Latest Blog Posts

A vision for the itSMF global site - a resource run by chapters

A vision for the itSMF international web site - an active site, run by the chapters directly

I've got an idea for an improvement and I'm interested in what the general support for it might be - maybe it would be a good topic for the EGM.

First, the problem. Rob England said that the itSMFI web-site is 'as dead as a doornail', and this got me thinking:

I think that the current model is broken. The site is supposed to be run by the IEB for the chapters. Shouldn't it be the other way around? Shouldn't the chapters run the landing page for the itSMF?

My vision would be that a team is proposed by the chapters to take over the itSMFI site. They can decide on a new design, working with the members and chapters. Then the chapter web sites can drive the itSMFI site - there can be feeds of 'best of' information from sites around the world. There can be discussions, driven from, or connected to country sites. Rather than a static link to country sites, there can be a page for each chapter,  with its unique characteristics. There could be a new chapter spotlighed each week or month (we tried that a few years ago).

When a chapter improved its home site, then it could update the itSMFI site.

Important things like membership could be covered - so you could get an idea of how it all works in the different chapters.

The Publications page should be alive with publications that are produced by members, that chapters are wanting, that are being written at the moment etc. etc. So it becomes a resource that's useful for anybody looking for things. There could be a blog area for members - with the 'best of' highlighted.

Then, and I might have left the best until last, the Knowledge Repository could be on the site, fed by the chapters, possibly a resource for members only (not for me to say, of course, that sort of thing would be for the governance working group).

What do you think? A good idea for the EGM?



Which comes first in ITSM, process or tool?

I thought this series of presentations maybe of interest to many of you...

LinkedIn Groups

  • Group: IT Service Management Forum
  • Subject: Which comes first in ITSM, process or tool?

Service   Management and Automation done properly is said to improve staff   productivity, increase the quality of services and reduce operational costs.   But which comes first, process or technology?
  I'd like to invite you to attend the Service Management and   Automation summit to hear from industry experts globally on the benefits of   implementing service management and automation in tandem and how this could   improve your business and IT objectives.
  WHEN: Live March 12-13th and available afterward on demand
  WHERE: Sign up to attend here:  
  ‘Managing IT Services in a Consumer World’
  Andrew Harsch, Director of Portfolio Marketing, Chris Orr,   VP Solution Architecture and Ed Vaccaro, VP Product Management, Unisys
  ‘Process or Tool, Which Comes First?’
  Mike Malone, Lead Associate, Phase One Consulting Group
  ‘Service Delivery Automation: Why I Miss It and How I'm   Getting It Back’
  Matt Aaron, itSMF USA and Service Desk Supervisor,   Independence Blue Cross
  'The Tool Is a Fool; But a Fool With a Tool Is Still a Fool'  
  Nathan Allchin, Service Strategy Architect, Telefonica O2 UK
  'Automating IT Service Management – A Pragmatic Approach'
  Michael Pott and Kees Van Den Brink, HP EMEA Enterprise   Software
  You can interact with presenters during the live Q&A   session, engage in polls and download relevant valuable resources! Sign up to   attend any or all presentations at:  
  All the best,
Posted By Van Le


Taking Service Forward - the Adaptive Service Model - your chance to contribute

Fifth update from the Taking Service Forward initiative - February 26, 2014

We are delighted to announce that the Taking Service Forward wiki is now on line. It may be accessed at . Everyone interested in participating in the work of TSF is encouraged to create an account on the wiki and contribute their knowledge.

The details for how to join and the governance and management of the Adaptive Service Model may be found at 
http:// bit . do / TSFgovman

With the launching of the wiki, the web site becomes the core support of Taking Service Forward. At that site, you may find:

- A description of the Taking Service Forward initiative, including its charter, its roadmap, the story behind its start and the context in which it has developed
- A description of the crowd-sourcing approach of the initiative
- The Adaptive Service Model, including the meta-model and the model itself
- A description of the architectural concepts, the modelling language and the principles upon which the model is based
- The wiki, which will be the core support for proposing and discussing proposed updates to all TSF deliverables
- In the future, the service ontology, the third main deliverable of TSF, will also be documented and discussed at this site

In addition, there are various links to the social platforms, such as Google Plus, Facebook, LinkedIn and Twitter, used by TSF, as well links to other documents relative to TSF

The next steps in evolving and improving the Adaptive Service Model are now up to you, the community as a whole.

Join, contribute, benefit!


Non-disclosure agreements (NDAs) - what is their business value?

NDAs have very specific value when two companies wish to discuss a potential collaboration that involves trade secrets, IP or other matters that they wish to discuss, but wish to discuss under protection.

It's less obvious what value they have when used by companies to get their employees or staff to sign them.

A common argument that has been produced in favour of having NDAs is that they are best practice - but, even if NDAs are best practice (and I'm not sure they are - I'd want to see the evidence for this), best practice is that best practice is adapted to circumstance and adopted for good reasons, not imposed, against sound objections, just because it has the label 'best practice'.

Since then, I've been thinking about, and discussing NDAs, so I thought it useful to add this discussion to this group:
When somebody is concerned enough to impose NDAs on everybody my thought is "Honi soit qui mal y pense", then the following questions come to mind:

- What are they trying to hide? Is there some secret formula (like the fabled Coca-Cola one) that they're worried about getting out - or do they want to hide incompetence, political manoeuvres (which, like orchestral ones, prefer the dark), or corruption?

- Do NDAs work? Would some evil traitor who infiltrated Coca--Cola and decided to sell their formula to Pepsi really think 'Oh, no, I can't do that, I've signed an NDA!', and Coca-Cola would thus be protected?

- Do NDAs work? How many people have been prosecuted successfully for breaking one? When such prosecutions were successful, how good were they for the company's reputation?

- Are NDAs magical thinking? The idea that a form of words, written by a lawyer, when signed, form a magical protective charm?

- Is it simply paranoia? If somebody has had an unfortunate life, surrounded by secret policemen and psychopaths, then you could understand their paranoia. Somebody with mild schizophrenia might have irrational paranoia (eating lots of oily fish can help)

- Or are the people who are insistent on NDAs dishonest themselves (hence 'Honi soit qui mal y pense') and think that, if it was them, they'd behave badly if they weren't stopped by an NDA?

- Or is it simply insecurity? The thought that, if you don't micromanage all the news you'll find yourself exposed to the world in a compromising situation.
NDAs claim, in their text, to be contracts that protect the interests of both parties. However, this is, surely humbug, how many individuals feel that their interests have been served by signing an NDA with a company?

NDAs are claimed as protection. However, if somebody did something damaging to an organisation by revealing something secret that was serious enough to go to law about - wouldn't existing laws, such as theft, or libel or malicious damage do the trick? Do NDAs add anything even legally useful?

I suspect that it's usually some mixture of the above. Few of these are concerned with the good of the organisation.

However, from the point of view of governance, it is reasonable that you've said to people that you don't want your dirty linen washed in public, so, please could they agree not to pass on everything to possibly malevolent outsiders.

It's also reasonable that, if you have colleagues who are paranoid or insecure, or have some magical thinking (and none of these are disqualifications for most jobs or from being a generally good egg), then it's a kindness to make a concession to their feelings.
Are NDAs actually 'Best Practice'? The ITIL guidance is:
From ITIL 'Service Operation':
Screening and vetting 

All service operation staff should be screened and vetted to a security level appropriate to the organization in question.

Suppliers and third-party contractors should also be screened and vetted – both the organizations and the specific personnel involved. Many organizations have started using police or government agency background checks, especially where contractors will be working with classified systems. Where necessary, appropriate non-disclosure and confidentiality agreements must be put in place.

In Service Design, it talks about the Security Management  System (ISMS), and says:

The objective of the implementation element of the ISMS is to ensure that appropriate procedures, tools and controls are in place to underpin the information security policy. Measures include:

■  Accountability for assets – service asset and configuration management and the CMS are invaluable here

■  Information classification – information and repositories should be classified according to the sensitivity and the impact of disclosure.

The successful implementation of the security controls and measures is dependent on a number of factors:

■ The determination of a clear and agreed policy, integrated with the needs of the business

■ Security procedures that are justified, appropriate and supported by senior management

■ Effective marketing and education in security requirements

■ A mechanism for improvement
As is so often the case, what is important is a balanced approach with the value of an exercised considered in the light of the value and cost to all parties.

'Best Practice' - a great idea, but, should it be used as a club?

Best Practice. Two words that have led, already, to tons of discussion, some of it productive.


I was thinking about it today when, in response to the suggestion that there was no reason to do something, and lots of reasons not to do it, the answer was 'it is best practice' to do it.


To me, this doesn't make much sense. It's an argument from authority, rather than an argument from reason, logic and current circumstances - and arguments from authority are one of the well known logical fallacies.


More importantly, if you've no idea what to do and ask somebody and that person replies, 'well, best practice suggests that you do X', that's perfectly reasonable. You're not sure, you're looking for advice and if you adapt this best practice, as you adopt it, then it may well work for you.


However, if you do have an idea of what you are doing and you specifically see some reasons why you shouldn't do something that are germane to the current situation, then, surely, saying that your objections should be overridden, not because you're wrong, but because 'Best Practice' somehow trumps evidence, practical requirements and objections is quite wrong.


Am I right? Is it OK to use 'best practice' as a club to get rid of things you don't like but have no actual argument against? Or should one cry 'foul' when somebody attempts to wield the 'best practice' club?


Bloom's Taxonomy and the ITIL syllabus

(I just downloaded it to check) says: 'Testing and validation of knowledge take place at Bloom's taxonomy level 4 (analysing) and level 5 (evaluating)'.

Now, I've just discovered (so I didn't know either) that this is wrong. Bloom's taxonomy changed, apparently more than 20 years ago, so level 5 is now 'Creating', not 'Evaluating', which is now level 4.

To me it makes a lot more sense, to me, anyway. I've always felt a bit uncomfortable, but not been quite sure why, when lecturing people about Bloom's taxonomy, with the notion that 'evaluating' is the top.

I'm not sure if this should make a difference to the ITIL syllabus, and, if it does, what that difference would be, but I think it might be quite beneficial.

Design is a crucial and, as we know, often ignored, part of getting things right - the art of understanding all the requirements agnostically and then, and only then, working out what is the best solution. Isn't that, fundamentally, what being creative is all about?


itSMF Governance

The itSMF is embarking on a programme to improve its governance. It has established a working group to help put a sound governance system in place for the organisation. I am pleased to have been invited to be part of the governance working group - my colleagues on the group are: Shari Brunette, from the US, Steven de Smet from Belgium and Ulf Myrberg from Sweden. I'm hoping that this is going to be a very positive contribution to the future success of the itSMF - but, of course, we're just the steering group, the requirements and work must come from the whole community.


Some think of governance as being boring documents full of policy & rules that nobody uses or needs, but are there to feed the auditors.This view is not completely false as one of the outputs from governance is policy and, indeed, good policy does keep auditors happy.


Governance, though, is much more than that. It is how an organisation governs itself, that is how it works, day to day, operationally. If there are policy documents then these must be living documents that are part of what the organisation actually does - in other words they must be clear, understandable, understood and used.


The other half of governance is, indeed, making sure that the resources of the organisation are used effectively to produce value. So the organisational structure, the dynamics (including communication), the attitude, behaviour and culture as well as the processes and procedures are all essential parts of governance. Governance sets the tone for management to manage - it ensures that everybody, customers, suppliers, employees, managers, directors and volunteers are involved and treated properly. 


The best governance advice available to date is that produced by the King III commission in South Africa - it forms the basis of South African law and the basis of the UK's Finance Act. King III understands organisations as entities and sees governance as the job of making sure that they not only produce value for stakeholders (not just shareholders, and certainly not just boards of directors!) but also that they act as good corporate citizens.


So, as well as producing value for the organisation, good governance will make sure that the organisation works on sound ethical principles, that it is a good corporate citizen, so helps the societies in which it operates and is socially & environmentally responsible. So good staff relations as well as good customer and vendor relations are essential. Communication, of course, at all levels and between all stakeholders must be open and transparent to make sure that it is honest.


So, with good governance, there is no room for unnecessary secrecy, for doing things in private and then telling people what has been done. Things must be communicated both ways and in an open and frank manner, making sure that all stakeholders are properly considered and their needs and requirements understood and, where possible, met.



itSMF UK's 'Big 4'

If you've been following the itSMF UK's search for the four big topics that they'll be concentrating on addressing over the next year, you'll have been interested in their twitter chat on the topic. You can find it by looking for tweets with  to get the results.

If you're not a tweeter, then you might be interested to know the result:


1. Back to basics.

2. Skills.

3. Managing complexity

4. ITSM & Agile

I was quite surprised by the list, but they do make sense. I think that they've, sensibly gone for more umbrella topics than specifics - so there's more to cover and more room for interpretation.

You certainly can't say that they're not important or topical though! I, along with thousands of others, of course, made my contribution to the discussion - they had a number of sessions devoted to discussing this at the itSMF UK conference and the discussion I was involved in was lively and engaging.

I think that they were listening, though - quite impressive, with so much to hear. I thought that managing requirements was crucial to future success. There we are, that's back to basics, it's certainly a skill and an integrated requirements register will help you manage complexity by distinguishing between the truly complex and the simply complicated or apparently complex. If you wish to improve your ITSM and be more agile, you certainly need to understand your organisation, and enterprise, stakeholder & requirements analysis are central to that.

I'm sure that many other people will also recognise their contribution in these broad topics!

So, well done, itSMF UK, congratulations! It's been an inspired exercise to generate ideas and to set the direction for the future by getting to understand grassroots needs.

I have a feeling that it won't just be the UK that will be using these well-honed ideas to inspire useful debate, interesting events and, who knows, some useful books...



Governance & Ethical Behaviour - King III & our duties as employees or consultants

Here's an interesting question about governance. The King III report on corporate governance (much of it now part of South African and UK law) says, for example:

Good corporate citizenship, including the company's promotion of equality, prevention of unfair discrimination, and reduction of corruption.


Integrating ethics: The board should ensure that the company's ethical standards (code of ethics and related ethics policies) are integrated into the company's strategies and operations. This requires, among others, ethical leadership, management practices, structures and offices, education and training, communication and advice, and prevention and detection of misconduct for example, through whistle-blowing.

So, if you are an employee, a shareholder, or other stakeholder, then, it seems to me that, under the act, you have a duty to report poor governance - such as corruption, unfair discrimination, inequality or other unethical behaviour.

I wonder, as a consultant, how far we should recommend this to our clients. I've been setting up a hospitality register recently, as part of the policy to deal with corruption, but it seems to me that there must also be provision of a means for anonymous whistle-blowers to report poor governance. Not just a report of all offers of hospitality, or gifts, given or received.

It's a difficult thing, though. If, say, the directors, or other board members, of a company are the ones acting unethically, then it doesn't make much sense to report these matters to the board- they, presumably, already know that they're doing the wrong thing!

Should it be reported to the company auditor? Presumably a clear path to the auditor should help - but what if the auditor is favoured by the board, might there not be a conflict of interest there?

So should we be advising our clients to set up reporting directly to the financial authorities or companies house, or the SFO?

It's a difficult balance between loyalty to the company being interpreted as loyalty to members of the company, or board, (who might be doing damage to the company) or loyalty to the company itself. 

What should you do if a CEO or Company Director attempts to influence, say, the purchase of an ERP system? We know, in the old days, that salesmen from various very large computer companies would take directors out to meals, arrange golfing seminars for them, and, maybe, give them the odd bit of kit to 'try out'. All this would be covered by the UK bribery act now, but most employees would probably consider it unwise to even mention the bribery act if their CEO says - 'I think that XYZ software would be an excellent choice', even if there has been no due process of tool selection, or if that due process suggested that ABC would give much better value to the customer.

It's difficult for a consultant too - presumably the obligation of a consultant to the company should mean that he'd recommend against the CEO in the above case, and, if overruled, mention the matter to the FD and/or auditor - but would this be a good career choice for the consultant? --- but, can a consultant ignore his ethical duty in favour of his possible short-term career prospects?

They're not always easy questions - but my personal view is that the ethical decision has to be made, even if it causes personal difficulties. It would be better to lose a follow-up engagement than have one as a result of being complicit with unethical behaviour.