IT managers are looking for any port in the regulatory mandate storm, and there is no shortage of vendors and consultants promising safe harbor. But IT managers must carefully vet the conformance peddlers now offering advice in the form of books, software-based assessment tools, Webinars and consulting.
Indeed, a cottage industry has sprung up around the accounting misdeeds of Enron and other companies as government and financial control boards have been forced to confront opaque accounting and IT systems that allowed unsustainable business practices to foment crisis after crisis in the early part of the decade.
One promising aid for IT managers looking to clear things up is the ITIL (IT Infrastructure Library) Toolkit, which costs $199 and is available at www.itil-toolkit.com. ITIL is a standard framework of best practices comprising document sets originally developed in the 1990s by the Central Computer and Telecommunications Agency when it existed as a division of the British government. The CCTA was merged with another government agency, but the how-to guides the body developed have been animated in the United States by myriad state, federal and industry regulatory mandates.
IBM, BMC Software and a host of IT service companies have developed tools that systematically take IT managers step by step through specific ITIL recommendations. ITIL discussion groups and forums that compare regulatory mandates internationally with those now coming of age in the United States are popping up all over. For organizations with an international presence, its crucial—and cost-effective—to smooth the differences in regulatory requirements by using tools that take advantage of commonalities.
Nearly as important to IT managers is weighing the possible benefits of doing things "the ITIL way" against the chance and expense of failure to comply.
Like most enterprise IT products and services I see these days, ITIL is fueled by organizations need to comply with regulations such as the Sarbanes-Oxley Act, COBIT (Control Objectives for Information and related Technology), HIPAA (Health Insurance Portability and Accountability Act) and the Gramm-Leach-Bliley Act.
After looking at some of the ITIL advisory programs and reading through a raft of documentation, its clear that one of the top (and most common) best practices is to set expectations for senior company executives. Indeed, getting everyone on the same page should be a priority for any IT manager caught up in a regulatory compliance rush.
ITIL can help companies do everything from easing a SarbOx audit to changing a help desk system into an IT service management center ("service management" being a much-loved and frequently used ITIL term) to laying out a method for arranging IT infrastructure so that best-practices management becomes easier in the future.
Having said all this, however, IT managers should note that ITIL sets project guidelines with the goal of efficiency—that is, in such a way that companies can comply with auditing and legal requirements in the shortest possible time and with the least amount of cost. IT and business managers will need to balance this goal against their own company and industry needs.
The best way to understand ITIL is to go to www.itil.co.uk, where the Office of Government Commerce—the successor to CCTA—maintains a comprehensive site devoted to answering questions about ITIL.
There, youll find materials for each of the eight sets of ITIL practices, covering everything from service support and service delivery to a planning guide and business perspective document for making it easier to explain ITIL to other senior executives. The materials are moderately priced—about $70 per manual.
The site also provides useful information about how using the ITIL method of service management works with other best-practice frameworks. IT managers who master these guides will be well-equipped to cruise the regulatory superhighway.
Technical Director Cameron Sturdevant can be reached at firstname.lastname@example.org. Peter Coffee returns to this space next week.