ITIL — Why We Need It

ITIL has established a foothold in US businesses and is rapidly growing. This framework for structuring IT service management processes offers many unique benefits to IT organizations of all sizes.

What is ITIL?

ITIL—the Information Technology Infrastructure Library—is a set of books describing best practices for managing IT services. These books were originated by the British government during the 1980s, and are owned by the British Office of Government Commerce (OGC).

Version 2 of ITIL currently contains 9 books describing service management, operational guidelines, planning and implementation. The version 2 books are:

1. Service Delivery
   
2. Service Support
   
3. ICT* Infrastructure Management
   
4. Security Management
   
5. The Business Perspective
   
6. Application Management
   
7. Software Asset Management
   
8. Planning to Implement Service Management
   
9. ITIL Small-Scale Implementation
   

The first two books, Service Delivery and Service Support, are by far the most widely used today, and form the basis for the emerging ISO/IEC 20000 international standard for IT service management. These first two ITIL books contain an integrated set of well-defined processes including:

• Service Desk
  
• Incident Management
  
• Software Asset Management
  
• Problem Management
  
• Configuration Management
  
• Change Management
  
• Release Management
  
• Service Level Management
  
• Capacity Management
  
• IT Service Continuity Management
  
• Availability Management
  
• Financial Management for IT Services
  

In 2007, the OGC released version 3 of ITIL that condenses the framework into 5 books built around a service management life-cycle concept. The new version 3 books are:

1. Service Strategy
   
2. Service Design
   
3. Service Transition
   
4. Service Operation
   
5. Continual Service Improvement
   

It should be noted that ITIL does not prescribe specific tools for managing these services. Instead, ITIL defines the structure and skill requirements of an IT organization, and a set of standard operational management guidelines that IT organizations can tailor to their specific needs for improving IT service management processes.

ITIL also provides common terminology for IT service management. See the ITIL Glossary for definitions of these terms.

ITIL for the SMB

ITIL is primarily designed for large enterprises with more formal, structured IT processes. However, small and midsized businesses (SMBs) can benefit from implementing some of these guidelines. In fact, since the goal of ITIL is to improve the efficiency of IT processes, ITIL is probably more beneficial for SMBs that are often challenged with limited support staff.

There are five ITIL processes that would provide the greatest value for small and midsized organizations. These are service desk, incident management, change management, configuration management and release management.

So, let's examine how SMBs can implement these ITIL concepts to better structure their IT processes.

Service Desk

The service desk is a user-facing process for requesting IT support, and is key to all other ITIL processes. In ITIL terms, it is the single point of contact (SPOC) between IT and the user community.

The service desk manages events such as incidents, service requests, and RFCs or requests for change (see Change Management). The service desk also provides feedback to users regarding the status of their requests, the catalog of services, and service availability and outages.

In large enterprises, the service desk is typically supported by dedicated call center staff that follow formal procedures for responding to incident reports and service requests. The call center initially attempts to resolve a user issue (level one support) before passing it on to a support technician (level two support).

A dedicated call center is usually cost-prohibitive for most small and midsized IT organizations. Instead, this role is performed directly by the network and desktop support technicians. In this case, the IT support staff provide both level one and level two support functions.

A commonality between large enterprise and SMB service desk implementations is an effective automated service desk system. The right service desk tool is essential for helping SMBs manage the service desk function, and can make the difference between a successful service desk and one that fails.

In addition to managing and organizing the myriad IT incidents and requests, a service desk is the fundamental component in collecting and reporting on key performance indicators (KPIs) for IT service processes. These KPIs are crucial for understanding how well your IT services are performing and which need improvement.

Incident Management

Incidents are the essence of IT support function and include such things as reporting error messages and outages. By definition, an incident is any event that disrupts the normal operation of an IT service. The primary objective of incident management is to return service to the user as quickly as possible.

Both users and IT can generate incident reports, which are funneled though the service desk and assigned to the appropriate support staff. As the support staff resolve incidents, they record their activities and findings using the service desk tool.

These incident logs provide the foundation for the organization's knowledge base and service management metrics. The most important consideration when defining an incident management procedure is recording the right information and ensuring it is both accurate and complete.

Change Management

An effective change management process ensures changes are introduced to the IT infrastructure in a controlled, safe manner, and is perhaps more critical for aligning IT services with business objectives than any other ITIL concept. The main objective of change management is to enable beneficial changes to be made with minimum disruption to IT services.

In addition to better aligning IT services to business objectives, other benefits of change management include:

• Improved risk assessment
  
• Reduced adverse impact on the service quality
  
• Increased visibility of changes within the organization
  

From an ITIL perspective, the scope of change management includes changes to any component of the live IT infrastructure, but typically excludes changes within development projects. When referencing IT infrastructure components, ITIL uses the term configuration item (CI), which includes all IT equipment, hardware, software, and all associated documentation and procedures (see Configuration Management).

Changes are primarily initiated by a request for change (RFC) from a user. An RFC is typically submitted and managed through the service desk function. Unlike incidents and service requests, an RFC is subject to a more formal review and approval process.

The authoritative body for the change management process is the change advisory board (CAB). The CAB is responsible for reviewing and approving changes, and typically includes representatives from other functional areas of the business. For emergency changes, a CAB emergency committee (CAB/EC) is used to expedite this process.

The main activities of the change management process are:

• Filtering changes
  
• Managing changes and the change process
  
• Chairing the CAB and the CAB/EC
  
• Reviewing and closing RFCs
  
• Management reporting
  

For SMBs with limited resources, an effective change management process is critical. By using standardized methods and procedures for efficient handling of all changes, SMBs can minimize the impact of change-related incidents and improve their day-to-day operations.

Configuration Management

Configuration management is the process that identifies, records and reports on all IT assets and their relationships with each other. In ITIL terms, an IT asset is a configuration item (CI). The heart of the configuration management process is the configuration management database (CMDB) where all CI information is stored.

An integrated configuration management system and CMDB is a key component for the other ITIL processes described here. The CMDB allows the other ITIL processes to understand the relationships of CIs and provides the visibility needed to manage the quality of the IT services.

Before going any further, let's dispel one myth regarding the CMDB—it is not just a list of computer equipment. Although equipment is a significant part of the CMDB, it also contains and needs other CIs such as software versions, processes and procedures, vendor contacts, configuration data, buildings and people.

A well defined CMDB greatly enhances the effectiveness of the other ITIL processes. It is essential that SMBs invest the effort to plan, identify, control, and verify their CMDB.

A good configuration management system (CMS) capable of storing all relevant CI information is invaluable for establishing and maintaining the integrity of the CMDB. The CMS should integrate with the service desk system and store all incidents and RFCs related to a CI in an easily accessible format.

Once established, your CMDB will allow you to more effectively manage your infrastructure and allow you to:

• Plan your CI and infrastructure life-cycle management.
  
• Identify CIs and their relationships.
  
• Control authorized CIs and support the change management process.
• Monitor CI status throughout their life-cycle.
  
• Verify CI existence for release management and change management.

Configuration management is the key process within the ITIL framework. Without an effective CMDB, the value of other ITIL processes is degraded. Configuration management, and an effective service desk, are essential for improving the quality of IT services for SMBs.

Release Management

Release management is the process of introducing new and modified versions of software to the IT infrastructure. Although chiefly aimed at managing software releases, this process may also include managing hardware releases.

The release management process includes quality control, roll-out planning, distribution and installation, communicating and managing user expectations regarding the release. A software releases is categorized as a major, minor or emergency release.

Most SMBs probably have some type of release management process in place. Although it may be called something else and may not be well documented, it typically exists in all IT organizations.

In some cases, release management is mislabeled or disguised as change management. However, release management differs from change management in several ways.

Change management is an overall process that controls and validates the business case of all changes to the IT infrastructure. Release management, on the other hand, focuses just on the activities involved in releasing new/modified software to the live environment.

Release management is a fairly complex process. The degree to which it is implemented in organizations greatly varies depending on several factors. At the very least, a simplified release management is a must for SMBs.

Conclusion

Although it may seem like a lot of extra work, the benefits of implementing these ITIL processes are well worth the effort. For those small and midsized IT organizations that are struggling due to limited resources, ITIL can greatly improve their ability to deliver higher quality IT services.

In future posts, I'll explore how to implement simplified versions of these ITIL concepts, and present alternatives for controlling and managing the processes. Until then, feel free to post your comments and questions on ITIL.

---

* Information and Communication Technology

By Harry Hiles, HBH Technology LLC — 29 Feb 2008

---