I get a lot of advice requests from IT people about ITIL certification and compliance. Usually, these are personal inquiries on certification paths after the ITIL foundations exam, but lately IT managers ask me to recommend ITIL implementation paths for their business organizations. Of course, since ITIL V2 there are a lot of more-or-less developed methodologies and frameworks for ITIL implementation in IT Service organizations. About a year ago I started recommending ISO/IEC 20000 certification to them. Why is that so? Let me give you an example: a friendly customer of mine, IT Service Company, educated dozens of its employees in ITIL Foundations during the last 10 years. Due to workforce fluctuation trends, a lot of them left the company and settled in the neighborhood, doing the same job for someone else. So the company funded the competency matrix of its competition.
ISO/IEC20000-1 requirements, what SHALL be done ISO/IEC20000-2 code of practice, a guidance as to HOW it should be done in more detail
realm by following a set of simple but strict rules established during a process of preparation for the certification.
An overview of ITIL...
ITIL has come quite a long way from the previous V2 version where we had only 10 processes and one function. In its current version, ITIL is based on five volumes representing the five service lifecycle stages addressing some 26 processes and four functions. For the new people in the house, lets have a quick overview of lifecycle stages and processes/functions:
ITIL experienced a significant increase of content volume in 2007 when version V3 was introduced, and more still in a 2011 refresh. The big difference is a strong turn toward copyrighting, probably in order to finance the growing ITIL food chain: publishers, authorized training organizations, examination boards, etc. On the other hand, creating this volume of relevant knowledge and best practices was a remarkable effort and one has to think about the future.
ISO/IEC 20000 provides strict requirements (WHAT) and a simple code of practice (HOW). The story is further expanded by ITIL experience and best practice framework as a detailed guidance about processes and functions. At the base are basic in-house procedures and work instructions, from core business and other implemented standards/methodologies (ISO, PMI) Both stories came from the same place and both got refreshed in 2011. How well do they fit together and have they grown apart? In a nutshell, ISO2000 emerged initially from ITIL V2, and did not evolve much in volume, but requirements got much more realistic in 2011. On the other hand, ITIL was inflated almost double in V3, so the 2011 refresh also was more about quality then quantity. An IT Service organization can use ITIL to implement ITSM processes according to best practices, and ISO20k can be used for implementation and measurement of essential processes. The pyramid can be approached from both sides. A question for you: in the current maturity stage, what would you do first it in your organization would you go for ITIL implementation or ISO/IEC20000 certification?