After years of early scepticism, ITIL - the Information Technology Infrastructure Library first assembled for the UK government in the late 1980s - is finally going mainstream.
When you have not had an IT section for seven-and-a-half long years and you are about to create one from scratch, you had better plan on doing all that you can to ensure your customer service capability and governance are ready to deliver from day one.
So when the Department of Finance and Administration (DOFA) transitioned from a fee-for-service outsourcing deal with IBM last November to a selective sourcing model that required it to insource its service desk, infrastructure and governance, it looked to the Information Technology Infrastructure Library (ITIL) to provide a strong governance and service improvement ethic.
Mark Seinor, branch manager IT services, says under the new insourcing arrangements, which apply the recommendations in the Humphrey Report (December 2000), that agency heads be responsible for selecting IT outsourcing models to meet their requirements, the vendor provides only operational support, while DOFA "owns" the infrastructure, governance, security and the service desk.
"We manage the actual delivery of IT and the client experience level, and as part of changing that governance model and changing our purchasing model, we instituted ITIL to provide that governance and service improvement ethic into the organization."
He says ITIL is delivering operationally, and is particularly proving its worth at a tactical level, where it is giving DOFA visibility into how it looks at issues and trends as well as the way it approaches further improvements.
"We look at instances within themselves to see if they are actually a problem systemically and then we deal with the problem - not just fixing one incident that might happen 30 times but looking at the root cause, for example," he says.
ITIL, written for the UK government sector in the late 1980s, is a repository of information cataloguing leading practices in IT service management, focusing on operational service delivery. Describing 11 major entities, processes and disciplines within the two broad categories of Service Support and Service Delivery, it enjoys a strong following in Europe, and after years of early scepticism, is becoming increasingly popular in the US. Some analysts believe that after a long delay, ITIL is finally making a claim to become the de facto standard methodology for internal IT service delivery processes.
"ITIL represents best practice - as well as we can say what best practice is - at an IT operational level on a global scale," says Gartner senior analyst Steve Bittinger. "Organizations that go down that track produce credibility for themselves and there are often very real, tangible cost savings and qualitative service improvements that they can achieve."
With ITIL now beginning to transition from merely describing service delivery processes to helping organizations actually implement these processes and measure service quality, research groups expect to see widespread adoption of ITIL best practices by internal IT departments over the next few years.
Gartner has just completed a survey of ITIL adoption in the Asia-Pacific region. Bittinger says preliminary indications suggest some 44 percent of organizations with more than 500 employees have adopted ITIL in Australia, compared with 22 percent in Singapore and just 6 percent in Hong Kong. Gartner surveyed a total of 126 organizations from both the public and private sectors, excluding "external service providers".
"This preliminary data shows that Australian organizations are generally more advanced in adopting ITIL practices," Bittinger says.
One reason for the high take-up of ITIL at federal government level has been the impact of high levels of outsourcing. Bittinger says departments that have not yet been outsourced understand they need to demonstrate their competency and benchmark themselves against external providers. ITIL is one of the ways of demonstrating that excellence. "Essentially, ITIL represents world best practice at an IT operational level," he says.
Principal of research company ITR Mark Hollands agrees, writing about ITIL in CIO magazine recently: "Government is the biggest fan in Australia, probably because IT staff realized at some point that if they could not show a proven methodology behind their operations then they would probably be outsourced to IBM or someone - a fate worse than . . . working for government."
For most of its adopters, IT configuration management is a major preoccupation. In May, business service management company Managed Objects released a survey conducted by Enterprise Management Associates (EMA), showing enterprise IT leaders have made monitoring and managing the IT configuration a top IT priority, with 86 percent reporting an immediate or long-term need to manage it more accurately. IT managers also report they are working to improve IT service management through adoption of process maturity models, with more than two-thirds (68 percent) currently using a standard process model. Of the group using a process maturity model more than half (51 percent) are specifically implementing ITIL.
"As IT moves from simple silo-based management to more complex services management, the need for a better understanding of issues around IT infrastructure and the impact of changes in that infrastructure have become paramount," says EMA research director Lisa Erickson-Harris. "Better management of IT change and configuration can be accomplished by utilizing process maturity models, implementing CMDBs [configuration management databases] wisely, and modelling and visualizing both the infrastructure and the relationships between elements."
