I love this question.  Simply because most folks in IT Service Management would respond with something like, “Well, it depends…”

And in some instances….that is an accurate statement.  It really depends upon what the box is labeled, and then, “who packed the box”, but most importantly, “what you do with the contents of the box once it has been unpacked”.  So let’s take a look in detail at the box.

  • The box-label:  So, let’s call it ITIL (IT Infrastructure Library). No? Don’t like that one? Then how about Industry Best-Practices? Don’t like that one either? Then how about SAS or ISO? How about IT service Management Process Flows? In any case, whatever you call it, the idea here is to arrive at a set of terminology that is simple while being comprehensive enough to allow you to define your standard operating procedures, communicate those standards to your customers – users – administrative staff, and achieve ratification that promotes adherence to those standards.
  • The contents of the box: Yeah…this is the big one… Out-of –box means that you have everything you need to be productive on day one. It’s a simple matter of being able to provide a process flow that fosters compliance to internal standards and procedures, externally imposed mandates and regulations (be they imposed by governments or the dictums of an industry), and probably most importantly can be measured, monitored and reported upon.
  • Using the contents of the box:  This is the ironic bit. Many times, organizations will take the embedded best practices and modify them to fit their needs….slightly. This is OK….as long as you don’t go overboard on the modifications. Embedded best practices are normally created by leveraging a vast amount of experience attained via hundreds and sometimes thousands of real world experiences. They work well because the oddities and inconsistencies and inefficiencies have already been identified and removed from the process. And, the result should be one that supports a wide array of compliance control objectives and industry requirements WITHOUT modification. However, there is always that rogue desire to stray from a proven methodology in order to “adapt it to our unique culture because we really are that different…” It’s just like going to a five-star restaurant in Rome and before tasting the food, you dump a pound of salt on the entrée because the restaurant at home always needs salt….  Try it first, spend some time with it, and then if you still need to, just add a pinch of salt to see if it really makes a big difference.

If you acquire a solution that has been around for ages, has great compliance best practice expertise, is a recognized leader in that specific field, and can PROVE through industry presence and effectiveness that their Out-Of-The-Box solution really does work…..then you should be able to leverage those cornerstones of process into a compliance and best practice model that lives up to the expectations.

Three things to remember:

  1. Communication: Make sure everyone is speaking the same language from the onset with respect to expectations and goals and mandates
  2. Source: Do your homework. Not all solutions are created equally, thus not all process flows are comprehensive and effective – or even meet your needs. See where you are today, where you need to be and then select the right Box, packed by people who understand where you need to be tomorrow
  3. Be Bold!: Yes, in some instances you will be championing something that is culturally new and different. Get your sponsors on-board early and make sure they understand the importance of the project. Then implement those new standards and be ready to resist the urge to “add salt” straight away.

Change takes time and endurance and a strong belief in what you are doing….but…when you get it right, and the solution comes “out-of-the-box”, and you can demonstrate the effectiveness in terms of time, money and compliance….well…the benefits to the organization and to your career can be enormous.

By: Christopher Williams