IT Governance v Service Management?

[Lizzy]

A new international standard for IT Governance is about to he launched: ISO 38500 (see: 38500.Org).

Would anyone like to have a pot and trying to explain how this related to ISO 20000? And to IT Service Management generally?

[The Skeptic]

Easy once you understand that governance has nothing to do with management, despite the way the word is abused by vendors and analysts. Governors don't do, and they don't measure or report or audit or manage or secure or check, at least not while they are wearing their governor's hat. For more see http://www.itskeptic.org/node/508

The new standard makes clear that governance is about telling the doers how to do their job, not about doing. ITSM tells us how to do the delivery bit. ISO20000 measures if we are doing it. The governors will be interested in the feedback of an ISO20000 audit because it measures their subordinates who are doing it.

Governance is above management. Management is above doing. Nowadays doing is called "management" anyway (Change Management, Incident Management...). Let's not start calling management "governance".

Less crudely the standard defines that (IT) governance is about Direct, Evaluate, and Measure. Direct means set policy, decision rights, strategy... for those who do the doing. (the "measure" bit is about looking at numbers produced by do-ers, not about doing the measurement). It sounds to be a good standard, I'll be getting a copy.

the IT Swami predicts that future IT Management will be about three integrated things; Service, Governance and Assurance, where Assurance includes compliance, risk, audit, security...

[jacksmith4204]

Hello

I would also like you to inform about some more about IT Governance and Compliance
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization. IT GRC encompasses the practices for delivering: Greater business value from IT strategy, investment and alignment, Significantly reduced business and financial risk from the use of IT, and Conformance with policies of the organization and its external legal and regulatory compliance mandates. IT GRC energizes the entire organization to imagine what it can achieve, establishes methods for achieving their objectives, and demonstrates the practices that are proven to work for minimizing business and financial risk. Fundamentally, IT GRC is about striking an appropriate balance between business reward and risk, enabling an organization to more effectively anticipate and manage business risk while more effectively delivering value for the organization. IT governance, risk, compliance, IT GRC, White paper, compliance survey report, 2008 compliance report. You can also get more information from http://www.compliancehome.com/symantec/

[The Skeptic]

It will be a wonderful day when people actually answer the question instead of link dropping and spewing vendor spiels. Sheesh.