ITIL Overview and Challenges

Most organizations are dependent upon IT to meet their business goals and to fulfill business processes. This increased dependency has led to more diverse systems and applications within the enterprise, with many of the components highly decentralized and/or highly specialized. This diversity has created a complex business-processing environment. IT complexity makes ensuring business applications and systems availability very challenging.

IT complexity, complicated with frequently changing technologies and always emerging threats, creates many IT service support challenges and problems. Table 1.1 demonstrates the types of situations that often occur within business and the resulting challenges and problems that must be addressed.


Challenges and Problems

Deployments and Retirements

When new systems, applications, and technologies are deployed and old systems,

applications, and technologies retired, problems arise, incidents occur, and changes must be made throughout the enterprise.


When applications are updated, the systems and other applications communicating with them will often also need to be updated.

Budget Cuts

When budgets are cut, existing applications and systems support and/or components must often be removed or their support drastically reduced.

Mergers and Acquisitions

When companies merge or acquire others, existing and diverse systems must be combined and changes must be made to ensure that the applications and systems that support the business keep going.


When companies divest of business units, they must remove those portions of the business from the network in an effective and efficient manner to keep business running efficiently and securely.

New Technology Threats

When new technological threats occur, which seem to be more and more frequently, incidents occur, problems emerge, and changes must be made.

Poor Communication Interfaces

When there is a poor interface between the details of incidents, problem management systems, and error details, problems will not be effectively resolved.

Development Errors that Go into Production

When known errors from the development environment do not get communicated to the production environment, business will experience problems, impacting productivity and often revenues.

Ineffective Change Management Processes

When change management processes consist of an overabundance of disjointed, and often inconsistent, rules and regulations, IT becomes unproductive trying to follow the mess and often gives up following the rules altogether in frustration.

Personnel Reluctance to Change

When personnel are reluctant to adopt new change, incident, or problem management processes, preferring to stay with what they know because it seems to them that is the easier thing to do, the old issues with resolving problems, implementing changes, and responding to incidents are perpetuated, continuing to cost business.

Table 1.1: Example IT service support challenges and problems.

The possibilities are endless. Implementing yet more disconnected processes and procedures alone cannot efficiently address these challenges.

Recently in the U.K., JPMorgan Chase used ITIL to streamline their IT service desk. They have seven sites with more than 700 people that handle 3 million IT service calls per year. In 2004, they merged with Bank One and had to consolidate dozens of IT tools. Before ITIL, four incident-management tools, 14 change-control systems, four knowledge management tools, and 25 request tools were used. After using ITIL to consolidate processes, JPMorgan Chase now has just one incidentmanagement tool, one change-control system, one knowledge management tool, and four request tools. The service desk maintains 93% customer satisfaction ratings and a 75% first-call resolution rate.

Old management styles that were once used strictly within centralized, single-system computing environments don't work in today's highly diverse and decentralized environments. It is easy within such complexity for errors to happen. Even small failures can impact the entire business. A single hardware problem can impact multiple virtual machines. For example, if an event console cannot accurately perform root cause analysis, it could possibly be reported as multiple faults, making it extremely difficult to identify the error to fix the problem.

A High-Level ITIL Overview

During the 1980s, the British government was experiencing numerous IT service problems and related quality issues. The Central Computer and Telecommunications Agency (CCTA), now named the Office of Government Commerce (OGC), was tasked with developing a way to efficiently and cost-effectively use IT resources within public sector organizations. The goal was to create a successful approach that would be independent of any particular vendor. What resulted was the Information Technology Infrastructure Library (ITIL), a collection of the best practices for the IT service industry developed by practitioners, theorists, and researchers. The core ITIL V2 publications include:

  • Service Support
  • Service Delivery
  • The Business Perspective
  • ICT Infrastructure Management
  • Application Management
  • Security Management.
  • Planning to Implement Service Management

ITIL V3 is currently being reviewed and has a reported planned release in 2007.

This guide will look at how the ITIL Service Support processes can be applied to businesses. More specifically, it will explore Change Management, Problem Management, and Incident Management.

Change Management

To most efficiently and effectively handle IT changes, there must be one centrally managed Change Management process. The Change Management process must be integrated throughout the entire applications and systems development life cycle (SDLC). Activities that must be managed to process changes include the following; shown in the order they occur:

  1. Recording—Ensuring all change sources can submit Requests for Change (RFCs) and that the RFCs are properly recorded.
  2. Acceptance—Filtering submitted RFCs and moving those eligible on for consideration.
  3. Classification, categorization, and prioritization—Putting each RFC into the appropriate category and establishing a priority.
  4. Planning and approval—Consolidating the changes, giving approvals, obtaining resources, and involving the change advisory board (CAB) where necessary.
  5. Coordination—Scheduling, development, testing, and implementation.
  6. Evaluation and closure—Determining success and learning from the experience.

ITIL Change Management Glossary

ITIL uses many terms that may not be familiar to those of you new to this methodology. To assist with the discussion of Change Management within this and subsequent chapters, the following list highlights common terms that you will see when ITIL Change Management concepts are discussed:

  • Change Manager—One of the two authorities within Change Management. This is the position that is responsible for sorting, receiving, and classifying all Requests for Change (RFCs).
  • Change Advisory Board (CAB)—The second of the authorities within Change Management. This is a type of consulting group that meets on a regular basis to review, assess, prioritize, and plan changes.
  • Configuration Items (CIs)—IT components and the services provided with them. Examples include computer hardware, computer software, network components, servers of all types, procedures, documentation, and all other components that the IT area controls.
  • Configuration Management Database (CMDB)—Used to track all the IT components, including the version, status, and relationships for each. All CIs are part of the CMDB.
  • Process Scope—This is determined in conjunction with the scope of the Configuration Management and Release Management processes. Determining the scope of Configuration Management is dynamic and can change as associated actions occur and as the information within the CMDB changes.
  • Request for Change (RFC)—This is used to propose a change to any component of the IT infrastructure or any part of an IT service. An RFC can be a document or record used to enter the details, justification, and authorization for the proposed change.

Figure 1.1 illustrates the relationship between Change Management activities.

Figure 1.1: Change Management processes.

Incident Management

Incident Management is responsible for managing all incidents from detection and recording through resolution and closure. Incident Management is reactive. The objectives of Incident Management are to reduce or eliminate the business impacts and effects of actual or likely disturbances within IT services to ensure personnel can get back to work and business can resume to normal as soon as possible. The types of activities that occur within Incident Management include the following; shown in the order they occur:

  1. Incident acceptance and recording—Detect or report an incident and then create an incident record.
  2. Classification and initial support—Code the incident by type, status, impact, urgency, priority, service level agreement (SLA), and so on. Provide temporary workarounds as applicable.
  3. Service request—If necessary, implement the appropriate procedure to request IT services.
  4. Matching—Determine whether the incident is known and if there is a workaround.
  5. Investigation and diagnosis—If a known solution to the incident does not exist, then investigation occurs.
  6. Resolution and recovery—After finding a solution, the issue is resolved.
  7. Closure—If the user is satisfied with the solution, the incident is closed.

Progress monitoring and tracking activities occur after each of these steps. During these activities, the incident cycle is monitored to determine how quickly it can be resolved and whether escalation is necessary.

ITIL Incident Management Glossary

To assist with the discussion of Incident Management within this and subsequent chapters, the following list highlights common terms that you will see when ITIL Incident Management concepts are discussed:

  • Incident— "Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service"
  • Request for Change (RFC)—This is used to request a change to the IT infrastructure or any IT service. An RFC can be a document or record used to enter the details, justification, and authorization for the proposed change.
  • Service Request—A request for a change to be made to an IT service. A Service Request should be made under strict, well-defined procedural controls, making it almost risk free. Examples include establishing a new network user ID and transferring a computer from one department to another.

Figure 1.2 demonstrates the relationship between Incident Management activities.

Figure 1.2: Incident Management processes.

Problem Management

So how is a problem different than an incident? Generally, a problem is an unwanted or undesirable situation that, if not addressed soon enough, can become the root cause of an incident. Problem Management takes the entire IT infrastructure into account, using all available information to identify existing and potential failures in the delivery of IT services.

Problem Management supports Incident Management by providing alternative workarounds and temporary fixes during an incident but does not have responsibility for actually resolving incidents. Problem Management also involves the analysis of incidents and problems to identify trends and then subsequently takes proactive actions to prevent the further occurrence of similar incidents and problems.

The types of activities that occur within Problem Management include:

  1. Problem identification and recording—Identifying known and new problems and performing trend analysis.
  2. Problem classification and allocation—Determining the category, impact, urgency, priority, and status of a problem, then allocating resources for resolution.
  3. Problem investigation and diagnosis—Determining the cause of the problem and linking it to the appropriate CIs.
  4. Temporary fixes—Implementing necessary temporary or emergency fixes to manage known errors until they can be resolved.
  5. Error identification and recording—Identifying the error and then communicating the error to Incident Management if appropriate.
  6. Error assessment—Determining what is necessary to resolve known problems and errors.
  7. Record error resolution—Determining the most appropriate business solution.
  8. Close error and associated problems—Performing a Post Implementation Review (PIR) and then closing the records.

During each of the first four steps, actions are taken to track and monitor the problem, ensuring clear and comprehensive documentation is maintained. Likewise, during each of steps five through eight, actions are taken to track and monitor the error.

ITIL Problem Management Glossary

To assist with the discussion of Problem Management within this and subsequent chapters, the following list highlights common terms that you will see when ITIL Problem Management concepts are discussed:

  • Problem—A description of an unwanted situation that specifies the root cause of one or most existing or potential incidents.
  • Known Error—A problem that has a documented root cause and a workaround.
  • Post-Implementation Review (PIR)—A review that occurs after a change or a project has been implemented, determines whether the change or project was successful, and identifies improvement opportunities.

Figure 1.3 illustrates the relationship between Problem Management activities.

Figure 1.3: Problem Management processes.

The Business Value of ITIL

IT inefficiencies can have dramatic negative impact on business. The following examples highlight potential impacts:

  • Change Management processes can be overly bureaucratic and unproductive. Change Management must consist of more than scarcely followed procedures, rarely attended meetings, and procrastination. Effective Change Management is not just an endless bureaucracy consisting of making sure the "i's" are dotted and the "t's" are crossed. The goal of Change Management is not dealing with a bunch of red tape; it is getting necessary changes made in the most efficient, effective, and business-supporting way possible. • Personnel that circumvent the established processes and procedures can create outages and can make ad hoc rampant changes that are not tracked. Personnel typically consider themselves justified in not following the processes because they view the processes as complicated barriers to getting their jobs done.
  • IT services that do not support good customer service can create bad relationships with customers, resulting in lost business. Most businesses today depend upon IT applications to perform customer service activities.
  • Lack of structured, documented IT service support procedures that do not comply with growing numbers of laws and regulations can result in lost time to lengthy audits and costly fines and penalties. Audits are completed much more quickly, and with many fewer findings and penalties, when IT service support is performed using documented and effective procedures that support the business.
  • IT resources that are not available when necessary to support the business cost the business in personnel time, lost business, and lost opportunity. Organizations today cannot afford to have the IT resources they depend upon for business to be "missing in action."

These inefficiencies and negative impacts can be reduced, and most even eliminated, using ITIL.

Efficient IT Benefits Business

ITIL promotes efficient and effective IT practices, which in turn benefits business. All these benefits help to ensure IT becomes a global, efficient, cost-effective, seamless part of the business enterprise.

Customer Retention

IT services become more customer-focused, making your external customers happier and promoting customer loyalty and retention by reducing IT problems that noticeably impact customers. Agreements about IT service quality also improve the relationships with customers. IT services are more clearly and accurately described, in better detail, and in customer language. The customers who depend upon your IT services as part of the product or service they purchased expect that your organization will put them first when they experience problems. If your IT services are not customer-focused when problems occur, you will quickly find yourself on the front page of international news sites—not only concerning your other customers but also keeping potential customers away.

Improved Quality

IT service quality, availability, reliability, and costs are managed better when properly using ITIL, saving time, money, and resources and resulting in better justification for costs related to IT service quality. There are many factors that contribute to this quality improvement:

  • Documented roles and responsibilities improve the quality of IT service provisioning.
  • Following repeatable, consistent processes that are engineered specifically to support business reduces human errors, resulting in better quality output and outcomes.
  • Quality management systems based on ISO 9000 and BS15000 are supported.

As a case in point, United Space Alliance, the largest contractor for the NASA space shuttle program, implemented an integrated asset and service management system using ITIL. As a result, they measurably improved service quality and efficiency for their 50,000+ hardware assets and 100,000+ software assets by establishing real-time incident, problem, and change management capabilities.

Many organizations are now outsourcing critical IT processes. The IT process structure resulting from ITIL also provides a framework to facilitate more effective outsourcing of IT service elements, allowing the organization to realize better quality from their outsourced vendor. A higher-quality IT service support function brings with it more agile and efficient IT service support, which enhances competitiveness and ultimately improves business.

Greater Efficiency

Commonly used IT processes are better integrated when successfully implementing ITIL. Rework is reduced and redundant work eliminated by centralizing IT processes. Not only does this result in IT processes having improved scalability and consolidation, but the IT area is more clearly structured, more efficient, and better focused on corporate objectives.

Because ITIL is business focused, IT is also better integrated with other business processes throughout the enterprise. Better integration results in an improved utilization of IT resources. Changes within the IT infrastructure are easier to manage. Clearly identifiable reference points for internal communications and external communications with vendors and business partners are created, allowing for the effective standardization of procedures. During mergers and acquisitions, IT installations that may have wide-scale differences are consolidated into one coherent management structure by using ITIL concepts and frameworks.

Better Communication

The use of ITIL concepts produces agreed-upon consistent points of contact within the IT areas. Consistent points of contact within the IT area improve communication. Because of the emphasis of documentation, continuous documented learning occurs from IT experiences, helping to prevent mistakes from recurring. As a result of improved communication, IT services better meet business, customer, and user demands and realize improved performance for the IT service delivery and service support areas.

Measurable Results

Using ITIL, demonstrable performance indicators are created and used to support the business. By being able to monitor and respond to these indicators, mission-critical IT services have improved availability, reliability, and security. The centralization and efficiency impacts result in measurably reducing latency at every stage of the IT management cycle, dramatically reducing costs. Reducing latency improves IT project deliverables and delivery times. Baseline IT metrics and ongoing measurements become part of the business as an effect of ITIL implementation.

How significant are the savings that can result from ITIL? Consider Transporeon, a leading European e-logistics solution provider. Transporeon implemented ITIL and an IT process automation system and improved their IT staff's productivity in addition to reducing their overall maintenance cost by more than 40%. A side effect was freeing key resources to allow for faster response times that increased customer satisfaction.

Better Audit Outcomes

ITIL makes audits easier by having better documentation and up-to-date metrics that the auditors can use instead of having to try to create the metrics themselves based upon numerous and disparate documents. ITIL allows IT management system audits to be more favorable and take less time. Because IT infrastructure and related services are better controlled, fewer audit findings result. Security controls based on COBIT, which auditors overwhelmingly use, are supported. Compliance requirements for the U.S. Sarbanes-Oxley Act, as well as other laws and regulations, are supported by ITIL.

Automation Boosts IT Efficiency

The efficiency of ITIL implementation can be improved with automation. Many critical processes can be automated to streamline business. Automation can be seamlessly integrated using products specifically engineered to complement the ITIL processes.

Good, effective tools allow automation to use the same data model, security model, and other IT models your organization has adopted; it just makes them timelier, more efficient, more consistent, and more likely to be error-free. As a case in point, consider EDS. EDS has one of the world's largest IT organizations. They recently automated more than 65,000 servers across more than 400 worldwide locations in support of their ITIL process. As a result, they reduced costs and improved efficiencies in their IT organization by automating the complete life cycle of business application management and the underlying infrastructure.

The EDS example points out that ITIL can support a global scale of deployment. Automation solutions must be able to scale as large as possible. Automating ITIL processes does not occur overnight; automation must be built-in to solutions.

In addition to supporting more successful and efficient global deployment, automation allows for IT service support and delivery processes to be delivered more quickly, saving huge amounts of time to accomplish tasks and ultimately reducing resource costs involved with performing actions manually. As an example, consider the BNSF Railway. In 2005, BNSF became one of the first companies in the railway industry to deploy an extensive wireless network and automate the management of its complex IT infrastructure.

Prior to automation, the network engineers would log on to each device manually to make configuration changes, taking significant time to accomplish. Automation allowed the BNSF network engineers to securely automate password and SNMP community string management, deployment of access control lists (ACLs), and configuration change tracking. Now, BNSF pushes out changes as a batch and they use an automated policy compliance manager to ensure that all deployed changes match the company's required security and compliance policies.

As Greg Britz, Network Operations Manager, BNSF Railway said, "Automation will win every time over manual IT management as we begin to roll out new services and the network becomes more complex. We will handle configuration updates in milliseconds, compared to the minutes or hours that it took to configure systems manually".

ITIL processes and solutions must be "living." The ITIL rules and capabilities, compliance audits, and other processes must be updated and changed whenever necessary with the least impact. In addition, solutions must be able to self correct as much as possible and notify administrators when the rules have been changed and when they need to change. Automation allows for these living changes to occur much more quickly and efficiently than can be accomplished manually.

ITIL Challenges

The benefits of ITIL can be realized only if ITIL is used correctly. Organizations face similar challenges using ITIL and must be aware of the common mistakes. Avoid these mistakes by understanding and using ITIL components according to the needs of your business that the IT organization supports.

ITIL Implementation Takes Time

Bringing ITIL into the enterprise can take a long time and requires significant coordination and effort. It may very well require a change to the culture of the organization. Being overly ambitious in bringing ITIL into the organization could be frustrating if objectives are not met.

ITIL Implementation Requires Resources from Across the Enterprise

Without sufficient resources, training, support tools, and time, ITIL will not be implemented to the degree with which it can have the most positive business impact. When ITIL is being introduced, additional resources and personnel may be needed until it is well established.

ITIL Implementation Requires Understanding

A lack of understanding about the processes being implemented will not result in any improvements. Those using ITIL, throughout the enterprise, must understand what the appropriate performance indicators are and how to control the processes.

Baseline Data Must Be Collected

Baseline data must be established to be able to measure impacts and improvements. If no baseline data is collected, improvements in the provisioning of services and cost reductions will not be able to be measured, and business leaders will not know, in quantitative terms they understand, the value ITIL brought to the organization.

Personnel Throughout the Enterprise Must Be Involved

Successful implementation requires the participation of personnel at all levels of the enterprise, throughout the entire enterprise. If you try to have one department or team implement ITIL, it may very well isolate that group, and a direction may subsequently be set that the rest of the enterprise does not accept or follow.

Integration with Other Frameworks Must Be Carefully Planned

Implementing ITIL with other frameworks—such as COBIT, Six Sigma, and CMMI—is possible. In fact, just one framework alone will not meet the wide range of business needs and processes, and so multiple chosen frameworks should be used in harmony. However, harmony between ITIL and other frameworks cannot be achieved in ways that try to make incompatible components fit; this will lead to frustration and failure and full ITIL value will not be realized. Certainly, multiple frameworks have compatible components, but careful analysis must occur to determine which components are truly good fits within your particular organization.

Getting Started With ITIL

To successfully and most effectively implement ITIL within your organization, you must first clearly understand your business processes and the IT services that support those processes. This understanding is not only necessary for successful ITIL implementation; it is necessary for good IT governance.

Successful IT governance that adds value to business requires that you are able to

  • Identify the IT services that support key business activities
  • Establish metrics to measure the quality of IT services delivered and the value IT adds to the business
  • Effectively manage the end-to-end IT infrastructure that supports service delivery
  • Hold IT accountable for business results

To most successfully implement ITIL, IT organizations can implement an integrated technology solution that addresses the issues previously discussed. Automating the ITIL processes will allow the IT department to more successfully

  • Map services to business needs
  • Measure key performance indicators (KPIs) and the actual end-user experience
  • Manage IT components across all organizational systems and networks

When choosing a technology solution to support ITIL, organizations should require the solution to support all aspects of IT service support in a unified manner so that use of the product does not end up being counter to ITIL principles.

Implementing ITIL

Expect to have at least some internal resistance to implementing ITIL. There will always be people who would rather stay an ineffective course than put in the time and effort necessary to follow a new path. ITIL initiatives can be successfully championed and initiated by following three simple principles.

#1: Be Realistic; Start Small

Identify the areas within the IT infrastructure where there is the least efficiency, most problems, and most user dissatisfaction. Implement ITIL to address those areas. This will give you experience with the ITIL processes while addressing the most significant and business-impacting IT problem areas.

#2: Document, Document, Document!

You will not be able to demonstrate or communicate the value of IT to the business if it is not well documented. Initial measurements and benchmarks must be accurately and consistently documented to validate improvements. Accurately and consistently tracking KPIs will allow IT to continuously measure progress and report this progress to business leaders over time. This is critical for successful and effective management as well as for establishing accountability for business unit and executive management.

#3: Obtain Executive Support

Organizational changes are almost always difficult. It is human nature to want to continue using known processes, even if they are bad or ineffective, instead of learning and implementing something new. Executive support and sponsorship is necessary for successful ITIL implementation, just as it is with any other major enterprise initiative. IT personnel will need to do significant work to implement ITIL processes, so executive support is a must, and the value for it cannot be underestimated. When executive leaders understand the positive impact ITIL can have upon business, they will support the training and other investments necessary to ensure successful and efficient ITIL implementation.


By relating IT infrastructure to business value, ITIL also helps demonstrate to business leaders the value of IT, supporting IT investments and initiatives. ITIL integrates data to provide a comprehensive cross-tier representation for IT services, bringing better understanding to business leaders throughout the enterprise for how IT supports business success.

ITIL integrates data to provide a comprehensive cross-tier representation for IT services. ITIL is a powerful set of guidelines that enables IT to deliver greater value and better align itself with business needs in efficient and valuable ways. Organizations implementing the ITIL framework must do so with a clearly defined sense of purpose and realize that, as with most ambitious business objectives, it will be achieved one step at a time.

ITIL addresses IT service support challenges, as the following examples illustrate:

Change Management

  • Helps prevent problems and incidents that typically occur when IT changes are made to accommodate new technologies that are deployed throughout the enterprise
  • Helps ensure that all IT infrastructure or device changes are implemented in a consistent, efficient, and repeatable way, which in turn will minimize IT services downtime resulting from errors and bad planning associated with the changes
  • Helps to successfully combine and streamline multiple and diverse systems and applications during mergers and acquisitions

Incident Management

  • Lessens the impacts of new technology threats, ensuring more efficient and effective recovery
  • Helps restore business services and processes as quickly as possible; incidents are recorded within a central repository, enabling IT to most effectively utilize available skills and ensure important tasks are not overlooked during incident response
  • With Problem Management, ensures an effective interface exists between the details of Incident Management and Problem Management systems to most effectively resolve the errors and root causes of incidents to keep the errors from recurring

Problem Management

  • Helps to ensure that known errors from the development environment are communicated to the production environment
  • Minimizes the impact that errors within the IT infrastructure have on the business and helps to prevent recurrence of incidents related to the errors