ITIL Software Endorsement Scheme dropped on an unsuspecting public

News continues to leak about an ITIL Software Endorsement Scheme endorsed by OGC, administered by APMG, and created and assessed by a small organisation SMCG. Without any public discussion at all, a "standard" for ITIL software products is about to be dropped on the unsuspecting ITIL public.

The IT Skeptic first got wind of this when the scheme's initiator Ken Turbitt asked me about the idea, but the penny did not drop that this was going to be an OGC endorsed "standard". Then we had the leaking of the whole thing in an article in the press.

For the first time since creating the Information Technology Infrastructure Library more than 20 years ago, the U.K.'s Office of Government Commerce (OGC) has officially endorsed a compliance framework to audit vendor products, documentation and processes against the published best practices of ITIL (versions 2 and 3). The compliance scheme will be managed by the OGC's official accreditor, APM Group Ltd. The move seeks to create a formal, recognized ITIL tools standard... The OGC has approved the use of an ITIL trademark, under license to the joint venture for award to compliant vendor products... the OGC endorsement program gives vendors of IT Service Management products an official standard to meet. The official OGC auditing program looks at two areas of compliance -- functionality and product documentation -- when auditing, and it also looks for accurately represented processes and functions. The IT tools standard certifications are awarded in three tiers:

If the functionality and documentation pass required criteria, the tools receives a bronze.
If, on top of that, upon initial inspection at least three companies have implemented that particular version, a silver level of compliancy is awarded.
Finally, gold-level compliancy is given when three or more companies have implemented the tool and those customers have provided evidence in support of it...

"PinkVerify is a revenue-generating program for Pink Elephant and helps reinforce their brand as 'the IT service management experts,' so some level of skepticism is probably appropriate here," [...and the SMCG scheme differs how exactly?]

Now Ken himself has chosen to pre-announce the scheme ahead of OGC.

Well I guess I have to come clean. It would appear I’m causing quite a stir in the marketplace with Vendors at present. Even the IT Skeptic is jumping on the bandwagon. So what is all the noise about? Well it’s a new service Sharon Taylor and I will be offering to the market shortly [Ken has been joined by Sharon Taylor: Chief Architect of ITIL, Chief Examiner of ITIL, and Chair of itSMF International]... The OGC have still to finalise the paperwork and make a formal Press release, before it’s a publicly released service...

[Ken quoted a new Butler Group paper (no link given) as saying:] Whilst there are already other ITSM tool verification products services available, such as Pink Elephant’s PinkVERIFY, this is the first time that the OGC has endorsed an ITSM/ITIL tool compliance framework and approved the awarding of an ITIL-compliant trademark, under licence, to compliant products... compliance assessments will be undertaken by licensed assessors, including Service Management Consultancy Group (SMCG) Ltd. with APM Group responsible for the required standards, which SMCG developed... To allow for the fact that different vendor solutions deliver against different sets of ITIL processes, compliance will be measured against individual ITIL processes. In terms of the cost to vendors, assessment fees will be set by the licensed assessors [SMCG] with APM Group charging a fixed fee per process, per annum, for the use of the ITIL-compliant trademark... the Software Endorsement Scheme also offers a potential platform for a cross-business, cross-vendor community; where ITSM tool users can share experiences and comments...

So now you can see why I’m causing a stir in the marketplace. I’m sure as more official and unofficial news gets out, this will take on a life of it’s own, but I truly believe it’s for the good of the purchasing organisations of ITSM software, but I guess time will tell.

The IT Skeptic was not "jumping on the bandwagon" until now. In fact I was waiting for enough official information - or even ANY official information - before commenting. But we are in the extraordinary position that

  • OGC are issuing a "standard" that the public is totally unaware of. Zero public discourse about it's content
  • APMG and SMCG are so excited at the prospect they have both chosen to leak details to the press and the internet
  • Without any public discussion or any selection process whatsoever that I can see (hence I was waiting) OGC have endorsed a commercial "standard" from a one-man-band (now two-person-band)
  • Equally without any public announcement or discussion, APMG have awarded the first rights to assess software products against that standard to the author of the standard, SMCG
  • That assessor seems to be relishing the predictable reaction from the community: "would appear I’m causing quite a stir in the marketplace with Vendors " and defends the idea here (defends it well too: the IT Skeptic has no problem with the concept just its execution)

The first the vendors will know about the standard they have to work to is when OGC announce it, apparently in April. This will also be the first the ITIL community will know about a standard applied in their name. Oops, I must learn to refer to us as "the ITIL consumer marketplace". How can something be a standard without any discussion or input from those it applies to? Ken merrily compares it to ISO20000 but there is no similarity at all. ISO20000 is a standard, the ITIL Software Endorsement Scheme isn't.

Everyone is slagging PinkVerify in comparison, but the only difference is that the ITIL Software Endorsement Scheme has grabbed the rubber stamp of OGC from its feeble old hand, and that it will be audited by APMG. We look forward to hearing how the audit will work, and how the audit results will be published. It is still a closed (no public input) scheme working to a closed set of criteria, administered by a commercial organisation for profit (two in this case, APMG and SMCG), and paid for by the vendors who gain the accreditation.

[Updated:] One hopes this will be a public "standard", or is it to be shrouded in "commercial sensitivity" ? Given that the various publications can't agree on how many processes there are in ITIL V3, we look forward to seeing which ones Ken chose. We also look forward to seeing to what level of maturity he has chosen to set the standard, because obviously a tool that supports process to Level 5 maturity will be measuring and reporting a lot more than a tool that supports to Level 2. Has he chosen to require every single thing that ITIL mandates? Has he chosen things that ITIL is vague about how essential they are?

We also look forward to OGC explaining how and why they chose Ken to write the standard.

(Perhaps now APMG will seek to extend their OWN accreditation as accreditors to cover ITIL as well as the areas it does currently cover: PRINCE2 etc. I doubt that Castle ITIL will find the Vendors to be as compliant and uncomplaining as the poor Qualifications consumers)

Yes Castle ITIL have done it again. Change by decree. Consultation by contempt. Selection by preference.

How do you feel about it?


Quality control...

Given APMG's inability to create syllabi and exams that are typo-free and easy to understand, I can only imagine what kind of half-assed, sloppy thing this is going to look like.

I may be an ITIL Expert, but I am not at all impressed with APMG.

APMG make further annnouncement re ITIL Compliance

APMG have now pre-announced the ITIL Software Scheme - why not? itSMF and SMCG already have.

software endorsement scheme approved by the OGC... entitle tool vendors to use the official Process Compliant ITIL Swirl logo.... tool has been reviewed for compliance with the ITIL brand... compliance with the ITIL processes. "

Uses the word "compliance" twice and "Compliant" witha capital "C" once, so pretty clear what they are assessing. But the word "standard" has been dropped in favour of compliance with a "brand". Hmmmm.

And still no word on the origins of the "brand" criteria. So we continue to wait for "OGC ...official press release closer to the time whereby further information on the scheme will be available".

show me the money

The framework / standards / vendor agnostic / etc discussion is an important one, but the reasons for this move are blatantly clear. Toolsets claiming to be 'ITIL compliant' have been popping up over the years. ITIL is a registered trademark. itSMF might be a non-profit organisation but SMCG have cleverly identified a ready market for a new product.

The hint is here: "In terms of the cost to vendors, assessment fees will be set by the licensed assessors [SMCG] with APM Group charging a fixed fee per process, per annum, for the use of the ITIL-compliant trademark" (not the ISO20000 one for anyone getting confused ;)

One immediate problem I have with this is - will small, innovative software development companies be priced out of the ITIL market? In my (humble) opinion, the industry leaders thus far have been cost-heavy and delivery-light. "Sure you can have the system, but the reporting module will cost you extra" approach has left many organisations battling with out of the box systems. I've been getting quite excited by the number of new toolsets that are leaner, meaner and geared towards delivering value. I would be very, very mad if this cunning new plan to profitise ITIL compliance makes it impossible for bright new companies to get traction on new products.

The wheel of commerce is turning, procurement policies want proof of value for money and 'ITIL compliant' is an industry standard regardless of the "best practice vs. standard" argument (which I have often). I would only hope that the implementation of this plan remains true to the community ethos that developed ITIL in the first place.


Caroline, you are right. I'm tempted to throw a tea party

Caroline, you make an excellent point.
Speaking as a vendor and as a software start up entrepreneur, I can tell you that smaller, innovative, open source and hosted-type of vendors will ignore this kind of certification due to cost and perceived-bureaucracy. Unless the customer makes it a buying criteria, they serve no purpose.

How would a scheme like this help? I'm pretty sure it wouldn't. It'd be more like a tax. Taxes can be good things if they build infrastructure for our ITSM society--we'd all benefit. But a tax is bad if it goes only to sustain a bureaucracy that provides no real service.

i'm familiar with Pink Verify. I think it serves to educate the market of high level requirements, but it's not a standard, doesn't really serve for RFP's, and at best serves to get a list of vendors. But then, so does Google.

I have not had our software "Verified" -- and never had a customer have an issue with it. It's simply not a buying criteria.

Also, as founder of newScale, we've been doing service catalog and service request software since 2000. ITIL v3 added Request and catalog in 2007. So what would a scheme like the one proposed add? Where would the expertise come from? Are they software architects? Are they running software catalog systems today? If not, then I wonder how a customer gets value from that scheme.

There's a real need to for standards in the ITSM tool world. I'm working on one right now, and the level of detail, definition and work necessary is tremendous. The interoperability standards take time and major investment from vendors. These proposed certifications would not help with those problems.

Having said that, Skep. As a (Latin)-American colonial, I'm always fascinated with how the British Empire practices live on; the queen of England will certify my ITIL-ity? :) No wonder the Brits invented Monty Python!

I'm tempted to throw a tea party for the ministry of fuITILity. (Hey, I just came up with Skepic!)


"fuITILity"? You and me need to work together on RealITee, the next version

I'm pretty sure an OGC-branded assessment stands a better chance of becoming a standard buying criteria.

People have wanted a standard for a long time. I too want it. I'd even like to have a say in it, and be able to read it and refer to it, or - gosh - agree on it, like a real standard.

It is extraordinarily British isn't it? Standards by decree. Does ISO know about this? This could save so much time and messy discussion....

I welcome a standard

I welcome a standard demonstrating tools adherdance or alignment (not compliance) to ITIL. Caroline, you mention some of the benefits.
The problem here looks like it is a single pesons view that becomees the standard.

What type of a standard

Is a simple paid for service, that assigns a bronze, silver or gold plaque to a tool a standard? Are the IT service providers so similar and interchangeable that a single tool standard can be defined? Will a tool that receives a gold "standard" which targets an IT service provider that provides datacenter services to 500 different clients in the banking sector be gold "standard" for a shop that provides internal deskside support for a large enterprise with 120.000 PCs?

ITIL can be a standard because it does not go into too much detail. Tools need the details. A single role called change manager can be a single person with a single backup in one organization and can be 10 teams of 10 people each for another organization. How could a single tool be a good fit for both unless you customize like "hell"?

I would welcome a criteria and target list of what each tool does and how well it does it. But that is not a single badge but a complicated assessment with a complicated result. Easy answers sell best, even if they do not fit the question.

cool with the concept

The objective of such an assessment, same as PinkVerify, is just to help build the shortlist, not pick the final choice. It is a crude broad-compliance assessment that sorts the sheep from the Access databases. As I said, I'm cool with the concept. I'd have been a lot happier if we built a real standard. Still, if anyone can write a standard maybe its time I released my own ITIL assessment compliance program that I've been toying with for a year. Difference is mine is free.

cool with the concept - part 2

Skep, before you get carried away with the idea of a free tool assessment, don’t forget, PinkVerify is free too. It’s free to anyone wanting to look at the list (as opposed to Gartner’s Magic Quadrant). And the assessment criteria is free to anyone – including vendors - to download.

In fact, there’s nothing stopping either the enthusiastic Access/Excel designer of a home-grown tool, or a real-live commercial vendor from doing their own PinkVerify assessment, and then bragging about the results afterwards.

In fact, if a vendor:
1. ONLY wanted to do that.
2. And NOT have Pink do the independent verify.
3. And then publicly claim that their tool supports xx processes on the PinkVerify list - without having our endorsement to prove it.
We really don’t have a problem with that.

As practitioner (potential vendor customer) I’d then simply say to that vendor:
1. So you haven’t asked Pink to do the independent verify.
2. And that's why your tool isn’t on the PinkVerify page.
3. But you claim to meet the requirements anyway.
4. Because the PinkVerify assessment criteria is freely available for anyone to download.
5. So you’ve done the self-assessment and came up with the confirmation that you WOULD have been PinkVerified.
6. OK - show me!
And if that vigilant practitioner was confident enough to judge that the demo really does replicate the vendor’s claim (which isn't really too difficult – they just have to follow the same assessment process) then – voila! The practitioner can add the tool to their short-list, even though it’s not on the PinkVerify page.

Keep in mind the first step for a vendor to get official PinkVerify status is that they must download the criteria and do their own self-assessment anyway. That's what they're instructed to do first, before asking us to do the independent assessment.

So all of the above can happen with no money coming Pink’s way at all, and I have no problem with that. Our purpose with PinkVerify was not to make a living from it, but to help customers short-list tools and help vendors show that they've taken ITIL into account when building their products.

Money only changes hands when the vendor asks us to do the independent verify of their self-assessment. And if they meet the requirements - we put them on the web site and permit them to use the logo. Depending on how many processes are involved it could take from half a day up to 2 days to do this independent assessment.

There is more work done on Pink's part, but I'll not bore you with that here. But if you really want to know what else we get up to in administering the PinkVerify web pages, I've explained a bit more on my blog at - - just look for the recent posting "Why PinkVerify?" I'll stop here as I don't want this to sound too much like a commercial - I just wanted to explain that people can use the PinkVerify stuff without actually paying Pink, or even contacting Pink, at all.

PinkVerify criteria free to download

Well now, here's an interesting thing. (Yes I have verified this post is indeed from David Ratcliffe, President of Pink Eelphant).

So what Pink are selling is the PinkVerify logo, the service of verifying against their criteria. We understand that. What I for one had forgotten is that the criteria are available for download. Of course the criteria are copyright so you can't run off and start your own assessment service without Pink permission, but you can use them yourself in-house as David says.

One assumes that SMCG's criteria will also be public information, especially since they are a standard. So the same arguments apply.

The market will decide which logo (and which fee) it prefers. Or whether it even cares: we will watch with interest to see how oiften either verification is a mandatory buying requirement.

My concern with both is that if they make it too stringent the vendors can't get it so they don't try and if they make it too easy then it is just a rubber stamp and doesn't tell you much. Guess which side I think both these verifications err on.

Disclosure: I have been in private correspondence with David because I am a speaker at the next Pink Elephant conference in Las Vegas in 2010. Since I have already spoken at four itSMF conferences worldwide I think I can demonstrate that it will not affect my impartiality :D

what constitutes a standard

Yes, OGC, APMG and itSMFI are all demonstrating a total ignorance of what constitutes a standard. Actually, knowing many of the parties involved, let me rephrase that. APMG and itSMFI either do not understand or are wilfully ignoring what a real standard is. Standards are agreed not decreed.

This is yet another commercial verification, that just happens to be run by the owners of ITIL.

It's the processes, not the tool that counts

This makes me a bit sad. If there is one thing I've learnt about SM tools, it's that the implementation is what's important, not the tool. I've seen companies ditch well known tools like Marval - not because there is anything wrong with them, but because they've not implemented them in a way that supports their processes and their objectives.

I am (was?) proud of ITIL for remaining vendor independent. I can see resentment coming when companies buy toolsets that have got the OGC stamp, only to find that the tool on its own doesn't magically fix all their process issues.


BMC Verify?

This is disappointing. It’s Pink Verify with the OCG stamp.

I wonder if this is going to be the closest thing to BMC Verify?
I would like to see who, if anyone or any professional “body”, has looked at this independently.

Another nail in the coffin for ITIL?

Hi Rob,

Thanks for bringing the article to my attention. In my opinon this is another reason that ITIL will not survive as we know it today. The castle ITIL makes too many mistakes in developing the framework. In v3 they take the general management approach of putting all of IT management into ITIL and then they reduce it to a tool issue by this decision.

See for some of my further thoughts on the impact of this endorsement.

Standard or Scheme?

Hmmmm, "standard"..... ITIL is not a standard. But we have a 'standard' for selecting tools to ITIL...."Software Endorsement Scheme"...."Scheme", Hmmmm

I still think acceleration of the ISO15504-8 exemplar - a STANDARD would do us all better than this.

The savage journey continues....

John M. Worthington
MyServiceMonitor, LLC

'Standard' Chum in shark-infested waters

Tactics like this, and the emergence of competing frameworks, will drive the need for a harmonizing standard like ISO15504.

See 'Standard' Chum in Shark-infested waters

John M. Worthington
MyServiceMonitor, LLC


John, I'm a little confused why you keep mentioning ISO15504. The next version of ISO 20000 will harmonise across all the ISO standards it touches on. 15504 is a very, very general standard. In practical terms I don't think it adds that much value

James Finister
Wolston Limited

I admit it may be me who is confused ....

I admit it may be me who is confused .... From what I can figure out based on my research of ISO 15504, it is a standard that specifically addresses how to assess processes. Not just the SDLC processes, but ANY process, and because of that is is indeed pretty general.

However the thought of having ITIL/ISO20000, CMMI-SVC, et al all be 'compliant' with ISO15504 --- even if the Process Reference Models and Process Assessment Models are specific to each framework --- just seems like a really good idea. I get it now that ISO15504 for standalone use may not be that valuable, which is why I am eager to see the 15504-8 exemplar. Wouldn't that be the closest thing we have to a V3 self assessment?

I can also see how many clients could benefit from understanding ISO's view of process maturity, and why any process reference/assessment model should be consistent with the ISO 15504 standard. I just don't get the feeling there is much consistency around how people assess processes. In addition, I am thinking (wrongly perhaps) that if we had 15504 compliant PRMs and PAMs for various frameworks (ITIL, CobiT, et al) then it would be much easier to mix and match and compare assessment criteria from the various guidance.

