article

The Information Technology Infrastructure Library (ITIL) is a framework of best practice approaches intended to facilitate the delivery of high quality information technology (IT) services. ITIL outlines an extensive set of management procedures that are intended to support businesses in achieving both quality and value for money in IT operations. These procedures are supplier independent and have been developed to provide guidance across the breadth of IT infrastructure, development, and operations.

Although developed during the 1980's, ITIL was not widely adopted until the mid 1990's. This wider adoption and awareness has led to a number of standards, including ISO/IEC 20000 which is an international standard covering the IT Service Management elements of ITIL. ITIL is often considered alongside other best practice frameworks such as the Information Services Procurement Library (ISPL), the Application Services Library (ASL), Dynamic Systems Development Method (DSDM), the Capability Maturity Model (CMM/CMMI), and is often linked with IT governance through Control Objectives for Information and related Technology (COBIT).

IT Service Management as a concept is related but not equivalent to ITIL. ITIL contains a subsection specifically entitled "IT Service Management" (the combination of the Service Support and Service Delivery volumes which are a specific example of an ITSM framework), however it is important to note that other such frameworks exist. ITIL Service Management is currently embodied in the ISO 20000 standard (previously BS 15000).

ITIL is built around a process-model based view of controlling and managing operations often credited to W Edwards Deming. The ITIL recommendations were developed in the 1980's by the Central Computer and Telecommunications Agency (CCTA) of the UK Government in response to the growing dependence on information technology and a recognition that without standard practices, government agencies and private sector contracts were independently creating their own IT management practices and duplicating effort within their Information and Communications Technology (ICT) projects resulting in common mistakes and increased costs.

ITIL is published in a series of books, each of which covers a core area within IT Management. The names ITIL and IT Infrastructure Library are Registered Trade Marks of the Office of Government Commerce (OGC), which is an Office of the United Kingdom's Treasury. The content of the books is protected by Crown Copyright.

In April, 2001 the CCTA was merged into the Office of Government Commerce (OGC) and disappeared as a distinct organization. Office of Government Commerce (UK). CCTA and OGC. Retrieved May 5, 2005.

In December 2005, the OGC issued notice of an ITIL refresh Office of Government Commerce. ITIL Refresh Statement. Retrieved February 13, 2006., commonly known as ITIL v3, which is planned to be available in late 2006. ITIL Version three publication is expected to initially include five core texts namely: IT Service Design, IT Service Introduction, IT Service Operations, IT Service Improvement and IT Service Strategies consolidating much of the current v2 practice around the Service Lifecycle.

One of the primary benefits claimed by proponents of ITIL within the IT community is its provision of common vocabulary, consisting of a glossary of tightly defined and widely agreed terms. A new and enhanced glossary has been developed as a key deliverable of the the ITIL Refresh Project.

Certification

Individuals may achieve various official ITIL certifications. ITIL qualifications standards are managed by the ITIL Certification Management Board (ICMB) which comprises OGC, itSMF International and the two existing Examinations Institutes: EXIN (based in Holland) and ISEB (based in the UK).

Examinations are administered and qualifications awarded by EXIN and ISEB. Both examinations institutions award qualifications at Foundation, Practitioner and Manager/Masters level currently in 'ITIL Service Management', at Practitioner level in 'ITIL Application Management' and at Manager/Masters level in 'ICT Infrastructure Management'.

A voluntary registry of ITIL-certified practitioners is operated by the ITIL Certification Register.

It is not possible to certify an organization or a management system as "ITIL-compliant," however an organisation that has implemented ITIL guidance in IT Service Management may be able to achieve compliance with and seek certification under ISO/IEC 20000.

In June 2006 the OGC announced that it had selected a preferred bidder as a commercial partner for ITIL accreditation - The APM Group. The OGC's failure to further formalize institutional relationships with the ITSMF as part of these activities has been controversial.

ITIL history, precursors and alternatives

What is now called ITIL version 1, developed under the auspices of the CCTA was entitled "Government Information Technology Infrastructure Method" (GITM) and over several years eventually expanded to 31 volumes in a project initially directed by Peter Skinner and John Stewart at the CCTA. The publications were retitled primarily as a result of the desire (by Roy Dibble of CCTA) that the publications be seen as guidance and not as a formal method and as a result of growing interest from outside of the UK Government.

Many of the core service management concepts did not originate within the original CCTA project to develop ITIL. IBM claims that its "Yellow Books" (A Management System for the Information Business), Van Schaik, E. A. (1985). A Management system for the Information Business. Englewood Cliffs, NJ, Prentice-Hall, Inc. ISBN 0135499658 were key precursors. According to IBM:

"In the early 1980s, IBM documented the original Systems Management concepts in a four-volume series called A Management System for Information Systems.* These widely accepted “yellow books,” ... were key inputs to the original set of ITIL books." and .

Other IBM Publications and comments by ITIL authors clarify that the "yellow books" were a significant input to ITIL Service Support but that the Service Delivery volume didn't draw on them to the same extent.

Further evidence on this (pro or con) is lacking, but the ongoing involvement of IBM (as well as many other vendors and consultants) in ITIL authorship is a matter of record, visible in the front matter of the ITIL volumes.

Alternatives

Outside of ITIL, other IT Service Management approaches exist, including the Enterprise Computing Institute's library covering general issues of large scale IT management, including various Service Management subjects.

The BECTA Framework for ICT Technical Support (FITS) has been developed by the British Eductional Communications and Technology Agency and is based on ITIL but slimmed down for UK primary and secondary schools (which often have very small IT departments). Similarly, The Visible OPS Handbook: Implementing ITIL in 4 Practical and Auditable Steps claims to be based on ITIL but to focusing on the biggest "bang for the buck" elements of ITIL.

Criticisms of ITIL

ITIL has come in for criticism on several fronts. Concerns include:

  • The fact that many ITIL advocates seem to think it is a holistic, all-encompassing framework for IT governance
  • Its tendency to turn into a religion

As Jan van Bon (author and editor of many IT Service Management publications) notes,

There is a lot of confusion about ITIL, stemming from all kinds of misunderstandings about its nature. ITIL is, as the OGC states, a set of best practices. The OGC doesn’t claim that ITIL’s best practices describe pure processes. The OGC also doesn’t claim that ITIL is a framework, designed as one coherent model. That is what most of its users make of it, probably because they have such a great need for such a model...

CIO Magazine columnist Dean Meyer has also presented some cautionary views on the framework, Meyer, Dean, 2005. "Beneath the Buzz: ITIL", CIO Magazine, March 31, 2005 including five pitfalls such as "becoming a slave to outdated definitions" and "Letting ITIL become religion." As he notes, "...it doesn't describe the complete range of processes needed to be world class. It's focused on ... managing ongoing services."

The quality of the library's volumes is seen to be uneven. For example, van Herwaarden and Grift note, “the consistency that characterized the service support processes … is largely missing in the service delivery books."van Herwaarden, H. and F. Grift (2002). "IPW(tm) and the IPW Stadia Model(tm) (IPWSM)". The guide to IT service management. J. Van Bon. London, Addison-Wesley: 97-115.

Overview of the Library

The IT Infrastructure Library (ITIL) is so named as it originated as a collection of books each covering a specific 'practice' within IT management. After the initial published works, the number of publications quickly grew (within ITIL v1) to over 30 books. In order to make ITIL more accessible (and affordable) to those wishing to explore it, one of the aims of the ITIL v2 project was to consolidate the works into a number logical 'sets' that aimed to group related sets of process guidelines for different aspects of the management of Information Technology systems, applications and services together.

While the Service Management sets (Service Support and Service Delivery) are by far the most widely used, circulated and understood ITIL publications, ITIL provides a more comprehensive set of practices as a whole. Proponents believe using the broader library provides a comprehensive set of guidance to link the technical implementation and operations guidelines and requirements with the strategic management, operations management and financial management of a modern business.

The eight ITIL books and their disciplines are:

The IT Service Management sets

1. Service Delivery
2. Service Support

Other operational guidance

3. ICT Infrastructure Management
4. Security Management
5. The Business Perspective
6. Application Management
7. Software Asset Management

To assist with the implementation of ITIL practices a further book was published providing guidance on implemetation (mainly of Service Management):

8. Planning to Implement Service Management

and this has more recently been suplemented with guidlines for smaller IT units, not included in the original eight publications:

9. ITIL Small-Scale Implementation.

Details of the ITIL Framework

Service Support

The Service Support ITIL discipline is focussed on the User of the ICT services and is primarily concerned with ensuring that they have access to the appropriate services to support the business functions.

To a business, customers and users are the entry point to the process model. They get involved in service support by:

  • Asking for changes
  • Needing communication, updates
  • Having difficulties, queries.

The service desk is the single contact point for the customers to record their problems. It will try to resolve it, if there is a direct solution or will create an incident. Incidents initiate a chain of processes: Incident Management, Problem Management, Change Management, Release Management and Configuration Management (see following sections for details). This chain of processes is tracked using the Configuration Management Database (CMDB), which records each process, and creates output documents for traceability (Quality Management).

Service Desk

Incident Management

Problem Management
The goal of Problem Management is to minimize the adverse impact of incidents and problems on business that are caused by errors within the IT infrastructure, and to prevent recurrence of incidents related to these errors. A `problem' is an unknown underlying cause of one or more incidents, and a `known error' is a problem that is successfully diagnosed and for which a work-around has been identified. The CCTA defines problems and known errors as follows:

A problem is a condition often identified as a result of multiple Incidents that exhibit common symptoms. Problems can also be identified from a single significant Incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant.

A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a Work-around.

Problem management is different from incident management. The principal purpose of problem management is the detection, resolution, and prevention of incidents; incident management records the incident.

The problem management process is intended to reduce the number and severity of incidents and problems on the business, and report it in documentation to be available for the first-line and second line of the help desk. The proactive process identifies and resolves problems before incidents occur. These activities are:

  • Trend analysis;
  • Targeting support action;
  • Providing information to the organization.

The Error Control Process is an iterative to process known errors until they are eliminated by the successful implementation of a change under the control of the Change Management process.

The Problem Control Process aims to handle problems in an efficient way. Problem control identifies the root cause of incidents and reports it to the service desk. Other activities are:

  • Problem identification and recording;
  • Problem classification;
  • Problem investigation and diagnosis.
The standard technique for identifying the root cause of a problem is to use an Ishikawa diagram, also referred to as a cause-and-effect diagram, tree diagram, or fishbone diagram. An Ishikawa diagram is typically the result of a brainstorming session in which members of a group offer ideas to improve a product. For problem-solving, the goal will be to find the cause and effect of the problem.

Ishikawa diagrams can be defined in a meta-model.

First there is the main subject, it's the backbone of the diagram what we try to solve or improve, the main subject is derived from a cause. The relationship between a cause and an effect is a double relation, a cause is result of effects, and the effect is the root of causes. But there is just one effect for several causes and one cause for several effects.

Configuration Management
Configuration Management is a process that tracks all of the individual Configuration Items (CI) in a system. A system may be as simple as a single server, or as complex as the entire IT department. Configuration Management includes:
  • Creating a parts list of every CI (hardware or software) in the system.
  • Defining the relationship of CIs in the system
  • Tracking of the status of each CI, both its current status and its history.
  • Tracking all Requests For Change to the system.
  • Verifying and ensuring that the CI parts list is complete and correct.

There are five basic activities of Configuration Management:

  • Planning: The Configuration Management plan covers the next three to six months in detail, and the following twelve months in outline. It is reviewed at least twice a year and will include a strategy, policy, scope, objectives, roles and responsibilities, the Configuration Management processes, activities and procedures, the CMDB, relationships with other processes and third parties, as well as tools and other resource requirements.
  • Identification: The selection, identification and labelling of all CIs. This covers the recording of information about CI's, including ownership, relationships, versions and unique identifiers. CIs should be recorded at a level of detail justified by the business need, typically to the level of "independent change".
  • Control: This gives the assurance that only authorised and identifiable CIs are accepted and recorded from receipt to disposal. It ensures that no CI is added, modified, replaced or removed without the appropriate controlling documentation e.g. approved RFC, updated specification. All CIs will be under Change Management Control.
  • Status Accounting: The reporting of all current and historical data concerned with each CI throughout its life-cycle. It enables changes to CIs and tracking of their records through various statuses, e.g. ordered, received, under test, live, under repair, withdrawn or for disposal.
  • Verification and Audit: This is a series of reviews and audits that verifies the physical existence of CIs, and checks that they are correctly recorded in the CMDB. It includes the process of verifying Release and Configuration documentation before changes are made to the live environment.

Change Management
.

Release Management
Release Management is used for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. Proper Software and Hardware Control ensure the availability of licensed, tested, and version certified software and hardware, which will function correctly and respectively with the available hardware. Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. This guarantees that all software can be conceptually optimized to meet the demands of the business processes. The goals of release management are:
  • Plan to rollout of software
  • Design and implement procedures for the distribution and installation of changes to IT systems
  • Communicate and manage expectations of the customer during the planning and rollout of new releases
  • Control the distribution and installation of changes to IT systems
The focus of release management is the protection of the live environment and its services through the use of formal procedures and checks.

Service Delivery

The Service Delivery discipline is primarily concerned with the pro-active and forward looking services that the business requires of its ICT provider in order to provide adequate support to the business users, it is focussed on the business as the Customer of the ICT services (compare with: Service Support). The discipline consists of the following processes, explained in subsections below:
  • Service Level Management
  • Capacity Management
  • IT Service Continuity Management
  • Availability Management
  • Financial Management

Service Level Management

Service Level Management provides for continual identification, monitoring and review of the levels of IT services specified in the Service Level Agreements (SLAs). Service Level Management ensures that arrangements are in place with internal IT support providers and external suppliers in the form of Operational Level Agreements (OLAs) and Underpinning Contracts (UpCs). The process involves assessing the impact of change upon service quality and SLAs. The service level management process is in close relation with the operational processes to control their activities. The central role of Service Level Management leads to it being the natural place for metrics to be established and monitored against a benchmark.

Service Level Management is the primary interface with the Customer (as opposed to the User who is serviced by the Service Desk). Service Level Management is responsible for ensuring that the agreed IT services are delivered on when and where they are supposed to be and for liasing with Availability Management, Capacity Management, Incident Management and Problem Management to ensure that the required levels and quality of service are achieved within the resources agreed with Financial Management and appropriate IT Service Continuity plans have been made to support the business and its continuity requirements.

The Service Level Manager is reliant upon all the other areas of the Service Delivery process to provide the necessary support which ensures the agreed services are provided in a cost effective, secure and efficient manner.

Capacity Management
Capacity Management supports the optimum and cost effective provision of IT services by helping organizations match their IT resources to the business demands. The high level activities are: Application Sizing, Workload Management, Demand Management, Modeling, Capacity Planning, Resource Management, and Performance Management.

IT Service Continuity Management
IT Service Continuity Management helps to ensure the availability and rapid restoration of IT services in the event of a disaster. The high level activities are: Risk Analysis, Manage Contingency Plan Management, Contingency Plan Testing, and Risk Management.

Availability Management
Availability Management allows organizations to sustain the IT service availability in order to support the business at a justifiable cost. The high level activities are: Realize Availability Requirements, Compile Availability Plan, Monitor Availability, and Monitor Maintenance Obligations.

Financial Management for IT services
Financial Management for IT services is responsible for budgeting for IT services, accounting for expenditure and where required implementing charging for IT services. Financial Management also assesses the Total Cost Of Ownership and oversees activities in demonstrating value for money (VFM).

Planning To Implement Service Management

The ITIL discipline - Planning To Implement Service Management attempts to provide practitioners with a framework for the alignment of business needs and IT provision requirements. The processes and approaches incorporated within the guidelines suggest the development of a Continuous Service Improvement Programme (CSIP) as the basis for implementing other ITIL disciplines as projects within a controlled, programme of work. Planning To Implement Service Management is mainly focused on the Service Management processes, but also generically applicable to other ITIL disciplines.

An approach to implement or improve service management is the Continuous Service Improvement Programme (CSIP). This programme consists of the following steps regarding one single improvement:

Security Management

The ITIL-process Security Management describes the structured fitting of information security in the management organization. ITIL Security Management is based on the code of practice for information security management also known as ISO/IEC 17799.

A basic concept of the Security Management is the information security. The primary goal of information security is to guarantee safety of the information. Safety is to be protected against risks. Security is the means to be safe against risks. When protecting information it is the value of the information that has to be protected. These values are stipulated by the confidentiality, integrity and availability. Inferred aspects are privacy, anonymity and verifiability.

The current move towards ISO/IEC 27001 may require some revision to the ITIL Security Management best practices which are often claimed to be rich in content for physical security but weak in areas such as software/application security and logical security in the ICT infrastructure.

ICT Infrastructure Management

ICT Infrastructure Management processes recommend best practice for requirements analysis, planning, design, deployment and ongoing operations management and technical support of an ICT Infrastructure.

The Infrastructure Management processes describe those processes within ITIL that directly relate to the ICT equipment and software that is involved in providing ICT services to customers.

  • ICT Design and Planning
  • ICT Deployment
  • ICT Operations
  • ICT Technical Support

These disciplines are less well understood than those of Service Management and therefore often some of their content is believed to be covered 'by implication' in Service Management disciplines.

ICT Design and Planning
ICT Design and Planning provides a framework and approach for the Strategic and Technical Design and Planning of ICT infrastructures. It includes the necessary combination of Business (and overall IS) strategy, with technical design and architecture. ICT Design and Planning drives both the Procurement of new ICT solutions through the production of Statements of Requirement ("SOR") and Invitations to Tender ("ITT") and is responsible for the initiation and management of ICT Programmes for strategic business change. Key Outputs from Design and Planning are:
  • ICT Strategies, Policies and Plans
  • The ICT Overall Architecture & Management Architecture
  • Business Cases, Feasibility Studies, ITTs and SORs

ICT Deployment Management
ICT Deployment provides a framework for the successful management of design, build, test and roll-out (deploy) projects within an overall ICT programme. It includes many project management disciplines in common with Prince2, but has a broader focus to include the necessary integration of Release Management and both functional and non functional testing.

ICT Operations Management
ICT Operations Management provides the day-to-day technical supervision of the ICT infrastructure. Often confused with the role of Incident Management from Service Support, Operations is more technical and is concerned not solely with Incidents reported by users, but with Events generated by or recorded by the Infrastructure. ICT Operations may often work closely alongside Incident Management and the Service Desk, which are not-necessarily technical in order to provide an 'Operations Bridge'. Operations, however should primarily work from documented processes and procedures and should be concerned with a number of specific sub-processes, such as: Output Management, Job Scheduling, Backup and Restore, Network Monitoring/Management, System Monitoring/Management, Database Monitoring/Management Storage Monitoring/Management. Operations are responsible for:
  • A stable, secure ICT infrastructure
  • A current, up to date Operational Documentation Library ("ODL")
  • A log of all operational Events
  • Maintenance of operational monitoring and management tools.
  • Operational Scripts

ICT Technical Support
ICT Technical Support is the specialist technical function for infrastructure within ICT. Primarily as a support to other processes, both in Infrastructure Management and Service Management, Technical Support provides a number of specialist functions: Research and Evaluation, Market Intelligence (particularly for Design and Planning and Capacity Management), Proof of Concept and Pilot engineering, specialist technical expertise (particularly to Operations and Problem Management), creation of documentation (perhaps for the Operational Documentation Library or Known Error DataBase).

The Business Perspective

The Business Perspective is the name given to the collection of best practices that is suggested to address some of the issues often encountered in understanding and improving IT service provision, as a part of the entire business requirement for high IS quality management. These issues are:
  • Business Continuity Management describes the responsibilities and opportunities available to the business manager to improve what is, in most organizations one of the key contributing services to business efficiency and effectiveness.
  • Surviving Change. IT infrastructure changes can impact the manner in which business is conducted or the continuity of business operations. It is important that business managers take notice of these changes and ensure that steps are taken to safeguard the business from adverse side effects.
  • Transformation of business practice through radical change helps to control IT and to integrate it with the business.
  • Partnerships and outsourcing
This volume is related to the topics of IT Governance and IT Portfolio Management.

Application Management

ITIL Application Management set encompasses a set of best practices proposed to improve the overall quality of IT software development and support through the life-cycle of software development projects, with particular attention to gathering and defining requirements that meet business objectives. This volume is related to the topics of Software Engineering and IT Portfolio Management.

Software Asset Management

Small-Scale Implementation

ITIL Small-Scale Implementation provides an approach to the implementation of the ITIL framework for those with smaller IT units or departments. It is primarily an auxiliary work, covering many of the same best practice guidelines as Planning To Implement Service Management, Service Support and Service Delivery but provides additional guidance on the combination of roles and responsibilities and avoiding conflict between ITIL priorities.

See also

References

External links

Information technology management | Standards | Method engineering

IT Infrastructure Library | ITIL | ITIL | ITIL | Information Technology Infrastructure Library | ITIL | ITIL® | ITIL | ITIL | Knižnica infraštruktúry informačných technológií | ITIL | ITIL | ITIL

 

This article is licensed under the GNU Free Documentation License. It uses material from the "Information Technology Infrastructure Library".

Home Pageartsbusinesscomputersgameshealthhospitalshomekids & teensnewsphysiciansrecreationreferenceregionalscienceshoppingsocietysportsworld