IT is at the heart of most business today. Whether it’s in marketing systems and CRM, design software applications, production line automation or finance and accounting, if the information technology being used breaks down, so do business operations. Conversely, when service from the IT department is defined in terms of the business objectives of the organisation, business continuity can be positively reinforced. ITIL (IT Infrastructure Library) and ITSM (IT Service Management) both take business goals as the starting point for defining and implementing levels of IT service. How then do ITIL and ITSM compare and what are their roles in helping to improve business continuity?
ITIL is a framework or methodology based on best practices in IT management. By following the guidelines defined by ITIL, organisations can expect to achieve cost-effective, business-oriented IT operations that help both productivity and innovation. Application of ITIL helps to minimise the issues that cause downtime, whether these are linked to technology, processes or people. It therefore contributes to better business continuity. While there is no certification of ‘ITIL compliance’ for organisations, individuals can achieve different levels of ITIL qualification: for example, ‘Foundation’, ‘Intermediate’ and ‘Expert’.
On the other hand, ITIL is commonly used as a basis for achieving organisational certification for the ISO 20000 standard concerning IT Service Management levels and processes. The difference between ITIL and ITSM/ISO 20000 is that ITIL tells you how to do IT management well, whereas ISO 20000 defines the level of excellence to be achieved (but without imposing any particular methodology).
To put ITSM in place as defined by ISO 20000 means implementing suitable processes for satisfactory IT service delivery. The processes deal with the management of IT resources, levels of service, information security, budgeting – and continuity of service. Achieving the level of ITSM defined by ISO 20000 then means that the right processes have been implemented, that IT workers are aware of these processes and that the processes are being done properly. It is by applying these three criteria to IT continuity of service in particular that business continuity overall is also improved.