In This Chapter
Using ITIL V3 as a blueprint for enterprise service management
Considering practical matters in implementing ITIL
Understanding how ITIL integrates with other best-practices frameworks
So far in this book, we've defined a service, discussed the importance of managing a service, and enumerated the value of best practices in service management. We've also given you a brief overview of some of the important public standards and best practices − namely, best-practices models such as Control Objectives for Information and Related Technology (COBIT) and enhanced Telecom Operations Map (eTOM), as well as standards from the International Standards Organization (ISO). (Refer to Chapter 4 for more information on these models and organizations.)
In this chapter, we explore in detail one of the most comprehensive sets of best practices for service management: Information Technology Infrastructure Library (ITIL). We chose ITIL for this discussion in part because many of its best practices are now being adopted even beyond IT (such as in service provider operations) to help adherents align existing services with business objectives; to identify new service opportunities to support the business; and to successfully address the closed-loop planning, execution, and continuous improvement of these services.
Although ITIL is a set of published guidance books that you can simply download to your computer or view on the Internet (at www.itilsurvival.com/ITILBooksintheUS.html), implementing ITIL service management best practices in your organization isn't so simple, so we also talk about some practical considerations in implementing ITIL. Specifically, we discuss how ITIL integrates into other frameworks.
In Chapter 4, we introduce ITIL and tell you a little bit about its history and objectives. We explain that ITIL is a library of books that describes best practices for service management. In 2007, the Office of Government Commerce (OGC), a UK agency, introduced the latest version of ITIL: Version 3 (V3). This version emphasizes the importance of building best practices throughout the entire services life cycle because, frankly, if you've waited until your service is delivered to consider best practices, you've waited too long. So ITIL V3 emphasizes the need for integrating everything: processes, services, people, tools, and information, as well as collaboration among different parts of IT.
ITIL V3 consists of five core books that describe these best practices. The five books address each aspect of the services life cycle, from developing a service strategy to designing the service and then rolling out and operating the service. The books also provide guidelines for continually improving your services. Within each of these life-cycle areas, a series of 26 best-practices components guides you through service management. Many of these best-practices processes occur throughout all stages of the life cycle. Wow! This sounds like a lot of information − and it is. We distill it for you in the following sections.
Just as a business needs a strategy, so does IT. Service Strategy addresses how to set a strategy to meet customer needs and provide value. Key elements include strategy guidelines, financial considerations, and portfolio and demand management. Here are the highlights:
Strategy considerations: IT doesn't live in a vacuum. To develop a strategy, IT needs to align with business objectives that include understanding customer needs, the market, and the competitive environment; then it must set the vision and direction for IT services in the context of the broader corporate strategy. IT also needs to put together a plan for achieving this vision, listing the services and products that customers expect as well as outlining the organizational and sourcing design for achieving these goals. Service Strategy defines the different kinds of service providers, both internal and external, that are required to make these services a reality. Finally, because a strategy isn't complete if you can't measure it, Service Strategy provides guidelines for developing key performance indicators (KPIs), which are measurements to help track how well services meet objectives.
Financial management: Setting a strategy is great, but you need to make sure that you can pay for it, so ITIL V3 also includes guidelines on budgeting, accounting, and charging. It helps you understand how to think about the costs and revenue associated with your services, how to account for the costs, and how you might charge for the services.
Portfolio management: After you deliver the services, you need to manage them from a financial perspective to make sure that they address business needs. This management includes identifying and validating the portfolio of services, as well as monitoring them to ensure that they continue to provide value. An automated teller machine (ATM), for example, provides several services, but if one of them − say, a stamp-dispensing service − isn't what customers want, keeping the service running may not be financially viable.
Demand management: Your services are useful only if customers want them and you can provide them. Imagine what would happen if you built a service and found out that consumers no longer demanded it, or if consumers demanded the service but you didn't have the capacity to meet the demand.
Service strategy boils down to a simple concept: Transform assets into value. Value has two aspects:
Assets: First, the provider needs to derive the most value from his assets in the form of the products and services provided.
Customers: The second aspect of transforming assets to value comes on the customer side of service management. The most valuable service a provider can offer is one that helps the customer get more value from the assets that the customer owns.
The whole Service Strategy concept builds on the core concept of producing value from different types of assets. The ability to turn assets to value − service management − is a critical business asset.
According to Service Design, after you set your strategy, it's time to design your services. This design includes dealing with architecture, technology, processes, information, and organizational issues. Service design also includes collecting business requirements, as well as designing and developing appropriate service solutions, processes, and measurement systems. Consider these seven critical aspects when you're designing services:
Service-catalog management: To build and operate your services effectively, you need a central registry/repository of information about these services: a service catalog. The catalog includes services that you've already agreed to as well as services requested and provides a view of the services offered to those who want to or need to see them. So a good catalog provides meaningful views of services to multiple stakeholders: customers, users, suppliers, and providers.
Service-level management: A service needs to meet customer expectations, which means that it needs to meet certain service levels. Banking customers, for example, expect ATM machines to be available 24/7, so a bank needs to make sure that services supporting the delivery of cash and other services to customers meet this expectation.
Capacity management: If customers desire a service that isn't available because of IT constraints, customer expectations aren't met. Capacity management provides a way to understand whether IT can meet customer needs, and it helps you plan accordingly. The data center servicing ATM machines, for example, may need to be staffed at a certain level to meet service-level and operational-level agreements, so the bank may need to hire and train new staff members, as well as buy new hardware and software to support the data center.
Availability management: You need to have someone (or a team of someones) monitoring the availability, reliability, and maintainability of all your services, which is what availability management is all about. Ideally, management isn't simply reactive in terms of measuring what's happening to a service; it's also proactive in determining what you need to do to meet expectations.
IT service continuity management: When your business requires high IT availability, you need a support structure in place to ensure that availability.
Information security management: Information makes the world go 'round, and securing this information is paramount to effective IT services. This best practice is all about ensuring that you include information security when you design services, which means including information confidentiality, integrity, and availability. When you go to your ATM machine, for example, you certainly expect that all your account information will remain accurate, complete, timely, and confidential.
Supplier and contract management: You need to make sure that all the suppliers you hire to support a particular service supply the service at the level of expectation the customer needs. If you hire a security company to deliver money to your ATM machine, and the machine is empty, the supplier isn't meeting its obligations, and your customers won't be happy. To make this service happen, you need to manage supplier contracts effectively.
In general, service design integrates service management best practices early in the life cycle. The key concept is that you design and develop a service, not just infrastructure or an application. Service design also incorporates the ideas of service utility and service warranty. Service utility refers to what the service does. In the case of IT services, service utility is often close to the key functional attributes of the applications that make up the service. Service warranty is the level of service that you offer. What you hand off to operations to be deployed is a service package, including both the service utility and the service warranty. You can't wait until service delivery to think about service-level management, availability, capacity, continuity, and security.
The next phase of ITIL's best practices involves getting the service package into operation, which is the topic of the Service Transition book. This book covers transitioning all aspects of the service: the technology as well as the people and processes.
Imagine that you've built the best ATM machine in the world and all the supporting technology infrastructure to go along with it. If you don't have the armored-truck drivers, data center operators, and all the other people and processes in place to make getting money out of that machine possible, everything is for naught.
Service transition requires transferring the knowledge that goes along with the services to those who operate them. It also includes processes for dealing with any changes that might occur in the service.
Service Transition includes the following best practices:
Change management: It's okay to make a change in a service, but before you do, you need to make sure that certain things happen. If you want to change the way that deposits are made at an ATM machine, for example, you need to evaluate and authorize these changes. After you authorize the changes, you need to record them, and you should also test and validate them to make sure that nothing goes wrong down the road. Standard processes are key; otherwise, you'll never be able to keep track of anything.
