ITIL Compliant Software Assessment Service
For the first time since the creation of the Information Technology Infrastructure Library (ITIL) over 20 years ago, the OGC have given their official endorsement for an ITIL Compliant Software Assessment Service to audit Vendor products, documentation and processes against the published best practices of ITIL (v2 and v3).
The OGC has awarded a licence to the joint venture to offer the compliance assessment service which will be operated by SMCG in accordance with a new compliance Standard. The operation of the service will be audited by the OGC’s official ITIL Accreditor, the APM Group.
Under the scheme, vendors can apply to have their products audited for ITIL compliance. Products which meet the compliance standard will be awarded an ITIL Compliant OGC approved Trademark to use in all product marketing and packaging.
The “ ITIL Compliant Software Assessment Service will consist of several tiers and cover all ITIL V2 and V3 processes.
Tier 1: ITIL Compliant – Bronze (The product documentation and application are compliant to the standard)
Tier 2: ITIL Compliant – Silver (Bronze + the vendor proves 3+ successful implementations of the product)
Tier 3: ITIL Compliant – Gold (Silver + The vendor has 3+ clients with the product implemented and in use and that have provided references)
The assessment service offered by the joint venture has vendor flexibility built into the service offering. A vendor can choose the have their ITSM solution assessed against a single ITIL V2 or V3 process, more than one or all ITIL process. This flexibility will allow small, mid and large solution provider who have niche, specialty or full range solutions the opportunity to benefit from product compliance
SMCG will offer a range of pricing package options to attract vendors to take advantage of forward product planning and building product compliance assessments into the strategic product management and development cycles.
Use the "Contact" section to register your interest.
Official ITIL Process compliance audit of Vendor’s application(s) FAQ's
Who are the OGC?
The Office of Government Commerce (OGC) is a department of the UK Treasury department within the British Government. Their role is to aid how the Government and Vendors engage and deliver services. They have documented and own several Best Practices for this purpose and are widely used by organization around the world. The most popular being ITIL and Prince II.
Who are the APM Group?
The APM Group is a leading Accreditation, Certification and Qualification organisation recognised internationally by government agencies. APMG are also an Accredited ITIL® Examination Institute. APMG-UK accredits training organisations, trainers and training materials and certifies examination candidates through a variety of methods. They also accredit consultancy organisations and their consultants, as well as provide standards to enable them to help organisations. As the pivotal link between standard-setting organisations and service deliverers, we continually work to bring success to both parties, creating a seamless delivery chain between the standard owner and the candidates taking the qualification, or the end-user organisation seeking consultancy advice on applying the standard to their operations. We thrive on setting high expectations - and then exceeding them! They are currently the OGC’s official ITIL accreditation organisation.
Who are SMCG?
Service Management Consultancy (SMCG) Ltd is a joint venture between Sharon Taylor (ITIL Chief architect, ITIL Chief Examiner, ITSMF international chairman and President of Aspect 360) and Ken Turbitt (President and CEO, and Managing Director of IT Services Consultancy). This JV was created to bring to the IT Service Management market the world’s first officially recognized
ITIL Compliant Software Assessment Service for vendors tools purporting to be compliant with ITIL v2 and v3. SMCG is the first OGC and APMG licensed ITIL Assessor.
What is this new OGC scheme?
The OGC have accredited APMG to audit and appoint Licensed ITIL Process assessors. SMCG being the 1st to achieve this status. The audit assessment of the ITIL process against the vendors Application, Documentation and Process (3 areas) would be undertaken and if they meet the OGC approved standard (ITIL compliancy) a pass would be granted. This new standard has been designed and set by SMCG. Three levels of Pass possible are:
Bronze=Pass
Silver=Bronze, plus with 3 or more successful implementation and
Gold=Silver,plus 3 or more referencable customers.
How can we be ITIL compliant if ITIL is just a set of guidelines?
As ITIL documents the set of guidelines the assessment takes what is written in black and white and asks the Vendor how they achieve this, and if they do not provide their alternative and rationale. If the ITIL processes and documentation cater for this, then the pass mark would be granted. The Vendors User Documentation, Processes and Applications must all agree with each other, one cannot say one thing and the other element do another. All three areas must pass the assessment based on the ITIL books.
Who set the standard?
The APMG own the standard against which all Licensed Assessors must adhere to. APMG audited the assessors questions to ensure they are compliant with ITIL and the process, mechanism and assessors meet the criteria. All the Assessors used by the Licensed Assessor are audited and approved by APMG. The results of the assessment are passed the APMG for final auditing and approval before the Trademark can be released.
What do you get?
The Vendor, if they pass, will get a certificate and the rights to use the “ITIL Process Compliant” trademark for a 2 year period, or until a new software version replaces it. After 2years is it renewable for a small fee. This trademark can be used on all packaging, documentation and marketing material provided it adheres to the guidelines laid down my APMG and the OGC in the Trademark agreement.
Do I get to see the questions beforehand?
No. The questions will remain with the Licensed Assessor and only be asked at the time of the assessment. The Vendor should treat the tool assessment element as if they were demonstrating to a prospective client how they adhere to ITIL. This is to ensure a level playing field where some vendors have more time or resources to prepare a demonstration to pre-released questions. Therefore the demonstrator needs to be very fluent in both ITIL, the application and their documentation.
Is the documentation and application all assessed at the same time?
The documentation (User documentation) and processes (flows, charts etc) must be provided 5 working days before the application assessment takes place. This allows the assessor to assess the documentation 1st and pre more familiar with the terms used by this vendor. The application will be assessed over two 4hr periods. Questions may be asked about the tool, documentation and process during these assessments. Answers to all these questions will reflect on the results. Not all 8hours may be used, it all depends on progress and the processes being assessed.
When will the assessment start?
When SMCG has received the signed contracts and statement of work documentation from the Vendor, together with the approved Purchase Order number, then a date can be agreed and set. From issuance of the PO number until the start of the assessment we allow a minimum of 5 working days depending on the schedules.
When do I get my results?
We aim to have the assessment completed 3 working days after the last 4hr demonstration. This is then passed up to the Auditor, APMG for approval and release of the Trademark agreement within 5 working days. So within 8 working days the results will be made known to the Vendor.
Where will the “passed” vendors be listed?
The vendors that have passed will be listed on the following website:
Why were BMC Software the 1st to pass?
During the initial project pilot phase last October 2008 the top 4 vendors (BMC,CA,HP,IBM) were approached and asked to take part. Only BMC were able to get their legal team to respond fast enough and signed the contract. CA are still procuring the contract, with HP and IBM waiting for the official end of pilot launch.
Did Ken Turbitt carry out the BMC assessment?
No. Whilst Ken co-owns SMCG with Sharon Taylor, he engaged an ITIL Manager qualified expert, who is also an accredited ITIL trainer to carry out the BMC assessment. APMG assessed and audited this assessor’s work and approved them. This person will remain as SMCG’s main assessor, though we have others too.
Why was the standard built without collaboration?
The standard is basically a set of questions which are all referenced back to the ITIL books (page number, paragraph referenced). This was not created by one person, it was created in collaboration with invited ITIL experts, reviewed by Sharon Taylor, the ITIL Chief architect, and audited and approved by APMG. Many of the well known ITIL leaders and authors are either employed by Vendors, or have dependant contracts with them, so they were excluded for this reason. The vendors have had no input into the standard, BMC simply had to submit to being assessed, being confident that they knew the ITIL books and how well their tool adhered to ITIL for the processes chosen (Incident and Problem)
Why was this created behind closed doors?
This was created all under strict Non Disclosure Agreement to avoid Vendor influence and confusion in the market. This also allowed the current monopoly Pink Verify scheme to continue unharmed, protecting those who were seeking to purchase ITIL aligned tools during this period, with no disruption to Vendor sales awaiting a new scheme. Those invited to contribute and assist were all put under the NDA.
Why were BMC assessed so quickly after the OGC announcement?
BMC’s application was actually assessed back in February 2009, but APMG and the OGC had not completed all the legal paperwork and were not ready to launch. Once the announcement went out, the assessment results were released to BMC, who made their own announcement a few days later.
Why have we not seen many more Vendors assessment results yet?
It is taking between 2-3 months for the vendors legal team to review the contracts and sign. The scheme is still in “operational pilot” and therefore restrictions are still in place. The news is still, slowly, getting out into the marketplace and vendors still need to become aware of the scheme to then apply.
Do you expect all the ITIL processes to be assessed?
We do not expect this to happen immediately. Many vendors know that only some of the ITIL processes within their tools comply with ITIL and so will only submit to being assessed for those processes and not the others. In many respects this is quite good, as the lack of compliance informs the prospective purchaser to ask the appropriate questions and obtain validation from SMCG or APMG. If the vendor has not applied for assessment of a particular process of interest to a prospective application user, we can inform them of this.
Do you help prospective purchasers of Vendors tools?
Yes we do. Any procurement project may contact us and ask if the Vendor is signed up for an assessment, which processes, and when to expect the results. We can also inform them of Vendors not signed up, or who declined to sign up. If we have carried out the assessment we can also inform them of key areas to look out for and may share our “assessor’s notes” with them to aid their decision.
Q: Surely ITIL compliance is only a part of the evaluation criteria that is used by an organisation when selecting an ITSM tool?
Q: Some say it’s not possible for software tools to be ITIL compliant, so why have you created this service?
We strongly believe that it is not only possible but also desirable and beneficial, a fact that has been confirmed by our customers. Here’s why:
1. Searching for a good ITSM toolset can be a highly complex task. The ITIL Compliant Software Assessment from SMCG helps to reduce the size of that task by performing the ITIL process checks to support the purchaser.
2. Implementation support is essential from ITSM tools to ensure that they assist ITIL trained staff and to contribute to the return on the investment that was made in their training. The ITIL Compliant Software Assessment from SMCG provides a level of reassurance for purchasers of the tools.
3. A mismatch in terminology in the tool with the understanding of its users will serve to cause confusion and require rework – which is far from the effective and efficient message conveyed by ITIL. The ITIL Compliant Software Assessment from SMCG checks for ITIL terms being used.
4. Product documentation should effectively support the users of the tool by explaining how to use its features. The ITIL Compliant Software Assessment from SMCG checks to see that guidance is provided in the user documentation.
5. The ITIL Software Compliance Service from SMCG assesses vendor’s tools for content that complies with the ITIL guidelines, that it has automated process flow to assist the effective and efficient operation of process flow and that the documentation provides guidance on how to use the product.
6. Further more, the ITIL books themselves state that software should be evaluated to be compliant with ITIL. Don’t take our word for it, look it up for yourself:
- As one example, see ITIL v2 Service Support book page 246, section 10.2 lists ‘ITIL compliance’ as criteria to be generally used when considering software requirements.
- The same idea is repeated in the CSI volume of ITIL v3.
Q: What is the pass rate and its basis for an assessment?
To gain a PASS all of the following three criteria must be achieved
- The number of the ITIL compliant core questions answered 'yes' must be equal to or greater than 70% for the Application assessed.
- The total score achieved for the core Process Flow and Documentation must be equal to or greater than 70%.
- The combined total score of core and desirable questions must be equal to or greater than 70%
A fail occurs if any one of these conditions is not met.
Q: Why is the pass rate 70% compliance and not 100%?
Two reasons:
1. The ITIL books are not prescriptive they are guidance; however some chapters do state that any individual process or tool must or should contain a particular feature or capability. The pass rate therefore reflects where it is stated strongly but also factors in where it is not. Some features such as time and date stamping and unique reference numbers are necessary so we ensure these things are present in the tool and in the ITIL Compliant Software Assessment from SMCG. This is also the reason why the term ‘core’ is used and not ‘mandatory’ and that some questions are desirable not core.
2. Some excellent ITSM tools have been assessed by SMCG for The ITIL Compliant Software Assessment Service and as we have the greatest experience of this service we can tell you that none would have passed if vendors were expected to gain 100% on all three of the criteria.
This may be shocking news for you so before you cry foul on this point, please let us explain:
Firstly, the point above – the ITIL books are not prescriptive which automatically rules out 100% compliance.
Secondly, who is to say that every idea listed, described or implied in the publications would be essential to have in a tool? None of us can do that, it’s subjective, so nor does the assessment. However, we use our core and desirable questions to reflect that and tested the applicability of these categories during the pilot phase of the service.
For more details and information contact SMCG.
Important To Note
1. SMCG assesses vendor’s tools compliance to the defined ITIL process. ITIL documents a set of best practices that should be adapted to address the specific needs of your organization; therefore, Vendor’s interpretation of this is assessed and if compliant to ITIL, in both automation, documentation and process, will obtain “ITIL Process compliant” status.
2. “ITIL Process compliant” logo can be used by the “passed” vendor, including the grade and process assessed with the application name and version used. ‘ITIL compliant’ cannot be used and certified software vendors are prohibited from using “ITIL compliant” in any marketing literature, as this violates the terms set out in the APMG/OGC logo guidelines and the license agreement.
3. Purchasers of vendors Software should note: Software that does not have the new Trademark should not necessarily be disqualified from selection. It is possible that a tool not appearing on the ITIL official website list may still meet your specific requirements. Short-listing “ITIL Process Compliant” tools simply offers some reassurance that an independent body, audited by the official ITIL accreditor and Governed by OGC, the owners of ITIL, has been assessed and is deemed process compliant.
4. As the OGC’s role within HM Treasury is to facilitate commence between the Public and Private sector it is expected that “ITIL Process Compliant” assessment will be mandatory for all vendors tools wishing to be sold into the UK Public sector, either directly or via services.
5. The term “compliance” as defined by the English Oxford Dictionary is “in accordance with”, comply=act in accordance; accordance=agreement, accord=agree, be consistent with.