ITIL Software Scheme comes under more fire

As I have said before, probably the biggest gun in the ITSM skepticking field right now is Aidan Lawes. Once again he has turned the flamethrower onto the ITIL Software Scheme, with a blistering post on his blog: "people with vested interests increasingly seem to find a ready platform for their propaganda... The software assessment service springs to mind as a prime example. Purported to be launched in the interest of the procurer, it seems to be much more in the interests of the small group (OGC, APMG and SMCG) involved in its secretive development." I'll let you read it there. Apart from agreeing with Aidan that a standard that is secret is lunacy (the kind of lunacy that only the British could invent), I'd like to pick up on some points that Aidan didn't address.

[Update: For the record, the IT Skeptic does not believe that there is anything illegal or dishonest about the ITIL Software Scheme. I do allege that it has been conducted in a manner that is inept, naive, unnecessarily secretive and without proper consideration for most of the stakeholders. It seems to me to be about as far from best practice in setting standards as one can imagine.]

The first point is that we are all stumbling about in a darkened room trying to guess what this Scheme really looks like because nobody is telling. Aidan's information comes from Ken Turbitt's (SMCG) website. The fact that the only source of detail is SMCG's website is a sad reflection on OGC and APMG's attitude to us, the mug consumers.

Officially Ken is just one humble licensed assessor of the Scheme. If fact Ken is disarmingly frank in saying that "This new standard has been designed and set by SMCG". To which I'd ask "Who the **** are SMCG to be setting ITIL standards?" The whole idea that standards can just be unilaterally decreed went out with monarchy and papacy. I thought we'd cut off enough heads to get over that but British traditions die hard. Likewise one of the reasons we did away with governance by decree was that court insiders could inveigle their way into a ruler's favour in order to pursue their own agendas from behind the court curtains. I thought we'd done away with that too.

OGC and APMG ought to catch up with concepts of the 20th Century where generally accepted best practice (and common good practice, to use ITIL terminology) was to use formal standard-setting organisations such as ISO to create committees of expertise to agree on a mutually acceptable standard. They should try it some time, but they won't because everyone is making quite enough money thank-you without such messy complications as consensus.

Why was this created behind closed doors?
This was created all under strict Non Disclosure Agreement to avoid Vendor influence and confusion in the market. This also allowed the current monopoly Pink Verify scheme to continue unharmed, protecting those who were seeking to purchase ITIL aligned tools during this period, with no disruption to Vendor sales awaiting a new scheme.

So apparently the key reasons for keeping the whole thing secret were (a) to protect everyone's lucrative revenues and (b) to keep the nasty vendors out. "We shut you out to keep your money flowing"? Yeah right! I fire more flak at vendors than most, but I also strongly argue that vendors are people too and entitled to the same rights as any other member of the community. Clearly not only have all our rights as stakeholders in this standard being trampled but vendors have been singled out for particular exclusion.

Another important aspect of standards is that they should be objectively measurable. Not so this one.

"As ITIL documents the set of guidelines the assessment takes what is written in black and white and asks the Vendor how they achieve this, and if they do not provide their alternative and rationale. If the ITIL processes and documentation cater for this, then the pass mark would be granted"

If you work your way through the broken syntax you discover that assessment is entirely subjective. Allow me to paraphrase: "Either you do it the way the ITIL books say or you convince me that your way is still 'catered for' by ITIL". Throw yourself at the feet of the Lord Assessor and make your case (against a secret set of questions you can't see).

I sincerely hope that Ken's information is unauthorised and indeed wrong, because if "The APMG own the standard" then OGC and all of us have a problem. APMG are merely a contracted servant to OGC, with a contract that (eventually) expires. Just as TSO gathering ownership of copyright over some materials via ITIL Live is of great concern, so too is APMG owning the ITIL standard. The courtiers are seizing power. By the time the contracts are up for review TSO and APMG will either be too entrenched to replace, or they'll take half of ITIL with them when they go. So I REALLY hope Ken is mistaken and the standard lies with OGC.

I did predict previously that the standard would be secret, but I didn't guess just how secret. (Note that Pink Elephant have always published their PinkVerify criteria and it is actually quite a useful bit of free public IP in its own right). Not only will the public never get to see "Ken's standard" but the vendors applying for certification won't get to see it either!!!

Do I [the applicant] get to see the questions beforehand?
No. The questions will remain with the Licensed Assessor and only be asked at the time of the assessment

What Monty Python could have done with this beggars the imagination.

Vendors shouldn't expect much commercial confidentiality either: "CA are still procuring the contract, with HP and IBM waiting for the official end of pilot launch." So either it is a given that they will pass the assessment or the world will now know they failed.

If a vendor has failed, it seems that (for an appropriate fee one presumes) we can find out why

If we have carried out the assessment we can also inform them of key areas to look out for and may share our “assessor’s notes” with them to aid their decision.

For once the cry is "vendor beware!".

Finally, Ken is not afraid to wave the big stick that has always lurked behind this scheme

As the OGC’s role within HM Treasury is to facilitate commence [sic. I think he means commerce] between the Public and Private sector it is expected that “ITIL Process Compliant” assessment will be mandatory for all vendors tools wishing to be sold into the UK Public sector, either directly or via services.

but it is fair to say he may be getting a bit ahead of himself by doing so now. If you the community make enough noise about the secrecy, the inner-circle dealings, and the total absense of any community consultation, this scheme just might be seen for what it is and the rest of government will dissociate themselves from the whole inept sordid mess.


or Joseph Heller

"What Monty Python could have done with this beggars the imagination."

Or Joseph Heller... (Catch-22). Rewritten with apologies...

There was only one catch and that was Catch-1T1L, which specified that seeking to comply with the 1T1L standard was the goal of a credible vendor seeking to sell software.

Supporting standardization means supporting a process which defines and publicizes unambiguous standards. All ServSofCo had to do was ask for 1T1L standardization and as soon as they participated, they would no longer be participating in a standards process and wouldn't be credible. ServSofCo would be credible to ask for certification and not credible as soon as they got it, but if they didn't get it they wouldn't be credible. If they were certified they'd be not credible and if they weren't certified they wouldn't be able to sell software because they wouldn't be credible."

Yossarian was moved very deeply by the absolute simplicity of this clause of Catch-1T1L and let out a respectful whistle.
"That's some catch, that Catch-1T1L," Yossarian observed.
"It's the best there is," Doc Daneeka agreed.

Charles T. Betz

ITIL Software Scheme comes under more fire

For a certification scheme to be legitimate, it should at least comply with ISO 17021 and 19011. The basic requirement is that the compliance criteria and the audit criteria are publically available. If both are not published for all to see and evaluate, then the scheme is of no value. Ideally, the scheme should be registered and regularly inspected by a national accreditation agency. Transparency is the name of the game.

grasp of principles

APMG are a UK national accreditation agency. the fact that they signed up to a scheme with a secret proprietary standard demonstrates their grasp of those principles enshrined in the standards you reference.

ITIL's long history of secrecy and inner-circle dealings

No offense to Aiden, but ITIL has long been subject to a secretive development process. The last revision was developed by a small number of contributors and reviewers who were selected by an unknown process. It seems ironic to now complain about the secrecy involved in the development of the ITIL Software Scheme.

Actual standards (as opposed to best practices) can take a long time to develop due to the lengthy nature of collaboration, consensus, and openness. However, at least there's a trail and history that can be followed to determine how you got there

Kaching Kaching! goes the cash registers.

I can see the future.The first step, we pay for compliance and certification.....
Then one day someone at OGC/ APMG wises up and realises they can patent the service management concept and charge us all not just for the tools and books but for actually using ITIL on a daily basis. :)

too much prior art

Luckily, no they can't patent, there is too much prior art. but Mickeysoft are trying to patent CMDB... amongst many other things.

Nor can OGC claim copyright over terms such as incident management or change. in fact ITIL is so generic I wonder just what they can enforce beyond specific phrasing (and the name "ITIL" itself of course, which is trademarked)

One ring to rule them all....

