Most organizations are dependent upon IT to meet their business goals and to fulfill business processes. This increased dependency has led to more diverse systems and applications within the enterprise, with many of the components highly decentralized and/or highly specialized. This diversity has created a complex business-processing environment. IT complexity makes ensuring business applications and systems availability very challenging.
IT complexity, complicated with frequently changing technologies and always emerging threats, creates many IT service support challenges and problems. Table 1.1 demonstrates the types of situations that often occur within business and the resulting challenges and problems that must be addressed.
Challenges and Problems
Deployments and Retirements
When new systems, applications, and technologies are deployed and old systems,
applications, and technologies retired, problems arise, incidents occur, and changes must be made throughout the enterprise.
When applications are updated, the systems and other applications communicating with them will often also need to be updated.
When budgets are cut, existing applications and systems support and/or components must often be removed or their support drastically reduced.
Mergers and Acquisitions
When companies merge or acquire others, existing and diverse systems must be combined and changes must be made to ensure that the applications and systems that support the business keep going.
When companies divest of business units, they must remove those portions of the business from the network in an effective and efficient manner to keep business running efficiently and securely.
New Technology Threats
When new technological threats occur, which seem to be more and more frequently, incidents occur, problems emerge, and changes must be made.
Poor Communication Interfaces
When there is a poor interface between the details of incidents, problem management systems, and error details, problems will not be effectively resolved.
Development Errors that Go into Production
When known errors from the development environment do not get communicated to the production environment, business will experience problems, impacting productivity and often revenues.
Ineffective Change Management Processes
When change management processes consist of an overabundance of disjointed, and often inconsistent, rules and regulations, IT becomes unproductive trying to follow the mess and often gives up following the rules altogether in frustration.
Personnel Reluctance to Change
When personnel are reluctant to adopt new change, incident, or problem management processes, preferring to stay with what they know because it seems to them that is the easier thing to do, the old issues with resolving problems, implementing changes, and responding to incidents are perpetuated, continuing to cost business.
Table 1.1: Example IT service support challenges and problems.
The possibilities are endless. Implementing yet more disconnected processes and procedures alone cannot efficiently address these challenges.
Recently in the U.K., JPMorgan Chase used ITIL to streamline their IT service desk. They have seven sites with more than 700 people that handle 3 million IT service calls per year. In 2004, they merged with Bank One and had to consolidate dozens of IT tools. Before ITIL, four incident-management tools, 14 change-control systems, four knowledge management tools, and 25 request tools were used. After using ITIL to consolidate processes, JPMorgan Chase now has just one incidentmanagement tool, one change-control system, one knowledge management tool, and four request tools. The service desk maintains 93% customer satisfaction ratings and a 75% first-call resolution rate.
Old management styles that were once used strictly within centralized, single-system computing environments don't work in today's highly diverse and decentralized environments. It is easy within such complexity for errors to happen. Even small failures can impact the entire business. A single hardware problem can impact multiple virtual machines. For example, if an event console cannot accurately perform root cause analysis, it could possibly be reported as multiple faults, making it extremely difficult to identify the error to fix the problem.
During the 1980s, the British government was experiencing numerous IT service problems and related quality issues. The Central Computer and Telecommunications Agency (CCTA), now named the Office of Government Commerce (OGC), was tasked with developing a way to efficiently and cost-effectively use IT resources within public sector organizations. The goal was to create a successful approach that would be independent of any particular vendor. What resulted was the Information Technology Infrastructure Library (ITIL), a collection of the best practices for the IT service industry developed by practitioners, theorists, and researchers. The core ITIL V2 publications include:
ITIL V3 is currently being reviewed and has a reported planned release in 2007.
This guide will look at how the ITIL Service Support processes can be applied to businesses. More specifically, it will explore Change Management, Problem Management, and Incident Management.
To most efficiently and effectively handle IT changes, there must be one centrally managed Change Management process. The Change Management process must be integrated throughout the entire applications and systems development life cycle (SDLC). Activities that must be managed to process changes include the following; shown in the order they occur:
ITIL uses many terms that may not be familiar to those of you new to this methodology. To assist with the discussion of Change Management within this and subsequent chapters, the following list highlights common terms that you will see when ITIL Change Management concepts are discussed:
Figure 1.1 illustrates the relationship between Change Management activities.
Figure 1.1: Change Management processes.
Incident Management is responsible for managing all incidents from detection and recording through resolution and closure. Incident Management is reactive. The objectives of Incident Management are to reduce or eliminate the business impacts and effects of actual or likely disturbances within IT services to ensure personnel can get back to work and business can resume to normal as soon as possible. The types of activities that occur within Incident Management include the following; shown in the order they occur:
Progress monitoring and tracking activities occur after each of these steps. During these activities, the incident cycle is monitored to determine how quickly it can be resolved and whether escalation is necessary.
To assist with the discussion of Incident Management within this and subsequent chapters, the following list highlights common terms that you will see when ITIL Incident Management concepts are discussed:
Figure 1.2 demonstrates the relationship between Incident Management activities.
Figure 1.2: Incident Management processes.
So how is a problem different than an incident? Generally, a problem is an unwanted or undesirable situation that, if not addressed soon enough, can become the root cause of an incident. Problem Management takes the entire IT infrastructure into account, using all available information to identify existing and potential failures in the delivery of IT services.
Problem Management supports Incident Management by providing alternative workarounds and temporary fixes during an incident but does not have responsibility for actually resolving incidents. Problem Management also involves the analysis of incidents and problems to identify trends and then subsequently takes proactive actions to prevent the further occurrence of similar incidents and problems.
The types of activities that occur within Problem Management include:
During each of the first four steps, actions are taken to track and monitor the problem, ensuring clear and comprehensive documentation is maintained. Likewise, during each of steps five through eight, actions are taken to track and monitor the error.
To assist with the discussion of Problem Management within this and subsequent chapters, the following list highlights common terms that you will see when ITIL Problem Management concepts are discussed:
Figure 1.3 illustrates the relationship between Problem Management activities.
Figure 1.3: Problem Management processes.
IT inefficiencies can have dramatic negative impact on business. The following examples highlight potential impacts:
These inefficiencies and negative impacts can be reduced, and most even eliminated, using ITIL.
ITIL promotes efficient and effective IT practices, which in turn benefits business. All these benefits help to ensure IT becomes a global, efficient, cost-effective, seamless part of the business enterprise.
IT services become more customer-focused, making your external customers happier and promoting customer loyalty and retention by reducing IT problems that noticeably impact customers. Agreements about IT service quality also improve the relationships with customers. IT services are more clearly and accurately described, in better detail, and in customer language. The customers who depend upon your IT services as part of the product or service they purchased expect that your organization will put them first when they experience problems. If your IT services are not customer-focused when problems occur, you will quickly find yourself on the front page of international news sites—not only concerning your other customers but also keeping potential customers away.
IT service quality, availability, reliability, and costs are managed better when properly using ITIL, saving time, money, and resources and resulting in better justification for costs related to IT service quality. There are many factors that contribute to this quality improvement:
As a case in point, United Space Alliance, the largest contractor for the NASA space shuttle program, implemented an integrated asset and service management system using ITIL. As a result, they measurably improved service quality and efficiency for their 50,000+ hardware assets and 100,000+ software assets by establishing real-time incident, problem, and change management capabilities.
Many organizations are now outsourcing critical IT processes. The IT process structure resulting from ITIL also provides a framework to facilitate more effective outsourcing of IT service elements, allowing the organization to realize better quality from their outsourced vendor. A higher-quality IT service support function brings with it more agile and efficient IT service support, which enhances competitiveness and ultimately improves business.
Commonly used IT processes are better integrated when successfully implementing ITIL. Rework is reduced and redundant work eliminated by centralizing IT processes. Not only does this result in IT processes having improved scalability and consolidation, but the IT area is more clearly structured, more efficient, and better focused on corporate objectives.
Because ITIL is business focused, IT is also better integrated with other business processes throughout the enterprise. Better integration results in an improved utilization of IT resources. Changes within the IT infrastructure are easier to manage. Clearly identifiable reference points for internal communications and external communications with vendors and business partners are created, allowing for the effective standardization of procedures. During mergers and acquisitions, IT installations that may have wide-scale differences are consolidated into one coherent management structure by using ITIL concepts and frameworks.
The use of ITIL concepts produces agreed-upon consistent points of contact within the IT areas. Consistent points of contact within the IT area improve communication. Because of the emphasis of documentation, continuous documented learning occurs from IT experiences, helping to prevent mistakes from recurring. As a result of improved communication, IT services better meet business, customer, and user demands and realize improved performance for the IT service delivery and service support areas.
Using ITIL, demonstrable performance indicators are created and used to support the business. By being able to monitor and respond to these indicators, mission-critical IT services have improved availability, reliability, and security. The centralization and efficiency impacts result in measurably reducing latency at every stage of the IT management cycle, dramatically reducing costs. Reducing latency improves IT project deliverables and delivery times. Baseline IT metrics and ongoing measurements become part of the business as an effect of ITIL implementation.
How significant are the savings that can result from ITIL? Consider Transporeon, a leading European e-logistics solution provider. Transporeon implemented ITIL and an IT process automation system and improved their IT staff's productivity in addition to reducing their overall maintenance cost by more than 40%. A side effect was freeing key resources to allow for faster response times that increased customer satisfaction.
ITIL makes audits easier by having better documentation and up-to-date metrics that the auditors can use instead of having to try to create the metrics themselves based upon numerous and disparate documents. ITIL allows IT management system audits to be more favorable and take less time. Because IT infrastructure and related services are better controlled, fewer audit findings result. Security controls based on COBIT, which auditors overwhelmingly use, are supported. Compliance requirements for the U.S. Sarbanes-Oxley Act, as well as other laws and regulations, are supported by ITIL.
The efficiency of ITIL implementation can be improved with automation. Many critical processes can be automated to streamline business. Automation can be seamlessly integrated using products specifically engineered to complement the ITIL processes.
Good, effective tools allow automation to use the same data model, security model, and other IT models your organization has adopted; it just makes them timelier, more efficient, more consistent, and more likely to be error-free. As a case in point, consider EDS. EDS has one of the world's largest IT organizations. They recently automated more than 65,000 servers across more than 400 worldwide locations in support of their ITIL process. As a result, they reduced costs and improved efficiencies in their IT organization by automating the complete life cycle of business application management and the underlying infrastructure.
The EDS example points out that ITIL can support a global scale of deployment. Automation solutions must be able to scale as large as possible. Automating ITIL processes does not occur overnight; automation must be built-in to solutions.
In addition to supporting more successful and efficient global deployment, automation allows for IT service support and delivery processes to be delivered more quickly, saving huge amounts of time to accomplish tasks and ultimately reducing resource costs involved with performing actions manually. As an example, consider the BNSF Railway. In 2005, BNSF became one of the first companies in the railway industry to deploy an extensive wireless network and automate the management of its complex IT infrastructure.
Prior to automation, the network engineers would log on to each device manually to make configuration changes, taking significant time to accomplish. Automation allowed the BNSF network engineers to securely automate password and SNMP community string management, deployment of access control lists (ACLs), and configuration change tracking. Now, BNSF pushes out changes as a batch and they use an automated policy compliance manager to ensure that all deployed changes match the company's required security and compliance policies.
As Greg Britz, Network Operations Manager, BNSF Railway said, "Automation will win every time over manual IT management as we begin to roll out new services and the network becomes more complex. We will handle configuration updates in milliseconds, compared to the minutes or hours that it took to configure systems manually".
ITIL processes and solutions must be "living." The ITIL rules and capabilities, compliance audits, and other processes must be updated and changed whenever necessary with the least impact. In addition, solutions must be able to self correct as much as possible and notify administrators when the rules have been changed and when they need to change. Automation allows for these living changes to occur much more quickly and efficiently than can be accomplished manually.
The benefits of ITIL can be realized only if ITIL is used correctly. Organizations face similar challenges using ITIL and must be aware of the common mistakes. Avoid these mistakes by understanding and using ITIL components according to the needs of your business that the IT organization supports.
Bringing ITIL into the enterprise can take a long time and requires significant coordination and effort. It may very well require a change to the culture of the organization. Being overly ambitious in bringing ITIL into the organization could be frustrating if objectives are not met.
Without sufficient resources, training, support tools, and time, ITIL will not be implemented to the degree with which it can have the most positive business impact. When ITIL is being introduced, additional resources and personnel may be needed until it is well established.
A lack of understanding about the processes being implemented will not result in any improvements. Those using ITIL, throughout the enterprise, must understand what the appropriate performance indicators are and how to control the processes.
Baseline data must be established to be able to measure impacts and improvements. If no baseline data is collected, improvements in the provisioning of services and cost reductions will not be able to be measured, and business leaders will not know, in quantitative terms they understand, the value ITIL brought to the organization.
Successful implementation requires the participation of personnel at all levels of the enterprise, throughout the entire enterprise. If you try to have one department or team implement ITIL, it may very well isolate that group, and a direction may subsequently be set that the rest of the enterprise does not accept or follow.
Implementing ITIL with other frameworks—such as COBIT, Six Sigma, and CMMI—is possible. In fact, just one framework alone will not meet the wide range of business needs and processes, and so multiple chosen frameworks should be used in harmony. However, harmony between ITIL and other frameworks cannot be achieved in ways that try to make incompatible components fit; this will lead to frustration and failure and full ITIL value will not be realized. Certainly, multiple frameworks have compatible components, but careful analysis must occur to determine which components are truly good fits within your particular organization.
To successfully and most effectively implement ITIL within your organization, you must first clearly understand your business processes and the IT services that support those processes. This understanding is not only necessary for successful ITIL implementation; it is necessary for good IT governance.
Successful IT governance that adds value to business requires that you are able to
To most successfully implement ITIL, IT organizations can implement an integrated technology solution that addresses the issues previously discussed. Automating the ITIL processes will allow the IT department to more successfully
When choosing a technology solution to support ITIL, organizations should require the solution to support all aspects of IT service support in a unified manner so that use of the product does not end up being counter to ITIL principles.
Expect to have at least some internal resistance to implementing ITIL. There will always be people who would rather stay an ineffective course than put in the time and effort necessary to follow a new path. ITIL initiatives can be successfully championed and initiated by following three simple principles.
Identify the areas within the IT infrastructure where there is the least efficiency, most problems, and most user dissatisfaction. Implement ITIL to address those areas. This will give you experience with the ITIL processes while addressing the most significant and business-impacting IT problem areas.
You will not be able to demonstrate or communicate the value of IT to the business if it is not well documented. Initial measurements and benchmarks must be accurately and consistently documented to validate improvements. Accurately and consistently tracking KPIs will allow IT to continuously measure progress and report this progress to business leaders over time. This is critical for successful and effective management as well as for establishing accountability for business unit and executive management.
Organizational changes are almost always difficult. It is human nature to want to continue using known processes, even if they are bad or ineffective, instead of learning and implementing something new. Executive support and sponsorship is necessary for successful ITIL implementation, just as it is with any other major enterprise initiative. IT personnel will need to do significant work to implement ITIL processes, so executive support is a must, and the value for it cannot be underestimated. When executive leaders understand the positive impact ITIL can have upon business, they will support the training and other investments necessary to ensure successful and efficient ITIL implementation.
By relating IT infrastructure to business value, ITIL also helps demonstrate to business leaders the value of IT, supporting IT investments and initiatives. ITIL integrates data to provide a comprehensive cross-tier representation for IT services, bringing better understanding to business leaders throughout the enterprise for how IT supports business success.
ITIL integrates data to provide a comprehensive cross-tier representation for IT services. ITIL is a powerful set of guidelines that enables IT to deliver greater value and better align itself with business needs in efficient and valuable ways. Organizations implementing the ITIL framework must do so with a clearly defined sense of purpose and realize that, as with most ambitious business objectives, it will be achieved one step at a time.
ITIL addresses IT service support challenges, as the following examples illustrate: