A new international standard is aiming to help American data center professionals get a handle on IT service management (ITSM). The standard, ISO 20000, is a set of best practices for IT departments to use internally. It also improves relationships with other companies or governments who want to do business with ISO 20000 certified companies.
Published late last year, ISO 20000 uses the framework of the IT infrastructure library (ITIL), which was developed by the British government and first published in the 1990s as a series of best practices for IT service. Since then, ITIL has been widely adopted throughout Europe and continues to grow in Africa and Asia.
ISO 20000 goes further than ITIL
Lance Wallace, director of technology for Dallas, Texas-based Plexent, says ITIL took what IT professionals had already been doing and created a published guideline for everyone to follow and be able to communicate more effectively. "[ITIL] is a common vernacular that says, 'here are the processes that IT should do,'" explains Wallace.
The development of ISO 20000 came about to address the needs of an even larger international audience, namely the North American market. As a standard, ISO 20000 goes a bit farther than ITIL by dictating specific steps to be completed in order to be eligible for certification. For example, an official audit must be performed by a third-party company in order to achieve ISO 20000 certification.
Wallace believes that ISO 20000's status as an international standard will carry substantial weight in the U.S. market and help it gain traction. Business-associated benefits are also making ISO 20000 adoption more attractive: "It is all about transforming IT into being a business service-focused organization with a continual process improvement towards delivering those services," explains Wallace. "I think there is cost-efficiency, stability of services, consistent quality, predictable results and scalability."
U.S. slow to adopt IT service standards
Despite the benefits of adopting IT service standards, American shops have been slow to react. A 2004 Gartner survey of primarily U.S. data center managers, IT operations heads, and CIOs, found 58% of these respondents had little or no knowledge of ITIL. These finding echo the sentiment of Frank Guerino, CEO of Berkeley Heights, NJ-based TraverseIT: "ITIL is just really starting to gain momentum inside the states, and ISO 20000 is not something we really have seen [requests about]."
However, despite the lack of enthusiasm surrounding ITSM standards, Sharon Taylor, chief architect for ITIL version 3 project, and president of Ottawa, Canada-based Aspect Group, believes many more American IT professionals are aware of ITIL today than statistics would suggest. She points to the 50,000 U.S. members of the IT service management forum (itSMF), an IT quality management association, as evidence.
IT managers must weight service standards' costs and benefits
Two of the chief complaints are that it is time-consuming and expensive to integrate. "What we are finding is that in the average large enterprise, that has a very large IT staff at their disposal, they can probably implement one to three disciplines in the course of a year," states Guerino. He believes this piecemeal approach is part of the reason companies fail to adopt service standards completely. "A key reason for failure is because they roll out three or four disciplines and realize they can't keep up with all of it."
In terms of specific data center needs, Guerino says there is little demand to become compliant with IT service standards. "There are some [data center] recommendations, but there is nothing really major [in ITIL] that impacts your data centers; it really is more about process and how you manage inflows and outflows of information into your organization," states Guerino.
Sharon Taylor has a different view. According to her, legislation like the Sarbanes-Oxley Act has motivated American companies to become compliant with federal laws. She says other motivating factors for companies seeking certification include the passage of new corporate policies, the creation of ITIL marketing strategies, and reduction of liability and risk management issues.
Taylor agrees that large conglomerates may have some difficulties with implementation due to the sheer scale of necessary revisions. However, "there is a lot of latitude in adaptation in how you become compliant [which] can help make the choices of whether it is cost-effective and efficient or expensive and onerous."
Data center professionals interested in ISO 20000 can get certified by first getting educated, implementing the processes, and then contacting a certification company to audit them. They can also contact consulting companies to enlist help. Either way, Guerino suggests talking to peers who have adopted ITIL or ISO 20000 before contacting any consultants.
Despite differing views on the market, critics and proponents alike think ITIL and ISO 20000 are both good for getting everyone on the same page. "By having a common language, it lends itself to interoperability, whether you are looking to outsource or are an IT professional looking for a job," concludes Wallace.