At the itSMF-USA conference in Dallas, TX this week, the ITIL Software
Scheme was announced:

Of particular annoyance to me is this quote: "The new ITIL software endorsement scheme allows software tool vendors to submit their ITIL based software tools for assessment to a Licensed Software Assessor. Successful recommendations entitle tool vendors to use the official Process Compliant ITIL Swirl logo.". ITIL Compliant??? How on earth can you be compliant with a framework? This will just lead more unsuspecting, unknowing companies into thinking that a tool will save you from all your troubles.
Buy the tool, write your processes to match what the tool does (never mind how you actually do things), and you're "fixed". You are now "compliant".
There is no such thing as ITIL compliant. It can be compatable with ITIL, or be designed to support best practice and improvement initiatives, but this looks way too much like a band-aid, one size fits all approach that will ultimately lead to people not adopting best practice, but simply adopting tools.


I've had a problem with this entire scheme (and it reads like one) ever since they announced the pilot assessment was performed by a group with a prior relationship with the company that submitted software for certification. Tainted!!!

This doesn't help!

I'd be happier with a Supports ITIL Processes and a mandatory list, but ITIL compliant? I'd also like to see a Supports ITIL Lifecycle as a higher level of certification.

Oh, did I mention lifecycle?



that's not ITIL compliance!

Ah but Liz, OGC and APMG are tying themselves in knots to avoid saying "ITIL compliant". It is "process compliant".

You can't comply to ITIL but apparently you can comply to one process of ITIL even though there is no standard to certify against.

But that's not ITIL compliance! Ooooo my word no! nothing like it, quite different yes indeed! tut-tut for getting two such different concepts confused.

You are in good company though.

SMCG, creator of the scheme and first assessor:

an ITIL product compliance scheme to audit Vendor products, documentation and processes against the published best practices of ITIL ... a new compliance Standard... vendors can apply to have their products audited for ITIL compliance. Products which meet the compliance standard will be awarded an ITIL Compliant OGC approved Trademark... The “ITIL Product Compliant scheme will consist of several tiers... Tier 1: ITIL Compliant – Bronze ...

BMC, the first company certified:

the first ITIL compliant certification from the UK Office of Government Commerce (OGC) and the APM Group.

and again

BMC helps customers achieve ITIL® compliance without complexity ensure customers receive an ITIL compliance solution “out of the box.”

CA, one of the first batch of companies to be certified, on the same APMG page as you quoted, the official announcement of the scheme:

Robert Sterbens, Sr. Director Product Marketing, CA Inc, said: "CA found SMCG's ITIL Product Compliance assessment to be..."

Public Sector FLEX (British Government initiaitve, this doc on OGC website):

Service Desk... ITIL compliant.

Butler Group

OGC to Endorse an ITSM Tool ITIL-Compliance Assessment

They're all wrong you see? There's no such thing as "ITIL compliant"

ITIL Compliance

Oh well, ITIL Compliance is just a buzz word invented by those clever marketing boys. It is too hard to them and for most of the "ITIL-tool" searching customers to really get into the objectives of ITIL. So they just create a new language, full of easy to comprehend and direct solutioness, out of the boxy and plug and playful words to generated business...

Where was it written that IT must talk to their customer in their business language ;)


Sounds like my conspiracy theories are starting to come out :)

Brad Vaughan

the ultimate failure of governance

Isn't the chair of the itSMF International Board commercially involved in this? I'd say that if the itSMF International Board allows that, it's definitely the end of the itSMF as a global power. Who would ever trust an organization that supports this?

itSMF is a volunteer organisation

itSMF is a volunteer organisation. We have to make a living too. It seems to me that being a partner in a certification assessor is no worse than being an evangelist for a software vendor or being an author of ITIL books. It's the way it is done that matters, with consultation and transparency and - yes - governance.

Picking a vendor is already

Picking a vendor is already a painful process, as all the big boys are all pink verified and that has not seemed to help finding a tool that is as good as it should be, I can't see how a secret certification is going to give me or my clients any assistance whatsoever.

To be frank the neither of the big 2 tools work out of the box anyway, it's not only easy but also standard sales practice to answer every question: "Yes you can do that, but it's not out-of-the box", will that pass the certification?

Use your vote

itSMF has got a balancing act to do, and can only represent the feelings of those members who make their voices heard. I don't always agree with them, but generally I'm happy with the way things are run in the UK and itSMF international.

If people really are unhappy can I suggest the itSMF AGM in November is the place to raise concerns?


Syndicate content