ITIL Version 3 Chapters

A. Complementary Industry Guidance

When ITIL was first introduced in the 1980s, there was little else available in terms of non-proprietary guidance on ITSM best practice.

Today, there are other frameworks or methodologies that have valid contributions to make in this area, that complement and have synergy with ITIL and which can be of assistance to Service Operation.

Al COBIT

The COBIT framework, produced by the Information Systems Audit and Control Association (ISACA) and managed by the IT Governance Institute, provides a very useful framework of guidance for IT audit and security personnel.

The current version of COBIT, edition 4, includes 34 High Level Control Objectives, 13 of which are grouped under the 'Deliver and Support Domain', which maps quite closely onto Still's Service Operation phase. These are entitled:

DS1 Define and manage service levels.
DS2 Manage third-party services.
DS3 Manage performance and capacity.
DS4 Ensure continuous service.
DS5 Ensure systems security.
DS6 Identify and allocate costs.
DS7 Educate and train users.
DS8 Manage service desk and incidents.
DS9 Manage the configuration.
DS10 Manage problems.
DS11 Manage data.
DS12 Manage the physical environment.
DS13 Manage operations.

Some aspects of Service Operation are also touched upon in some of the control objectives within other domains - but the vast majority of what COBIT has to say about the 'live operation' phase of IT is contained in the abovementioned control objectives. COBIT is primarily aimed at auditors, so has an emphasis on what should be audited and how, rather than including detailed guidance for those who are operating the processes that will be audited - but it has a lot of valid material which organizations may find useful.

It should be noted that COBIT and ITIL are not 'competitive' nor are they mutually exclusive - on the contrary, they can be used in conjunction as part of an organization's overall managerial and governance framework. ITIL provides an organization with bestpractice guidance on how to manage and improve its process to deliver high-quality, cost-effective IT services. COBIT provides guidance on how these processes should be audited and assessed to determine whether they are operating as intended and giving optimum benefit for the organization.

For a more complete overall picture, organizations may wish to read and become familiar with what COBIT has to say alongside their reading and understanding of ITIL. Further details of the standard can be found via ISACA at www.isaca.org

A2 ISO/IEC 20000

In December 2005 the International Standards Organization launched a formal international standard, ISO/ISE 20000, against which organizations can seek independent accreditation for ITSM. This was preceded by a British Standard, BS15000, which was originally introduced in 2000 and under which some organizations became accredited, but was superseded by ISO/ISE 20000 and accreditations were carried over.

While ISO/IEC 20000 initially mapped to the prior Service Support and Service Delivery publications of ITIL, the standard continues to map well to ITIL today and also covers IT Security, Business Relationship Management and Supplier Management. For organizations seeking formal accreditation to ISO/IEC 20000, so as to get external, international recognition for the success of their ITSM processes, there will be a significant involvement by Service Operation staff in preparing for and undergoing the formal surveillance necessary to achieve the standard.

Further details of the standard can be found via the itSMF at www.itsmf.com or the ISO at www.iso.org

A3 CMMI

The Capability Maturity Model@ Integration (CMMI) is a process improvement approach developed by the Software Engineering Institute (SEI) of Carnegie Mellon University. CMMI provides organizations with the essential elements of effective processes. It can be used to guide process improvement across a project, a division, or an entire organization. CMMI helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes and provide a point of reference for appraising current processes. For more information, see http://www.sei.cmu.edu/cmmi/.

A number of IT consultancy organizations have built the maturity model into their ITSM assessment services as a way of assisting organizations prepare for and judge process improvements - including those in the Service Operation area. Organizations may wish to use some form of the model to help drive their path towards independent ISO/ISE 20000 accreditation.

A4 BALANCED SCORECARD

A new approach to strategic management was developed in the early 1990s by Drs. Robert Kaplan (Harvard Business School) and David Norton. They named this system the 'Balanced Scorecard'. Recognizing some of the weaknesses and vagueness of previous management approaches, the balanced scorecard approach provides a clear prescription as to what companies should measure in order to 'balance' the financial perspective. The Balanced Scorecard suggests that the organization is viewed from four perspectives, and it is valuable to develop metrics, collect data and analyse it relative to each of these perspectives:

The Learning and Growth Perspective
The Business Process Perspective
The Customer Perspective
The Financial Perspective.

Some organizations may choose to use the Balanced Scorecard method as a way of assessing and reporting their IT quality performance in general and their Service Operation performance in particular. Further details are available through the Balanced Scorecard User Community at www.scorecardsupport.com.

A5 QUALITY MANAGEMENT

There are distinct advantages of tying an organization's ITSM processes, and Service Operation processes in particular, to its quality management system. If an organization has a formal quality management system such as ISO9000, Six Sigma, TQM etc. then this can be used to assess progress regularly and drive forward agreed service improvement initiatives through regular reviews and reporting.

Many organizations have used a regular annual audit or external assessment as a way of determining the required improvements - and then their Quality Management system to drive through the specific programmes of work.

A6 ITIL AND THE OSI FRAMEWORK

At around the time that ITIL v1 was being written, the International Standards Organization launched an initiative that resulted in the Open Systems Interconnection (OSI) framework. Since this initiative covered many of the same areas as did the ITIL team, it is not surprising that they covered much of the same ground.

However, it is also not surprising that they classified their processes differently, used different terminology, or used the same terminology in different ways. To confuse matters even more, it is common for different groups in an organization to use terminology from both ITIL and the OSI framework.

Although it is not in the scope of this publication to explore the OSI framework, it has made significant contributions to the definition and execution of ITSM programmes and projects around the world. It has also caused a great deal of debate between teams that do not realize the origins of the terminology that they are using.

For example, some organizations have two Change Management departments - one following the ITIL Change Management process and the other using the OSI's Installation, Moves, Additions and Changes (]MAC) model. Each department is convinced that it is completely different from the other, and that they perform different roles. Closer examination will reveal that there are several areas of commonality.

In Service Operation, the management of Known Errors may be mapped to Fault Management. There is also a section related to Operational Capacity Management, which can be related to the OSI's concept of Performance Management.