COBIT, ITIL and ISO 20000 – The main differences
An organization, at times, needs to make decisions as to which framework or standard is the most suitable for its business: ITIL, COBIT, or ISO 20000? There are parameters like the nature of the business (IT or non-IT), size, complexity of the organization, resources, IT usage, etc.
This article explains, compares, and depicts major features and characteristics of these three frameworks/standards. It also helps companies that have adopted one or two of these frameworks/standards to decide whether to implement the remaining framework(s).
What is COBIT (Control Objectives for Information and related Technology)?
COBIT version 1.0 was released in 1996 by ISACA (a not-for profit organization in the USA). Since then, ISACA has released five versions of COBIT, the latest in March 2019 – COBIT 2019. The recent release of COBIT covers areas like risk in IT (financial, business continuity, and compliance), value in IT, IT governance procedures (framework, benefits realization, risk & resource optimization, risk management, transparency & accountability, etc.). The COBIT framework facilitates the implementation of SOX (Sarbanes Oxley Act). In addition, it includes guidelines on principles, systems, information flow, criteria, etc.
In general, COBIT is the de facto standard for governing and managing IT for an enterprise; it is an open framework that provides managers, auditors, and users with a set of measures, indicators, and best practices to assist them in using IT in the most optimal way. These measures, indicators, and best practices are based on the notion that IT is essential to manage transactions, information, and knowledge in order to be successful. It provides top management with organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.
COBIT can be used by managers responsible for IT governance to compare their activities with standards in order to assess IT operations. However, the relevance of each standard/framework depends on the specific context of the company, such as size, relative importance of IT, and complexity of systems. A potential pitfall of such extensive IT governance standards is that they can promote inflexibility and bureaucracy.
What is ITIL?
ITIL is a global framework for best practices for service management in an IT organization. It is designed to ensure that an effective, efficient, flexible, coordinated, and integrated system for governance and management of IT services is established and continually improving in the organization. The ITIL Service Value System facilitates integration and coordination of various organizational components and activities, and provides a strong, unified, value-focused direction for the organization. The benefits of adopting the ITIL framework are:
- improved quality of IT services
- a holistic view of delivering product and services
- easy working with Agile, Lean, and DevOps
- helping the business compete in the modern digital world
- supporting the organization with digital transformation
For more about the new ITIL 4, read the article ITIL 3 vs. ITIL 4: What has changed.
What is ISO 20000?
The ISO 20000 standard is a service management (not only IT service management) standard, and hence can be used by any organization that is into any kind of services. So, ISO 20000 has a wider scope for usage than both ITIL and COBIT, as it can be used by organizations who are into service management other than IT. Characteristics of the standard include:
- It is systematic and comprehensive.
- It has been proven in many industries and organizations in various sectors.
- It integrates with ISO 27001, ISO 9001, and other management standards.
If the organization wants, it can prepare itself for the ISO 20000 certification audit. This gives the company the opportunity to obtain the international certification that acknowledges that the organization complies with the standard. Typically, it takes four to six months to implement ISO 20000 in an organization.
Learn more about the latest ISO 20000 revision in the Infographic: ISO 20000:2011 vs. ISO 20000:2018 revision – What has changed.
ITIL, ISO 20000, and COBIT comparison
In the table below, you’ll find the three standards and frameworks compared.
Make a conscious decision
ITIL and COBIT are frameworks, and ISO 20000 is standard. COBIT is called an “umbrella framework,” and hence, implementation of COBIT makes the implementation of ITIL smoother.
An organization has to prioritize considering which of these three entities will solve its business problems, and then initiate implementation accordingly. Based on the business objectives of an organization, stakeholders have to make a conscious decision as to which of the above three should be adopted by the IT organization, and in which order.
If you have chosen ISO 20000 as your most suitable framework, you’ll find this free download useful: ISO 20000 implementation diagram.
About the author:
Shrikant Chaphekar is an IT professional who has worked for more than 33 years in various roles in India, US, UK, Malaysia, Colombo, and Cambodia. For the past 15 years, he has worked with Top 10 IT consultancy firms in India, where he was pivotal in implementing ITIL, ISO 20000, Agile, and SFIA as a Program Manager. He is certified in ITIL 4 Foundation, ISO 27001 Lead Auditor (TUV), SFIA, and Agile Scrum Master (EXIN). Currently, he works as a corporate trainer and consultant in IT management-related topics.