Automating the Service Lifecycle

Automating the Service Lifecycle

A significant benefit of ITIL V3 is how it aligns IT throughout the entire business enterprise by looking at the IT Service Lifecycle and promoting Continual Service Improvement (CSI).

The Office of Government Commerce (OGC) defines CSI as, "A stage in the Lifecycle of an IT service and the title of one of the Core ITIL publications. Continual Service Improvement is responsible for managing improvements to IT Service Management processes and IT Services. The Performance of the IT Service Provider is continually measured and improvements are made to Processes, IT Services and IT Infrastructure in order to increase Efficiency, Effectiveness and Cost Effectiveness."

As a quick recap of some of the concepts covered in the previous chapters, the primary change from ITIL V2 to ITIL V3 is that the processes defined within ITIL V2 were taken and structured around a Service Lifecycle within ITIL V3 to better align with how business works and to put more focus on service as opposed to separate processes.

Of course, the processes and functions are important, and necessary, but they are secondary to delivering and supporting the services. Under ITIL V3, processes exist to plan for, deliver, and support IT services, making the Service Catalog a key component of IT Service Management (ITSM).

The Service Lifecycle spans Service Strategy, Service Design, Service Transition, Service Operation and CSI and consists of the components shown in Figure 4.1.

Figure 4.1: ITIL V3 Service Lifecycle based upon the OGC model.

Not only does ITIL V3 align IT more closely with how the business is run, it brings with it the great opportunity to use the processes for risk mitigation. Such risks include downtime resulting from problems, regulatory noncompliance, and business processing errors.

Service Lifecycle Management (SLM) drives the organization of IT and how the associated processes interact and integrate with the business. I will highlight some of the ways SLM integrates with the business and improves IT throughout this chapter.

CSI drives the transition from reporting to measuring and optimizing performance and quality. CSI includes establishing and maintaining up-to-date statistics to continually measure key components to improve IT, which in turn improves business by providing such things as improved productivity of end users through more reliable services, innovation of new services that drive revenue or optimize processes, and so on.

These measurements demonstrate clearly to business customers the value of IT. Measurements allow IT leaders to

  • Make the business case for investing in IT
  • Demonstrate the actual value of IT instead of just talking about it
  • Provide verifiable values that represent the overall health of ITSM

IT leaders can implement tools to automate as many Service Lifecycle processes as possible to achieve many SLM benefits, such as aligning the IT portfolio with business needs.

A wide range of not only IT positions, but also business customers, can use SLM tools to measure, interpret and communicate IT business services results. These include such positions as

  • IT managers
  • Consultants
  • IT practitioners
  • Outsourcers
  • Vendors

SLM aims to continually align IT services to changing business needs by identifying and implementing improvements and continually looking for ways to improve process efficiency and effectiveness. SLM also aligns IT services to accomplish better cost effectiveness. Using appropriate tools to automate the processes throughout the Service Lifecycle allows SLM to be more effective.

To demonstrate the wide range of processes performed throughout the Service Lifecycle, and how they can also include risk mitigation activities, consider once more the new employee process within an organization, and the multiple tasks that must be performed for a new employee to become a fully functioning member of the organization.

Service Strategy

Before you can define what represents acceptable quality IT service, you must first completely understand the business process of establishing a new employee within the organization. Interview the key stakeholders for this process, and thoroughly document all the involved activities. When you have a good understanding of the process, ask the applicable business leaders what they want and need from IT services to make the new employee process as useful and efficient as possible. These needs will vary by geographic location, department, job role, and so on. There are also growing numbers of compliance issues to consider related to job responsibilities and applicable laws.

It is also important to understand what the organization itself needs to accomplish when bringing in a new employee. For example, is it important to have all the new employee tasks accomplished within a week? 72 hours? 24 hours? Does it depend upon the position and role that the new employee is taking? Does the service you are creating need to accomplish the involved tasks more quickly than the service you are replacing?

Now identify the IT services that need to be involved with bringing in a new employee. This process will typically include financial services, facilities management, benefits administration, and network services using IT service portfolio management. ITIL V3 enables IT leaders to accomplish disciplined IT budgeting, value analysis, services documentation, and demand management that will be necessary for new employees.

Using ITIL V3 processes for establishing new employees within the enterprise can also reduce many risks related to budget errors and the related cost overruns. For example, these processes can reveal if the new employee salary and benefits package, and necessary IT resources, are going to fit within the available budget. Using tools to automate the creation of this information using the ITIL V3 Service Strategy concepts that link the Service Portfolio will align IT with the business need. Managing IT services demands will allow for an appropriate supply and demand balance to be established within the existing infrastructure capacity and allow for future new employee requirements. As an example, if the business wants to increase the workforce by 25%, you need to ensure that the IT infrastructure and accompanying IT portfolio can support that amount of user growth. You can make use of tools created to support ITIL V3 to automatically see the results of different scenarios.

Service Design

Now that you have thoroughly documented the necessary new employee services within the IT services portfolio, you need to create the designs and blueprints for the related processes and workflow to support the new services. During this phase, you will need to address issues such as infrastructure capacity management, availability management, service capacity management, continuity management, information security management, supplier management, service catalog management, and compliance management.

Most IT leaders are already quite familiar with all these processes. However, historically, these processes have been completely separate from each other and handled by different teams. By using ITIL V3, these processes will be performed in an integrated way with not only each other, but also within the business units.

This coordination, automated where possible, can eliminate the risks related to isolating the services and result in lowered costs and fewer delays and business disruptions. The real risk is in the isolated IT functions. The service lifecycle approach ensures that all personnel filling all IT functions clearly understand their roles in the delivery and support of IT services. Automation ensures processes, that are often overlooked when done manually, are followed and that risks are correlated with events. Automating routine tasks also improves reliability and delivery time.

Using the ITIL V3 Service Design processes, organizations should experience a clearer, documented understanding of business requirements by the IT area, Service Level Agreements (SLAs) will be better enforced, and asset management will be more disciplined and consistent. For example, you will be better able to ensure high availability, reaching the "four nines" goal that IT organizations typically strive for. As another example, as a result of better design, down the road when you are performing network capacity management, you will be able to better identify the amount and type of non-business network traffic, such as music files, streaming video, and other multimedia files that employees often want to download and then better control it.

The service catalog plays a major role in service design. A service catalog identifies the IT services that can be provided during service design. Each entry in the catalog describes an IT service that is a collection of related business processes. Thus, when you are establishing a new employee service, necessary business processes could include accounting and payroll, benefits administration, and network access authorization. Effective Service Catalog Management is critical for ensuring all business areas can have an accurate and consistent view of all IT services, along with their corresponding details and status.

When IT leaders improve ITSM, it will reduce the risks of having downtime, which of course takes time away from business processing and damages the view business customers have of the IT area.

Availability is often expressed numerically as the percentage of time that a service is available for use. "Four nines" generally means that a service or system is available 99.99% of the time.

Service Transition

Once the new employee services have been well-designed and documented, you need to prepare and plan to integrate the new services within the IT enterprise environment. ITIL V3 describes processes that IT leaders can use to effectively perform the change and configuration management activities necessary to ensure the readiness of the technical, operational, and strategic infrastructure to receive the new services. There may also be services that need to be updated or even removed. For example, if part of the new employee service involves establishing electronic time cards, there will likely need to be changes made in the existing employee time management service, or perhaps it will be replaced completely.

During this phase, IT leaders will need to determine and document such decisions as the positions responsible for the changes, the risks involved with making the changes, the return on investment (ROI) of the change, and the security risks created as a result of the changes. By documenting these important decisions, as recommended by ITIL V3, IT leaders will ultimately clarify all the implications related to the changes.

This third phase of the Service Lifecycle identifies and addresses some of the biggest risks associated with moving an IT environment from a steady state and injecting new, technical, operational, and strategic processes. This phase creates a well-documented, well-disciplined, and comprehensive change, configuration, and release management process that delivers transparency, reducing unauthorized changes that could disrupt business systems. In reality, there will still be unauthorized changes, especially in large, complex networks. However, the percentage of unauthorized changes decreases significantly with automation. Automation also supports the quick detection and reconciliation of unauthorized changes.

Service Transition also allows the IT team members to have a thorough understanding of the resource demands for the involved systems and process changes. For example, you will be able to determine whether new assets or human resources are needed to support the new employee service processes. By doing this, you will also support the business value the change was intended to provide.

A complete understanding of the changes that are planned is necessary to accomplish effective change, configuration, and release management. Using tools to automate the modeling, planning, and impact analysis for those changes can allow change management to be much more effective, reducing downtime risks and lessening the costs involved with remediation activities.

After you've effectively planned the changes, they are then put into operation throughout the enterprise. This Service Operation phase will use those newly created employee services as part of normal business processing. Using ITIL V3, the Service Desk will be the single point of contact for customers who need technical help. Why? To effectively, centrally, and consistently address issues and eliminate the confusion, chaos, and inefficiency of trying to have multiple areas and persons trying to resolve the same issue at the same time.

Service Operation

The new employee systems are now in operation. If any issue or event occurs with any aspect of the new employee service processes it will be reported to the Service Desk. The Service Desk will create a log and report the incident into the appropriate systems, which will notify the appropriate personnel to resolve the incident. Incidents and potential problems will be tracked and, when closed, there can be follow-up to determine customer satisfaction regarding how the processes were handled.

The goal of using the ITIL V3 processes that put the Service Desk at the center of problem resolution is to reduce the risks of interruptions to productivity by managing problem resolution centrally within a complex IT environment. This phase also includes processes such as request fulfillment, incident management, problem management, and access management. As an example consider once more the new employee service; the system will notify the Service Desk to create a new user account through the request management process (which includes access management), along with establishing the access capabilities appropriate for the position the new employee will fill. The Service Desk will then notify the appropriate business manager when these tasks have been completed. Using automation to perform this notification will help to ensure it actually takes place and does not get lost in the long list of other to-do's that the Service Desk is working on fulfilling.

CSI

The CSI phase will allow organizations following the ITIL V3 practices to continually evaluate and improve the quality of IT services, and consistently advance the maturity level of the Service Lifecycle.

With regard to the new employee services, there may be a point in time that the business leaders determine that, while the new employee services provide business value, there are areas where the value can be improved. For example, the new employee service may have reduced the amount of time to incorporate a new employee into the business infrastructure from 8 to 4 days, but business leaders may determine that it really needs to have all the new employee service tasks completed within 2 business days.

IT leaders will need to determine, first of all, if this goal is possible to achieve. Then, if it is possible, they will need to identify the process and workflow changes that must occur to achieve this new service goal. The CSI phase considers all the issues related to service innovation and delivery.

This final stage of the ITIL V3 Service Lifecycle aids IT leaders in sustaining and improving the efforts in the other four phases. It includes examining and providing direction for service level management, along with ensuring the most appropriate design and creation of SLAs, and using realistic measurements to assess service delivery quality while achieving consistent service improvement.

Another valuable use of CSI is in prioritizing the service portfolio. IT has to operate within budget constraints, and CSI provides the opportunity to assess the costs of new and existing services and to negotiate future service offerings. This is important in that CSI provides IT with the tools, including financial analysis and business use, to work with the business and ensure the right services are provided at the right costs.

Possibly the most obvious reason to implement ITIL V3 is to noticeably and measurably improve service delivery and reduce the risks that lead to not meeting SLA requirements. SLA performance naturally tends to deteriorate over the time of total service delivery, so the CSI phase is very important to maintain business customer confidence in IT capabilities and to help prevent the hostility and suspicion that often develops between IT and the entire customer base over time if IT leaders do not pay attention to quality and SLA performance. Successfully integrated into the enterprise, ITIL V3 will help reduce a number of business and IT risks.

Automating IT

Of course, there will always be a need for humans to oversee and manage IT to ensure it is effective and successful. However, growing numbers of tools are emerging that can assist IT managers with providing smooth operations throughout the enterprise.

Automating as many of the IT processes and operations as possible has many benefits. It eliminates manual labor-intensive tasks that have historically taken significant amounts of time and resources to accomplish. It also helps to eliminate ad hoc, error-prone manual activities, replacing them with consistently followed and vetted procedures that are performed in a fraction of manual time. This consistency and time savings results in IT shops drastically lowering the daily cost of IT operations. This cost savings can then allow you to shift resources to more strategic IT initiatives to support business growth and innovation.

ITIL typically operates on the process level. A Service Desk can help automate the processes around incident, problem, change, and configuration management. Task automation can also be beneficial to the Service Desk. For example, pushing new software onto a server is part of the release and deployment process, but what is more important in this case is the actual task automation associated with software distribution.

If an organization can do it, it is most effective and efficient to use an integrated solution to automate the IT processes throughout the enterprise. Being able to drive change across applications, servers, networks, storage, and clients from an integrated approach not only is more efficient but also allows for a federated Configuration Management System (CMS) to be employed. A CMS enables reporting, reducing the costs and risks that accompany changes, while providing a way to efficiently administer comprehensive audit and compliance capabilities.

