ITIL is published in a series of books, each of which cover an IT management topic. The names ITIL and IT Infrastructure Library are registered trademarks of the United Kingdom's Office of Government Commerce (OGC). ITIL gives a detailed description of a number of important IT practices with comprehensive check lists, tasks and procedures that can be tailored to any IT organization.
ITIL Certifications are managed by the ICMB (ITIL Certification Management Board) which is comprised of the OGC, IT Service Management Forum (itSMF) International and two examinations institutes: EXIN (based in the Netherlands) and ISEB (based in the UK).
The EXIN and ISEB proctor the exams and award qualifications at Foundation, Practitioner and Manager/Masters level currently in 'ITIL Service Management', 'ITIL Application Management' and 'ICT Infrastructure Management' respectively.
A voluntary registry of ITIL-certified practitioners is operated by the ITIL Certification Register
Organizations or a management system may not be certified as "ITIL-compliant". An organization that has implemented ITIL guidance in ITSM, however, may be able to achieve compliance with and seek certification under ISO/IEC 20000.
In the early 1980s, IBM documented the original Systems Management concepts in a four-volume series called A Management System for Information Systems. These widely accepted “yellow books,” ... were key inputs to the original set of ITIL books.
The primary author of the IBM yellow books was Edward A. Van Schaik, who compiled them into the 1985 book A Management System for the Information Business (since updated with a 2006 re-issue by Red Swan Publishing). In the 1985 work, Van Schaik in turn references a 1974 Richard L. Nolan work, Managing the Data Resource Function which may be the earliest known systematic English-language treatment of the topic of large scale IT management (as opposed to technological implementation).
During the late 1980s the CCTA was under sustained attack, both from IT companies who wanted to take over the central Government consultancy service it provided and from other Government departments who wanted to break free of its oversight. Eventually CCTA succumbed and the concept of a central driving IT authority for the UK Government was lost. This meant that adoption of CCTA guidance such as ITIL was delayed, as various other departments fought to take over new responsibilities.
In some cases this guidance was lost permanently. The CCTA IT Security and Privacy group, for instance, provided the CCTA IT Security Library input to GITMM, but when CCTA was broken up the security service appropriated this work and suppressed it as part of their turf war over security responsibilities.
Though ITIL was developed during the 1980s, it was not widely adopted until the mid 1990s for the reasons mentioned above. This wider adoption and awareness has led to a number of standards, including ISO/IEC 20000 which is an international standard covering the IT Service Management elements of ITIL. ITIL is often considered alongside other best practice frameworks such as the Information Services Procurement Library (ISPL), the Application Services Library (ASL), Dynamic Systems Development Method (DSDM), the Capability Maturity Model (CMM/CMMI), and is often linked with IT governance through Control Objectives for Information and related Technology (COBIT).
In December 2005, the OGC issued notice of an ITIL refresh , commonly known as ITIL v3, which became available in May 2007. ITIL v3 initially includes five core texts:
These publications update much of the current v2 and extend the scope of ITIL in the domain of service management.
Outside of ITIL, other IT Service Management approaches and frameworks exist, including the Enterprise Computing Institute's library covering general issues of large scale IT management, including various Service Management subjects.
The British Educational Communications and Technology Agency (BECTA) has developed the Framework for ICT Technical Support (FITS) and is based on ITIL, but it is slimmed down for UK primary and secondary schools (which often have very small IT departments). Similarly, The Visible OPS Handbook: Implementing ITIL in 4 Practical and Auditable Steps claims to be based on ITIL but to focus specifically on the biggest "bang for the buck" elements of ITIL.
Organizations that need to understand how ITIL processes link to a broader range of IT processes or need task level detail to guide their service management implementation can use the IBM Tivoli Unified Process (ITUP). Like MOF, ITUP is aligned with ITIL, but is presented as a complete, integrated process model.
Smaller organizations that cannot justify a full ITIL program and materials can gain insight into ITIL from a review of the Microsoft Operations Framework which is based on ITIL but defines a more limited implementation.
The enhanced Telecom Operations Map eTOM published by the TeleManagement Forum offers a framework aimed at telecommunications service providers. In a joined effort, tmforum and itSMF have developed an Application Note to eTOM (GB921 V, version 6.1 in 2005, a new releases is scheduled for summer 2008) that shows how the two frameworks can be mapped to each other. It adresses how eTom process elements and flows can be used to support the processes identified in ITIL.
While the Service Management sets (Service Support and Service Delivery) are by far the most widely used, circulated and understood of ITIL publications, ITIL provides a more comprehensive set of practices as a whole. Proponents believe that using the broader library provides a comprehensive set of guidance to link the technical implementation, operations guidelines and requirements with the strategic management, operations management and financial management of a modern business.
The eight ITIL version 2 books and their disciplines are:
The IT Service Management sets
Other operational guidance
To assist with the implementation of ITIL practices a further book was published providing guidance on implementation (mainly of Service Management):
And this has more recently been supplemented with guidelines for smaller IT units, not included in the original eight publications:
ITIL is built around a process-model based view of controlling and managing operations often credited to W. Edwards Deming. The ITIL recommendations were developed in the 1980s by the UK Government's CCTA in response to the growing dependence on IT and a recognition that without standard practices, government agencies and private sector contracts were independently creating their own IT management practices and duplicating effort within their Information and Communications Technology (ICT) projects resulting in common mistakes and increased costs. In April 2001 the CCTA was merged into the Office of Government Commerce (OGC), an office of the UK Treasury.
One of the primary benefits claimed by proponents of ITIL within the IT community is its provision of common vocabulary, consisting of a glossary of tightly defined and widely agreed terms. A new and enhanced glossary has been developed as a key deliverable of the ITIL v3 (also known as the ITIL Refresh Project).
Aligning and realigning IT services to changing business needs (because standstill implies decline).
The goal of Continual Service Improvement is to align and realign IT Services to changing business needs by identifying and implementing improvements to the IT services that support the Business Processes. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. In order to manage improvement, CSI should clearly define what should be controlled and measured.
CSI needs to be treated just like any other service practice. There needs to be upfront planning, training and awareness, ongoing scheduling, roles created, ownership assigned,and activities identified in order to be successful. CSI must be planned and scheduled as process with defined activities, inputs, outputs, roles and reporting.
Once an organization has gone through the process of identifying what its Services are, as well as developing and implementing the IT Service Management (ITSM) processes to enable those services, many believe that the hard work is done. How wrong they are!! The real work is only just beginning. How do organizations get buy-in for using the new processes? How do organizations measure, report and use the data to improve not only the new processes but to continually improve the Services being provided? This requires a conscious decision to adopt CSI with clearly defined goals, documented procedures, inputs, outputs and identified roles and responsibilities. To be successful, CSI must be embedded within each organization's culture.
The Service Lifecycle is a comprehensive approach to Service Management: seeking to understand its structure, the interconnections between all its components,and how changes in any area will affect the whole system and its constituent parts over time. It is an organizing framework designed for sustainable performance.
The Service Lifecycle can be viewed in a graphical manner, where it is easy to demonstrate the value provided, both in terms of "business contribution" and "profit" The business contribution is the ability for an IT organization to support a business process, managing the IT service at the requested performance. The profit is the ability to manage cost of service in relations to the business revenue.
The Service Lifecycle can be viewed as a phased life cycle, where the phases are:
The interaction between phases are managed through the Continual Service Improvement approach, which is responsible for measuring and improving service and process maturity level. After Comparison of all phases, a service period is concluded and another service period begins.
The Continual Service Improvement phase is involved during all phases of the service lifecycle. It is responsible for measuring the service and the processes, (Service Measurement), and to document the results (Service Reporting) in order to improve the services quality and the processes maturity (Service Improvement). These improvements will be implemented in the next period of Service Lifecycle, stating again with Service Strategy, and after with Service Design and Transition, the Service Operation phase of course continue to manages operations during all service periods.
With the evolution of service periods, the "effort" for each phase will be reduced concerning the strategic and tactical phases (SS,SD and ST), here the SO phase is optimized and takes the primary role. At each cycle of the service (service period) the service will be improved with results of increasing of the Value of business and maximizing of Profits.
In terms of Business Contribution, the IT Service begins to be valuable when in the first step the Service Transition starts.
In terms of profits, the major investments are required with the big implementation projects (ST), when the transition is complete and the Operations start, the service begins to support business process and the new revenues balance the costs. After some periods of service optimization the "Profit & Loss" start to be profitable and reach the "break even point".
After a number of periods (depending on the complexity of the service and the complexity of the service and the flexibility of the business), the business contribution and the profit will be stabilized, which means that the IT organization has reached the right level of maturity in managing processes and the service has reached the right level of performance in meeting the service level requirements.
To a business, customers and users are the entry point to the process model. They get involved in service support by:
The service desk is the single contact point for the customers to record their problems. It will try to resolve it, if there is a direct solution or will create an incident. Incidents initiate a chain of processes: Incident Management, Problem Management, Change Management, Release Management and Configuration Management (see following sections for details). This chain of processes is tracked using the Configuration Management Database (CMDB), which records each process, and creates output documents for traceability (Quality Management).
Tasks include handling incidents and requests, and providing an interface for other ITSM processes.
The primary functions of the Service Desk are:
The Service Desk function is known under various names .
The three types of structure that can be considered are:
Problem management is different from incident management. The principal purpose of problem management is to find and resolve the root cause of a problem and prevention of incidents; the purpose of incident management is to return the service to normal level as soon as possible, with smallest possible business impact.
The problem management process is intended to reduce the number and severity of incidents and problems on the business, and report it in documentation to be available for the first-line and second line of the help desk. The proactive process identifies and resolves problems before incidents occur. These activities are:
The Error Control Process is an iterative process to diagnose known errors until they are eliminated by the successful implementation of a change under the control of the Change Management process.
The Problem Control Process aims to handle problems in an efficient way. Problem control identifies the root cause of incidents and reports it to the service desk. Other activities are:
The standard technique for identifying the root cause of a problem is to use an Ishikawa diagram, also referred to as a cause-and-effect diagram, tree diagram, or fishbone diagram. An Ishikawa diagram is typically the result of a brainstorming session in which members of a group offer ideas to improve a product. For problem-solving, the goal will be to find the cause and effect of the problem.
Ishikawa diagrams can be defined in a meta-model.
First there is the main subject, which is the backbone of the diagram that we are trying to solve or improve. The main subject is derived from a cause. The relationship between a cause and an effect is a double relation: an effect is a result of a cause, and the cause is the root of an effect. But there is just one effect for several causes and one cause for several effects.
A change is “an event that results in a new status of one or more configuration items (CI's)” approved by management, cost effective, enhances business process changes (fixes) - with a minimum risk to IT infrastructure.
The main aims of Change Management are:
The focus of release management is the protection of the live environment and its services through the use of formal procedures and checks.
A Release consists of the new or changed software and/or hardware required to implement approved changes
Releases are categorized as:
Releases can be divided based on the release unit into:
Service Level Management provides for continual identification, monitoring and review of the levels of IT services specified in the service level agreements (SLAs). Service Level Management ensures that arrangements are in place with internal IT Support Providers and external suppliers in the form of Operational Level Agreements (OLAs) and Underpinning Contracts (UCs). The process involves assessing the impact of change upon service quality and SLAs. The service level management process is in close relation with the operational processes to control their activities. The central role of Service Level Management makes it the natural place for metrics to be established and monitored against a benchmark.
Service Level Management is the primary interface with the customer (as opposed to the user, who is serviced by the Service Desk). Service Level Management is responsible for
The Service Level Manager relies on all the other areas of the Service Delivery process to provide the necessary support which ensures the agreed services are provided in a cost effective, secure and efficient manner.
Availability Management is the ability of an IT component to perform at an agreed level over a period of time.
A basic concept of the Security Management is the information security. The primary goal of information security is to guarantee safety of the information. Safety is to be protected against risks. Security is the means to be safe against risks. When protecting information it is the value of the information that has to be protected. These values are stipulated by the confidentiality, integrity and availability. Inferred aspects are privacy, anonymity and verifiability.
The current move towards ISO/IEC 27001 may require some revision to the ITIL Security Management best practices which are often claimed to be rich in content for physical security but weak in areas such as software/application security and logical security in the ICT infrastructure.
The Infrastructure Management processes describe those processes within ITIL that directly relate to the ICT equipment and software that is involved in providing ICT services to customers.
These disciplines are less well understood than those of Service Management and therefore often some of their content is believed to be covered 'by implication' in Service Management disciplines.
SAM includes maintaining software license compliance; tracking the inventory and usage of software assets; and maintaining standard policies and procedures surrounding the definition, deployment, configuration, use and retirement of software assets. SAM represents the software component of IT asset management, which also includes hardware asset management (to which SAM is intrinsicly linked by the concept that without effective inventory hardware controls, efforts to control the software thereon will be significantly inhibited).
As Jan van Bon (author and editor of many IT Service Management publications) notes,
CIO Magazine columnist Dean Meyer has also presented some cautionary views of ITIL, including five pitfalls such as "becoming a slave to outdated definitions" and "Letting ITIL become religion." As he notes, "...it doesn't describe the complete range of processes needed to be world class. It's focused on ... managing ongoing services."
The quality of the library's volumes is seen to be uneven. For example, van Herwaarden and Grift note, “the consistency that characterized the service support processes … is largely missing in the service delivery books.
In a 2004 survey designed by Noel Bruton (author of 'How to Manage the IT Helpdesk' and 'Managing the IT Services Process'), ITIL adopting organizations were asked to relate their actual experiences in having implemented ITIL. Seventy-seven percent of survey respondents either agreed or strongly agreed that "ITIL does not have all the answers". ITIL exponents accept this, citing ITIL's stated intention to be non-prescriptive, expecting that organizations will have to engage ITIL processes with their existing overall process model. Bruton notes that the claim to non-prescriptiveness must be at best one of scale rather than absolute intention, for the very description of a certain set of processes is in itself a form of prescription. (Survey "The ITIL Experience - Has It Been Worth It", author Bruton Consultancy 2004, published by Helpdesk Institute Europe, The Helpdesk and IT Support Show and Hornbill Software.)
While ITIL addresses in depth the various aspects of Service Management, it does not address enterprise architecture in such depth. Many of the shortcomings in the implementation of ITIL do not necessarily come about because of flaws in the design or implementation of the Service Management aspects of the business, but rather the wider architectural framework in which the business is situated. Because of its primary focus on Service Management, ITIL has limited utility in managing poorly designed enterprise architectures, or how to feed back into the design of the enterprise architecture.
The BOFH notes that “ITIL manuals are like kryptonite to enthusiasm."
WAN optimization tips; * Criteria end users could use to choose a network and application optimization solution.(wireless area network)
Nov 28, 2006; Byline: Steve Taylor,aJim Metzler In the last newsletter we mentioned that Jim recently completed a six-city seminar tour for...
Regain visibility and control: managed services can help with application optimization and acceleration.(Managed Services)
Mar 01, 2006; The need to improve the visibility of network traffic, and the related issue of how to control that traffic, is taking on...
Are you in a state of denial over the need for network, application optimization? * The need to optimize won't be going away any time soon.(Column)
May 22, 2007; Byline: Steve Taylor, Jim Metzler Jim recently moderated a seminar series on the topic of network and application optimization...