I’ve been working hard, but also taking a lot of training lately.

• Last month, I sat for (and passed) the ITIL Foundation certification exam.
• I’ve made a couple of quick (and very pleasant) trips to the Bay Area of California for administrative classes conducted by BMC Software, who produce the Remedy line of service-management products.
• And this month (this week, in fact) I have been immersed in a PRINCE2 Practitioner class. (PRINCE2–PRojects IN a Controlled Environment–is a project management methodology developed by the Office of Government Commerce, the same folks who brought us ITIL.)

PRINCE2: whew.  It’s a lot of material to get through–a 400 page text, plus supplementary material, in a week of classes–but our instructor (from Advantage Learning in the UK) must be doing something right, as 100% of the class passed the PRINCE2 Foundation exam yesterday.

Now, on to the Practitioner exam Friday. Once I recover from that, blogging should resume its normal operational tempo next week.
Related:

• ITIL
• PRINCE2
• Office of Government Commerce (UK)
• Advantage Learning (UK)

The fact of the matter is that making a significant change in a product that is in use in your organization can be more difficult to extricate yourself from than a tar pit—particularly if it means a big loss of revenue to a vendor. A perfect example is the state of Massachusetts’ attempt to go with an open document format. Clearly, Microsoft did not want that happening. But this is certainly not limited to Microsoft. Any indication to a vendor that they may be replaced can scale from verbal protests, to lawsuits to having your service cut off. So, if you are considering such a shift, you’ll need to do a lot of careful planning.

TechRepublic Blog: 50 ways to leave your (vendor)

Long seen as a method to maximize employment opportunities and salaries in the post-dot-com-bust era, a study released today finds that pay for certified IT skills falls short of the pay for non-certified skills.

The Q1 2006 Hot Technical Skills and Certifications Pay Index, released April 25 by Foote Partners, a New Canaan, Conn., IT compensation and workforce management firm, found that pay premiums for non-certified IT skills grew three times faster than for certified ones in a six-month period spanning 2005-2006.

The study suggests that there has been a change in employers’ acceptance of the value of non-certified tech skills versus certifications in maintaining competitive pay for their workers.

Sounds like employers are getting fed up with the performance of “paper MCSEs“–people who took cram courses to pass a Microsoft certification exam, but when faced with an actual server with actual problems in the real world, have no real idea of how to proceed. And they’re finding out that certifications are no substitute for experience and a proven track record.
There *are* some certifications that seem to be growing in value… and, interestingly, they are not pegged to particular products or technologies for the most part:

Fourteen certifications have grown in value, showing an 11 percent or higher growth over the last year, including SCNP (Security Certified Network Professional), CISM (Certified Information Security Manager) and MCT (Microsoft Certified Trainer).

In the New York City market, we are also seeing demand for ITIL certification (and, to a lesser extent, CMMI training) for IT specialists, developers, and managers. And, of course, PMI-certified Project Management Professionals (PMPs) are in high demand.

eWeek: The Downside of Certification

One of them is a pointer to a white paper (in PDF format) called Root Cause Analysis for Beginners. (In a former job, I had to develop and teach a root cause analysis class to our problem resolvers, and I wish that I had known of the existence of this white paper; I would have given a copy to every student.)

I hear some of the process-challenged among you asking, “What’s root cause analysis?”  Here, let authors James J. Rooney and Lee N. Vanden Heuvel of the American Society for Quality break it down for you:

• Root cause analysis helps identify what, how and why something happened, thus preventing recurrence.
• Root causes are underlying, are reasonably identifiable, can be controlled by management and allow for generation of recommendations.
• The process involves data collection, cause charting, root cause identification and recommendation generation and implementation.

If you’re not doing root cause analysis on identified problems, then you’re not really doing problem management (as a generic concept) and you’re certainly not doing Problem Management in the ITIL sense.

The second gem is a pointer to an article from CIO, comparing ITIL, COBIT, and ISO 17799 (a standard for information security) with respect to their requirements for security and controls. (This is an area of particular interest to CIOs around the world, due to regulatory laws like Sarbanes-Oxley and HIPAA in the U.S. and similar legislation elsewhere.)

It turns out that the three standards work well together:

ISO 17999 provides security controls. It does not provide implementation guidance and does not specifically address how these processes fit into the overall IT management processes.

ITIL is strong on delivery and support processes. It describes how to structure operational processes but is weak on security controls and processes.

COBIT is focused on controls and metrics. It also lacks a security component but provides a more global view of IT processes at the IT organization management principles than ITIL.

Root Cause Analysis For Beginners (IT Service Blog)
ITIL, CoBIT and ISO: Overlap or Complement? (IT Service Blog)

The concept of the Configuration Management Database (CMDB) is not exceedingly difficult to comprehend, particularly as it applies to the Information Technology Infrastructure Library (ITIL).

However, the actual implementation of a CMDB and clearly demonstrating value can introduce subtle complexities as a result of competing business objectives and internal IT requirements.

But as a standard and trusted data source, even the simplest of CMDBs can provide a means for improving internal communications and dialogue with IT customers. Even small-scale CMDB deployments could potentially help IT yield measurable benefits in operational effectiveness, cost efficiencies and improve the overall quality of service.

ITSM Watch: ITIL and the CMDB: Think Small? (April 10, 2006)

You think you’re a good communicator: You keep your users informed and you listen to their problems. So why is it that no one appears to read your e-mails or seems capable of following your instructions? Are you surprised to learn that the users have been living with computer issues rather than ask you for help? These are all signs of a breakdown in communication–which we, as support techs, frequently misinterpret as user indifference or even stupidity. Before long, we find ourselves on a downward spiral toward complete communications failure.

The 10 worst ways to communicate with end users (TechRepublic)

Such a repository, called a Change and Configuration Management Database (CMDB), is called for by ITIL (IT Infrastructure Libraries), a framework that provides terminology and a way to organize best practices around IT service delivery. CMDBs have been among the most elusive holy grails in optimizing delivery of IT service.The dilemma is that in most companies if these data are stored at all, chances are they reside in multiple, vendor-specific repositories that are difficult, if not impossible, to synchronize. For instance, one system may store desktop and laptop client images or configurations, while other systems may be devoted to servers, storage pools or networks.

Furthermore, existing asset management systems, where they exist, may not always be up to date with the latest changes to infrastructure. The result is that admins and beleaguered help desk representatives may be dealing with dated information when they try to resolve trouble tickets or operational issues.

BMC, Fujitsu, IBM, HP launch CMDB initiative - Computer Business Review

Pink Elephant today announced it has become the first organisation to receive worldwide accreditation for a new integrated ITIL® certification course that will enable practitioners to effectively manage, organise and optimise the Support and Restore processes, and minimise the adverse effects of Incidents and Problems, within the Service Desk function.

Pink Elephant was the first in the industry to introduce specialised, role-based certification courses and its ITIL Practitioner: Service Desk, Incident and Problem Management course has been designed for process managers, co-ordinators and other specialists operating in the Service Desk function, as well as IT, Network and System Managers.

Awarded by EXIN, the Netherlands-based Examination Institute for Information Science, the accreditation is intended to guarantee and promote the quality of ITIL courses and the companies who deliver them. EXIN is one of two independent examination bodies responsible for managing ITIL accreditation.

Contrary to popular belief, ITIL is not a service management standard, but rather a structured approach or process framework on which a growing number of ITSM standards are based. Most prominent among these ITIL-based ITSM standards are the British Standard BS15000-1:2002 and the Australian Standard AS 8018.1-2004. A South African version of the BS15000 standard also exists.

The International Organization for Standardization (ISO) recently adopted the BS15000 standard and is expected to publish the ISO 20000 standard for Service Management by 2006, although many think it likely that this effort will take longer…

Might as well get familiar with ISO 20000 now; you’re going to be hearing a *lot* more about it in the near future.

IT Service Blog - ITIL Inside: ISO20000 and ITIL - The “Need to Know” Guide

Related:

• ISO/IEC 20000-1:2005, Information technology - Service management - Part 1: Specification
• ISO/IEC 20000-2:2005, Information technology - Service management - Part 2: Code of practice

(both available for purchase from The ISO Store)

In essence, COBIT incorporates the control objectives observed by enterprises in compliance with Sarbanes-Oxley and other international standards allows for coordination between control requirements, technical issues and business risks. COBIT’s tool sets allow for practices that its developer, the IT Governance Institute (ITGI), believes incorporate or deepen the international IT guidance supplied by ITIL, ISO/IEC 17799, ISO/IEC 13335, ISO/IEC 15408, TickIT, NIST, and COSO. COBIT is available for download from the Information Systems Audit and Control Association (ISACA.org).

IT Manager’s Journal | Introducing COBIT