ITIL: The Trend direction of
for Principled 3. Check 2. Do
IT Service 4. Act 1. Plan
By Thibault Dambrine
The Deming Wheel
he ability to spot new trends early is a key quality to
business survival. Information Technology (IT) in itself
is a fast-changing business sector. Staying on the leading
1. PLAN Design or revise business process components to improve results.
edge of major IT trends can be a challenge, but it can
also make a big difference for employability over the course 2. DO Implement the plan and measure its performance.
of one’s career. Today, one of the trends to watch for in IT is 3. CHECK Assess the measurements and report the results to decision makers.
simply known as ITIL. A tsunami of sorts, ITIL is not making 4. ACT Decide on changes needed to improve the process.
much noise right now. When it hits the shores of your IT
department however, you may want to be ready and know Figure 1.
what ITIL is all about.
What is ITIL? In a nutshell, the general aim of ITIL is to
create a “best practice in IT Service Management” (ITSM). In 3) While remaining a copyright of the British government,
the ’80s, the quality of the IT services provided to the British ITIL belongs to public domain. This is important, because the
government was such that something had to be done. In method is basically free. All companies who want to use ITIL
reaction to this situation, the Office of Government Commerce can do so.
(OGC) developed a framework of best practices with the aim of
providing a cost-efficient way to manage IT resources. Thus was ITIL 101
born the “IT Infrastructure Library,” or ITIL. Since then, this ITIL can be described as an adaptation of a concept known
framework has evolved into its second iteration, and the third as the “Deming Wheel,” applied to IT service delivery. The
is planned for late 2006 or early 2007. author of this concept, W. Edward Deming, is associated with
Since being published, ITIL has proved useful for many the rise of Japan as a manufacturing nation. He is also the
organizations beyond government. At the heart of ITIL are a father of “Continuous Improvement” – the foundation for Total
number of processes supported by a new category of software Quality Management (TQM). The Deming System prescribes a
packages specifically designed with ITIL in mind. cycle of improvement. (See Figure 1.)
Three easily identifiable factors explain the recent ITIL In its quest for quality IT service, ITIL gives a detailed
adoption spurt in North America: description of a number of specific activities, which together
1) ITIL is considered a mature and well accepted IT constitute a best practice method to deliver IT. These processes
Service Management set of best practices. With 20 years under and functions are published in a series of books, each covering
its belt and the UK government stamp of approval, it’s a safe bet a sub-area of IT management.
for any company to at least consider ITIL. If you open an ITIL book, you’ll notice that IT support
2) ITIL, in its methods of documenting and controlling processes are divided into two streams: service support and
change, makes every system change auditable. In the U.S., the service delivery. Service support generally concentrates on day-
Sarbanes-Oxley law now requires stringent auditing that covers to-day operations, while service delivery looks at the longer-
IT. In Canada, the Ontario legislature enacted Bill 198, which term planning activities of IT service provision. (See Figure 2.)
empowers the Ontario Securities Commission to enforce similar With this clear division, it’s easy to see the “end in mind” for
rules as Sarbanes-Oxley. With this backdrop, the timing is good each process.
for ITIL. This is a mature, credible process for managing IT. On The service desk function is the point of application where
top of strong IT governance, ITIL provides the necessary base service support (tactical and operational processes) meets the
of data to satisfy most Sarbanes-Oxley/Bill 198 requirements. service delivery (strategic, longer term view processes).
Some IT professionals argue that the massive auditing market From informal observation, one can see that in most
suddenly born as a result of these new laws may not be motivated cases, the methods used in the average IT department are not
only by the urge to guard the truth and protect investors, but very different from what ITIL recommends. Non-ITIL shops
after Enron and WorldCom, there is no turning back. simply tend not to be as formal, organized, and documented.
COMMON.CONNECT – October 2006
What ITIL does is not only identify all aware of what is expected from it and Availability Management aims
skills and task requirements, but also what it provides, it is better able to plan, to optimize the capability of the IT
prescribe responsibilities for each role budget and manage its services. infrastructure to support and deliver
and function. Below is a summary for Financial Management for IT a cost-effective and sustained level of
the service desk function (the only Services aims to assist the internal IT availability, as agreed upon in the SLA.
“function” described as such in ITIL) organization with the cost-effective Security Management has two
followed by service support and service management of the IT resources required objectives: To meet the security
delivery processes: for the provision of services. For this requirements of the Service Level
reason, the process breaks down IT service Agreements and external requirements
Service Desk Function costs and associates them with the various defined by contracts, legislation, and
The objective of the service desk services provided. In this way, it supports externally imposed policies; and
is to act as the central point of contact management decisions with respect to to provide a basic level of security,
between the user and IT service IT investment, and encourages the cost- independent of external requirements.
management. It’s the convergence aware use of IT facilities and services.
point for service delivery and service Capacity Management should ITIL Service Support Processes
support. Responsibilities include: consistently provide the required IT (Tactical, Operational)
• To receive and record all resources at the right time (when they Configuration Management aims to
calls from users directed to IT; are needed) and at the right cost, aligned assist with managing the economic value
• To provide initial with current and future requirements of of the IT services including customer
assessment of all the business. Thus, capacity management requirements, quality and costs. This
incoming incidents; must understand the expected business is done by maintaining a logical model
• To monitor and escalate developments affecting customers, as of the IT infrastructure and IT services
incidents, according to well as anticipate technical developments. and providing information on the IT
agreed service levels; and This process plays an important role in infrastructure and internal relationships
• To keep users informed on determining IT return on investment between configuration items (CI) to
status and progress of tasks. and cost justification. other business and ITIL processes.
IT Service Continuity Manage- The narrow definition of configura-
ITIL Service Delivery Processes ment (ITSCM) aspires to support the tion management is restricted to:
(Strategic, Longer Term) overall business continuity manage- • Keeping reliable and detailed
Service Level Management aims to ment. Its goal is to ensure that required records of IT components,
ensure that the IT services required by the IT infrastructure and services, including configuration items (CIs), and
customer are continuously maintained support and the service desk, can be re- services provided by IT
and improved. This is achieved by stored within specified time limits after a • Providing accurate information
agreeing, monitoring, and reporting on disaster or a disruption. Its scope must be and documentation to support other
the performance of the IT organization. defined on the basis of the business ob- service management processes
In addition, it contributes in creating an jectives. When assessing risks to business
effective business relationship between continuity, decisions need to be made as Configuration items (CIs) typically
the IT organization and its customers. to whether they are within or outside the fall under the following:
Because the IT organization is more scope of the ITSCM process. • Hardware
Service Support Processes Service Delivery Processes
Configuration Management Service Level Management
Incident Management Service Desk FUNCTION Financial Management for IT Services
Problem Management (Note: this is a function, not a process) Capacity Management
Change Management IT Service Continuity Management
Release Management Availability Management
Figure 2. Security Management
Notes on the processes:
• Configuration management appears after problem management in the original order of the service support processes.
• Security management is placed under the service delivery process header. This process is not consistently in this area, and this may
change with the next version of ITIL.
• Quality Assurance is not (yet) recognized as a formal process in ITIL. The topic of software quality is briefly mentioned in several
processes, but ITIL gives formal Quality Assurance only cursory recognition.
October 2006 – COMMON.CONNECT
• Procedures existing or potential incidents in one or more CIs.
• Documentation To find the root cause of a problem, ITIL prescribes problem
• People (or functions – actually fulfilled by people) resolution techniques such as:
1. Restatement of the problem;
Most configuration management database (CMDB) prod- 2. Ishikawa Diagrams (fishbone diagrams); and
ucts on the market today have the ability to store much more 3. Kepner and Tregoe root cause analysis (detailed below)
than computing asset information. There is an emerging class of a. Prepare a decision statement having both an action
software commonly recognized as IT service management soft- and a result component
ware or ITSM, which aims to fill the growing demand to satisfy b. Establish strategic requirements (musts), operational
ITIL CMDB requirements. ITSM soft- objectives (wants), and restraints
ware packages typically treat the CMDB (limits)
as a subset of a larger ITIL offering, and c. Rank objectives and assign relative
will contain the following modules: weights
• Incident management d. Generate alternatives
• Problem management e. Assign a relative score for each
• CMDB (CIs) alternative on an objective-by-objective
• Service level management and basis
underpinning contract management f. Calculate a weighted score for each
alternative and identify the top two or
Occasionally, ITIL software vendor three
Webinars and literature issue “buyer g. List adverse consequences for each
beware” statements aimed at competitors. top alternative and evaluate probability
Essentially, they claim that to get to the (high, medium, low) and severity (high,
hot new CMDB/ITMS market, other medium, low)
vendors slap existing software with h. Make a final, single choice between
CMDB or ITSM labels just to get a foot top alternatives
in the door. Like any other major IT Figure 3.
investment, this type of purchase has to Once the underlying cause
be well researched. and workaround or correction is identified, the problem
The critical factor for success in configuration management becomes a known error. At this point, a Request for
is that the information contained within should be accurate and Change (RFC) can be issued to resolve the problem.
up to date. Auditing is a necessary component to achieve this Problem Management: The objective of problem
goal. This means you must strictly enforce change management management is to resolve the root cause of incidents and
and release management, and that you should always have a consequently prevent incidents from recurring. It includes pro-
stakeholder in the information recorded on individual configu- active and reactive activities:
ration items. Another important factor for successful CMDB • Pro-active problem management aims to prevent
implementation is to carefully consider the depth and scope of incidents from recurring by identifying weaknesses in the
the CIs tracked within. The most common pitfall is to try to infrastructure and making proposals to eliminate them.
track too much, too deep, too early in the CMDB implementa- • Reactive problem management aims to identify the
tion. These problems typically lead to inaccurate data in the root cause of past incidents and present proposals for
CMDB, with consequences ranging from ill-informed decision- improvements or rectification.
making to the complete breakdown of an ITIL initiative. Corrective Build/Buy
Looking at the diagram in Figure 3 (courtesy of ITIL), one Measures
can clearly see that all events eventually end up as a recorded Change
item in the CMDB. Improvement (Plan)
Incident Management Objective aims to restore normal Change
service level as defined in the SLA. In case of any disruption,
service should be restored as soon as possible, with the small-
est possible impact on the business activity, the organization, Problem Configuration Release
Management Management Management
and the users. Incident management needs to keep track of (Act) (Register) (Do)
incidents so that it can measure and improve the process,
provide appropriate information to other service manage-
ment processes, and properly report on resolution progress. Incident
This is done with the help of the CMDB. Management
Where the cause of an incident is not identifiable and Evaluate Install
investigation is warranted, a problem record is raised. In ITIL,
a problem is defined as the unknown root cause of one or more Figure 4.
COMMON.CONNECT – October 2006
Change Management: The objec- Release Management manages control of change management
tive of change management is to ensure and distributes software and hardware and supported by configuration
that standard methods and procedures versions used for production. The management. A release may include
are used, so that changes can be dealt with objectives for release management a number of related CIs including
quickly, with the lowest possible impact include: documentation such as reports, plans,
on service quality. All changes should be • Planning, coordinating and user and support manuals;
traceable. In effect, change management and implementing software and • Ensuring that the original
operates like a thermostatic control be- hardware; copies of software are securely
tween flexibility (allowing changes which • Designing and implementing stored in the definitive software
may lead to errors) and stability (allow- efficient procedures for the library (DSL) and that the CMDB
ing changes to remedy errors). Corrective distribution and installation of is updated. The same rules apply
measures reduce the number of incidents, changes to IT systems; with respect to another ITIL
as a result of which the pressure of emer- • Ensuring that the hardware concept, the definitive hardware
gency work will also fall. and software related to changes store (DHS), a secure area holding
This is where the Deming Wheel are traceable, secure, and that only spare definitive hardware CIs that
principle applies in ITIL. Figure 4 correct, authorized, and tested make up part of a release.
represents how the Deming Plan-Do- versions are installed;
Check-Act cycle is used in the context • Communicating with users ITIL: The Big Picture
of the ITIL change management and considering their expectations Imagine for a minute that your email
process. ITIL motto for change
’s during the planning and rollout of server went down on a Monday morning.
management is “Not every change is an new releases; You have no idea how long this outage will
improvement, but every improvement • Determining the composition last or how deep the problem is. You ask
is a change.” With this in mind, a lot and planning of a rollout, together yourself, “How long could the company
of effort is taken in the ITIL model with change management; survive without email services?” “How
to introduce change with care, to • Implementing new software much business is lost every hour that it
maintain and promote the quality of releases and hardware in the cannot communicate with the rest of the
service provided by IT. operational infrastructure, under connected world?” These simple questions
October 2006 – COMMON.CONNECT
Education: Shaken not stirred
exemplify why IT service management
has become so critical to running any type
of business today.
without sponsorship at the very top
of the organization and at every
level of IT leadership. Failed ITIL
In the ITIL model, the service desk implementations are less publicized
represents the face of IT for the user than the successful ones, but they
community. All incidents, requests for do exist. For all these reasons,
change, or even complaints for IT are implementing ITIL could be likened
funneled through the service desk. All to a marathon more than a sprint. It is
escalations start from this point, at a definitely not a quick fix solution.
rate driven by the SLA. From there, if You may have noticed by now
the underlying reason for the incident that the ITIL methodology is one
is unknown, problem management that has strict definitions and a lot
takes over. If a problem is identified of acronyms. One could imagine an
and a work-around is determined, the ITIL consultant having an ITIL-talk
problem becomes a known error until conversation: “Does Your CMDB have
it is resolved. At this point, a Request a consistent CFIA format for every CI?”
for Change (RFC) will be issued to This sentence translates to “Does your
implement a permanent fix. This RFC Configuration Management Database
will go through change management to have a consistent Component failure
ensure it conforms to the agreed-upon impact analysis for every Configuration
service requirements. Note that the Item?” You need to know what each of
incident, the problem and its resolution, these terms refers to if you want to make
the RFC, and related information are all sense out of the sentence.
recorded individually in the CMDB. My point here is that ITIL has
Conversely, the CI and CI relation- a language of its own. It’s nothing to
Are you ship information stored in the CMDB be overwhelmed by, but it must be
licensed can be useful to resolve problems. The
CMDB incident tracking information
learned. One useful aspect of a standard
vocabulary is clear communication.
to skill? can also be used for trending analy- Also, if you implement ITIL and hire an
sis and understanding not only where ITIL person, this person is likely to speak
Plan to attend TEC ‘007, TUG’s the problems are but also to help iden- in the same terms as your organization,
annual three-day secret Technical tify what pre-emptive corrective actions with obvious benefits. In the same way,
Education Conference & Showcase could save work or avoid future prob- member companies of ITIL user groups
at the Sheraton Parkway Hotel, lems. Having detailed documentation on can compare apples with apples, oranges
Richmond Hill, Ontario all incidents well classified in a database with oranges. A well-documented
April 17 – 19, 2007. can enable IT management to discover glossary of ITIL terms can be found at:
The conference includes: two full without guessing where problems origi- www.get-best-practice.co.uk/glossary.
days of tutorials, plus hands-on nate from and where improvements may aspx?product=glossariesacronyms
labs on Day 3 · complimentary have the most impact. Another thing to be aware of is
lunch at the Vendor Showcase · With ITIL growing in the IT hype that on the road to ITIL Nirvana, your
sit-down luncheon at the Keynote and awareness index, one should company may encounter boundless
Address · optional Executive remember that it is not a silver bullet. offers for help from high-priced
Breakfast · certification exams · Learning and implementing ITIL takes consulting firms, some of them good,
top-drawer speakers · technical & time and effort. Because of the level some of them questionable. ITIL being
professional development topics · of effort required, implementing ITIL a complex methodology to implement,
and special agent handouts from is nearly impossible to accomplish this is not surprising. The only advice I
Sign-up any time before Oct. 31, • ITIL squared colored pins are ITIL trademarks.
• ITIL material reproduced from the IT Service Management Forum book and from the
and receive the “double-oh-agent Foundations of IT Service Management based on ITIL book.
double-early-bird” discount! • ITIL relationship to ISO-20000 taken from http://20000.fwtk.org/20000-itil.htm.
(Regular Price: US$825) • ITIL graphic diagram reproduced with permission of Blue Turtle Technologies.
Discount Price: US$675 • http://www.blueturtle.co.za/content/solutions/IT_service_ITIL.
• Francois Lafortune (ITIL Manager) proofread this article for ITIL accuracy.
Contact Miss • The Office of Government Commerce (OGC) was originally known as the Central
Wendepenny Computer and Telecommunications Agency (CCTA). You may find references to both
at the TUG office: names when you research ITIL.
firstname.lastname@example.org USERS GROUP
for System i COMMON.CONNECT – October 2006