Service asset and configuration management: A lot of IT and non-IT assets make up an overall service, and you need to identify and control all those assets. Configuration information is the basis for managing any service. The best-practices approach is to have an integrated asset and configuration system to provide service configuration information to all other service management processes. This information enables service management to manage both the technical and financial aspects of services effectively.
Knowledge management: Knowledge management ensures that people get the information they need to do their jobs correctly. A service knowledge system is required to make the service management system effective. People and tools need complex, integrated information to manage services. If the data center personnel at the ATM data center don't have the right information to do their jobs, for example, the jobs won't get done efficiently or effectively.
Release and deployment management: When you deploy a new service or release a new version, do it in a controlled manner, within agreed-on service-level constraints, to prevent service incidents.
Service evaluation: Evaluate services to ensure that they're useful.
Service validation and testing: As you deploy services in the organization − or if you change them − you need to test those services to make sure that each one works effectively by itself and with other services. An ATM's new stamp-dispensing service may work well by itself, but if it hasn't been tested with other services, it may interfere with subsequent transactions, such as withdrawals.
Service-transition processes balance the need for stable operations with stakeholder and customer requirements for innovation and change.
The rubber meets the road in Service Operation, where customers begin to receive value. When services are up and running, make sure that they continue to provide value to customers. Service Operation describes several best practices to ensure this outcome while you deal with balancing factors such as quality of service versus cost of service.
Service Operation describes five key components:
Event management: An event, according to ITIL, is a change of state that may indicate that something has gone wrong. An ATM machine experiences an event when it runs out of paper and can't generate a receipt, for example. This event is noted, and it may lead to an incident or problem (discussed later in this list) or even a change in the system. The essence of event management begins with noticing these changes of state, and it continues with filtering and correlating to isolate the events that you must address to maintain agreed-on service levels.
Event management is a critical bedrock operational process. Without event management, you're relying on customers or staff members to notice events. Detecting events before customers discover them − and before agreed-on service conditions are breached − helps control both the quality and the cost of service.
Incident management: An incident, according to ITIL, is an unplanned interruption in an IT service. The purpose of incident management, then, is to restore the service. When an ATM runs out of paper, for example, the incident management follow-up may be to call suppliers that can install the receipt slips at the ATM machine. You need to detect, log, analyze, resolve, and close all incidents. You need to record all incident activity because the record provides a basis for problem management analysis (discussed later in this list).
Request fulfillment: According to ITIL, a request can be for a change, information, or access to an IT service. This request can come from any user. In the data center servicing deposits and withdrawals at an ATM, for example, a request may be made for a report detailing ATM activity.
Problem management: A problem is a condition with an unknown cause. If someone takes $100 out of an ATM machine and is debited $200, for example, ABC Financial needs to investigate this problem. Problem management studies past incidents and other information to identify opportunities to prevent future incidents. By analogy, if incident management is a firehouse responding to fires, problem management is the city planner's office, which studies all past fires and makes change requests for new city ordinances to prevent future fires.
Access management: Access management ensures that information is provided only to authorized users. Only properly identified users with proper access authority can see client activity at a given ATM machine, for example. Access management also addresses entitlement management, which ensures that users have access to services that they're entitled to access and prevents them from accessing services that they aren't entitled to access.
You can run as many services as you want, but if you aren't monitoring those services to maintain and improve them, chances are that you won't be successful. Remember those KPIs that we discuss as part of developing your strategy (refer to "Book 1: Service Strategy," earlier in this chapter)? Well, Continual Service Improvement describes how to collect and analyze this information via a seven-step improvement process that puts these KPIs into practice. Additionally, the book provides information on the following aspects of service improvement:
Service measurement: The section provides guidelines on monitoring and measuring your services.
Service reporting: This section provides guidelines on the kinds of information that you should present in reports to help readers understand how well the service is performing. The reports can also help you predict what issues the service may face in the future.
Continual Service Improvement also discusses several important tools and techniques for measuring and improving both processes and services.
As we mention earlier in this chapter, you can't simply load ITIL onto your computer and claim a service management victory. ITIL is about technology, people, and processes. If you leave any one of these ingredients out of the mix, there's a good chance that you'll fail. We discuss how to get started implementing a service management strategy like ITIL in the next two chapters. But before we do, we want to point out some practical considerations regarding implementing ITIL.
Surprise! Industry pundits have noted some major failures by organizations undertaking ITIL implementations. You certainly don't want to have one of those failures. In most cases, failure is due to the fact that organizations jump onto the ITIL bandwagon with unrealistic expectations and unclear goals. Here are a series of questions you should ask about your company before embarking on ITIL:
Do we have well-defined business drivers?
Do we have well-defined business requirements?
Have we set our priorities?
Have we thought about the right-size project to get started with?
Do we have committed sponsors?
Does good communication exist between business and IT?
Do we have effective project management capabilities?
Have we thought about governance?
Do we have good vendor relationships?
Aside from the five core ITIL books and a willingness to succeed, companies should consider the assets and skills they have at their disposal. Successful companies also need to have prioritizing and diagnostic techniques to help plan and assess where they are and where they want to be with ITIL. In addition, they need an improvement approach and a governance model. Rather than focusing on implementing ITIL, organizations should focus on implementing business-driven service management improvements.
It's best to implement service management improvements with clearly defined phases and milestones − and not bite off more than you can chew. Some companies have found it beneficial to work with outside experts to help them get started in ITIL. These experts can help educate the team, find out where the organization stands in terms of ITIL, and provide tools and techniques to help with the ITIL journey and ITIL goals.
The first book in the ITIL V2 library is Planning to Implement Service Management. The first book in the ITIL V3 library is Services Strategy. The International Standard for Service Management's ISO/IEC 20000 says, "Service management shall be planned." The first best practice for service management is clear: Start with strategy and a plan for how you'll produce business value through service management improvements.
Sometimes in service management, "Is it ITIL?" discussions get more attention than business objective discussions. Deploying a best-practices framework should be about business objectives, leveraging ITIL, and anything else that's appropriate to help you achieve your goals, such as some of the other standards we mention in Chapter 4.
Any organization can use ITIL, but no organization should use it without considering other bodies of knowledge. ITIL says that taking an integrated approach to leveraging many sets of best practices and standards is itself a best practice.
ITIL documents are accepted best practices for executing service management. Some people call them a "code of practice" for people who perform service management activities.
Following are some other common best practices for service management that integrate well with ITIL (for more information on all of them, see Chapter 4):
COBIT: Provides excellent guidance for a system of management control. Organizations that adopt service management frequently adopt COBIT controls as well.
eTOM: Provides accepted best practices for telecommunications service providers. eTOM gives service providers descriptions of common business processes, which they can use to manage commercial business services. eTOM users also leverage ITIL. ITIL and eTOM users have many common interests.
ISO/IEC 38500: Provides valuable guidance for directing and controlling IT services. This standard, created by the ISO and the International Electrotechnical Commission (IEC), guides directors in approaching the very real and very high business risks and costs associated with IT services. It provides guidance for directing, evaluating, and monitoring the governance of IT services.
ISO/IEC 20000: Provides guidance for the auditable service management practices. Ideally, you use this standard in conjunction with ISO 9001 to provide a standards-based audit of a service provider's service management system.
It's pretty obvious how important service management and a framework like ITIL are to our example ATM machine. A best-practices approach to service management will help ABC Financial decide what services it wants to provide through the ATM in the first place; how to design, build, and implement those services effectively; and how to make sure that it continues to provide its customers value.
An ATM machine isn't just a piece of technology; it's also a system of services that includes people, processes, technology, and information. The ITIL framework provides guidelines to help IT build, operate, and improve the ATM machine so that it meets − and ideally exceeds − expectations.