FitSM

Last updated

FitSM is the name for a family of standards for lightweight IT service management (ITSM). [1]

Contents

Overview and parts

Structure of FitSM parts FitSM Tree.png
Structure of FitSM parts

FitSM calls itself a standard, but is not published or managed by an established standards organisation like ISO. However, in a way very similar to that of many ISO and ISO/IEC standard families, it structures its documents into several numbered parts and defines requirements for an effective service management system in its part 1.

All parts are published under Creative Common licenses.

FitSM-0: Overview and vocabulary

A single document containing about 70 definitions of ITSM terms.

FitSM-1: Requirements

A single document containing about 85 auditable requirements for an effective service management system. The requirements are divided into general requirements (GR) and requirements for 14 different service management processes (PR). FitSM is similar in scope and style to part 1 of ISO/IEC 20000, but significantly shorter.

FitSM-2: Objectives and activities

A single document containing a description of the goal of each process defined in FitSM-1, as well as a description of activities to initially set up the process and ongoing process activities.

FitSM-3: Role model

A single document containing descriptions of generic service management system and service management process roles.

FitSM-4: Templates and samples

A collection of templates and samples for documents needed in a service management system, e.g. SLAs, statement of a service management policy, elements of a service portfolio or service catalogue etc.

FitSM-5: Guides

A collection of guides on various ITSM topics.

FitSM-6: Maturity assessment

An Excel-based tool that uses situation descriptions to aid an easy assessment of the maturity of implemented service management processes and general practices.

Certification and qualification scheme

While conformance to FitSM-1 requirements can be audited, there is no certification for conformance. Unlike for ISO/IEC 20000, organizations cannot have their service management system 'FitSM certified'.

A qualification and certification scheme for personnel, much like those established for ITIL and ISO/IEC 20000, but involving fewer and shorter trainings, was started in 2013. [2]

Origin

FitSM is based on deliverables of FedSM, a project funded in the 7th Framework Program for Research and Technological Development by the European Union. The original aim of FedSM was to "increase maturity and effectiveness of Service Management in federated e-Infrastructures by applying suitable good practices." [3]

How to establish management processes across federated organizational structures is not considered in traditional ITSM frameworks, and can pose a difficult task when trying to introduce ITSM in E-infrastructures which often distribute the provisioning of services among a federation of peer organizations. However, a much larger challenge to introducing ITSM at FedSM's client organizations turned out be the adaptation of the very comprehensive ITSM guidance described by traditional ITSM frameworks to a set of practices that could realistically be implemented in relatively small organizations within the project lifetime of three years. [4] From May 2013, to foster the beginning interest in FedSM's "lightweight" ITSM guidance by IT organizations from outside the e-Infrastructure community, the project consortium started publishing revised versions project deliverables under the FitSM name.

The team members have announced on their project website that the FitSM standard will continue to be maintained in the future within the framework of a working group of IT Education Management Organisation ITEMO Archived 2015-07-23 at the Wayback Machine .

Related Research Articles

A management system is a set of policies, processes and procedures used by an organization to ensure that it can fulfill the tasks required to achieve its objectives. These objectives cover many aspects of the organization's operations. For instance, an environmental management system enables organizations to improve their environmental performance, and an occupational safety and health management system enables an organization to control its occupational health and safety risks.

ISO/IEC/IEEE 12207Systems and software engineering – Software life cycle processes is an international standard for software lifecycle processes. First introduced in 1995, it aims to be a primary standard that defines all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.

Information technology (IT)governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.

ISO/IEC 15504Information technology – Process assessment, also termed Software Process Improvement and Capability dEtermination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.

Information technology service management (ITSM) are the activities performed by an organization to design, build, deliver, operate and control information technology (IT) services offered to customers.

COBIT is a framework created by ISACA for information technology (IT) management and IT governance.

ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

The ISO/IEC 15288Systems and software engineering — System life cycle processes is a technical standard in systems engineering which covers processes and lifecycle stages, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Planning for the ISO/IEC 15288:2002(E) standard started in 1994 when the need for a common systems engineering process framework was recognized.

ITIL security management describes the structured fitting of security into an organization. ITIL security management is based on the ISO 27001 standard. "ISO/IEC 27001:2005 covers all types of organizations. ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties."

<span class="mw-page-title-main">RM-ODP</span> Reference model in computer science

Reference Model of Open Distributed Processing (RM-ODP) is a reference model in computer science, which provides a co-ordinating framework for the standardization of open distributed processing (ODP). It supports distribution, interworking, platform and technology independence, and portability, together with an enterprise architecture framework for the specification of ODP systems.

ISO/IEC/IEEE 42010Systems and software engineering — Architecture description is an international standard for architecture descriptions of systems and software.

The ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

<span class="mw-page-title-main">TRAK</span> Enterprise architecture framework

TRAK is a general enterprise architecture framework aimed at systems engineers. It is based on MODAF 1.2.

IEC 62443 is an international series of standards that address cybersecurity for operational technology in automation and control systems. The standard is divided into different sections and describes both technical and process-related aspects of automation and control systems cybersecurity.

<span class="mw-page-title-main">Tudor IT Process Assessment</span> Process assessment framework

Tudor IT Process Assessment (TIPA) is a methodological framework for process assessment. Its first version was published in 2003 by the Public Research Centre Henri Tudor based in Luxembourg. TIPA is now a registered trademark of the Luxembourg Institute of Science and Technology (LIST). TIPA offers a structured approach to determine process capability compared to recognized best practices. TIPA also supports process improvement by providing a gap analysis and proposing improvement recommendations.

The Information Technology Infrastructure Library (ITIL) is a set of practices and a framework for IT activities such as IT service management (ITSM) and IT asset management (ITAM) that focus on aligning IT services with the needs of the business.

References

  1. "FitSM". FedSM Project. Archived from the original on 2018-08-09. Retrieved 2015-02-11.
  2. Holsinger, Sy (2013-10-16). "Getting certified in federated IT service management". International Science Grid This Week. Retrieved 2015-02-11.
  3. "FedSM Quality Assurance (QA) Plan". FedSM Project. Archived from the original on 2018-04-28. Retrieved 2015-07-30.
  4. Radecki, Marcin; Szymocha, Tadeusz; Szepieniec, Tomasz; Różańska, Roksana (2014-01-01). "Improving PL-Grid Operations Based on FitSM Standard". eScience on Distributed Computing Infrastructure. Lecture Notes in Computer Science. Vol. 8500. Springer International Publishing. pp. 94–105. doi:10.1007/978-3-319-10894-0_7. ISBN   978-3-319-10893-3.