The IT Infrastructure Library (ITIL) was developed by the U.K. government in the 1980s as an effort to search out best practices for the management of IT services. Some 30 years and many revisions later, the ITIL framework can still be a little confusing. Is it a theory, a standard, a methodology? Where does one start? IT professionals, for example, talk about "implementing" ITIL. ITIL's present-day authors and experts, however, are quick to stress that the library's core books -- from strategy and design through continuous improvement -- elucidate an approach, not a detailed how-to, for IT Service Management (ITSM) -- although ITIL Version 3, the framework's most recent iteration, changes that up a bit.
In this first of a series of articles about ITSM, SearchCIO.com peppered two veteran ITIL experts with questions we often get from CIOs about the ITIL framework. Sharon Taylor is chief architect for ITIL and president of Aspect Group Inc., an ITSM consulting and training company in Ottawa. Pierre Bernard is the chief examiner for ITIL service catalog certification for APMG-International, an ITIL accrediting company in the U.K., and head of education for Pink Elephant, a Toronto-based ITIL consulting and training firm. Here is a condensed version of their responses.
How is ITIL related to IT Service Management?
Taylor: ITIL is one body of knowledge or set of practices that relates to service management, but not the only one. If you look at things like the ISO standards and control objectives for IT, they also fall under ITSM, but they are different bodies of knowledge with different purposes. ITIL is a part of ITSM.
Do organizations have to go through all the steps of the ITIL framework, or can they pick and choose?
Bernard: I would argue that every organization currently executes all of the services and activities that are mentioned in the ITIL books. They may not call them that, but they all do them. One problem, however, is a lack of consistency between the different people who perform these various services. An example is incident management, or fixing things. Some people on the team are more efficient at doing these things than others. So, if you get Bob to fix something, you are going to roll your eyes because you know it will take five days to get it fixed. But if you get Sally, you know it will be fixed by the end of the day.
The thing is, people often don't know what they don't know, and so they perform less efficiently. What you have to do is try to find the pockets of excellence and replicate them everywhere in the organization, which is where the ITIL processes come in.
Should organizations identify the "pockets of excellence" in each core service and tackle the services all at once? Or is it more common to start in one particular area, for example, change management or configuration management?
Taylor: Most often, organizations try to create order out of chaos. So, they will pick something within their IT spectrum that they seem to be having trouble with, like the customers are screaming that the help desk is a "helpless desk." So, IT will start looking at processes like incident management and service desk as a function, and try to make some improvements to raise the level of confidence that the customer has.
Typically when they have started to implement some of those measurable, repeatable processes, like service desk or incident management, they say, "Now that we are gathering all this information, we know what people are doing, and we're starting to see a pattern in the kind of incidents that are happening." And they realize that there is another problem at play. So, they will implement problem management. Then down the line, they discover, because they have all this great information, that every time they introduce a certain kind of a change, they create incidents -- something breaks. So, they know they have to implement change management.
Although there is no right or wrong answer to where you start, a lot of consultants agree that you should try to start by addressing some well-understood points of pain, because that helps garner acceptance of a new way of working. Then you can build on your success.
Bernard: What [IT leaders] should be trying to do is not to scare the customer away by putting in front of them five books called ITIL, with 26 processes and five phases and all of this stuff. Users are going to say, "No that is too big and it is not what I asked for." And you say, "You said, 'Fix the service desk,' and in order to fix the service desk, I need to do all this."
Keep it simple. Use the terminology that the customer thinks is the pain point. Once your service desk is fixed as a pain point, then you say, "Well, what else is not working so well for you?" and move on the next stage.
One of the things we hear from CIOs is that organizations will get very good at one aspect of the ITIL framework and then they get stuck and can't move beyond that. Any advice on unfreezing an ITIL initiative?
Taylor: This is really where continual service improvement (CSI) comes into play. One of the basic tenets within ITIL is that every process that you are using needs to be reviewed for its efficiency and effectiveness on a cyclical basis. And part of doing CSI well is having a look at where there are opportunities for improvement, and measuring how well you did this quarter compared with last quarter.
Organizations that are doing ITIL well, I would argue, actually aren't if they are stuck, because the organizations that do this well look for opportunities to improve -- and it is not just because it helps them move ahead. There is a cost associated with doing all of this, and one of the reasons for CSI is looking for further efficiencies and looking for greater return on investment. That is usually the catalyst that gets people thinking about how can they do this even better than they are doing it today.
I would definitely argue with anyone who said, "We are doing change management 100% really well, and we haven't changed anything in five years." I'd say, "Well, then you are doing something wrong."
One of the knee-jerk reactions we hear about ITIL is that it is does not tell you how you should do these processes. Any advice for CIOs who want more prescriptive guidance?
Taylor: Past versions of ITIL, I would agree, told you more about what you should do than how you should do it. And at that time, it was intentional, because there are so many different complexities and nuances in different organizations. It was difficult to be really prescriptive.
Version 3 of ITIL has a lot more prescriptions in terms of, here are some steps to follow and templates and things like that. But remember, this is a body of knowledge used all around the world by companies of all kinds. So, there has to be some level of "generic-ness" about it that makes it applicable to everyone.
I would definitely argue with anyone who said, 'We are doing change management 100% really well, and we haven't changed anything in five years.' I'd say, 'Well, then you are doing something wrong.'
Sharon Taylor, chief architect for ITIL; president of Aspect Group Inc.
But there is lots of information that has spun off the body of knowledge called ITIL that offers adaptations that have worked for particular industries. There are organizations like GM and Toyota, Pfizer and NASA, all of whom do this on a daily basis, with good case studies about their different approaches. So, we would advise that you have ITIL as a basic level of practice -- the beauty of which is that you can adapt to your own circumstance. But then there is also expertise in the industry that has been built by people who have walked in your footsteps that shows how they make these principles work in their sectors.
ITIL Version 3 came out June 1, 2007. Given how many changes we are seeing in computing, including cloud computing, what is next for ITIL?
Taylor: ITIL itself undergoes continual improvement, not only in terms of how it is used within organizations, but also in the body of knowledge itself. One of the nice things about ITIL is that things like cloud computing, virtual infrastructures, Software as a Service and different legislations are all still applicable within the basic body of knowledge.
Is there any danger in companies picking from both ITIL framework versions 2 and 3?
Taylor: Everything that was in Version 2 is in Version 3. It is just new, improved, bigger and better. The reason is [that] Version 3 has taken on more of the challenges that have happened since Version 2 was first released.
Now Version 2 is being retired. There were never intended to be any versions of ITIL. ITIL was always intended to be ITIL, and it would be updated and re-released with new and improved content based on best practices in the industry in any given point in time. So, Version 2, officially, the publications, will be retired soon.
Bernard: Again, people need to understand is that they already perform those IT activities. ITIL is about finding a way to make them consistent, repeatable and measurable, so that we know what we are doing and how well we are doing it.
Let us know what you think about the story; email Linda Tucci, Senior News Writer.