The ITSM Practice: Elevating ITSM and IT Security Knowledge

As AI expands the security perimeter, CISOs face new questions about data, trust, and accountability. This episode explains how combining ISO/IEC 27001 and ISO/IEC 42001 creates a unified governance engine for information security and AI governance. Learn how mid-size organizations can turn AI risk, transparency, and compliance into a strategic advantage.

In this episode, we answer to:
How does AI change the traditional security perimeter defined by ISO 27001?
Why is ISO 42001 essential to govern AI risk, fairness, and explainability?
How can CISOs clearly explain to customers where AI uses and sends their data?

Resources Mentioned in this Episode:
De.iterate website, article "ISO 42001 Certification: Benefits, Challenges, and Real-World Applications", link https://deiterate.com/2025/02/26/iso-42001-certification-benefits-challenges-and-real-world-applications/

Cherry Bekaert website, article "ISO 42001 vs. ISO 27001: Data Protection for Scaling Your Professional Services Firm", link https://www.cbh.com/insights/articles/data-protection-for-professional-services-firms/

Mitratech website, article "ISO 42001 & AI Risk: Strengthen Third-Party Compliance", link https://mitratech.com/resource-hub/blog/iso-42001-ai-risk-strengthen-third-party-compliance/

Walter Haydock blog, article "How we implement ISO 42001 control A.10.3 and help clients do the same to manage AI vendor risk", link https://blog.stackaware.com/p/iso-42001-annex-a-control-10-3-supplier-risk-management

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri explains why PCI P2PE is not just encryption but a security-by-design discipline. Learn how point-to-point encryption eliminates clear-text card data, reduces breach impact, simplifies PCI compliance, and integrates with ITIL governance to protect trust from the first millisecond of payment.

In this episode, we answer to:
What is PCI P2PE and why is it critical for modern payment security and PCI DSS compliance?
How does P2PE reduce breach exposure and change merchant compliance obligations?
Why are governance, the PIM, and ITIL practices essential to keeping P2PE effective over time?

Resources Mentioned in this Episode:
PCI website, white paper "P2PE At a Glance", link https://www.pcisecuritystandards.org/documents/P2PE_At_a_Glance_v3.pdf

PCI website, white paper "Point-to-Point Encryption", link https://www.pci-dss.gr/media/1934/p2pe_hybrid_v111.pdf

Payway website, article "Protect Cardholder Data with P2PE", link https://www.payway.com/blog/how-to-keep-yourself-out-of-the-news-with-p2pe

Bluefin website, article "What is Point-to-Point Encryption (P2PE)?", link https://www.bluefin.com/payment-security/pci-p2pe-faq/

Ingenico website, article "3 Things to Know About P2PE v3.0", link https://ingenico.com/de/node/818

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri explains how ITIL v3 processes enable compliance with GSMA SAS-SM for secure eSIM provisioning. Discover how governance, service design, change, and continual improvement turn security from theory into an auditable, operational discipline in modern telecom environments.

In this episode, we answer to:
How can ITIL v3 processes support GSMA SAS-SM certification for eSIM management?
What operational evidence is required to prove secure remote SIM provisioning?
How do governance and continual improvement help maintain long-term SAS-SM compliance?

Resources Mentioned in this Episode:
GSMA website, article "Security Accreditation Scheme (SAS)", link https://www.gsma.com/solutions-and-impact/industry-services/assurance-services/security-accreditation-scheme-sas/

GSMA website, article "eSIM Compliance", link https://www.gsma.com/solutions-and-impact/technologies/esim/compliance/

IT Process Maps website, article "IT Security Management", link https://wiki.en.it-processmaps.com/index.php/IT_Security_Management?

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

Why do mature ITSM programs still fail? This episode explores the hidden risks behind ITSM stagnation, loss of executive sponsorship, outdated KPIs, rigid processes, and misaligned culture. Learn how to sustain ITSM maturity through continual improvement, business-aligned metrics, leadership engagement, and evolution in the age of automation and AI.

In this episode, we answer to:
Why do mature ITSM programs fail despite successful ITIL adoption?
How does loss of executive sponsorship undermine IT Service Management sustainability?
How can ITSM processes and KPIs evolve to support automation, AI, and business agility?

Resources Mentioned in this Episode:
Keith D. Sutherland, Lawrence J. "Butch" Sheets, book "A Practical Guide to Service Management: Insights from industry experts for uncovering, implementing, and improving service management practices", link https://www.amazon.de/-/en/Keith-D-Sutherland/dp/1804612502

TOPdesk website, article "5 ITSM implementation pitfalls to avoid", link https://www.topdesk.com/en/blog/itsm-implementation-pitfalls/

Sunrise website, article "Why ITSM implementations often fail?", link https://www.sunrisesoftware.com/blog/why-itsm-implementations-often-fail

ITSM Tools website, article "10 Common ITSM Mistakes and How to Avoid Them", link https://itsm.tools/10-common-itsm-mistakes-and-how-to-avoid-them/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri moves from AI theory to execution, explaining how medium-sized organizations can define AI use cases, assess data and infrastructure, build skills, and scale pilot projects. The focus is on creating a practical AI roadmap for IT Service Management with measurable, sustainable outcomes.

In this episode, we answer to:
How can organizations identify the right AI use cases for IT Service Management?
What data, infrastructure, and skills are required to scale AI initiatives successfully?
How can IT leaders manage risks while building a realistic AI roadmap?

Resources Mentioned in this Episode:
How to Assess AI Readiness for Service Delivery, link https://theitsmpractice.gumroad.com/l/HowtoAssessAIReadinessforServiceDelivery

KPMG website, article "AI Governance: Factors for Success", link https://kpmg.com/de/en/home/insights/2025/04/ki-governance-these-are-the-factors-for-success.html

IBM website, article "What is AI governance?", link https://www.ibm.com/think/topics/ai-governance

Deepchecks website, article "Understanding the AI Maturity Model: Advancing Your Organization’s AI Capabilities", link https://www.deepchecks.com/understanding-the-ai-maturity-model-advancing-your-organizations-ai-capabilities/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya