 One of my colleagues recently reacted to an article that I wrote about Getting Started with Configuration Management Databases (CMDB) with a strong rebuke suggesting that creating an industry standard to support ITIL v3 is useless. This gentleman is a published author and industry expert – especially in the field of IT Service Management. He is also not the first person to criticize the ITIL framework. Did the itSMF do a poor job when they wrote this framework? Of course, other technology professionals and industry experts have been highly critical of Cobit, CMMI and, of course, the ISO/IEEE/EIA standards as well. I know that this column is going to create some controversy but I respectfully disagree and here’s why!
What’s wong with ITIL?
The ITIL framework establishes guidelines for implementing IT Service Management. It is also far from perfect. My colleague went on to say that (ITIL) "V3 is a reference model that has only loosely coupled components which are rather inconsistent with each other." This colleague also said that “we all know that ITIL cannot be implemented” and “then why create a standard that audits an organization against following the content of one of these ITIL versions?” His point is well taken, so should we all pack up our “standards bags” (figuratively speaking) and go home?
The Impossible Dream
There is actually a lot of well deserved criticism of ITIL along the lines that it is an ivory tower idealized framework that is not at all practical or viable. Few if any organizations have actually implemented ITIL as described in the large set of books which specify the framework. With so many problems how can I trust its guidance?
Vague and Inconsistent Guidance
One of the problems with ITIL, as noted by my colleague, is that functions and processes are described in an inconsistent way. In CM we can relate to this problem. I often implement a Release Management process (that may not be actually run or maintained by the Release Management team). Many financial firms require the establishment of an independent release management organization that establishes a separation of controls. The key point in this effort is that developers should not have access to Production. I have known of Banks that were cited by the Office of the Currency (OCC) for failing to have a separation of controls in place. So functions and processes may not be the same, but they are both essential in specific contexts and – more to the point – you should not confuse processes and functions!
Cobit and CMMI have garnered their own well deserved criticism.
I have known managers who went into a fit of rage when we discussed implementing the CMMI because they had had prior experiences that taught them that process improvement, using the CMMI as guidance, could be a complete waste of time and resources. The CMMI has been widely criticized for failing to really explain how to actually implement the process areas advocated by the CMMI framework. Others have found that the guidance in Cobit was completely impossible to understand and implement on a practical basis. I have seen organizations that spent a lot of money trying to implement the CMMI and Cobit with very little benefit to show after the consultants exhausted the hours allotted in their contract.
Are the IEEE/ISO and EIA standards any better?
Many people have criticized the IEEE/ISO and EIA standards for their cryptic language and lack of practical examples. Many standards are so complicated that they are effectively impossible to implement without expert guidance. Too often implementing industry standards is just an exercise in preparing to pass the dreaded audit.
A World Without Standards and Frameworks
Alright, so I am willing to consider the wisdom of my colleagues and also consider what the world would look like if there were no standards. If there were no standards and frameworks then my bookcases might be a little less packed and my poor printer might be a little less worn. But now what would I do when I needed to figure out how to implement my testing or configuration management practices? In truth, I was doing process improvement long before there were relevant standards and frameworks. Back then we used to interview subject matter experts (SME) and codify their recommended best practices. We all longed for published studies and databases of projects from which we could learn about which industry practices worked and which ones did not. In short, we would work our way right back to standards and frameworks. So does that mean that we should give up all hope of useful practical standards (and frameworks) to specify best practices?.
Solution: Enter the Meta Standard
One thing that I find very effective is looking at the same practice in more than one standard or framework. I realize that this involves some work (sorry about that), but evaluating the same set of practices in Cobit, CMMI and ITIL is extremely helpful. When you start to add in guidance from the IEEE/ISO/EIA standards then you will find even more benefit. I can tell you that in my involvement with IEEE standards, I am always comparing the IEEE standards with similar standards (both IEEE and from other standards bodies) and frameworks. Essentially, we should be creating composite “meta-standards” that include the best of the best practices.
What do I do it they are not perfect?
I believe that finding places where standards and frameworks need to be improved does not reduce their value and validity. Obviously standards boards and organizations that publish frameworks should be open to input from the technology community. All standards should be “open standards” in that they should accept input from other technology professionals. You should also use the very active Social Networks to discuss and impact the standards and frameworks themselves.
Standards for Agile and ITIL
Two of the areas that I have been getting more involved with is creating standards for supporting Agile and ITIL. Some would ask (as my colleague already did) why should we create a standard that audits against an imperfect framework? I believe that the answer to that question is that we should try to address these issues in the standard as much as possible. Harmonizing the standard with other existing standards and frameworks will also help. Clearly the long term solution is to continuously improve our standards and frameworks as we would with any other process improvement effort. Finding a defect though should not discourage you or cause us to view the standard as being invalid. It should motivate you to get involved and help make these standards and frameworks better!
Bob Aiello is the Editor-in-Chief for CM Crossroads and the President of Yellow Spider, Inc. (http://yellowspiderinc.com ) where he specializes in Software Process Improvement including Software Configuration and Release Management. Mr. Aiello has over 25 years experience as a technical manager in several top NYC Financial Services firms where he had company-wide responsibility for CM, often providing hands-on technical support for enterprise Source Code Management tools, SOX/Cobit compliance, build engineering, continuous integration and automated application deployment. Bob is the Vice Chair of the IEEE 828 Standards working group (CM Planning) and is a member of the IEEE Software and Systems Engineering Standards Committee (S2ESC) Management Board. He is a long-standing member of the Steering Committee of the NYC Software Process Improvement Network (CitySPIN), where he serves as the chair of the CM SIG. Mr. Aiello holds a Masters in Industrial Psychology from NYU and a B.S. in Computer Science and Math from Hofstra University. Bob is the author of CM Best Practices: Practical Methods that Work in the Real World, Addison-Wesley Professional (http://cmbestpractices.com ). You may contact Mr. Aiello at raiello@acm.org or link with him at http://www.linkedin.com/in/bobaiello
Trackback(0)
Comments 
Write comment
 |
Behaviorally Speaking 
TrackBack URI for this entry
Subscribe to this comment's feed