News Stay informed about the latest enterprise technology news and product updates.

How Allstate used ITIL to achieve IT and business alignment

Allstate has used ITIL to standardize change management and bring IT into alignment with the company's business goals. So far, the process is working.

The geeks are gone at The Allstate Corp. No, they haven't traded in their pocket protectors for iPhones, but because of the company's IT Infrastructure Library (ITIL) initiatives, their status as outsiders has faded. They're now perceived as part of the business and not just the people you bug when your email goes down because a server patch was made at the wrong time.

Totally cool.

"ITIL has helped us explain the importance of IT within the overall business and it makes us a better partner in the overall business," noted Cathy Kirch, process consultant and ITIL guru at Northbrook, Ill.-based Allstate. "We're not just the geeks anymore."

More ITIL resources for CIOs
CIO Briefings: ITIL best practices for enterprise CIOs

Change management: A better starting point for ITIL

ITIL cert: Industry game changer

ITIL dons a suit and tie
This new relationship is partly enabled by the addition of a comprehensive Service Management volume in ITIL Version 3.

The British-born ITIL is a set of systems management components detailing best practices for infrastructure, development and operations. The much-touted V3, released nearly a year ago, includes a change management section that focuses on standardizing change across both business and IT functions.

The guts for change management are there in Version 2, noted Larry Killingsworth, managing director at Pultorak & Associates Ltd., an IT consulting firm in Allentown, Pa. The same request, analysis, approval, build, deploy and feedback stages exist in V3, he added.

But the innards of V2 did not detail how a planned application change would affect both business and other IT processes, said Rob Stroud, vice president and the IT Service Management and IT governance evangelist at CA Inc. So there was room for improvement. Stroud worked on the ITIL V3 project as part of the ITIL Advisory Group and as a mentor and reviewer for some of the newly published ITIL V3 volumes.

ITIL at Allstate

Allstate's insurance business is served by a centralized IT office in Northbrook that employs 6,000 IT professionals across all functions, including application development. Among the IT community at large, nearly 800 are certified at the ITIL practitioner level. One CIO -- Cathy Brune -- oversees all of IT.

Kirch has led the ITIL charge at the company since 2004. In 2006, Kirch was awarded the Practitioner of the Year Award for ITIL, given by Pink Elephant, a consultancy firm based in Burlington, Ontario. This year, Allstate won the Project of the Year Award for its commitment and dedication to ITIL. Since 2004 the company has implemented components for Incident Management, Problem Management, Service Level Management, Configuration Management, Service Catalog Management and Request Fulfillment.

When you talk to Kirch you can tell she lives and breathes ITIL, but her overall message is clear: Each IT department must adhere to a standard set of processes to make changes in both business processes and IT transparent.

In general, V3 takes a more "holistic" approach. Kirch explained that ITIL V2 lacked the change management process specifics needed across all IT departments. Instead, it relegated change management to the service management department, which just wasn't enough, according to Kirch. "Service management people are used to negotiating contracts with vendors," she noted. They don't have the knowledge to delegate change management dictates across IT departments. Kirch saw the gap a year ago and Allstate wrote its own change management catalog in line with ITIL V3 for the company.

Using this catalog, the former geeks in IT have made changes seamless across the board at Allstate. Under V3, IT created a central database with these change processes for every department. A minor configuration change in the claims processing software doesn't trigger calls to IT because all IT personnel use the standard processes outlined in the database.

One focus of the company's 2007 project was to bridge change management processes among the application development groups and the rest of IT, explained Kirch.

For example, data center personnel can now plan for application changes and ensure that staffing is appropriate and possible effects on availability are anticipated. "On a given weekend we may have changes occurring around the database space, operating system and the transaction management systems," Kirch explained. "Knowing exactly which change is occurring on which system and at what time is critical to an advanced support environment."

Rounding up the culprits

Configuration change glitches are a big headache for IT departments, and any help at eliminating them would be welcome at most companies, noted Jasmine Noel, an analyst at Ptak, Noel & Associates LLC in New York. "Quick-and-dirty configuration changes" often cause performance and availability problems that make users pull their hair out, Noel added in an email exchange.

We're not just the geeks anymore.
Cathy Kirch
process consultantThe Allstate Corp.
Traditionally, IT dealt with configuration-change goof-ups with a "lasso the culprit" approach. Your best weapon was the telephone. "You'd call someone up and ask if they'd changed something and on down the line until you identified the source," Kirch said.

But these days, the "culprit" is more likely to be wearing a $1,000 suit, and not the guy down in the data center. More changes that affect IT processes are being made by people on the business side than ever before, Stroud said.

At a bank, a business analyst may adjust a table with interest rates and put the decimal in the wrong place. Before change management, "you might end up with some very happy customers seeking loans for as long as two hours," Stroud said. With current change management systems, that mistake would be discovered in two seconds. An approval and verification process would be triggered and the mistake would be caught, he added.

Automation is the real goal, Stroud said. "The real winner for the CIO is automation. When he can make a commitment to management levels that the work is being done consistently with the proper validations, then he is providing quality and peace of mind."

Let us know what you think about the story; email: Sarah E. Varney, Technology Editor

Dig Deeper on Enterprise ITIL and ITSM

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.