In the last two decades, we have seen the IS organization mature in its approach to software development. In the 1970s and 1980s, most business applications were developed and maintained at a cost. Many proprietary applications were unreliable, expensive to maintain and even more expensive to change. Now, most medium- and large-size organizations have increased efficiency, effectiveness, integrity and agility by extensive use of packaged software.

A similar transformation is also happening in the IS organization itself, and in its use of standards to improve IS processes. Enterprises are achieving significant results by using IT standards.

It's a pity that standards are so hard to get the value from, and so easy to turn into a mindlessly unhelpful bureaucracy

Standards are frameworks, guidelines and templates for improving the performance of IS processes and IT assets, including CobiT, ITIL, ISO20000, CMMi, TMM, ISO17799 and Six Sigma. They offer a solid base of best practice and collected wisdom that the CIO can apply to their IS organization, first to stabilize IS process and then to drive forward with process improvement.

Most of the better known standards are supported by mature standards bodies, dedicated to development and refinement. Most standards also enjoy a large and lively user community that provides help, insight and endless success stories.

Pity then that standards are so hard to get the value from, and so easy to turn into a mindlessly unhelpful bureaucracy.

First understand what problem you're trying to fix. In an ideal world, you would have one standard for IT management and improvement that covered all areas of IT governance, oversight and service delivery — and was suitable for all enterprises. We are not in that ideal world. Few standards that exist are explicitly linked to business strategy.

Nor are their definitions much better. Most are so loosely defined that their implementation seems more a matter of personal choice rather than following a well-defined set of instructions. Neither are they much better on scope. No standard is comprehensive, or perfect for all situations, with many IS processes and activities not covered at all.

So what is the best approach to selecting and implementing standards and frameworks to drive business contribution from IS?

Rather than approaching standards in a reactive or piecemeal way, the best way to start is to figure out what outcome is it that you are looking for and work out how standards can help you. Typically, there are four big reasons why people look to standards.

First there's efficiency: Enterprise efficiency goals suggest a rigorous, prescriptive focus on a quality improvement standard (for example, ISO 9000, Six Sigma, Lean) to squeeze cost out of processes. In that context, IT service management standards (like ITIL) should be used tactically to make IT processes more efficient and create better transparency, which drives business efficiency.

Next there's integrity: If integrity goals such as regulatory compliance or major partner reliability dominate, lead with a control-focused standard like CobiT, using quality improvement standards to drive continuous improvement, and IT service standards such as ITIL and ISO 20000 to address control issues.

Thirdly, there's effectiveness: Where effectiveness is the major aim, such as driving organic top-line growth, use a service management standard targeted at boosting productivity, with quality improvement standards as the backdrop, ensuring that specific productivity gains do not compromise the overall business model.

Finally, there's agility: Where the enterprise wants agility — perhaps to manage significant changes in the enterprise such as mergers and acquisitions — employ a general quality improvement standard as the overall agility assessment and improvement engine, driving simplicity and visibility into commodity processes to aid change and integration.