Matthew Aslett investigates what companies can do to ensure that they make the most of the new version of the ITIL best practice guidelines.
May 2007 saw the launch of version three of the IT Infrastructure Library (ITILv3), the result of a major refresh project that has been underway since December 2005.
First developed in the late 1980s by the UK government's procurement vehicle, the Central Communications and Telecom Agency (since superseded by the OGC), ITIL has been widely adopted by both commercial and public-sector organisations as the leading standard for best practice in the provision of IT services.
Version three is a significant update, designed to increase the adoption of ITIL best practices in the boardroom, as well as the IT director's office, while instilling a more professional, lifecycle-based approach to service management.
"Part of our objective is to move ITIL into the boardroom," explains Sharon Taylor, ITILv3 chief architect. "Historically, ITIL has been a grassroots-discovered pathway. Now it is also being looked at at high levels of the organisation because it is being looked at as a mechanism to solve business challenges."
ITIL has always promised benefits for adopters but has come of age in recent years, driven by the need for businesses to be able to prove their compliance with numerous legislative requirements.
"ITIL has just caught on like wildfire," says Alan McCarthy, EMEA director with Pink Elephant,a training company specialising in ITSM best practices such as ITIL and Cobit. "Over the last seven years or so it really has picked up."
That has been driven by governance issues, particularly in the US, for which ITIL was the service management tool public companies were crying out for. "The American market picked it up and once they do it, it moves a lot faster," McCarthy says.
According to Ken Turbitt, BMC global best practices director, people are becoming much more aware of ITIL given the growth of compliance issues such as SOX and Cobit. "It raises the bar," he says. "Cobit only tells you what to monitor, not how, so that is where ITIL comes in to play."
Ken Turbitt, BMC global best practices director
The focus on service rather than IT is evident from the titles used for the core practice titles delivered with version 3: service strategy, service design, service transition, service operation and continual service improvement.
As the focus on business strategy has grown, so has the focus on enabling the IT department to communicate and interact with business decision makers, with ITIL providing something of a common language that both can understand.
"The main reason we adopted it was for a common framework," says Matt McCahill, head of IT service management at Capita Life and Pensions. "It has really helped us to create a common language for us and our clients. Even in the boardroom, where we are talking sales, we are talking ITIL and best practices, and that has evolved over the last two years."
One of the areas of focus that is helping communication is on measurement of results, according to Taylor. "As technological capability has enabled us to collect more and more measures, we do so just because we can. One of the biggest drivers today is demonstrating value to the business, so a lot of the push has been around measurements," she says.
"IT departments are being forced to look in the mirror more now to validate the value of the business. Version 3 formalises the practice of measuring benefits. The evidence is out there, it is just not very formal. We are trying to clarify and remove some of the smoke and mirrors," she adds.
An important point to consider in this is that every business will have its own measure of success. As Markos Symeonides, Axios VP of business development, explains, ITIL gives organisations a method for measuring statistics without defining how that measurement is analysed.
"Each implementation has its own set of measurements to prove success. Once you have designed the processes they are implemented in technology, which rapidly improves the speed of implementation. The whole idea is about being more efficient. That is why we need to be acting in a methodical way."
It is important to remember that a process cannot be 'compliant' with ITIL. It represents a set of best practices to follow that should improve business service. How you rate business performance based on that is up to the individual.
That freedom extends to how ITIL is used, with some users reading all the books and implementing the recommendations religiously, and others taking a pick-and-mix approach. "Because ITIL is not prescriptive, you take the bits that add value to your business," says Symeonides.
"I have seen examples of organisations that have looked at ITIL from a biblical perspective, as opposed to looking at it from a business perspective," says Taylor. "The organisations that tend to excel are those that are not making it bureaucratic and implement good technology early on."
While ITIL does not require a business-wide approach to achieve success, BMC's Turbitt nevertheless argues that those organisations that do take a business-wide approach will be in a better position to move to version 3.
"There is still a lot of organisations implementing ITIL version 2 in silos. The realisation of value does not come until you deploy across the business with integration. With version 3, from a lifecycle approach, you have no option but to do an integration approach," he says.
For that reason he believes many businesses will have to refine their version 2 practices before they can move to version 3. "What it has highlighted is that in order to move forward you have to be mature in your adoption of version 2," he says. "Version 2 included business-to-IT-alignment, and a lot of organisations are still struggling to do that, so why move away to a service lifecycle approach?" he asks.
Turbitt also warns that in order to achieve the potential benefits of ITILv3, businesses will have to move away from the idea that the library's individual books can be implemented in isolation.
"If you are trying to address a particular pain point, it used to be 'pick a book and implement that', which was a silo, which was fine," he says. "It gets away from the silo approach but the people normally tasked to change pain points do not have time to read all the books and consider all the pain points," he says.
For that reason, Turbitt suggests that it could be some time before we see large-scale adoption of the new version. "With ITIL version 3, a lot of people know it is coming, and a lot of people want to get the books, but by the time you get experts to be prepared to do implementations, it is going to take 12 to 18 months, in my opinion," he says.
According to Turbitt, the important thing for businesses to remember is that they should not be adopting ITILv3 for the sake of adopting it, but in order to improve business processes. "ITIL is not the end goal," he says. "Delivering business value is the end goal."
Pink Elephant's McCarthy agrees that most businesses will take their time to adopt ITILv3. "The question is, is this version 3 a refresh or a rewrite, and depending on how much you knew about the previous version colours your view-point," he says.
McCarthy explains that while version 2 had some books that covered strategic issues they were largely ignored in favour of operational issues. In version 3 the strategic elements are now impossible to ignore.
"The biggest change is that it now follows a service lifecycle of strategy, design, transition, operation and continual improvement. The attempt is to broaden the perspective of ITIL and make it more strategic," he says.
"From the training part of the business we actually saw a dip in the market before version 3 in the UK. It is going to be a gradual process. The impact is not that great. They can carry on with what they are doing. We are telling people they do not need to change."
Companies like Pink Elephant have an important role to play in formalising the adoption of ITIL via training courses. McCarthy notes that with the arrival of version 3, a new accreditation scheme is also being brought in by accreditation and certification company APM Group.
The new scheme sees the introduction of a new advanced level accreditation that is essential if ITILv3 is to prove its value higher up the business. "There are certain gaps today with certification," says Taylor. "Part of what we have to promote is an IT process professionalism. There is a new higher level of certification with a focus on overall service management. We need to move ahead."
According to APMG, "there are four levels within the new scheme, namely foundation level, two intermediate levels, and advanced level, which is currently under development. To achieve a diploma, candidates must achieve 22 credits, two of which can be gained at foundation level."
Fortunately for those that are already involved in ITILv2 accreditation, there is no need to start from scratch. "The new ITIL qualifications scheme recognises the value of existing version 2 qualifications and introduces a system that enables an individual to gain credits for ITIL version 2 and version 3 courses. Once candidates have accumulated a sufficient number of credits they can be awarded the ITIL Diploma in IT Service Management," the APMG notes.
Pink Elephant's McCarthy says that he expects this new level of accreditation to lead to more senior staff getting involved with ITIL. "The strategy book is definitely aimed at more senior people in the organisation, so with the new accreditation scheme there will be courses for more senior staff," he says.
According to Glenn O'Donnell, principal product marketing manager at EMC, even if senior staff are not getting involved directly in ITIL, the focus of version 3 should make life easier for those who are responsible for its implementation.
"Ultimately, the responsibility resides on the shoulders of the CIO but it is not likely the CIO will be the leader of that. Often as a junior manager trying to drive ITIL adoption you can end up as a voice in the wilderness. It does require that senior management be responsive to that," he says. "We really need more discipline in IT. IT organisations are looking at ITIL as a means to achieve that discipline."
There may not be a rush to adopt ITILv3, but the delivery of the new version gives an opportunity for decision makers at all levels of the organisation to familiarise themselves with its best practices, particularly as the new edition promises to deliver value even further up the organisation.
Turning over a new Leaf
Confectionery manufacturer Leaf is best-known for its Chewits brand, which will be 40-years-old later this year. Based in the Netherlands, the company has a turnover of £600m and produces in the region of 55,5 billion sweets a year.
Leaf began implementing ITIL best practices company-wide two years ago as part of a server consolidation project to reduce six individual data centres down to three. According to Jannis Vergottis, IT manager: “It was about saving some money, but more about having a uniform infrastructure and managing fewer data centres in order to expand more easily.”
The company wanted to roll out its new infrastructure, and ITIL best practices, on a global basis but felt that its existing HP Service Desk was not up to the challenge, so moved to Assyst by Axios Systems as part of the deployment.
“It is fine in processing large numbers of calls but did not have the functionality for assistance and, what was important to us, for reporting,” says Vergottis. With Assyst now deployed, he says, “We are able to focus on the major incidents, based on the number and resolution time. This means we focus on fixing the most critical issues, which helps even more in reducing costs.”
As for the company-wide adoption of ITIL, Vergottis indicates that Leaf’s experience at a local level was significant in getting board-level backing. “We had experience in the Netherlands, but this was applying it to the whole company. You have to give an overview of how it would work, that is the best way to introduce ITIL to the business and IT,” he says. “Fortunately, we had just finished a project over here that followed the same basis: fixing the process and then the technology.
“For the business there are two main concerns: business interruption and service levels,” he adds. “It is quite a difficult concept to buy into but if you show them you can fix problems and be proactive, rather than reactive, then they will start to pay attention.”
With regards to ITILv3,Vergottis suggests that it has a lot to interest Leaf, even if the company is not planning on a strategic shift to the new version just yet. “There are some significant changes but for us it is not about which version you use. We do not use it as a Bible, but more of a handbook,” he says.
“It gives more of a grip on service delivery, which is what businesses are interested in. With previous versions it was more of an esoteric exercise. I am sure that in the longer term, maybe next year, we will start to take on some of the elements in ITILv3, maybe service delivery for example.”
In the meantime, he repeats the point made by BMC’s Turbitt that it is important not to implement ITIL for the sake of it, but in order to achieve business benefits. “It is not a magic wand that fixes everything, but it gives you a good starting point. To me the most important thing is to finish a project with satisfied people, and that was the case,” he says.