Getting a head start on ITIL

To survive in the 21st century, IT must manage itself based on the services it delivers

IT can no longer deliver services based on technology fiefdoms or silos as it has in the past. This practice is dead. Organizations that refuse to accept it will either dissolve, get outsourced, or end up being controlled by external entities such as CFOs, business units, and so on. IT needs to rethink the ways in which it contributes to the business -- and how it manages itself.

The ITIL (Information Technology Infrastructure Library) and ITSM (IT Service Management) practices provide a pathway for this to happen.

Back in 1989, it dawned on the Office of Government Commerce (OGC) in the United Kingdom that IT was becoming increasingly important to business -- and that there was still a lot of confusion about how IT services should be delivered and managed. Shortly thereafter, the OGC published ITIL: 44 volumes of dense prose that attempted to provide an integrated set of best-practice recommendations for managing IT. Version 2, published in 2001, reduced the library to nine volumes that integrated the practices, but none was exactly light reading. (Version 3 is expected in April 2007.)

The processes embodied in ITIL and ITSM have evolved greatly through the years and are poised to become a worldwide standard embodied as ISO 20000. At present, ITIL is both a glossary and a set of conceptual processes intended to outline IT best practices.

The rapid pace of business change, technology advancement, regulation, and services that must be delivered across an ever-flattened global economy is forcing IT to organize and manage itself more effectively. For all its promise, ITIL is still a tremendous undertaking. So, here’s a head start: the 10 most important things you need to know about ITIL right now.

1. What can I do with ITIL that I couldn’t do before?

Implemented properly, ITIL raises customer satisfaction, reduces waste in the IT organization, and lowers operating costs. Three quick examples:

* In 2000, target response time for resolving Web incidents at Caterpillar IT was 30 minutes -- but it hit that goal only 30 percent of the time. Then Caterpillar implemented ITIL. Now its IT providers hit the mark more than 90 percent of the time -- and Caterpillar has been able to grow its business exponentially in the past five years with only 1 percent increase in its IT budget.

* Two years ago, IT administrators at Liberty Mutual discovered that a critical network application was down only after users called to complain. Then they deployed ITIL. Today, they’re steps ahead, monitoring applications for slowdowns or abnormal activity before trouble occurs, usually fixing problems before users notice anything is wrong.

* Proctor & Gamble -- with 5,000 people employed in IT -- implemented service management processes outlined by ITIL and saved $125 million, according to company officials.

2. Do I have to read all nine volumes, or are some more important than others?

Good news! Two volumes, Service Support and Service Delivery provide the core knowledge. The other books are supplementary.

The Service Support volume introduces five key processes: Incident Management, Problem Management, Change Management, Release Management, and Configuration Management. Although considered a function, not a process, the Service Desk is included here as the central point of contact where customers of IT services can report incidents, make requests, and communicate with the IT infrastructure and the business.

Incident Management involves restoring normal business operations as quickly as possible after an incident (a server meltdown, for instance) -- in other words, doing whatever is necessary to get services back into a normal operational state after they are disrupted. Problem Management, on the other hand, focuses on finding and removing the root causes for the incident in order to prevent its recurrence.

ITIL is unique in separating “problems” from “incidents.” Too often, IT organizations will allow services to remain down while support staff tries to find the root cause of an incident, instead of focusing on fast work-arounds to minimize impact on the business. ITIL puts priority on serving the business first and then on fixing the root cause in the background.

Change Management is the process that coordinates and controls changes to the IT infrastructure itself. ITIL views this process as a coordinated effort to obtain the proper approvals, authorization, and quality assurance steps.

Release Management refers to the actual implementation of IT changes, including people, processes, technology, training, rollout, communications, and business area activities, as well as the design build, test, and release of the change. The notion of packaging changes into release units to minimize disruption to the business is new to most IT operations. Release activities occur under the guidance and approval of Change Management.

Configuration Management includes the process of logging, tracking, controlling, and verifying infrastructure information that describes every component in the IT infrastructure -- and their relationships. Emphasis is placed on how these items, known as CIs (configuration items), relate to one another. All this information is stored in a logical CMDB (configuration management database).

3. This CMDB sounds important.

The CMDB will serve as the blueprint for how the entire IT infrastructure is structured, how various CIs -- hardware, software, incidents, agreements, service levels, documentation, and so on -- are related, and how the entire metasystem functions. The CMDB becomes the basis for finding infrastructure information quickly, and making effective management decisions based on it. Under ideal circumstances, every CI will have configurable attributes -- for example, it might be a computer, a purchasing process, or an individual IT staffer. If possible, the CMDB should be designed to automatically discover information about the CIs and to track changes as they happen in order to minimize the administrative labor necessary to maintain it.

Click for larger view.
4. Did you forget about the Service Delivery volume?

Not at all. Whereas the Service Support book is focused on how effective IT services should be operated and maintained, the Service Delivery volume looks at how those services are provisioned and enhanced. This book also highlights five critical processes: Service Level Management, Availability Management, Capacity Management, IT Service Continuity Management, and IT Financial Management.

Service Level Management involves planning, coordinating, monitoring, and reporting of SLAs. It reviews services on an ongoing basis to ensure that they are being delivered cost-effectively and are meeting desired service targets. ITIL also introduces the concept of a Service Catalog that lists all the services delivered by IT to the business. Creation of this catalog forces IT to think in business terms and to link the IT infrastructure and its costs to the services that are being delivered.

Availability Management coordinates, designs, measures, and manages IT infrastructure availability, taking into account all aspects of the infrastructure and supporting organization. It coordinates and integrates loose-knit technology silos to ensure that needed services can actually be delivered at required levels and cost. This process brings together key disciplines such as reliability, serviceability, maintainability, security, and responsiveness for each service being delivered. It also assesses service risk and identifies mitigations where necessary.

Capacity Management looks at IT capacity, performance, and throughput compared with business workloads and objectives. Historically, the majority of IT organizations have focused on managing capacity based on how IT resources are being used. ITIL requires IT to first identify business drivers of capacity, translating them into service workloads through modeling and development of projections before applying them to the IT infrastructure. Other activities such as performance tuning and the sizing of hardware and software for application projects are included in this process.

IT Service Continuity Management ensures that IT services can be recovered in the event of a major disaster. It turns on the concept of Vital Business Functions and forces IT to look at how services -- rather than just technologies -- can be restored. ITIL aligns IT continuity plans with the business continuity plan in order to coordinate, design, plan, and test disaster-recovery policies to keep IT services running in the event of a major disruption to the business.

Finally, IT Financial Management provides budgeting, accounting, and charging services to manage IT costs and spending. In today’s world, very few IT organizations can actually identify what services they deliver, let alone what costs are incurred to deliver them, which is one reason IT has had little credibility in the boardroom. Developing the ability to articulate costs and IT’s contribution to the bottom line brings market dynamics and modern business practices to the IT organization.

The Service Desk exists here, too. In a typical business organization, business users and customers will interface with the Service Desk function on a daily basis as part of the Service Support workflow. At the same time, executives and management will interface with the Service Level Management process to put new services into place and review service quality using the Service Delivery workflow. This is how ITIL neatly divides the work that IT does, with emphasis on how it touches the business.

5. How about the other seven books? Are they chopped liver?

Not at all. After you have absorbed the basic concepts, you can learn a lot from the other seven volumes. For instance, as you might imagine, Introduction to ITIL introduces the basic concepts that comprise the ITIL approach to service management. Then, Planning to Implement Service Management explains the steps necessary to identify how an organization will benefit from ITIL. ICT Infrastructure Management covers critical issues such as network service management, operations management, computer installation and acceptance, and systems management. Applications Management focuses on software development and support lifecycles, defining requirements, and testing of IT services.

The Business Perspective volume is actually two books -- one aimed at IT staffers, and the other intended for business managers. Together, they discuss business continuity management, partnerships, outsourcing, surviving change, and transforming business practices through radical change. Security Management discusses security practices and standards from an ITIL perspective. Finally, Software Asset Management provides best practices for managing software and software licenses.

6. ITIL has been around for more than 15 years. Why is it now taking hold in the United States?

The United States has always lagged behind Europe in the discipline of IT infrastructure management. Go to a bookstore, and you’ll find precious few books on the subject. Go to the universities, and you’ll visit a lot before finding one that teaches it. One reason that this is changing is the increasing impact of European- and Asian-owned companies operating in the United States, all saying, “Hey, get on board! You need to be ITIL-compliant. That’s how we run our shops over here.”

Another factor driving U.S. acceptance is that companies are seeing more than two-thirds of their IT budgets being eaten up in new, nondiscretionary operating costs, over which they have very little control. It’s rare to find an IT shop that can articulate how IT contributes to company’s bottom line.

ITIL changes that by implementing successive waves of mini-projects that target specific business goals with measurable results. Typical goals might include reducing IT costs, reducing service outages, preparing for a major IT initiative, or preparing for a major business change such as a merger, move, or acquisition. These efforts may involve entire ITIL processes or just parts of them.

Finally, whereas IT customers of the past used to be purely internal (staffers, managers, and auditors), these days increasing numbers of IT “customers” in the United States are external -- actual customers of the business itself, interacting via public Web sites. If systems fail, potential buyers are likely to take their business elsewhere; potential damage to corporate reputation is high.

The pace of business change, technology, and legal regulation is moving faster every day, and all these financial imperatives are hard to ignore: As was noted at Microsoft’s 2004 IT Forum Conference, “Recent studies are showing that an IT service organization could achieve up to a 48 percent cost reduction by applying ITSM principles.”

As long as ITIL remains the only comprehensive plan for infrastructure management that focuses specifically on IT service, it will continue to be the only game in town.

Click for larger view.
7. Who needs ITIL besides large enterprises? Can small shops or individuals use it?

1 2 Page 1
Page 1 of 2