It is becoming increasingly clear that future work in IT will be shaped by standards. But standards can mean many different things.
First off, there are product and process IT standards. Process standards describe how IT work is to be conducted. They are my primary concern.
It’s important to note that this is not an abstract exercise. A growing number of clients are demanding that their suppliers conform to standards. Likewise, a growing number of employers are requiring that their IT employees follow standards. The wrong standard, applied in the wrong way, can lead to an unprofitable contract or screw up the working environment.
Standards come with different levels of force. The Institute of Electrical and Electronic Engineers (IEEE) in the U.S. identifies three kinds of standards:
1. Guides: Suggest alternative approaches to good practice, but generally refrain from clear-cut recommendations; they are characterized by the use of the verb “may.”
2. Recommended practices: Present procedures and positions preferred by the IEEE; they are characterized by the use of the verb “should.”
3. Standards (upper case “S”): Contain requirements for conformance, generally characterized by the use of the verb “shall.”
In the current state-of-the-practice in IT, we have a large number of possible standard guides and some possible standards that might be accepted as recommended practice. The Project Management Institute has developed a respected body of good project management practices — the Project Management Body of Knowledge (PMBOK). It would be a natural candidate for a guide.
The Information Technology Infrastructure Library (ITIL) provides an overall framework that includes descriptions of best practices in IT service delivery and support. It is winning increased support. The original ITIL was an actual library of books which explained best practice. There is a closely related standard from the British Standards Institute (BS 15000). This could be a guide and may be a recommended practice.
The Capability Maturity Model (CMM) from the Software Engineering Institute has also been used as one of the bases for a standard from the International Organization for Standardization (ISO). ISO/IEC TR 15504 is titled Information Technology — Software process assessment. This standard and the newest version of CMM are consistent in their approach. Because it’s a maturity model, it would most naturally be viewed as a guide.
The IEEE has adopted a standard for software lifecycle processes (IEEE/EIA 12207.0). There are two related IEEE standards, one about lifecycle data and the other about implementation considerations. These standards were developed to provide a common vocabulary for, and a common approach to, software lifecycles. They are foundational in nature, and could be viewed as recommended practice.
In the case of these candidate standards, there is consistency and compatibility across and between them. Initially, all IT process standards were voluntary. Increasingly, clients are demanding that their project managers know PMBOK, and that their IT service suppliers follow ITIL. Soon clients and employers will demand their consultants and employees follow 15504 and 12207.
The future of IT work in Canada will be shaped by the standards that are accepted as guides and recommended practices. Now is the time to become involved.
Fabian is a senior management and systems consultant in Toronto who is leading the CIPS Standards of Practice project. Contact him at [email protected].