The configuration management database (CMDB) provides a way to understand component relationships. By providing a repository for the configuration records throughout their entire lifecycle, the CMBD supports all other activities within the service lifecycle.

Organizations typically automate in the areas where there is the greatest pain, such as in servers, networks, clients, and storage. Management of these disparate areas can be brought together by orchestrating whole service automation. To be successful, it is best to use an incremental approach for implementation.

According to a 2007 survey by industry analyst firm Gartner, the top two priorities that businesses expect IT to support are improving business processes and controlling enterprise-wide operating costs (Source: Gartner EXP, February 2007).

The reality is that most IT leaders are challenged with performing processes and executing tasks most cost-efficiently, more quickly, and with less resources throughout the enterprise using their old, outdated tools and clinging to ad hoc inconsistent procedures that are becoming more outdated each day as IT environments become increasingly complex. The complexity has snowballed and emerged often as a result of decentralized proliferation of disparate IT systems and applications, compounded by multiple types of servers, software, network components and devices, and a hodgepodge of storage devices. Even with more centralization, complexity will continue to increase as a result of the rise in composite applications, service-oriented architectures, and the addition of a new abstraction layer that has a more dynamic relationship with virtualization.

Automating IT processes and tasks allows IT organizations to more directly align their objectives with business objectives, such as cost reduction and innovation as well as increased importance, compliance, security, and privacy. Using the right tools for their organizations, IT has the potential to:

  • Automate most, perhaps all, IT operations across the complete enterprise infrastructure— including clients, applications, all types of servers, networks, storage, and software. This will allow IT staff resources more time to focus on strategic and innovative initiatives to help drive growth for the business.
  • Coordinate changes across systems and teams using tools that allow IT to automate complex changes that cross multiple infrastructure tiers and automate audit trail creation. Creating audit trails is critical for supporting compliance and security, and particularly important for processes that impact financial reporting, security, and privacy.
  • Record and manage configuration updates throughout the infrastructure and applications. Automating these updates supports compliance by ensuring the configurations—such as for appropriate access controls, login parameters, and so on—are kept at the appropriate settings.

Historically, IT leaders managed the enterprise infrastructure around legacy systems. Certainly legacy systems that are still viable and being used must be an important part of the IT management equation. However, managing in a legacy manner is no longer effective. The IT management practices of 5, 10, and more years ago, where systems and applications were managed in independent silos, no longer work for today's complex enterprises. Old ways are too static, take too long to execute, and create unacceptably long systems development lifecycles. IT leaders must establish processes and procedures that are integrated throughout the enterprise to provide more dynamic, agile, business-focused results.

Automating the Service Desk

Consider one of the most labor-intensive areas within the enterprise: the Service Desk. Effectively automating Service Desk processes allows IT to continually monitor, measure, and improve their value to business while increasing the efficiency of IT service delivery.

Figure 4.2: Service support processes.

Historically, the Service Desk did almost all activities manually. Having multiple members of the Service Desk often meant there was multiple differing types of information provided to business customers calling in to report problems, incidents, request changes, and to ask for information.

ITIL enables standardized Service Desk activities with processes that can be consistently followed by all Service Desk personnel. By using tools to automate as many of the Service Desk activities as possible, not only can the Service Desk's staff time be utilized more efficiently, automation allows for many of the traditional Service Desk activities to be completely automated so that the Service Desk personnel aren't directly involved with each call. As Figure 4.2 shows, automated Service Desk tools can allow business customers to directly interact with the tools to do such things as request changes and report problems and incidents.

Key elements of Service Desk automation include automatically identifying the correlation of events with services, isolating the cause, and identifying the priority of incidents when they are created. Automating incident management ensures the right people are assigned to the tasks and that the priority of their work is based on business impact. Automating incidents can also mean that outages or performance degradations are resolved upon detection, without the intervention of a human, and that all related information is captured for reporting.

Automating the problem management process includes predictive analysis to identify problem areas, and potential problem areas, and eliminating the underpinning root cause. Root-cause analysis helps IT managers to determine the availability status of any particular service based upon data that has been entered and collected by any one of the components shown in Figure 4.2.

ITIL V3 clearly establishes the relationships between Problem Management and Incident Management as they occur within the Service Lifecycle. The Service Desk is responsible for documenting, tracking, and closing incidents. Automation not only supports these responsibilities but they make them more efficient and timely. Using automated root analysis tools, the Service Desk can also close an incident following proper classification of an event based on its root cause. The Service Desk must concurrently juggle all the issues of availability, problem and incident resolution, and tool implementation—the automation of these activities makes the Service Desk more agile and successful in performing this juggling act.