This is the year ITIL is going mainstream, agrees Forrester analyst Thomas Mendel. "Implementations will be tightly connected to the infrastructure management tools that companies use, as these tools contain more and more ITIL best practices out of the box. Rather than implementing ITIL in isolation, companies should take the opportunity to map their core IT services and upgrade their infrastructure management systems in conjunction with the ITIL implementation."
There is no doubt that for some organizations, ITIL is definitely delivering high value, says S2 Intelligence managing director Bruce McCabe. When his company surveyed 400 projects 18 months ago that the IT manager had described as bringing the highest returned value to the company in a 12-month period, ITIL made the cut.
"There were people nominating it as the highest value thing that they were about to do. That means it is delivering value at least somewhere. And I picked up ITIL in just about every university in Australia, so if you're looking at early adopters and aggressive adopters, it's the universities."
One of the best known public sector Australian adopters of ITIL is the Department of Employment and Workplace Relations (DEWR), which took up the process and practices in 2001 to enhance support and management of 5000 PCs, 800 servers and a 1000-MIPS mainframe capacity.
DEWR's IT Services Group turned to ITIL after discovering its processes for problem and incident management, and configuration and release management were poorly defined, leading to blurred roles, disjointed responses and slow resolution of issues. ITIL processes now play a vital role in configuration and release management as well as problem and incident management.
The Australian Taxation Office, Centrelink, the Department of Defence and interstate health agencies have all consulted DEWR on its ITIL use. The department says establishing a sound base with its configuration management practices will allow it to significantly leverage other key disciplines governed by ITIL, such as incident and problem management, so as to identify clearly the impact of service outages on clients.
"We use infraActive to support our IT service management processes, principally service desk, incident management, problem management, change management and configuration management," says DEWR assistant secretary Mark Haughey. "The big change we have made [recently] was to put infraActive on a formal business footing like any other application system we have, rather than treat it as a bit of infrastructure.
"This meant we stopped blaming the tool for any perceived shortcomings in processes and were able to work more cooperatively amongst the various stakeholders to use it to improve our processes."
Haughey says DEWR's adoption of ITIL has given it a common language with many other IT shops and the ability to assist, and learn, from them. "I consider this to be one of the big strengths of ITIL. It even extends to having a common purpose with auditors and indeed makes the whole audit process a lot simpler. In the past 12 months we have conducted a dozen performance audits of our IT processes, all confirming the approach we are taking and acknowledging the progress we have made," he says.
Another enthusiastic adopter is CITEC, a commercialized business unit of the Queensland government, which has more than 90 staff qualified in ITIL, eight of whom have achieved an ITIL manager's certificate in IT service management (master level).
"As a service provider, no matter whether we are providing services to the public sector or the private sector, we use the same philosophy around the ITIL framework and we find our best interactions with customers are where the customers are also operating at that same level," says manager of the service quality and strategies unit Peter Marshall. "I know there is a push within Queensland government to establish standards around certain frameworks, and there's a review at the moment on a paper to mandate some standards for information providers."
Marshall says a number of Queensland government departments have adopted the ITIL framework, as governments struggle to see how ITIL can assist whole-of-government strategies.
Another enthusiastic user is InTACT, the ACT government's insourced IT service provider, which has had a formal program under way for about two years aimed at aligning its service management processes to ITIL and its associated standards (AS8018/BS15000).
"What ITIL offers is consistency in terms of the processes that we operate within across the organization. It provides us with the common language, and a common core understanding of our internal process," says InTACT general manager Michael Vanderheide. "Part of what InTACT has been attempting to do for the last two or three years is just gradually increasing the professionalism of the work that we do, and we saw the adoption of the ITIL framework as one core element of achieving that goal."
Vanderheide says so far about 87 percent of the 240 staff and contractors have been trained to varying degrees - some of them on the foundations, some of them on the essentials, some of them as specialists. "I myself have gone through the manager's certificate and master certificate process and am just waiting on my results," he says. And he says as the government brings agency-based IT staff into a merged IT organization with the existing InTACT staff some of the additional 160 staff expected to sit under the InTACT umbrella will also undergo ITIL training.
Vanderheide says ITIL is helping InTACT become more professional, it is providing a common language across the organization, and is either breaking down silos or at least providing bridges across silos in terms of the services on offer.
"The processes themselves cross the silos, cross functional areas, so one of the strengths of ITIL is that it gives you a consistent, holistic picture of IT service delivery across the organization. It doesn't really matter how you're structured, the services that are offered are set out within the ITIL framework from beginning to end, regardless of what boundaries or organization structure you put in place," he says.
Centrelink is using ITIL to improve its processes around incident management, while the Department of Industry, Tourism and Resources (DITR), which is heavily into selective sourcing and has engaged both insourced and outsourced resources for elements of ICT support, is relying on the ITIL approach to regain end-to-end ownership of processes, better align ICT to the business requirements, better deliver to SLAs and drive cost efficiency.
DEWR's Haughey gave some insights into critical success factors and lessons learnt in a case study published by Gartner in June 2002, which still holds true today.
He noted that ITIL's framework is not an inflexible set of standards; the guidelines can be adapted to suit different business and organizational environments. He also noted that organizations should not spend time in areas where processes are satisfactory and close to complying with ITIL guidelines (see "ITIL Limitations", left).
Haughey warned that part-time implementation of ITIL processes will slow project completion but result in easier adoption by staff, that organizations should identify areas for quick wins to demonstrate the value of improved processes and that process improvement always requires a senior executive to champion the endeavour while promoting the values and maintaining the project's focus. An active steering committee is also essential to sustain participation across the management team.
Haughey told CIO Government that release management proved to be not only a huge success, but "a big sleeper". "I wasn't expecting it, but it has been the big success and it is a big success because if you're handling releases well or if you have a look at it across a good number of releases, you'll automatically be getting a look at those things that are changing in the place."
DEWR's current challenges include completion of an ICT service catalogue and configuration management. He says DEWR now has a robust CMDB, which has proved very beneficial in support of IT asset management. "We are continuing to automate discovery processes using standard vendor tools such as SMS, Ciscoworks, MarkVison and Insight Manager," he says. "The demanding part is being able to accurately define relationships between CIs [configuration items]."
The other challenge is change management - without a doubt the hardest IT service process to do right. "The challenges resolve around granularity of change and distinguishing between real change and routine service requests," he says. "We have found tight coupling with release management to be the best way to progress improving change management (and also configuration management).
"It would have been a real help if ITIL had more practical real-life examples and extracts of service catalogues and CMDBs.
"Adoption of ITIL is best addressed as a gradual thing as it is a cultural change and as such takes time to bring everyone into the new way of working," Haughey warns. "This would be hard enough at the best of times, but is a real challenge in a dynamic and complex technology and business environment as run by DEWR."
InTACT's Vanderheide warns that since ITIL's primary focus is around the infrastructure space, it has in his view relatively little to offer on the applications development side of things aside from change and release management.
Still, with InTACT about to undergo a major centralization exercise, he thinks ITIL will help to overcome difficulties associated with differing levels of maturity found across the ACT government. "I believed ITIL will help address that - it provides the independent and recognized industry best practice framework to allow everybody to come to the table and assess where they are, but also plan a consistent way forward," he says.
One of the big issues within any cultural change program is getting people moving at a similar speed so that you do not have a disjointed sense of what is happening, notes Peter Loone, director of IT service support, Department of Finance and Administration.
"We had a great opportunity in developing a new capacity in Finance to build ITIL from the ground up, but ITIL doesn't live within one area of your capacity - it lives right across the board in your organization. What is important is having senior management understand the full ITIL approach and how that impacts on the business and the service delivery, but also - and this has been a challenge but I think we have had good wins here - engaging the service provider. We have engaged the service provider to assist us and although we have had the opportunity to build ITIL from the ground up, they haven't necessarily had the same opportunity. So trying to get us both moving forward at a similar speed can be a challenge and that can be the same for any organization bringing on board a service provider - ensuring the service provider is able to keep up with the organization in implementation of ITIL.
"You need to keep the education process going, make sure that everything is communicated through the eyes of ITIL so that nothing slips through the cracks and becomes a rogue process."
DOFA's Seinor notes ITIL is not just about service and architecture, but also about risk management and how the environment is managed to deliver core services.
"It is not just a mantra, it really has to integrate into a business approach to your providers, both internally and externally, so that people have a common view not only of what you are trying to achieve but clearly also an understanding of the process procedures, so there are efficiencies and no misunderstanding, so there is a common goal.
"That means an education program up to chain in terms of your senior management, understanding how you're trying to align with the business and make sure high availability and those things are highest on your agenda, and also engaging your service providers to act smarter and align with your practices so that it's easier to do business with them and is easier to effectively achieve outcomes with clear focus on clear accountability," he says.
Once all that is achieved, ITIL is just the ticket.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.