ISO 31000: Building Risk-Aware Culture Through Smarter Decisions

The Value Management Office: Moving from Work to Worth. Is your IT team busy… but not sure if it’s delivering real value? In this episode, we uncover how a Value Management Office (VMO) helps organizations shift from tracking activity to measuring true business outcomes. Learn how ITIL 4, value stream mapping, and outcome-based metrics transform IT into a strategic value partner.Maximize value. Align strategy. Prove impact.In this episode, we answer to:What is a Value Management Office (VMO) and how does it differ from a PMO?How does ITIL 4 enable a modern, outcome-focused VMO?What value-based metrics should you track to align IT with business goals?Resources Mentioned in this Episode:Axelos / PeopleCert, article "The Service Management Office and ITIL 4", link https://www.axelos.com/resource-hub/blog/the-service-management-office-and-itil-4 ITSM Tools, article "ITIL 4 Service Value System (SVS) Explained: Guiding Principles, Practices, and Service Value Chain", link https://itsm.tools/the-itil-4-service-value-system-explained/ Simpliaxis, article "Four Dimensions of ITIL Service Management", link https://www.simpliaxis.com/resources/four-dimensions-of-itil-service-management Pink Elephant, guide "The IT Service Management Office", link https://www.pinkelephant.com/uploadedfiles/Resources/PinkPapers/The-IT-Service-Management-Office.pdf BMC, guide "VMO Vendor Management Office", link https://blogs.bmc.com/vmo-vendor-management-office/?print-posts=pdf ITSM Group, article "Value Stream Mapping", link https://www.itsmgroup.com/en/topics/value-stream-mapping Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how ISO 31000 transforms risk from a compliance task into a shared decision-making mindset. In just 8 minutes, learn how to embed risk-aware thinking across IT, business continuity, cybersecurity, and operations—boosting confidence, clarity, and adaptability in every decision.In this episode, we answer to:What makes ISO 31000 different from other risk management standards?How can organizations embed risk thinking into daily decisions?How does ISO 31000 integrate with ISO 27005, ISO 22301, and ISO 31010?Resources Mentioned in this Episode:ISO 31000 Standard, link https://www.iso.org/standard/65694.htmlPirani, article "ISO 31000 Simplified: Elevate Your Risk Strategy", link https://www.piranirisk.com/blog/iso-31000 ISO, guide "ISO 31000 Risk Management", link https://thaiindustrialoffice.files.wordpress.com/2016/02/iso_31000_for_smes.pdf Global Suite, article "ISO 31000: The standard that helps you manage risks", link https://www.globalsuitesolutions.com/what-is-iso-31000-standard-and-what-is-its-purpose/ Ideagen, article "Principles of risk management explained", link https://www.ideagen.com/thought-leadership/blog/principles-of-risk-management-explained Advisera, article "What is ISO 31000?", link https://advisera.com/articles/what-is-iso-31000/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how to align BIAN Service Domains with ITIL 4's Service Value System to transform your static CMDB into a dynamic capability governance model. Learn how to drive business value, enable composable architecture, and build accountability in IT services. A must-listen for anyone in Enterprise Service Management, IT Governance, or Banking IT Architecture.In this episode, we answer to:What is BIAN and how do Service Domains enable composable banking architecture?How can ITIL 4’s Service Value System enhance governance and ownership in IT?Why is capability-based ownership better than traditional CMDB tracking?Resources Mentioned in this Episode: BIAN Official Website, article "Service Landscape", link https://bian.org/deliverables/service-landscape/Fusion5, article "Life of BIAN", link https://www.fusion5.com/nz/integration-services/blogs/what-is-bianMamta Sarangal BIAN Chief Architect, article "The Role of Service Domain Specialization in Adopting BIAN - Banking Industry Reference Architecture.", link https://www.linkedin.com/pulse/role-service-domain-specialization-adopting-bian-banking-sarangal-xd35c/Sprintzeal, article "Service Value System in ITIL 4 Explained in Detail", link https://www.sprintzeal.com/blog/service-value-systemBIAN document "BIAN Semantic API Pactitioner Guide V8.1 Final", link https://bian.org/wp-content/uploads/2024/12/BIAN-Semantic-API-Pactitioner-Guide-V8.1-FINAL.pdfConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In Part 2 of this essential discussion, we move from theory to practice. You’ll learn how to integrate security into service management using frameworks like ITIL, practical change controls, and unified incident response plans.Discover the culture shift needed to make ITSM and security teams collaborate effectively. Learn how to embed security into change management workflows and why continuous improvement cycles are key to resilience in a fast-moving threat landscape.In this episode, we answer to:How can ITIL help integrate security into day-to-day operations?What strategies ensure successful collaboration between ITSM and cybersecurity?How do change management and incident response reduce security risks?Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In Part 1 of this powerful two-part series, we break down the foundational link between IT Security and IT Service Management (ITSM). You'll discover how service management processes such as incident handling, asset visibility, and change control provide the essential structure that cybersecurity needs to succeed.IT Security is not a silo. It depends on the operational strength of ITSM to manage risk, respond to threats, and ensure compliance. Learn why neglecting ITSM weakens your entire security posture and what steps to take first.In this episode, we answer to:What is the fundamental relationship between IT Security and IT Service Management?Why is asset management critical to both cybersecurity and ITSM?What are the risks of managing IT security without service processes?Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Struggling to prove the value of your cybersecurity efforts? In this episode of The ITSM Practice, Luigi Ferri shows how to turn cybersecurity metrics into business assets. Learn why measuring outcomes—not just activities—can elevate security from cost center to competitive advantage.In this episode, we answer to:What should you measure to show cybersecurity effectiveness in business terms?How do ISO 27001 and NIST CSF influence security KPIs and KRIs?How can vendor risk be quantified using security ratings?Resources Mentioned in this Episode:Safe website, article "Aligning IT and Cybersecurity: The Missing Piece in Business Alignment", link https://safe.security/resources/blog/aligning-it-cybersecurity/ Microsoft Security website, article "Overview of critical asset management", link https://learn.microsoft.com/en-us/security-exposure-management/critical-asset-management Bitsight website, article "Third-Party Cyber Risk Assessments", link https://www.bitsight.com/glossary/third-party-cyber-risk-assessment ISMS.online website, article "How to Track ISO 27001 Milestones and Measure Success", link https://www.isms.online/iso-27001/how-to-track-iso-27001-milestones-and-measure-success/ ISACA Germany website, guideline "KPI Guide 2024", link https://www.isaca.de/images/Publikationen/Leitfaden/ISACA_KPI_Guide_2024.pdf HighTable website, article "ISO 27001 Monitoring, Measurement, Analysis, Evaluation: Clause 9.1", link https://hightable.io/iso-27001-clause-9-1-monitoring-measurement-analysis-evaluation-essential-guide/ Rikkeisoft website, article "Data-Driven Security: Transforming Protection Through Analytics", link https://rikkeisoft.com/th/blog-th/data-driven-security-transforming-protection-through-analytics/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Agentic AI is here, learning, deciding, and acting without human approval. But is your organization mature enough to secure it? In this episode, we explore how to align AI autonomy with tailored security controls using NIST maturity tiers and ISO frameworks.In this episode, we answer to:What makes agentic AI different from traditional automation?Why can’t existing controls fully secure autonomous systems?How should your AI security evolve with your maturity level?Resources Mentioned in this Episode:KOVRR website, article "Cybersecurity Maturity Model Implementation: A How-To Get Started Guide", link https://www.kovrr.com/blog-post/cybersecurity-maturity-model-implementation---a-how-to-get-started-guide Lindiwe Matlali, article "The Hidden Risks of Agentic AI: How Autonomous Systems Could Be Exploited and How to Defend Against Them", https://www.linkedin.com/pulse/hidden-risks-agentic-ai-how-autonomous-systems-could-defend-matlali-cekue Forbes, article "Overcoming Cybersecurity Challenges In Agentic AI". link https://www.forbes.com/sites/tonybradley/2025/03/26/overcoming-cybersecurity-challenges-in-agentic-ai/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how to reduce call center costs without damaging customer trust. In this episode of The ITSM Practice, Luigi Ferri shares strategic insights on balancing automation, training, remote work, and compliance for long-term value. Make savings without losing meaning.In this episode, we answer to:How can organizations reduce call center costs without harming customer relationships?What are the hidden costs in call centers that leaders often overlook?Where should automation begin to improve service and efficiency?Resources Mentioned in this Episode:WOW24-7 website, article "How Much Does It Cost to Outsource Customer Service?", link https://wow24-7.com/blog/how-much-do-different-call-centers-cost-for-outsourcing-call-center-outsourcing-cost-comparison-2 Zoom website, article "What is call center compliance? Guide for 2025", link https://www.zoom.com/en/blog/call-center-compliance/ The Recruitment Co website, article "The Case for Remote Working in Contact Centre Workforces", link https://therecruitmentco.uk/the-case-for-remote-working-in-contact-centre-workforces/ KnowMax website, article "9 Actionable Tips for Call Center Cost Reduction", link https://knowmax.ai/blog/call-center-cost-reduction/ Kommunicate website, article "Putting the ‘Service’ in Self-Service: AI that Solves Problems", link https://www.kommunicate.io/blog/ai-self-service-for-customer-support/ Contact Point 3610 website, article "The Benefits of Speech Analytics in Improving Call Center Performance" link https://contactpoint360.com/blog/speech-analytics-for-contact-centers/ CX Today website, article "The Evolution of Generative AI Regulations: Preparing your Contact Center", link https://www.cxtoday.com/contact-center/the-evolution-of-generative-ai-regulations-preparing-your-contact-center-content-guru/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

A project that met every milestone, but left users unchanged. In this episode, we reveal why real success isn’t measured by delivery but by perception. Discover how top project leaders manage meaning, not just metrics.In this episode, we answer to:How do you define project success beyond KPIs and timelines?Why is stakeholder perception more important than status reports?What practical steps help uncover silent misalignment in projects?Resources Mentioned in this Episode:Project Management Institute, article "Managing Perceptions for Project Success: How Stakeholders Shape Reality", link https://www.pmi.org/blog/managing-perceptions-for-project-success Science Direct - Elsevier, article "Different stakeholder groups and their perceptions of project success", link https://www.sciencedirect.com/science/article/pii/S0263786313000276 IRMBR website, article "Relationship between Stakeholders Perceptions of Project Success and Project Planning", link https://irmbrjournal.com/paper_details.php?id=821 Institute Project Management, article "Strategic Narratives: Enhancing Project Management with Storytelling Techniques", link https://instituteprojectmanagement.com/blog/strategic-narratives-enhancing-project-management-with-storytelling-techniques/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover why shifting from traditional process maps to value stream mapping transforms ITSM. Luigi Ferri explains how VSM breaks silos, aligns IT with business value, and improves service visibility. Learn how to expose waste, measure impact, and build flow-focused culture in modern organizations.In this episode, we answer to:What is the difference between process maps and value stream mapping in ITSM?How does value stream thinking align IT services with business outcomes?What challenges do organizations face when adopting VSM, and how can they overcome them?Resources Mentioned in this Episode:Digicomp website, article "What is Value Stream Mapping?", link https://digicomp.ch/blog/2020/02/25/value-stream-mapping-in-itil-4 Luigi Ferri, article "Embracing the Shift: How Value Stream Mapping Enhances ITIL's Lifecycle Approach", link https://www.linkedin.com/pulse/embracing-shift-how-value-stream-mapping-enhances-itils-luigi-ferri Serview website, article "Breaking down silos: Value Streams in ITIL® 4", link https://en.serview.de/blog/blast-silos-value-troughs-in-itilr-4 Digital AI website, article "SAFe® Value Stream Mapping Software", link https://digital.ai/solutions/safe-scaled-agile-framework/ Lean Enterprise Institute, article "Value Stream Mapping", link https://www.lean.org/lexicon-terms/value-stream-mapping/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya