Skip to content


ISO/IEC 20000 – Reporting

ISO/IEC 20000

There is one clause in ISO20000-1 for service reporting but there are also other places where there are requirements to report. This blog tries to summarise the requirements.

The service reporting process

The service reporting process, clause 6.2, in ISO20000-1 covers some general requirements about reports and then specifies 5 mandatory reports.

The 1st requirement is to list the service reports produced with their identity, purpose, audience, frequency and details of the data source(s). This can be done in a simple spreadsheet or in a more complex document if that is more suitable to your environment. It is a useful exercise to consider what reports you do produce and if they are really required. Many organisations have reports that have been produced for many years but may no longer be relevant.
Continued…

Posted in ISO Schemes.

Tagged with , .


Agile Organisational Change Management: Fashion or Future?

I’ve been working with a couple of organisations over the last months providing assistance with some organisational change stuff. The number of questions from many people across the organisations is mainly about implementing Agile Organisational Change.

Continued…

Posted in Agile, Change Management, Qualifications.

Tagged with , .


Why I like PRINCE2 Agile®

I have been working with PRINCE2® before it became PRINCE2 and for the last 10 years I have been a PRINCE2 trainer and consultant so I am already sold on PRINCE2. I have also been a software developer and used agile development methods and have never seen the two as being in conflict. The PRINCE2 Agile guide has been created to provide guidance for blending the PRINCE2 project management approach with agile delivery methods. The PRINCE2 Agile approach brings together the strength of PRINCE2 and the flexibility of agile delivery methods that can be used across all industry sectors.

PRINCE2 Agile is not a replacement for PRINCE2. All elements of PRINCE2 are valid within PRINCE2 Agile. It is an extension to PRINCE2. The guide gives advice and guidance on agile behaviours, concepts, frameworks and techniques that can be used within a project context.

Continued…

Posted in Qualifications.

Tagged with , , .


How COBIT 5 can help reduce the likelihood and impact of the Top 5 Cyber threats

2017 is here with cyberbreaches increasing, with their impacts rippling ever further into business and personal life.

Are these threats too big to manage? Is cyberthreat management the Elephant in the Room?

Cyber-resilience needs to be on the board agenda but still too many boardrooms prefer to manage the risk with the Ostrich Control – hoping it will go away – exacerbated by the fact that security budgets continue to grow whilst answers to how much and what to target remain aloof.

The trick is to assess causes, how and where they manifest themselves, then define impacts and outcomes before choosing the appropriate controls. Simple in theory, a nightmare in practice because so much now is outside the direct control of our organisations. Originally, we talked about Risks because of our ability to identify, assess and control them as they were mainly of internal origin. Those remain, and still need to managed, but we also have a range of external issues over which we have no control in terms of origin, when, where, how, who. The game has changed from Risk (internal) to Threat (external) Management.

Continued…

Posted in COBIT 5.

Tagged with , .


Zwinne metodyki oraz frameworki zarządzania projektami

Tradycyjne, kaskadowe zarządzanie projektem sprawdza (a raczej sprawdzało) się w warunkach dużej przewidywalności, stabilności oraz dużej świadomości Klienta, co do własnych oczekiwań.

Tradycyjny model prowadzenia projektów ma wiele zalet, do których możemy zaliczyć:
• kładzie nacisk na precyzyjne ustalenie celów,
• kontrolę i przewidywanie działania (kroków projektowych)
• jasną, dostępną i aktualną dokumentację

Continued…

Posted in Agile.

Tagged with , .


What is Cyber Essentials?

Cyber Essentials is a cyber security certification scheme that is prominent in the United Kingdom. It was developed by the UK Government as part of its National Cyber Security Strategy to make the country a safer place to do business online.

The scheme helps organisations take the initial steps towards protecting themselves from online cyber criminals. It measures an organisation against five key security controls – which when met,  give an organisation confidence that it’s protected against the most common cyber threats.

Therefore, a Cyber Essentials certified organisation can be assured that it’s successfully taken the initial steps towards establishing a good level of cyber security hygiene – while communicating this assurance to its customers and stakeholders with a Government-endorsed standard.

As of October 2014 – Cyber Essentials is mandatory for suppliers of Government contracts that involve handling personal information and delivering certain ICT products and services.

Continued…

Posted in Cyber Security.

Tagged with , .


Encouraging management’s involvement in transforming IT

In a recent blog published by ISACA “Setting the Record Straight: Convincing Management of COBIT’s Value in Risk Management”, Julian Marquez explains why COBIT remains very valuable as a tool for IT risk management.

He goes on to address the main challenge – to encourage senior management to take an active role in participating in transforming process to integrate and standardize IT Management practices.

Julian highlights ways in which COBIT Practitioners can fight against misconceptions and gain supporters for the framework – including specific messaging.

Read the full blog HERE.

Posted in COBIT 5.

Tagged with , .


Co zyskujemy stosując podejście zwinne?

Obecnie, zarządzanie projektami w wielu obszarach coraz częściej realizowane jest w warunkach konieczności coraz szybszego zaspokajania wymagań klienta, przy jednoczesnym braku możliwości zdefiniowania tych oczekiwań do końca. Stawia to pod znakiem zapytania nie tylko możliwość zaplanowania racjonalnego działania, ale nawet jego ukończenia.

W środowisku które rządzi się niepewnością, podejście zwinne sprawdza się i wygrywa nad podejściami tradycyjnymi. Przyjrzyjmy się więc mu bliżej.

Continued…

Posted in Agile.

Tagged with , .


ISO/IEC 20000 – Risk

ISO/IEC 20000

I often get asked why there is no risk management process in ISO20000-1 and yet there are many requirements about risk. Basically, without risk management it is not possible to be conformant with ISO20000-1.

Why there is no risk management process

When designing a standard, it is necessary to consider the reality of most organizations and also to consider other standards. Most organizations have a risk management approach – perhaps it is used in project management, information security management or corporate governance.

It is not necessary to have a risk management process that is specific to service management – it simply needs to be applied to service management and the services.
The risk management approach can be a very simple spreadsheet or a complex tool. This will depend on the size, complexity and requirement for risk management in your organization.
There is a standard about risk management – ISO31000. This is referred to from ISO20000-1.

Continued…

Posted in ISO Schemes.

Tagged with , , .


Being Agile with Organizational Change Management

Everyone is talking about Agile something or other.

Some organizations apply Agile very successfully. My opinion is even more organizations could benefit from an Agile approach if they implemented one step prior to working with Agile.
This is an assessment of their current organizational culture and the likelihood of this culture being supportive of an Agile approach.

Continued…

Posted in Agile, Change Management, Qualifications.

Tagged with , , .