Will ISO9000 absorb or displace ITIL?

Many people, such as ITSMView, are asking the question "Is ISO 20000 set to take over ITIL?" Perhaps they should be looking over their shoulder at another ISO standard and the associated industry: ISO9000.

Stop laughing. ISO9000 suffers from a lot of baggage due to the cynical way it was implemented in many organisations. I once complained to an ISO9000 Manager about the rambling drivelling emails he broadcast every week. He replied: "You don't understand. My system is assessed by the auditors by the quantity of material I put out". ISO9000 is quite capable of generating a lot of heat with very little light.

Never mind all that. ISO9000 has a huge community of practitioners, auditors, consultants and pontificators - much bigger than ITIL's. What does ISO9000 do? Document business processes. What if ISO9000 were extended to specify the docuemntation of IT Service Management processes?

Much of the ITIL community is smug because ITIL is "top dog" (or is that "King Rat"?) right now. But all it takes is somebody to chuck a few million, some content and some respectability at an alternate body of knowledge. See the IT Skeptic's April Fool joke from last year for one scenario.

All it takes is to give the people what ITIL doesn't:

  • a respected personal certification (noticed how the value of ITIL certification is falling?)
  • a standard to certify an organisation against. What do we get for our money? How do we prove it for a tender or contract (or lawsuit)?
  • product certification: where's the label with the logo on it?
  • a New Kid in Town (this is the most faddish of industries except perhaps movies or clothing)

..and then do some serious marketing. The lesson of history is clear: you don't win on quality. Build it and they won't come. If you want to be #1 you have to out-market them. In this instance, that means big but not extraordinary resources.

Don't think this is such a big task. ITIL V3 was written by a dozen people. The worldwide launch reputedly cost about $7 million. The IT Skeptic reckons the market is worth about $5 billion per year (my very own Crap Factoid!). Say $50 million and fifty person-years would be a small investment to generate such a market. Bill keeps that sort of money in his hip pocket.

Sooner or later something will displace, absorb, include or supercede ITIL (see the IT Swami's Seven Visions). Maybe it will be ISO20000. Maybe MOF. Maybe COBIT. Or just maybe ISO9000...


ISO 9000 Skeptic

I'm genuinely surprised to hear you promoting ISO 9000. There has been a precipitous fall in ISO 9000 usage, particularly among those that were first to jump on the bandwagon. Registration is on the decline in Britain, France and Germany. By all objective measures, the trend is downward.

Yes, there is growth in other markets. China and Rumania, for example, see it as the ticket to global markets and the European union, respectively. Japan's adoption is considerable because of market-place coercion; the mantra is ‘you comply or we won’t buy’. (Though Toyota abandoned the standard long ago.) Its doubtful ISO 9000 would have survived without marketplace coercion. This is simply no evidence of its intrinsic value. It's value to IT-based services is a dubious proposition.

John Seddon, one of the most vocal skeptics on ISO 9000, sums it up in this list. (ITIL appears to have noted at least a few of these issues in its latest incarnation):

1. ISO 9000 encourages organisations to act in ways which make things worse for their customers
2. Quality by inspection is not quality
3. ISO 9000 starts from the flawed presumption that work is best controlled by specifying and
controlling procedures
4. The typical method of implementation is bound to cause sub-optimization of performance
5. The Standard relies too much on people’s, and in particular assessors’, interpretation of
6. The Standard promotes, encourages, and explicitly demands actions which cause suboptimization
7. When people are subjected to external controls, they will be inclined to pay attention to
only those things which are affected by the controls.
8. ISO 9000 has discouraged managers from learning about the theory of variation.
9. ISO 9000 has failed to foster good customer-supplier relations
10. As an intervention, ISO 9000 has not encouraged managers to think differently.

The application of ISO 9000 to services would, I dare say, place Mr. Seddon in an apoplectic fit.

ISO 9000 Family Standards

What I don't understand is why is the ITIL feel so threatened by the ISO 9000 standards? I mean, its mainly focus on "Quality Management" aspects within an organization. Sure, it was published in general terms so that it can be applicable to any organization. But I don't believe it involves the IT industry since it has its own ISO/IEC standard dedicated for it.

Newsflash - ISO 9000 is already addressing SERVICES!

Hello, tap tap.... ISO 9000 is all about goods and services and gaining visibility and managment control over quality of the aforementioned.

Quality is clearly linked to customer satisfaction which in turn is connected to their desired (or expected) outcomes/results. As for products, (goods), some have less people wrapping than others.

Anyone embarking on an 'information/hardware/software/peopleware as a service' strategy as a service provider would be insane to base it solely on ISO 20000.

I'd suggest a quick peruse of at least one of the many very good books on the subject - David Hoyle's ISO 9000 Quality Systems Handbook - note 'SYSTEMS' - not anything thats not a service.

Here is just a snippet of what is discussed:

Service agreements, service classification characteristics, delivery process (13 pages!), information feedback, measurements, planning, quality characteristics, quality measures, specifications.... it is cross referenced from process and quality.

Check out Clause 7.5 - Production and Service provision, and the initial discussion on the concept of Quality and Quality Management Systems (pages 8-85) will come in quite handy....

ISO 20000 is evidence of how far the older styled IT thinking is from the needs of today's service driven economies and enterprises.

ISO 20000 _is_ ISO 9000 for IT organizations

ok, that might a bit simplified, but fact is:
- ISO 20000 (aka ISO/IEC 20000) is based on ISO 9000 principles
- Nothing in ISO 20000 contradicts ISO 9000 or vice versa, in fact they are very much aligned
- for an IT organization, ISO 20000 offers additional, more concrete guidance on IT processes (based on an IT processes framework that is quite similar to that of ITIL V2)
- much of ISO 20000 guidance is nothing more (or less) than tailoring of ISO 9000 for ITSM
- In its current form, ISO 20000 cannot stand by itself - one needs to know at least fundamentals of ITIL (V2) as well as ISO 9000 to understand it

As one has to implement all specified ITSM processes, ISO 20000 certification will be harder to achieve than an ISO 9000 certification, but unless one sees serious flaws with the basic process framework (the division of ITSM into ITIL V2-like processes like Incident Management, Problem Management etc.), I cannot imagine many good reasons why an IT organization should want to adopt ISO 9000 rather than ISO 20000.

already have ISO9000

Logically: yes I agree.
Politically: maybe not.

it would be easier and cheaper to wrap ITSM up in an ISO9000 audit that you have to go through anyway
you already have an ISO9000 in-house owner, a business relationship with an auditor, all the paperwork done...

And perhaps there are people who think it SHOULD have been part of ISO9000 who will pursue this whether it is logical or not.

We might end up with basic ITSM certification as part of ISO9000 for most organisations, and ISO20000 relegated to a specialist role for outsourcers and such.

oh no, not again

"Promoting" is too strong a word. I am presenting a credible possibility for a new political force in the ITSM world. I share all the views and concerns about ISO9000. I believe some of the slow uptake of ISO20000 stems from an "oh no, not again" reaction.

But other BOKs dismiss ISO9000 at their peril. It may be going backwards but that is from a strong incumbent position.

Syndicate content