Much bad press on IT revolves around the spectacular failures of IT projects, whether due to execution, planning or budget issues. In this series of pages, we outline a few of the major standards available to companies looking to implement an IT solution.
The size of the solution could range from a single application on a single desktop through to tens of thousands of computers spread across multiple locations worldwide. The need for procedures is inherent in any business process and provides multiple gains for the business.
For instance, the single desktop application procedures may only be a couple of pages but should detail business continuity plans as well as standard usage. Often, micro-deployments do not document the procedures, leaving the business exposed to potential embarrassment or worse should something happen. Some examples of issues are:
Every business scenario has different procedural requirements that must be analyzed separately, whilst maintaining a coherent view of the business as a whole. Mitigating factors for the amount of detail required in a set of procedures include factors such as the amount of time before a failure becomes critical (in seconds through to potentially months); how often new users are introduced to the software / hardware; where damage could occur if tasks are not completed in a specific order or a specific way.
The procedures presented here are those generally accepted and adopted by the industry. However, the key point to any procedural implementation is that published procedures are generic and must be tailored to the business. Every published procedure will need review and modification in order to meet the needs of the business.
The choice of framework is very important although, as will become apparent, the frameworks are broadly similar and cover different areas of the overall IT solution. As the cliché goes, the devil is in the detail. Although the end goals and high-level requirements of the procedures are largely identical, they require different levels of effort to implement and maintain. The procedures vary in the requirements for people, costs and timescales.
In this article, we very briefly describe a number of different management frameworks in existence today. These frameworks are roughly split into the following areas:
Software development management covers taking an initial product concept and implementing it. Generally, the frameworks will provide some guidance and recommendations on project management, analysis, design, development, testing and delivery.
Everything a business or an individual does can be regarded as a process. Although the terminology differs, mathematicians and computer scientists regard a process as a function - the function takes certain inputs, does various processing on the inputs and then provides some outputs. The basic mathematical notation for a function is y=f(x). x is the input, f() is some function that does something to x (it might square it or multiply it by two for instance) and y is the result after f() has modified (or processed) x.
Given that everything is a process, it should then be possible to analyze and measure the performance of any given process and see if it is possible to change the process or introduce new processes that meet the business requirements better (e.g. reducing time, cost, number of required resources / skill-level). This is the essence of process management.
Project management is non-industry specific and provides a framework for a business to implement a project successfully, whether this is an IT project involving software or hardware or some other project such as creating a new brochure or modifying the office layout.
With the rapid progression of technology the need to secure data, both personal and corporate, is more apparent than ever. Identity theft is becoming more high profile but there are many other potential security issues inherent in IT. The risk of a security breach increases rapidly as the number of interconnected systems increases if appropriate control and audit procedures are not put in place. The security management frameworks outline the recommended procedures for providing a secure working environment. The key requirement is to be able to understand and control the data in and out of the business environment and to be able to assess the risk involved in this data transfer.
Service management can be seen as the continuation of Development Management to the full IT lifecycle - after developing an IT system, the system must be deployed, maintained and supported. Service Management provides the framework in which to deploy, maintain and support an IT system. Service management covers everything from ensuring spare ink cartridges are available to running secure data centre environments.
IT procedures have seen continuous development and refinement since the mid 1980s. The timeline shows the evolution of the standards mentioned within this article.
| Year | Event |
|---|---|
| 1984 | Carnegie Mellon University establish the Software Engineering Institute (SEI). |
| mid 80s | SEI publishes the Capability Maturity Model (CMM) key practices for software. |
| mid 80s | Motorola develop Six Sigma. |
| 1987 | The Project Management Institute (PMI) releases the Project Management Body Of Knowledge (PMBOK), first edition. |
| 1988 | The UK government agency, the Central Computer and Telecommunication Agency (CCTA) develop and publish the Information Technology Infrastructure Library (ITIL) v1.0. |
| 1989 | CCTA develop and publish the Projects in Controlled Environments (PRINCE) methodology. |
| 1991 | The IT Service Management Forum (itSMF) forms in the UK. |
| 1994 | ITIL becomes the de facto standard for Service Management practices. |
| 1994 | Microsoft introduces Microsoft Solutions Framework (MSF) v1.0. |
| 1995 | The International Organization for Standardization (ISO) publishes the first draft of ISO 15504 Software Process Improvement and Capability dEtermination (SPICE). |
| 1996 | The Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) publish Control Objects for Information and related Technology (COBIT) v1.0. |
| 1996 | PMI release PMBOK, second edition. |
| 1996 | The UK Government's Office of Government Commerce (OGC) publishes the first edition of PRINCE2. |
| 1998 | ISACA and ITGI publish COBIT v2.0. |
| 1998 | ISO 15504 SPICE is completed and published. |
| 1998 | OGC release PRINCE2, second edition. |
| 1999 | Microsoft becomes an active member of the ITIL community. |
| 1999 | The British Standards Institute publishes BS 7799, the British Standard for Information Security. |
| 1999 | OGC release ITIL v2.0. |
| 1999 | Microsoft release Microsoft Operations Framework (MOF) v1.0. |
| 2000 | SEI upgrades CMM to the Capability Maturity Model Integration (CMMI). |
| 2000 | ISACA and ITGI release COBIT v3.0. |
| 2000 | ISO publish ISO 17799, the International Standard for Information Security. |
| 2000 | PMI release PMBOK, third edition. |
| 2001 | CCTA merges into OGC. |
| 2002 | Microsoft release MSF v3.0. |
| 2002 | OGC revise and publish PRINCE2, 2002. |
| 2003 | Microsoft release MOF v3.0. |
| 2005 | SEI release IT Service CMM RC1. |
| 2005 | OGC release PRINCE2, fourth edition. |
| 2005 Q4 | ISACA and ITGI expect to release COBIT v4.0. |
| 2006 | OGC and itSMF are working together to scope the content of an update to ITIL publications. |
| 2006 | Microsoft expects to release MSF v4.0. |