IT can no longer deliver services based on technology fiefdoms or silos as it has in the past. This practice is dead. Organizations that refuse to accept it will either dissolve, get outsourced, or end up being controlled by external entities such as CFOs, business units, and so on. IT needs to rethink the ways in which it contributes to the business -- and how it manages itself.
The ITIL (Information Technology Infrastructure Library) and ITSM (IT Service Management) practices provide a pathway for this to happen.
Back in 1989, it dawned on the Office of Government Commerce (OGC) in the United Kingdom that IT was becoming increasingly important to business -- and that there was still a lot of confusion about how IT services should be delivered and managed. Shortly thereafter, the OGC published ITIL: 44 volumes of dense prose that attempted to provide an integrated set of best-practice recommendations for managing IT. Version 2, published in 2001, reduced the library to nine volumes that integrated the practices, but none was exactly light reading. (Version 3 is expected in April 2007.)
The processes embodied in ITIL and ITSM have evolved greatly through the years and are poised to become a worldwide standard embodied as ISO 20000. At present, ITIL is both a glossary and a set of conceptual processes intended to outline IT best practices.
The rapid pace of business change, technology advancement, regulation, and services that must be delivered across an ever-flattened global economy is forcing IT to organize and manage itself more effectively. For all its promise, ITIL is still a tremendous undertaking. So, here’s a head start: the 10 most important things you need to know about ITIL right now.
1. What can I do with ITIL that I couldn’t do before?
Implemented properly, ITIL raises customer satisfaction, reduces waste in the IT organization, and lowers operating costs. Three quick examples:
* In 2000, target response time for resolving Web incidents at Caterpillar IT was 30 minutes -- but it hit that goal only 30 percent of the time. Then Caterpillar implemented ITIL. Now its IT providers hit the mark more than 90 percent of the time -- and Caterpillar has been able to grow its business exponentially in the past five years with only 1 percent increase in its IT budget.
* Two years ago, IT administrators at Liberty Mutual discovered that a critical network application was down only after users called to complain. Then they deployed ITIL. Today, they’re steps ahead, monitoring applications for slowdowns or abnormal activity before trouble occurs, usually fixing problems before users notice anything is wrong.
* Proctor & Gamble -- with 5,000 people employed in IT -- implemented service management processes outlined by ITIL and saved $125 million, according to company officials.
2. Do I have to read all nine volumes, or are some more important than others?
Good news! Two volumes, Service Support and Service Delivery provide the core knowledge. The other books are supplementary.
The Service Support volume introduces five key processes: Incident Management, Problem Management, Change Management, Release Management, and Configuration Management. Although considered a function, not a process, the Service Desk is included here as the central point of contact where customers of IT services can report incidents, make requests, and communicate with the IT infrastructure and the business.
Incident Management involves restoring normal business operations as quickly as possible after an incident (a server meltdown, for instance) -- in other words, doing whatever is necessary to get services back into a normal operational state after they are disrupted. Problem Management, on the other hand, focuses on finding and removing the root causes for the incident in order to prevent its recurrence.
ITIL is unique in separating “problems” from “incidents.” Too often, IT organizations will allow services to remain down while support staff tries to find the root cause of an incident, instead of focusing on fast work-arounds to minimize impact on the business. ITIL puts priority on serving the business first and then on fixing the root cause in the background.
Change Management is the process that coordinates and controls changes to the IT infrastructure itself. ITIL views this process as a coordinated effort to obtain the proper approvals, authorization, and quality assurance steps.
Release Management refers to the actual implementation of IT changes, including people, processes, technology, training, rollout, communications, and business area activities, as well as the design build, test, and release of the change. The notion of packaging changes into release units to minimize disruption to the business is new to most IT operations. Release activities occur under the guidance and approval of Change Management.
Configuration Management includes the process of logging, tracking, controlling, and verifying infrastructure information that describes every component in the IT infrastructure -- and their relationships. Emphasis is placed on how these items, known as CIs (configuration items), relate to one another. All this information is stored in a logical CMDB (configuration management database).
3. This CMDB sounds important.
The CMDB will serve as the blueprint for how the entire IT infrastructure is structured, how various CIs -- hardware, software, incidents, agreements, service levels, documentation, and so on -- are related, and how the entire metasystem functions. The CMDB becomes the basis for finding infrastructure information quickly, and making effective management decisions based on it. Under ideal circumstances, every CI will have configurable attributes -- for example, it might be a computer, a purchasing process, or an individual IT staffer. If possible, the CMDB should be designed to automatically discover information about the CIs and to track changes as they happen in order to minimize the administrative labor necessary to maintain it.
4. Did you forget about the Service Delivery volume?
Not at all. Whereas the Service Support book is focused on how effective IT services should be operated and maintained, the Service Delivery volume looks at how those services are provisioned and enhanced. This book also highlights five critical processes: Service Level Management, Availability Management, Capacity Management, IT Service Continuity Management, and IT Financial Management.
Service Level Management involves planning, coordinating, monitoring, and reporting of SLAs. It reviews services on an ongoing basis to ensure that they are being delivered cost-effectively and are meeting desired service targets. ITIL also introduces the concept of a Service Catalog that lists all the services delivered by IT to the business. Creation of this catalog forces IT to think in business terms and to link the IT infrastructure and its costs to the services that are being delivered.
Availability Management coordinates, designs, measures, and manages IT infrastructure availability, taking into account all aspects of the infrastructure and supporting organization. It coordinates and integrates loose-knit technology silos to ensure that needed services can actually be delivered at required levels and cost. This process brings together key disciplines such as reliability, serviceability, maintainability, security, and responsiveness for each service being delivered. It also assesses service risk and identifies mitigations where necessary.
Capacity Management looks at IT capacity, performance, and throughput compared with business workloads and objectives. Historically, the majority of IT organizations have focused on managing capacity based on how IT resources are being used. ITIL requires IT to first identify business drivers of capacity, translating them into service workloads through modeling and development of projections before applying them to the IT infrastructure. Other activities such as performance tuning and the sizing of hardware and software for application projects are included in this process.
IT Service Continuity Management ensures that IT services can be recovered in the event of a major disaster. It turns on the concept of Vital Business Functions and forces IT to look at how services -- rather than just technologies -- can be restored. ITIL aligns IT continuity plans with the business continuity plan in order to coordinate, design, plan, and test disaster-recovery policies to keep IT services running in the event of a major disruption to the business.
Finally, IT Financial Management provides budgeting, accounting, and charging services to manage IT costs and spending. In today’s world, very few IT organizations can actually identify what services they deliver, let alone what costs are incurred to deliver them, which is one reason IT has had little credibility in the boardroom. Developing the ability to articulate costs and IT’s contribution to the bottom line brings market dynamics and modern business practices to the IT organization.
The Service Desk exists here, too. In a typical business organization, business users and customers will interface with the Service Desk function on a daily basis as part of the Service Support workflow. At the same time, executives and management will interface with the Service Level Management process to put new services into place and review service quality using the Service Delivery workflow. This is how ITIL neatly divides the work that IT does, with emphasis on how it touches the business.
5. How about the other seven books? Are they chopped liver?
Not at all. After you have absorbed the basic concepts, you can learn a lot from the other seven volumes. For instance, as you might imagine, Introduction to ITIL introduces the basic concepts that comprise the ITIL approach to service management. Then, Planning to Implement Service Management explains the steps necessary to identify how an organization will benefit from ITIL. ICT Infrastructure Management covers critical issues such as network service management, operations management, computer installation and acceptance, and systems management. Applications Management focuses on software development and support lifecycles, defining requirements, and testing of IT services.
The Business Perspective volume is actually two books -- one aimed at IT staffers, and the other intended for business managers. Together, they discuss business continuity management, partnerships, outsourcing, surviving change, and transforming business practices through radical change. Security Management discusses security practices and standards from an ITIL perspective. Finally, Software Asset Management provides best practices for managing software and software licenses.
6. ITIL has been around for more than 15 years. Why is it now taking hold in the United States?
The United States has always lagged behind Europe in the discipline of IT infrastructure management. Go to a bookstore, and you’ll find precious few books on the subject. Go to the universities, and you’ll visit a lot before finding one that teaches it. One reason that this is changing is the increasing impact of European- and Asian-owned companies operating in the United States, all saying, “Hey, get on board! You need to be ITIL-compliant. That’s how we run our shops over here.”
Another factor driving U.S. acceptance is that companies are seeing more than two-thirds of their IT budgets being eaten up in new, nondiscretionary operating costs, over which they have very little control. It’s rare to find an IT shop that can articulate how IT contributes to company’s bottom line.
ITIL changes that by implementing successive waves of mini-projects that target specific business goals with measurable results. Typical goals might include reducing IT costs, reducing service outages, preparing for a major IT initiative, or preparing for a major business change such as a merger, move, or acquisition. These efforts may involve entire ITIL processes or just parts of them.
Finally, whereas IT customers of the past used to be purely internal (staffers, managers, and auditors), these days increasing numbers of IT “customers” in the United States are external -- actual customers of the business itself, interacting via public Web sites. If systems fail, potential buyers are likely to take their business elsewhere; potential damage to corporate reputation is high.
The pace of business change, technology, and legal regulation is moving faster every day, and all these financial imperatives are hard to ignore: As was noted at Microsoft’s 2004 IT Forum Conference, “Recent studies are showing that an IT service organization could achieve up to a 48 percent cost reduction by applying ITSM principles.”
As long as ITIL remains the only comprehensive plan for infrastructure management that focuses specifically on IT service, it will continue to be the only game in town.
7. Who needs ITIL besides large enterprises? Can small shops or individuals use it?
Any IT shop servicing a company that is undergoing major changes and/or servicing that company’s customers, will benefit from ITIL. For instance, a small shop facing recurrent network outages will find benefits in employing ITIL’s Problem Management process to predict and minimize future incidents. A midsize company with a complex IT infrastructure may find that the ITIL Configuration Management solution provides a blueprint for streamlining impact assessments for changes and new applications. A large organization undergoing a major acquisition or consolidation effort will discover that the consistent, repeatable processes outlined in ITIL make those efforts occur much faster and at less cost.
8. I’m convinced. How can I get started deploying ITIL?
Get trained and certified. Almost every major hardware/software vendor, and a slew of smaller companies, offers ITIL training. Search for “ITIL training” on the Web to reveal a treasure trove of capable vendors who can get you started. Exams and certifications are handled through independent agencies such as EXIN (Examination Institute for Information Science and ISEB (Information System Executive Board).
Fill in your knowledge gaps with books, Webinars, library material, and online resources. Some excellent sources include: IT Service Success, Service Level Management, and ITSM Watch. Most importantly, be sure to visit the main user group site in the United States for the IT Service Management Forum. You may want to consider joining this organization and attending local ITIL interest groups that meet regularly in many cities around the country.
9. Should I hire someone to help implement ITIL? Do big companies offer ITIL implementations?
Many companies offer ITIL consulting and implementation services, but this is still on the early part of the adoption curve. There is no market leader. Make your choice based on the experience of the people assigned to your efforts, not a brand name. Ask for résumés and look for experience, certifications, expertise, and track records. Avoid cookie-cutter solutions; these seldom work very well. ITIL has many facets, and there is no one “right way” to implement it. The best approach for your efforts will be highly dependent on your objective and the particular problems you are trying to solve. Make sure that consultants are prepared to work closely with you to understand your unique issues, and that their approaches match your specific needs.
10. I’ve been hearing a lot about ISO 20000. How does it relate to ITIL? Should I care?
ITIL is mainly about processes; it provides no criteria for measuring anything. ISO 20000, which has just been released, serves as a basis for benchmarking IT service management and improving IT services. It defines the requirements for service providers, and it helps you determine whether you comply with an acceptable IT service management standard.
ISO 20000 provides specific, measurable criteria that can be audited in areas such as scope, terms and definitions, planning and implementing service management, requirements for a management system, planning and implementing new or changed services, service delivery processes, relationship processes, control processes, resolution processes, and release processes.
To find more information, go to the International Organization for Standardization’s Web site.
Preparing for fundamental changes of the 21st century
The old operating model that originated when IT was a centralized, back-office function with limited numbers of platforms no longer meets the needs of the 21st century. IT can no longer operate successfully by managing silo technologies; it needs to administer operations based on the services it delivers.
ITIL provides the means for accomplishing this. As a Gartner Group analyst once noted, “IT service organizations must expand their technology focus to include the underlying business processes, engaging business process owners in establishing end-to-end measurements of effectiveness.” ITIL and ITSM provide the tools and concepts to make that possible.
Companies that have initiated ITIL efforts are already seeing higher customer-satisfaction levels and reduced costs and labor. Although not a panacea for all IT challenges, ITIL is a fundamental conceptual change for how IT will be doing business in the 21st century. Its time has come.