Courageous Ken

Nobody could ever accuse Ken Turbitt of being backward about coming forward. Ken, you may recall, is owner of SMCG and the author of OGC's secret ITIL process software compliance "standard". Yesterday Ken said "Axios, and Service-Now have not been brave enough" to seek certification, which set off a small storm of response.

If there is the slightest shred of governance left in Castle ITIL one would hope they'll be telling Ken to pull his head in, so we reproduce the quote in full here - and some of the responses - before it disappears.

The discussion in question appeared on the LinkedIn ITIL v2 / v3 Service Management (ITSM) and ISO 20000 group, which not everyone will be a member of, so here is the comment and some of the replies, for your entertainment:

Ken Turbitt: Only BMC, CA, IBM, Intasoft and ICCM have their product "ITIL Process Compliant" under the new OGC Software Assessment Service, Axios, and Service-Now [both mentioned earlier in the thread] have not been brave enough to date, one actually backing out in the early stages of the service.

Renaud Cona: ...Being ITIL process compliant means nothing. BMC or CA are not more process compliant than Axios or service-now for example, there are also lobbying activities I guess....

Rhett Glauser at Ken, with all due respect, Renaud is right. The “OGC Software Assessment Service” is inconsequential. I summarize the reasons why in this blog post, “An expensive compliment from a friend .” Thanks but we’ll leave the program to the legacy tool vendors who need them.

By the way, did you really just question vendor courage? What does courage have to do with the OGC or ITSM? Petty accusations can be easily squashed with 100% transparency. is the only enterprise ITSM tool vendor to offer a completely open, live instance of our application. We prefer to let the market autonomously decide if is a fit for their unique ITSM requirements.

Tens of thousands of dollars is not worth a silly third-party stamp of approval when an IT organization has social networks and other tools to make a candid, informed decision on their own.

Now, can we get back to the discussion at hand?

Rodrigo Flores, at newscale: I agree with Rhett. The Office of Government Commerce of the United Kingdom (OGC UK) "Assessment Scheme" is completely useless as a measure of a products ability to carry out ITIL processes.

You could do ITIL with post it notes. Doesn't make post it notes ITIL compliant.
Mostly, this scheme is a way to extract $$ from vendors. It's a business, I suppose -- just not the kind we choose to be involved with...

Ken Turbitt: Rhett, If Service-Now don't value Application assessments and prefer their prospects to assess online, then why did you choose to go through the PinkVerify assessment just this year for the first time? The official ITIL/OGC approved assessment covers more details than just the application but includes User Documentation and the Process model, elements a prospect expect to be aligned with each other and with ITIL. Do Service-Now publish their ITSM Process model like BMC,CA and IBM do? This gives the prospect the sort of detail he requires when assessing a tool which automates processes. Then they can compare which process model they prefer, before looking at how the tool automates it.

Perhaps Staff and Line's tool should also be reviewed as a SAAS player.

John Hardesty: Ken, While the ogc may have done this via own ASS service (misspelled here) it is based ont he fact that there were sales - at least that is the last version .trial i saw.

As ITIL is NOT a standard - nothing can be a"ITIL Process Compliant" regardless

You can put a pig in a dress and call it Aunt beatrice.. but would still be a pig

Thomas Calvin, at LiveTime Software: ...I have to agree that Rhett and Rodrigo. I am not sure that bravery or courage have anything to do with submitting solutions for certification. The OGC did no one any favors when it was revealed that the cert for BMC was basically given by former employees. Secondly, industry certifications are a costly and until the customer base sees the value and starts to request it why jump through the hoops and expend that capital? PinkVerify has become a requested standard so most have chosen to get that certification. Since ITIL/OGC has not, LiveTime ( ) and many other non-legacy solution providers have not given it high priority.

Thirdly, what is important is that you can provide the right solution to your customer. If the solution doesn't fit the customer's needs do you think they are going to buy it because you have a logo on your website?

Over time it may become an major decision point for customers. Until then we will focus on providing for the needs of our customers.

Who says Service Management is dull?


Why support a flawed process

Maybe it's me.

I'm on record as being opposed to the software compliance cert because I believe the process is flawed. So, what follows is consistent.

I don't think fear is an issue. If I ran an ISV in this market space, I would not submit our software for consideration. Why would I support a process that I believe to be flawed or tainted?

At some point I might have to deal with submission, but hopefully, if that times comes, the process would have improved to a point that it had more credibility.

What's missing? Clear independent review by a recognized 3rd party that had ZERO prior relationship with the submitting organization. The process for the review should be clearly published and the checklists available to every software vendor. The "lab" doing the review should be totally neutral with respect to prior relationships. The results of the review should clearly be available to the vendor and also usable by them for marketing purposes PROVIDED the review is not edited, abridged, or modified in any way.

The certification should ONLY apply to the specific product and version submitted for evaluation -- and then only the specific lifecycle processes that pass muster. Any new version would have to be evaluated again. To be determined is the nature and range allowable changes or patches that would not force resubmission. Further, the review should be about more than just the specific process. Full lifecycle integration must be part of the process -- does this specific process tool integrate with other lifecycle processes. For example, if the specific process tool is for Availability Management, does the tool support integration with Access Management, Information Security Management, IT Servicce Continuity Management, Change Management, etc. Further, if the ONLY way the integration is achieved is with the vendor's own product, that should be part of the evaluation AND by fiat, included with any statement of cert.

Just to be clear, I prefer open standards regarding specific tool integration versus proprietary file and data formats. Again, the goal is ITSM, not vendor lock-in.

That said. ITIL isn't about tools, it IS about IT service management. I don't care if a tool does or doesn't have the cert (at least at this stage). What I DO care about, what I needed the vendors to be able to provide, is how their specific package (or suite) supports the ITIL lifecycle aspects I have either adopted or plan to adopt. I need to know how the tool can ba adapted to fit my organization (within the ITSM context), not how my organization will have to change to use the tool (a la SAP). I haven't seen anything in the software certification process that really addresses this area... and that's another reason why I suggest the process is flawed.


ITIL is not about tools...


I would have to somewhat disagree with your statement that ITIL is not about the tools. While I do agree and argue technology should NOT drive or limit process design (which in many cases it does), technology IS part of the three legged table. People and process alone can be effective, but is terribly inefficient, costly and impractical in anything but a ma & pa store. And "At the end of the day", the combination of people, process and technology, in that order, will have to provide positive business benefit.

I have commented on a number of threads and blogs about the problem with ITIL projects and many technologies in that they tend to implement only the operational aspects of IT and ITIL, but limit the "Grow" and "Transform" parts. THESE parts are spelled out in ITIL, and are the parts where IT can provide business benefit. NO company has acheived a competitive advantage from having better than average operational capabilities. If the technology doesn't or can't help grow AND transform the business, in addition to operational aspects, then your ITIL project is destined to be focused totally on operations ~ something the business can only do one thing to and that's continue to cut costs.

Which leads to my second point, there is no assessment, certification, analyst review that talks to the test of efficiency. Most focus on the test of effectiveness (does it follow ITIL, does it implement today's popular processes, ie Incident, Problem, Change et al) but do not include tests of efficiency (cost of software, or service, cost to implement, cost to own, value runway). Everyone does Incident Management the same - it's the grandfather of IT Processes and systems have been doing "ticketing" for ages...

Agreed, these are harder to capture, but should be obtainable from customer references. Something I do give credit to the OGC Certification (that you have three referenceable customers who have found value from the technology).

I would agree with the comment on any assessment isn't useless as it will expose weaknesses for the vendor to make improvements to their solution. And the cert is probably of more value to the vendor than the customers, who simply want the check box.

John M. Clark

The value of vendor references

"Dear Mr/Ms CIO

Did you make the right choice when you invested a million dollars of your employer's money in implementing this technology?
If we pour additional resources into ensuring your success would you be prepared to be a reference for us to tell your peers and potential future employers how right you were?"

No Such Thing As ITIL Compliance

We all know that there is no such thing as ITIL compliance because it is not and never will prescriptive because it is a framework.

The only compliance for IT Service Management is based on ISO/IEC 20K.

Therefore this is nothing more than a money spinner for Ken Turbitt and his partner in Castle ITIL and for the OGC.

Me thinks there may be a case for false advertising.


So I'm piecing together this divinci code of BMC, the OGC and "Courageous Ken". I have been working on it for weeks. Each "link" to the past finds me in the current day and some leader. I guess this is no different than any other business but I feel IT MUST BE.

The words Service and Support are all over our little ITSM world.

Service=work done by one person or group that benefits another; "budget separately for goods and services"

Support=to carry; to encourage; to assist financially; to substantiate

When I look around all I see are business consumed by greed. I sold tools, I have been through "assessments" and trust me you can make any tool do anything thing. It's called a demo people and we have been selling magic wands for years.

All you need is any item that supports a parent-child relationship and a few SQL queries, BAM you have 24 processes.

Let's stop this madness. If the OGC wants to be in pseudo business, then sell off ITIL to itSMF, the TSO to hallmark and call a spade a spade.

I sat in a panel discussion on CMDBs recently where a vendor said, it's "PROCESS, TOOLS then people" and "You just needed more consulting"

In the 40's many doctors signed on to support the HEALTH benefits of smoking.

Sometimes the cure is much worse than the disease.

The real assessment should be how many of your employees have actually WORKED in ITSM, and selling software and taking classes don't count.

ITIL compliance is a scam, excuse me....scheme

Tools and the appropriate "fit" for an ITIL process may vary based on organizational, process maturity and many other requirements. This 'ITIL compliance' stuff is just that...a scheme.

I asked for the 'compliance' criteria, but they wanted the $$ first....

I think a Process Assessment Model for ITSM would be a more productive discussion, and something itSMF could and should promote....might as well get something for my membership dollar besides going to LIG meetings

John M. Worthington
MyServiceMonitor, LLC

Process assessment Model

Just a quick reminder that ISO are currently working on a PAM for ISO/IEC 20000

James Finister
Wolston Limited

Vendor poop-throwing-match...

There are a lot of well thought arguments playing out in that LinkedIn thread. It's a good read.

The thing that I don't like is when the vendors (disclosure: and I'm with one) get passionate and heated and start throwing out statements that are not based in fact. I hate seeing these vendor and compliancy threads turn into poop-throwing-matches because someone is sure to did Rhett Glauser at when he said this simply UNTRUE STATEMENT:

" is the only enterprise ITSM tool vendor to offer a completely open, live instance of our application."

[edited: Web Help Desk have an online demo too]

Now personally I don't care if these vendors and ITIL gurus duke it out until they collapse in exhaustion.....but they don't have to take one of the good guy vendors down with them with untrue statements....


Rhett doers tend to get a bit over-excited about his product (every good salesman should). I've considered challenging a few of his assertions in the past, especially over the miracle of SaaS which apparently has no drawbacks only benefits.

I am sure there are several online demos of products. Beetil, another SaaS offering, have one too. I've never understood why Rhett makes such a fuss about that anyway and I'm sure all the other vendors regard it with bemusement. If you are selling at a feature-function level you aren't selling value. No doubt like every other tool in the market it looks pretty and it works. Move on.

I'd appreciate it if this thread doesn't turn into a catalogue of every vendor's online demo OK? I take a dim view of product promotion on this blog and will edit comments.

ey ey cap'n

lol...good stuff!

...and roger that.

When the investment makes sense, they'll do it..

It seems to me that since ITIL is, as OGC themselves put it, a good practice, then any ITIL compliance is extremely subjective.

Submitting any software to a subjective evaluation by individuals who worked for competitors who may still have biases against your product seems to be potentially sub-optimal It's rather like asking engineers who spent a lifetime designing and building automobiles at Chevrolet and just recently retired to evaluate the looks of Ford automobiles.

The Pink Elephant list is one chosen by vendors because it is not perceived to have an obvious BMC bias and because it is a well-known place for prospects to learn who they should invite to propose. It is an excellent time saver for the Purchasing staff in prospect companies.

I'm sure that when the vendors involved perceive that the bias is reduced and the popularity of the list grows so that it becomes a positive ROI, then they will pursue this evaluation too.

Why Ken Turbitt has not chosen to take on bigger vendors, like HP, that are big contributors to ITIL, is interesting.

Cary King
Minerva Enterprises

HP must be chicken

yes presumably HP must be chicken too.

The other big difference between the OGC Scheme and PinkVerify is that Pink publish the criteria so you knw what you are shooting for. OGC's criteria set is the proprietary property of Ken and is secret. "Hand over your product and we'll tell you if you pass or fail" is hardly an attractive proposition

Another thing that would put me off is Ken's demonstrated willingness to disclose exactly who has applied before they have been accredited, who hasn't, and who has pulled out. Commercial confidentiality (let alone discretion) appears an unfamiliar concept.

Shame about the name and shame

I agree that vendors who don't apply or fail should not be named and shamed. Besides the fact that I do not respect this software-compliance scheme one of the benefits should at least be for the vendors to self-assess and improve. As with an ISO standard part of the reward in taking the audit is to identify areas of non-compliance. Improving the service to address those areas bring the actual benefit for all.

That said I'd mark DOWN any vendor that tried to dangle its ITIL 'compliance' in front of my face without proving that they understand the silliness of such a claim.

I don't think anyone is chicken

I do enjoy reading the comments that continue to adorn Skep's blog. Ironically, while I have been outspoken about the OGC Certification, our organization (ICCM) decided to go through it. We were torn between renewing with Pink Elephant or investing in the OGC Certification. Since Pink was throwing its weight behind the endorsement in Dallas, we proceeded to go through with the OGC certification testing.

In Dallas, we did express our concerns with Ken T. and company about the certification and especially the perceptions that continue to linger in the industry with it's launch, its early adopters, and how it is being seen by the ITSM community. Honestly, the process wasn't too demanding or biased and we weren't compared to other vendors. Simply a set of criteria...

I would have advised Ken against challenging any vendors "Bravery" or sharing details on who is and isn't in process. It's his business. IMHO - Only those vendors who have been through the process and acheived the certification they set out to acheive should be made public. If a vendor decides to start and stop, or go or not go through the process, I would hope are business driven decisions. And should be kept confidential.

I still hold my opinions that the certification validates "effectiveness" but not necessarily efficiency. Especially from a business perspective. I think customers would find assessments of value that include implementation durations and costs, ongoing cost of ownership, flexibility against downstream upgrades, scalability. There is no relative score other than the different metals which provide an indication of #customers, etc. Once all vendors have their Gold Level certification, then we'll all be equal again right?

I would agree that ITIL processes could be manually executed with Post-it notes, but no one sells a solution that leverages post-it notes, and if they did, I doubt they could find three customers willing to reference they are using post-it notes. Would be an interesting experiment :)

certify MS-Excel

if I could find a way to do it and fund it I'd be sorely tempted to certify MS-Excel. it ought to comply if the documented processes do, and I'm sure they do because for the associated manuals the user is referred to the ITIL core suite.

Certifying Excel


Might be a little easier in MS Access, than Excel :)
The @Vlookup functions for CI's could get interesting...
And you could use the new Excel "cell bars" formatting for SLA compliance.

But you have to have three successful implementations of "Skep's ITIL Spreadsheets" or "Skep's ITIL based, Access Accelerator"... (hey, I like the sounds of that last one!) That has a marketing ring to it!

The “ ITIL Compliant Software Assessment Service will consist of several tiers and cover all ITIL V2 and V3 processes;
Bronze = The product documentation and application are compliant to the standard
Silver = (Bronze + the vendor proves 3+ successful implementations of the product)
Gold = (Silver + The vendor has 3+ clients with the product implemented and in use and that have provided references)


A few forms and macros

one worksheet for tickets, with a bunch of lookups.
one worksheet for users
one worksheet for assets
one worksheet for SLAs
A few forms and macros
And the five ITIL books for doc.

Nothing says it has to be scalable or robust or even user-friendly, just compliant, however Ken has decided to interpret that. We'll never know unless we try.

i wonder if it would pass PinkVerify? At least i can go look and find out


JMC and Skeptic: you finally sorted out this mystery around the always announced but never released Microsoft solution for ITSM! It was actually in front of us! Wahoo... :)

Straight Talk and Awareness

Skep - This is why I follow you - you love to get the straight talk up and allow continued discussion.

Hat's off to you for getting this to your skeptic "subjects"!!!

Syndicate content