ITIL is one of the most common frameworks for IT service management. However, questions and misunderstandings abound regarding this set of popular practices. In this article, we'll address the following (and more):
- What is ITIL, exactly?
- What problems does it solve?
- What authority does it claim to have?
- Who is behind ITIL?
Where ITIL came from
The language of IT is focused on the work -- servers, routers, applications and databases. The end customers, on the other hand, are interested in what the computers can do, processing payroll, generating leads, sending emails and so forth. As one introduction puts it, the customer wants a restaurant experience, while IT tends to act more like a wholesale grocery store.
The customer wants to order complete meals off a menu (websites, mobile applications, etc), not assemble ingredients out of servers, databases, frameworks, and so on.
To change the thinking and reduce friction between agencies, in the 80s the United Kingdom's Central Computer and Telecommunications Agency began building what was called, the Information Technology Infrastructure Library. Today it is just called ITIL and is owned by AXELOS, a joint venture of Her Majesty's Cabinet Office and Capita PLC.
ITIL as a whole
The focus of ITIL is based on the value of what IT provides; not the tools, but the results. Therefore, service is a term ITIL uses often and defines as "A means of delivering value to customers by facilitating outcomes that customers want to achieve without the ownership of specific costs and risks." In other words, IT exists to meet a customer need and not inject policy. IT costs should not matter to the customer; the customer should focus on the cost per specific result, and manage risk through service agreements. Service management according to ITIL is the "Implementation and Management of Quality IT Services that meet the needs of the business."
This makes IT more of a utility, like how we purchase electricity, than a do-it-yourself-kit. It's worth noting that Amazon has come remarkably close to this with its cloud computing initiatives, turning renting CPU cycles by the hour into a utility.
Once we understand service and service management, ITIL consists of five major areas: Service strategy, service design, service transition, service operation and continual service improvement.
The big picture of ITIL can be intimidating (see image), so let's talk about these issues one at a time.
Functions and roles
ITIL classifies teams into four main groups:
Using ITIL does not mean you have to organize IT into these four groups. Modern teams organized by a customer support segment or feature-group may find this structure a step backward. ITIL simply suggests this division as a way of talking about responsibilities; it does not force it. In a fluid organization, a technical staff member may belong to two different groups, on two different projects, at the same time -- or perhaps two groups on the same project!
ITIL service strategy
Service strategy addresses three questions:
This thinking pushes the focus toward creating a simple, fast, easy interface between IT and the customer. Internal IT groups find they can differentiate by understanding the customer and their problems, and applying solutions more directly than external groups. On the technical side, this might mean features like single-sign-on or eliminating redundant data entry.
ITIL further breaks service strategy down into five key areas: Business relationship management, service portfolio management, financial management for IT services, demand management and strategy management for IT services.
The very idea of a service catalogue implies that IT simply performs pre-defined operations, much like the menu in our prior restaurant example. IT organizations that are helping to create new possibilities in radically dynamic organizations may still use the terms as a guideline, but define them more loosely.
A strategy is wonderful, but it won't actually define what the team will do, or how it will be done. That part is the role of service design; deciding what the new or changed services will be in the production environment. Service design includes the following processes: Design coordination, service-level management (SLA's), service catalogue management, supplier management, availability and capacity management, IT service continuity management and information security management.
In ITIL, service transition is all of the activities surrounding changing services. Because the trend is increasingly toward self-service from software, service transition is often the process of deploying new software and hardware, and configuring that software and hardware, to support some new activity or change in activity.
This can be as simple as a change to a report to add a new column to a PDF file, or as a complex as deploying an entirely new ERP system. The focus of the conversation with the customer is not on the "ERP System," but instead on the new capabilities and the timing of the switchover. That's a major change for many IT departments.
Like service strategy, service transition includes a large number of sub-categories, including transition planning and support, change management, service asset and configuration management, release and deployment management, knowledge management, change management, service validation and testing.
ITIL service operation
Where service transition is about managing change, service operation is about day to day operation of existing systems; the activities and processes of operations. This includes both ongoing operations (the nightly batch run that creates transactions), but also making sure the operations happen, dealing with down servers, network outages, hard drives that are too full and so on. ITIL service operation breaks down into the following categories: Event management, incident management, request fulfillment, problem management and access management.
ITIL continual service improvement
In order to remain relevant, IT services need to evolve along with the changing needs of the business and technical environment. That means identifying opportunities for improvement, deciding which improvements have the most value, determining a priority for improvements, and, of course, actually making the improvements happen. CSI "in the wild" does not look like a single "special projects" manager, but instead may be several projects, or even a culture of experimentation and adapting.
The model that ITIL suggests for improvement is based on Deming's Plan->Do->Check->Act cycle, which consists of small experiments that are validated before actually making the change, and monitoring and adjusting to ensure success.
Putting it all together
At its heart, ITIL is about understanding the customer and presenting the customer with options that make sense. That includes understanding all the standard parts of IT, like provisioning, planning, testing and deploying changes, while presenting an interface that is based on services that make sense to that customer. In today's IT environment those services, like the operating systems and hardware we support, are constantly changing. ITIL focuses on aligning the customer's idea of improvement with the IT organization while using measures that have meaning to the customer.
How to get started
Most organizations start by training the IT staff in terminology, either sharing a computer-based course or an in-person course -- then adopting those terms and processes incrementally.
Keep in mind that ITIL is not a methodology. It doesn't tell the staff what to do. Nor is ITIL prescriptive; it doesn't tell the team how to do the work. Instead, ITIL provides a framework, a way of thinking about how IT delivers solutions to the business. So 'adoption' might mean something like this:
- Identify how the work is done in the business currently, and how that maps to ITIL.
- Change terms and processes to map to ITIL.
- Identify gaps -- things in ITIL the current IT strategy does not have.
- Determine which gap to close first.
- Take corrective action to close the gaps that make sense.
IITIL for Dummies makes the claim that ITIL is scalable, that One size fits all'. It doesn't matter if you have three people in your IT department or 3,000, ITIL is just as applicable." This extraordinary claim that ITIL can scale up or down to any level and applies to all companies calls to mind the famous David Hume line, that extraordinary claims require extraordinary evidence. It is hard to grasp the scale of DaVinci's Horse, in Grand Rapids, Michigan, without something to compare it to.
Small organizations choosing to implement ITIL may do well to be skeptical, to count the cost and expected results. Then again any organization attempting to implement ITIL may be better off taking small experiments and considering the results, taking more of a lean startup approach, or "plan do check act" approach than a multiyear funded implementation.
ITIL certification is about the individual, not the company. ITIL certificates show that the person understands the concepts, terms, and guidance that ITIL offers. As of 2014, the current ITIL individual certifications are foundations, intermediate and master. Like many certification schemes, the training moves up from a 2-to-3 day class or computer-based training that starts with memorizing terms then moves on to demonstrations of understanding. Intermediate certification breaks ITIL down into nine different modules, such as service design, service strategy and service transition. Candidates with two years of hands-on IT experience can take these tests in any order, qualifying as intermediate' in that module. Qualifying as an expert requires 17 credits from the foundation and intermediate exams, a new module, called "Managing Across the Lifecycle," and the expert test, which is broad and comprehensive. The master level requires five years of IT leadership experience and is a more personalized, interview-and-skills based exam.
Because ITIL is a guidance, not a rule, there is no concept of 'compliance', so you cannot get a department, team, or company ITIL Certified'; only the people that work in that organization.
The language of ITIL is a language of best practices; it might be more accurate to say "the best practices that we know of right now for companies like ours." In other words, there are no objective measures used to determine that ITIL is best; it is simply the best job that Her Majesty's Cabinet could determine to give to organizations to make IT work more effectively. John Seddon's work, for example, discredits recent public sector reform agendas, claiming they actually make performance worse -- see his claim roughly six minutes into this video RH1 -- and based on the cost overruns and mismanagement that is endemic in public-sector IT in the UK, organizations looking to adopt ITIL may do well to take a skeptical, piece at a time approach.
Other groups, such as Context-Driven Testing, insist that best practice language is not an engineering term at all, but a marketing term, and suggest caution.
ITIL is one way to look at managing IT among many. If it can be helpful, then it is helpful. When it is not helpful ... then it is nothelpful.
Where to go for more
AXELOS, the joint venture between Her Majesty's Cabinet Office and Capita PLC, has plenty of information about ITIL on their website, including self-study courses. Other common resources include ITIL for Dummies, which can help prepare for the ITIL foundations exam, live in-person training, or the original sourcebooks themselves, available from Amazon for around five hundred dollars. Sybex offers a foundation exam study guide and Emero, an online course and book for a fraction of that amount, but the material will not be first hand.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.