The ITSM Practice: Elevating ITSM and IT Security Knowledge

FINMA Circular 2023/1 is transforming operational resilience from a compliance exercise into a strategic leadership priority for Swiss banks. In this episode, Luigi Ferri explains why ITIL 4 is far more than ITSM, it is a powerful enterprise operating model that connects governance, cybersecurity, risk management, supplier coordination, and business continuity to build truly resilient financial institutions.

In this episode, we answer to:
Why is operational resilience becoming the new license to operate for banks?
How does ITIL 4 support FINMA resilience and cybersecurity requirements?
What organizational silos are preventing true enterprise resilience?

Resources Mentioned in this Episode:
Finma website, Circular 2023/1 Operational risks and resilience for banks, link https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf

Finma website, article "FINMA publishes Circular “Operational risks and resilience – banks”, link https://www.finma.ch/en/news/2022/12/20221213-mm-anh-rs-op-risks/

KPMG website, article "FINMA Circular 2023/1", link https://assets.kpmg.com/content/dam/kpmgsites/ch/pdf/finma-circular-2023.pdf.coredownload.inline.pdf

InfoGuard website, article "FINMA Circular 2023/1 Checklist - Ready for a regulatory audit?", link https://www.infoguard.ch/hubfs/images/blog/24/InfoGuard-FINMA-Checkliste_EN.pdf

Manage Engine website, article "The ITIL 4 Service Value System", link https://www.manageengine.com/products/service-desk/itsm/itil-4-service-value-system.html

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

Broken Transmission: Why Agile Fintechs Miss Strategy | In this episode of The ITSM Practice Podcast, Luigi Ferri explains why fintech strategy execution fails despite Agile delivery, strong squads, and constant releases. Learn how fragmented ownership, poor prioritization, and disconnected KPIs create operational misalignment, reducing business outcomes and authorization rate performance.

In this episode, we answer to:
Why do Agile fintech teams fail to execute business strategy effectively?
How does fragmented ownership impact authorization rate improvement initiatives?
Why do operational priorities override strategic portfolio management in fintech organizations?

Resources Mentioned in this Episode:
Project Management Institute, whitepaper "The High Cost of Low Performance 2014", link https://www.pmi.org/-/media/pmi/documents/public/pdf/learning/thought-leadership/pulse/pulse-of-the-profession-2014.pdf

University of Salford - Manchester, Abdallah M. Salameh, document "A Heterogeneous Approach to Agile Tailoring", link https://salford-repository.worktribe.com/OutputFile/1487893

Institute of Project Management website, article "The Emerging Importance of Benefits Realisation", link https://projectmanagement.ie/blog/the-emerging-importance-of-benefits-realisation/

McKinsey & Company website, article "Don’t cancel or coddle at-risk capital projects—challenge them", link https://www.mckinsey.com/capabilities/operations/our-insights/dont-cancel-or-coddle-at-risk-capital-projects-challenge-them

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

Fintech leaders: stop defaulting to ISO 42001. Discover how FINOS empowers you to design scalable, audit-ready AI governance before regulation forces your hand. Learn to align controls, reduce risk, and build governance by design—not by pressure.

In this episode, we answer to:
What makes FINOS a powerful alternative to ISO 42001?
How can fintechs design governance before audits hit?
Why does governance fail without alignment?

Resources Mentioned in this Episode:
FINOS website, article "AI Strategic initiative series: Building an AI Governance Framework - Key Takeaways from the NYC Workshop", link https://www.finos.org/blog/building-an-ai-governance-framework-key-takeaways-from-the-nyc-workshop

FINOS website, article "FINOS AI Governance Framework v1.0 — Turning Drafts into Deployable Guardrails", link https://www.finos.org/blog/finos-ai-governance-framework-v1.0-turning-drafts-into-deployable-guardrails

Air Governance website, article "A heuristic approach to identifying GenAI risks", link https://air-governance-framework.finos.org/heuristic-assessment.html

Air Governance website, article "FINOS AI Governance Framework", link https://air-governance-framework.finos.org

GitHub website, repo "finos/ai-governance-framework - Public", link https://github.com/finos/ai-governance-framework

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

A single question can expose a major cloud risk: who is responsible? This episode breaks down the cloud shared responsibility model, revealing how unclear ownership, misconfigurations, and weak governance lead to data breaches, and how ISO/IEC 27017 helps close the gaps.

In this episode, we answer to:
Who is really accountable for cloud security failures?
Why do misconfigurations cause most cloud data breaches?
How does ISO/IEC 27017 strengthen cloud security governance?

Resources Mentioned in this Episode:
ISO Standards website, standard ISO/IEC 27017:2015, link https://www.iso.org/standard/43757.html

Vanta website, article "The ultimate guide to ISO 27017", link https://www.vanta.com/collection/iso-27001/guide-to-iso-27017

Microsoft website, article "ISO/IEC 27017:2015", link https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27017

Safeshield website, article "Why should SaaS companies comply with the ISO/IEC 27017 security standard for cloud service providers (CSP)", link https://www.safeshield.cloud/why-should-saas-companies-comply-with-the-iso-27017-security-standard-for-cloud-service-providers-csp

NordLayer website, article "ISO 27017: cloud protection essentials", link https://nordlayer.com/learn/iso/iso-27017/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

Most organisations manage only build and operate, ignoring growth, where security risk explodes. Luigi Ferri reveals how CISOs miss the most critical phase, where scaling, DevOps, and rapid decisions create hidden security debt. This episode challenges leaders to shift from reactive controls to full product lifecycle governance before risk turns into incidents.

In this episode, we answer to:
Why is product growth the most dangerous phase for cybersecurity risk?
Are CISOs governing product lifecycle or just reacting to failures?
How does DevOps accelerate delivery but weaken security accountability?

Resources Mentioned in this Episode:
Advisera website, article "ISO 27001 control 8.25 Secure development life cycle", link https://advisera.com/iso27001/control-8-25-secure-development-life-cycle/

Ikarus website, article "Security by Design", link https://www.ikarussecurity.com/en/security-news-en/security-by-design-cybersecurity-throughout-the-product-life-cycle/

Netguru website, article "SaaS Development Life Cycle: Key Stages & Best Practices", link https://www.netguru.com/blog/saas-development-life-cycle

DevOps by Techstrong Group website, article "DevSecOps: Integrating Security Into the DevOps Lifecycle", link https://devops.com/devsecops-integrating-security-into-the-devops-lifecycle/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya