By David A. Pavuk, J.D.
Director of Compliance and Efficiency
Trivalent Group, Inc.
If you are not already sold on the proposition that standards are highly beneficial, if not an absolute necessity, when it comes to information technology, you may be asking: “Why are they important?” and “What are the benefits of using them?”
Generally, there are a number of compelling reasons to adopt defined standards, and these apply equally to IT solutions. Consider the following:
Now that I have made my pitch for why every company should be using standards for their IT processes and solutions, I have a confession to make. While standards are good as a general matter, not all standards are right for every company. So, how do you choose which standards to use?
Thankfully, the answer is fairly simple. How a set of standards is chosen is largely influenced by the environments to which they will be applied. Generally, standards simply need to conform to the industries and areas they are intended to serve. Admittedly, though, it can be and often is confusing. Multiple standards will very likely need to be considered for each particular environment examined, and it is likely that some things which might appear to be the same are actually quite different.
Take, for example, the following two Information Technology Service Management (ITSM) standards:
While at first glance, these two standards may seem to overlap, they are in fact completely independent, or, perhaps better stated, they are co-dependent. While ITIL recognizes the importance and role of Information Security Management, it does not qualify which security standards are appropriate or sufficient to achieve it. ISO 27002, on the other hand, addresses more specifically a set of recommended practices against which a company’s security control processes can be measured. When viewed in these regards, ITIL provides the “how?” to ISO 27002’s “what?” The two are very different things, indeed, but do serve the common purpose of ensuring security management. Confusing? Let’s keep it simple then. Standards need to conform to the specific areas they serve. One size may not fit all, and it is perfectly acceptable to have a set of standards rather than a single standard which is expected to meet all needs.
In short, IT solution standards are very powerful tools for organizations. They pave the way for consistent, reliable, and proven methodologies that enable businesses to minimize effort and the time needed for solution delivery/deployment, thereby enhancing profitability. Companies which consistently and correctly apply IT solution standards take a leading role in shaping the industries they serve.