Troy's Blog

Friday, January 29, 2010

ISO 20k The Industrial IT Password

The Value And The Misunderstanding of ISO 20000

I am writing this blog post on my way back from a 2 week Pink Expert Forum Roadshow with stops in Kuala Lumpur, Singapore and Dubai and now have a 14 hour flight to capture some of my thoughts around what I heard and saw and reflect on the interesting interactions I had with various people in South East Asia and the Middle East.

One of the most memorable discussions I had was with a CIO who declared to me very proudly at a networking event that his organization was going to adopt and implement ISO 20000 in their IT organization. I thought this was a curious statement and proceed to ask some clarifying questions. I probed with a few gentle leading questions about whether what he really meant to say was that he was going to adopt ITIL practices for his organization and then go for an ISO 20k audit to verify and validate the improvements.

However, he was not going to be deviated from his declared goal and insisted that his organization was going to Implement ISO 20k and that he had no business case justification for ITIL. Hearing his insistence on this goal I did my best to explain the relationship between ITIL the Best Practice Framework and ISO 20 the Code of Practice (Check list) used by auditors to assess an organization’s compliance to 14 IT Service Management processes but there was no shaking this gentleman from his dogged focus on ISO 20k as the goal.

Interested in why he wanted this goal so badly I asked him why he was so interested in ISO 20k. His reply was very candid and frank. He told me quite clearly that his goal was to obtain the certification as proof to his customers that their IT processes were mature and followed best practice. After unsuccessfully trying to explain the difference between an ISO audit for compliance and a process maturity assessment (ISO audits do not measure maturity) I finally said with some regretted exasperation. “So what you really want ISO 20k for is a marketing tool for your clients” his answer to me was “yes that’s correct”

Feeling that this conversation was not being very productive for either of us I took one final stab at trying to explain the difference between ITIL and ISO 20k. I told him that the real detail was to be found in the ITIL Library and that the ISO 20k Code of practice was only 42 pages long and that it could not possibly have enough detail in it to provide guidance on how to adopt the processes and elements it describes for audit purposes. Perhaps this statement was a bit over the top and for that I am sorry since it ended our conversation quite abruptly and the gentleman walked away towards the food and beverage tables. A third person that had been part of this exchange looked at me and said something to effect. “What many Executives wan’t out of ISO 20k in this region is the industrial password that will get them new business or increase their organization’s status.”

Now don’t get me wrong, neither of these goals are necessarily bad in and of themselves but my personal belief is that the goal should be to improve your IT organization and services first and then if you have done the heroic feat of actually adopting and implementing 14 IT Service Management processes described in ISO 20k across the full scope of your IT organization then by all means celebrate this achievement by having an ISO 20k audit validate all the hard work your organization has done.

There is a purpose and use for process frameworks like ITIL as well as ISO standards but it is important not to confuse the ends with the means.

Troy’s Thoughts What Are Yours?

It is a mistake to think you can solve any major problems just with potatoes. ~Douglas Adams

Enjoy this post? Share it with others.

Tweet