I love how things develop. 2 years ago ‘agile’ for me was a description of an animal like a Gazelle and up to 1 year ago, ‘hacking’ had negative associations like thieves breaking into my computer… However, learnings from the ‘geeky’ world of developers are now being applied to pretty much anything! The internet is full of ‘hacking problems’ yet hacking is now a form of reverse engineering, in order to make things better, it’s likely to become part of most product and even service development tactics.
Why you should become ITIL Certified? Becoming ITIL Certified will make yourself a Valuable Resource To gain First Class IT Service Management Skills…
Vishnal goes on to conclude that ITIL Certification can help an individual understand the concepts and processes of Information Technology. You may well be a very good Systems Administrator, but having ITIL certification gives others the confidence that your thinking is inline with the overall companies goals and developments. It also gives you a wider perspective of development concepts.
Scrum Is an iterative and incremental agile software development framework for managing software projects and product or application development. ITIL The Information Technology Infrastructure Libr…
Software development methods seem to change more often than the seasons, and just when information development professionals are familiar with one approach a new one comes along. One method that has received wide acceptance and seems to have some staying power, however, is the Agile software development method. In todays high speed interactive consumption of software through the internet, the gaming industry has set the precedent with Agile development techniques.
The times when Six Sigma started… Six Sigma was evolved at the time of an economic boom. It was mid-1980’s and the competition had just started to become stiffer.
Six sigma was an iterative concept to define and supply the needs of the customer in a broken economy. Back then the customer requirements were hazy, now with the evolution and access to big data, the processes are the same but have evolved with “Agile” acceleration and more specific developer tools for every niche including software development. This leaves the Six Sigma rule a less popularly thrown around management and process term, and yet the concept is still there across every industry including web hosting.
Web hosting has developed to accommodate the needs of the consumer who want more access, more data storage, at higher speeds and more efficient cost. Out of technology to satisfy that demand we now have cloud hosting and a whole plethora of various features to satisfy different business needs with renting their space on the internet. Six Sigma is definately not fading, perhaps just the terminology.
by – Juliana
Hosting Company Auditing and Certification — Part 3-B of 3
Here is a final look at the legitimacy standards we have in place at Superb Internet, which we’re exploring for two reasons:
To establish how we meet and exceed all of the major credibility markers common to the hosting industry; and,
So you can have an educated sense of what these seemingly cryptic acronyms and numbers mean, which can help you vet organizations in various fields.
Our staff is certified for ITIL (Information Technology Infrastructure Library), which I covered in Part 1 of this series; ITIL confirms our expertise and commitment to continual improvement in IT consultation. Our business is audited via SSAE-16 (Statement on Standard for Attestation Engagements #16) as well, which was discussed in Part 2 and verifies our bookkeeping policies and processes.
“I’d never be audited by those SASE enthusiasts. Why should a stamped envelope ever address itself? It ain’t proper.”
Sir … I’m not talking about self-addressed stamp envelopes. Please calm down; we’re almost finished with the series. Part 3, which I subdivided into two pieces, is on the Quality Management System (QMS) described in our ISO 9001:2008 accreditation. This standard is developed by an international body of top industry professionals who together determine universal (cross-cultural) standards of operation for businesses. In the first article (3-A), I reviewed Sections 4 & 5 of the standard (the first two of five sections); this second piece will review Sections 6-8. (Work by Praxiom Research Group Limited was instrumental to understanding the standard.)
“Never subsection. Never. It ruins the venison – makes it gamey and unclean, like a checkerboard.”
Thank you for the advice. OK so we will take a look at each of these sections. Each of them pertains to a different set of requirements: Resource Requirements (Section 6), Realization Requirements (Section 7), and Remedial Requirements (Section 8).
ISO 9001:2008 – Section 6: “Resource Requirements”
Section 6 has to do with identification and provision of the resources needed by your business. Here is fuller detail of the requirements related to resources:
1. Identify & Provide – Figuring out what resources you need and how to provide them is given an overview in Section 6.1.
2. Worker Competence – Section 6.2 relates to the capabilities of anyone completing tasks within the organization, as follows:
Make sure the workers have appropriate competence, the ability to deliver products effectively.
Consider and remain aware of the needs your organization has regarding competence – this applies to any staff members, including both those who are directly and indirectly responsible for organizational duties.
Train and otherwise prepare staff and resources to meet needs properly.
Review and determine how well the training activities function.
Compile and keep data and records related to your workers, proving their competencies.
“I prove my competencies by gutting a prairie dog, taking its still-beating heart, and –”
Listen, sir, no more organ removal references. Moving on …
3. Infrastructure Provision – Requirements on how to create a sustainable infrastructure are established in Section 6.3.
In order to meet product requirements, you must do the following:
o Identify your infrastructure needs.
o Provide whatever resources are needed to create it.
o Maintain the infrastructure. Maintenance is achieved via periodic reviews and objective assessment of all its details.
4. Environment Suitability – 6.4 focuses on how the environment of the workspace interrelates with the quality of the system.
A work environment must be defined and established that will result in the highest quality.
Once defined and established, the work environment must be properly managed so that quality indicators can be consistently met.
“Just give me a badge and a gun. Then the rest of the work environment will take care of itself, consistently.”
Eh, that’s probably not a good idea.
ISO 9001:2008 – Section 7: “Realization Requirements”
This section has to do with bringing products into reality – how you go about transforming a product from scratch into fully realized form. These are the basic steps:
1. Planning Control – A large part of successful realization is in the planning. The planning stage is discussed in Section 7.1.
First, planning must be developed into a process.
The process must then be used to organize, step-by-step, how products will be realized.
Outputs should be developed from the planning process that both reflect the organization and foster understanding of the realization roadmap.
Not just the planning process but the realization processes themselves must be planned.
2. Customer Processes – Controlling processes that involve your customers is the focus of Section 7.2.
Figure out what your product requirements are. Here’s how:
o Understand the needs your customers want you to meet.
o Identify what is required by your product itself and by its functionality.
o Determine what is needed per agencies outside your organization (eg, federal).
o Understand any additional needs your firm has.
Specific to customer needs related to products, perform a review to go over these parameters:
o What are they? Assess and elaborate.
o Develop records related to them and conduct regular maintenance.
o Control for any modifications.
Communication procedures with your customers should be understood, detailed, and put into action.
“My communication procedures involve a bullhorn, an aerosol can, and an acetylene torch.”
I hope this is unrelated to your town constable work. OK so more on realization …
3. Product Development – Section 7.3 has to do with establishing controls for the designing and developing of products.
Plan how to design and develop as follows:
o Plan and control how you design and develop your products.
o Outputs from planning should be revised and modified regularly.
Determine what the inputs are to manage design and development:
o This involves definition, maintenance, and review of inputs (ie, anything going into that aspect of the system).
Also figure out what the outputs are (ie, what comes out of the system):
o You need to determine what these are ideally, create outputs actively, and monitor them.
o Make sure that your outputs achieve the needs of your inputs.
Review your processes frequently, actively, and openly:
o Design and development should be studied and assessed from all possible angles.
o These reviews should all be recorded and kept in an organized system for continual improvement.
Confirm your processes through a systematized verification procedure, which can give you a sense of whether this part of the QMS is working smoothly:
o Confirm that both design and development meet the specifications you’ve established for them through *verifications*.
o Keep records of these confirmation processes and results as well.
Ensure the validity of this aspect of the QMS:
o An additional way to understand your design and development is by ensuring that it is valid – that it represents truth and makes sense.
o Keep records of these checks.
Make sure that proper administration protocol governs all adaptations to the system:
o See where adaptations are taking place. Is anything changing within that system?
o Make notes of any changes that have taken place either purposely or accidentally.
o Review, verify, and validate as noted above. Through each of these processes, ensure that objectivity and the QMS itself are prioritized.
o Approve any adjustments or modifications; revise the QMS as applicable moving forward.
“I think the best way to modify is to stay absolutely silent and look to the left and right rapidly.”
Now you’re honoring the prairie dog. You are truly a complicated man.
4. Purchase Control – This section (7.4) deals with the control of organizational purchases, both on the process and on what you purchase itself:
Make sure you have proper controls on both the suppliers and any incoming products:
o Develop a list of parameters that must be met by suppliers.
o Choose suppliers based on their ability to meet your needs.
o The products themselves should also be vetted and reviewed.
Your needs should be properly delineated and communicated with any potential suppliers:
o Definition and description.
o Communicate these needs based off the documentation you’ve developed.
Make sure you have reasonable processes for verifying any products your firm purchases:
o Develop and activate processes to verify and inspect the products, to ensure needs are being met.
5. Providing Controls – The way that you provide products and services is controlled by the standards of Section 7.5.
All production and services should occur within defined controls.
Validate and control any special process – one that contains outputs that cannot be determined or understood until production/delivery.
Understand, define, and measure your products.
Determine and ensure safety of any customer property your organization ever has within its possession.
Make sure that products and pieces of products continue to meet needs set forth in the QMS, both while moving within the organization and during delivery.
“As with digestion: I track and record all robots that are passed to me by the grocery-industrial complex. Lots of data, all of it helpful.”
Good, that sounds helpful.
6. Measuring Equipment – Per 7.6, all equipment you use to track and measure data should be controlled:
Figure out what you need in terms of measurement.
Ensure equipment meets these needs.
Keep equipment calibrated, and ensure your software meets all monitoring needs.
ISO 9001:2008 – Section 8: “Remedial Requirements”
Section 8 deals with improvement and correction of any problems throughout the Quality Management System and firm as a whole.
1. Measuring Processes – Section 8.1 defines, broadly speaking, the creation of ways to measure and monitor.
General determination, planning, and the activation of processes to measure and monitor.
2. Measuring Categories – The next section (8.2) is specific to the measurement and monitoring of specific aspects, including the following:
The processes of your QMS itself
Characteristics of individual products.
“All I need in a product is that it’s bright blue and smells like road kill.”
I don’t even know if that product exists. Speaking of which, nonstandard products:
3. Nonstandard Products – Products that don’t fit the expectations of the rest of the system are determined and controlled via section 8.3 as follows:
Creation, recording, and activation of products.
4. QMS Numbers – QMS data is recorded and assessed within 8.4:
Determination of types of data
5. Standardized Improvements – The final section, 8.5, has to do with improving the system and making any necessary corrections:
Basing analysis and improvement on how effective different aspects are.
Changing anything that does not comply with the system.
Recording all actions taken.
Ensuring that irregular products don’t unnecessarily recur.
“I’m irregular ever since I chewed on that prairie dog.”
Dude, I don’t want to hear about it.
Summary & Conclusion
So that covers all our certifications, standards, and audits. Again, ISO standards come from an international body whose intent is to create worldwide ways of understanding the legitimacy and functionality of systems across the globe. Its establishment of how to create and maintain quality helps us understand how to build the fiber of superiority into Superb Internet, as well as how to maintain it. Parameters covered in this piece include the resources needed to achieve the ends of a Quality Management System (QMS), how to realize products most effectively, and how to perform improvements in the most quality-conscious ways.
Logo of the United States Government Accountability Office. (Photo credit: Wikipedia)
Hosting Company Auditing and Certification — Part 2 of 3
Along with Superb Internet’s staff certification for ITIL (covered in Part 1 of this series) and our ISO 9001:2008 certification and registration (Part 3), we are also SSAE-16 Audited.
“Oh, fiddlesticks, that’s a government-infiltration agenda if I ever saw one.”
Man – you again? OK, well, let me explain it. Just, give me a chance here. SSAE-16 (Statement on Standards of Attestation Engagements, #16) was created by the American Institute of Certified Public Accountants (AICPA) as a system of cut-and-dry standards which a business must follow with its finances.
“Must follow. Must follow the lemmings down to Mongoose Hollow.”
Mongoose Hollow … huh, that must be your euphemism for the IRS? Anywho, attestation engagements are worth a quick look. Let’s turn to the U.S. Government Accountability Office (GAO), a governmental agency run by the Comptroller General that “works for congress” (though with its own independent sets of controls) and “investigates how the federal government spends taxpayer dollars.” According to its Auditing Standard 2.07, attestation engagements “concern examining, reviewing, or performing agreed-upon procedures on a subject matter or an assertion about a subject matter and reporting on the results.”
“You and your capital letters and your big ideas, typing it all in, like the Central Insanity Agency ain’t watching ya.”
Sir, I’m just explaining an accounting method. So … the information from the organization that created the document itself has all information about it BURIED within its website. Additionally, the extent of the information is a massive PDF which includes the language for the standard itself and this explanation describing it: “Reporting on Controls at a Service Organization / This section addresses examination engagements undertaken by a service auditor to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting.”
“Read that fourteen times, and it will finally make sense. Once it makes sense, that’s when you know they’ve got ya.”
Well, all right they have me. You win, buddy. Actually it’s much simpler than it sounds. Let’s look below on how to understand SSAE-16 so you know why it means we’re credible alongside our other certifications. We will look at the two types of certifications/reports you can receive. Finally, we will look at critiques to get a broader perspective on the topic – and how it differs from other financial audits.
SSAE-16 in Action
When you get SSAE-16 audited, a third party accounting company makes an assessment of the financial controls your business has in place. It then creates a report and opinion stating the findings of its investigation. The results of the audit make it clear whether or not the business has appropriate, baseline checks and balances in place within its service model so that users can breathe easy.
“I will never allow any man to investigate my machines. It’s unwholesome. Bunch of fellas looking at each other’s numbers.”
All right, that’s uncalled for. And who said it was a man, anyway? Please stop making assumptions. There are two kinds of audit reports. One, also referred to as a Type I audit, is entitled “Report on Controls Placed in Operation.” The other, the Type II version, is called “Report on Controls Placed in Operation and Tests of Operating Effectiveness.” Essentially the first report focuses on the types of controls that are likely operating during a certain window, aka “period of review” – but it does not completely verify that the controls were in placement at that time. The second provides that additional verification that the controls were in place.
“No one will ever either view or review me. That’s why I stay in my cellar with the squirrel artillery, waiting for everyone to leave town.”
Hm. Thanks for the input.
Do You Need SSAE-16 or Not?
The good news: this type of auditing is not legally required for any company that distributes a service. However, it’s possible it will be requested by an outside party – or may even be demanded by their own requirements – or by someone auditing a company that is using your service. Plus, it means it’s less likely that an outside auditor will need to audit your system in order to gauge risk because they will have a standardized assessment of your controls based on the SSAE Type II report.
“Type I, Type II – sounds like they’ve found yet another way to get diabetes into us: through our accountants.”
I don’t think this has anything to do with diabetes, sir. Like many organizations, the reason we choose to have this type of auditing performed is threefold:
It gives us a chance to prove that, alongside our other certifications, we meet standards of legitimacy established by independent third parties.
It gives us access to clients who require this type of auditing and otherwise may not be able to work with us.
It provides another professional perspective on the accounting principles we have established internally.
“That sounds wonderful. Give the government all your business’s numbers, the keys to your house, and your eldest daughter.”\
Sir, that’s out of line. I’m just trying to go over some standards here. Please. A data center that is only used for internal business purposes will not necessarily need to have this type of auditing performed. However, those such as ours that provide a service can benefit from SSAE certification.
As Jeff Clark points out, SSAE-16, rather than being about your core business of the service itself – delivery of services to users –is centrally concerned with the financial needs of your clients. Keep that in mind. It’s why something such as ITIL, which has to do with the quality of service, is so important.
SSAE-16 Case Study: Acquia
Josette Rigsby looked specifically at one company, Acquia, a provider of products and services for use with Drupal (the open-source CMS), to get a sense of whether SSAE auditing can be helpful. She asked how the certification might be useful to vendors seeking to establish credibility.
“I sold cotton candy once at the state fair: no certification, no problem. Cash only. No receipts.”
Sir, we are talking about business services here, not cotton candy. A company such as Acquia, which has a cloud-based model, is able to quell fears among clients related to “security, lack of open standards to prevent platform/vendor lock-in and loosely defined service level agreements.” SSAE-16, however, does not cover all the bases to ensure business legitimacy. Additionally to SSAE, Acquia and other cloud service providers (CSPs) adopt the standards of organization such as OpenStack or CloudStack so that their system has been reviewed by external independent parties coming from numerous angles. Our business, similarly, has the ITIL and ISO certifications as well.
“My show pig Julie once won a certification at the Clarksburg Leaf & Stick Festival. She keeps it on her end table. She’s very proud of it.”
Excellent, tell her I’m rooting for her, and I hope she’ll root for me too.
Beyond SSAE: Why Multiple Certifications Matter
The controls reviewed by SSAE relate to a broad spectrum of business practices, including data backup and security, network maintenance and security, and customer support. However, it is not enough. Let’s see what two critics of the auditing procedure have to say about why the certification is only one piece of establishing legitimacy.
Baseline Standards – As Jeff Clark notes, SSAE-16 auditing does not grade on a scale. It’s a “yes or no” set of parameters. Passing the auditing inspection simply means that a company has a reasonable set of baseline standards as established by the AICPA.
Fuzzy Terminology – Josette Rigsby points out that a business can state during a review that its controls are fine regardless of the auditing process’s findings. If this occurs, the business can state that it has been SSAE audited even though it did not actually pass.
“I just passed gas, does that count? Where’s my certificate, buckaroo?”
Ah come on. We’re in a small room – have some respect. A loophole like that described by Ms. Rigsby means that additional certifications are essential to give clients and partners a better sense of your professional legitimacy. As far as Superb goes, our staff is ITIL Certified (a certification established initially by the United Kingdom government to provide IT standards so that they weren’t only developing independently, in some cases haphazardly, within businesses) as well as ISO 9001:2008 certified and registered.
“Wow, that last one has eight numbers. It must be important. Seven numbers, I would have said, ‘How about one more? Then you’ll have me impressed.’”
I think we’ve covered the fact that you don’t like or appreciate our certifications, sir. Here, have some chamomile tea.
How SSAE-16 Differs from Other Financial Auditing
If you get an audit, you’re typically just looking at your financial figures. SSAE focuses explicitly on how those figures relate to your services – how the services themselves are controlled and guided, and how the services interact with your financial system. An audit can give a sense that your financial system and finances themselves are efficient and sound, but that’s not your clients’ concern. The client cares that you have assurance specifically to your services, so they know that their information and processes are safe within your set of controls.
“I feel very safe. Hm. This tea is delicious. Do you have any honey? I don’t want to have to shake it out of the beehive again, that’s painful.”
Here you go. Drink up.
Summary & Conclusion
Though there are of course critics of SSAE-16, and though some of their concerns are valid, these types of certifications are incredibly important to letting our users know we are transparent about our internal policies. The standards we have adopted, and the analyses and examinations we undergo, allow us to simply and concisely express to our customers that
we meet major industry standards; and
we have undergone the scrutiny of multiple outside organizations to prove it.
English: An ITIL Foundation Certificate pin used to attatch on a shirt. The diamond is the ITIL logo, there are three levels: Green: Foundation certificate Blue: Practitioner’s certificate Red: Manager’s certificate (Photo credit: Wikipedia)
Hosting Company Auditing and Certification — Part 1 of 3
At Superb, we have a staff that is certified in ITIL.
“So, what? What is it? Tell me what it is!”
Just hold on, hold on, whoever you are. Let me get through the introduction. ITIL stands for Information Technology Infrastructure Library http://www.itil-officialsite.com/WhatisITIL.aspx. It’s used by organizations as large and different as NASA and Disney. Providers who help implement accreditation and consulting for ITIL include IBM and Hewlett Packard.
Sir, please, no heckling. All right, let’s get to it. The man we’ve all been waiting for – well, not really a man, or a woman, but a thing – the Information Technology Infrastructure Library in all its glory. This is gonna be fun.
History of ITIL
“Hey, hey you, with the book-smarts and the highfalutin ideas. You ain’t from around here, are ya? I can tell by all the words and pages and … dag-nabbit, that’s a Europe accent ain’t it? Ooh-ee, I was wondering what was smellin’ so bad around here.”
Calm down sir, and behave yourself. Yes, it’s true: ITIL originated in the United Kingdom. The Central Computer Telecommunications Agency (CCTA), a department of the UK government, came up with a set of standards in the 1980s. These standards were not considered a set of rules but recommendations.
The original reasoning behind ITIL, then, was to offer companies a way to be held accountable and to help improvement IT management for the benefit of businesses, partners, and clients. It offered a freely given set of best management practices for IT so that those practices weren’t just growing independently within private businesses – a central knowledge base and certification process seemed desirable. The end goal was that service was improved as the IT management system was improved.
“Ohhh … I get it. Some kind of government takeover of our minds. I knew it! I knew it! Anytime I see a bunch of capital letters in a row, I go get ready for a shotgun wedding, because I know there are some squirrely men in town.”
Now that’s just not fair, sir. The IT Infrastructure Library was initially issued as a series of books. Each one focused on a different “best practice” area. The basis of the books may have been W. Edwards Deming (no, not the inventor of the modern toilet brush – that’s William C. Schopp … completely different names really), whose plan-do-check-act cycle is a version of organizational modeling for businesses – or any organization or person, really – to use to optimize their systems (discussed below).
ITIL Version 3, released in 2011, is now the standard for any type of ITIL accreditation. ITIL covers a broad range of IT topics, but generally speaking, the service-oriented knowledge is what’s of most interest to businesses, as opposed to application and management focused materials that have also been developed within the ITIL model.
It’s also important to note that ITIL itself does not give out accreditations. All it is is a government-developed system of recommendations that you can either follow or not – up to you. You can, however, become ITIL certified by any of a number of examination organizations that ARE vetted by the HM government via its partner the APM Group.
“HM, as in ‘Her Majesty’?? What, now I’m bowing down to the queen? Can I at least be knighted while I’m on my knees, like Dubya’s dad was?”
Well, uh … you might want to read this article. Also, I don’t think you’re qualified to be knighted, sir, unfortunately, but I’ll see what I can do.
Plan-Do-Check-Act (aka PDCA) Cycle
Let’s look briefly at Plan-Do-Check-Act, so we get a sense of the basic philosophy behind ITIL or at least something with a lot of similarities to its theoretical basis, so we know why it’s so damn awesome.
OK, so the Plan-Do-Check-Act (PDCA) cycle is also called the Deming cycle (after Deming, above) or the Shewhart cycle (after Walter Shewhart). It’s a way to model an organization or a piece of an organization that allows for continuous improvement. It consists of course of four steps, but those steps keep continuing, cycling through repeatedly. There’s nothing mandatory about it, it’s just a system you can potentially use if you like.
“Oh, like Driver’s Licenses, I get it. They want my numbers.”
No, it’s nothing like Driver’s Licenses. Come on buddy. With the PDCA cycle model, you do the following:
Plan – The plan is, simply put, the activity of getting ready for a change in the organization. Note: The change is by trial, so it won’t have to be correct.
Do – Do involves taking a small sampling and seeing if the planned change improves things. Think of test-marketing or beta-testing – but this system also applies internally.
Check – This step is essentially analysis. Does it work, or not? The analysis is very important – if the analysis is rigorous and refined, you’re golden. This step is the easiest place for corruption, so Checking must be performed carefully.
Act – Go for it. Didn’t work? Start over with planning again.
Note how similar this system is to the scientific method – testing hypotheses (Do) and reviewing outcomes (Check) to determine if your objective (Plan) is correct. It essentially is the scientific method put into different words. Again, the Checking is crucial – it’s easy to think something works or trick oneself into thinking something works that doesn’t.
“Trickery from the state of Mississippi! They all want to build highways to the moon!”
Again sir, you’re making less sense all the time. Remember, this process we’re focusing on is ITIL, which comes out of the UK, not Missisippi. We don’t need your input. I’m not quite sure why you’re a part of the article.
“So it ain’t one-sided, you 1s and 0s bookworm!”
Right, gotcha. Hm, you understand binary … uh, let’s move on.
5 Goals of ITIL
ITIL today – vs. its past broad approach toward service, applications, and management as discussed above – is focused squarely on service and the management of service. ITIL calls itself “practical” and “no-nonsense” – so it’s an organizational IT cycle you can use that has a lot in common with wrinkle-free slacks. ITIL is intended to encompass the way that IT departments and IT professionals go about business.
“Encompass. Sounds like the Eye of Providence on the one-dollar bill to me, staring at me like a cackling witch.”
Uh … no comment. For us at Superb, having an IT staff who knows ITIL parameters means we can know that both our management and support teams are part of a structure that allows our IT services to be truly “Superb.”
Where’d the guy go with his snappy comments?
Oh, well … all right. ITIL is not one-size-fits-all: it’s an adaptable set of principles. You can customize it to your business. So the theory and principles are what’s important within the ITIL perspective. Application of ITIL will always be a little different depending who’s using it and the setting in which it’s used. The core of ITIL, though, is adaptation and improvement as a continuous cycle, as described above.
ITIL addresses the following through its five modules that comprise the ITIL v3 Service Management framework:
Needs/Requirements – This helps a business identify the “demand” for certain IT specifications. (Analogous to Plan of PDCA)
Design & Implementation – This is of course where design, development, and similarly active problem-solving come into play. (Analogous to Do of PDCA)
Operation – Next you’re putting all the pieces into play. This is the second part of actual systemic testing. (Analogous to Plan of PDCA – Part 2)
Monitoring – Here’s where the analysis comes in. A lens is focused on whatever aspect of the organization is attempting change: “Is it working?” (Analogous to Check of PDCA)
Improvement – Well, this is the goal. Based on monitoring, either the organization has improved or it’s back to square 1. That’s not a bad thing. It’s crossing out something that didn’t work. Sometimes service management, like anything, is about process of elimination. (Analogous to Act of PDCA)
“Shhh. You’re scaring away the … whatever kind of fish these are.”
That’s a very algae-infested pond you’re fishing in, sir.
“You and your ‘sanitation.’ I bathe when it rains, as does this pond.”
Why ITIL? 5 Reasons
Here are a few of the positive results that can arise from implementation of ITIL certification:
Efficiency: Better, streamlined, more efficient IT service.
Cost: Lowering the expenses of IT departments and the overall business.
Customer Experience: Customers have a better experience – because the system “works” coherently so that everything makes sense to all parties involved.
Productivity: The business becomes more productive before there are fewer snags preventing evolution to changes in the business and the market.
Employee Optimization: Positive employee attributes – skills and experience – are put to better use. This process allows individuals to flow into the most appropriate positions and tasks.
Partner Servicing: Better delivery of any services that are issued by a company outside the organization. This improvement is felt both by the business itself and by its partners. It’s especially applicable in the case of hosting, since that’s a service so integrally connected to its clients’ own businesses.
“In case you’re wondering, I’m taking a nap now. That’s why I’m … you know, it’s sunny out here. So I’m asleep in the hot sun.”
OK … thanks. Goodnight.
Summary & Conclusion
ITIL is part of a general picture for us at Superb Internet. We have a few other auditing and certification standards that help our business have the kind of credibility we want but that also help us see where we can do a better job. We take these standards very seriously.
ITIL itself has adapted considerably since the 80s (which is a good thing!), but it’s still fundamentally concerned with Planning, Doing, Checking, and Acting. In its own terms, ITIL allows a business to Identify needs; Design, Implement, and Operate potential solutions; Monitor the results; and Improve. All of this is a perpetual cycle, allowing the business to grow stronger for itself and its clients over the long haul.