Skip to content

ISO/IEC 20000 part 11 published – guidance on relationship between ISO/IEC 20000-1 and ITIL




ISO/IEC TR 20000-11 Information technology – Service management – Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: ITIL® was published in December 15th 2015. This part has been developed in co-operation with Axelos, the owner of ITIL®[1].

What is Part 11?

Part 11 is the 1st in a series of parts about the relationship between ISO/IEC 20000-1 and other frameworks. Part 12 is currently being developed for CMMI-SVC and is expected to be published later in 2016. Part 13 will be started in the future for COBIT.


Posted in Certification, COBIT 5, Cyber Security, ISO Schemes, ISO/IEC 20000, IT Service Mgmt, Qualifications.

Tagged with , , , , .

COBIT 5’s grass roots and a whole lot more

COBIT 5 (Image 2) (1)We all need assurance that what we are doing is right, good and useful. Assurance counters doubt and helps build confidence. This is true of individuals, in their personal and work life. It is also true of businesses. Business leaders need to know that what they think is happening, is the case. Good governance, for the protection of all stakeholders, demands it. How do we do this in the business context? What does COBIT 5 contribute?


Posted in COBIT 5, IT Service Mgmt.

Tagged with , .

ITSM Zone and BRM Institute produce the first BRM salary survey

BRM survey

APMG Training Organization ITSM Zone and Business Relationship Management BRM Institute collaborate on world first 2015 annual BRM salary survey

The role of the business relationship manager (BRM) is becoming more and more crucial. As businesses look for new ways to get more value from service providers, many are recruiting business relationship managers to help them maximize return on investment.

The role of BRM can mean different things in different organisations. Up until now, there hasn’t much data to help identify where business relationship management is most popular – or how BRMs are compensated.

Step forward the Business Relationship Management Institute (BRMI). This organization is the world’s premier membership, professional development, and certification organization dedicated to serving the global business relationship management community. It was incorporated as a non-profit corporation in February 2013 and has been growing rapidly since.


Posted in Business relationship management, Certifications, Qualifications.

Tagged with , , , , .

Is Cyber Essentials mandatory for my organization?


Cyber Essentials is a certification scheme developed by the UK Government, offered within APMG’s cybersecurity portfolio. For those of you unfamiliar with the scheme – Cyber Essentials provides a set of requirements for businesses, large or small to measure their cyber security systems against.

Satisfying these requirements means the organization can be confident it’s compliant with basic cyber security best practice – displaying the cyber essentials badge channels that confidence to its customers as well.

Crucially on 1 October 2014 Cyber Essentials was made mandatory for organizations looking to secure government contracts which concern handling personal information and delivering certain ICT products and services.

It is now mandated that suppliers can prove they meet the technical requirements defined in Cyber Essentials when bidding for contracts featuring the characteristics highlighted in the Government’s procurement policy:


Posted in Cyber Security.

Tagged with , , , , , .

ISO/IEC 20000 series of standards – updated part 10


Part 10, concepts and terminology, was 1st published on November 1st 2013. It has been updated and republished in November 2015. This blog is about the updates to part 10.

What is Part 10?

ISO/IEC 20000-10 has the title ‘Concepts and terminology’. It defines the terms used across the ISO/IEC 20000 series. It additionally contains an explanation of each part of the series and their relationship. It also identifies other related standards. There are several useful diagrams showing all the relationships. This contributes to the understanding of the ISO/IEC 20000 series and supports the integration with other standards.

There are other management system standards which similarly have a separate part for terms and concepts e.g. ISO/IEC 27000, ISO 9000.

Why has part 10 been updated?

Part 10 is intended as a document that can be updated frequently to maintain a full list of terms as well as an explanation of the parts of ISO/IEC 20000 and other related standards.

Some of the related standards referred to in Part 10 have been updated and some new ones have been published. It was therefore necessary to update the clauses on related standards, either within the 20000 series or other standards

There was also a market survey during early 2015 which pointed to the need to provide more information about the benefits of setting up a service management system and meeting the requirements of ISO/IEC 20000-1.


Posted in ISO Schemes.

Tagged with , , , .

Safe and secure: COBIT 5’s contribution

Securing IT has always been necessary to keep us safe from attack. The difference now from before is that attacks happen both swiftly and with stealth, i.e. they happen undetected, all the time, making us vulnerable from:

The breaches are driven by three groups, spies, thieves and fanatics, who take advantage of, and exploit, the interplay between human and technological vulnerabilities. Boards need to prepare themselves for when it happens or, more likely, ‘when we find out it has happened’.

COBIT 5 (Image 1) (1)


Posted in COBIT 5.

Tagged with , , , , , .

Gaining a good grip on risks with COBIT 5

COBIT 5 (Image 6)Hard on the heels of Talk Talk are Vodafone and Marks & Spencer. Like Talk Talk, Vodafone can be classed as a ‘cyber security’ breach, whilst Marks & Spencer is a more traditional, technical error that just so happened to affect its website, demonstrating how closely intertwined the new, cyber risks are with the old. (For Vodafone, look at SC Magazine and Tech Week Europe. For Marks & Spencer, look at The Mirror.)

Risk management has become more complex. Its scope includes threats as well as the traditional risks, and its impacts are transparently obvious. Boundaries between internal and external risks have merged: ‘business-as-usual’ is having to merge with ‘business continuity’ to meet the demand for 24/7 business availability. Welcome to the new world of business resilience. And to COBIT 5.