Finally, while you may train assessors on multiple assessment approaches, wouldn't you need them to have a 'foundation' (poor choice of words?) in the underlying assessment standard? I have seem 15504 referenced as a 'harmonizing' standard; that's not from me (both SPICE and SEI I believe used those words).

Because of ISO15504's long association with SPICE and historically tight linkage to software processes, along with it being used primarily by framework suppliers to build 'conformant' assessment models (are they building conformant assessment models?) it is largely ignored by customers.

It just seems like it might be nice to know the underlying basis of the various "methodologies" to assessment, especially those that may be a bit too 'creative' in their approach. I blogged on 15504 at : Exit here for Standards-Based Process Assessment if you're interested in more of my blathering....

Customers focusing on 'tools for tool selection', when they have done very little to understand that what we're teaching now? The process work can be much more difficult, take longer to do effectively and directs you to cultural change (pain), and given the choice most will avoid it.

I like the fact that 15504 is not specific to any particular framework or guidance. Constantly going back to the basics, using a standard like ISO15504, doesn't seem like such a bad thing to me. We don't need people to focus more on tools; they'll do that without our help. Investing in a non-proprietary (standards-based) process improvement/assessment approach seems less sexy (and perhaps less fun), but may pay off more in the long term.

John M. Worthington
MyServiceMonitor, LLC

Then I've got good news for you|!


OK now I understand what you mean I've got good news for you. The current work on building a capability model as an addition to IS0 20000 is indeed aligned with ISO 15504. I've got a spreadsheet in front of me showing how they map on to each other

James Finister
Wolston Limited

re: good news...

That IS good news! I tried to get involved (via SPICE) in the development of the PAM for ISO20K but was unable to. I guess I have to go through ANSI in the US and it became more trouble than it was worth. I did have some time and was hoping to contribute, (as well as get a sneak peek at was was brewing).

If you know of any way I can get more involved in the effort, I'd be willing to help (or at least add my 2 cents). I actually started developing a 15504-based PAM for Event Management but dropped it; if you're doing it alone you're doing it wrong anyway...

Keep us posted; this is an important deliverable!

John M. Worthington
MyServiceMonitor, LLC

Glad to hear it

John, the ony way to get directly involved is indeed via your national standards body. Most, I suspect, would welcome specific service management input. And it does involve a lot of trouble and effort to devlop a robust standard. Of course if you are OGC you just I won't say anymore.

James Finister
Wolston Limited

Contributing to ISO/IEC 15504 IT SM PAM

There is another way to contribute to the development of the ISO/IEC 15504 IT Service Management PAM .... read on

If there would be a minimum of five people wishing to contribute to the development of the ISO/IEC 15504 IT Service Management PAM, the SPICE User Group can set up such a group. The SPICE User Group has a formal liaison, can contribute comments that have to be addressed by the working group, and can send delegates to ISO meetings.

The conditions would be that
1) such a group would establish a coordinator who must coordinate comments and present a consensus viewpoint
2) all members of such a group shall join the SPICE User Group (free membership - just goto the official web site and join )
3) all members of such a group would be asked to contribute USD 50 per annum for access to all ISO documents and collaborative communication infrastructure

If there is any interest in doing this then please contact

Note also the following
a) ISO/IEC 15504 is in a revision cycle starting May 2009 - there is still a chance to influence the future architecture and development
ISO/IEC 15504 is expected to become the ISO/IEC 31001 series of standards, externally developed PRMs/PAMs will be able to be forwarded as PAS and fastracked for registration with the standard
b) a new standard has been approved for developed on Conformity Assessment for process capability and organisational maturity
c) there is already an assessment and certification infrastructure in place through the PATHFINDER scheme

Alec Dorling
ISO/IEC 15504 convener

I am interested !

I've sent you an e-mail to the address in your post; and am gathering interested candidates at this time. I am already a member of SPICE; mySPICE page is at:

Anyone interested in joining please contact me.

John M. Worthington
MyServiceMonitor, LLC

Interest noted!


Confirming Email received

Awaiting the further interest from others in order to proceed

Alec Dorling
ISO/IEC 15504 Convener

I don't think you're confused...


For what it's worth, I don't think that you are confused. I think it's a good thing that you're bringing this up into the conversation. I think we need to be looking deeper into what standards activity can provide to us, even (especially?) if they are not "IT" standards. For example, ISO 12207 and 15288 offer some excellent insights into life cycle management and enabling processes. There's lots of benefit that can be gained, for those willing to invest the time and stay open enough to find it.


Syndicate content