Public process frameworks are easily accessible, proven over time, and generally free to use.
The most well known IT management framework is the UK’s Office of Government Commerce’s (OGC) IT Infrastructure Library, or ITIL. ITIL codifies the concept of IT as a “service“, or one or more IT systems which enable a business process. A service is a means of delivering value to customers by facilitating the outcomes customers want to achieve without the ownership of specific costs and risks. For instance, companies want to sell their wares online, not *necessarily* a web server, an app server, a database server, a T-3 connection and Tier III data center. Service management, then, is a set of specialized organizational capabilities for providing value to customers in the form of services.
The OGC describes ITIL as “the most widely accepted approach to IT service management in the world” … providing “a cohesive set of best practice, drawn from the public and private sectors internationally”. Currently in version 3, ITIL has been a major buzzword for the past decade. The extensive documentation is proprietary, so the IT manager must pay hundreds of dollars for a copy to read. Ideal for many consulting firms, the IT manager will also pay tens of thousands of dollars for ITIL consultants. The IT Service Management Forum (itSMF) is an international and independent body of IT service management professionals that has adopted ITIL as its foundation.
Much of the content prescribed by ITIL is simply common-sense IT management practices, already put into place decades ago by mainframe organizations. While extremely over-hyped, ITIL provides value because it codifies behavior and processes that had not really been officially documented in a central repository. The IT manager has a higher authority to appeal to when, for instance, challenged on matters of change management and production control. In addition to a common lexicon, ITIL provides IT with a focus on service management and alignment with the businesses it serves. The service that IT provides must be managed end-to-end and supported by repeatable processes which produce measurable results. While this may not whet the appetite of the true technologist, it certainly enables a partnership between IT and its customers.
The IT manager should understand that ITIL is not a prescriptive standard, but rather a set of best practices, i.e. a framework. Be wary of consultants offering to make your organization “ITIL-compliant” because that is really a misnomer. ITIL is not all-or-nothing; rather, one must focus on the pieces that provide benefit to the organization. I have typically found those areas to be change, release, service level, incident, and problem management, in that order, with configuration management and the CMBD (configuration management database) as a process area critical to all of them. Note that v3 now refers to the process as SACM for Service Asset and Configuration Management.
While not necessarily a public entity, MOF, or the Microsoft Operations Framework, is Microsoft’s flavor of ITIL. Microsoft describes MOF as…
… integrated best practices, principles, and activities that provide comprehensive guidelines for achieving reliability for IT solutions and services. MOF provides question-based guidance that allows you to determine what is needed for your organization now, as well as activities that will keep the IT organization running efficiently and effectively in the future.
Unlike with ITIL, Microsoft makes MOF documentation freely available and less complex. The downside is that the IT manager can expect it to be somewhat vendor-centric; Microsoft states “Microsoft has created MOF to provide a common management framework for its platform products, although MOF can easily be used for other platforms”. ITIL offers more detail in the administrative area of IT management, such as finance and budgeting.
Both ITIL and MOF follow Deming’s Plan-Do-Check-Act process methodology. Both offer guidance that should be able to be followed in part if not in full. In fact, very few organizations follow either in full. Full adoption is expensive, and I cannot point to any serious ROI studies selling the value.
ITIL and MOF focus on operations and support, or managing the product or service once it has been delivered. Yet each are aligned with a sister framework for managing delivery and projects. For ITIL, it is PRINCE2® (PRojects IN Controlled Environments); for MOF, it is the Microsoft Solutions Framework.
Yet the predominate framework for project management is provided by PMI, or the Project Management Institute. The PMI describes itself as ” not-for-profit professional assocation “that advances the project management profession through globally recognized standards and certifications, collaborative communities, an extensive research program, and professional development opportunities.”
Their main source of guidance is the Guide to the Project Management Body of Knowledge, or PMBOK Guide. While this PMBOK literature is only directly available to PMI members, there are plenty of third party sources sharing the details. I discuss applied project management, from an IT perspective, here.
COBIT, or Control Objectives for IT, is a framework developed by ISACA, or the Information Systems Audit and Control Association (although it now only goes by the acronym), for governing IT and meeting compliance and security requirements. ISACA describes COBIT as “an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks”.
The IT manager will look to this framework when their organizations are subject to HIPAA, GLB, SOX, PCI, etc. or any type of internal/external auditing. The IT manager can also find best practice support for change and release management in COBIT.
Finally, on the software development side, the most notable process framework is the CMMI®, or Capability Maturity Model® Integration. This framework was developed by the Software Engineering Institute within Carnegie-Mellon University. SEI defines CMMI as a “process improvement maturity model for the development of products and services. It consists of best practices that address development and maintenance activities that cover the product lifecycle from conception through delivery and maintenance.”
CMMI is generally thought of in the context of software, as the first release was in 1993 with the CMM for Software, v1.1. SEI has broadened the context to include other disciplines such as systems engineering. The model applying to software is officially referred to by the title “CMMI for Development (CMMI-DEV)” with the 1.2 and coming 1.3 release. The model describes six levels of maturity for software organizations.