The ITSM Practice: Elevating ITSM and IT Security Knowledge

Fintech leaders: stop defaulting to ISO 42001. Discover how FINOS empowers you to design scalable, audit-ready AI governance before regulation forces your hand. Learn to align controls, reduce risk, and build governance by design—not by pressure.In this episode, we answer to:What makes FINOS a powerful alternative to ISO 42001?How can fintechs design governance before audits hit?Why does governance fail without alignment?Resources Mentioned in this Episode:FINOS website, article "AI Strategic initiative series: Building an AI Governance Framework - Key Takeaways from the NYC Workshop", link https://www.finos.org/blog/building-an-ai-governance-framework-key-takeaways-from-the-nyc-workshop FINOS website, article "FINOS AI Governance Framework v1.0 — Turning Drafts into Deployable Guardrails", link https://www.finos.org/blog/finos-ai-governance-framework-v1.0-turning-drafts-into-deployable-guardrails Air Governance website, article "A heuristic approach to identifying GenAI risks", link https://air-governance-framework.finos.org/heuristic-assessment.html Air Governance website, article "FINOS AI Governance Framework", link https://air-governance-framework.finos.org GitHub website, repo "finos/ai-governance-framework - Public", link https://github.com/finos/ai-governance-framework Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

A single question can expose a major cloud risk: who is responsible? This episode breaks down the cloud shared responsibility model, revealing how unclear ownership, misconfigurations, and weak governance lead to data breaches, and how ISO/IEC 27017 helps close the gaps.In this episode, we answer to:Who is really accountable for cloud security failures?Why do misconfigurations cause most cloud data breaches?How does ISO/IEC 27017 strengthen cloud security governance?Resources Mentioned in this Episode:ISO Standards website, standard ISO/IEC 27017:2015, link https://www.iso.org/standard/43757.htmlVanta website, article "The ultimate guide to ISO 27017", link https://www.vanta.com/collection/iso-27001/guide-to-iso-27017Microsoft website, article "ISO/IEC 27017:2015", link https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27017 Safeshield website, article "Why should SaaS companies comply with the ISO/IEC 27017 security standard for cloud service providers (CSP)", link https://www.safeshield.cloud/why-should-saas-companies-comply-with-the-iso-27017-security-standard-for-cloud-service-providers-csp NordLayer website, article "ISO 27017: cloud protection essentials", link https://nordlayer.com/learn/iso/iso-27017/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Most organisations manage only build and operate, ignoring growth, where security risk explodes. Luigi Ferri reveals how CISOs miss the most critical phase, where scaling, DevOps, and rapid decisions create hidden security debt. This episode challenges leaders to shift from reactive controls to full product lifecycle governance before risk turns into incidents.In this episode, we answer to:Why is product growth the most dangerous phase for cybersecurity risk?Are CISOs governing product lifecycle or just reacting to failures?How does DevOps accelerate delivery but weaken security accountability?Resources Mentioned in this Episode:Advisera website, article "ISO 27001 control 8.25 Secure development life cycle", link https://advisera.com/iso27001/control-8-25-secure-development-life-cycle/ Ikarus website, article "Security by Design", link https://www.ikarussecurity.com/en/security-news-en/security-by-design-cybersecurity-throughout-the-product-life-cycle/ Netguru website, article "SaaS Development Life Cycle: Key Stages & Best Practices", link https://www.netguru.com/blog/saas-development-life-cycle DevOps by Techstrong Group website, article "DevSecOps: Integrating Security Into the DevOps Lifecycle", link https://devops.com/devsecops-integrating-security-into-the-devops-lifecycle/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

ITIL 5 exposes a critical ITSM flaw: Service Owners held accountable without authority. Discover how broken governance, security vs delivery conflicts, and unclear decision rights undermine outcomes. Learn why real accountability starts before operations, and how to redesign Enterprise Service Management for true leadership.In this episode, we answer to:Why are Service Owners accountable but not empowered in ITIL 5?How does the security vs delivery tension reveal weak ITSM governance?Resources Mentioned in this Episode:PeopleCert website, article "Understanding the evolution of ITIL", link https://www.peoplecert.org/news-and-announcements/itil-version-5-explained Learning Tree International website, article "ITIL® (Version 5) Has Arrived", link https://www.learningtree.com/blog/itil-5-launch-what-you-need-to-know/ Agile PM Hub website, article "ITIL® 5 Is Here: What’s New and Why It Matters", link https://agilepmhub.com/blog/itil-version-5-whats-new-and-why-it-matters Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

PSD3 is reshaping payments security, moving beyond PSD2’s access model to address fraud, scams and trust abuse. This episode explains why strong authentication is no longer enough, how APIs become critical to trust, and what banks and fintechs must change to stay secure, compliant and resilient.In this episode, we answer to:What makes PSD3 fundamentally different from PSD2 in payments security?Is strong customer authentication enough to stop modern fraud?How do APIs influence trust, performance and security under PSD3?Resources Mentioned in this Episode: Stripe website, article "What platforms and marketplaces can expect from PSD3", link https://stripe.com/guides/what-platforms-and-marketplaces-can-expect-from-psd3 Trustbuilder website, article "From PSD2 to PSD3: What’s Changing in the Future of Payments in Europe", link https://www.trustbuilder.com/en/psd2-psd3-directive-future-payments-europe/ Deloitte website, article "Shedding light on PSD3/PSR", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/perspectives/shedding-light-on-psd3-psr.html Schoenherr website, article "The EU's new Payments Services Package", link https://www.schoenherr.eu/content/the-eu-s-new-payments-services-package European Payments Council, article "What do the PSD3 and PSR mean for the payments sector", link https://www.europeanpaymentscouncil.eu/news-insights/insight/what-do-psd3-and-psr-mean-payments-sector Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

AI governance maturity can be misleading. Many organizations rely on frameworks, policies, and dashboards that signal control but fail to reflect true understanding of AI systems. This episode explores the Governance–Understanding Gap, highlighting why unclear decision ownership and limited system insight create hidden risks in AI, ITSM, and Enterprise Service Management environments.In this episode, we answer to:What is the worst decision an AI system could realistically make in practice?Which AI system in the organization is least understood and hardest to explain?If an AI system makes a harmful decision, who is accountable for it?Resources Mentioned in this Episode: NIST website, framework "AI Risk Management Framework", link https://www.nist.gov/itl/ai-risk-management-frameworkEuropean Commission website, policy "Artificial Intelligence", link https://digital-strategy.ec.europa.eu/en/policies/artificial-intelligenceISO Standards website, ISO/IEC 42001 standard, link https://www.iso.org/standard/81230.htmlMIT Sloan Management Review website, article "A framework for assessing AI risk", link https://mitsloan.mit.edu/ideas-made-to-matter/a-framework-assessing-ai-riskStanford Human-Centered AI website, article " AI Index 2025", link https://aiindex.stanford.eduConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

DevSecOps promises shared security responsibility, but what happens when accountability shifts without decision authority? In this episode of The ITSM Practice Podcast, Luigi Ferri explores governance gaps, risk ownership, Security Champions, burnout, and structural ambiguity in DevSecOps. A sharp reflection for CISOs, AppSec leaders, and ITSM professionals navigating security governance and enterprise risk management.In this episode, we answer to:Who is explicitly allowed to accept risk in a DevSecOps operating model?What happens when developers receive security accountability without authority?Are Security Champions strengthening governance, or masking leadership gaps?Resources Mentioned in this Episode: Blackduck website, article "DevSecOps: The good, the bad, and the ugly", link https://www.blackduck.com/blog/devsecops-challenges-benefits.htmlJit website, article "6 DevSecOps Best Practices that Enable Developers to Deliver Secure Code", link https://www.jit.io/resources/devsecops/a-practical-guide-to-devsecops-making-it-work-for-developersDecipher Bureau website, article "DevSecOps Professionals: Avoiding ‘The Great Burnout’", link https://www.decipherbureau.com/news/articles/devsecops-professionals-avoiding-the-great-burnout/ Security Journey website, article "From Disruption to Integration: Rethinking Just-in-Time Security Training", link https://www.securityjourney.com/post/from-disruption-to-integration-rethinking-just-in-time-security-training Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Enterprise Risk Management (ERM) often looks mature—risk registers, ISO 31000 alignment, MoR processes—yet fails to influence real decisions. In fintech and regulated environments, risk governance must shape judgment, not just document compliance. This episode explores why ISO 31000 and MoR lose impact under pressure, and how to align risk appetite, decision-making, and operational execution before risk accumulates.In this episode, we answer to:How can ISO 31000 truly influence enterprise decision-making in fast-moving fintech environments?Why does Management of Risk (MoR) become procedural compliance instead of strategic risk governance?How can Enterprise Risk Management integrate risk appetite, governance, and operational execution without losing agility?Resources Mentioned in this Episode:Axelos website, white paper "Everything You Wanted to Know About MoR in Less Than 1,000 Words", link https://www.axelos.com/resource-hub/white-paper/everything-you-wanted-to-know-about-m-o-r-in-less-than-1000-words Goodelearning website, article "What is Management of Risk (M_o_R)?", link https://goodelearning.com/articles/what-is-management-of-risk/ Best Practice LMS website, article "M_o_R® - Introduction", link http://www.bestpracticelms.com/mLearn/SPM-App/MOR.html ISO official website, ISO 31000:2018 standard, link https://www.iso.org/standard/65694.html Pacific Certifications, article "ISO 31000: Risk Management Framework Explained for Modern Organizations", link https://blog.pacificcert.com/iso-31000-risk-management-framework-explained/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of the ITSM Practice Podcast, Luigi Ferri explores how ITIL 5 shifts leadership from explaining incidents to owning systemic decisions. In complex service ecosystems, governance must move upstream—before automation, architecture, and risk scale. True IT Service Management leadership is no longer about post-incident justification, but about accountable decision design in Enterprise Service Management.In this episode, we answer to:How does ITIL 5 redefine accountability in modern IT Service Management?Why is governance shifting upstream in complex, automated service environments?Are Heads of Service accountable for decisions they did not design?Resources Mentioned in this Episode: ITIL Training Academy website, article "ITIL® (Version 5): Everything New in ITIL Latest Version", link https://www.itil.org.uk/blog/itil-version-5-a-complete-guidePeopleCert website, article "ITIL, The Language of Growth", link https://www.peoplecert.org/Frameworks-Professionals/ITIL-frameworkPMG Academy website, article "The Definitive Guide to ITIL® Version 5 Foundation", link https://www.pmgacademy.com/en/articles/itil/the-definitive-guide-to-itil-version-5-foundation/ITIL official website, article "ITIL AI Governance White Paper", link https://www.itil.com/Itil-News-and-Announcements/ai-governance-white-paper INOC website, article "5 ITIL Incident Management Best Practices", link https://www.inoc.com/blog/itil-incident-management Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl and risk misalignment. A sharp reflection on cybersecurity governance, enterprise risk management and why compliance without thinking weakens leadership.In this episode, we answer to:Is compliance replacing real risk-based security governance?Why do organizations accumulate ISO, NIST and SCF instead of clarifying risk ownership?How does ITIL 5 transform control frameworks into accountable governance?Resources Mentioned in this Episode:Compliance Forge website, article "The Secure Controls Framework (SCF) Is The Common Controls Framework (CCF)", link https://complianceforge.com/scf/what-is-the-scf/ Secure Controls Framework website, article "The SCF Makes Compliance A Natural Byproduct of Secure Practices", link https://securecontrolsframework.com/what-is-the-scf/ Secure Controls Framework on GitHub, article "The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to over 100 cybersecurity and privacy-related laws, regulations and industry frameworks", link https://github.com/securecontrolsframework/securecontrolsframework Secure Controls Framework website, article "Security, Compliance & Resilience (SCR) Principles", link https://securecontrolsframework.com/domains-principles/ Secure Controls Framework website, article "Secure, Compliant & Resilient Capability Maturity Model (SCR-CMM)", link https://securecontrolsframework.com/free/capability-maturity-model/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

ITIL 5 marks a decisive shift in IT Service Management. Moving beyond ITIL 4, it reframes services as AI-enabled digital product–service systems governed through data-driven decision models. This episode explores governance, accountability, CIO and CISO implications, and why ITIL 5 transforms service management into system leadership in an AI-native world.In this episode, we answer to:How does ITIL 5 redefine IT Service Management in an AI-native environment?What changes from ITIL 4 to ITIL 5 in governance, digital products, and value streams?What does ITIL 5 mean for CIOs and CISOs managing AI-driven digital services?Resources Mentioned in this Episode:ITIL Training Academy website, article "ITIL® (Version 5): Everything New in ITIL Latest Version", link https://www.itil.org.uk/blog/itil-version-5-a-complete-guideServiceNow website, article "Understanding ITIL 5: What’s New and How It Builds on ITIL 4", link https://www.servicenow.com/community/virtual-agent-forum/understanding-itil-5-what-s-new-and-how-it-builds-on-itil-4/m-p/3478594 Novelvista website, article "ITIL 4 vs ITIL (Version 5): What’s New, Changed, and Refined?", link https://www.novelvista.com/blogs/it-service-management/itil4-vs-itil5 PeopleCert website, article "ITIL Foundation (Version 5)", link https://www.peoplecert.org/browse-certifications/it-governance-and-service-management/ITIL-1/itil-5-foundation-version-50-4154Tarun Dewat, LinkedIn post "ITIL 5 has officially arrived, and it’s one of the most transformative updates the IT service management world has seen in years", link https://www.linkedin.com/posts/tarun-dewat-699818222_itil-5-has-officially-arrived-and-its-one-activity-7422705091654275073-6AxT ageeogee user on Reddit, post "Will ITIL 5 look more like 3 or 4?", link https://www.reddit.com/r/ITIL/comments/1l4bak8/will_itil_5_look_more_like_3_or_4/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri explains why IT maturity is the decisive factor in successful IT carve-outs. From dependency mapping to ITIL v3 governance and continuity stress testing, the episode shows how disciplined IT Service Management prevents disruption, cost overruns, and failed separations during complex enterprise transitions.In this episode, we answer to:Where is the real boundary between what IT owns and what a carved-out unit must take?What breaks first when a shared IT service disappears during a carve-out?Why does IT governance need to come before architecture and migration design?Resources Mentioned in this Episode: AvenDATA website, article "What is a carve-out and why is it important?", link https://avendata.com/blog/what-is-a-carve-out-and-why-does-it-matter Umbrex website, article "Stakeholder Alignment and Governance", https://umbrex.com/resources/carve-out-playbook/stakeholder-alignment-and-governance/ Invgate website, article "The most flexible no-code ITSM solution", link https://invgate.com/itsm/itil/itil-service-lifecycle Rezolve AI website, article "ITIL v3: Framework & Best Practices", link https://www.rezolve.ai/blog/itil-v3-framework-best-practices Alloy Software website, article "5 Stages of the ITIL Service Lifecycle: A Simple Guide to Better IT Service Management", link https://www.alloysoftware.com/blog/itil-lifecycle/ Eurostep website, article "Data carve-out best practices: Insights into streamlining data separation for business units", link https://www.eurostep.com/data-carve-out-best-practices-insights-into-streamlining-data-separation-for-business-units/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

HITRUST certification is not a shortcut to trust. In this episode of The ITSM Practice Podcast, Luigi Ferri explains why real success with HITRUST depends on operational maturity, disciplined processes, and ITIL 4 practices. Learn how process consistency, evidence, and repeatability are the true foundations of sustainable compliance and security.In this episode, we answer to:Why do many mid-size organizations fail HITRUST despite strong technical controls?How do ITIL 4 practices enable sustainable HITRUST certification?Which process maturity gaps block HITRUST readiness the most?Resources Mentioned in this Episode: HITRUST Alliance website, article "HITRUST CSF Framework overview", link https://hitrustalliance.net/hitrust-frameworkHITRUST Alliance website, article "HITRUST CSF Control Maturity Evaluation Guide", link https://hitrustalliance.net/hubfs/Download%20Center%20%2B%20Partner%20Content/Evaluating-Control-Maturity-Using-the-HITRUST-Approach.pdfSchneider Downs website, article "Complete Guide to HITRUST Certification", link https://schneiderdowns.com/guide-to-hitrust-certification/Tevora website, article "HITRUST Certification Top Strategies for Effective Evidence Collection", link https://www.tevora.com/resource/hitrust-certification-top-strategies-for-effective-evidence-collection/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, we explore what FISMA really means for midsize, cloud-native security teams. Using real-world scenarios, we explain why FISMA was built for federal systems, where it clashes with cloud responsibility models, and how a risk-based adoption strengthens governance without falling into compliance theatre.In this episode, we answer to:Do FISMA controls apply to cloud-native and SaaS-based environments?How can midsize companies use FISMA without full federal-style compliance?Why is risk-based adoption more effective than checklist compliance in the cloud?Resources Mentioned in this Episode: CISA website, Federal Information Security Modernization Act page, link https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-actNIST website, NIST Special Publication 800-53, link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdfSecureframe website, article "FISMA Compliance: What It Is and How to Achieve It", link https://secureframe.com/hub/nist-800-53/fisma-complianceSecurity Compass website, article "ISO 27001 vs NIST 800-53", link https://www.securitycompass.com/blog/iso-27001-vs-nist-800-53/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

As AI expands the security perimeter, CISOs face new questions about data, trust, and accountability. This episode explains how combining ISO/IEC 27001 and ISO/IEC 42001 creates a unified governance engine for information security and AI governance. Learn how mid-size organizations can turn AI risk, transparency, and compliance into a strategic advantage.In this episode, we answer to:How does AI change the traditional security perimeter defined by ISO 27001?Why is ISO 42001 essential to govern AI risk, fairness, and explainability?How can CISOs clearly explain to customers where AI uses and sends their data?Resources Mentioned in this Episode:De.iterate website, article "ISO 42001 Certification: Benefits, Challenges, and Real-World Applications", link https://deiterate.com/2025/02/26/iso-42001-certification-benefits-challenges-and-real-world-applications/Cherry Bekaert website, article "ISO 42001 vs. ISO 27001: Data Protection for Scaling Your Professional Services Firm", link https://www.cbh.com/insights/articles/data-protection-for-professional-services-firms/Mitratech website, article "ISO 42001 & AI Risk: Strengthen Third-Party Compliance", link https://mitratech.com/resource-hub/blog/iso-42001-ai-risk-strengthen-third-party-compliance/ Walter Haydock blog, article "How we implement ISO 42001 control A.10.3 and help clients do the same to manage AI vendor risk", link https://blog.stackaware.com/p/iso-42001-annex-a-control-10-3-supplier-risk-management Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri explains why PCI P2PE is not just encryption but a security-by-design discipline. Learn how point-to-point encryption eliminates clear-text card data, reduces breach impact, simplifies PCI compliance, and integrates with ITIL governance to protect trust from the first millisecond of payment.In this episode, we answer to:What is PCI P2PE and why is it critical for modern payment security and PCI DSS compliance?How does P2PE reduce breach exposure and change merchant compliance obligations?Why are governance, the PIM, and ITIL practices essential to keeping P2PE effective over time?Resources Mentioned in this Episode: PCI website, white paper "P2PE At a Glance", link https://www.pcisecuritystandards.org/documents/P2PE_At_a_Glance_v3.pdfPCI website, white paper "Point-to-Point Encryption", link https://www.pci-dss.gr/media/1934/p2pe_hybrid_v111.pdfPayway website, article "Protect Cardholder Data with P2PE", link https://www.payway.com/blog/how-to-keep-yourself-out-of-the-news-with-p2pe Bluefin website, article "What is Point-to-Point Encryption (P2PE)?", link https://www.bluefin.com/payment-security/pci-p2pe-faq/Ingenico website, article "3 Things to Know About P2PE v3.0", link https://ingenico.com/de/node/818Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri explains how ITIL v3 processes enable compliance with GSMA SAS-SM for secure eSIM provisioning. Discover how governance, service design, change, and continual improvement turn security from theory into an auditable, operational discipline in modern telecom environments.In this episode, we answer to:How can ITIL v3 processes support GSMA SAS-SM certification for eSIM management?What operational evidence is required to prove secure remote SIM provisioning?How do governance and continual improvement help maintain long-term SAS-SM compliance?Resources Mentioned in this Episode:GSMA website, article "Security Accreditation Scheme (SAS)", link https://www.gsma.com/solutions-and-impact/industry-services/assurance-services/security-accreditation-scheme-sas/GSMA website, article "eSIM Compliance", link https://www.gsma.com/solutions-and-impact/technologies/esim/compliance/IT Process Maps website, article "IT Security Management", link https://wiki.en.it-processmaps.com/index.php/IT_Security_Management?Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Why do mature ITSM programs still fail? This episode explores the hidden risks behind ITSM stagnation, loss of executive sponsorship, outdated KPIs, rigid processes, and misaligned culture. Learn how to sustain ITSM maturity through continual improvement, business-aligned metrics, leadership engagement, and evolution in the age of automation and AI.In this episode, we answer to:Why do mature ITSM programs fail despite successful ITIL adoption?How does loss of executive sponsorship undermine IT Service Management sustainability?How can ITSM processes and KPIs evolve to support automation, AI, and business agility?Resources Mentioned in this Episode:Keith D. Sutherland, Lawrence J. "Butch" Sheets, book "A Practical Guide to Service Management: Insights from industry experts for uncovering, implementing, and improving service management practices", link https://www.amazon.de/-/en/Keith-D-Sutherland/dp/1804612502TOPdesk website, article "5 ITSM implementation pitfalls to avoid", link https://www.topdesk.com/en/blog/itsm-implementation-pitfalls/ Sunrise website, article "Why ITSM implementations often fail?", link https://www.sunrisesoftware.com/blog/why-itsm-implementations-often-fail ITSM Tools website, article "10 Common ITSM Mistakes and How to Avoid Them", link https://itsm.tools/10-common-itsm-mistakes-and-how-to-avoid-them/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri moves from AI theory to execution, explaining how medium-sized organizations can define AI use cases, assess data and infrastructure, build skills, and scale pilot projects. The focus is on creating a practical AI roadmap for IT Service Management with measurable, sustainable outcomes.In this episode, we answer to:How can organizations identify the right AI use cases for IT Service Management?What data, infrastructure, and skills are required to scale AI initiatives successfully?How can IT leaders manage risks while building a realistic AI roadmap?Resources Mentioned in this Episode:How to Assess AI Readiness for Service Delivery, link https://theitsmpractice.gumroad.com/l/HowtoAssessAIReadinessforServiceDeliveryKPMG website, article "AI Governance: Factors for Success", link https://kpmg.com/de/en/home/insights/2025/04/ki-governance-these-are-the-factors-for-success.htmlIBM website, article "What is AI governance?", link https://www.ibm.com/think/topics/ai-governanceDeepchecks website, article "Understanding the AI Maturity Model: Advancing Your Organization’s AI Capabilities", link https://www.deepchecks.com/understanding-the-ai-maturity-model-advancing-your-organizations-ai-capabilities/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri explores AI readiness for service desks and ITSM in medium-sized organizations. Going beyond tools and automation, the discussion focuses on leadership, governance, culture, and skills needed to adopt and scale AI responsibly and align AI initiatives with real business value.In this episode, we answer to:Are medium-sized organizations really ready for AI in ITSM and service delivery?What does AI readiness mean beyond automation and technology?How can leaders assess governance, skills, and culture before adopting AI?Resources Mentioned in this Episode:How to Assess AI Readiness for Service Delivery, link https://theitsmpractice.gumroad.com/l/HowtoAssessAIReadinessforServiceDeliveryIMD website, article "AI Maturity Index", link https://www.imd.org/artificial-intelligence-maturity-index/Boston Consulting Group website, article "When Companies Struggle to Adopt AI, CEOs Must Step Up", link https://www.bcg.com/publications/2025/when-companies-struggle-to-adopt-ai-ceos-must-step-upCloud Security Alliance website, article "A Guide On How AI Pilot Programs are Shaping Enterprise Adoption", link https://cloudsecurityalliance.org/blog/2025/03/28/a-guide-on-how-ai-pilot-programs-are-shaping-enterprise-adoptionConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Learn how to build a solid GRC foundation for fintech growth in the EU. We break down governance, risk management, and compliance essentials to help startups scale, earn investor trust, and meet PSD2, GDPR, DORA, MiCA, AML expectations from day one.In this episode, we answer to:How do you set up an effective GRC framework for a fintech startup in the EU?Why must European fintechs prioritize compliance, risk, and governance early to scale safely?What roles, processes, and oversight are essential to meet PSD2, GDPR, DORA, AML requirements?Resources Mentioned in this Episode:European Central Bank (ECB) website, article "The PSD2 supports innovation and competition in retail payments … and enhances the security of payment transactions and the protection of consumer data.", link https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html?Deloitte website, article "The Revised Payment Services Directive (PSD2)", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/research/psd2-revised-payment-services-directive.html?European Parliament website, article "GDPR: Overview of the EU General Data Protection Regulation", link https://europa.eu/youreurope/business/dealing-with-customers/data-protection/data-protection-gdpr/index_en.htm?utm_source=chatgpt.comGerman BaFin website, article "Prevention of money laundering and terrorist financing", link https://www.bafin.de/EN/Aufsicht/Geldwaeschepraevention/geldwaeschepraevention_node_en.html?ESMA website, article "Official summary from authoritative EU sources: Digital Operational Resilience Act (DORA)", link https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora?ESMA website, article "Official overview by the European Securities and Markets Authority (ESMA): Markets in Crypto-Assets Regulation (MiCA)", link https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica?utm_source=chatgpt.comConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

A deep dive into BSI Grundschutz technical measures, systems, networks, applications, monitoring, and evidence-based security. Learn how to move from compliance to operational resilience and why German clients expect proof, not promises.In this episode, we answer to:How do BSI Grundschutz technical measures strengthen system, network, and application security?What evidence-based controls are required to prove resilience and compliance?How does Grundschutz compare to the NIST Cybersecurity Framework for SaaS and cloud environments?Resources Mentioned in this Episode: Eena 112 website, whitepaper "Cybersecurity Practical Approach", link https://eena.org/wp-content/uploads/2020_05_06_Cybersecurity_PracticalApproach.pdf BSI - German Federal Office for Information Security, publication "BSI Magazin", link https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Magazin/BSI-Magazin_2021-01.pdf?__blob=publicationFile&v=5 ACC Management Consulting, article "BSI - IT Baseline Protection: A Method for Information Security", link https://www.acc-management-consulting.de/bsi-grundschutz-isms BSI - German Federal Office for Information Security, WiBa tool, link https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/WiBA/WiBA_Tool_Excel.xlsx?__blob=publicationFile&v=2 Dr. Datenschutz website, article "The path to basic security for your IT", link https://www.dr-datenschutz.de/der-weg-in-die-basisabsicherung-fuer-ihre-it/ BSI - German Federal Office for Information Security, article + videos "Getting Started - Guidance and videos for raising awareness of cyber security", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/KMU/leichter_Einstieg/leichter_Einstieg_node.html Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

BSI Grundschutz is the hidden gatekeeper for U.S. companies entering Germany. This episode breaks down the organizational measures, from ISMS design to governance, staff security, and incident evidence, that shape compliance, build trust, and strengthen IT security maturity.In this episode, we answer to:What is BSI Grundschutz and why does it matter for U.S. companies expanding to Germany?How do organizational measures like ISMS, governance, and role clarity improve security and compliance?How does documenting incidents and responsibilities increase trust with German clients and regulators?Resources Mentioned in this Episode: Secureframe website, article "BSI IT-Grundschutz", link https://secureframe.com/frameworks-glossary/bsi-it-grundschutz Hisolutions website, article "BSI IT-Grundschutz", link https://www.hisolutions.com/security-consulting/informationssicherheit/bsi-it-grundschutz BSI - German Federal Office for Information Security, article "Advanced Protection", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/KMU/Expertise/Expertise_node.html BSI - German Federal Office for Information Security, article "IT-Grundschutz", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/it-grundschutz.html Secfix website, article "ISO 27001 und BSI-Grundschutz", link https://de.secfix.com/beitrag/iso-27001-bsi-grundschutz Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover why 70% of ITSM initiatives fail and how a strategic Service Management Office (SMO) transforms ITIL from theory into business value. Learn the six-step SMO blueprint, key metrics, and pitfalls to avoid to elevate ITSM maturity and governance.In this episode, we answer to:What is a Service Management Office and why is it critical for ITSM success?How do you build an SMO with governance, value alignment, and CIO-level sponsorship?Which metrics and maturity levels define real ITSM performance and business impact?Resources Mentioned in this Episode: Pink Elephant website, whitepaper "The IT Service Management Office", link https://www.pinkelephant.com/uploadedfiles/Resources/PinkPapers/The-IT-Service-Management-Office.pdf Littlefish website, article "Strategic Power of a Service Management Office (SMO)", link https://www.littlefish.co.uk/insights/service-management-office-smo/ IT Process Maps, article "ITIL Service Strategy", link https://wiki.en.it-processmaps.com/index.php/ITIL_Service_StrategyEcholon website, article "The importance of an effective ITIL® service strategy for success in IT service management", link https://www.echolon.de/en/blog/itil-it-service-strategy/Scrumprep website, article "Answering: Which metrics will help a Product Owner determine if a product is deliverying value?", link https://scrumprep.com/answering-which-metrics-will-help-a-product-owner-determine-if-a-product-is-delivering-value/ Value Delivery Metric website, video https://youtu.be/pjnkWgq7I6IITSM Tools website, article "The Making of an IT Service Management (ITSM) Maturity Model", link https://itsm.tools/the-making-of-a-maturity-model-an-approach-to-culture-and-client-support/ Navvia website, whitepaper "The Making of an IT Service Management (ITSM) Maturity Model", link https://navvia.com/hubfs/MKTG Folder/Learn center - Courses Slides/SMO Service Management Office -Slides.pdf Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri dives into Financial Modelling for ITIL-based services — the key to shifting IT from a cost center to a value creator. Learn how Activity-Based Costing (ABC), Unit Costing, Lifecycle Costing, and Showback Models can transform IT governance, pricing clarity, and business alignment in IT Service Management (ITSM).In this episode, we answer to:How can IT leaders connect services, costs, and value in ITIL-based organizations?Which financial models (ABC, Unit Cost, Lifecycle) fit your ITSM strategy best?How can financial transparency turn IT from “too expensive” to a strategic partner?Resources Mentioned in this Episode:PeopleCert website, article "ITIL 4 Value Streams Doing Right Things for Customers", link https://www.axelos.com/resource-hub/blog/itil-4-value-streams-doing-right-things-for-customers QRP website, article "ITIL 4 Service Value Chain and Value Stream", link https://www.qrpinternational.be/blog/it-governance-and-service-management/service-value-chain-and-value-stream/ IT Process Map website, article "Financial Management", link https://wiki.en.it-processmaps.com/index.php/Financial_Management PMI website, article "Activity Based Costing (ABC)", link https://www.projectmanagement.com/wikis/232994/activity-based-costing--abc- Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Regional banks face extinction if they don’t evolve. In this episode, Luigi Ferri explains how AI, automation, and customer-driven innovation are redefining digital banking. Learn from Luigi Ferri why “trust” is no longer enough and how agentic banking will shape the future of finance by 2035.In this episode, we answer to:Is AI driving banking transformation, or are customers in control?What is the future of regional banks in the age of agentic AI?How can traditional banks survive digital disruption and customer flight?Resources Mentioned in this Episode:Spherical Insights, article "Global AI Agents In Financial Services Market To Exceed USD 19890.2 Million By 2035 | CAGR 40.03%", link https://www.sphericalinsights.com/press-release/ai-agents-in-financial-services-marketGlobal Banking and Finance website, article "Banking in 2035 How Emerging Technologies Will Transform the Way We Bank", link https://www.globalbankingandfinance.com/banking-in-2035-how-emerging-technologies-will-transform-the-way-we-bank/ CIO Africa website, article "How Edge Computing Is Transforming Banking", link https://cioafrica.co/how-edge-computing-is-transforming-banking/World Economic Forum website, article "How Agentic AI will transform financial services with autonomy, efficiency and inclusion", link https://www.weforum.org/stories/2024/12/agentic-ai-financial-services-autonomy-efficiency-and-inclusion/ Money Vehicle website, article "Digital Banking 2024: Exploring the Evolution and Its Impacts", link https://yourmoneyvehicle.com/banking/digital-banking-2024-exploring-the-evolution-and-its-impacts/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode, Luigi Ferri compares two pillars of cloud security compliance: BSI C5 (Germany) and NIST SP 800-53 (USA). Discover how global banks can harmonize compliance, cut costs, and focus on real security over bureaucracy. Learn how ITSM and IT security teams can transform audit frameworks into governance tools that truly add value.In this episode, we answer to:How can global banks manage cloud compliance across BSI C5 and NIST SP 800-53 without duplicating effort?What are the key differences and overlaps between BSI C5 and NIST SP 800-53?Does compliance really improve security — or just increase documentation?Resources Mentioned in this Episode: German Federal Office for Information Security website, article "Criteria catalogue C5", link https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/kriterienkatalog-c5_node.html Securance website, article "What is BSI C5?", link https://audit-professionals.de/bsi-c5/ CyberSaint Security website, article "What is NIST SP 800-53?", link https://www.cybersaint.io/blog/what-is-nist-800-53 6 Clicks website, article "Comparison between NIST Cybersecurity Framework (CSF) and NIST SP 800-53", link https://www.6clicks.com/resources/comparisons/nist-cybersecurity-framework-csf-vs-nist-sp-800-53 Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

AI is transforming banking, but so are the rules. In this episode, Luigi Ferri explores how the Artificial Intelligence Control Matrix (AICM) helps financial institutions navigate complex compliance frameworks like ISO 42001, NIST AI RMF, and the EU AI Act, while staying secure and cost-efficient. Discover how to simplify AI governance, reduce audit fatigue, and protect your organization from model poisoning and adversarial risks.In this episode, we answer to:How can banks use AI while managing overlapping regulations and compliance frameworks?What new AI threats (like model poisoning and adversarial inputs) are traditional controls missing?How does the Artificial Intelligence Control Matrix (AICM) simplify compliance and strengthen AI security?Resources Mentioned in this Episode:Alphasec website, article "CSA AI Controls Matrix: A Sneak Preview", link https://alphasec.io/csa-ai-controls-matrix-a-sneak-preview/ Clarendon Partners website, whitepaper "AI Controls in Financial Services", link https://www.clarendonptrs.com/s/05_03_24_AI_Controls_in_Financial_Services_Clarendon_Partners_GRC_Ebook_Compressed.pdf Bank for International Settlements website, whitepaper "Regulating AI in the financial sector: recent developments and main challenges", link https://www.bis.org/fsi/publ/insights63.htm Cloud Security Alliance website, whitepaper "AICM mapping to NIST 600-1", link https://cloudsecurityalliance.org/artifacts/aicm-mapping-to-nist-600-1 Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how Luigi Ferri explains how Process Mining in ITSM transforms service delivery by revealing real workflows hidden behind your dashboards. Learn how to eliminate bottlenecks, prevent SLA breaches, and align your Service Catalogue with reality. Turn ITSM data into actionable insights for compliance, automation, and continuous improvement.In this episode, we answer to:What’s the real difference between Process Mining and Task Mining in ITSM?How can Process Mining prevent SLA breaches and improve service performance?How does Process Mining enhance Service Catalogue accuracy and ensure compliance with ISO standards?Resources Mentioned in this Episode: Process Science website, article "Process Mining in IT services", link https://www.process-science.com/use-cases/it-servicesMindzie website, article "Top Benefits of Process Mining: Optimize, Analyze, Automate", link https://mindzie.com/process-mining-software/process-mining-benefits/Celonis website, article "5 Benefits of Using Process Mining for IT Service Management", link https://www.celonis.com/blog/5-benefits-of-using-process-mining-for-it-service-management/ Atlassian website, article "Process Mining Analyze and Optimize Jira Workflows and Processes", link https://community.atlassian.com/forums/App-Central-articles/Process-Mining-Analyze-and-Optimize-Jira-Workflows-and-Processes/ba-p/2768242 Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice, Luigi Ferri explores ISO/IEC 27001:2022 Control 5.3 – Segregation of Duties (SoD). Learn how to reduce risk, design accountability, and strengthen your ISMS with actionable SoD strategies, especially in ITIL 4 environments. Master RBAC, role clarity, and audit readiness to build trust into your IT processes by design.In this episode, we answer to:How does ISO 27001:2022 Control 5.3 define and implement Segregation of Duties?What are effective ways to apply RBAC and SoD in small or resource-limited teams?How can organizations monitor, log, and prove SoD compliance for audits?Resources Mentioned in this Episode:ISMS-Online, article "ISO 27001:2022 Annex A 5.3 – Segregation of duties", link https://de.isms.online/iso-27001/annex-a/5-3-segregation-of-duties-2022/ Morgan Hill website, template "ISO/IEC 27002:2022 | 5.3 - Segregation of Duties Policy Template", link https://morganhillcg.com/blog/item/iso-iec-27002-2022-5-3-segregation-of-duties-policy-template-2 HighTable, article "The Ultimate Guide to ISO 27001:2022 Clause 5.3: Organisational Roles, Responsibilities and Authorities", link https://hightable.io/iso-27001-clause-5-3-organisational-roles-responsibilities-and-authorities/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

The Value Management Office: Moving from Work to Worth. Is your IT team busy… but not sure if it’s delivering real value? In this episode, we uncover how a Value Management Office (VMO) helps organizations shift from tracking activity to measuring true business outcomes. Learn how ITIL 4, value stream mapping, and outcome-based metrics transform IT into a strategic value partner.Maximize value. Align strategy. Prove impact.In this episode, we answer to:What is a Value Management Office (VMO) and how does it differ from a PMO?How does ITIL 4 enable a modern, outcome-focused VMO?What value-based metrics should you track to align IT with business goals?Resources Mentioned in this Episode:Axelos / PeopleCert, article "The Service Management Office and ITIL 4", link https://www.axelos.com/resource-hub/blog/the-service-management-office-and-itil-4 ITSM Tools, article "ITIL 4 Service Value System (SVS) Explained: Guiding Principles, Practices, and Service Value Chain", link https://itsm.tools/the-itil-4-service-value-system-explained/ Simpliaxis, article "Four Dimensions of ITIL Service Management", link https://www.simpliaxis.com/resources/four-dimensions-of-itil-service-management Pink Elephant, guide "The IT Service Management Office", link https://www.pinkelephant.com/uploadedfiles/Resources/PinkPapers/The-IT-Service-Management-Office.pdf BMC, guide "VMO Vendor Management Office", link https://blogs.bmc.com/vmo-vendor-management-office/?print-posts=pdf ITSM Group, article "Value Stream Mapping", link https://www.itsmgroup.com/en/topics/value-stream-mapping Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how ISO 31000 transforms risk from a compliance task into a shared decision-making mindset. In just 8 minutes, learn how to embed risk-aware thinking across IT, business continuity, cybersecurity, and operations—boosting confidence, clarity, and adaptability in every decision.In this episode, we answer to:What makes ISO 31000 different from other risk management standards?How can organizations embed risk thinking into daily decisions?How does ISO 31000 integrate with ISO 27005, ISO 22301, and ISO 31010?Resources Mentioned in this Episode:ISO 31000 Standard, link https://www.iso.org/standard/65694.htmlPirani, article "ISO 31000 Simplified: Elevate Your Risk Strategy", link https://www.piranirisk.com/blog/iso-31000 ISO, guide "ISO 31000 Risk Management", link https://thaiindustrialoffice.files.wordpress.com/2016/02/iso_31000_for_smes.pdf Global Suite, article "ISO 31000: The standard that helps you manage risks", link https://www.globalsuitesolutions.com/what-is-iso-31000-standard-and-what-is-its-purpose/ Ideagen, article "Principles of risk management explained", link https://www.ideagen.com/thought-leadership/blog/principles-of-risk-management-explained Advisera, article "What is ISO 31000?", link https://advisera.com/articles/what-is-iso-31000/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how to align BIAN Service Domains with ITIL 4's Service Value System to transform your static CMDB into a dynamic capability governance model. Learn how to drive business value, enable composable architecture, and build accountability in IT services. A must-listen for anyone in Enterprise Service Management, IT Governance, or Banking IT Architecture.In this episode, we answer to:What is BIAN and how do Service Domains enable composable banking architecture?How can ITIL 4’s Service Value System enhance governance and ownership in IT?Why is capability-based ownership better than traditional CMDB tracking?Resources Mentioned in this Episode: BIAN Official Website, article "Service Landscape", link https://bian.org/deliverables/service-landscape/Fusion5, article "Life of BIAN", link https://www.fusion5.com/nz/integration-services/blogs/what-is-bianMamta Sarangal BIAN Chief Architect, article "The Role of Service Domain Specialization in Adopting BIAN - Banking Industry Reference Architecture.", link https://www.linkedin.com/pulse/role-service-domain-specialization-adopting-bian-banking-sarangal-xd35c/Sprintzeal, article "Service Value System in ITIL 4 Explained in Detail", link https://www.sprintzeal.com/blog/service-value-systemBIAN document "BIAN Semantic API Pactitioner Guide V8.1 Final", link https://bian.org/wp-content/uploads/2024/12/BIAN-Semantic-API-Pactitioner-Guide-V8.1-FINAL.pdfConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In Part 2 of this essential discussion, we move from theory to practice. You’ll learn how to integrate security into service management using frameworks like ITIL, practical change controls, and unified incident response plans.Discover the culture shift needed to make ITSM and security teams collaborate effectively. Learn how to embed security into change management workflows and why continuous improvement cycles are key to resilience in a fast-moving threat landscape.In this episode, we answer to:How can ITIL help integrate security into day-to-day operations?What strategies ensure successful collaboration between ITSM and cybersecurity?How do change management and incident response reduce security risks?Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In Part 1 of this powerful two-part series, we break down the foundational link between IT Security and IT Service Management (ITSM). You'll discover how service management processes such as incident handling, asset visibility, and change control provide the essential structure that cybersecurity needs to succeed.IT Security is not a silo. It depends on the operational strength of ITSM to manage risk, respond to threats, and ensure compliance. Learn why neglecting ITSM weakens your entire security posture and what steps to take first.In this episode, we answer to:What is the fundamental relationship between IT Security and IT Service Management?Why is asset management critical to both cybersecurity and ITSM?What are the risks of managing IT security without service processes?Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Struggling to prove the value of your cybersecurity efforts? In this episode of The ITSM Practice, Luigi Ferri shows how to turn cybersecurity metrics into business assets. Learn why measuring outcomes—not just activities—can elevate security from cost center to competitive advantage.In this episode, we answer to:What should you measure to show cybersecurity effectiveness in business terms?How do ISO 27001 and NIST CSF influence security KPIs and KRIs?How can vendor risk be quantified using security ratings?Resources Mentioned in this Episode:Safe website, article "Aligning IT and Cybersecurity: The Missing Piece in Business Alignment", link https://safe.security/resources/blog/aligning-it-cybersecurity/ Microsoft Security website, article "Overview of critical asset management", link https://learn.microsoft.com/en-us/security-exposure-management/critical-asset-management Bitsight website, article "Third-Party Cyber Risk Assessments", link https://www.bitsight.com/glossary/third-party-cyber-risk-assessment ISMS.online website, article "How to Track ISO 27001 Milestones and Measure Success", link https://www.isms.online/iso-27001/how-to-track-iso-27001-milestones-and-measure-success/ ISACA Germany website, guideline "KPI Guide 2024", link https://www.isaca.de/images/Publikationen/Leitfaden/ISACA_KPI_Guide_2024.pdf HighTable website, article "ISO 27001 Monitoring, Measurement, Analysis, Evaluation: Clause 9.1", link https://hightable.io/iso-27001-clause-9-1-monitoring-measurement-analysis-evaluation-essential-guide/ Rikkeisoft website, article "Data-Driven Security: Transforming Protection Through Analytics", link https://rikkeisoft.com/th/blog-th/data-driven-security-transforming-protection-through-analytics/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Agentic AI is here, learning, deciding, and acting without human approval. But is your organization mature enough to secure it? In this episode, we explore how to align AI autonomy with tailored security controls using NIST maturity tiers and ISO frameworks.In this episode, we answer to:What makes agentic AI different from traditional automation?Why can’t existing controls fully secure autonomous systems?How should your AI security evolve with your maturity level?Resources Mentioned in this Episode:KOVRR website, article "Cybersecurity Maturity Model Implementation: A How-To Get Started Guide", link https://www.kovrr.com/blog-post/cybersecurity-maturity-model-implementation---a-how-to-get-started-guide Lindiwe Matlali, article "The Hidden Risks of Agentic AI: How Autonomous Systems Could Be Exploited and How to Defend Against Them", https://www.linkedin.com/pulse/hidden-risks-agentic-ai-how-autonomous-systems-could-defend-matlali-cekue Forbes, article "Overcoming Cybersecurity Challenges In Agentic AI". link https://www.forbes.com/sites/tonybradley/2025/03/26/overcoming-cybersecurity-challenges-in-agentic-ai/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how to reduce call center costs without damaging customer trust. In this episode of The ITSM Practice, Luigi Ferri shares strategic insights on balancing automation, training, remote work, and compliance for long-term value. Make savings without losing meaning.In this episode, we answer to:How can organizations reduce call center costs without harming customer relationships?What are the hidden costs in call centers that leaders often overlook?Where should automation begin to improve service and efficiency?Resources Mentioned in this Episode:WOW24-7 website, article "How Much Does It Cost to Outsource Customer Service?", link https://wow24-7.com/blog/how-much-do-different-call-centers-cost-for-outsourcing-call-center-outsourcing-cost-comparison-2 Zoom website, article "What is call center compliance? Guide for 2025", link https://www.zoom.com/en/blog/call-center-compliance/ The Recruitment Co website, article "The Case for Remote Working in Contact Centre Workforces", link https://therecruitmentco.uk/the-case-for-remote-working-in-contact-centre-workforces/ KnowMax website, article "9 Actionable Tips for Call Center Cost Reduction", link https://knowmax.ai/blog/call-center-cost-reduction/ Kommunicate website, article "Putting the ‘Service’ in Self-Service: AI that Solves Problems", link https://www.kommunicate.io/blog/ai-self-service-for-customer-support/ Contact Point 3610 website, article "The Benefits of Speech Analytics in Improving Call Center Performance" link https://contactpoint360.com/blog/speech-analytics-for-contact-centers/ CX Today website, article "The Evolution of Generative AI Regulations: Preparing your Contact Center", link https://www.cxtoday.com/contact-center/the-evolution-of-generative-ai-regulations-preparing-your-contact-center-content-guru/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

A project that met every milestone, but left users unchanged. In this episode, we reveal why real success isn’t measured by delivery but by perception. Discover how top project leaders manage meaning, not just metrics.In this episode, we answer to:How do you define project success beyond KPIs and timelines?Why is stakeholder perception more important than status reports?What practical steps help uncover silent misalignment in projects?Resources Mentioned in this Episode:Project Management Institute, article "Managing Perceptions for Project Success: How Stakeholders Shape Reality", link https://www.pmi.org/blog/managing-perceptions-for-project-success Science Direct - Elsevier, article "Different stakeholder groups and their perceptions of project success", link https://www.sciencedirect.com/science/article/pii/S0263786313000276 IRMBR website, article "Relationship between Stakeholders Perceptions of Project Success and Project Planning", link https://irmbrjournal.com/paper_details.php?id=821 Institute Project Management, article "Strategic Narratives: Enhancing Project Management with Storytelling Techniques", link https://instituteprojectmanagement.com/blog/strategic-narratives-enhancing-project-management-with-storytelling-techniques/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover why shifting from traditional process maps to value stream mapping transforms ITSM. Luigi Ferri explains how VSM breaks silos, aligns IT with business value, and improves service visibility. Learn how to expose waste, measure impact, and build flow-focused culture in modern organizations.In this episode, we answer to:What is the difference between process maps and value stream mapping in ITSM?How does value stream thinking align IT services with business outcomes?What challenges do organizations face when adopting VSM, and how can they overcome them?Resources Mentioned in this Episode:Digicomp website, article "What is Value Stream Mapping?", link https://digicomp.ch/blog/2020/02/25/value-stream-mapping-in-itil-4 Luigi Ferri, article "Embracing the Shift: How Value Stream Mapping Enhances ITIL's Lifecycle Approach", link https://www.linkedin.com/pulse/embracing-shift-how-value-stream-mapping-enhances-itils-luigi-ferri Serview website, article "Breaking down silos: Value Streams in ITIL® 4", link https://en.serview.de/blog/blast-silos-value-troughs-in-itilr-4 Digital AI website, article "SAFe® Value Stream Mapping Software", link https://digital.ai/solutions/safe-scaled-agile-framework/ Lean Enterprise Institute, article "Value Stream Mapping", link https://www.lean.org/lexicon-terms/value-stream-mapping/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover why post-quantum cryptography is urgent for regulated industries. Learn how to protect long-term data, start cryptographic inventory, and align with evolving national strategies. This episode offers a clear, actionable roadmap for future-proofing your digital identity and systems.In this episode, we answer to:How can organizations start preparing for post-quantum cryptography migration?What risks are already present due to “Harvest Now, Decrypt Later” tactics?Why must regulated industries prioritize public key infrastructure upgrades now?Resources Mentioned in this Episode:Quintessence Labs website, article "Global Risk Institute Quantum Threat Timeline Report 2024", link https://info.quintessencelabs.com/hubfs/PDFs/Global-Risk-Institute-Quantum-Threat-Timeline-Report-2024.pdf Appviewx website, article "The UK’s National Cyber Security Centre Presents Timeline and Roadmap for PQC Migration", link https://www.appviewx.com/blogs/the-uks-national-cyber-security-centre-presents-timeline-and-roadmap-for-pqc-migration/ CISA website, article "CISA Insight Post Quantum Cryptography", link https://www.cisa.gov/sites/default/files/publications/cisa_insight_post_quantum_cryptography_508.pdf Pqshield website, article "NCSC guidance on planning your PQC migration", link https://pqshield.com/ncsc-guidance-on-planning-your-pqc-migration/ Crypto Vision Website, article "EVIDEN PQC Migration Guide", link https://www.cryptovision.com/wp-content/uploads/2023/05/EVIDEN-PQC-Migration-Guide.pdf Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Confusing a security strategy with a strategic plan leads to failure. In this episode, Luigi Ferri breaks down the core differences, revealing seven pillars of a winning security strategy, from governance and threat intelligence to resilience. Learn how to shift from vague intentions to real impact.In this episode, we answer to:What is the difference between a security strategy and a strategic plan?What are the seven essential elements of a credible security strategy?How do you move from vision to measurable execution in cybersecurity?Resources Mentioned in this Episode:iSHIFT website, article "Cybersecurity 101: A Plan is Not a Strategy, and a Strategy is Not a Plan", link https://www.ishift.net/cybersecurity-strategy-and-plan/ Diceus website, article "IT security strategy: Essentials you should know to create an effective plan", link https://diceus.com/it-security-strategy-plan/ Atriade website, article "The 7 Elements of an Effective Security Plan", link https://atriade.com/seven-elements-of-physical-security-plan/ QTech website, article "The 7 Key Components of a Robust Cybersecurity Strategy", link https://www.q-tech.org/the-7-key-components-of-a-robust-cybersecurity-strategy/ Pathlock website, article "Continuous Monitoring: What You Need to Know and How to Start in 5 Steps", link https://pathlock.com/learn/continuous-monitoring/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Agentic AI is redefining IT Service Management with autonomous decision-making, intelligent workflow orchestration, and continuous learning. In this episode, we explore how AI transforms service desks into predictive ecosystems, boosts performance, and challenges organizational readiness, ethics, and governance.In this episode, we answer to:What makes Agentic AI different from traditional automation in ITSM?How can organizations govern AI decisions in service management?Are your ITSM processes ready to be trusted by autonomous systems?Resources Mentioned in this Episode:Forrester website, article "Let The Service Management Agentic AI Race Begin", link https://www.forrester.com/blogs/let-the-service-management-agentic-ai-race-begin/ Aisera website, article "Agentic AI in IT Service Management (ITSM)", link https://aisera.com/blog/agentic-ai-itsm/ Rezolve.ai website, article "Why Agentic AI Tools Are the Future of Incident and Service Requests?", link https://www.rezolve.ai/blog/agentic-ai-incident-and-service-requests Sprinklr website, article "The AI-first unified platform for front-office teams", link https://www.sprinklr.com/blog/agentic-ai/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Outsourced development is growing, but ISO 27001 Annex A 8.30 ensures you don’t outsource control. In this episode, we explain how to secure external software development, from vendor audits to contract clauses and compliance risks. Learn practical steps to protect your business.In this episode, we answer to:How can ISO 27001 Annex A 8.30 secure outsourced development?What security questions should you ask every software vendor?How do you turn contracts into enforceable cybersecurity controls?Resources Mentioned in this Episode: HighTable, article "ISO 27001 Annex A 8.30 Outsourced Development", link https://hightable.io/iso27001-annex-a-8-30-outsourced-development/ ISMS.online website, article "ISO 27001:2022 Annex A 8.30 – Outsourced Development", link https://www.isms.online/iso-27001/annex-a/8-30-outsourced-development-2022/ ISMS.online website, article "ISO 27002:2022 – Control 8.30 – Outsourced Development", link https://www.isms.online/iso-27002/control-8-30-outsourced-development/ GRC Mana website, article "ISO 27001 Annex A 8.30: A Step-by-Step Guide", link https://www.grcmana.io/blog/iso-27001-annex-a-8-30-outsourced-development Advisera website, article "Big guide to ISO 27001 clauses — How is this standard structured?", link https://advisera.com/iso27001/control-8-30-outsourced-development/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how Enterprise Architecture in healthcare helps government hospitals improve patient safety, system resilience, and operational efficiency. Learn the five EA pillars driving digital transformation, compliance, and innovation—critical for Managed Service Providers too.In this episode, we answer to:How can Enterprise Architecture reduce IT outages in hospitals?What risks do Managed Service Providers face without solid architecture?How does EA help align IT with national healthcare goals?Resources Mentioned in this Episode:Sparx Systems website, article "The Case for Enterprise Architecture in the Government", link https://trerado.sparxsystems.com/resources/eaglobalsummit-2024/the-case-for-enterprise-architecture-in-the-government/ SCW website, article "How Enterprise Architecture plays a vital role in navigating the NHS’s future", link https://scwcsu.nhs.uk/news-and-views/blog/how-enterprise-architecture-plays-a-vital-role-in-navigating-the-nhs-s-future iTrobes website, article "ERP For Hospitals – A Complete Guide", link https://www.itrobes.com/hospital-management-erp-software/ SAP website, article "Enterprise Architecture Maturity Models & Assessment", link https://www.leanix.net/en/wiki/ea/enterprise-architecture-maturity-stages-and-assessment Confiz website, article "Building service excellence: 6 pillars of Managed Services Framework", link https://www.confiz.com/blog/building-service-excellence-6-pillars-of-managed-services-framework/ Ardoq website, article "What Is Enterprise Security Architecture? The Complete Guide to More Holistic Risk Management", link https://www.ardoq.com/knowledge-hub/enterprise-security-architecture ValueBlue website, article "Top 10 Benefits of Enterprise Architecture for Your Business", link https://www.valueblue.com/blog/top-10-benefits-of-enterprise-architecture-for-your-business Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how PCI DSS can become more than just a compliance checklist. This episode explores PCI DSS as a strategic tool to build digital trust, prevent fraud, and unify your security approach. Learn why treating it as a living framework, not a box-ticking task—can transform your security posture.In this episode, we answer to:What are the core PCI DSS requirements most organizations fail to meet?Why should PCI DSS be treated as a continuous strategy, not a one-time audit?Who is actually in scope for PCI DSS, and why does size not exempt you?Resources Mentioned in this Episode:TechTarget website, article "What is PCI DSS (Payment Card Industry Data Security Standard)?", link https://www.techtarget.com/searchsecurity/definition/PCI-DSS-Payment-Card-Industry-Data-Security-Standard Stripe website, article "What is PCI DSS compliance?", link https://stripe.com/guides/pci-compliance Bridewell website, article "Who Needs to Be PCI DSS Compliant?" link https://www.bridewell.com/insights/blogs/detail/who-needs-to-be-pci-dss-compliant AuditBoard website, article "The 12 PCI DSS Compliance Requirements: What You Need to Know", link https://www.auditboard.com/blog/pci-dss-requirements/ Exabeam website, article "What Is PCI Compliance? The 12 Requirements", link https://www.exabeam.com/explainers/pci-compliance/pci-compliance-a-quick-guide/ Sprinto website, article "Who Must Comply with PCI DSS? Payment Security Explained", link https://sprinto.com/blog/to-whom-does-pci-dss-apply/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how FinTechs can shift from project-driven IT to a product-centric model that enables continuous value delivery. Learn key strategies for CIOs to build agile, cross-functional teams and redesign governance. Are your teams truly product-led or just rebranded project squads?In this episode, we answer to:How can FinTech CIOs enable a shift from projects to products?What does a product-led operating model look like in FinTech?How can teams self-assess their product-readiness?Resources Mentioned in this Episode:CIO.com website, article "Making the shift to product-based IT", link https://www.cio.com/article/219649/making-the-shift-to-product-based-it.htmlErnst & Young website, article "How a product-driven IT operating model can help reimagine banking", link https://www.ey.com/en_us/insights/banking-capital-markets/how-a-product-driven-it-model-can-reimagine-bankingGartner website, article "IT Organization Design Roadmap: How to Shift from Project to Product", link https://www.gartner.com/en/publications/it-org-design-project-to-product-roadmapConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Explore how ISO/IEC 42001 sets the standard for responsible, ethical, and secure AI use. Learn how it aligns AI governance with business strategy, mitigates risks, and fosters innovation through transparency and trust.In this episode, we answer to:Why do organizations need a specific standard for AI governance?What are the core components of ISO/IEC 42001 and how do they work in practice?How does aligning with ISO 42001 impact innovation and business trust?Resources Mentioned in this Episode:ISMS.online website, article "Understanding ISO 42001 and Demonstrating Compliance", link https://www.isms.online/iso-42001/ Schellman website, article "How to Assess and Treat AI Risks and Impacts with ISO/IEC 42001:2023", link https://www.schellman.com/blog/iso-certifications/how-to-assess-and-treat-ai-risks-and-impacts-with-iso42001Scytale website, article "Exploring the Role of ISO/IEC 42001 in Ethical AI Frameworks", link https://scytale.ai/resources/exploring-the-role-of-iso-iec-42001-in-ethical-ai-frameworks/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

ISO 20022 is reshaping global payments with rich, structured data, offering enhanced compliance, operational efficiency, and new revenue possibilities. As the 2025 deadline nears, financial institutions must modernize systems, reduce risks, and unlock powerful analytics. Ready or not, change is here.In this episode, we answer to:What happens if you’re not ISO 20022-compliant by November 2025?How does ISO 20022 improve payment data quality and analytics?What are the key phases to successfully transition your systems?Resources Mentioned in this Episode:StoneX website, article "STS – ISO 20022: A Global Shift in Cross-Border Payments", link https://www.stonex.com/en/thought-leadership/02-03-2025-sts-iso-20022/SWIFT website, article "ISO 20022 for Financial Institutions: Focus on Payments Instructions", link https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructionsS&P Global Market Intelligence website, article "ISO 20022 Adoption Poses Challenges and Presents Opportunities", link https://www.spglobal.com/market-intelligence/en/news-insights/research/iso-20022-adoption-poses-challenges-and-presents-opportunitiesErnst & Young website, article "Nine Considerations for ISO 20022 Migration", link https://www.ey.com/en_gl/insights/banking-capital-markets/nine-considerations-for-iso-20022-migrationConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In today’s episode of The ITSM Practice, we explore the future of project management in an AI-driven world. How can project managers stay relevant when AI plans, flags risks, and analyzes moods? Discover how emotional intelligence, critical thinking, and ethical leadership shape the next generation of project leaders. In this episode, we answer to: How should project managers adapt when AI starts shaping decisions? What skills will make project managers future-proof in an AI-driven environment? How can we trust AI tools without losing human judgment and leadership?Resources Mentioned in this Episode:PMI Blog, article “Preparing Project Managers for an AI-Driven Future”, link https://www.pmi.org/blog/preparing-project-managers-for-an-ai-driven-futureAtlassian website, article “How to utilize AI for project management”, link https://www.atlassian.com/work-management/project-management/ai-project-managementPPM Express website, article “The Future of AI in Project Management: Trends and Innovations”, link https://ppm.express/blog/the-future-of-ai-in-project-management-trends-and-innovations/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya