While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The ISO/IEC 20000 standard is a pass-fail certification that requires complete adoption of a specific subset of the IT Infrastructure Library.
There’s not huge interest in the standard yet, but “external service providers are beginning to do it. It’s like a Good Housekeeping seal of approval,” says Gartner research vice president Ed Holub,
The Defense Information Services Agency is pursuing certification because the agency provides IT services across the Defense Department, says Drew Jaehnig, chief of DISA’s IT Service Management Office. The certification “speaks to our customers,” Jaehnig says. “It says that we know what we’re doing; certification proves that.”
But certification might not be right for all organizations, he acknowledges. “It’s relatively expensive. The cost-benefit ratio might not be worth it for smaller agencies.”
If an agency doesn’t pursue official certification, Jaehnig recommends aiming for compliance, using the ISO standard as a checklist.
The Federal Aviation Administration’s Systems Management Facility data center in Oklahoma City in May 2009 became the first federal agency to achieve ISO/IEC 20000-1:2005 certification.
“It allows us to provide the best possible service to our customers and stakeholders,” says Scott George, the data center’s ISO/IEC 20000 coordinator. The data center pursued certification “to ensure we were properly implementing the service management standard.”
FAA began the certification process in 2006 after the release of ISO 20000, which George says specifically targets IT environments such as data centers. Next up? The FAA data center will begin migrating to ITIL Version 3.