The framework helps join the dots between risks and threats. As a result, it helps identify immediate responses and relevant remedial actions to minimise impacts.


Posted in COBIT 5, Cyber Security.

ITSMF, market trends and ISO/IEC 20000-1 – what have they got in common?


ITSMF (IT service management forum) have just had their annual conference which I attended and spoke at in London. During the conference, I attended many excellent talks about the market trends in services and service management. As the editor of ISO/IEC 20000-1, I am already looking at the changes required in the standard to make it fit for the future. The market trends I saw got the thought processes going further.

The market trends seen at ITSMF conference

The market trends being discussed at the conference covered many areas.

IT4IT is an open forum reference architecture for IT with a focus on 4 value streams – detect to correct, request to fulfil, requirement to deploy and strategy to portfolio.

SIAM, Service Integration and Management, is implemented in many places where there are multiple suppliers working together to deliver services to a customer with one party taking the role of service integrator.

Resilia is the new framework from Axelos covering information security within service management. The ITIL processes are all covered with guidance on building in information security for the services and its related information.


Posted in Events, ISO Schemes, ISO/IEC 20000, Qualifications.

Tagged with , , , , , , , , , .

Have you underestimated the Fear of Change in your organization?

businessman drawing impossible text on a blackboard

Change depends on people. Organisations need to change to survive in dynamic times. We hear time and time again about successful organisations being those able to adapt to changing environmental factors. We also hear about those who ‘fail to change, fail to succeed’.

But what does change really mean to your organisation, to your people?  There will be those who actively embrace change, the ones who adopt a “wait and see” attitude, and those who may consciously or unconsciously fear change.

The Phenomenon of ‘Change Fear’

Call it apprehension, anxiety, or dislike of the unknown, of being outside of your comfort zone or not in control of the immediate future, typically we have all experienced that twinge of ‘change fear’ at some point in our lives.

Some are bold and brave in the face of change fear; others show disdain; some jump in rallying to the change cry; we see everything from heroics, to avoidance to attitudes of ‘it won’t work’ to ‘how wonderful’.

So why is it that change can be so fearsome and confronting for some of us, yet embraced by others?

The simple fact is that the more we feel ‘in control’ of a change, the more we are prepared and understand (even if not agree to) change, the more likely that change will succeed.  Put succinctly few of us like change being ‘done’ to us!


Posted in Change Management, Project Mgmt, Qualifications.

Tagged with , , , .

Zmiany i nowości w AgilePM V2 (Polish)

Agile kontynuuje swój globalny marsz, mający na celu wprowadzenie mentalności zarządzania z naciskiem na ludzi oraz współpracę między nimi. Powstały oraz wciąż powstają metodyki i podejścia zwinne image 1wywodzące się ze Scruma. Jednak istnieją również takie, które pierwsze korzenie wypuściły ponad 20 lat temu, kiedy to Scrum nie był mocno rozpoznawalnym i popularnym podejściem.

AgilePM V2 jest wynikiem prac konsorcjum DSDM. Metodą, która historycznie czerpie bardzo dużo elementów (w tym cykl projektu, role projektowe oraz produkty zarządcze) z innej, bliźniaczej metody DSDM. Ten odświeżony standard zwinnego zarządzania projektami (powstały w 2010 roku jako pochodna DSDM), otrzymał nowy branding oraz wiele praktycznych zaleceń dla kierowników projektów zwinnych. Zaowocowało to podziałem podręcznika na dwie sekcje oraz zwiększeniem jego rozmiarów do 240 stron (w porównaniu do 176 z poprzedniej wersji). Oba podejścia, zarówno DSDM jak i AgilePM, są w pełni zgodne z Manifestem Agile i stają się coraz bardziej popularne. Ilość osób certyfikowanych w obu standardach przekroczyła już ponad 30.000 osób.

V2, podobnie jak poprzednia wersja, bazuje na metodzie DSDM, która od roku 2014 „awansowana do rangi” frameworka o nazwie AgilePF – Agile Project Framework. Dzieje się tak, ponieważ DSDM AgilePF jest obecnie promowany, jako podstawa dla wszystkich produktów, które konsorcjum DSDM posiada w ofercie (AgilePM, AgilePgM) jak również wszystkich przyszłych, które dopiero zostaną wydane (min. AgileBA, AgilePMO). Dlatego też nie zdziwi nikogo fakt, że AgilePM V2 jest w wielu miejscach podobny do DSDM. Cały pierwszy dział podręcznika (70 stron) został w pełni poświęcony przybliżeniu podstaw zarządzania zwinnego, jakie rozumiemy przez podejście, które promuje konsorcjum od ponad 20 lat. Nie ma tutaj nowości w kontekście wydanego w czerwcu DSDM AgilePF. Esencją AgilePM V2 staje się sekcja druga, która interpretuje teorię pryncypiów, produktów, ról, itp. W skrócie sekcja #1 to teoria, a sekcja #2 to interpretacja teorii w postaci zaleceń i luźno rozpisanych najlepszych praktyk dla kierowników projektów zwinnych, realizowanych w zgodzie z DSDM AgilePF.


Posted in Agile, Project Mgmt, Qualifications.

Tagged with , , , , .