Cloud Infrastructure

11:47 AM
Repost This

The IT Governance Cheat Sheet

Sorting through the alphabet soup language of IT service management (ITSM) can be tough, but it's worthwhile. Here's a handy guide to essential ITSM frameworks and standards.

In my previous column, "Must 'Cloud' Translate To 'Ungovernable'?", I argued that when IT services come from a mix of inside and outside assets, we need more control, not less. The bad news: IT service management (ITSM) as a discipline includes an ocean of standards. To help guide IT leaders who are new to ITSM, I put together a sample of important frameworks, and where they fit in the business.

Why go to the effort of wading through it? As IT gradually gets drawn into a broad XaaS (everything as a service) transformation, service management becomes a mutual need for enterprises and their suppliers. A culture of reciprocal accountability must prevail, as it does in other industries. To put it another way, look at what happened when a few seats on American Airlines flights came loose in midair. A series of policies and inspections, with FAA involvement, was kicked off automatically. Meanwhile, hospitals are quickly learning that processes and checklists minimize errors.

Why doesn't an IT failure launch a predefined remediation process? Imagine how we would react if the healthcare or airline industries were not in compliance with their respective governance standards. Now, you can argue that a bit of regulation goes a long way, and no one is likely to die if a SaaS provider is offline for a few hours. True, but we must aspire to achieve the same levels of standards that we hold the businesses we support to--especially if we buy the premise that cloud adoption is now in the fast lane.

ITSM is only a means to an end, and, to that extent, business objectives and governance must come first. While the academic list of related artifacts can be daunting (what's below is just a sample), there are plenty of resources to help in preparing a highly customized and targeted subset that can serve as the materially significant list of critical ITSM tracks for a given business agenda. Check out ITSM Watch, for example, and various certification tracks.

I've seen plenty of theories on how many of the 26 ITIL processes and related artifacts are must-haves. Obviously, there is no universal answer. I recommend beginning with a manageable list of 10 to 15 carefully chosen subsets of these processes for large companies with cloud and in-house services. Smaller companies, or those with a simple IT infrastructure, could use fewer. Alignment with business objectives and governance, and demonstrating value back to the business, will definitely help in that filtering exercise.

ITSM Cheat Sheet

(click image for larger view)

Keep in mind that ITSM is a mix of optional best practices and enforceable policies. Wherever possible, policy-driven ITSM must be elevated to policy-governed ITSM, so breaches and outages can be averted, rather than merely reported on after the fact. Adhering to standards can also help avoid vendor lock-in. You get the gist.

To start an ITSM program:

- Form an executive sponsorship/steering committee with business and IT stakeholders. If applicable, include key external members, such as major suppliers and partners.

- Review broad business objectives, including compliance needs.

- Review your current IT enterprise architecture and cloud strategy, and include providers in the discussions.

- Define the desired scope and objectives of IT governance. Differentiate between elements that will be best practice vs. elements that are enforced by policy.

- Include continuous improvement and communications in the plan.

- Implement ITSM tracks iteratively; keep the steering committee and stakeholders informed about where value is being added to the business to sustain the momentum of adoption.

Sreedhar Kajeepeta is the founder of Adunik Inc, a consulting firm specializing in cloud computing, big data, social networking, and mobility. He can be reached at

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/11/2013 | 4:27:16 PM
re: The IT Governance Cheat Sheet
Thanks for the comments from The IT Skeptic. The blog addresses the need to launch an ITSM program where none exists today. The list of standards and respective versions -Šare samples, as stated, and are not necessarily the latest and greatest such as COBIT 5 that was published in June 2012. ITIL v3 is listed to match with COBIT 4.1. ITALM refers to Application Life Cycle Management. The chart is structured to show key elements of -Šgovernance, frameworks, standards, processes, repositories and industry regulations that together form a complete ITSM solution, and, to that extent, listing standards governing Web services is very much in order.

Thanks again to The IT Skeptic for the time and energy.
The IT Skeptic
The IT Skeptic,
User Rank: Apprentice
1/11/2013 | 2:02:26 AM
re: The IT Governance Cheat Sheet
OMG this is so screamingly bad I'm at a loss where to start. I'll restrict myself to the chart.

Read ISO38500 (which you don't mention, it is the ISO standard for Corporate Governance of IT) and/or COBIT 5 and learn what "governance" means. Everything you have called "governance" here is management. That would be why we call it ITSM not ITSG.

COBIT 5 has been out for near a year now, and ITIL 2011 superceded ITIL v3 in... guess when.

How can you talk about "related standards" and not mention ISO20000? That's the standard for ITSM.

Where on earth did you get "ITALM"? never heard of it, can't find it on Google. nor TBM nor ITFM. I suspect these are CSC-speak; they aren't "standard" processes that I can find.

Frameworks in this area of busines and value alignment are M_o_V (stablemate of ITIL), OBASHI and BiSL, which are not mentioned either.

Then there are eSCM (a service management framework for service providers like CSC), ISO15504 for process improvement (since you mentioned CMMI) ...

The inclusion of Web Services machine protocols in this context is just... odd. Web Services are not services in the service management sense. Web Services are executed by machine. They may be one component of a business service that allows the execution of a transaction. That's it.
More Blogs from Commentary
Infrastructure Challenge: Build Your Community
Network Computing provides the platform; help us make it your community.
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
Fight Software Piracy With SaaS
SaaS makes application deployment easy and effective. It could eliminate software piracy once and for all.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
Hot Topics
Fight Software Piracy With SaaS
Andrew Froehlich, President & Lead Network Architect, West Gate Networks,  4/22/2014
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ≠extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed