Two great posts from the IT Service Blog

Robin Yearsley serves up two terrific posts this morning at the IT Service Blog.

One of them is a pointer to a white paper (in PDF format) called Root Cause Analysis for Beginners. (In a former job, I had to develop and teach a root cause analysis class to our problem resolvers, and I wish that I had known of the existence of this white paper; I would have given a copy to every student.)

I hear some of the process-challenged among you asking, “What’s root cause analysis?”  Here, let authors James J. Rooney and Lee N. Vanden Heuvel of the American Society for Quality break it down for you:

  • Root cause analysis helps identify what, how and why something happened, thus preventing recurrence.
  • Root causes are underlying, are reasonably identifiable, can be controlled by management and allow for generation of recommendations.
  • The process involves data collection, cause charting, root cause identification and recommendation generation and implementation.

If you’re not doing root cause analysis on identified problems, then you’re not really doing problem management (as a generic concept) and you’re certainly not doing Problem Management in the ITIL sense.

The second gem is a pointer to an article from CIO, comparing ITIL, COBIT, and ISO 17799 (a standard for information security) with respect to their requirements for security and controls. (This is an area of particular interest to CIOs around the world, due to regulatory laws like Sarbanes-Oxley and HIPAA in the U.S. and similar legislation elsewhere.)

It turns out that the three standards work well together:

ISO 17999 provides security controls. It does not provide implementation guidance and does not specifically address how these processes fit into the overall IT management processes.

ITIL is strong on delivery and support processes. It describes how to structure operational processes but is weak on security controls and processes.

COBIT is focused on controls and metrics. It also lacks a security component but provides a more global view of IT processes at the IT organization management principles than ITIL.

Root Cause Analysis For Beginners (IT Service Blog)
ITIL, CoBIT and ISO: Overlap or Complement? (IT Service Blog)

Post a Comment

You must be logged in to post a comment.

« Creating Passionate Users: Moving up the wisdom hierarchy
Internet Explorer 7 public beta - available for download »