Automating Event Management

Consider Event Management as a variation of Network and Systems Management. NSM also includes monitoring the performance of the devices and systems. If a performance threshold is crossed, an event can be generated. In ITILv3, this is performed by the IT Operations

Management function, which performs the day-to-day activities necessary to manage IT services and support the IT infrastructure.

Automating Event Management provides just as many important benefits as the previously discussed Service Desk automation, and in fact is used to support Service Desk functions. Correlation, root cause analysis, problem isolation, and service impact analysis are all examples of the types of activities that can be automated within Event Management to realize great business benefits.

Event Management is important for meeting SLA requirements throughout all the business units (BUs). Different BUs could have different service levels for the same business service. For example, the Financial Services BU will have a more critical need to access the accounting applications and related IT services than will the Marketing BU or the Legal Services BU. This is a classic use case for a CMDB combined with Discovery and Dependency Mapping (DDM). Event Management tools can automatically prioritize where these accounting applications and systems must be made available, and ensure, when bandwidth is limited, power outages occur, or network gridlocks arise, that the Financial Services BU is given first priority for obtaining access to them.

Effective Event Management activities and best practices should be based upon an understanding of the full spectrum of the business processes for all the Service Lifecycle phases at both the IT and business levels.

The primary focus for Event Management should be to provide quality Business Process Monitoring (BPM) for all the mission-critical business processes.

Coordination of business processes throughout the enterprise, and across relevant event lines, is a key component to effective Event Management. The events are typically triggered by another critical event and usually are not performed according to a strict timeline.

This is quite different form traditional IT processing, which usually follows a long-established dataflow-based model for managing business processes. Following ITIL V3, and using automation, a real-time event reaction and notification-based type of management can occur.

That said, it does not mean organizations no longer need to use dataflows. Of course dataflows are still important to the business, and they must be documented wherever data is collected, accessed, processed, and stored. This documentation is vital for performing many BU-specific processes in addition to supporting information security, privacy, and compliance requirements.

In fact, Event Management tools are often used for risk management and internal controls. These Event Management processes can provide the information security and compliance areas with customized workflow notifications and document how regulated information is shared in a secure environment with clear audit trails.

Documentation is a very important, but often overlooked, component of regulatory compliance.

Automating these Event Management processes in such a way that they integrate with the Information Security Management (ISM) key activities—such as misuse of IT assets, remote access to critical files, and so on—will provide the documentation that your regulatory auditors will like to review.

These tools can also support audit controls, allowing documentation for when a process has been certified by each process owner as possessing adequate internal controls. This documentation should include such compliance data as the dates and results of the previous audit, increasing the accountability of each process owner.

Event Management automation tools provide compliance support for the Sarbanes-Oxley Act (SOX) sections 404 and 409.

Automating Discovery and Dependency Mapping

CMS and CMDB discovery and dependency mapping automation can provide great value and support for IT business services. A large number of organizations have hundreds, or even thousands, of changes made daily in many situations. Despite this, organizations still heavily rely upon manually created processing maps to understand the relationship between business services, supporting applications, and the underlying infrastructures. This often leads to errors in addition to being highly time consuming.

There are tools on the market to automate discovery and dependency mapping to provide a realtime view of the dynamic relationships between applications and the underlying infrastructure. Tools can help IT leaders to maintain truly current topology maps to enable quick assessment of the business impact of IT processes. By automating discovery and dependency mapping, IT leaders can not only reduce the costs and mitigate the risks of managing new and updated business services, they can also determine when unauthorized changes have been made. They can then use release automation to revert those changes back to the desired state.

Automating Release and Deployment Management

There are now a large number of Release and Deployment Management tools and solutions that can be used to automate these processes, associated tasks, and manage them more efficiently. These tools can automate the tasks that need to occur across servers, within the clients, in storage locations, and throughout the network devices.

The combined set of Release and Deployment Management tools are commonly called Data Center Automation tools and, depending upon the specific targets, Server Provisioning or Software Distribution tools.

Tools can be used to automatically:

  • Maintain system and device configurations and files at a known good state
  • Work in combination with the Service Desk during change management processes
  • Minimize the changes and problems created by various daily business activities by performing common release control capabilities
  • Work in combination with Event Management Systems and the Service Desk during incident and problem management processes to perform basic remediation
  • Identify and correct security vulnerabilities and policy violations.

Use Case Examples

When learning a new framework, such as ITIL V3, it often helps to see how it fits in with real business by looking at some practical use cases. The following examples highlight possible use cases.

Change Management

An important requirement within regulations is having appropriate access control and change management processes in place. This can be seen within the Sarbanes-Oxley Act (SOX) requirements. The Control Objectives for Information and related Technology (COBIT) is widely used by internal and external IT auditors as an evaluation framework for ensuring SOX IT process controls.

ITIL V3 provides a well-constructed change management process that aligns nicely with COBIT. COBIT provides 34 controls and 318 different control objectives, all of which no IT shop will need to implement. Possibly the most important are those that apply to Change and Configuration Management.

By combining ITIL V3 and COBIT, IT will see many compliance benefits with regard to Change Management:

  • Optimal use of limited IT resources to ensure consistent Change Management activities
  • Documented processes that can be validated and audited
  • Logs generated that provide the change and access activity audit trails required by not only SOX, GLBA, and Fair and Accurate Credit Transactions Act (FACTA), but also many other laws and regulations

Cross-Organization Release

Businesses are rightly and increasingly concerned about improving their agility to perform. The disruption historically caused by new application and systems releases through the enterprise and across multiple organizations can negatively impact this agility and cost valuable time within a wide range of business activities.

Consider releasing an updated version of your organization's email system. Assume that all personnel are heavily dependent upon using email throughout the day to perform their job responsibilities, not only for communicating with team members and internal business customers but also for communicating with external customers. This is a radical reorganization of the email system that will take a long time to deploy but must be done without interfering, as much as possible, with the business customers during the release time. What would the impact be if email capabilities were not available throughout the day?

ITIL V3 Release Management concepts and associated processes to automate the activities can help to

  • Deliver the email changes faster than it did before a structured and integrated approach was implemented
  • Release the updates, with minimal staff resources, by using automated tools during times that cause the least amount of business disruption
  • Integrate with Incident, Problem, and Change Management processes to quickly and automatically roll back the release if issues are encountered

Incident Management

Managing incidents has often been the bane of the existence for IT managers. The incident response activities were often ad hoc, carried out in confusion, largely uncoordinated, and caused huge swaths of unavailability for critical applications and systems throughout the enterprise.

Because of this high visibility and business impact within the enterprise, Incident Management is often one of the first processes that are rolled out within an organization. Primary benefits of automation can include:

  • Automatic generation of incidents reports by the Event Management systems can lessen resolution times.
  • Automation of the incident management process workflow by the Service Desk make incident management more efficient and comprehensive.
  • Depending on incident resolution, the incident can automatically be closed and the response sent back to the event process, or the incident can automatically be escalated to Problem Management.

Important secondary benefits of Incident Management automation, which your Information Security area will view as very valuable, include:

  • The logs automatically generated by Incident Management tools can provide valuable help in resolving security-related incidents more quickly and effectively.
  • Using Incident Management tools automatically creates valuable documentation that can be used for forensic investigation when necessary for incidents.
  • Automatically generated Incident Management activity data supports compliance with a wide range of laws and regulations.
  • Integration of the Service Desk and ISM is a key factor for successful Incident Management for security-related events. Neither can be efficient without the other.

Large-Scale Changes

If you need to make changes across literally thousands of devices, you can use ITIL V3 Release Management concepts and associated processes to automate a wide variety of activities:

  • Make mass configuration changes
  • Make multiple software updates
  • Enable bare-metal provisioning
  • Launch ACL deployments

Maintaining Compliance

Automated configuration, or the combination of automating configuration and release management, can support compliance remediation and enforcement and provide valuable audit trails and compliance reports. Making the decisions for the right automation tools can allow for:

  • Creation of preconfigured reports for the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) Data Security Standard (DSS), and other types of reports
  • Enforcement of best practices and standards, such as ISO/IEC 27001 and COBIT

Fast and Automatic Remediation of Many Types of Compliance Settings

Speaking of compliance, automating as much of the processes as is practical throughout the Service Lifecycle phases can help to ensure the organization is in compliance with a wide number of regulatory, contractual, and policy-based requirements—not only to meet compliance but also to quickly identify when non-compliance results from changes, problems, or other events, and then automatically re-establish the appropriate and compliant settings.

For example, many laws and regulations require IT administrative activities involving changes to password settings and access controls to be monitored and logged so that appropriate oversight groups can review the changes and inappropriate activities can be identified. Automated tools can be used to ensure IT administrative account logging settings are not only set appropriately but also can be used to immediately return the settings to the compliant value in case they are turned off during changes, new releases, problem resolution, or some other ITSM process.

Key Benefits of ITIL V3

Throughout this guide, I've pointed out many benefits of using ITIL V3, not only to IT but also to the business as a whole. The primary benefit is that IT leaders can use ITIL V3 to break down functional IT silos and deliver positive business outcomes.

ITIL V3 offers a set of holistic, well-documented best practices for managing enterprise processes and tasks in a business service-oriented manner. IT leaders can use these best practices to map IT to the business. Although earlier ITIL versions described distinct and separate IT silos, ITIL V3 directly helps IT leaders to navigate throughout all IT services in a way that aligns closely with how business is actually run. ITIL V3 helps IT leaders to run IT like the business they are supporting. There are business and IT values for using ITIL V3.

To wrap up this guide, it is worth reviewing and summarizing just a few of the wide array of ITIL V3 benefits and ways in which organizations can use tools to automate the associated processes.

Business Agility

ITIL V3 processes, properly implemented, provide the ability to roll out changes more quickly and efficiently, reducing IT support costs and complexity. This improved efficiency improves business agility and customer service. ITIL V3 provides BPM concepts that enable organizations to meet automation, efficiency, and regulatory requirements rapidly and efficiently resulting in improved business agility.

Within "On the Measurement of Enterprise Agility" (Journal of Intelligent and Robotic Systems 33: 329–342. 2002), Nikos C. Tsourveloudi and Kimon P. Valavanis define "business agility" as "the ability of a business to adapt rapidly and cost efficiently in response to changes in the business environment. Business agility can be maintained by maintaining and adapting goods and services to meet customer demands, adjusting to the changes in a business environment and taking advantage of human resources."

IT to Business Alignment and Integration

One of the ways ITIL V3 helps organizations to achieve seamless integration is by promoting a lifecycle approach to IT service management, from an overall perspective of service strategy to service design, service transition, service operations, and CSI. This integration has the effect of making the IT information business-aware. When IT has business-aware information, they are more aligned with business, and they will be able to most quickly and efficiently take the appropriate actions to address IT problems that most significantly impact mission-critical business functions. Automating as many of these actions as possible will allow these actions to be performed automatically as a response to events according to pre-established rules.

As an added bonus, this automatic response will reduce the time to full recovery of the IT services and workloads, which enables proactive management of the business network and raises the maturity levels of the Problem Management, Incident Management, and Event Management processes. IT is then not only better aligned to business, it truly becomes integrated with business.

Business Applications Support

ITIL V3 can help you map how your IT processes support business applications, identify key intersections where data passes from one process to another, and allow you to find choke points as well as generate flow data for key metrics. ITIL V3, coupled with supporting automation tools, can be used to assess business applications components to determine whether processing is consistent, identify weak spots in the processing flows, and improve applications performance. The shared operational perspective across different stakeholders and enterprise services is indeed a great benefit for BPM architects.

Improved Deployments and Upgrades

ITIL V3 concepts and associated automation tools can be used to automate the deployment and ongoing management of software such as operating systems (OSs), applications, patches, content, and configuration settings from one point of control. This centralized control results in more efficiency, agility, and compliance. Less staff resources and reduced deployment time results in reduced management costs, faster deployment services, fewer business disruptions, and stronger security and compliance across the enterprise by having continual policy enforcement.

Improved IT Efficiency

The knowledge and information obtained from the wide range of data sources that are used within ITIL V3 can be used to create a valuable IT infrastructure information library. Automating this information collection frees up staff to do other important business activities, along with reducing the time it would have taken to manually perform this information collection and management. Business customers can then access the service catalog or information about knowledge management processes and obtain the best and most current answers to their relevant questions. Keeping information about the IT infrastructure up-to-date results in providing consistent information for the business, along with more efficient use of IT staff time.

ITIL V3 also results in more comprehensive and accurate information and knowledge of the state of IT business services. This up-to-date knowledge helps maintain smoothly running business services and can result in reduced costs and increased efficiency and productivity. Good information and consistent knowledge level-sets numerous IT groups and allows them to operate in a unified manner, better addressing the needs of the business.

Supports Compliance

ITIL V3 supports compliance efforts with a very wide range of laws, regulations, and industry standards, in addition to providing an effective way to enforce compliance with contractual requirements and enterprise policies. Using tools to automate the ITIL V3 processes throughout the entire Service Lifecycle can generate data that provides valuable documentation to support and validate compliance activities. Additionally, systems settings required for compliance can be monitored, corrected, and enforced.

IT Automation

The processes within the ITIL V3 Service Lifecycle, properly applied, provide valuable data and information to enhance IT business service management. By using tools to automate appropriate portions of these processes, knowledge management capabilities are enhanced and made more timely, comprehensive, auditable, and valuable. The information generated through automation can do such things as capture the business requirements and validate they are being followed, maintain an up-to-date IT information library, and find the causes for problems among thousands of network and application data variables. IT automation can be critical for helping disparate IT groups operate on a level playing field and take actions in a unified manner to best meet the needs of the business.

IT Consolidation and Centralization

ITIL V3 provides for consolidated IT services to help organizations rationalize all IT processes and meet the requirements of SLAs throughout all the business enterprise. Using tools to automate processes can centralize IT asset information, allowing IT leaders to track all relevant activities and costs throughout the entire service lifecycle, from request and procurement to retirement and disposal.

Tools to automate ITIL V3 processes can allow IT to manage the physical, financial, compliance, and contractual aspects of all IT assets, across the geographically dispersed enterprise, individually, and as part of the business services they support. This centralization and automation also enables cost optimization, IT services chargeback, enhanced security, tracked compliance, risk mitigation, and more effective IT asset management.

Key Performance Indicators

Using ITIL V3 concepts, and implementing tools to automate the associated processes, can allow for a wider range of more accurate metrics to serve as key performance indicators (KPIs). Choosing applicable KPIs will allow the business customers to validate that IT understands the business use of the services in addition to measuring how well IT actually supports business.

SLAs that establish KPIs help to ensure IT and the business customers have shared expectations for the IT services that are delivered. The SLAs provide an avenue for ensuring measurements and regular reporting for IT service activities and status is established. The chosen KPIs will help to ensure measurements that support business value are created. Using tools to automate as many of the KPIs as possible will allow them to be generated consistently and accurately. A few examples of the possible types of KPIs include

  • Availability, measured in minutes or hours per day, of mission-critical services, systems, applications and so on. Automated tools can improve monitoring effectiveness and result in more useful and comprehensive reports regarding service availability.
  • Numbers of errors and failed changes discovered during the incident management lifecycle.
  • Numbers of service level violations by services, systems, and applications.
  • Numbers of mission-critical business services monitored 24 × 7.
  • Errors removed from the infrastructure.
  • Numbers of failed changes.
  • Reduction of the average time to repair problems, sorted by priority order.
  • Improved escalation times.
  • Reduced numbers of urgent and emergency changes per business unit.
  • Reduced numbers of major incidents.

Overall Improvements

In addition to the previously mentioned benefits, ITIL v3 enables:

  • Process Standardization—ITIL V3 can be used to standardize the IT processes throughout the enterprise. Automating these processes can increase IT efficiency, especially as the network processing environment scales larger and becomes more complex. Focusing on automating and completing the change process not only enforces configuration management policies but also enables compliance, improves security, and establishes clear accountability for IT personnel involved with the processes.
  • Virtualized Blade Infrastructure Management—ITIL V3 is a key enabler for managing virtualized bladed infrastructures. IT leaders can use ITIL V3 tools to automate release and deployment across the entire data center that uses virtualization.
  • Faster Restoration of Service—ITIL V3 processes and tools can be used to automate remediation and closure of the incident and problem management processes. RBA enables these restoration capabilities.
  • Improved Compliance and Security—Comprehensive ITIL V3 Service Lifecycle solutions and automation tools support business in many ways throughout the enterprise: •     Providing verifiable documentation and compliance logs for audits
    • Establishing and maintaining a comprehensive and up-to-date data inventory
    • Establishing and enforcing access control
    • Monitoring, in real-time, systems security activities
  • Communications—Tools to automate ITIL V3 processes enable improved and consistent communications between the diverse teams involved with the entire lifecycle across the enterprise.
  • Provides Bottom-Line Benefits—Using tools to automate appropriate ITIL V3 processes provides bottom-line business benefits for business service transactions and business service operations.

Effectively implementing ITIL V3, and complementing the associated phases and processes with appropriate automation tools, will result in improved predictability, reliability, accountability, risk reduction, and compliance throughout the IT infrastructure and bring measurable value to the business.