thursday, March 14, 2013

    The WHATs and HOWs Of A Great IT Service Management Leader?

    There are two types of leaders:

    1. The Designated Leader - who has been appointed or promoted into the position.

    2. The Self-Empowered Leader - who is not in a position of authority the same as A “Designated Leader”, but who demonstrates many of the qualities of a good leader.

    I’ve talked about Self-Empowered Leaders in an earlier post. And if you’ve been following what I’ve said and written over the past couple of years you’ll know that the concept of “Self-Empowerment” is close to my heart.

    Today, however, I want to focus on Designated Leaders. Designated Leaders in IT Service Management will usually have a title such as CIO or Director. They may even be the head of a more discrete team or project.

    No matter what their title, this is WHAT we need from our Designated Leaders:

    • Understanding of the greater goals of the organization, division or department. These “greater goals” are those which this Leader’s team have to support.
    • Definition of relevant goals for their team. Whether it’s the whole of IT or a discrete team within IT - the Leader’s team needs to have their own objectives.
    • A focus on the future - what it looks like and how we get there.
    • Definition of the strategies and approaches to be adopted to achieve goals.
    • Ability to clearly explain goals & strategies. Not just what they are, but why they’re important.
    • Continual re-explanation and reinforcement of goals & strategies on a frequent basis.
    • Provision of capabilities (resources) to the team. This includes funding, tools, knowledge & skills and time.

    And these are the traits we need to observe in HOW our Designated Leaders go about their business:

    • Honesty - telling the truth and not sugar-coating bad news.
    • Integrity - walking the talk.
    • Reliability - being available when needed, and providing consistent direction.
    • Being true to their values and always doing the right thing.
    • Showing a positive, confident and optimistic attitude.
    • Determined and persistent - sticking to the task when the going gets tough.
    • Inspiring and empowering others to act.

    If the Leader can deliver on all of the above then they’ll generate trust, confidence and the respect of all they interact with - not only subordinates but also peers and higher-ups.

    At Pink we’re considering how we can recognize the great leaders in our industry (watch out for more on this very soon). One thing’s for sure - anyone gaining recognition as a great ITSM leader has to have a profile that covers most of the WHATs and HOWs I’ve just outlined.

    (2) Comments
    Posted by David Ratcliffe on 03/14 at 01:26 PM
    LeadershipPractices (0) TrackbacksPermalink

    Friday, March 01, 2013

    Most Frequent Searches On This Blog

    Every now and again I peek behind the curtain to see what people are looking for when they come to this blog. I thought you might be interested to see a handful of the most recent:







    (0) Comments
    Posted by David Ratcliffe on 03/01 at 04:50 PM
    PracticesSilly Stuff (0) TrackbacksPermalink
    Page 1 of 4 pages  1 2 3 >  Last »