In the past few weeks I have noticed an interesting uptick in ISO 20k discussions on the web. In particularly, I am somewhat distressed at the many attempts by ISO 20k practitioners to sell the standard as something it is not. In this blog I will attempt to address some of the issues I have seen mentioned.
“ISO 20k goes much farther than ITIL®”. This is the first comment that drew my attention, and which probably surprised me the most. My first reaction to this is to compare width and breadth of content. ISO 20k has exactly 70 pages of content, most of them in outline/bullet point format. The standard is supposed to be prescriptive, but more than half of it is optional, and provides no guidance on structuring the activities required to meet those standards. To prove that you have met the standard, you have to rely on the opinion of an auditor, who may have a completely different set of opinions than the next auditor down the street. There are areas of ISO 20k that are not covered in ITIL’s core guidance. By the same token, there are many areas of ITIL that are not covered in ISO 20k.
“ISO 20k can be used to measure ITIL implementation efforts”. Measurements are based on metrics, but ISO 20k is not a set of metrics – it is a set of goals that must be achieved in order to obtain the piece of paper. If anything, an organization can use them as Critical Success Factors tied to the goals of an ITSM implementation program using ITIL’s and others best practices.
“The only way to prove you’re doing ITIL is ISO 20k”. That is simply not true. First of all, there is no way to “prove” you’re using best practices from ITIL because ITIL’s best practices are suggestions, intended to be used on the basis of the “Adopt and adapt” model. Everyone “does” ITIL differently, precisely because it is descriptive, not prescriptive. Remember, the top answer to the question “How do you do this with ITIL” is “It depends!”
“IT Service Management can be implemented solely with ISO 20k”. Technically, this is true. In reality, however, ISO 20k is so general and so vague in its content that someone who has never seen ITIL would find it difficult to modify their processes and functions to match the requirements of the standard. It would be akin to giving a child a bicycle, telling them to figure it out on their own and walking away. Obviously, the child will need some guidance, mentoring, plenty of assistance and some band-aids before mastering the skills necessary to ride the contraption.
“ISO 20k is not based on ITIL”. The ISO standard was originally known as BS15000, and was initially drafted on the basis of ITIL’s core guidance. With the propagation of ITIL best practices to countries outside the United Kingdom’s domain, it was decided that the standard would best serve the needs of the industry if it was converted from a British standard into an international standard. That is why it was turned over to ISO.
“ISO 20k covers areas of complementary guidance that ITIL does not”. This is an argument that was made in the context of Business Relationship Management. The reality is that much of the Service Level Management process guidance in ITIL is directly related to the concepts of IT and Business Relationship Management. In fact, I teach a class for Learning Tree International that squarely straddles ITIL and Relationship Management – Class 902, IT Relationship Management.
“ITIL does not address other requirements for governance the way ISO 20k does”. Again, this is simply not true. The reality is that ITIL fully recognizes in the core guidance the fact that you cannot deliver an effective and efficient IT governance solution with ITIL alone. You need many other components, harmoniously integrated, to do that. For example, ITIL unequivocally states that good IT governance requires program and project management skills. ISO 20k makes no mention whatsoever of this.
I believe ISO 20k plays a crucial role in the market for those organizations that wish to prove to others that they have implemented best practices in ITSM and increased their maturity to the point of effective and efficient control. For those who do not want or need to prove that to anyone but themselves, ISO 20k can be useful, but like everything else in the world of best practices, “It depends!”
As always, the point of my blogs is to get readers to think, rather than provide ready-made answers, because I will be the first to admit I do not always have them. Feedback on my blog entries is always welcome!
(ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.)