Information Technology Infrastructure Library
Encyclopedia
The Information Technology Infrastructure Library (ITIL), is a set of good practices for IT service management
(ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITILv3 and ITIL 2011 edition), ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage. ITILv3 underpins ISO/IEC 20000 (previously BS15000), the International Service Management Standard for IT service management, although differences between the two frameworks do exist.
ITIL describes procedures, tasks and checklists that are not organization-specific, used by an organization for establishing a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement.
The names ITIL and IT Infrastructure Library are registered trademarks
of the United Kingdom's Office of Government Commerce
(OGC) – now part of the Cabinet Office. Following this move, the ownership is now listed as being with HM Government rather than OGC.
in the 1980s developed a set of recommendations. It recognised that without standard practices, government agencies and private sector contracts had started independently creating their own IT management practices.
The IT Infrastructure Library originated as a collection of books, each covering a specific practice within IT service management
. ITIL was built around a process-model based view of controlling and managing operations often credited to W. Edwards Deming
and his plan-do-check-act (PDCA)
cycle.
After the initial publication in 1989–96, the number of books quickly grew within ITIL v1 to more than 30 volumes.
In 2000/2001, to make ITIL more accessible (and affordable), ITIL v2 consolidated the publications into 8 logical "sets" that grouped related process-guidelines to match different aspects of IT management, applications, and services. The Service Management sets (Service Support and Service Delivery) were by far the most widely used, circulated, and understood of ITIL v2 publications.
In line with the 2007 edition, the 2011 edition consists of 5 core publications – Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement.
There are 26 processes listed in ITIL 2011 edition and described below that shows which core publication provides the main content for each process.
Five volumes comprise the ITIL v3, published in May 2007 (2007 edition) and updated in July 2011 (2011 edition) for consistency:
development, service assets, market analysis, and service provider types. List of covered processes:
For candidates in the ITIL Intermediate Capability stream, the Service Offerings and Agreements (SOA) Qualification course and exam are most closely aligned to the Service Strategy (SS) Qualification course and exam in the Lifecycle stream.
List of covered processes:
to be established and monitored against a benchmark
.
Service level management is the primary interface with the customer (as opposed to the user serviced by the service desk). Service-level management is responsible for:
The service-level manager relies on the other areas of the service delivery process to provide the necessary support which ensures the agreed services are provided in a cost-effective, secure and efficient manner.
Availability management addresses the ability of an IT component to perform at an agreed level over a period of time.
supports the optimum and cost-effective provision of IT services by helping organisations match their IT resources to business demands. The high-level activities include:
Capacity management is focused on strategic capacity, including capacity of personnel (e.g., human resources, staffing and training), system capacity, and component (or tactical) capacity.
ITSCM is regarded by the application owners as the recovery of the IT infrastructure used to deliver IT Services, but many businesses practice the much further-reaching process of business continuity planning (BCP
), to ensure that the whole end-to-end business process can continue should a serious incident occur (at primary support level).
ITSCM involves the following basic steps:
describes the structured fitting of information security in the management organisation. ITIL security management
is based on the code of practice for information security management system (ISMS) now known as ISO/IEC 27002
.
A basic goal of security management is to ensure adequate information security
. The primary goal of information security, in turn, is to protect information assets against risks, and thus to maintain their value to the organisation. This is commonly expressed in terms of ensuring their confidentiality, integrity and availability, along with related properties or goals such as authenticity, accountability, non-repudiation
and reliability.
Mounting pressure for many organisations to structure their information security management systems in accordance with ISO/IEC 27001
requires revision of the ITIL v2 security management volume, and indeed a v3 release is in the works.
List of ITIL processes in Service Transition (ST):
The main aims of change management include:
Common change management terminology includes:
is used by the software migration team for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. Proper software and hardware control ensures the availability of licensed, tested, and version-certified software and hardware, which functions as intended when introduced into existing infrastructure. Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. This guarantees that all software meets the demands of the business processes.
The goals of release management include:
Release management focuses on the protection of the live environment and its services through the use of formal procedures and checks.
A Release consists of the new or changed software and/or hardware required to implement approved changes. Release categories include:
Releases can be divided based on the release unit into:
for achieving the delivery of agreed levels of services both to end-users and the customers (where "customers" refer to those individuals who pay for the service and negotiate the SLAs). Service operation, as described in the ITIL Service Operation volume, is the part of the lifecycle where the services and value is actually directly delivered. Also the monitoring of problems and balance between service reliability and cost etc. are considered. The functions include technical management, application management, operations management and service desk as well as, responsibilities for staff engaging in Service Operation.
List of processes:
Primary purposes of a service desk include:
The service desk function can have various names, such as:
The three types of structure for consideration:
Software asset management
(SAM) is a primary topic of ITILv2 and is closely associated with the ITILv3 Application Management function. SAM is the practice of integrating people, processes, and technology to allow software licenses and usage to be systematically tracked, evaluated, and managed. The goal of SAM is to reduce IT expenditures, human resource overhead and risks inherent in owning and managing software assets.
SAM practices include:
SAM represents the software component of IT asset management. This includes hardware asset management because effective hardware inventory controls are critical to efforts to control software. This means overseeing software and hardware that comprise an organization's computers and network
.
'Normal service operation' is defined here as service operation within service-level agreement (SLA) limits.
Incident management can be defined as :
An “Incident Definition as per V3” An unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Failure of a Configuration Item that has not yet impacted Service is also an Incident. For example, Failure of one disk from a mirror set.
An “Incident Definition as per V2” An event which is not part of the standard operation of a service and which causes or may cause disruption to or a reduction in the quality of services and Customer productivity.
The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price.
A 'problem' is an unknown underlying cause of one or more incidents, and a 'known error' is a problem that is successfully diagnosed and for which either a work-around or a permanent resolution has been identified. The CCTA (Central Computer and Telecommunications Agency) defines problems and known errors as follows
Problem management differs from incident management. The principal purpose of problem management is to find and resolve the root cause of a problem and thus prevent further incidents; the purpose of incident management is to return the service to normal level as soon as possible, with smallest possible business impact.
The problem-management process is intended to reduce the number and severity of incidents and problems on the business, and report it in documentation to be available for the first-line and second line of the help desk.
The proactive process identifies and resolves problems before incidents occur. Such processes include:
The error control process iteratively diagnoses known errors until they are eliminated by the successful implementation of a change under the control of the Change Management process.
The problem control process aims to handle problems in an efficient way. Problem control identifies the root cause of incidents and reports it to the service desk. Other activities are:
A technique for identifying the root cause of a problem is to use an Ishikawa diagram
, also referred to as a cause-and-effect diagram, tree diagram, or fishbone diagram. Alternatively, a formal Root Cause Analysis method such as Apollo Root Cause Analysis can be implemented and used to identify causes and solutions. An effective root cause analysis method and/or tool will provide the most effective/efficient solutions to address problems in the Problem Management process.
Continual service improvement, defined in the ITIL continual service improvement volume, aims to align and realign IT services to changing business needs by identifying and implementing improvements to the IT "SUmiTpaL" services that support the business processes. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. To manage improvement, CSI should clearly define what should be controlled and measured.
CSI needs to be treated just like any other service practice. There needs to be upfront planning, training and awareness, ongoing scheduling, roles created, ownership assigned,and activities identified to be successful. CSI must be planned and scheduled as process with defined activities, inputs, outputs, roles and reporting.
The IT service management sets
Other operational guidance
To assist with the implementation of ITIL practices a further book was published (Apr 9, 2002) providing guidance on implementation (mainly of Service Management):
And this has more recently (Jan 26, 2006) been supplemented with guidelines for smaller IT units, not included in the original eight publications:
ITIL discipline focuses on the User of the IT
services and is primarily concerned with ensuring that they have access to the appropriate services to support the business functions.
To a business, customers and users are the entry point to the process model. They get involved in service support by:
The service desk functions as the single contact-point for end-users' incidents. Its first function is always to "create" an incident. If there is a direct solution, it attempts to resolve the incident at the first level. If the service desk cannot solve the incident then it is passed to a 2nd/3rd level group within the incident management system. Incidents can initiate a chain of processes: incident management, problem management, change management, release management and configuration management. This chain of processes is tracked using the configuration management database (CMDB), which records each process, and creates output documents for traceability (quality management).
discipline concentrates on the proactive services the ICT must deliver to provide adequate support to business users. It focuses on the business as the customer of the ICT services (compare with: Service Support). The discipline consisted of the following processes:
The infrastructure management processes describe those processes within ITIL that directly relate to the ICT equipment and software that is involved in providing ICT services to customers.
These disciplines are less well understood than those of service management and therefore often some of their content is believed to be covered 'by implication' in service management disciplines.
. It includes many project management
disciplines in common with PRINCE2
, but has a broader focus to include the necessary integration of release management and both functional and non functional testing.
attempts to provide practitioners with a framework for the alignment of business needs and IT provision requirements. The processes and approaches incorporated within the guidelines suggest the development of a continuous service improvement program (CSIP) as the basis for implementing other ITIL disciplines as projects within a controlled program of work. Planning to implement service management focuses mainly on the service management processes, but also applies generically to other ITIL disciplines. Components include:
Rob England (also known as "IT Skeptic") has criticised the protected and proprietary nature of ITIL http://www.itskeptic.org/free-itil. He urges the publisher, OGC
, to release ITIL under the Open Government Licence (OGL)http://www.nationalarchives.gov.uk/doc/open-government-licence/open-government-licence.htm
CIO Magazine columnist Dean Meyer has also presented some cautionary views of ITIL, including five pitfalls such as "becoming a slave to outdated definitions" and "Letting ITIL become religion." As he notes, "...it doesn't describe the complete range of processes needed to be world class. It's focused on ... managing ongoing services."
In a 2004 survey designed by Noel Bruton (author of "How to Manage the IT Helpdesk" and "Managing the IT Services Process"), organisations adopting ITIL were asked to relate their actual experiences in having implemented ITIL. Seventy-seven percent of survey respondents either agreed or strongly agreed that "ITIL does not have all the answers". ITIL exponents accept this, citing ITIL's stated intention to be non-prescriptive, expecting organisations to engage ITIL processes with existing process models. Bruton notes that the claim to non-prescriptiveness must be, at best, one of scale rather than absolute intention, for the very description of a certain set of processes is in itself a form of prescription.
While ITIL addresses in depth the various aspects of service management, it does not address enterprise architecture
in such depth. Many of the shortcomings in the implementation of ITIL do not necessarily come about because of flaws in the design or implementation of the service management aspects of the business, but rather the wider architectural framework in which the business is situated. Because of its primary focus on service management, ITIL has limited utility in managing poorly designed enterprise architectures, or how to feed back into the design of the enterprise architecture.
Closely related to the architectural criticism, ITIL does not directly address the business applications which run on the IT infrastructure; nor does it facilitate a more collaborative working relationship between development and operations teams. The trend toward a closer working relationship between development and operations is termed: DevOps
. This trend is related to increased application release rates and the adoption of agile software development
methodologies. Traditional service management processes have struggled to support increased application release rates – due to lack of automation – and/or highly complex enterprise architecture
.
Some researchers group ITIL with lean
, Six Sigma
and Agile software development
operations management. Applying Six Sigma techniques to ITIL brings the engineering approach to ITIL's framework. Applying Lean techniques promotes continuous improvement of the ITIL's best practices. However, ITIL itself is not a transformation method, nor does it offer one. Readers are required to find and associate such a method. Some vendors have also included the term Lean when discussing ITIL implementations, for example "Lean-ITIL". The initial consequences of an ITIL initiative tend to add cost with benefits promised as a future deliverable. ITIL does not provide usable methods "out of the box" to identify and target waste, or document the customer value stream as required by Lean, and measure customer satisfaction.
(MOF) is based on ITIL v2. While ITIL deliberately aims to be platform-agnostic, MOF is designed by Microsoft to provide a common management framework for its products. Microsoft has mapped MOF to ITIL as part of their documentation of the framework.
The British Educational Communications and Technology Agency (BECTA
) used ITIL as the basis for their development of Framework for ICT Technical Support (FITS). Their aim was to develop a framework appropriate for British schools, which often have very small IT departments. FITS became independent from BECTA
in 2009.
COBIT
is an IT governance framework and supporting toolset developed by ISACA. ISACA view ITIL as being complementary to COBIT. They see COBIT as providing a governance and assurance role while ITIL providing guidance for service management.
The enhanced Telecom Operations Map eTOM
published by the TeleManagement Forum offers a framework aimed at telecommunications service providers. In a joined effort, TM Forum
and itSMF developed an Application Note to eTOM (GB921) that shows how the two frameworks can be mapped to each other. It addresses how eTom process elements and flows can be used to support the processes identified in ITIL.
IBM Tivoli Unified Process (ITUP)
is aligned with ITIL, but is presented as a complete, integrated process model compatible with IBM's products.
The certification scheme differs between ITIL v2 and ITIL v3 and bridge examinations let v2 certification owners transfer to the new program.
ITIL v2 offers 3 certification levels: Foundation, Practitioner and Manager. These have been progressively discontinued in favor of the new ITIL v3 scheme. ITIL v3 certification levels are: Foundation, Intermediate, Expert and Master.
The ITIL v3 certification scheme offers a modular approach. Each qualification is assigned a credit value; so that upon successful completion of the module, the candidate is rewarded with both a certification and a number of credits. At the lowest level – Foundation – candidates are awarded a certification and 2 credits. At the Intermediate level, a total of 15 credits must be earned. These credits may be accumulated in either a "Lifecycle" stream or a "Capability" stream; or combination thereof. Each Lifecycle module and exam is 3 credits. Each Capability module and corresponding exam is 4 credits. A candidate wanting to achieve the Expert level will have, among other requirements, to gain the required number of credits (22). That is accomplished with two from Foundations, then 15 from Intermediate, and finally 5 credits from the "Managing Across the Lifecycle" exam. Together, the total of 22 earned credits designates one as ITIL v3 Expert.
The ITIL Certification Management Board (ICMB) manages ITIL certification. The Board includes representatives from interested parties within the community around the world. Members of the Board include (though are not limited to) representatives from the UK Office of Government Commerce
(OGC), APM Group (APMG), The Stationery Office
(TSO), V3 Examination Panel, Examination Institutes (EIs) and the IT Service Management Forum International (itSMF) as the recognised user group.
Since the early 1990s, EXIN and ISEB have been setting up the ITIL based certification program, developing and providing ITIL exams at three different levels: Foundation, Practitioner and Manager. EXIN and BCS/ISEB (the British Computer Society) have from that time onwards been the only two examination providers in the world to develop formally acknowledged ITIL certifications, provide ITIL exams and accredit ITIL training providers worldwide. These rights were obtained from OGC, the British government institution and owner of the ITIL trademark. OGC signed over the management of the ITIL trademark and the accreditation of examination providers to APMG in 2006. Now, after signing a contract with EXIN, BCS/ISEB, PEOPLECERT Group and other certification bodies, APMG is accrediting them as official examination bodies, to offer ITIL exams and accredit ITIL training providers.
On July 20, 2006, the OGC signed a contract with the APM Group to become its commercial partner for ITIL accreditation from January 1, 2007. APMG manage the ITIL Version 3 exams.
APMG maintains a voluntary register of ITIL v2 and v3 certified practitioners at their Successful Candidate Register.
There are five colors of ITIL® V3 pins - each corresponds to the color of the associated core publication:
There are three colors of ITIL® V2 pins:
Exam candidates who have successfully passed the examinations for ITIL® will receive their appropriate pin from APMG, EXIN or their certification provider regional office or agent.
IT Service Management
IT service management is a discipline for managing information technology systems, philosophically centered on the customer's perspective of IT's contribution to the business. ITSM stands in deliberate contrast to technology-centered approaches to IT management and business interaction...
(ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITILv3 and ITIL 2011 edition), ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage. ITILv3 underpins ISO/IEC 20000 (previously BS15000), the International Service Management Standard for IT service management, although differences between the two frameworks do exist.
ITIL describes procedures, tasks and checklists that are not organization-specific, used by an organization for establishing a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement.
The names ITIL and IT Infrastructure Library are registered trademarks
Trademark
A trademark, trade mark, or trade-mark is a distinctive sign or indicator used by an individual, business organization, or other legal entity to identify that the products or services to consumers with which the trademark appears originate from a unique source, and to distinguish its products or...
of the United Kingdom's Office of Government Commerce
Office of Government Commerce
The Office of Government Commerce is part of the Efficiency and Reform Group of the Cabinet Office, a department of the Government of the United Kingdom...
(OGC) – now part of the Cabinet Office. Following this move, the ownership is now listed as being with HM Government rather than OGC.
History
Responding to growing dependence on IT, the UK Government's Central Computer and Telecommunications AgencyCentral Computer and Telecommunications Agency
The Central Computer and Telecommunications Agency was a UK government agency providing computer and telecoms support to Government departments.-Formation:...
in the 1980s developed a set of recommendations. It recognised that without standard practices, government agencies and private sector contracts had started independently creating their own IT management practices.
The IT Infrastructure Library originated as a collection of books, each covering a specific practice within IT service management
IT Service Management
IT service management is a discipline for managing information technology systems, philosophically centered on the customer's perspective of IT's contribution to the business. ITSM stands in deliberate contrast to technology-centered approaches to IT management and business interaction...
. ITIL was built around a process-model based view of controlling and managing operations often credited to W. Edwards Deming
W. Edwards Deming
William Edwards Deming was an American statistician, professor, author, lecturer and consultant. He is perhaps best known for his work in Japan...
and his plan-do-check-act (PDCA)
PDCA
PDCA is an iterative four-step management method used in business for the control and continuous improvement of processes and products...
cycle.
After the initial publication in 1989–96, the number of books quickly grew within ITIL v1 to more than 30 volumes.
In 2000/2001, to make ITIL more accessible (and affordable), ITIL v2 consolidated the publications into 8 logical "sets" that grouped related process-guidelines to match different aspects of IT management, applications, and services. The Service Management sets (Service Support and Service Delivery) were by far the most widely used, circulated, and understood of ITIL v2 publications.
- In April 2001 the CCTA was merged into the Office of Government CommerceOffice of Government CommerceThe Office of Government Commerce is part of the Efficiency and Reform Group of the Cabinet Office, a department of the Government of the United Kingdom...
(OGC), an office of the UK TreasuryHM TreasuryHM Treasury, in full Her Majesty's Treasury, informally The Treasury, is the United Kingdom government department responsible for developing and executing the British government's public finance policy and economic policy...
. - In 2006, the ITIL v2 glossary was published.
- In May 2007, this organisation issued version 3 of ITIL (also known as the ITIL Refresh Project) consisting of 26 processes and functions, now grouped into only 5 volumes, arranged around the concept of Service lifecycle structure.
- In 2009, the OGC officially announced that ITIL v2 certification would be withdrawn and launched a major consultation as per how to proceed.
- In July 2011, the 2011 edition of ITIL was published, providing an update to the version published in 2007. The OGC is no longer listed as the owner of ITIL, following the move of OGC in to the Cabinet Office. The 2011 edition is owned by HM Government.
Overview of ITIL v3
ITIL v3 is an extension of ITIL v2 and did fully replace it following the completion of the withdrawal period on 30 June 2011 http://www.ogc.gov.uk/itil_ogc_withdrawal_of_itil_version2.asp. ITIL v3 provides a more holistic perspective on the full life cycle of services, covering the entire IT organisation and all supporting components needed to deliver services to the customer, whereas v2 focused on specific activities directly related to service delivery and support. Most of the v2 activities remained untouched in v3, but some significant changes in terminology were introduced in order to facilitate the expansion.Changes and characteristics of the 2011 edition of ITIL
A summary of changes has been published by HM Government http://www.itil-officialsite.com/nmsruntime/saveasdialog.aspx?lID=1193&sID=58In line with the 2007 edition, the 2011 edition consists of 5 core publications – Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement.
There are 26 processes listed in ITIL 2011 edition and described below that shows which core publication provides the main content for each process.
Five volumes comprise the ITIL v3, published in May 2007 (2007 edition) and updated in July 2011 (2011 edition) for consistency:
- 1. ITIL Service Strategy
- 2. ITIL Service Design
- 3. ITIL Service Transition
- 4. ITIL Service Operation
- 5. ITIL Continual Service Improvement
Service Strategy
As the center and origin point of the ITIL Service Lifecycle, the ITIL Service Strategy (SS) volume provides guidance on clarification and prioritisation of service-provider investments in services. More generally, Service Strategy focuses on helping IT organisations improve and develop over the long term. In both cases, Service Strategy relies largely upon a market-driven approach. Key topics covered include service value definition, business-caseBusiness case
A business case captures the reasoning for initiating a project or task. It is often presented in a well-structured written document, but may also sometimes come in the form of a short verbal argument or presentation. The logic of the business case is that, whenever resources such as money or...
development, service assets, market analysis, and service provider types. List of covered processes:
- 1. Strategy management for IT services
- 2. Service Portfolio Management
- 3. Financial Management of IT Services
- 4. Demand ManagementDemand managementDemand management is a planning methodology used to manage forecasted demand.-Demand management in economics:In economics, demand management is the art or science of controlling economic demand to avoid a recession...
- 5. Business relationship managementBusiness relationship managementBusiness relationship management is a formal approach to understanding, defining, and supporting a broad spectrum of inter-business activities related to providing and consuming knowledge and services via networks, with an emphasis on the emergence of online networks as a primary medium through...
For candidates in the ITIL Intermediate Capability stream, the Service Offerings and Agreements (SOA) Qualification course and exam are most closely aligned to the Service Strategy (SS) Qualification course and exam in the Lifecycle stream.
Financial management for IT services
IT Financial Management comprises the discipline of ensuring that the IT infrastructure is obtained at the most effective price (which does not necessarily mean cheapest) and calculating the cost of providing IT services so that an organisation can understand the costs of its IT services. These costs may then be recovered from the customer of the service. This is the 2nd component of service delivery process.Service Design
The ITIL Service Design (SD) volume provides good-practice guidance on the design of IT services, processes, and other aspects of the service management effort. Significantly, design within ITIL is understood to encompass all elements relevant to technology service delivery, rather than focusing solely on design of the technology itself. As such, service design addresses how a planned service solution interacts with the larger business and technical environments, service management systems required to support the service, processes which interact with the service, technology, and architecture required to support the service, and the supply chain required to support the planned service. Within ITIL, design work for an IT service is aggregated into a single service design package (SDP). Service design packages, along with other information about services, are managed within the service catalogues.List of covered processes:
- 1. Design coordination (Introduced in ITIL 2011 Edition)
- 2. Service CatalogueService CatalogA service catalog , as defined in Information Technology Infrastructure Library Service Design, is a list of services that an organization provides, often to its employees or customers...
- 3. Service level Management
- 4. AvailabilityAvailabilityIn telecommunications and reliability theory, the term availability has the following meanings:* The degree to which a system, subsystem, or equipment is in a specified operable and committable state at the start of a mission, when the mission is called for at an unknown, i.e., a random, time...
Management - 5. CapacityCapacityCapacity is the ability to hold a fluid, very similar to volume.Capacity may also refer to:* Capacity utilization, in economics, the extent to which an enterprise or a nation actually uses its potential output...
Management - 6. IT Service ContinuityIT service continuityIT Service Continuity is a specific form of business continuity planning. It is the process of assessing and managing risks associated with information technology departments...
Management (ITSCM) - 7. Information Security Management SystemInformation security management systemAn information security management system is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001....
- 8. SupplierVendor (supply chain)A vendor, or a supplier, is a supply chain management term meaning anyone who provides goods or services to a company. A vendor often manufactures inventoriable items, and sells those items to a customer.- History :...
Management
Service level management
Service-level management provides for continual identification, monitoring and review of the levels of IT services specified in the Service-level agreements (SLAs). Service-level management ensures that arrangements are in place with internal IT support-providers and external suppliers in the form of perational-contracts (UCs), respectively. The process involves assessing the impact of change upon service quality and SLAs. The service level management process is in close relation with the operational processes to control their activities. The central role of Service-level management makes it the natural place for metricsSoftware metric
A software metric is a measure of some property of a piece of software or its specifications. Since quantitative measurements are essential in all sciences, there is a continuous effort by computer science practitioners and theoreticians to bring similar approaches to software development...
to be established and monitored against a benchmark
Benchmarking
Benchmarking is the process of comparing one's business processes and performance metrics to industry bests and/or best practices from other industries. Dimensions typically measured are quality, time and cost...
.
Service level management is the primary interface with the customer (as opposed to the user serviced by the service desk). Service-level management is responsible for:
- ensuring that the agreed IT services are delivered when and where they are supposed to be
- liaising with availability management, capacity management, incident managementIncident Management (ITSM)Incident Management is an IT service management process area. The first goal of the incident management process is to restore a normal service operation as quickly as possible and to minimize the impact on business operations, thus ensuring that the best possible levels of service quality and...
and problem management to ensure that the required levels and quality of service are achieved within the resources agreed with financial management - producing and maintaining a service catalogService CatalogA service catalog , as defined in Information Technology Infrastructure Library Service Design, is a list of services that an organization provides, often to its employees or customers...
(a list of standard IT service options and agreements made available to customers) - ensuring that appropriate IT service continuity plans exist to support the business and its continuity requirements.
The service-level manager relies on the other areas of the service delivery process to provide the necessary support which ensures the agreed services are provided in a cost-effective, secure and efficient manner.
Availability management
Availability management targets allowing organisations to sustain the IT service-availability to support the business at a justifiable cost. The high-level activities are realise availability requirements, compile availability plan, monitor availability, and monitor maintenance obligations.Availability management addresses the ability of an IT component to perform at an agreed level over a period of time.
- Reliability: Ability of an IT component to perform at an agreed level at described conditions.
- Maintainability: The ability of an IT component to remain in, or be restored to an operational state.
- ServiceabilityServiceability (computer)In software engineering and hardware engineering, serviceability is one of the -ilities or aspects...
: The ability for an external supplier to maintain the availability of component or function under a third-party contract. - Resilience: A measure of freedom from operational failure and a method of keeping services reliable. One popular method of resilience is redundancy.
- Security: A service may have associated data. Security refers to the confidentiality, integrity, and availability of that data. Availability gives a clear overview of the end-to-end availability of the system.
Capacity management
Capacity managementCapacity management
Capacity Management is a process used to manage information technology . Its primary goal is to ensure that IT capacity meets current and future business requirements in a cost-effective manner. One common interpretation of Capacity Management is described in the ITIL framework...
supports the optimum and cost-effective provision of IT services by helping organisations match their IT resources to business demands. The high-level activities include:
- application sizing
- workload management
- demand management
- modelling
- capacity planning
- resource management
- performance management
Capacity management is focused on strategic capacity, including capacity of personnel (e.g., human resources, staffing and training), system capacity, and component (or tactical) capacity.
IT service continuity management
IT service continuity management (ITSCM) covers the processes by which plans are put in place and managed to ensure that IT Services can recover and continue even after a serious incident occurs. It is not just about reactive measures, but also about proactive measures – reducing the risk of a disaster in the first instance.ITSCM is regarded by the application owners as the recovery of the IT infrastructure used to deliver IT Services, but many businesses practice the much further-reaching process of business continuity planning (BCP
Business continuity planning
Business continuity planning “identifies [an] organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, whilst maintaining competitive advantage and value system integrity”. It is also called...
), to ensure that the whole end-to-end business process can continue should a serious incident occur (at primary support level).
ITSCM involves the following basic steps:
- prioritising the activities to be recovered by conducting a business impact analysis (BIA)
- performing a risk assessment (aka risk analysisRisk analysis (Business)Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal.This technique also helps to define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these...
) for each of the IT services to identify the assets, threats, vulnerabilities and countermeasures for each service. - evaluating the options for recovery
- producing the contingency plan
- testing, reviewing, and revising the plan on a regular basis a.
Information security management system
The ITIL-process Security Managementdescribes the structured fitting of information security in the management organisation. ITIL security management
ITIL Security Management
The ITIL security management process describes the structured fitting of security in the management organization. ITIL security management is based on the ISO 27001 standard. According to "ISO/IEC 27001:2005 covers all types of organizations...
is based on the code of practice for information security management system (ISMS) now known as ISO/IEC 27002
ISO/IEC 27002
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization and by the International Electrotechnical Commission , entitled Information technology - Security techniques - Code of practice for information security management.ISO/IEC 27002:2005...
.
A basic goal of security management is to ensure adequate information security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
. The primary goal of information security, in turn, is to protect information assets against risks, and thus to maintain their value to the organisation. This is commonly expressed in terms of ensuring their confidentiality, integrity and availability, along with related properties or goals such as authenticity, accountability, non-repudiation
Non-repudiation
Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged...
and reliability.
Mounting pressure for many organisations to structure their information security management systems in accordance with ISO/IEC 27001
ISO/IEC 27001
ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission...
requires revision of the ITIL v2 security management volume, and indeed a v3 release is in the works.
Service Transition
Service transition, as described by the ITIL service transition volume, relates to the delivery of services required by a business into live/operational use, and often encompasses the "project" side of IT rather than "BAU" (Business as usual). This area also covers topics such as managing changes to the "BAU" environment.List of ITIL processes in Service Transition (ST):
- 14. Transition planning and support
- 15. Change managementChange Management (ITSM)Change management is an IT service management discipline. The objective of change management in this context is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes to control IT infrastructure, in order to minimize the number and impact of...
- 16. Service asset and configuration management
- 17. Release and deployment managementRelease managementThe release management process is a relatively new but rapidly growing discipline within software engineering of managing software releases....
- 18. Service validation and testing
- 19. Change evaluationChange Management (ITSM)Change management is an IT service management discipline. The objective of change management in this context is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes to control IT infrastructure, in order to minimize the number and impact of...
- 20. Knowledge managementKnowledge managementKnowledge management comprises a range of strategies and practices used in an organization to identify, create, represent, distribute, and enable adoption of insights and experiences...
Change management
Change Management aims to ensure that standardised methods and procedures are used for efficient handling of all changes. A change is an event that results in a new status of one or more Configuration items (CIs), and which is approved by management, cost-effective, enhances business process changes (fixes) – all with a minimum risk to IT infrastructure.The main aims of change management include:
- Minimal disruption of services
- Reduction in back-out activities
- Economic use of resources involved in the change
Common change management terminology includes:
- Change: the addition, modification or removal of CIs
- Request For Change (RFC) or, in older terminology, Change Request (CRChange requestA change request is a document containing a call for an adjustment of a system; it is of great importance in the change management process. A change request is not raised for a wording change in a letter....
): form used to record details of a request for a change and is sent as an input to Change Management by the Change Requestor - Forward Schedule of Changes (FSC): schedule that contains details of all forthcoming Changes.
Service asset and configuration management
Service asset and configuration management is primarily focused on maintaining information (i.e., configurations) about Configuration Items (i.e., assets) required to deliver an IT service, including their relationships. Configuration management is the management and traceability of every aspect of a configuration from beginning to end and it includes the following key process areas under its umbrella:- Identification,
- Planning,
- Change Control,
- Change Management,
- Release Management, and
- Maintenance.
Release and deployment management
Release and deployment managementRelease management
The release management process is a relatively new but rapidly growing discipline within software engineering of managing software releases....
is used by the software migration team for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. Proper software and hardware control ensures the availability of licensed, tested, and version-certified software and hardware, which functions as intended when introduced into existing infrastructure. Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. This guarantees that all software meets the demands of the business processes.
The goals of release management include:
- Planning the rollout of software
- Designing and implementing procedures for the distribution and installation of changes to IT systems
- Effectively communicating and managing expectations of the customer during the planning and rollout of new releases
- Controlling the distribution and installation of changes to IT systems
Release management focuses on the protection of the live environment and its services through the use of formal procedures and checks.
A Release consists of the new or changed software and/or hardware required to implement approved changes. Release categories include:
- Major software releases and major hardware upgrades, normally containing large amounts of new functionality, some of which may make intervening fixes to problems redundant. A major upgrade or release usually supersedes all preceding minor upgrades, releases and emergency fixes.
- Minor software releases and hardware upgrades, normally containing small enhancements and fixes, some of which may have already been issued as emergency fixes. A minor upgrade or release usually supersedes all preceding emergency fixes.
- Emergency software and hardware fixes, normally containing the corrections to a small number of known problems.
Releases can be divided based on the release unit into:
- Delta release: a release of only that part of the software which has been changed. For example, security patches.
- Full release: the entire software program is deployed—for example, a new version of an existing application.
- Packaged release: a combination of many changes—for example, an operating system image which also contains specific applications.
Service Operation
Service Operation (SO) aims to provide best practiceBest practice
A best practice is a method or technique that has consistently shown results superior to those achieved with other means, and that is used as a benchmark...
for achieving the delivery of agreed levels of services both to end-users and the customers (where "customers" refer to those individuals who pay for the service and negotiate the SLAs). Service operation, as described in the ITIL Service Operation volume, is the part of the lifecycle where the services and value is actually directly delivered. Also the monitoring of problems and balance between service reliability and cost etc. are considered. The functions include technical management, application management, operations management and service desk as well as, responsibilities for staff engaging in Service Operation.
List of processes:
- 21. Event management
- 22. Incident managementIncident Management (ITSM)Incident Management is an IT service management process area. The first goal of the incident management process is to restore a normal service operation as quickly as possible and to minimize the impact on business operations, thus ensuring that the best possible levels of service quality and...
- 23. Request fulfillment
- 24. Problem management
- 25. Access management
Service desk
The service desk is one of four ITIL functions and is primarily associated with the Service Operation lifecycle stage. Tasks include handling incidents and requests, and providing an interface for other ITSM processes. Features include:- single point of contactPoint of contactA Point of Contact is the identification of, and means of communication with, person and organizations associated with the resource...
(SPOC) and not necessarily the first point of contact (FPOC) - single point of entry
- single point of exit
- easier for customers
- data integrity
- streamlined communication channel
Primary purposes of a service desk include:
- incident control: life-cycle management of all service requests
- communication: keeping a customer informed of progress and advising on workarounds
The service desk function can have various names, such as:
- Call center: main emphasis on professionally handling large call volumes of telephone-based transactions
- Help deskHelp deskA help desk is an information and assistance resource that troubleshoots problems with computers or similar products. Corporations often provide help desk support to their customers via a toll-free number, website and e-mail. There are also in-house help desks geared toward providing the same kind...
: manage, co-ordinate and resolve incidents as quickly as possible at primary support level - Service desk: not only handles incidents, problems and questions but also provides an interface for other activities such as change requests, maintenance contracts, software licenses, service-level management, configuration management, availability management, financial management and IT services continuity management
The three types of structure for consideration:
- Local service desk: to meet local business needs – practical only until multiple locations requiring support services are involved
- Central service desk: for organisations having multiple locations – reduces operational costs and improves usage of available resources
- Virtual service desk: for organisations having multi-country locations – can be situated and accessed from anywhere in the world due to advances in network performance and telecommunications, reducing operational costs and improving usage of available resources.
Application management
ITIL application management encompasses a set of best practices proposed to improve the overall quality of IT software development and support through the life-cycle of software development projects, with particular attention to gathering and defining requirements that meet business objectives.Software asset management
Software Asset Management
Software asset management is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization...
(SAM) is a primary topic of ITILv2 and is closely associated with the ITILv3 Application Management function. SAM is the practice of integrating people, processes, and technology to allow software licenses and usage to be systematically tracked, evaluated, and managed. The goal of SAM is to reduce IT expenditures, human resource overhead and risks inherent in owning and managing software assets.
SAM practices include:
- maintaining software license compliance
- tracking inventory and software asset use
- maintaining standard policies and procedures surrounding definition, deployment, configuration, use, and retirement of software assets and the definitive software libraryDefinitive Software LibraryA definitive software library is a secure location, consisting of physical media or a software repository located on a network file server, in which the definitive authorized versions of all software configuration items are stored and protected. The DSL is separate from development, quality...
.
SAM represents the software component of IT asset management. This includes hardware asset management because effective hardware inventory controls are critical to efforts to control software. This means overseeing software and hardware that comprise an organization's computers and network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
.
Incident management
Incident management aims to restore normal service operation as quickly as possible and minimise the adverse effect on business operations, thus ensuring that the best possible levels of service quality and availability are maintained.'Normal service operation' is defined here as service operation within service-level agreement (SLA) limits.
Incident management can be defined as :
An “Incident Definition as per V3” An unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Failure of a Configuration Item that has not yet impacted Service is also an Incident. For example, Failure of one disk from a mirror set.
An “Incident Definition as per V2” An event which is not part of the standard operation of a service and which causes or may cause disruption to or a reduction in the quality of services and Customer productivity.
The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price.
Request fulfillment
Request fulfillment (or request management) focuses on fulfilling Service Requests, which are often minor (standard) changes (e.g., requests to change a password) or requests for information.Problem management
Problem management aims to resolve the root causes of incidents and thus to minimise the adverse impact of incidents and problems on business that are caused by errors within the IT infrastructure, and to prevent recurrence of incidents related to these errors.A 'problem' is an unknown underlying cause of one or more incidents, and a 'known error' is a problem that is successfully diagnosed and for which either a work-around or a permanent resolution has been identified. The CCTA (Central Computer and Telecommunications Agency) defines problems and known errors as follows
- A problem is a condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant.
- A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a work-around.
Problem management differs from incident management. The principal purpose of problem management is to find and resolve the root cause of a problem and thus prevent further incidents; the purpose of incident management is to return the service to normal level as soon as possible, with smallest possible business impact.
The problem-management process is intended to reduce the number and severity of incidents and problems on the business, and report it in documentation to be available for the first-line and second line of the help desk.
The proactive process identifies and resolves problems before incidents occur. Such processes include:
- Trend analysis;
- Targeting support action;
- Providing information to the organisation
The error control process iteratively diagnoses known errors until they are eliminated by the successful implementation of a change under the control of the Change Management process.
The problem control process aims to handle problems in an efficient way. Problem control identifies the root cause of incidents and reports it to the service desk. Other activities are:
- Problem identification and recording
- Problem classification
- Problem investigation and diagnosis
A technique for identifying the root cause of a problem is to use an Ishikawa diagram
Ishikawa diagram
Ishikawa diagrams are causal diagrams that show the causes of a certain event -- created by Kaoru Ishikawa . Common uses of the Ishikawa diagram are product design and quality defect prevention, to identify potential factors causing an overall effect...
, also referred to as a cause-and-effect diagram, tree diagram, or fishbone diagram. Alternatively, a formal Root Cause Analysis method such as Apollo Root Cause Analysis can be implemented and used to identify causes and solutions. An effective root cause analysis method and/or tool will provide the most effective/efficient solutions to address problems in the Problem Management process.
Access management
Access management (also known as rights management or identity management) as a process focuses on granting authorized users the right to use a service, while preventing access to non-authorized users. The access management processes executes policies defined in Information Security Management System.Continual Service Improvement (CSI)
Aligning and realigning IT services to changing business needs (because standstill implies decline). CSI is closely aligned to the Deming Cycle of Plan-Do-Check-Act.Continual service improvement, defined in the ITIL continual service improvement volume, aims to align and realign IT services to changing business needs by identifying and implementing improvements to the IT "SUmiTpaL" services that support the business processes. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. To manage improvement, CSI should clearly define what should be controlled and measured.
CSI needs to be treated just like any other service practice. There needs to be upfront planning, training and awareness, ongoing scheduling, roles created, ownership assigned,and activities identified to be successful. CSI must be planned and scheduled as process with defined activities, inputs, outputs, roles and reporting.
- 26. The seven-step improvement process:
- 1. Identify the strategy for improvement
- 2. Define what you will measure
- 3. Gather the data
- 4. Process the data
- 5. Analyse the information and data
- 6. Present and use the information
- 7. Implement improvement
Overview of ITIL v2
The eight ITIL version 2 books and their disciplines are:The IT service management sets
- 1. Service Support
- 2. Service Delivery
Other operational guidance
- 3. ICT infrastructure management
- 4. Security management
- 5. Application management
- 6. Software asset management
To assist with the implementation of ITIL practices a further book was published (Apr 9, 2002) providing guidance on implementation (mainly of Service Management):
- 7. Planning to implement service management
And this has more recently (Jan 26, 2006) been supplemented with guidelines for smaller IT units, not included in the original eight publications:
- 8. ITIL Small-scale implementation
Service support
The Service SupportITIL discipline focuses on the User of the IT
Information and communication technologies
Information and communications technology or information and communication technology, usually abbreviated as ICT, is often used as an extended synonym for information technology , but is usually a more general term that stresses the role of unified communications and the integration of...
services and is primarily concerned with ensuring that they have access to the appropriate services to support the business functions.
To a business, customers and users are the entry point to the process model. They get involved in service support by:
- Asking for changes
- Needing communication, updates
- Having difficulties, queries
- Real process delivery
The service desk functions as the single contact-point for end-users' incidents. Its first function is always to "create" an incident. If there is a direct solution, it attempts to resolve the incident at the first level. If the service desk cannot solve the incident then it is passed to a 2nd/3rd level group within the incident management system. Incidents can initiate a chain of processes: incident management, problem management, change management, release management and configuration management. This chain of processes is tracked using the configuration management database (CMDB), which records each process, and creates output documents for traceability (quality management).
Service Delivery
The Service Deliverydiscipline concentrates on the proactive services the ICT must deliver to provide adequate support to business users. It focuses on the business as the customer of the ICT services (compare with: Service Support). The discipline consisted of the following processes:
- Service level management
- Capacity management
- IT service continuity management
- Availability management
- Financial management
ICT infrastructure management
Information and Communication Technology (ICT) management processes recommend best practice for requirements analysis, planning, design, deployment and ongoing operations management and technical support of an ICT infrastructure.The infrastructure management processes describe those processes within ITIL that directly relate to the ICT equipment and software that is involved in providing ICT services to customers.
- ICT design and planning
- ICT deployment
- ICT operations
- ICT technical support
These disciplines are less well understood than those of service management and therefore often some of their content is believed to be covered 'by implication' in service management disciplines.
ICT design and planning
ICT design and planning provides a framework and approach for the strategic and technical design and planning of ICT infrastructures. It includes the necessary combination of business (and overall IS) strategy, with technical design and architecture. ICT design and planning drives both the procurement of new ICT solutions through the production of statements of requirement ("SOR") and invitations to tender ("ITT") and is responsible for the initiation and management of ICT Programmes for strategic business change. Key outputs from design and planning are:- ICT strategies, policies and plans
- the ICT overall architecture & management architecture
- feasibility studies, ITTs and SORs
- business cases
ICT deployment management
ICT deployment provides a framework for the successful management of design, build, test and roll-out (deploy) projects within an overall ICT programmeProgram management
Program management or programme management is the process of managing several related projects, often with the intention of improving an organization's performance...
. It includes many project management
Project management
Project management is the discipline of planning, organizing, securing, and managing resources to achieve specific goals. A project is a temporary endeavor with a defined beginning and end , undertaken to meet unique goals and objectives, typically to bring about beneficial change or added value...
disciplines in common with PRINCE2
PRINCE2
PRojects IN Controlled Environments 2 is a structured project management method endorsed by the UK government as the project management standard for public projects. The methodology encompasses the management, control and organisation of a project...
, but has a broader focus to include the necessary integration of release management and both functional and non functional testing.
ICT operations management
ICT operations management provides the day-to-day technical supervision of the ICT infrastructure. Often confused with the role of incident management from service support, operations has a more technical bias and is concerned not solely with incidents reported by users, but with events generated by or recorded by the infrastructure. ICT operations may often work closely alongside incident management and the service desk, which are not-necessarily technical, to provide an 'operations bridge'. Operations, however should primarily work from documented processes and procedures and should be concerned with a number of specific sub-processes, such as: output management, job scheduling, backup and restore, network monitoring/management, system monitoring/management, database monitoring/management storage monitoring/management. Operations are responsible for the following:- a stable, secure ICT infrastructure
- a current, up to date operational documentation library ("ODL")
- a log of all operational events
- maintenance of operational monitoring and management tools.
- operational scripts
- operational procedures
ICT technical support
ICT technical support is the specialist technical function for infrastructure within ICT. Primarily as a support to other processes, both in infrastructure management and service management, technical support provides a number of specialist functions: research and evaluation, market intelligence (particularly for design and planning and capacity management), proof of concept and pilot engineering, specialist technical expertise (particularly to operations and problem management), creation of documentation (perhaps for the operational documentation library or known error database). There are different levels of support under the ITIL structure, these being primary support level, secondary support level and tertiary support level, higher-level administrators being responsible for support at primary level.Planning to implement service management
The ITIL discipline – planning to implement service managementattempts to provide practitioners with a framework for the alignment of business needs and IT provision requirements. The processes and approaches incorporated within the guidelines suggest the development of a continuous service improvement program (CSIP) as the basis for implementing other ITIL disciplines as projects within a controlled program of work. Planning to implement service management focuses mainly on the service management processes, but also applies generically to other ITIL disciplines. Components include:
- creating vision
- analysing organisation
- setting goals
- implementing IT service management
Small-scale implementation
ITIL Small-scale implementation provides an approach to ITIL framework implementation for smaller IT units or departments. It is primarily an auxiliary work that covers many of the same best practice guidelines as planning to implement service management, service support, and service delivery but provides additional guidance on the combination of roles and responsibilities, and avoiding conflict between ITIL priorities.Criticisms of ITIL
ITIL has been criticised on several fronts, including:- the books are not affordable for non-commercial users
- the books are not on-line
- implementation and credentialing requires specific training
- debate over ITIL falling under BSMBusiness Service ManagementBusiness service management is an approach used to manage business-aligned IT services. A BSM philosophy promotes a customer-centric and business-focused approach to Service Management, aligning business objectives and priorities with IT or ICT from strategy through to operations and continual...
or ITSMIT Service ManagementIT service management is a discipline for managing information technology systems, philosophically centered on the customer's perspective of IT's contribution to the business. ITSM stands in deliberate contrast to technology-centered approaches to IT management and business interaction...
frameworks - the ITIL details are not aligned with the other frameworks like ITSM
Rob England (also known as "IT Skeptic") has criticised the protected and proprietary nature of ITIL http://www.itskeptic.org/free-itil. He urges the publisher, OGC
Office of Government Commerce
The Office of Government Commerce is part of the Efficiency and Reform Group of the Cabinet Office, a department of the Government of the United Kingdom...
, to release ITIL under the Open Government Licence (OGL)http://www.nationalarchives.gov.uk/doc/open-government-licence/open-government-licence.htm
CIO Magazine columnist Dean Meyer has also presented some cautionary views of ITIL, including five pitfalls such as "becoming a slave to outdated definitions" and "Letting ITIL become religion." As he notes, "...it doesn't describe the complete range of processes needed to be world class. It's focused on ... managing ongoing services."
In a 2004 survey designed by Noel Bruton (author of "How to Manage the IT Helpdesk" and "Managing the IT Services Process"), organisations adopting ITIL were asked to relate their actual experiences in having implemented ITIL. Seventy-seven percent of survey respondents either agreed or strongly agreed that "ITIL does not have all the answers". ITIL exponents accept this, citing ITIL's stated intention to be non-prescriptive, expecting organisations to engage ITIL processes with existing process models. Bruton notes that the claim to non-prescriptiveness must be, at best, one of scale rather than absolute intention, for the very description of a certain set of processes is in itself a form of prescription.
While ITIL addresses in depth the various aspects of service management, it does not address enterprise architecture
Enterprise architecture
An enterprise architecture is a rigorous description of the structure of an enterprise, which comprises enterprise components , the externally visible properties of those components, and the relationships between them...
in such depth. Many of the shortcomings in the implementation of ITIL do not necessarily come about because of flaws in the design or implementation of the service management aspects of the business, but rather the wider architectural framework in which the business is situated. Because of its primary focus on service management, ITIL has limited utility in managing poorly designed enterprise architectures, or how to feed back into the design of the enterprise architecture.
Closely related to the architectural criticism, ITIL does not directly address the business applications which run on the IT infrastructure; nor does it facilitate a more collaborative working relationship between development and operations teams. The trend toward a closer working relationship between development and operations is termed: DevOps
DevOps
"DevOps" is an emerging set of principles, methods and practices for communication, collaboration and integration between software development and IT operations professionals...
. This trend is related to increased application release rates and the adoption of agile software development
Agile software development
Agile software development is a group of software development methodologies based on iterative and incremental development, where requirements and solutions evolve through collaboration between self-organizing, cross-functional teams...
methodologies. Traditional service management processes have struggled to support increased application release rates – due to lack of automation – and/or highly complex enterprise architecture
Enterprise architecture
An enterprise architecture is a rigorous description of the structure of an enterprise, which comprises enterprise components , the externally visible properties of those components, and the relationships between them...
.
Some researchers group ITIL with lean
Lean manufacturing
Lean manufacturing, lean enterprise, or lean production, often simply, "Lean," is a production practice that considers the expenditure of resources for any goal other than the creation of value for the end customer to be wasteful, and thus a target for elimination...
, Six Sigma
Six Sigma
Six Sigma is a business management strategy originally developed by Motorola, USA in 1986. , it is widely used in many sectors of industry.Six Sigma seeks to improve the quality of process outputs by identifying and removing the causes of defects and minimizing variability in manufacturing and...
and Agile software development
Agile software development
Agile software development is a group of software development methodologies based on iterative and incremental development, where requirements and solutions evolve through collaboration between self-organizing, cross-functional teams...
operations management. Applying Six Sigma techniques to ITIL brings the engineering approach to ITIL's framework. Applying Lean techniques promotes continuous improvement of the ITIL's best practices. However, ITIL itself is not a transformation method, nor does it offer one. Readers are required to find and associate such a method. Some vendors have also included the term Lean when discussing ITIL implementations, for example "Lean-ITIL". The initial consequences of an ITIL initiative tend to add cost with benefits promised as a future deliverable. ITIL does not provide usable methods "out of the box" to identify and target waste, or document the customer value stream as required by Lean, and measure customer satisfaction.
Frameworks related to ITIL
A number of frameworks exist in the field of IT Service Management alongside ITIL.ITIL descendants
The Microsoft Operations FrameworkMicrosoft Operations Framework
Microsoft Operations Framework 4.0 is a series of guides aimed at helping information technology professionals establish and implement reliable, cost-effective services.- Overview :...
(MOF) is based on ITIL v2. While ITIL deliberately aims to be platform-agnostic, MOF is designed by Microsoft to provide a common management framework for its products. Microsoft has mapped MOF to ITIL as part of their documentation of the framework.
The British Educational Communications and Technology Agency (BECTA
Becta
Becta was a non-departmental public body ] funded by the Department for Children, Schools and Families, in the UK It was a charity and a company limited by guarantee. In the post-election spending review in May 2010, it was announced that Becta was to be abolished...
) used ITIL as the basis for their development of Framework for ICT Technical Support (FITS). Their aim was to develop a framework appropriate for British schools, which often have very small IT departments. FITS became independent from BECTA
Becta
Becta was a non-departmental public body ] funded by the Department for Children, Schools and Families, in the UK It was a charity and a company limited by guarantee. In the post-election spending review in May 2010, it was announced that Becta was to be abolished...
in 2009.
Other frameworks
ITIL is generally equivalent to the scope of the ISO/IEC 20000 standard (previously BS 15000). While it is not possible for an organization to be certified as being ITIL compliant, certification of an organisation is available for ISO20000 http://www.itsmsolutions.com/newsletters/DITYvol2iss3.htm.COBIT
COBIT
COBIT is a framework created by ISACA for information technology management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.-Overview:...
is an IT governance framework and supporting toolset developed by ISACA. ISACA view ITIL as being complementary to COBIT. They see COBIT as providing a governance and assurance role while ITIL providing guidance for service management.
The enhanced Telecom Operations Map eTOM
ETOM
The eTOM , published by the TM Forum, is a guidebook that defines the most widely used and accepted standard for business processes in the telecommunications industry...
published by the TeleManagement Forum offers a framework aimed at telecommunications service providers. In a joined effort, TM Forum
TM Forum
The TeleManagement Forum formerly the Network Management Forum, is an international non-profit industry association, for service providers and their suppliers in the information industry, the telecommunications industry and the entertainment industry.Members include telephone companies, cable...
and itSMF developed an Application Note to eTOM (GB921) that shows how the two frameworks can be mapped to each other. It addresses how eTom process elements and flows can be used to support the processes identified in ITIL.
IBM Tivoli Unified Process (ITUP)
IBM Tivoli Unified Process (ITUP)
IBM Tivoli Unified Process is a knowledge base of widely accepted industry best practices and the accumulated experience from IBM's client engagements. The knowledge base comprises detailed, industry-wide IT service management processes, and is an integral part of the IBM Service Management...
is aligned with ITIL, but is presented as a complete, integrated process model compatible with IBM's products.
Individuals
ITIL v2 offers 3 certification levels: Foundation, Practitioner and Manager. These have been progressively discontinued in favor of the new ITIL v3 scheme. ITIL v3 certification levels are: Foundation, Intermediate, Expert and Master.
The ITIL v3 certification scheme offers a modular approach. Each qualification is assigned a credit value; so that upon successful completion of the module, the candidate is rewarded with both a certification and a number of credits. At the lowest level – Foundation – candidates are awarded a certification and 2 credits. At the Intermediate level, a total of 15 credits must be earned. These credits may be accumulated in either a "Lifecycle" stream or a "Capability" stream; or combination thereof. Each Lifecycle module and exam is 3 credits. Each Capability module and corresponding exam is 4 credits. A candidate wanting to achieve the Expert level will have, among other requirements, to gain the required number of credits (22). That is accomplished with two from Foundations, then 15 from Intermediate, and finally 5 credits from the "Managing Across the Lifecycle" exam. Together, the total of 22 earned credits designates one as ITIL v3 Expert.
The ITIL Certification Management Board (ICMB) manages ITIL certification. The Board includes representatives from interested parties within the community around the world. Members of the Board include (though are not limited to) representatives from the UK Office of Government Commerce
Office of Government Commerce
The Office of Government Commerce is part of the Efficiency and Reform Group of the Cabinet Office, a department of the Government of the United Kingdom...
(OGC), APM Group (APMG), The Stationery Office
The Stationery Office
The Stationery Office is a British publishing company that was created in 1996 when the publishing arm of Her Majesty's Stationery Office was privatised. TSO is the official publisher and the distributor for legislation, command and house papers, select committee reports, Hansard, and the London,...
(TSO), V3 Examination Panel, Examination Institutes (EIs) and the IT Service Management Forum International (itSMF) as the recognised user group.
Since the early 1990s, EXIN and ISEB have been setting up the ITIL based certification program, developing and providing ITIL exams at three different levels: Foundation, Practitioner and Manager. EXIN and BCS/ISEB (the British Computer Society) have from that time onwards been the only two examination providers in the world to develop formally acknowledged ITIL certifications, provide ITIL exams and accredit ITIL training providers worldwide. These rights were obtained from OGC, the British government institution and owner of the ITIL trademark. OGC signed over the management of the ITIL trademark and the accreditation of examination providers to APMG in 2006. Now, after signing a contract with EXIN, BCS/ISEB, PEOPLECERT Group and other certification bodies, APMG is accrediting them as official examination bodies, to offer ITIL exams and accredit ITIL training providers.
On July 20, 2006, the OGC signed a contract with the APM Group to become its commercial partner for ITIL accreditation from January 1, 2007. APMG manage the ITIL Version 3 exams.
APMG maintains a voluntary register of ITIL v2 and v3 certified practitioners at their Successful Candidate Register.
ITIL® pins
Following the passing an APMG/EXIN exam in IT service management (based on ITIL®), some people will wear a metal pin on their shirt or jacket. This badge with basic gold color is set in the form of the ITIL®-logo. The ITIL® pins consist of a small, diamond-like structure. The meaning and the shape of the diamond is meant to depict coherence in the IT industry (infrastructure as well). The four corners of the pin symbolise service support, service delivery, infrastructure management and IT management.There are five colors of ITIL® V3 pins - each corresponds to the color of the associated core publication:
- ITILv3 Foundation Badge (lilac). This ITIL lapel pin takes its colour from the ITIL Service Strategy book and is awarded on successful completion of the ITIL v3 Foundation exam.
- ITILv3 Intermediate Capability Badge (maroon). There are four ITIL v3 Capability courses. (RCV, OSA, SOA, PPO). You are able to apply for this lapel pin once you have passed each exam. This badge shares its color with the ITIL Service Transition book.
- ITILv3 Intermediate Lifecycle Badge (bright blue). For each of the five ITIL v3 Lifecycle courses (SS, SD, ST, SO, CSI), candidates receive this lapel pin after passing the exam. The color for this pin is based on the ITIL Service Operation book.
- ITILv3 Expert Badge (steel blue). This is currently the highest qualification available with ITIL v3. The lapel pin is awarded a candidate attains 22 credits through a combination of ITIL training courses. The pin takes its color from the ITIL Continual Service Improvement book.
- ITILv3 Master Badge (purple). Currently in pilot phase this qualification has no training course or exam associated with it. To gain qualification as an ITIL Master, candidates have to have his/her work assessed by a panel of experts. Once an ITIL Expert has achieved this status, the ITIL Master can wear a lapel pin based on the color of the ITIL Service Design book.
There are three colors of ITIL® V2 pins:
- ITILv2 Foundation Badge (green)
- ITILv2 Practitioner Badge (blue)
- ITILv2 Manager Badge (red)
Exam candidates who have successfully passed the examinations for ITIL® will receive their appropriate pin from APMG, EXIN or their certification provider regional office or agent.
Organisations
Organisations and management systems cannot claim certification as "ITIL-compliant". An organisation that has implemented ITIL guidance in IT Service Management (ITSM), may however, be able to achieve compliance with and seek certification under ISO/IEC 20000. Note that there are some significant differences between ISO/IEC20000 and ITIL Version 3- ISO20000 only recognises the management of financial assets, not assets which include "management, organisation, process, knowledge, people, information, applications, infrastructure and financial capital", nor the concept of a "service asset". So ISO20000 certification does not address the management of 'assets' in an ITIL sense.
- ISO20000 does not recognise Configuration Management System (CMS) or Service Knowledge Management System (SKMS), and so does not certify anything beyond Configuration Management Database (CMDB).
- An organisation can obtain ISO20000 certification without recognising or implementing the ITIL concept of Known Error, which is usually considered essential to ITIL.
See also
- Business Information Services LibraryBusiness Information Services LibraryBusiness Information Services Library , previously known as Business Information Service Management Library, is a framework used for functional management and information management....
- ISO/IEC 20000
- Performance engineeringPerformance EngineeringPerformance engineering within systems engineering, encompasses the set of roles, skills, activities, practices, tools, and deliverables applied at every phase of the Systems Development Life Cycle which ensures that a solution will be designed, implemented, and operationally supported to meet the...
- RPR problem diagnosisRPR Problem DiagnosisRPR is a problem diagnosis method specifically designed to determine the root cause of IT problems.- Overview :RPR deals with failures, incorrect output and performance issues, and its particular strengths are in the diagnosis of ongoing & recurring grey problems...
- Granular configuration automationGranular Configuration AutomationGranular configuration automation is a specialized area in the field of configuration management which focuses on visibility and control of an IT environment’s configuration and bill-of-material at the most granular level. This framework focuses on improving the stability of IT environments by...