Outside IT Group Test – The Results

Cherwell, Samanage, ServiceNow and TOPdesk reviewed for their capabilities and approach to delivering services outside the IT department
Cherwell, Samanage, ServiceNow and TOPdesk reviewed for their capabilities and approach to delivering services outside the IT department

I am pleased to share my latest analysis for The ITSM Review: Outside IT.

This is a review of how IT service management (ITSM) tools might be used beyond the IT department.

It explores how traditional ITSM tools, typically used for IT service and support, can be used for broader operation throughout the business such as underpinning internal business processes and handling non-IT business requests.

Technology vendors participating in this analysis include:

  • Cherwell
  • Samanage
  • ServiceNow
  • TOPdesk

There has been a move in recent times to develop more applications and tools that can cross the boundaries of internal service departments. The ITSM toolsets available have helped to drive practice in this area, in particular service catalogues, service portals, automated fulfilment processing, approvals etc. and for many organisations this is a huge opportunity for IT to be the department of solutions and success rather than simply the folks who say ‘no’ all the time.

Which vendor is ‘Best in Class’?

What are the differences between the vendors in this report? How can we distinguish and identify differentiators, pros and cons between them? If all products can be used to develop work automation, logging and escalation/ownership and tracking of tasks etc., does this mean that the differences between vendors go beyond simple software functionality? This review looks at how to differentiate the vendors’ approach for beyond IT across the ITSM market.

Download a copy of my report here (registration required):


"IT needs to stop waiting for the sky to fall in" – Ian Aitchison (Video)

This interview was filmed at the Pink Elephant Conference and features Ian Aitchison, ITSM Product Director at LANDESK discussing the current challenges faced in IT service management, along with the need for IT to stop always focusing on the negatives.

In Summary

In addition, Ian also talks about:

  • Shadow IT
  • IT needing to better engage with the business
  • The ITSM community
  • How LANDESK interacts with its customers

Please note that owing to this interview being filmed live at the Pink Elephant event, there may be some minor volume issues and background noises throughout this video.


LANDESK Software is an industry-leading provider of solutions that span five key IT management disciplines: systems lifecycle management, endpoint security, IT service management, asset management, and mobility management—all unified in a consistent, user-oriented experience. Visit www.landesk.com for for more information.

About Pink Elephant

A global company with a proud and pioneering 30 year history – the world’s #1 supplier of IT Service Management and ITIL® education, conferences and consulting.Visit www.pinkelephant.com for more information about the company, services and products. This video was filmed at the 2014 Pink Elephant Conference. The 19th Annual Pink Elephant International IT Service Management Conference and Exhibition will take place at the Bellagio Hotel in Las Vegas, February 15-18 2015. Registration is now open.

Pink14 Preview: Advice for making space for ITSM

“Carve out some time for service management and make it a priority”

Ahead of his presentation at the 18th Pink Elephant Conference and Exhibition (PINK14), David Mainville, CEO and co-founder at Navvia, gives his advice on ‘making space for service management’.

Conferences like PINK14 are an amazing opportunity to network with your peers, learn new techniques and to re-ignite our passion for service management.

But you know what?  As motivating as conferences can be, the most important question is “what do you do with the passion once you get home”?  That’s the topic of my presentation at PINK14 entitled “Making Space for ITSM”.

So what do I mean by “making space”?

Well, if I’ve learned anything during my 30+ years in service management, I’ve learned that it takes practice and commitment.  Service management needs to become a part of the daily routine, of both the practitioner and of the company.

In fact, anything worth doing in life takes practice – whether it is learning to play an instrument, mastering a sport or getting in-shape – practice makes perfect.  The problem is that for many organizations and practitioners, service management is seen as a project and not as a practice.

Documenting a new change management process because of a recent catastrophic failure, implementing a new service management tool, or tweaking a process because of a bad audit finding, is often confused with a service management practice.   It’s not that these things are bad unto themselves; it’s just that it’s a bit shortsighted.

We come back from our conference all fired up, but all our great intentions are quickly overshadowed by firefighting and the daily demands of the job.  This noise gets in the way of a true practice.

Making space for service management means putting aside the time to do it right, and doing it right means following 5 critical steps.

The steps

  1. Carve out some time for service management and make it a priority.  In other words, there is a human element to the art of service management that can’t be ignored.
  2.  Develop a service management plan along with some short-term goals.  Many ITSM failures stem from either a lack of a plan or an overly grandiose one.  Focus on short term goals with measureable success criteria.
  3.  Build an alliance of co-workers because you can’t do service management alone.  If ITSM tools are the embodiment of a process, then people are the soul.  If you haven’t captured their support, ITSM will never succeed.
  4.  Create a structured and repeatable approach for implementing processes and tools.  You can’t be all over the map; you need something that works consistently for your first process and well as your last.
  5. Establish the discipline and governance to ensure an on-going program.  Building a process and implementing a tool is the easy work.  Accountability and buy-in is much harder – ensure you have management support and governance for your long-term program.

It’s been my experience, both as a practitioner, and as someone who practices service management in his own company, that following these steps is the best way to make real and lasting improvements.

Thanks and I look forward to seeing you at Pink!

David Mainville
David Mainville

To learn more find David at PINK14:

David will also be reprising the presentation for a webinar later in March.

Image credit

Review: LANDesk for Integrations

This independent review is part of our Integrations 2013 Group Test.

Executive Summary

Elevator Pitch A solid product from a vendor with expertise in both ITSM and systems management, which adds a dimension to what they can offer.
  • Strong event management background
  • Understand that the deployment phase needs structure and the range of materials and consultancy they offer is comprehensive
  • Encompass BYOD with integration and include some neat new innovations
  • Integration/Automation platform through a graphical process workflow.
  • LANDesk have put some much needed focus into their service management, and it is at least on a par with almost all the main players.
Primary Market Focus Based on the information provided, LANDesk are typically active in the mid-large market.They are classified for this review as:Specialised Service Management Suite – Offering ITIL processes and proprietary discovery tooling and Data Integration Points

 Commercial Summary

Vendor LANDesk
Product LANDesk Service Desk
Version reviewed 7.6.1
Date of version release July 2013
Year founded 1985
Customers ~1000
Pricing Structure Service Desk Concurrent AnalystService Desk Fixed AnalystService Desk SaaS Concurrent AnalystService Desk SaaS Fixed AnalystAlternatively available as part of LANDesk Total User Management suite : complete portfolio of integrated ITSM, Systems, Security, Mobility, Asset management solutions.

Licensed only by end user (not by number of devices or IT Users).


Competitive Differentiators
  1. LANDesk’s offer experience in ITSM and beyond that, systems management and as such they can provide Total User Management – covering systems management, security management, asset and service management, seamlessly integrated together through a process driven workflow platform.
  2. They provide self-service capability accessible to users via desktops and mobile devices
  3. They provide a two-way integration between Microsoft Outlook and the service desk to track task assignments

Independent Review

thumbnail (1)LANDesk combine experience across ITSM and include systems management, which comes to the fore with their approach to integrating one of the harder disciplines into their Service Management capability.

They have a good understanding of the way the market has moved in recent times – offering web services and because of their broader background, they not only lend their product but their in-house expertise to understanding what to integrate.

The focus of the solution is to be directly productive, and it is good to see them almost embrace BYOD capability – their focus is delivery of what IT does into the hands of the user.

What they have done well is to identify some neat little innovations and put some lateral thought about how these can be used. For example the use of RSS feeds to provide assignment updates to technicians and the use of QR codes to perform simple actions on processes (create/close a record). Whilst the take-up may be slow in some cases – they are ready for when the first organisation(s) latch on to the ideas.

LANDesk have developed their product to offer the same service management capability as the majority of vendors in the industry, and they provide integration and automation built in to their graphical process workflow.

They should take the opportunity to shine the light on the other bushels in their pack – not everyone can boast all 15 processes and that gives them an interesting depth in their section of the market.

Integration and specific recognised criteria

LANDesk Service Desk has been Pink Verified against the maximum 15 verifiable processes :-

The product uses ITIL terminology throughout the product, and the comprehensive coverage of all the process means they cover the bases in terms of recommended approaches and supporting practices.

Security Controls

A comprehensive matrix of permissions apply across every action and activity in the Service Desk product, so ability to perform actions will only appear for an analyst when they have this right.

Other integrations use workflow and process definition which ensures that only the right activity can take place in a secure and controlled fashion.

All integration activities are typically audited as standard design.

Pre-Deployment Integration

LANDesk is another vendor that also employs some level of sense checking as well as pure automation methods to bring across data, including:

Customer Profile Document

Introductory phone call and Project Kick-off meeting

Data collection spreadsheet which shows all the different typical default areas of data collected and imported


In addition connectors to Active Directory, LANDesk Management Suite, Microsoft SQL, Oracle, Excel, Access, OLEDB all allow connection to other typical sources for import

Asset and Configuration Information

LANDesk Service Desk provides preconfigured integration to populate the CMDB, to import ITAM managed assets and to update any existing items. Their features include:

  • Unlimited field definitions and CI types
  • Asset/CI relationships can be imported into CI structure diagrams
  • Asset/CI relationships can be discovered and defined with a rules-engine.

Assets and CIs are accessible from all ITSM processes, updated under change management, and can be imported back to source tools from Service Desk updates.

They also provide an inventory lookup – in Systems Management focussed discovery, the tool will typically pick up all manner of information that is not required for Configuration Management – the Inventory lookup facility shows you the full detail.

Support Services Integration

  • LANDesk include (but are not limited to) their own IT Management tools supported in context:
    • Remote Control
    • Inventory Lookup
    • Software Deployment
    • Chat
    • Ping
    • Patch/Security Scan
  • As part of Request Fulfilment, Release, Change, and Incident they provide integration as part of process activity in the background. This drives self-service and IT-initiated process automation across the business, providing, for example integrated:
    • Software Deployment
    • AD Data Management
    • Mobile device wipe and other admin functions
    • Security scan, patch, OS deploy, among other functions
  • Major Incidents Communications
    • RSS – any query of data, list or dashboard gadget can be converted into an RSS feed that can be pulled on demand using any commercial standard RSS client.
    • Major Incidents are typically distributed through: Product Dashboards, Email, RSS and Twitter
  • Support Chats/Social Media
    • Core social discussion and chat features are provided as standard as well as integration through APIs and Automation is provided on request for:
      • Enterprise Social Platforms (e.g. BlueKiwi)
      • Twitter
      • Facebook
      • Jive
      • These are the basis of LANDesk’s Social Content Pack, including Discussion Threads and a Chat function within Self-Service.
      • LANDesk make use of RSS feeds which can take any view of the data and publish it as a feed to be incorporated into dashboards

Resource Management Integration

LANDesk provides two-way integration between Microsoft Outlook and the Service Desk. Assignments can be dragged and dropped to individuals or groups taken from live Outlook calendar as Gantt style views.

Assigned work appears as appointments in Outlook calendars or as tasks and once updated in Outlook, the work item in Service Desk is updated too.

Additional Areas of Integration

  • Event Management

LANDesk Event Manager provides a configurable, flexible interface to allow current and future monitoring and alerting systems to interact with the service desk.

The Event Management engine captures significant issues within the infrastructure and automatically logs prioritises and routes Incidents to the appropriate analyst team. This alerts the relevant team of issues, even before end users become aware of them, thereby increasing the chance of early resolution and minimizing impact on the user community.

  • QR

Another neat innovation is the use of QR codes – for example putting integration with simple process actions such as creating or closing records – whilst take up might be few and far between at the moment, it is a way of tapping into an increasingly mobile workforce to speed up tasks.

LANDesk Customers

From the LANDesk Brochure

  • An integrated solution for systems management, endpoint security, mobility and ITSM (premise, cloud or both).
  • Easiest ITIL path for increasing end-user productivity
  • One price per end-user – unlimited devices, including BYOD

In Their Own Words:

LANDesk Service Desk is a process-driven IT Service Management software solution that can be deployed as an on-premise, SaaS or hybrid solution. It delivers all of the core ITSM functionality expected from a market-leading solution. Service Desk is ITIL®-verified in 15 processes, including incident, request, self-service, change, and knowledge management and provides powerful multi-level reporting.

LANDesk Service Desk provides a rich end-to-end service management platform that not only supports core service management, but enables your IT organization’s high-level business goals, from basic resolution management to mature service portfolio management, capacity and availability optimization, and continuous service improvement. It integrates seamlessly with your systems and network management environments, including all LANDesk solutions for systems lifecycle management and endpoint security.

The solution’s out-of-the-box functionality is easily configurable to match specific business needs without coding. It helps enterprise IT organizations move swiftly from a reactive state to a more controlled, proactive, and service-oriented posture.  They improve the availability and continuity of services and the productivity of service desk staff and users, while reducing the time-to-restoration, downtime expense, and service-related business risk.


Further Information

This independent review is part of our Integrations 2013 Group Test.

So you want to be an ITSM consultant?


So you want to be an ITSM consultant? 

Why not pit your wits against Peter and analyse this financial services case study. Do you agree with Peter’s analysis? How would your diagnosis differ?

Case Study Introduction – The scenario

By  Peter Brooks.

There’s an interesting article on Financial Trading systems here. It raises many questions, and I thought it would be interesting to see how a consultant would tackle it if asked by an organisation to give service management consulting on the future of its trading systems.

It’s often easier to tease out the important matters by looking at a specific example.

So, here’s your mission: You’re new to the world of consultancy though you’re fairly familiar with service management and you have a background in IT. A friend of yours in the financial world has recommended you. He has convinced the trading manager that you can help him improve his bottom line with consultancy exercise. What would you do?

Scope – terrifying!

You’re completely new to this world. You’ve seen both the ‘Wall Street’ films, and you’ve got a picture. People in this world are seen as brilliantly clever, hugely impatient, highly aggressive and not the sort who lose many night’s sleep worrying about the ethics of their actions. So that’s the stereotype.

So the first question, as an inexperienced consultant is; ‘Should I take this job at all?’. A good question. You should ask this about every consultancy job you ever have, actually, and consider the answer seriously. Not just because it’s the right thing to do, but because it will help you think out your approach before the engagement and help you understand the big picture of what you’re going to be doing before you are too lost in the fast moving detail to have time to spare for big picture thinking.

A list of pros and cons helps – particularly if some allow you to rule it out or rule it in depending on what you hear when you first meet your client.


  • If it works out it’ll be great for the CV, give you a useful insight into the financial world and might even make a difference to the world as a whole, in a positive sense.
  • They know that you’re young and inexperienced, so they’ll probably ignore what you say anyway – it’s more being done as a favour, so, if you get it wrong, you may not do too much damage.
  • It’ll impress everybody to know that you’re working in such a high-pressure environment, particularly if they don’t know all the details.


  • If somebody does take you seriously, and you get it all wrong, then you might contribute to yet another crash and huge misery for millions, if only in a small way.
  • Some people may be impressed, but some of your more environmentally friendly friends may never talk to you again.
  • If your scope is limited to advising on one particular financial system, financial service or IT system, you truly don’t have the knowledge or experience, so you must say “no”.
  • If you do discover major risks, serious ethical problems or other dangers, you must make sure that you are not made complicit. So you can ask your client, at the first meeting, what you should do if you do discover these. If you are told that you’d have to cover them up, then walk away. If your answer is that you should produce a private report for the board if that happens, or similar, then things look set fair.
  • Will you have enough time to find out what you need to know? Make sure, at the first meeting, that you’ll be able to meet and interview all the major stakeholders to get a proper understanding of the situation. If you’re expected to only talk to one or two people, then you might accept the job, but make sure that your result must be accepted as tentative and a first-pass effort.

The last three are the important ‘cons’. At least now you have something to talk about at the first meeting.

Your approach

Expect to be asked how you will approach the assignment at the first meeting. This is easier than you think because you’re not going to ‘wing it’ on your own, you’re going to be using industry standard advice on service management to guide you.

First you’ll need to understand what the business is actually doing and why and what your role is going to be in helping them. This is known as ‘enterprise analysis’ and, in this case study, we’ll be using the article from The Register.

Next you’ll need to identify the stakeholders and understand their various requirements, at least at a high level.

Then you’ll use this to build a preliminary picture of the services and service strategy that the company is following and gaining idea of the strategy it should be following to achieve good governance.

Finally, based on this understanding, you’ll be recommending a road map, with a picture of the first steps to be taken, and that will be the basis of your final report.

So, let’s pretend we’ve had that first meeting and go through the steps, based just on our knowledge and on the brief outline in the article. Remember that this is just an exercise and that you’d have to do a lot more proper work in any real situation!

Enterprise Analysis

Some firms trade on their own account and that is their main business. This requires a considerable amount of money and is, consequently, not so common. More usually, the trading entity is part of a larger financial organisation, a bank, a hedge fund, an insurance company or similar.

The particular trading that this article about, ‘high-frequency trading’ or ‘algorithmic trading’ is usually used for a small portion of the companies overall wealth with the aim of reducing risk and increasing return.

The reason that you’ve probably been asked to come in is that this form of trading, though fairly new and, in some ways, very dangerous, is surprisingly unprofitable. It costs a lot of money and doesn’t produce much return despite the high risk it involves. So little is lost getting your advice because they can try it without losing much and, if it works, they can gain enormously. This should help with some of your fears about the ethics of being involved – if you can reduce the risk, at least, you’ll be doing good for most of the stakeholders.


Let’s look at the stakeholders, and their main requirements, from the most remote to the closest to your direct client:

  • The general public: less volatility, market growth based on genuine value of the underlying stock.
  • The financial world: less volatility, market growth, reduced risk of short-term losses (avoiding another ‘flash crash’)
  • The bank who’ll be paying you: reduced risk, increased profit, fewer missed opportunities, better governance of trading services
  • The trading team: increased profit, reduced risk, beating the market, medium term stability
  • The technical team: faster trades, better intelligence, better forecasting (short & long term), lower risk from software bugs, use of latest hardware technology, better algorithms, ability to change algorithms more quickly, more confidence that algorithms are accurately implemented.


As is often the case, the solutions (the software and hardware) change often, but the requirements are long term. You’ll need to understand what this company and trading team have as their particular requirements, and recommend setting up a requirements register, but the stakeholder analysis provides these:

  • Improved governance
  • Reduced market volatility
  • Market growth
  • Recognition of underlying stock value (should the trading team trade in their own Bank’s stock, possibly to its disadvantage, for example?)
  • Reduced trading risk
  • Increased trading speed
  • Increased profit
  • Improved forecasting
  • Fewer bugs

Some of these appear contradictory, some are inter-related. From the point of view of ethical consultancy and the concern of most stakeholders, the key ones are – governance, reduced risk (which includes volatility, bugs & poor forecasting) and increased profit.

Services, risks issues, strategy and governance

It’s likely that, as the article describes it, the trading team is not thinking in terms of business services, but, rather, in terms of technology. It’s important to separate the various services to understand the investment cost and return of value per service, rather than just lumping them together. The actual services as perceived by the business would emerge in discussion, but a few obvious ones are:

  • Fast buying service
  • Fast selling service
  • Forecasting service
  • Risk analysis and management service (micro-risk)
  • Algorithm design & deployment service
  • Algorithm Service X – each algorithm has a cost/value profile based on risk, cost, stability, average & max/min of profit/loss in short, medium term

The issues are:

  1. Poor Governance: It’s pretty clear that the risks are very high because only the technical team understand the algorithms, the forecasts and the technology – so there is no way that effective governance can be in place at a board level because even the trading team can’t quantify the cost/value ratio for their services.
  2. Poor stock recognition: The emphasis on speed means that only a limited reference can be made to the medium and long-term underlying value of the stock. So software can easily be led into a bubble caused simply by instability, like the flash crash.
  3. No Control: The development and deployment, of algorithms, forced by the technology leads to poor control, high risk of error and poor forecasting
  4. Instability: The use of technology such as FPGAs means slow development times, high error rates and poor understanding of how the algorithms are actually working – reinforcing the lack of stability, high market volatility and poor governance. The banks don’t know what their machines are doing, and don’t know if they’re even delivering value for the bank, they may even be destroying value.


There are major short-term risks – of the worst sort, governance risks. No short-term solution is going to address them. It is, though, urgent to put in place some longer-term structures that can reduce the risk in the medium to long term.

  1. A service portfolio should be constructed for all business carried out by the trading teams, so that particular deployments of hardware and software can be understood in terms of the value/cost ratio, based on a genuine understanding of risk, volatility, forecasting accuracy and measured profit/loss ratios in particular markets
  2. Metrics need to be designed to measure the effectiveness and efficiency of these services
  3. A requirements register should be produced so that algorithm design and deployment can be tied to compliance, corporate strategy and policy as well as trading team objectives. This must be tied to the corporate risk register
  4. A plan must be produced to replace the high-risk development techniques being used. Firmware design and development of ASICs, GPUs and FPGAs is slow and error prone if carried out in low level logic design, assembler/microcode or unreliable languages such as C++. This should all be replaced by a corporate policy to use only Ada as this is reliable, documents properly, is designed for embedded systems of this nature, and is quicker to develop and faster (this is proven empirically) than assembler or microcode.
  5. Forecasting must be designed to incorporate board policy, longer-term views of the value of stock and to use the power of Ada to reduce volatility by enabling decisions to incorporate longer views.
  6. Staff need to be trained in service management to understand the service metaphor and to start to understand the contribution of services in terms of their contribution to business value, not simply to technical short-term gain (even if the algorithms themselves actually exploit this)

Do you agree with Peter’s recommendations? 

Further Reading

For more advice on ITSM consulting check out Peter’s publications:

Image Credit

How to conduct an ITSM assessment that actually means something

ITIL (Information Technology Infrastructure Library), a standard framework for managing the lifecycle of IT Services, is sweeping the U.S.   Based on a 2011 analysis of 23 ITIL studies, Rob England concluded that the compound annual growth in ITIL adoption was 20%± and that ITIL training attendance increased at a compound annual rate of 30% for the past ten years.  Despite this apparent surge of adoption, enterprises continue to struggle with ITIL’s daunting framework.

Recognizing the confusion inherent in ITIL alignment, numerous vendors have created “ITSM assessments” with varying degrees of complexity and debatable value.  These assessments draw upon frameworks such as ITIL, CMMI-SVC, Cobit and, occasionally, BiSL or more specific constructs such as KCS and IAITAM.  Where does one begin?  What is most important?  Where will improvement deliver the best payback?  How can one ensure that all phases of implementation share a common and scalable foundation?

Fundamental Assessment Approach
Figure 1: Fundamental Assessment Approach

All assessments follow a pretty basic formula:

  1. Determine and document the current state of ITSM in the organization.
  2. Determine and document the desired state of ITSM in the organization.
  3. Establish a practical path from current to desired state (roadmap).

Simply stated, the objective is to successfully execute the ITSM roadmap, thereby achieving a heightened level of service that meets the needs of the business.  But don’t let those vendors through the door just yet because this is where ITSM initiatives go sideways.

Current state, desired state and roadmap mean nothing without first establishing scope and methodology.  How comprehensive should the assessment be?  Does it need to be repeatable?  Which processes and functions should be targeted?  Should it be survey-based?  Who should participate?

Rather than seeking input from the ever so eager and friendly salespeople, one can follow a simple three-step exercise to determine scope and methodology.  These steps, described in the following sections, may save you millions of dollars.  I have seen dozens of large enterprises fail to take these steps with an estimated average loss of $1.25M.  For smaller enterprises ($500M – $1B in revenue), the waste is closer to about $450,000.  The bulk of this amount is the cost of failed projects.  In some instances those losses exceeded $10M (usually involving CMDB implementations).

Three Steps to a Meaningful ITSM Assessment

Though these steps are simple, they are by no means easy.  For best results, one should solicit the participation of both IT and business stakeholders.  If the answer comes easily, keep asking the question because easy answers are almost always wrong.  Consider using a professional facilitator, preferably someone with deep, practical knowledge of ITIL and a solid foundation in COBIT and CMMI-SVC.

So, the three steps are really three questions:

  1. Why do you need an ITSM Assessment?
  2. What do you need to know?
  3. How do you gain that knowledge?

Step 1:  WHY Do You Need an ITSM Assessment?

IT Service Management aligns the delivery of IT services with the needs of the enterprise.  Thus, any examination of ITSM is in the context of the business.  If one needs an ITSM assessment, the business must be experiencing pain related to service delivery.

  1. Identify service delivery pain points.
  2. Map each pain point to one or more business services.
  3. Assign a broad business value to the resolution of each pain point (e.g. High, Medium, Low).  Divide these values into hard savings (dollars, staff optimization), soft savings (efficiency, effectiveness), and compliance (regulatory, audit, etc.).
  4. Map each pain point to a process or process area.

There should now be a list of processes with associated pain points.  How well can the business bear the pain over the next few years?  With this preliminary analysis, one should be able to create a prioritized list of processes that require attention.

For now, there is no need to worry about process dependencies.  For instance, someone may suggest that a CMDB is required for further improvements to Event Management.  Leave those types of issues for the assessment itself.

Step 2: WHAT Do You Need to Know?


Four Assessment Needs
Figure 2: Four Assessment Needs

Now that the organization understands why an assessment is required (of if an assessment is required), it can identify, at least in broad terms, the information required for such an assessment.

Referring the chart in Figure 2, IT management need only ask four questions to determine the needs of an assessment.

Is ISO/IEC 20000 Certification Required?

If the organization requires ISO/IEC 20000 certification, a Registered Certification Body (four listed in the U.S.) must provide a standardized audit, process improvement recommendations, and certification.  For most enterprises, this is a major investment spanning considerable time.

Does Repeated Benchmarking Provide Value?

Does the organization really need a score for each ITIL process?  Will the assessment be repeated on a frequent and regular basis?  Will these scores affect performance awards?  Will the results be prescriptive or actionable and will those prescribed actions significantly benefit the business?

The sales pitch for an ITSM assessment usually includes an ITIL axiom like, “You can’t manage what you don’t measure” (a meme often incorrectly attributed to Deming or Drucker).  One must ask if scores are the best measure of a process?  To what extent do process maturity scores drive improvements?  Not much.  Each process has its own set of Critical Success Factors, Key Performance Indicators and metrics.  These are far more detailed and effective data points than an assessment score.  Ah, but what about the big picture?  Again, ITIL and COBIT provide far more effective metrics for governance and improvement on a macro level.

That said, there are some pretty impressive assessments available, some with administrative functions and audience differentiation baked into the interface.  However, one should build a business case and measure, through CSFs and KPIs, the value of such assessments to the business.

Do you need an ITSM Strategy and Framework?

Does the organization already have an intelligent strategy for its ITSM framework?  Is there a frequently refreshed roadmap for ITSM improvement?  For most enterprises, the honest answer to this is no.  Numerous Fortune 500 enterprises have implemented and “optimized” processes without strategy, roadmap, or framework.  The good news is that they keep consultants like me busy.

To build an ITSM strategy, an organization needs enough information on each process to prioritize those processes as pieces of the overall service workflow.

To gauge the priority of each process, we focus on three factors:

  • Business value of the process – the extent to which the process enables the business to generate revenue.
  • Maturity gap between current and desired state – small, medium or large gap (scores not really required).
  • Order of precedence – is the process a prerequisite for improvement of another process?

To complete the strategic roadmap, one will also need high-level information on ITSM-related tools, integration architecture, service catalog, project schedule, service desk, asset management, discovery, organizational model, business objectives, and perceived pain points.

Are You Targeting Specific Processes?

To some extent, everything up to this point is preparation and planning.  When we improve a process, we do that in the context of the lifecycle.  This task requires deep and detailed data on process flows, forms, stakeholders, taxonomy, inputs, outputs, KPIs, governance, tools, and pain points.

As this assessment will be the most prescriptive, it will require the most input from stakeholders.

Step 3:  HOW Do You Gain that Knowledge?

Finally, the organization identifies the assessment parameters based on the data required.  Similar to the previous step, we divide assessments into four types.

ISO/IEC 20000 Certification

The only standardized ITSM assessment is the audit associated with the ISO/IEC 20000 certification (created by itSMF and currently owned and operated by APM Group Ltd.).  The journey to ISO 20k is non-trivial.  As of this writing, 586 organizations have acquired this certification.  The process is basically measure, improve, measure, improve, ………. , measure, certify.  Because the purpose of improvement is certification, this is not the best approach to prescriptive process optimization.

Vendor-Supplied ITSM Assessment

The administration, content, and output of ITSM assessments vary wildly between vendors.  In most cases, the ITSM assessment generates revenue not from the cost of the assessment but from the services required to deliver the recommended improvements.

Rule #1:  “If you don’t know where you’re going, you’ll probably end up somewhere else” (Lawrence J. Peter).   Without a strategy and roadmap, assessments will lead you to a place you would rather not be.

Rule #2:  The assessment matters far less than the assessor.  When seeking guidance on ITSM optimization, one needs wisdom more than data.  A skilled assessor understands this workflow in the context of a broader lifecycle and can expand the analysis to identify bottlenecks that are not obvious from an assessment score.  An example is Release Management.  The Service Desk may complain that release packages are poorly documented and buggy.  Is that the fault of the Release Manager or is it a flaw with the upstream processes that generate the Service Design Package?

Rule #3:  Scores are only useful as benchmarks and benchmarks are only useful when contextually accurate (e.g. relative performance within a market segment).  Despite the appeal of a spider diagram, avoid scored assessments unless compelled for business reasons.  Resources are better spent analyzing and implementing.

Rule #4:  An assessment without implementation is a knick-knack.  Validate the partner’s implementation experience and capability before signing up for any assessments and be prepared to act.

Rule #5:  A free assessment is a sales pitch.

Rule #6:  A survey-based assessment using a continuous sliding scale of respondent perception is a measure of process, attitude, and mood.   So is a two year old child.

Rule #7:  In ITSM assessments, simpler is better.  Once a vendor decides that the assessment needs to produce a repeatable score, the usefulness of that tool will decline rapidly.  If you doubt this, just look under the covers of any assessment tool for the scoring methodology or examine the questions and response choices for adherence to survey best practices.

Strategy and Roadmap Workshops

Enterprise Service Management strategies save money because not having them wastes money.  Without guiding principles, clear ownership, executive sponsorship, and a modular, prioritized roadmap, the ITSM journey falters almost immediately. Service Catalogs and CMDBs make a strategy mandatory.  For those who lack an actionable Service Strategy and Roadmap, this is the first assessment to consider.

An enterprise needs an experienced ITSM facilitator for strategy workshops.  Typically, the assessment team will perform a high-level process assessment, relevant tool analysis, framework architecture integration study, and a handful of half-day workshops where the gathered information is molded into a plan for staged implementation.

Targeted Process Assessments

Organizations know where the pain points are and have a pretty good sense of the underlying factors.  The assessor finds this knowledge scattered across SMEs, Service Desk personnel, business line managers, development teams, project office, and many other areas.  The assessor’s value is in putting these puzzle pieces together to form a picture of the broader flows and critical bottlenecks.  Through the inherited authority of the project sponsor, the assessor dissolves the organizational boundaries that stymy process optimization and, with an understanding of the broader flow, assists in correctly identifying areas where investment would yield the highest return.

For these assessments, look for a consultant who has insightful experience with the targeted process.  An assessment of IT Asset Management, a process poorly covered in ITIL (a footnote in the SACM process), requires a different skill set than an assessment of Release and Deployment Management or Event Management.

The output from a Targeted Process Assessment should be specific, actionable, and detailed.  Expect more than a list of recommendations.  Each recommendation should tie to a gap and have an associated value to the business.  Essentially, IT management should be able to construct an initial business case for each recommended improvement without a lot of extra effort.


Liam McGlynn
Liam McGlynn

Organizations are investing tens of millions in ITSM assessments.  I have seen stacks of them sitting on the shelves of executives or tucked away in some dark and dusty corner of a cubicle.  Whether these assessments were incompetent or comprehensive, as dust collectors, they have zero value.

How prevalent is the lunacy of useless ITSM assessments?  From my own experience and from conversations with others in the field, vendors are selling a lot of dust collectors.  Nobody wants to be the person who sponsored or managed a high-profile boondoggle.

So the advice is this.

  • Don’t waste time on scores because there are better ways to sell ITSM to the board than a spider diagram.
  • Develop and maintain an ITSM Strategy and Roadmap.  As Yogi Berra once said, “If you don’t know where you’re going, you’ll wind up somewhere else”.
  • Assessing and implementing need to be in close proximity to each other.
  • Get an assessor with wisdom who can facilitate a room full of people.
  • Finally, follow the three steps before you let the vendors into your office.

The journey may have many waypoints but let’s just make it once.

Liam McGlynn is a Managing Consultant at Fruition Partners, a leading cloud systems integrator for service management and a Preferred Partner of ServiceNow.  

Gazing deep into the prISM

prISM: 'Dark side of ITSM?' or genuine professional recognition?

At first glance, the new prISM credential scheme seems to be a qualification too far, as I consider improving my ITSM skills by going for the first of my ITIL Intermediate levels.

The take up so far seems to belong to an select group, much like those who piloted the new ITIL Master scheme, and perhaps it is too early for that all important critical mass to make it the “must-have” credential to have.

What is prISM and why is it different?

The aim of prISM is to provide recognition and a skills development structure in the ITSM industry.

It has defined a measurable framework which takes into account an individual’s qualifications, experience and contributions back to the ITSM industry.

So, if you have the ITIL foundation certificate, and a few years in front line roles under your belt, you can get up and running in prISM as an Associate, and use their structured approach to plan your next steps up the ITSM ladder.

But, you pay for the privilege, so why is this worth investing time in?

Industry maturity

Matthew Burrows, Lead for Global priSM Advisory Committee (GAC) explained:

“The real reason for prSIM is that the IT industry is starting to mature and become a bit more of a profession rather than a job.”

Just take a look sometime, in various ITIL and ITSM related Linked In groups, and you will see pleas from people who seem out of their depth.

Think of it in this way.  How many times do organisations send people onto an ITIL Foundation course, and then expect them to be able to implement major ITSM projects?

Matthew continued:

“Nothing ever works like that with a skill.  You have to practice it and apply it.  You have to learn from the mistakes from yourself and others. You have to learn from your successes as well and you refine it over time, and you get better at it by repetition.”

Part of the issue is the lack of a requirement to refresh ITIL qualifications, once gained.

In prISM, each year you submit a Continual Professional Development forms to demonstrate growth and development in order to re-earn your credential.

prISM Credential Levels

  1. Student in Service Management (SSM) – students with an interest in ITSM
  2. Associate (ASM) – entry level professionals
  3. Professional (PSM) – experienced Service Management professionals
  4. Distinguished Professional (DPSM) – senior, well experienced Service Management professionals and leaders
  5. Fellow (FSM) – reserved for those senior professionals who have been recognised for making a significant contribution to the profession and its body of knowledge


I see the benefit of tiering the levels like this, and even though my “rock face” experience gives me a broader perspective than if I had only the ITIL Foundation course, this is where the CPD aspect comes in.

The whole point of the profession maturing means that I need to really focus on further certification, but given the cost of courses, I really need to think carefully as to what to pursue.


I have worked in the area of ITIL/ITSM for 8 years now – I know my stuff. Do I really need to pay for more certification AND a credential to prove it?

Matthew believes that prISM should be a nice to have, rather than a mandatory requirement:

“From an employer’s point-of-view it tells me that they’ve been through the experience and qualifications that they say they’ve got, they’re committed to CPD, they give something back, they take their profession seriously.”

In my opinion, this is hard to prove in the immediate short term, without understanding from recruiters if they put any store in the acronyms above.

The Application Process

1)     Calculator

  • Step One: Education and Experience

The spreadsheet gives you a broad brush stab at the permutations of education and experience.

I tested a couple of elements and opted years of experience, as my degree was a LONG time ago! Recommended Level: PSM

  • Step Two: Required Professional Certifications

Here’s where it started to get confusing.

With an ITIL V3 Foundation Certificate (useful) and a TOGAF Enterprise Architecture L1 and L2 certificate (not at all useful, apparently), recommended level: ASM!

  • Step three: Extra Points

I played about with this out of interest, in terms of ITSM implementation experience, and also in terms of ITSM Review writing – which confused matters even more, because now the summary shows me that I meet DPSM criteria as well!

With the combination of the experience and qualification  I could apply now for Associate Membership but with at least one ITIL Intermediate course, I go up to Professional credentials.

Irritatingly, the comment boxes for the Certification sections stays visible after you have marked an entry, which then obscures the entries below.

2)      Application Form & CV

You also have to fill in the application form and sign the statement to adhere to the profession’s code of ethics, and you will need to cross-reference the handbook as you go for Professional credentials which sounds like a bit of hassle.

There is a bit of repetition here, having to put in the details of your referee, as well as including your reference (with those same details) as part of the package.

You also have to write your own personal statement, demonstrating your interest in the ITSM profession.

If you are serious about going through this process, I think it is worth updating your CV during this process.  It won’t hurt you to pay some attention to your Linked In profile either.

After all, if recruiters are using Linked In more and more, the best way to promote the importance and credibility of this credential is to have it on your online profile.

3)      Reference Statement & Evidence

You will have to get someone to write a supporting statement for you, and also find your supporting evidence to match your calculator entries.

Some issues

  • You need to keep PDFs at 1MB per document, and the whole application cannot be more than 25MB.  Irritatingly my scanned ITIL certificate and itSMF UK invoice are just over 1MB, but everything else is smaller.
  • The pricing is misleading.  The handbook states itSMF membership is preferable (and gives a discount) but not mandatory.  The application form infers the opposite – so those need to be in sync.
  • The handbook encourages you to pay before gathering your references – I would actually get everything together first, then proceed to pay for your appropriate membership, as you then need the proof of payment to zip together to submit.

Ros’s Progress

Matthew very kindly agreed to be my reference, and we decided to let me go through the process (and provide feedback!). so I have sent him a form to fill in and return to me.

I’ll put my (eventual) credential on my LinkedIn Profile, and push out an updated CV to see if there is any immediate change in the type of roles I typically see.

Will it be the prISM credential, or the ITIL Intermediate certification that provides the trigger (if at all!).

Watch this space.

Further Information


Service Management’s 4 Golden C’s: Codeless Configuration & Complete Customisation

Edinburgh Castle from Princes Park.

Cherwell Software has won a new customer for its Service Desk software solutions in the shape of Baillie Gifford, an independent investment management partnership based in Edinburgh, Scotland.

Baillie Gifford is one of the largest investment trust managers in the UK. The firm is wholly owned by 36 partners and manages in excess of £75 billion with 700 staff.

Complete Customisation

Having opted for the firm’s own-branded Cherwell Service Management product from Cherwell Software, Baillie Gifford says that it was drawn to its decision via the option to gain “complete customisation and seamless upgrades” with the tool.

Baillie Gifford’s IT service desk manager Rob Whittaker asserts that Cherwell has an intuitive product (with some products reviewed he found it difficult even to see how to log a call at first glance) that works using single step effectiveness i.e. it can be launched manually or automatically — and that this would help his team to save time and automate regular, repeatable tasks.

Codeless configuration

For its part, Cherwell also champions its “codeless configuration” technology and upgrades that could potentially save time and effort.

“When we started the review process, we had not heard of Cherwell Software,” said Gifford. ‘The company came up in an Internet search, and based on the demos and videos on its website and the fact that its sole business focus is ITSM, it became a candidate we wanted to see more from.”

Prior to the itSMF Annual Conference in November 2011, Baillie Gifford narrowed down its prospective list and reviewed four solutions at the show.

“During the two days, we visited the Cherwell stand three times,” said Gifford. “Unlike other stands, when we asked questions we weren’t just given a standard demo we were shown how the product would function. With the other vendors, features were always ‘coming soon’ or ‘could potentially’ do what we were looking for.  The Cherwell product matched what we had learned from their website. It’s built from the ground up and is not just shoe-horned onto another product.”

Before “go live”…

Following what it has described as a “stringent” software testing and evaluation process starting at the end of 2011, Baillie Gifford placed its order with Cherwell in early March 2012 and went ‘live’ with Cherwell Service Management on 21 May 2012. The company then spent a weekend migrating final data, live testing and rolling out.

“Cherwell offered us the product to test and evaluate prior to making a purchasing commitment,” said Gifford. “No one else offered us that. They allowed us to go away and actually use the software to make sure it met our needs. This told me that the company is confident that the product can do what they promise it will do.”

Cherwell Software 
is headquartered in Colorado Springs, USA and with its EMEA offices based in the UK. Cherwell’s wizard driven CBAT application development platform empowers users to create new screens, business processes and to develop additional business applications without the need for developer resources, bespoke coding or scripting services.

Photo Credit

Rob England: What is a Service Catalogue?

"The menu analogies we see all the time when talking about service catalogue are misleading. "
"The menu analogies we see all the time when talking about service catalogue are misleading. "

We are looking at railways (railroads) as a useful case study for talking about service management.

What is the service catalogue of a railway?

If you said the timetable then I beg to differ.  If you said one-trip, return and monthly tickets I don’t agree either.

The menu analogies we see all the time when talking about service catalogue are misleading.

A menu (or timetable) represents the retail consumer case: where the customer and the user are one.  In many scenarios we deal with in business, the one paying is not the one consuming.

The service catalogue describes what the customer can buy.  The request catalogue is what the user can request.  Consider a railroad cook-wagon feeding a track crew out in the wilds: the cook decides with the railroad what to serve; the staff get a choice of two dishes.

The cook’s services are:

  • Buying and delivering and storing ingredients
  • Mobile cooking and eating facilities
  • Cooking food
  • Serving food onsite

That is the service catalogue.  The railway can choose to buy some or all of those services from the caterer, or to go elsewhere for some of them.

The menu is a service package option to the “cooking food” service.  The railroad chooses the options based on cost and staff morale.  The menu gives staff the illusion of choice.

First and foremost, a service catalogue describes what a service provider does. How often and what flavour are only options to a service or package of services.  A railway’s service catalogue is some or all of:

  • Container transport
  • Bulk goods transport (especially coal, stone and ore)
  • Less-than-container-load (parcel) transport
  • Priority and perishables transport (customers don’t send fruit as regular containers or parcels: they need it cold and fast)
  • Door-to-door (trucks for the “last mile”)
  • Dangerous goods transport (the ethanol delusion generates huge revenues for US railroads)
  • Large loads transport (anything oversize or super heavy: huge vehicles, transformers, tanks…)
  • Livestock transport
  • Rolling-stock transport (railways get paid to deliver empty wagons back their owners)
  • Finance (a railway can provide credit services to customers)
  • Ancillary freight services: customs clearance, shipping, security…
  • Passenger transport
  • Luggage
  • Lost luggage
  • Bicycles
  • Pet transport
  • Food and drink services (onboard and in stations)
  • Accommodation (big Indian stations all have dormitories and rooms)
  • Tours and entertainment (party trips, scenic trips, winery trips…)
  • Land cruises (just like a cruise ship but on rails)
  • Travel agency
  • Bulk goods storage (railroads charge companies to hold bulk materials in wagons for them awaiting demand: they provide a buffering service)
  • Rolling stock storage (in the USA railroads make money storing surplus freight wagons for other railroads)
  • Rolling stock repair (railways repair private equipment for the owners)
  • Private carriage transport (in many countries you can own your own railroad carriage and have the railway carry you around; a fantasy of mine)
  • Property rental (many large railways are significant landlords)
  • Land sales

Where’s the timetable or ticket pricing now?  It has such a small part in the true scope of a railway’s services as to be trivial.  More to the point, it is not a service: tickets are request options associated with one of many services.  Users don’t request a service: “I’d like an email please”. No, they make a request for an option associated with a service: provision email, increase mailbox, delete account, retrieve deleted email etc…

People confuse their personal consumer experience with business: they try to apply consumer experience models to business processing.  Most customers don’t want a service catalogue “to look like Amazon”.  They want meaningful business information.  The best vehicle for that is usually a text document.  The users/consumers of a service(s) may want to see the requests associated with that service(s) in an Amazon-like interface.  Sometimes there may even be a valid business case for building them a groovy automated request catalogue, but it is not the service catalogue.

The service catalogue defines what we do.  It is not simply an ordering mechanism for customers.  That is that personal/business thing again.  A service catalogue has multiple functions.

  1. Yes it is a brochure for customers to choose from.
  2. It also provides a structure to frame what we do as a service provider: availability planning, incident reporting, server grouping… Once we have a catalogue we find ourselves bring it up in diverse contexts: “we see the list of services show up in the table of contents”.
  3. It is a reference to compare against when debating a decision
  4. It is a benchmark to compare against when reporting (especially the service levels, but not only the service levels)
  5. It becomes a touchstone, a rallying point, an icon, a banner to follow.  It brings people back to why we are here and what we are for as an organisation.

You don’t get that from Amazon.

Then we come to that endless source of confusion and debate: technical service catalogue.  That deserves a whole discussion of its own, so we will look at it next…

Introducing Ros Satar

It is with great pleasure that I welcome Ros Satar to The ITSM Review.

Ros is joining as a regular blogger and ITSM technology Analyst.


“An IT Architect, with close to 20 years experience, working both in direct commercial engagements, and more recently within the outsourcing services.  Worked most recently in the Retail, Finance & Insurance, and Government/Transport Sectors.

Strong technical, business and project skills around Business Analysis and IT Architecture/Solution Design, and Deployment in Transition/Transformation projects, specializing most recently in ITIL ® Service Management Engagements.

Responsibilities include Stakeholder Management, Project Management, User Acceptance Testing and Service Commencement.”

Ros Satar, Analyst and Writer for The ITSM Review

Gadget Girl!

Ros is an ITSM Solution Architect and Process Consultant.

Her journey in ITIL/ITSM began in 2005 when she jumped into the deep end of Configuration Management, and then swam out to the wider ITSM Ocean.

She quite likes it there… technical enough to remind her of her roots, but diverse enough to have opinions on lots of things, based on large customer projects throughout her career.

As well as writing for The ITSM Review, Ros is also following her passion for sports writing and is currently studying for her NCTJ Diploma in Multi-media Journalism.

She says…

“When I am not knee deep in paper and having a love/hate relationship with my many gadgets, I can be found putting in time at various sporting publications writing about people who are way fitter than me.”

They say…

“I have worked with Ros for many years through many technologies, as Architects we are often expected to look at a product and immediately articulate the benefits / return on investment and potential pitfalls in implementation. Ros has the ability to go “Wide” and go “Deep” into the technology and exercise it within an inch of its operational life.”

Welcome Ros!