subscribe: Daily Newsletter

 

Sound governance through IT service management

0 comments

Computers have fast become entrenched in everyday life, and over the last few years organisations have begun to realise that their business in fact now entirely relies upon on a sound and effective IT infrastructure. In fact, if ICT does not work, in most cases the business and its employees simply cannot work either.

Says Dr Don Page, CEO of the Marval Group, "Because of the vital nature of IT, it has become increasingly important to ensure stakeholder and customer confidence in the way in which these IT services are delivered to the business, and many industries have become heavily regulated as a result.
"The IT challenge is now to deliver standardised, efficient and reliable IT services to the business, drive down costs, reduce risk and increase the organisational value of ICT investment.
"At the same time, IT is under pressure to work within increasingly constrained budgets while continually improving services and ensuring business, stakeholder and customer confidence in the fact that IT investment is being leveraged to its full capacity."
Sound IT governance and compliance to regulations as well as improved accountability, and auditability of all of these, have become the cornerstones in delivering effective IT services to business that meet the needs of the various parties.
"The concept of IT Service Management, or ITSM, is focused on helping organisations to ensure that IT and business are better aligned, and that IT meets the needs of the business in a transparent, repeatable and manageable fashion, driven by processes and procedures," adds Edward Carbutt, executive director at Marval South Africa.
"In essence, the building blocks of ITSM, such as ITIL and ISO/IEC 20000, are geared towards not only towards ensuring better IT service delivery, but also support good governance by the very nature of their implementation."
ITIL offers best practice guidelines to businesses in terms of the management and delivery of IT services, and the latest iteration, ITIL v3, focuses strongly on the areas of continual improvement, service life-cycle and improved change control.
"However, in order for these best practices to be truly effective within an organisation there is a need for some form of accountability," says Carbutt.
"Ensuring a successful ITIL-based service improvement programme means being able to enforce continual improvement strategies and provide evidence to prove quality of service and progress made. This is where ISO/IEC 20000 comes into the picture."
"Where ITIL talks of process and the way things should be done in line with best practice, which can be difficult to implement and control, ISO/IEC 20000 is a prescriptive international standard for the management of the IT and service infrastructure that can be audited and benchmarked against," adds Page.
"It provides measures that can be used to prove quality of service and progress, ensuring an auditable culture of continual improvement and accountability from the start. "Instead of offering advice on how things should be done, in essence it offers a formal structure that states how things shall be done, which goes a long way towards standardising IT processes and ensuring auditability and accountability.
"In fact, ISO/IEC 20000 can be used as a starting point in developing an IT governance framework, as it outlines the minimal critical requirements for IT governance and demonstrates business commitment from IT to its customers, whether these are internal or external.
"And where ITIL relies heavily on the people within an organisation, who are liable to leave with their ITIL certification and the resulting skills, ISO/IEC 20000 is an organisational certification that ensures the continuity of ITSM initiatives beyond the employment cycle of any individual employee."
The need for IT governance is driven by a number of factors, including mandatory legislation, regulations and codes of practice, as well as the need for cost savings and improved efficiency.
Added to this is the need to mitigate risk, while at the same time improving investor confidence and developing a reputation for excellence from the perspective not only of customers but of employees as well.
"ISO/IEC 20000 offers a baseline against which IT service providers can be measured in order to demonstrate to the business that its service delivery represents best practice, is auditable and accountable and delivers value for money, all of which form important aspects of IT governance," says Page.
ISO/IEC 20000 in short makes certain that best practices are adhered to, that governance controls are in place, and that IT services are both auditable and accountable.
By ensuring that IT service delivery meets the standards outlined by ISO/IEC 20000 organisations are able to offer proof that not only do their IT services offer value to the organisation, they are also compliant with applicable legislation and can meet governance requirements easily.