Is there anything more exasperating than dealing with a service organization that has failed to implement even the most basic process and quality control tools? Not in my book. Those pesky critters who ate my broccoli and Brussels sprouts this summer are a distant second to IT service providers that fail to deliver uniformly high-quality services for a reasonable price.
The 1980s-style MIS (management information systems) is still with us, and no makeover will make it more attractive. What can you do?
Reengineer and reinvent, of course. But you don’t need to do it all by yourself. One of the simplest ways to reinvent your IT service organization is to use ISO 20000 as a foundation.
What is ISO?
Until recently, I used to think of ISO (International Organization for Standardization) as a producer of standards for large, multinational corporations, but I now see it in a different light. ISO/IEC 20000-1:2011, Information Technology – Service Management – Part 1: Service management system requirements is the international standard for IT service management, and it scales well even in the smallest organizations. At 26 pages, Part 1 is straightforward and manageable. If you work in a small organization with a limited budget, adoption of service management standards makes even more sense because it enables your organization to provide proven, cost-effective services in the context of your unique business model.
I recently spoke with Dr. Suzanne Van Hove, WG2 Convenor, Maintenance and Development of ISO/IEC 20000 – Information Technology – Service Management, within SC 40 (IT Service Management and IT Governance) under Joint Task Committee 1 (JTC1) and Chair of GIT1 (Governance of IT), the U.S. mirror group for SC 40. Suzanne took the role of WG2 Convenor at the beginning of June 2017, and as chair of GIT1, one of her responsibilities is to ensure that the United States participates across all four ISO workgroups. SC 40 currently has seven standards under revision or development across all four WGs.
Standards groups typically meet face to face twice a year to work on the standards with their global colleagues. The next meeting for SC40 is in November of 2017 and for WG2, four standards are currently under revision: Part 1 (Requirements); Part 2 (Guidance); Part 3 (Scoping); and Part 10 (Concepts and Terminology). These meetings are critical, as global consensus is the goal for all standards.
Suzanne received the itSMF USA Lifetime Achievement Award in 2013 and she is also co-author of Pragmatic Application of Service Management with Mark Thomas. Suzanne and Mark both have excellent courses available on Lynda.com.
About ISO standards in general
According to Suzanne, standards are generally written and revised on a five-year cycle, and ISO/IEC 20000-1:2011 is slightly overdue but is currently under revision and moving forward to a status of DIS (Draft International Standard). It will be reviewed at the next plenary meeting in 2018 and the forthcoming version will conform to Annex SL, “to provide a universal high-level structure, identical core text, and common terms and definitions for all management system standards (MSS),” so the new document will appear to be a radical change from the current version. Now, all MSS, which includes ISO/IEC 20000 (i.e., ISO 9001 Quality Management, ISO/IEC 27001 Information Security Management, ISO 14001 Environmental Management, ISO 50001 Energy Management, among others), have the same structure making it easier for organizations to comply with multiple MSSs if their business model demands it.
Mapping to other frameworks
ISO/IEC 20000 first appeared in 2005 and the current version was published in 2011. It presently contains 12 parts and additional parts are under development. 20000-1 is the standard itself, while 20000-2 provides practical guidance on application. One exciting component under development is 20000-13, which will contain guidance on the relationship between the standard and COBIT5®, and is anticipated to be published late in 2019. Part 11 maps the standard to ITIL® and Part 12 maps the standard to CMMI-SVC®.
Applicable to organizations of all sizes
Suzanne and I didn’t confine our chat solely to the ISO, and we had the opportunity to talk about a few general industry challenges, as well.
The commoditization of IT
“Once IT becomes a commodity, we lose the idea of a service . . . If IT goes down that commodity route we’ve really lost the capability to exploit technology for the benefit of business achievements. Technology is the differentiator. If leadership doesn’t recognize it and let go of the traditional view of IT, they find their organizations not staying at the top of the food chain and losing ground.”
In this area, I think Suzanne is more optimistic than I about the future, because I believe we are already far down the road to commoditization. While I run across many amazing, high-quality service providers, the market for cheap, low-quality work seems to be pervasive.
“I have taught hundreds of foundation classes in my career, and I can count on two hands the number of people who came from the business side rather than IT. The service management principle doesn’t just rest in IT. It has to be pervasive across the organization.”
Silos and frameworks
Suzanne cleverly refers to organizational silos as cylinders of vertical excellence. Another related topic is the dependence on only one methodology or framework. “I think service management is slowly coming around to the understanding that the best use of these of any of these bodies of knowledge is to know more than one and be able to combine them.”
I hope to talk to Suzanne again in the future, as she is a fountain of wisdom about all things IT service management and I learned a great deal in a short time. One completely new framework I learned about was from the SFIA Foundation, but we’ll save that for another day.
© Copyright Jeffrey Morgan, 2017by
What are the 4 characteristics of great IT services and how can you ge there? I provide three ways to improve your IT services. Watch my 7-minute video on improving your IT services. This video is for county and municipal executives and managers, public sector board members, and small and medium business owners and managers.
© Copyright Jeffrey Morgan, 2018by
Consolidating government IT services
If you read my post, Municipal shared services agreements for information technology, you know that I am skeptical about consolidation of multiple county and municipal IT operations. Because they are separate, independent business operations, the potential for unintended consequences, political meddling and perverse incentives is enormous. Another core problems is that very few counties or municipalities operate IT shops using widely accepted standards and frameworks for ITSM (Information Technology Service Management).
State governments, however, more closely resemble large corporate enterprises and there is a strong business case for the consolidation of IT services in such organizations. Elimination of redundant services, lower costs, and a smaller head count are essential goals, but consolidation can also provide uniform governance as well as enhanced quality and customer service if managed correctly.
During Ed Toner’s first week as CIO for the state of Nebraska in June of 2015, he found silos, duplication of tools and services, competition between IT groups and a culture that desperately needed change. A dearth of documentation and metrics presented significant challenges, but his education at Texas A&M in process improvement, ITIL and Six Sigma provided him with the tools to take on this type of task. Moreover, his previous ITSM experience with TD Ameritrade and First Data Corporation gave him the practical experience required for the job.
Ed reports directly to Governor Pete Ricketts and he began his consolidation of the state’s IT services in March of 2016. Six months of analysis lead him to the conclusion that a classic ITIL (IT Infrastructure Library) model was the best approach to lowering the cost of state-level IT services. Ed has taken what he describes as a soft-sell, carrot-without-a-stick approach to the project.
During my research, I discovered that Ed and I have a single, irreconcilable philosophical difference, but I will discuss that at the end. First, let’s take a look at how Ed implemented some essential ITIL components.
The project was rolled out in three phases in the following order:
- IT Infrastructure (Network)
- Server Admins
- Desktop support
In the first phase, the Nebraska OCIO (Office of the CIO) brought everyone into a single domain and in the second phase they migrated 6000 square feet of remote data closets into the data center. Phase three is in progress and will be completed within a few weeks, so Ed has achieved remarkable results in only 16 months.
Enterprise applications were also included in the consolidation. OCIO manages the infrastructure and largely leaves the application functions up to the Line of Business (LoB) to manage. This is an admirable model because it doesn’t put IT in the line of fire for determining and managing LoB application features and functionality.
The service catalog (SC)
Since Ed and his team entered into the project with neither documentation nor metrics, they opted to grow the service catalog organically from incoming calls.
The service level agreement (SLA)
When Ed started, no one could tell him how many IRs (incident records) and SRs (service requests) were coming in, but that has been completely turned around. “In terms of the user community, I think for the first time, they’re seeing that we’re being accountable. We’re posting metrics and we just started sending out surveys.” Ed’s team also publishes statistics on availability and their goal is 99.9 to 99.99.
Ed and his team meet weekly to analyze stats and their internal SLA is to satisfy 80% of IRs within 24 hours. They routinely meet that objective and report the data to the governor on a monthly basis. Their goal for SRs is to complete them within 24 hours 65% of the time.
As they mature, they are working on categorizing and prioritizing different classes of IRs to provide an SLA with resolution of specific IRs within 4 hours or less.
“We are seeing a huge uptick in changes, which means to me that we’re not making more changes in the state, we’re seeing more and more compliance every month.”
In terms of adoption of change management, Ed related, “I can tell you from my vantage point that the state of Nebraska adopted it much more easily than in my past in private industry. If something happens that causes some type of outage, even momentarily, we’re going to come in with problem management. The problem management template we created clearly asks, was this caused by a change? Did you validate? How did you validate? We have built in those fail-safe checkpoints that will indicate if a group has done a change that wasn’t sanctioned.”
Problem management and Root Cause Analysis
Every PR (problem record) is reviewed by the OCIO. ”We have a defined process for escalating issues. Those go into PR and no one wants to have a PR against their group. A problem record means we’re going to have a root cause analysis and were going to find out they made a change that didn’t go through change management. Problem management has helped to enforce change management because they know there’s another level of irritation from my office if the change didn’t go through change management.”
The Nebraska CIO’s office has been able to realize annual savings in excess of $2.8 million on payroll and contracts by eliminating all contractors in infrastructure and desktop support as well as by eliminating staff positions by attrition. “I have no IT infrastructure contractors at the state . . . No contractors doing server admin or desktop support.”
Server consolidation has helped realize $3.2 million annually in hardware savings. For instance, in one division they reduced 90 servers to four virtual servers and have eliminated over 70 physical servers in DHHS so far.
The state initially had three ITSM tools with multiple contracts for those tools, so Ed deployed an unused tool which they were already paying for in their application bundle and eliminated the redundant contracts.
The last word
Nebraska has done all the right things when it comes to building a solid IT service management program. Critical components include executive support and oversight from the CEO, a solid ITSM framework, transparency, and a CIO who is committed to the delivery of exceptional service and quality. Extraordinary managers all have one thing in common – they know that improving quality using rigorous processes reduces costs. How is your state doing?
I told you earlier that Ed and I have one irreconcilable difference of opinion, but it’s a whopper! Ed is an Aggie and I am a Longhorn. Hook ‘em horns, Ed.
© Copyright Jeffrey Morgan, 2017
According to the U.S. Constitution, high crimes and misdemeanors are grounds for impeachment of a president. What are the impeachable offenses for a CIO?
In the healthcare industry, patient-centered care is a priority, and well-managed clinical organizations are eager to achieve that goal. While enterprises in industries such as healthcare receive routine audits and assessments based on widely accepted best practices and standards, the same does not hold true for the information technology industry in many market sectors.
In the IT industry, some organizations and CIOs are enthusiastic about providing excellent customer service, but adoption of standards and frameworks such as ISO/IEC 20000, ITIL, COBIT and CMMI seems to be low, especially in the public sector. I was unable to find credible (and free!) research on adoption rates, so this assertion is based solely on personal experience. Is your IT organization delivering customer-centered services using best practices?
In a competently managed IT service organization, end users are treated as valued customers and their problems and concerns are taken seriously. They are constantly updated about progress on their incident or problem even if there is no news. In poorly managed IT organizations, end users are marginalized and treated as the problem. Aside from losing data, providing poor customer service is one of the worst crimes a CIO can commit.
Perceptions of service quality in organizations
Here is a summary of quality perception that is fairly common in audit findings:
IT’s perception: We are the cat’s meow of IT. We provide great IT services, but our end users are the real problem. They just don’t understand what’s involved in providing IT services. (No records or metrics to support these assertions are extant.)
End user perception: Are you here to outsource our IT? I hope so, because our IT department is the worst thing since the black plague. They are not responsive and the system is always crashing. (The sharpest end users have spreadsheets in which they record the times, dates and results of their pleas for assistance.)
Management perception: We have no idea what the truth is, but we need a resolution.
These represent huge perceptual disconnects. If the IT operation used any best practices for IT service Management (ITSM), these perceptions wouldn’t exist. What do your end users think about the quality of service you provide? Do you routinely survey end users or personally ask them, “How do you rate the quality of services we are delivering?” This almost never happens in many, if not most, IT monopolies. The worst way to learn the truth about your customer service is in an audit document.
There aren’t many tasks less pleasant than auditing an operation that has never been audited. When the results are documented in a written report with specific examples, the denial is immediate and the pushback strong, and then a barrage of excuses is unleashed.
In many organizations, management has no idea what quality IT services are supposed to look like. IT is not their area of expertise, and they may not be aware that quality standards exist. That’s what they hired you for. Moreover, many IT staffers may not even be aware of quality standards. As for the end users, they are not stupid. They know when a service isn’t being delivered.
Admitting that their operations have flaws can be tough for many managers, because those flaws are a reflection of their management skills. In 12-step substance abuse treatment programs, Step 4 is an evaluation of your flaws, and I wish more IT managers would engage in this type of self-reflection.
IT as the center of the universe
During one recent audit, a single look at the IT support flow chart I was provided told me everything I needed to know about the quality of IT services the organization was delivering. End users and management were represented nowhere on the chart. Moreover, all the feedback management was receiving was filtered through IT. It was an entirely IT-centric model, as if the entire reason for that enterprise’s existence was for the convenience of the IT shop.
The center of your IT universe should be end users and their business requirements. Do end users hold a central position in your service delivery model? Are they treated with respect?
Moving toward best practices
If your organization is not using best practices for ITSM, take a look at the various frameworks and models and find one that makes the most sense for your organization. Start small and work relentlessly toward improvement of customer service.
For those of you who may be too young to remember, here’s a great tutorial on IT customer service by Jimmy Fallon on Saturday Night Live: “Nick Burns, Your Company’s Computer Guy.”
This article was first published on CIO.COM at http://www.cio.com/article/3130808/it-service-management/high-crimes-and-misdemeanors-of-cios.html.
© Copyright Jeffrey Morgan, 2016by