Business Information Service Library (BiSL) introduction

BiSL is an abbreviation of Business Information Services Library, previously known as Business Information Service Management Library, It is a vendor independent public domain library for the implementation of business information management.

Starting the late 90s, ITIL® (IT Infrastructure Library) has been used to improve the maturity of service management processes, particularly in the area of IT infrastructure management. As the maturity level of organizations increases, it has become clear that application management had additional needs; ASL® (Application Services Library) was developed and introduced into the public domain in 2002. Similarly, once it was realized that the demand side of IT also had specific needs that were not addressed sufficiently by existing frameworks, there was a justification for a framework for this domain. Customers of IT organizations had very little focus on their own role and all hopes were set solely on the IT and technology vendors and they were not capable to sufficiently influence the effectiveness and efficiency of IT on their own. The client or demand role is a crucial factor in achieving a situation where IT is worth money spent.

The framework describes a standard for processes within business information management at the strategy, management and operations level. BISL is closely related to the ITIL and Application Service Library (ASL) frameworks, while the main difference between these frameworks is that ITIL and ASL focus on the supply side of information (the purpose of an IT organization), whereas BISL focuses on the demand side (arising from the end-user organization)

Based on separation of duties, Information Delivery can be divided in two main areas:

  • IT Managementrepresenting ‘Supply’

IT Management is the domain that builds and runs the information systems. It is composed of various disciplines, including Systems Management, Application Management (framed by ASL), Facility and Infrastructure Management, and IT Service Management (framed by ITIL).

  • Information Managementrepresenting ‘Demand’

Information Management is the domain that forms the specification of the functional requirements that the IT services have to deliver to the end-users, the management of the corporate data model, and the management of the delivery of IT services by IT management. Information Management is supported by the most recent BISL standard.


  1. IT infrastructure management is responsible for maintaining the operations of the IT infrastructure that is part of the information system. This includes hardware, equipment, networks, software and databases which are the main areas of focus for the computer center or the IT center. ITIL is a much-used framework in this context.
  2. Application management is responsible for maintaining the application software and the databases. Application management corresponds to the operation of a software company: the creation, maintenance and renovation of software applications. ASL (Application Services Library) is the standard for organizing application management.
  3. Business information management on behalf of the business and user organization is responsible for maintaining the functionality of the information systems. This section concentrates on the provision of information to support the organization and its business processes.



Enterprise Risk Management definition

The term of Enterprise Risk Management “ERM” is being discussed these days a lot. (Traditional) Risk Management by itself is not new. However it has been evolved. The main difference between both is that the traditional risk management is considering risk to be managed separately , each business unit, department or project by itself as silos. Another point , in traditional risk management , the assessment, identification of risk is taken bottom up until it is summarized up in the management level.

As said, this has been evolved to form the new concept of Enterprise risk management which take a wider view of risk to include the whole organization or cooperation. Another point, Enterprise Risk Management start from up to bottom, as it starts on the strategic level by the corporate objectives and strategic directions. The game changer here is changing the mind set to focus on what could impact the organization from achieving its strategic goals. This can be achieved by creating Key Risk Indicators (KRIs) that are linked to the organization goals and objectives. These KRIs are monitored closely to ensure the organization decision makers that their decisions are still within the organization risk appetite.

I will give some details on the basic concepts of the ERM in later articles, while in this article I will only focus on different definitions of the Enterprise Risk Management.

ISO31000:2009 has defined the Risk Management as “Coordinated activities to direct and control an organization with regard to risk” and defined Risk itself by “Effect of uncertainty on objectives” where the effect is a deviation from the expected positive and/or negative.

COSO broadly defines enterprise risk management (ERM) as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

According to the Project Management Institute’s PMBOK . Project risk is defined by PMI as, “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.”