The ITSM Practice: Elevating ITSM and IT Security Knowledge

Enterprise Risk Management (ERM) often looks mature—risk registers, ISO 31000 alignment, MoR processes—yet fails to influence real decisions. In fintech and regulated environments, risk governance must shape judgment, not just document compliance. This episode explores why ISO 31000 and MoR lose impact under pressure, and how to align risk appetite, decision-making, and operational execution before risk accumulates.

In this episode, we answer to:
How can ISO 31000 truly influence enterprise decision-making in fast-moving fintech environments?
Why does Management of Risk (MoR) become procedural compliance instead of strategic risk governance?
How can Enterprise Risk Management integrate risk appetite, governance, and operational execution without losing agility?

Resources Mentioned in this Episode:
Axelos website, white paper "Everything You Wanted to Know About MoR in Less Than 1,000 Words", link https://www.axelos.com/resource-hub/white-paper/everything-you-wanted-to-know-about-m-o-r-in-less-than-1000-words

Goodelearning website, article "What is Management of Risk (M_o_R)?", link https://goodelearning.com/articles/what-is-management-of-risk/

Best Practice LMS website, article "M_o_R® - Introduction", link http://www.bestpracticelms.com/mLearn/SPM-App/MOR.html

ISO official website, ISO 31000:2018 standard, link https://www.iso.org/standard/65694.html

Pacific Certifications, article "ISO 31000: Risk Management Framework Explained for Modern Organizations", link https://blog.pacificcert.com/iso-31000-risk-management-framework-explained/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

In this episode of the ITSM Practice Podcast, Luigi Ferri explores how ITIL 5 shifts leadership from explaining incidents to owning systemic decisions. In complex service ecosystems, governance must move upstream—before automation, architecture, and risk scale. True IT Service Management leadership is no longer about post-incident justification, but about accountable decision design in Enterprise Service Management.

In this episode, we answer to:
How does ITIL 5 redefine accountability in modern IT Service Management?
Why is governance shifting upstream in complex, automated service environments?
Are Heads of Service accountable for decisions they did not design?

Resources Mentioned in this Episode:
ITIL Training Academy website, article "ITIL® (Version 5): Everything New in ITIL Latest Version", link https://www.itil.org.uk/blog/itil-version-5-a-complete-guide

PeopleCert website, article "ITIL, The Language of Growth", link https://www.peoplecert.org/Frameworks-Professionals/ITIL-framework

PMG Academy website, article "The Definitive Guide to ITIL® Version 5 Foundation", link https://www.pmgacademy.com/en/articles/itil/the-definitive-guide-to-itil-version-5-foundation/

ITIL official website, article "ITIL AI Governance White Paper", link https://www.itil.com/Itil-News-and-Announcements/ai-governance-white-paper

INOC website, article "5 ITIL Incident Management Best Practices", link https://www.inoc.com/blog/itil-incident-management

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl and risk misalignment. A sharp reflection on cybersecurity governance, enterprise risk management and why compliance without thinking weakens leadership.

In this episode, we answer to:
Is compliance replacing real risk-based security governance?
Why do organizations accumulate ISO, NIST and SCF instead of clarifying risk ownership?
How does ITIL 5 transform control frameworks into accountable governance?

Resources Mentioned in this Episode:
Compliance Forge website, article "The Secure Controls Framework (SCF) Is The Common Controls Framework (CCF)", link https://complianceforge.com/scf/what-is-the-scf/

Secure Controls Framework website, article "The SCF Makes Compliance A Natural Byproduct of Secure Practices", link https://securecontrolsframework.com/what-is-the-scf/

Secure Controls Framework on GitHub, article "The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to over 100 cybersecurity and privacy-related laws, regulations and industry frameworks", link https://github.com/securecontrolsframework/securecontrolsframework

Secure Controls Framework website, article "Security, Compliance & Resilience (SCR) Principles", link https://securecontrolsframework.com/domains-principles/

Secure Controls Framework website, article "Secure, Compliant & Resilient Capability Maturity Model (SCR-CMM)", link https://securecontrolsframework.com/free/capability-maturity-model/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

ITIL 5 marks a decisive shift in IT Service Management. Moving beyond ITIL 4, it reframes services as AI-enabled digital product–service systems governed through data-driven decision models. This episode explores governance, accountability, CIO and CISO implications, and why ITIL 5 transforms service management into system leadership in an AI-native world.

In this episode, we answer to:
How does ITIL 5 redefine IT Service Management in an AI-native environment?
What changes from ITIL 4 to ITIL 5 in governance, digital products, and value streams?
What does ITIL 5 mean for CIOs and CISOs managing AI-driven digital services?

Resources Mentioned in this Episode:
ITIL Training Academy website, article "ITIL® (Version 5): Everything New in ITIL Latest Version", link https://www.itil.org.uk/blog/itil-version-5-a-complete-guide

ServiceNow website, article "Understanding ITIL 5: What’s New and How It Builds on ITIL 4", link https://www.servicenow.com/community/virtual-agent-forum/understanding-itil-5-what-s-new-and-how-it-builds-on-itil-4/m-p/3478594

Novelvista website, article "ITIL 4 vs ITIL (Version 5): What’s New, Changed, and Refined?", link https://www.novelvista.com/blogs/it-service-management/itil4-vs-itil5

PeopleCert website, article "ITIL Foundation (Version 5)", link https://www.peoplecert.org/browse-certifications/it-governance-and-service-management/ITIL-1/itil-5-foundation-version-50-4154

Tarun Dewat, LinkedIn post "ITIL 5 has officially arrived, and it’s one of the most transformative updates the IT service management world has seen in years", link https://www.linkedin.com/posts/tarun-dewat-699818222_itil-5-has-officially-arrived-and-its-one-activity-7422705091654275073-6AxT

ageeogee user on Reddit, post "Will ITIL 5 look more like 3 or 4?", link https://www.reddit.com/r/ITIL/comments/1l4bak8/will_itil_5_look_more_like_3_or_4/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

In this episode of The ITSM Practice Podcast, Luigi Ferri explains why IT maturity is the decisive factor in successful IT carve-outs. From dependency mapping to ITIL v3 governance and continuity stress testing, the episode shows how disciplined IT Service Management prevents disruption, cost overruns, and failed separations during complex enterprise transitions.

In this episode, we answer to:
Where is the real boundary between what IT owns and what a carved-out unit must take?
What breaks first when a shared IT service disappears during a carve-out?
Why does IT governance need to come before architecture and migration design?

Resources Mentioned in this Episode:
AvenDATA website, article "What is a carve-out and why is it important?", link https://avendata.com/blog/what-is-a-carve-out-and-why-does-it-matter

Umbrex website, article "Stakeholder Alignment and Governance", https://umbrex.com/resources/carve-out-playbook/stakeholder-alignment-and-governance/

Invgate website, article "The most flexible no-code ITSM solution", link https://invgate.com/itsm/itil/itil-service-lifecycle

Rezolve AI website, article "ITIL v3: Framework & Best Practices", link https://www.rezolve.ai/blog/itil-v3-framework-best-practices

Alloy Software website, article "5 Stages of the ITIL Service Lifecycle: A Simple Guide to Better IT Service Management", link https://www.alloysoftware.com/blog/itil-lifecycle/

Eurostep website, article "Data carve-out best practices: Insights into streamlining data separation for business units", link https://www.eurostep.com/data-carve-out-best-practices-insights-into-streamlining-data-separation-for-business-units/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya