In this episode of The ITSM Practice Podcast, Luigi Ferri moves from AI theory to execution, explaining how medium-sized organizations can define AI use cases, assess data and infrastructure, build skills, and scale pilot projects. The focus is on creating a practical AI roadmap for IT Service Management with measurable, sustainable outcomes.
In this episode, we answer to:
How can organizations identify the right AI use cases for IT Service Management?
What data, infrastructure, and skills are required to scale AI initiatives successfully?
How can IT leaders manage risks while building a realistic AI roadmap?
Resources Mentioned in this Episode:
How to Assess AI Readiness for Service Delivery, link https://theitsmpractice.gumroad.com/l/HowtoAssessAIReadinessforServiceDelivery
KPMG website, article "AI Governance: Factors for Success", link https://kpmg.com/de/en/home/insights/2025/04/ki-governance-these-are-the-factors-for-success.html
IBM website, article "What is AI governance?", link https://www.ibm.com/think/topics/ai-governance
Deepchecks website, article "Understanding the AI Maturity Model: Advancing Your Organization’s AI Capabilities", link https://www.deepchecks.com/understanding-the-ai-maturity-model-advancing-your-organizations-ai-capabilities/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
In this episode of The ITSM Practice Podcast, Luigi Ferri explores AI readiness for service desks and ITSM in medium-sized organizations. Going beyond tools and automation, the discussion focuses on leadership, governance, culture, and skills needed to adopt and scale AI responsibly and align AI initiatives with real business value.
In this episode, we answer to:
Are medium-sized organizations really ready for AI in ITSM and service delivery?
What does AI readiness mean beyond automation and technology?
How can leaders assess governance, skills, and culture before adopting AI?
Resources Mentioned in this Episode:
How to Assess AI Readiness for Service Delivery, link https://theitsmpractice.gumroad.com/l/HowtoAssessAIReadinessforServiceDelivery
IMD website, article "AI Maturity Index", link https://www.imd.org/artificial-intelligence-maturity-index/
Boston Consulting Group website, article "When Companies Struggle to Adopt AI, CEOs Must Step Up", link https://www.bcg.com/publications/2025/when-companies-struggle-to-adopt-ai-ceos-must-step-up
Cloud Security Alliance website, article "A Guide On How AI Pilot Programs are Shaping Enterprise Adoption", link https://cloudsecurityalliance.org/blog/2025/03/28/a-guide-on-how-ai-pilot-programs-are-shaping-enterprise-adoption
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Learn how to build a solid GRC foundation for fintech growth in the EU. We break down governance, risk management, and compliance essentials to help startups scale, earn investor trust, and meet PSD2, GDPR, DORA, MiCA, AML expectations from day one.
In this episode, we answer to:
How do you set up an effective GRC framework for a fintech startup in the EU?
Why must European fintechs prioritize compliance, risk, and governance early to scale safely?
What roles, processes, and oversight are essential to meet PSD2, GDPR, DORA, AML requirements?
Resources Mentioned in this Episode:
European Central Bank (ECB) website, article "The PSD2 supports innovation and competition in retail payments … and enhances the security of payment transactions and the protection of consumer data.", link https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html?
Deloitte website, article "The Revised Payment Services Directive (PSD2)", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/research/psd2-revised-payment-services-directive.html?
European Parliament website, article "GDPR: Overview of the EU General Data Protection Regulation", link https://europa.eu/youreurope/business/dealing-with-customers/data-protection/data-protection-gdpr/index_en.htm?utm_source=chatgpt.com
German BaFin website, article "Prevention of money laundering and terrorist financing", link https://www.bafin.de/EN/Aufsicht/Geldwaeschepraevention/geldwaeschepraevention_node_en.html?
ESMA website, article "Official summary from authoritative EU sources: Digital Operational Resilience Act (DORA)", link https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora?
ESMA website, article "Official overview by the European Securities and Markets Authority (ESMA): Markets in Crypto-Assets Regulation (MiCA)", link https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica?utm_source=chatgpt.com
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
A deep dive into BSI Grundschutz technical measures, systems, networks, applications, monitoring, and evidence-based security. Learn how to move from compliance to operational resilience and why German clients expect proof, not promises.
In this episode, we answer to:
How do BSI Grundschutz technical measures strengthen system, network, and application security?
What evidence-based controls are required to prove resilience and compliance?
How does Grundschutz compare to the NIST Cybersecurity Framework for SaaS and cloud environments?
Resources Mentioned in this Episode:
Eena 112 website, whitepaper "Cybersecurity Practical Approach", link https://eena.org/wp-content/uploads/2020_05_06_Cybersecurity_PracticalApproach.pdf
BSI - German Federal Office for Information Security, publication "BSI Magazin", link https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Magazin/BSI-Magazin_2021-01.pdf?__blob=publicationFile&v=5
ACC Management Consulting, article "BSI - IT Baseline Protection: A Method for Information Security", link https://www.acc-management-consulting.de/bsi-grundschutz-isms
BSI - German Federal Office for Information Security, WiBa tool, link https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/WiBA/WiBA_Tool_Excel.xlsx?__blob=publicationFile&v=2
Dr. Datenschutz website, article "The path to basic security for your IT", link https://www.dr-datenschutz.de/der-weg-in-die-basisabsicherung-fuer-ihre-it/
BSI - German Federal Office for Information Security, article + videos "Getting Started - Guidance and videos for raising awareness of cyber security", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/KMU/leichter_Einstieg/leichter_Einstieg_node.html
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
BSI Grundschutz is the hidden gatekeeper for U.S. companies entering Germany. This episode breaks down the organizational measures, from ISMS design to governance, staff security, and incident evidence, that shape compliance, build trust, and strengthen IT security maturity.
In this episode, we answer to:
What is BSI Grundschutz and why does it matter for U.S. companies expanding to Germany?
How do organizational measures like ISMS, governance, and role clarity improve security and compliance?
How does documenting incidents and responsibilities increase trust with German clients and regulators?
Resources Mentioned in this Episode:
Secureframe website, article "BSI IT-Grundschutz", link https://secureframe.com/frameworks-glossary/bsi-it-grundschutz
Hisolutions website, article "BSI IT-Grundschutz", link https://www.hisolutions.com/security-consulting/informationssicherheit/bsi-it-grundschutz
BSI - German Federal Office for Information Security, article "Advanced Protection", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/KMU/Expertise/Expertise_node.html
BSI - German Federal Office for Information Security, article "IT-Grundschutz", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/it-grundschutz.html
Secfix website, article "ISO 27001 und BSI-Grundschutz", link https://de.secfix.com/beitrag/iso-27001-bsi-grundschutz
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Discover why 70% of ITSM initiatives fail and how a strategic Service Management Office (SMO) transforms ITIL from theory into business value. Learn the six-step SMO blueprint, key metrics, and pitfalls to avoid to elevate ITSM maturity and governance.
In this episode, we answer to:
What is a Service Management Office and why is it critical for ITSM success?
How do you build an SMO with governance, value alignment, and CIO-level sponsorship?
Which metrics and maturity levels define real ITSM performance and business impact?
Resources Mentioned in this Episode:
Pink Elephant website, whitepaper "The IT Service Management Office", link https://www.pinkelephant.com/uploadedfiles/Resources/PinkPapers/The-IT-Service-Management-Office.pdf
Littlefish website, article "Strategic Power of a Service Management Office (SMO)", link https://www.littlefish.co.uk/insights/service-management-office-smo/
IT Process Maps, article "ITIL Service Strategy", link https://wiki.en.it-processmaps.com/index.php/ITIL_Service_Strategy
Echolon website, article "The importance of an effective ITIL® service strategy for success in IT service management", link https://www.echolon.de/en/blog/itil-it-service-strategy/
Scrumprep website, article "Answering: Which metrics will help a Product Owner determine if a product is deliverying value?", link https://scrumprep.com/answering-which-metrics-will-help-a-product-owner-determine-if-a-product-is-delivering-value/
Value Delivery Metric website, video https://youtu.be/pjnkWgq7I6I
ITSM Tools website, article "The Making of an IT Service Management (ITSM) Maturity Model", link https://itsm.tools/the-making-of-a-maturity-model-an-approach-to-culture-and-client-support/
Navvia website, whitepaper "The Making of an IT Service Management (ITSM) Maturity Model", link https://navvia.com/hubfs/MKTG Folder/Learn center - Courses Slides/SMO Service Management Office -Slides.pdf
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
In this episode of The ITSM Practice Podcast, Luigi Ferri dives into Financial Modelling for ITIL-based services — the key to shifting IT from a cost center to a value creator. Learn how Activity-Based Costing (ABC), Unit Costing, Lifecycle Costing, and Showback Models can transform IT governance, pricing clarity, and business alignment in IT Service Management (ITSM).
In this episode, we answer to:
How can IT leaders connect services, costs, and value in ITIL-based organizations?
Which financial models (ABC, Unit Cost, Lifecycle) fit your ITSM strategy best?
How can financial transparency turn IT from “too expensive” to a strategic partner?
Resources Mentioned in this Episode:
PeopleCert website, article "ITIL 4 Value Streams Doing Right Things for Customers", link https://www.axelos.com/resource-hub/blog/itil-4-value-streams-doing-right-things-for-customers
QRP website, article "ITIL 4 Service Value Chain and Value Stream", link https://www.qrpinternational.be/blog/it-governance-and-service-management/service-value-chain-and-value-stream/
IT Process Map website, article "Financial Management", link https://wiki.en.it-processmaps.com/index.php/Financial_Management
PMI website, article "Activity Based Costing (ABC)", link https://www.projectmanagement.com/wikis/232994/activity-based-costing--abc-
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Regional banks face extinction if they don’t evolve. In this episode, Luigi Ferri explains how AI, automation, and customer-driven innovation are redefining digital banking. Learn from Luigi Ferri why “trust” is no longer enough and how agentic banking will shape the future of finance by 2035.
In this episode, we answer to:
Is AI driving banking transformation, or are customers in control?
What is the future of regional banks in the age of agentic AI?
How can traditional banks survive digital disruption and customer flight?
Resources Mentioned in this Episode:
Spherical Insights, article "Global AI Agents In Financial Services Market To Exceed USD 19890.2 Million By 2035 | CAGR 40.03%", link https://www.sphericalinsights.com/press-release/ai-agents-in-financial-services-market
Global Banking and Finance website, article "Banking in 2035 How Emerging Technologies Will Transform the Way We Bank", link https://www.globalbankingandfinance.com/banking-in-2035-how-emerging-technologies-will-transform-the-way-we-bank/
CIO Africa website, article "How Edge Computing Is Transforming Banking", link https://cioafrica.co/how-edge-computing-is-transforming-banking/
World Economic Forum website, article "How Agentic AI will transform financial services with autonomy, efficiency and inclusion", link https://www.weforum.org/stories/2024/12/agentic-ai-financial-services-autonomy-efficiency-and-inclusion/
Money Vehicle website, article "Digital Banking 2024: Exploring the Evolution and Its Impacts", link https://yourmoneyvehicle.com/banking/digital-banking-2024-exploring-the-evolution-and-its-impacts/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
In this episode, Luigi Ferri compares two pillars of cloud security compliance: BSI C5 (Germany) and NIST SP 800-53 (USA). Discover how global banks can harmonize compliance, cut costs, and focus on real security over bureaucracy. Learn how ITSM and IT security teams can transform audit frameworks into governance tools that truly add value.
In this episode, we answer to:
How can global banks manage cloud compliance across BSI C5 and NIST SP 800-53 without duplicating effort?
What are the key differences and overlaps between BSI C5 and NIST SP 800-53?
Does compliance really improve security — or just increase documentation?
Resources Mentioned in this Episode:
German Federal Office for Information Security website, article "Criteria catalogue C5", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/kriterienkatalog-c5_node.html
Securance website, article "What is BSI C5?", link https://audit-professionals.de/bsi-c5/
CyberSaint Security website, article "What is NIST SP 800-53?", link https://www.cybersaint.io/blog/what-is-nist-800-53
6 Clicks website, article "Comparison between NIST Cybersecurity Framework (CSF) and NIST SP 800-53", link https://www.6clicks.com/resources/comparisons/nist-cybersecurity-framework-csf-vs-nist-sp-800-53
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
AI is transforming banking, but so are the rules. In this episode, Luigi Ferri explores how the Artificial Intelligence Control Matrix (AICM) helps financial institutions navigate complex compliance frameworks like ISO 42001, NIST AI RMF, and the EU AI Act, while staying secure and cost-efficient. Discover how to simplify AI governance, reduce audit fatigue, and protect your organization from model poisoning and adversarial risks.
In this episode, we answer to:
How can banks use AI while managing overlapping regulations and compliance frameworks?
What new AI threats (like model poisoning and adversarial inputs) are traditional controls missing?
How does the Artificial Intelligence Control Matrix (AICM) simplify compliance and strengthen AI security?
Resources Mentioned in this Episode:
Alphasec website, article "CSA AI Controls Matrix: A Sneak Preview", link https://alphasec.io/csa-ai-controls-matrix-a-sneak-preview/
Clarendon Partners website, whitepaper "AI Controls in Financial Services", link https://www.clarendonptrs.com/s/05_03_24_AI_Controls_in_Financial_Services_Clarendon_Partners_GRC_Ebook_Compressed.pdf
Bank for International Settlements website, whitepaper "Regulating AI in the financial sector: recent developments and main challenges", link https://www.bis.org/fsi/publ/insights63.htm
Cloud Security Alliance website, whitepaper "AICM mapping to NIST 600-1", link https://cloudsecurityalliance.org/artifacts/aicm-mapping-to-nist-600-1
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Discover how Luigi Ferri explains how Process Mining in ITSM transforms service delivery by revealing real workflows hidden behind your dashboards. Learn how to eliminate bottlenecks, prevent SLA breaches, and align your Service Catalogue with reality. Turn ITSM data into actionable insights for compliance, automation, and continuous improvement.
In this episode, we answer to:
What’s the real difference between Process Mining and Task Mining in ITSM?
How can Process Mining prevent SLA breaches and improve service performance?
How does Process Mining enhance Service Catalogue accuracy and ensure compliance with ISO standards?
Resources Mentioned in this Episode:
Process Science website, article "Process Mining in IT services", link https://www.process-science.com/use-cases/it-services
Mindzie website, article "Top Benefits of Process Mining: Optimize, Analyze, Automate", link https://mindzie.com/process-mining-software/process-mining-benefits/
Celonis website, article "5 Benefits of Using Process Mining for IT Service Management", link https://www.celonis.com/blog/5-benefits-of-using-process-mining-for-it-service-management/
Atlassian website, article "Process Mining Analyze and Optimize Jira Workflows and Processes", link https://community.atlassian.com/forums/App-Central-articles/Process-Mining-Analyze-and-Optimize-Jira-Workflows-and-Processes/ba-p/2768242
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
In this episode of The ITSM Practice, Luigi Ferri explores ISO/IEC 27001:2022 Control 5.3 – Segregation of Duties (SoD). Learn how to reduce risk, design accountability, and strengthen your ISMS with actionable SoD strategies, especially in ITIL 4 environments. Master RBAC, role clarity, and audit readiness to build trust into your IT processes by design.
In this episode, we answer to:
How does ISO 27001:2022 Control 5.3 define and implement Segregation of Duties?
What are effective ways to apply RBAC and SoD in small or resource-limited teams?
How can organizations monitor, log, and prove SoD compliance for audits?
Resources Mentioned in this Episode:
ISMS-Online, article "ISO 27001:2022 Annex A 5.3 – Segregation of duties", link https://de.isms.online/iso-27001/annex-a/5-3-segregation-of-duties-2022/
Morgan Hill website, template "ISO/IEC 27002:2022 | 5.3 - Segregation of Duties Policy Template", link https://morganhillcg.com/blog/item/iso-iec-27002-2022-5-3-segregation-of-duties-policy-template-2
HighTable, article "The Ultimate Guide to ISO 27001:2022 Clause 5.3: Organisational Roles, Responsibilities and Authorities", link https://hightable.io/iso-27001-clause-5-3-organisational-roles-responsibilities-and-authorities/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
The Value Management Office: Moving from Work to Worth. Is your IT team busy… but not sure if it’s delivering real value? In this episode, we uncover how a Value Management Office (VMO) helps organizations shift from tracking activity to measuring true business outcomes. Learn how ITIL 4, value stream mapping, and outcome-based metrics transform IT into a strategic value partner.
Maximize value. Align strategy. Prove impact.
In this episode, we answer to:
What is a Value Management Office (VMO) and how does it differ from a PMO?
How does ITIL 4 enable a modern, outcome-focused VMO?
What value-based metrics should you track to align IT with business goals?
Resources Mentioned in this Episode:
Axelos / PeopleCert, article "The Service Management Office and ITIL 4", link https://www.axelos.com/resource-hub/blog/the-service-management-office-and-itil-4
ITSM Tools, article "ITIL 4 Service Value System (SVS) Explained: Guiding Principles, Practices, and Service Value Chain", link https://itsm.tools/the-itil-4-service-value-system-explained/
Simpliaxis, article "Four Dimensions of ITIL Service Management", link https://www.simpliaxis.com/resources/four-dimensions-of-itil-service-management
Pink Elephant, guide "The IT Service Management Office", link https://www.pinkelephant.com/uploadedfiles/Resources/PinkPapers/The-IT-Service-Management-Office.pdf
BMC, guide "VMO Vendor Management Office", link https://blogs.bmc.com/vmo-vendor-management-office/?print-posts=pdf
ITSM Group, article "Value Stream Mapping", link https://www.itsmgroup.com/en/topics/value-stream-mapping
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Discover how ISO 31000 transforms risk from a compliance task into a shared decision-making mindset. In just 8 minutes, learn how to embed risk-aware thinking across IT, business continuity, cybersecurity, and operations—boosting confidence, clarity, and adaptability in every decision.
In this episode, we answer to:
What makes ISO 31000 different from other risk management standards?
How can organizations embed risk thinking into daily decisions?
How does ISO 31000 integrate with ISO 27005, ISO 22301, and ISO 31010?
Resources Mentioned in this Episode:
ISO 31000 Standard, link https://www.iso.org/standard/65694.html
Pirani, article "ISO 31000 Simplified: Elevate Your Risk Strategy", link https://www.piranirisk.com/blog/iso-31000
ISO, guide "ISO 31000 Risk Management", link https://thaiindustrialoffice.files.wordpress.com/2016/02/iso_31000_for_smes.pdf
Global Suite, article "ISO 31000: The standard that helps you manage risks", link https://www.globalsuitesolutions.com/what-is-iso-31000-standard-and-what-is-its-purpose/
Ideagen, article "Principles of risk management explained", link https://www.ideagen.com/thought-leadership/blog/principles-of-risk-management-explained
Advisera, article "What is ISO 31000?", link https://advisera.com/articles/what-is-iso-31000/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Discover how to align BIAN Service Domains with ITIL 4's Service Value System to transform your static CMDB into a dynamic capability governance model. Learn how to drive business value, enable composable architecture, and build accountability in IT services. A must-listen for anyone in Enterprise Service Management, IT Governance, or Banking IT Architecture.
In this episode, we answer to:
What is BIAN and how do Service Domains enable composable banking architecture?
How can ITIL 4’s Service Value System enhance governance and ownership in IT?
Why is capability-based ownership better than traditional CMDB tracking?
Resources Mentioned in this Episode:
BIAN Official Website, article "Service Landscape", link https://bian.org/deliverables/service-landscape/
Fusion5, article "Life of BIAN", link https://www.fusion5.com/nz/integration-services/blogs/what-is-bian
Mamta Sarangal BIAN Chief Architect, article "The Role of Service Domain Specialization in Adopting BIAN - Banking Industry Reference Architecture.", link https://www.linkedin.com/pulse/role-service-domain-specialization-adopting-bian-banking-sarangal-xd35c/
Sprintzeal, article "Service Value System in ITIL 4 Explained in Detail", link https://www.sprintzeal.com/blog/service-value-system
BIAN document "BIAN Semantic API Pactitioner Guide V8.1 Final", link https://bian.org/wp-content/uploads/2024/12/BIAN-Semantic-API-Pactitioner-Guide-V8.1-FINAL.pdf
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
In Part 2 of this essential discussion, we move from theory to practice. You’ll learn how to integrate security into service management using frameworks like ITIL, practical change controls, and unified incident response plans.
Discover the culture shift needed to make ITSM and security teams collaborate effectively. Learn how to embed security into change management workflows and why continuous improvement cycles are key to resilience in a fast-moving threat landscape.
In this episode, we answer to:
How can ITIL help integrate security into day-to-day operations?
What strategies ensure successful collaboration between ITSM and cybersecurity?
How do change management and incident response reduce security risks?
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
In Part 1 of this powerful two-part series, we break down the foundational link between IT Security and IT Service Management (ITSM). You'll discover how service management processes such as incident handling, asset visibility, and change control provide the essential structure that cybersecurity needs to succeed.
IT Security is not a silo. It depends on the operational strength of ITSM to manage risk, respond to threats, and ensure compliance. Learn why neglecting ITSM weakens your entire security posture and what steps to take first.
In this episode, we answer to:
What is the fundamental relationship between IT Security and IT Service Management?
Why is asset management critical to both cybersecurity and ITSM?
What are the risks of managing IT security without service processes?
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Struggling to prove the value of your cybersecurity efforts? In this episode of The ITSM Practice, Luigi Ferri shows how to turn cybersecurity metrics into business assets. Learn why measuring outcomes—not just activities—can elevate security from cost center to competitive advantage.
In this episode, we answer to:
What should you measure to show cybersecurity effectiveness in business terms?
How do ISO 27001 and NIST CSF influence security KPIs and KRIs?
How can vendor risk be quantified using security ratings?
Resources Mentioned in this Episode:
Safe website, article "Aligning IT and Cybersecurity: The Missing Piece in Business Alignment", link https://safe.security/resources/blog/aligning-it-cybersecurity/
Microsoft Security website, article "Overview of critical asset management", link https://learn.microsoft.com/en-us/security-exposure-management/critical-asset-management
Bitsight website, article "Third-Party Cyber Risk Assessments", link https://www.bitsight.com/glossary/third-party-cyber-risk-assessment
ISMS.online website, article "How to Track ISO 27001 Milestones and Measure Success", link https://www.isms.online/iso-27001/how-to-track-iso-27001-milestones-and-measure-success/
ISACA Germany website, guideline "KPI Guide 2024", link https://www.isaca.de/images/Publikationen/Leitfaden/ISACA_KPI_Guide_2024.pdf
HighTable website, article "ISO 27001 Monitoring, Measurement, Analysis, Evaluation: Clause 9.1", link https://hightable.io/iso-27001-clause-9-1-monitoring-measurement-analysis-evaluation-essential-guide/
Rikkeisoft website, article "Data-Driven Security: Transforming Protection Through Analytics", link https://rikkeisoft.com/th/blog-th/data-driven-security-transforming-protection-through-analytics/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Agentic AI is here, learning, deciding, and acting without human approval. But is your organization mature enough to secure it? In this episode, we explore how to align AI autonomy with tailored security controls using NIST maturity tiers and ISO frameworks.
In this episode, we answer to:
What makes agentic AI different from traditional automation?
Why can’t existing controls fully secure autonomous systems?
How should your AI security evolve with your maturity level?
Resources Mentioned in this Episode:
KOVRR website, article "Cybersecurity Maturity Model Implementation: A How-To Get Started Guide", link https://www.kovrr.com/blog-post/cybersecurity-maturity-model-implementation---a-how-to-get-started-guide
Lindiwe Matlali, article "The Hidden Risks of Agentic AI: How Autonomous Systems Could Be Exploited and How to Defend Against Them", https://www.linkedin.com/pulse/hidden-risks-agentic-ai-how-autonomous-systems-could-defend-matlali-cekue
Forbes, article "Overcoming Cybersecurity Challenges In Agentic AI". link https://www.forbes.com/sites/tonybradley/2025/03/26/overcoming-cybersecurity-challenges-in-agentic-ai/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
Discover how to reduce call center costs without damaging customer trust. In this episode of The ITSM Practice, Luigi Ferri shares strategic insights on balancing automation, training, remote work, and compliance for long-term value. Make savings without losing meaning.
In this episode, we answer to:
How can organizations reduce call center costs without harming customer relationships?
What are the hidden costs in call centers that leaders often overlook?
Where should automation begin to improve service and efficiency?
Resources Mentioned in this Episode:
WOW24-7 website, article "How Much Does It Cost to Outsource Customer Service?", link https://wow24-7.com/blog/how-much-do-different-call-centers-cost-for-outsourcing-call-center-outsourcing-cost-comparison-2
Zoom website, article "What is call center compliance? Guide for 2025", link https://www.zoom.com/en/blog/call-center-compliance/
The Recruitment Co website, article "The Case for Remote Working in Contact Centre Workforces", link https://therecruitmentco.uk/the-case-for-remote-working-in-contact-centre-workforces/
KnowMax website, article "9 Actionable Tips for Call Center Cost Reduction", link https://knowmax.ai/blog/call-center-cost-reduction/
Kommunicate website, article "Putting the ‘Service’ in Self-Service: AI that Solves Problems", link https://www.kommunicate.io/blog/ai-self-service-for-customer-support/
Contact Point 3610 website, article "The Benefits of Speech Analytics in Improving Call Center Performance" link https://contactpoint360.com/blog/speech-analytics-for-contact-centers/
CX Today website, article "The Evolution of Generative AI Regulations: Preparing your Contact Center", link https://www.cxtoday.com/contact-center/the-evolution-of-generative-ai-regulations-preparing-your-contact-center-content-guru/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya