Adapting ITIL To Small-And Mid-Sized Enterprises: Inside This Report

Adapting ITIL to Small- and Mid-Sized Enterprises
IT service management is a key weapon in the war to make IT more responsive to the business users it serves. Best practices frameworks such as IT Infrastructure Library (ITIL) provide the essential structure to moving forward with service management improvement initiatives. Learn how to adapt ITIL to a small- or mid-sized enterprise.
Inside this report:

Introduction ........................................................................................................................2 New Challenges for Managing IT.............................................................................2 Seeing the Big Picture: Basic Principles ...................................................................3 ITIL: The Quality Revolution Comes to IT ..................................................................4 ITIL Basic Structure ......................................................................................................5 What Are IT Services?.................................................................................................6 Improving the Quality of an IT Service .....................................................................7 Impact on the User Experience ...........................................................................8 ITIL Service Delivery Processes ..................................................................................9 Dispelling the Myths: What ITIL Is Not......................................................................10 What ITIL Is ................................................................................................................12 Beyond ITIL: Expanding the Scope of IT Service Management ..........................12 Controlled Objectives for Information and Related Technology (COBIT).............................................................................................13 Six Sigma ...............................................................................................................14 Microsoft Operations Framework (MOF)...........................................................14 ITIL Refresh: If It Aint Broke ...............................................................................16 Making It Happen: ITIL Resources...........................................................................16 Education .............................................................................................................16 Consulting Services ..............................................................................................17 Guides, Flowcharts and Templates ...................................................................17 Software ................................................................................................................18 The Role of Outsourcers ......................................................................................18 Moving Forward: A Typical Scenario .....................................................................19 Conclusion ................................................................................................................21
Info-Tech Research Group is a professional services rm dedicated to providing premium research and objective advice to IT managers of mid-sized enterprises, serving more than 25,000 clients worldwide. Our purpose is to provide practical and thorough solutions that enable IT managers to bridge the gap between technology and business. www.infotech.com 888-670-8889 (North America) 519-432-3550 (International) Info-Tech Research Group, 2006
INTRODUCTION
Information Technology Infrastructure Library (ITIL) has taken the IT world by storm. With the pool of ITIL-certied professionals growing at 30% per year, this is one of the fastest-growing phenomena in IT. Enterprises of all sizes are learning to reap the benets of this powerful approach. However, in the excitement, many individuals see ITIL as the answer for whatever IT problems they are experiencing. This bandwagon effect has led to failed efforts and wasted resources. At the most fundamental level, ITIL is a set of best practices that helps IT enterprises provide reliable and consistent service to end users at a cost that the enterprise can afford. As IT has evolved, a number of complementary frameworks have emerged, but the basic principles of quality improvement have remained constant, and they apply to enterprises of all sizes. These basic quality principles are the focus of this Info-Tech Research Report. Weve also made an effort to clarify the most frequently misunderstood aspects of ITIL, and to explain the relative role of other bodies of knowledge, such as the Microsoft Operations Framework (MOF) and the COBIT governance framework.
NEW CHALLENGES FOR MANAGING IT

Sophisticated IT technology is no longer the preserve of large governments and multinationals. The last decade has seen the downsizing of enterprise applications such as Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP), which has brought big company functionality within reach of the average enterprise. Furthermore, high-speed communications, mobile technologies, and low cost data storage are helping small- and mid-sized enterprises (SMEs) leverage these technologies to enter global markets, virtualize their ofces, monitor business activity in real time, and communicate better with customers. However, big IT power begets big IT problems. The average SME today is managing an increasingly complex array of IT assets, and this is making it harder to manage the overall quality of IT, as well as to understand and control the costs. Many decision makers feel that IT is getting vastly out of control. To address this, many enterprises are taking a serious look at what a decade ago was only contemplated in very large IT departments IT Service Management (ITSM). ITSM involves imposing a formal structure on IT that allows it to be managed cohesively. This is not unlike assigning a management structure to a large group of people, or a process structure to a factory. Essentially, ITSM allows environments to be managed with a focus on output; that is, what users and stakeholders are actually getting out of IT. This model is managed on two fronts:
2006 INFO-TECH RESEARCH GROUP
TOC
The measurement and continuous improvement of IT delivery from the end-user perspective. Improved alignment between IT and the business.
Success in this endeavor requires enterprises to get a solid handle on the diverse infrastructure upon which IT rests. Implementing a service delivery model is no small undertaking; however, the IT industry has been very active in addressing this problem since the early 1980s. This is what ITIL, and the community that supports it, is all about.
SEEING THE BIG PICTURE: BASIC PRINCIPLES

Most enterprises dont manage IT cohesively. Instead, IT is seen as the vague end result of a collection of software packages, laptops, cables, telecom services, servers, and network devices. This piecemeal approach means that the total outcome of IT is never put under the microscope. Taking ownership for the user experience is where service management begins. Under service management rules, everybody who affects the customer experience is on the same team. If the ERP system is unavailable to the shipper on the loading dock, it doesnt matter if its a database problem, a disk problem, or a network problem. This is an interruption of service that affects the shippers ability to do his or her job. As far as IT is concerned, its everybodys problem. This focus is not unique to ITSM. In fact, the principles in ITIL and other frameworks are derived from the same quality methods that transformed industry in the second half of the 20th Century. The same quality process that ensures that the moon roof on a Toyota or Ford doesnt leak can also be used to ensure that a users e-mail doesnt crash when downloading a large document from a Web site. Quality methods of this type are characterized by the following: The use of feedback loops to create ongoing improvement towards measurable goals. The pursuit of quality not as an arbitrary technical goal, but as an entity experienced by the customer. Teaming to break down silos and functional barriers and create a unied approach.
One of the classic hallmarks of quality methods is the Shewhart circle, illustrated below. Named after its inventor, the American statistician Walter Shewhart, this simple model has become the paradigm for continuous quality improvement.
TOC
Quality Improvement Cycle

4. Act. Adjust the plan based on feedback received during the check process.
1. Plan. Design or revise product elements to improve results.
3. Check. Determine whether desired results were achieved from customer perspective.
2. Do. Implement the planned changes or interventions as indicated.
Figure 1. Quality standards are detailed and complex, but they are based on a simple model for continuously improving quality.
ITIL: THE QUALITY REVOLUTION COMES TO IT

ITIL was developed in the U.K. in the 1980s in an effort by the government to improve its management of IT. Although the term Library makes ITIL sound theoretical and academic, it is everything but. Fundamentally, it is a collection of best practices for managing IT, collected from sources all over the world. ITIL has become a de facto global standard. Global IT giants such as IBM, HP, and EDS have standardized their service operations according to ITIL. Over 100,000 individuals are ITIL-certied, and that number is growing rapidly, swelling the ranks of local ITIL enterprises in every corner of the globe. To support this best practice approach, the IT Service Management Forum (itSMF), the governing body for ITIL, has thousands of members who share best practices on a worldwide basis. This is accomplished through seminars, conferences, newsletters, information databases, and participation in education and certication processes. itSMF also seeks to improve standardization, and involves itself with standards bodies such as ISO and the British Standards Institute (BSI). In connection with this association, BSI has recently introduced BS15000, an ITSM standard based on ITIL practices. Another standard, ISO20000, will bring standardization of ITIL processes to an international level. Both standards will allow IT departments to be independently audited for the successful implementation of ITIL-based processes.
TOC
ITIL BASIC STRUCTURE

ITIL allows for the establishment of a suite of individually owned processes that, when combined, impose a comprehensive and balanced structure on all IT endeavors. The basic core processes are illustrated below:
IT Users
The Business
Change Management
Service Level Management
Service Delivery
Service Support
Incident Management
Configuration Management
Problem Management
Release Management
Availability Management
Service Desk
IT Svc Continuity Management

Capacity Management
Financial Management
Figure 2: Basic ITIL Processes Two salient features of this management structure should be noted. 1. The Service Desk plays a central role. All feedback about the performance of the IT systems comes through this single point of contact. The services desk also owns the documentation process. As a result, the service desk serves as the hub for the information ow for all aspects of the service management process. 2. The services are divided into two categories. One is dedicated to improving the quality of service for end users. The other is dedicated to measuring and controlling the cost and quality of IT from a business perspective. The two are designed to work together in a balanced, complementary fashion.
TOC
WHAT ARE IT SERVICES?

Best practice frameworks, and ITIL in particular, use a service management model to dene what is delivered to end users and to the business. We see this approach when we buy telephone, cable TV, Internet, and voicemail services. What is new here is the delivery of all of IT within a service framework. An important footnote is that IT services cannot be as generic as their telecommunications counterparts, but must be customized. A key requirement for an IT service is that it is easily identiable. It doesnt make sense, for example, for a user to be evaluating a service such as Microsoft Windows Operating System when this is not an entity that is tangible for the average user. Corporate E-mail, on the other hand, is easily understood. Table 1 gives examples of typical IT services that might be found in an SME: Service Corporate E-mail Description Service of end-user accounts using MS Outlook and MS Exchange. Components Desktop hardware, MS Outlook client, MS Exchange mail server, storage devices, security software, automated monitoring, network devices, virus protection software, SPAM control, 24/7 help desk facility, onsite service staff. Client device (e.g. RIM BlackBerry), wireless carrier service, server hardware, application hosting, automated monitoring, network devices, storage, virus protection software, spam control, 24/7 help desk facility, onsite service staff. Application server, integration server, storage devices, security software, automated monitoring, network devices, virus protection software, spam control, 24/7 help desk facility, onsite service staff.
Wireless PDA Service
Hosting and qualitycontrolled delivery of BlackBerry wireless network applications. Hosting and qualitycontrolled delivery of Navision ERP application.
ERP Application
Each service has many components, and each of them have much in common they all use the corporate network, a desktop device, a back-ofce infrastructure, and other IT amenities. There are also patches, plug-ins, and other elements that are unique. However, when it comes to delivering corporate email, the user shouldnt have to worry about any of this, just as the owner of a car doesnt have to be concerned with wheel bearings and engine parts. Similarly, the business stakeholder should have easy access to information such as what e-mail is costing per user, or what the cost might be of improving that service. Being able to continuously improve the service, and assess the cost of making the service more reliable, is where best practices come in.
TOC
IMPROVING THE QUALITY OF AN IT SERVICE

ITIL Service Support processes, shown in the left quadrant of Figure 2, provide enterprises with common tools for continuous improvement of IT services. A major factor is consistency. It would be impossible to make any headway if the measurement methods changed every time a problem occurred. The process of continuous improvement has to be universal whether it involves network issues, application issues, or hardware issues. The basic Service Support processes are described in Table 2 below: ITIL Process Description
Conguration Management Incident Management Problem Management
Creation and maintenance of a database of all IT conguration items, their relationship with other items, and their proper state. Receiving, recording, and classifying user reports of malfunctions, primarily received through the help desk. Analysis of incidents to uncover patterns of repetition that might indicate a common root cause. Positive conclusion results in a Request for Change (RFC), and the cycle repeats. Response to and action upon requests for change. Process includes solution evaluation and design, risk analysis, prioritization, approvals, and feasibility testing. Sequence of events for rolling out a change to the user environment in order to minimize disruption, prevent errors and loss of data, and maintain proper documentation.
Change Management Release Management
As an example, the ITIL processes shown above could be used to resolve a software version conict. Suppose that a number of users have reported through the Service Desk that they are occasionally unable to open .PDF (Adobe Acrobat) les downloaded from the Internet. Here are the steps that would be taken to resolve the issue: 1. The repeated incidents, as captured by Incident Management, are forwarded to Problem Management for further investigation. 2. Input from users is analyzed through the Problem Management process to determine the root cause, resulting in a proposal for a conguration change. 3. Change Management evaluates and tests possible changes, and comes up with the best solution. In this case, it might be the implementation of a software patch, or even an upgrade to a new version. 4. Release Management handles the rollout, ensuring that the change is made in the least disruptive fashion.
TOC
5. Incident Management keeps a close watch on the situation to ensure that the change has truly eliminated the problem, and that users are no longer having difculty. These processes ow in a cyclical fashion, following the classic Shewhart Circle paradigm, as illustrated in Figure 3 below.
Evaluate proposed fix according to Change Management Process (Plan)
Analyze history according to Problem Management Process (Act)
Document according to Configuration Management Process
Rollout fix according to Release Management Process (Do)
Monitor user reaction according to Incident Management Process (Check)
Figure 3. Using ITIL processes to implement a software patch to resolve a version conict. As the diagram illustrates, the pattern applies to all service interactions. The goal is to continuously improve the quality of a recognizable service, such as Corporate E-mail. The engine for the process is continuous user feedback, which constantly drives improvement. The same process ow will take place for any defect in the service, regardless of whether the root cause is attributable to networks, hardware, software, an external service, or even user training.
IMPACT ON THE USER EXPERIENCE

ITSM raises the bar when it comes to service quality, and it does so in a visible and recognizable way. User benets are delivered in the following ways: Overall quality is improved by systematically removing defects. If the same incident keeps re-occurring, this is an indication that there is an underlying problem that needs to be resolved. ITIL provides the discipline and the structure to identify and remove problems from the system, creating a lower volume of disruptions and a superior user experience. Users are respected. Quality criteria are dened in user terms, not in IT terms that the user cant understand. User input is not treated as an annoyance, but is a valued part of the quality process.
TOC
Users enjoy consistent treatment from IT. Incidents are always handled the same way, regardless of the root cause of the problem. With all IT people reading off the same script, a user will not be given one version of the story from one person and another from a different person. There is broad agreement of what constitutes a legitimate problem. If a number of users are experiencing a difculty, this could be justication for a change. At the very least, it might be an indication that training is required, or a feature is impractical for use and should be disabled.
ITIL SERVICE DELIVERY PROCESSES

IT is not just about making users happy IT investments also have to make business sense. In other words, if theres a need to reduce disruptions of the ERP system in shipping, the CFO needs to know what that is going to cost in order to decide how much of a safety factor the enterprise can afford. In order to achieve this, a disciplined and structured approach is required. As is the case with Service Support, a set of processes that are clearly delineated, and yet interactive, is required. The creation of a disaster plan is a good example. In this case, Business Continuity Management will identify the IT functions that are absolutely vital to the business, but will need the assistance of Capacity Management to understand what the resource requirements would be to restore these functions in a recovery situation. The processes are described as follows: Service Level Management is the ultimate goal of ITSM. As a process, it deals with the relationship between IT and its stakeholders. Service levels are dened, negotiated, reviewed, and tested according to a Service Level Agreement (SLA). Also included is the creation of a Service Catalogue, which comprises of all the services that an IT department is able to deliver. Availability Management can be roughly dened as freedom from outages or other disruptions. The Availability Management process covers the creation of a comprehensive availability plan, and the monitoring of IT systems to ensure that the goals of this plan are met. Special attention is paid to systems that support vital business functions. Financial Management provides a plan that ensures that the nancial resources are in place to operate IT according to requirements as outlined in the other areas. This includes the budgeting of IT, assessment of real versus projected costs, and performance monitoring. It should be noted here that the Financial Management process does not provide for a nancial audit of IT, nor does it provide direct correspondence with Sarbanes-Oxley and other legislation.
TOC
Capacity Management tracks and manages the resources being used to satisfy the needs of the enterprise. These include storage capacity, disk space, CPU capacity, and personnel. The process also includes the creation and maintenance of a Capacity Plan. Business Continuity Management protects the business against damage due to the temporary loss of IT systems. Commonly known as disaster recovery, BCM covers vulnerability and risk assessment, impact assessment, creation and testing of a recovery plan, staff education, and review of other processes that could impact on resiliency in case of a disaster. Security Management is a supplementary process that was recently added to ITIL. This process protects against the loss or compromise of corporate assets such as data. This includes categorization of assets, assignment of security levels, creation and maintenance of a security plan, and monitoring of security-related incidents.
ITIL Service Delivery processes provide the following benets: The establishment of an optimum level of service within specic cost constraints. The design and measurement of a service according to specic parameters that directly impact a business, such as Key Performance Indicators (KPIs). Alignment of service quality with corporate incentive programs. A clear picture of the IT risks to which an enterprise is exposed. ROI and TCO analysis of IT investments.
DISPELLING THE MYTHS: WHAT ITIL IS NOT

As with many trends, myths abound when it comes to ITIL. Because ITIL involves some approaches that are truly new to many enterprises, it is easy to misunderstand what ITIL is all about. There is also a lot of hype around the subject. This section will shed some light on the most frequently misunderstood areas.
#1: ITIL Is Not Something You Can Implement Out of the Book
The relationship between the content of the ITIL books and the operation of an IT department is not simply a direct one. In fact, there is a three-layer structure, as illustrated below. ITIL denitions and guidelines actually become the basis of specic processes that are developed in an enterprise.
10
TOC
Operations Staff
Delivery of IT Services
Governed By
Process Designers
IT Processes
Based On
ITIL Books
ITIL Principles and Definitions
Figure 4: How theory meets practice This distinction is important, because the middle layer the design of processes based on ITIL can be very costly and time-consuming. In fact, this middle layer is the biggest hurdle to implementing ITIL.
#2: ITIL Is Not a Standard

Vendor claims of ITIL compliance for everything from software to vendor processes give the impression that ITIL is a standard. However, this is not the case. ITIL is a set of best practices that can be used as the user sees t. In the strictest sense of the term, there is no such thing as ITIL compliance. However, there are now emerging standards based on ITIL principles. BS150000 (BS stands for British Standard) was developed in the U.K., and is an auditable standard for ITIL processes. ISO has stepped into the ring with ISO20000, which will have an international scope.
#3: ITIL Is Not a Governance Framework

Getting IT under control with ITIL is an important step in meeting the requirements of Sarbanes-Oxley and other legislation. However, ITIL does not address governance in a comprehensive way and cannot be used on its own to ensure Sarbanes-Oxley compliance. However, ITIL maps well with COBIT, the de facto North American governance framework, which is discussed later in this document.
#4: ITIL Does Not Cover All Aspects of Todays IT Environments

ITIL is based on a highly centralized IT model that existed in 1980. Since that time, we have seen revolutionary changes in IT, including the advent of desktop
11
TOC
computing, networking, client/server computing, and the Internet. Microsoft Operations Framework (MOF), which is described below, is an example of a body of knowledge that builds on ITIL to address these changes.
#5: ITIL Is Not an All or Nothing Proposition

The interactive nature of ITIL processes implies that the entire framework has to be in place for benets to accrue. This is not the case. Many enterprises benet from implementing only one or two ITIL processes. This is especially true for smaller enterprises.
#6: ITIL Is Not a Religion

Many CIOs may be looking for a magic bullet to end their IT chaos, but blindly following ITIL in hopes that everything will x itself is doomed to failure.
WHAT ITIL IS
The success of ITIL is based on its applicability to a wide range of IT scenarios. The following observations are key: ITIL is scaleable. ITIL principles can be used to create processes for enterprises of all sizes. Even a one-person help desk can use ITIL to record congurations, track incidents, and manage escalations. ITIL is exible. One of the maxims of the ITIL community is adopt and adapt. This means take the ITIL principles and use them as required in the enterprise. ITIL is all about teamwork. Enterprises of any size that embrace ITIL need to break down barriers between different stakeholder groups. Finger pointing, for example, between the database people and the network people cannot be had when user productivity is on the line. ITIL, at the most fundamental level, gets everybody working towards the same goal. ITIL is evolving. ITIL is currently being re-written through the ITIL Refresh project. ITIL works well with other frameworks. In keeping with the adopt and adapt philosophy, ITIL maps well with other bodies of knowledge.
BEYOND ITIL: EXPANDING THE SCOPE OF IT SERVICE MANAGEMENT

As IT has evolved, the eld of ITSM has expanded beyond ITILs original scope, encompassing the following new areas: Network management and the establishment of end-to-end services.
12
TOC
Application management, covering the increasingly complex nature of distributed environments. Software management, satisfying the need to manage software quality in a continuously changing environment. Security management, addressing the increased risks to IT systems resulting from distributed architectures and the Internet. Improved nancial management, spurred on by the vastly complex array of costs and business benets that have arisen from recent IT developments.
At least a dozen standards have emerged that support this expanded role of ITSM. These are complementary in nature, and are supported by the ITSM community through itSMF. It is beyond the scope of this document to look at all of them. Instead, we will focus on the three that are most likely to matter to the SME: COBIT, Six Sigma, and MOF.
CONTROLLED OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT)

Many enterprises will have run into COBIT before considering ITIL. If SarbanesOxley compliance is on the agenda, COBIT is not an option but rather a requirement. COBIT was published and is maintained by the Information Systems Audit and Control Foundation (ISACA) and the IT Governance Institute. Like ITIL, COBIT is in the public domain. COBIT is commonly used alongside ITIL to formalize the accountability links between various aspects of IT and the nancial governance structure of an enterprise. COBIT puts emphasis on the factors that matter most: risk management, security, consistency of data, and cost control. To this end, COBIT establishes 34 control objectives, each linked to a number of specic activities. These are all tied together by means of a common control framework, supported by a number of management guidelines. Many of the control objectives in COBIT are present in ITIL. Therefore, using them both is not an either or proposition the processes in ITIL will help, not hinder, adoption of COBIT. There is some overlap, particularly with regard to ITILs Financial Management function, but this is easily manageable. What COBIT adds is much more detail on the nancial and management side, and interfaces well with formal accounting and audit principles. COBIT, in spite of its relation to formal audits, is an adopt and adapt framework. As a case in point, the IT Governance Institute has published COBIT online to make it easy for users to adapt it for their own enterprise. Furthermore, and of special interest to SMEs, there is a version called COBIT QuickStart, which is designed for SMEs who dont have the depth of requirement as would a larger enterprise.
13
TOC
SIX SIGMA
Six Sigma and ITIL have common roots. The beginnings of Six Sigma go back to 1920, when Walter Shewhart, the creator of the same Shewhart Circle used by ITIL, established a set of statistical principles about the dynamics of product variation. The big breakthrough for Six Sigma, however, occurred in the 1980s the same time ITIL was being created. Bill Smith, a Vice President at Motorola, created the actual Six Sigma body of knowledge for use with by his own enterprise. Six Sigma remains a Motorola registered trademark. However, much of the notoriety of Six Sigma was achieved through General Electrics high prole adoption of it in the 90s under the helm of Jack Welch. As a method, Six Sigma provides a set of tools that allow variations to be quantied, and for performance to be planned around quantiable goals. Six Sigma adheres to the following multi-layer structure: As a measurement tool, it provides means for calculating deviations in quality. The overriding law is that defects must be limited to 3.4 out of one million instances. As a method, it provides a toolset for quality improvements projects. As in ITIL, these projects involve teamwork and the elimination of functional silos. Six Sigma is also a philosophy in that it promotes a culture about quality.
Many vendors provide Six Sigma consulting as a complement to ITIL, and it can be used to help enterprises understand how successful they are at managing their IT infrastructure. In fact, many SMEs contemplating ITIL already have Six Sigma processes in place. The two methodologies often have a complementary relationship. If ITIL is the machine that monitors and regulates IT, Six Sigma is the precision measurement tool.
MICROSOFT OPERATIONS FRAMEWORK (MOF)

Like many other software vendors, Microsoft has been actively involved with the ITIL community over the past few years. However, Microsoft has taken this involvement a step further by developing a complementary framework, which is widely regarded as a signicant contribution to the eld. Using its own environment as a test bed, Microsoft developed MOF a framework based on ITIL principles optimized for maintaining large Microsoft-based environments. Released in 2000, MOF is available for free and is posted on the Microsoft Web site. Microsoft makes a strong point that MOF is not a departure from ITIL, but instead an actionable and prescriptive realization of ITIL principles. MOF is wellaccepted in the ITIL community, and a number of ITIL training enterprises offer MOF courses as an adjunct to ITIL training.
14
TOC
As a framework, MOF provides the following: Processes mapped specically to Microsoft products. These cover areas such as security administration, directory services administration, storage management, and print and output management. A lifecycle model that makes it easier to create, evolve, and track specic services over time. A teaming model that reects that fact that teams may be geographically distributed and from a variety of disciplines. A risk model that claries the day-to-day management of IT risk through a ve- step process. Correspondence with another Microsoft process framework Microsoft Solutions Framework (MSF). MSF in turn provides a methodology for the planning and rollout of enterprise applications in a Microsoft environment.
MOF is particularly suitable for SMEs because it reduces the workload of implementing service management as well as outside consulting costs. The costreducing elements are as follows: Microsoft has released software plug-ins that make it easy to manage applications such as Microsoft Exchange using MOF principles. These greatly speed up the implementation process, and set up plug and play workow processes that ensure that service management is executed thoroughly and accurately. The MOF documents also include many of the practical middle layer processes that are not included in ITIL. As opposed to the broad denitional approach of ITIL, these processes are actionable and ready to implement. The completeness of MOF helps enterprises avoid the complexity of incorporating other standards and methods with ITIL.
Microsoft made the wise choice to not re-invent the wheel, and to keep the ITIL principles intact. This means that a MOF environment will easily accommodate ITIL-compliant software such as HP OpenView, which may play a prominent role in the IT management of an enterprise. But more importantly it means that an enterprise that works with MOF can use ITIL-trained staff, and can work easily with partners that have implemented ITIL-compliant processes in their enterprises. However, the adopt and adapt motto should be kept in mind. Like ITIL, MOF is not a religion, and should never be seen as an automatic x for all IT problems. Furthermore, MOF is optimized for Microsoft environments. Enterprises with signicant investments in other platforms such as Linux, HP-UX, or AIX may nd that the exceptions outweigh the benets.
15
TOC
ITIL REFRESH: IF IT AINT BROKE

The creators of ITIL have also seen the need for change, and the ITIL books are being re-written. However, throughout an extensive consultation process with the ITIL community, the motto that emerged was If it aint broke, dont x it. In other words, the community has overwhelmingly agreed that the basic ITIL principles are sound and proven. What is needed is a more convenient and actionable presentation of the materials, plus supplementary materials to ease implementation. The new ITIL is due for publication in late 2006, and will incorporate the following changes: The eight core ITIL books will be re-structured into ve books. These will present the basic ITIL processes more concisely, and will be presented according to a lifecycle model, with the following titles: 1. Service Strategies 2. Service Design 3. Service Introduction 4. Service Operation 5. Continuous Service Improvement A wide variety of complementary materials will be published. These will include study guides for individuals preparing for certication, an introduction to ITIL for business stakeholders, and a book about IT management in smaller enterprises.
Although the exam structure for certication will change, past ITIL certications will remain valid.
MAKING IT HAPPEN: ITIL RESOURCES

Enterprises undertaking ITSM will nd that there is a robust community of service vendors, educators, and fellow travelers who are committed to ITIL and other process frameworks. There is a growing list of resources available from this community to suit enterprises of all sizes.
EDUCATION
ITIL training is provided by a number of service providers on a global level. Trainers range from single independent consultants to large multinationals such as HP and IBM. Often, training is delivered as part of a consulting engagement.
16
TOC
Certication and testing is managed by an enterprise called EXIN (Examination Institute for Information Science). EXIN oversees the administration of exams, and the certication of trainers and examiners. Other IT frameworks are covered in EXINs mandate, including MOF. There are three levels of ITIL certication: Foundation Level: This involves 2-5 days of classroom training, and provides an introduction to ITIL processes and principles. General in scope, this training is suitable for managers as well as eld personnel. Practitioner Level: This involves in-depth training in a specialized process. The exam is case-study oriented, requiring the candidate to demonstrate mastery on a practical level. Service Manager Level: This is reserved for a practitioner who has practiced ITIL for three or more years. This demonstrates mastery at a practical and theoretical level of the skills necessary to build and manage an ITIL-based service enterprise.
CONSULTING SERVICES
As is the case with training, service providers who cater to the ITIL community range from independent consultant to large multinational. In fact, most ITIL service providers offer both training and consulting. Because of the strong central role that itSMF plays in the ITSM community, ITIL experts are not hard to nd. However, a number of enterprises are reporting a shortage of ITIL-trained individuals, in spite of a steady increase in certications. Many larger enterprises offer comprehensive approaches. These include specic architectures and pre-established methodologies that speed the implementation process. While appealing, many of these approaches are too expensive for the average SME. It should also be pointed out that large IT vendors use ITIL services as a lead-in to sell hardware infrastructure. In general, smaller enterprises tend to work with independent or smaller service providers in order to nd solutions that meet their budget. Many consultants also combine other frameworks to support a more up-to-date approach. It wouldnt be uncommon for an ITIL consultant to utilize MOF in order to set up support for a Microsoft Exchange server, or to add some Six Sigma processes to help make some structural improvements.
GUIDES, FLOWCHARTS AND TEMPLATES

As mentioned previously, the biggest single obstacle to getting ITSM implemented is the chore of setting up enterprise-specic processes. The ITIL books provide the guidelines, but they dont provide actionable materials. This leaves enterprises to create service denitions, job descriptions, policies and procedures, escalation owcharts, reporting structures, and other documents.
17
TOC
Fortunately, vendors have put together a variety of customizable documents to signicantly reduce the implementation effort. These are available standalone, or are brought in by hired consultants.
SOFTWARE
A variety of software products are used extensively in ITIL implementations. First of all, most NSM (Network and System Management) software packages incorporate ITIL principles. For example, most help desk software packages include an ITIL-compliant conguration management database, and are structured based on ITIL patterns and denitions. These products also often incorporate a workow component, where tasks are routed from one group to another according to the designated process ow. Finally, they greatly facilitate the kind of reporting that is required for Service Delivery processes such as Availability Management and Financial Management. A number of vendors also offer standalone products such as conguration databases and development tools for workow processes.
THE ROLE OF OUTSOURCERS

ITIL has been widely adopted by outsourcers and managed service providers. The reasons are understandable a third party provider has many clients that have to be serviced from a single point. ITIL provides these rms with the ability to continuously improve quality while addressing a wide variety of support needs. ITIL can also provide a process for outsourcers and their customers to work together more closely. Just as internal ITIL processes often involve collaboration between different groups, they can also support collaboration between different enterprises. The following diagram shows a typical example. Many SMEs choose to outsource their rst-line support, but to handle escalations with their own IT department. The ITIL process could be shared with the vendor as per the following diagram:
18
TOC
Change Management (Plan)
Problem Management (Act)
Configuration Management
Release Management (Do)
Incident Management (Check)
Customer-owned Process
Outsourcer-owned Process
Figure 5: The sharing of ITIL processes While the interaction seems complex, this kind of collaboration is exactly what ITIL was designed for. Outsourcers who work with ITIL will be familiar with this approach, as outsourcing in the current marketplace is rarely an all or nothing proposition.
MOVING FORWARD: A TYPICAL SCENARIO

Implementing a comprehensive service management structure in an enterprise can take years. Like any major project, it should be approached incrementally, testing and revising the plan as it moves forward. The sequence of steps is highly specic to each enterprise. Therefore, the following are intended not as a generic plan, but an example of how a typical SME might undertake an ITSM strategy. 1. Assess your needs. As previously stated, ITIL is not a panacea, and should never be implemented just because it is the thing to do. There has to be a compelling need to deliver higher service levels, get better control of costs, interface IT with global partners, or some other need. Many enterprises have got by with what is referred to as good enough computing, a level where IT is acceptable, but not really excellent. In order to justify moving forward, there should be solid reasons why good enough computing is not good enough. Size is important to consider as well. Very small enterprises with only a few IT staffers will not have nearly the process needs of a larger enterprise. The need might be as simple as using a conguration management database
19
TOC
to manage IT assets more carefully. Or it could involve a multi-year project with a number of processes, and the complementary use of ITIL and other frameworks. 2. Train key people at the ITIL Foundation level. Because ITSM involves both a new way of thinking about IT and a signicant investment, it pays to train key people early on at the ITIL Foundation level. This will make it easier to assess vendor offerings, and take a sober look at what lies ahead. Since ITIL shares the same basic principles as other frameworks, Foundationlevel training will also help determine a role for complementary processes such as COBIT or MOF. Trainees should also join itSMF, and become active members of the ITSM community. 3. Create a tactical plan. Sketch out a sequential plan for rolling out service management processes. Vendor alignments should be worked out at this stage, including consulting, training, use of software tools, and outsourcing. The plan should also determine the role of complementary frameworks such as COBIT or MOF. 4. Create a conguration management database. No ITSM effort can succeed unless this preliminary step has been taken. Vendor products make this step easier, but the commitment to maintain documentation should not be underestimated. 5. Get Incident Management under control. With the content management database in place, the next step is to implement policies where incidents are recorded and tracked according to ITIL Incident Management. This will keep the content management database maintained, and will begin the all important data collection process upon which all quality improvement will be based. 6. Implement Problem and Change Management. With Conguration and Incident Management in place, the escalation processes can be formalized according to Problem and Change Management. In larger enterprises, particularly with multiple locations, Release Management should also be implemented. 7. Implement processes to address specic business requirements. Implement Service Delivery processes based on business priorities. Much of this can occur in parallel with rollout of the Service Support processes, but having the latter in place will make the enterprise much more effective at measuring costs and risks, and detecting potentially dangerous conditions. For example, an efcient Change Management process will help enterprises recover quickly according to the Business Continuity Management process. As the environment-specic aspects begin to be rolled out, the role of other bodies of knowledge, such as COBIT or MOF, will become more prevalent.
20
TOC
CONCLUSION
ITSM is a key weapon in the war to make IT more responsive to the users and businesses it serves. Since the early 1980s ITIL has evolved from a set of best practices for improving IT in the U.K. government to a de facto global standard for IT management. As IT has evolved, other bodies of knowledge have evolved to ll in the resultant gaps. However, these documents are not competitive, but complementary, and are supported by a common community. Today, enterprises have a wide variety of choice when it comes to service management methodologies, and a large pool of vendors from which to choose. For the SME, ITSM in general is a large undertaking, but the adopt and adapt nature of the discipline means that there is an approach for everybody. As the eld continues to grow, new vendor offerings will continue to lower the entry bar.
21
TOC
About the Author

Jacob Stoller is a researcher, writer, and consultant who helps decision makers get to the core of complex technological issues. In addition to producing analytic whitepapers and reports, Jacob frequently contributes to a number of trade magazines, and has also given a number of public seminars on IT strategies. Prior to starting his practice in 2001, Jacob was a sales executive for companies such as Wang, Unisys, and HP. Jacob earned his Bachelor of Arts from Marlboro College in Vermont, and studied computer engineering at Ryerson University in Toronto.
Info-Tech Research & Analysis

This is an independent, non-sponsored research report. It was not funded by any vendor or other party.
Disclaimer
This material is for the general information of clients of Info-Tech Research Group. It does not constitute a personal recommendation or take into account the particular objectives, situations, or needs of individual clients. Before acting on any advice or recommendation in this material, clients should consider whether it is suitable for their particular circumstances and, if necessary, seek professional advice. The information contained herein has been obtained from sources believed to be reliable. Info-Tech disclaims all warranties and conditions as to the accuracy, completeness or adequacy of such information. Info-Tech is not liable for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection and use of these materials to achieve its intended results. Opinions expressed are our current opinions as of the date appearing on this material only. The opinions expressed herein are subject to change without notice. We endeavor to update on a reasonable basis the information discussed in this material, but for certain reasons we may be prevented from doing so. 2006 3409945 Canada Limited, operating as the Info-Tech Research Group (Info-Tech). All rights reserved. Reproduction in any form without prior written permission is forbidden. Note: All Web links in this document were checked for accuracy and functionality at the time of publication. We cannot, however, guarantee that referenced Web sites will not change the location or contents of linked materials, and will not be held responsible for such changes.
About Info-Tech Research Group

Our research and advisory services offer unparalleled access to IT research specically geared to the unique needs of IT professionals working in mid-sized enterprises. Research Seats with Info-Tech Advisor will provide you and your team with the research and analysis needed to succeed with daily IT tasks and management. Research Seats with McLean Report will support your IT strategy development and provide access to relevant, industry specic research. To compliment both Research Seat options, tap into customized guidance and advice with an Analyst Inquiry Service, and gain access to unlimited, on-demand advice from industry experts. Find out more www.infotech.com 888-670-8889 (North America) 519-432-3550 (International)
22
TOC

Adapting ITIL To Small-And Mid-Sized Enterprises: Inside This Report

Uploaded by

Copyright:

Available Formats

Adapting ITIL To Small-And Mid-Sized Enterprises: Inside This Report

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Adapting ITIL To Small-And Mid-Sized Enterprises: Inside This Report

Uploaded by

Copyright:

Available Formats

Adapting ITIL to Small- and Mid-Sized Enterprises

Inside this report: