Professional Documents
Culture Documents
White Paper: Baselining IT Service Management
White Paper: Baselining IT Service Management
HEAD OFFICE
Level 4,
60 Albert Road
South Melbourne VIC 3205
www.proactiveservices.com.au
WHITE PAPER
Baselining
IT Service Management
Alan White
ProActive Services
March 2006
Baselining ITSM
Table of Contents
Preface ........................................................................................ 3
Summary ..................................................................................... 5
Why Conduct A Baseline? .............................................................. 7
Potential Frameworks .................................................................... 8
CMM / CMMI / SPICE ................................................................. 8
CobiT........................................................................................ 9
OGC Maturity Matrices.............................................................. 10
ISO 20000 .............................................................................. 11
PMF........................................................................................ 13
Extended PMF ......................................................................... 15
Conducting a Baseline ................................................................. 17
Basic steps.............................................................................. 17
Business Perceptions................................................................ 18
Organisational Review.............................................................. 19
Cultural Assessment................................................................. 19
Conclusion.................................................................................. 20
ProActive Services
Page 1 of 20
Baselining ITSM
Preface
The purpose of this paper is to provide the reader with an
introduction to the concept of baselining the maturity of IT Service
Management processes.
ProActive Services
Page 3 of 20
Baselining ITSM
Summary
Baselining is an essential element of any Continuous Service
Improvement Program (CSIP). It identifies what works, as well as
what doesnt work. It gains consensus from all parties involved in the
CSIP and provides a means to measure progress. It should be
considered high risk to embark on a CSIP without first baselining the
processes.
ISO 20000 is an important framework for measuring organisational
capability and will become more prevalent in the next few years as
many organisations seek to achieve certification. However, it is not
designed to measure process maturity.
The ITIL Process Maturity Framework (PMF) is the emerging
framework for maturity baselining. It is complementary to ISO 20000
and the two frameworks can easily be used in parallel. Its major
drawback is that it is too generic in its current form.
ProActive extended the existing PMF to overcome this weakness and
to provide an approach which is truly consistent and repeatable.
ProActive Services
Page 5 of 20
Baselining ITSM
It is important to
to be retained, or can be
this possible? Well, there may be a few bits of processes here and
built on.
there which work and there are almost certainly some very capable IT
staff compensating for the lack of formal processes. This situation can
be successful in the short term but tends to lead to inconsistency of
results and is a major exposure if there is staff turnover.
Hence the importance of understanding what needs to be retained or
built on, as well as what needs to be captured and formalised,
BEFORE embarking on a process improvement initiative.
Getting internal agreement
A Continuous Service Improvement Program (CSIP) is a team effort,
almost certainly bringing together many people from many different
departments.
The initial reaction from many participants is defensive on the basis
that they genuinely believe they are doing a good job. In most cases
they are performing very well individually, but it is not easy to
separate the people and process aspects.
The other common reaction is territorially based Yes, but Change
Management works well in our team. Again, the lack of a big picture
view clouds critical issues such as the ability of the processes to work
across departmental boundaries.
ProActive Services
Page 7 of 20
Baselining ITSM
A baseline provides an
agreed starting point for
the CSIP.
well
conducted
baseline
ensures
common
and
agreed
performance metrics,
allow progress to be
measured.
Potential Frameworks
Now we have decided to conduct a baseline, the next major issue is
to pick a framework. Typical comments are:
Page 8 of 20
ProActive Services
Baselining ITSM
designed to measure
Application
Development, not IT
Service Management.
CobiT
Control Objectives for Information and Related Technology (CobiT) is
an IT governance, control framework and maturity model. It defines
34 significant processes and links 318 recommended detailed control
objectives to provide an internal control framework.
CobiT can be used by business or IT management, but its origins are
as an auditors tool. It was developed by the Information Systems
Audit and Control Association, and is published by the IT Governance
Institute (ITGI). See http://www.itgi.org for further details on CobiT.
CobiT is built on established frameworks such as CMM, ISO 9000 and
ITIL. However, CobiT does not include control guidelines or practices,
which are the next level of detail. It does not include process steps
and tasks.
Strengths and weaknesses
CobiT is a control
framework rather than a
process framework, and
is regularly used by
auditors.
ProActive Services
Page 9 of 20
Baselining ITSM
In conjunction with this model, the OGC developed two selfThe OGC maturity
showing what is
currently in place,
at http://www.itsmf.com/bestpractice/selfassessment.asp
Questionnaires are available for all of the processes within the scope
of IT Service Management i.e. those in the ITIL Service Support and
Service Delivery publications.
Strengths and weaknesses
The questionnaires are relatively simple to use, and can be carried out
as a self-assessment.
Page 10 of 20
ProActive Services
Baselining ITSM
ISO 20000
ISO 20000 is the international standard for IT Service Management.
The standard comprises two parts: ISO/IEC 20000-1 and ISO/IEC
20000-2.
ISO 20000 has been fast-tracked as an international standard based
on the original BS15000 standard.
ISO 20000-1 is the first part of the standard, and is the Specification
for Service Management. If an organisation meets all of the criteria
listed in ISO 20000-1 it will have achieved certification and can get
a plaque on the wall.
Certification against ISO 20000-1 is binary you either meet all of the
criteria or you do not meet all of the criteria.
A trend is already emerging whereby major service providers (such as
the larger outsourcers) are being asked to prove their ITSM
capabilities by achieving certification. This trend is expected to
increase significantly in the next few years.
A second major driver for ISO 20000-1 certification is legislation such
as Sarbanes Oxley (SOX) which requires organisations to prove that
appropriate governance processes are in place.
ISO 20000-2 is the second part of the standard, and is the Code of
Practice for Service Management. It describes best practices within
each of the process areas, building on the compliance criteria in ISO
20000-1.
ISO 20000 covers the 10 ITIL processes within IT Service
Management with some minor variations, as well as the processes
involved in managing internal customers, external suppliers and
information security. It also includes three categories focusing on
management capability and intent.
ProActive Services
Page 11 of 20
Baselining ITSM
Management responsibility
Documentation requirements
Competences, awareness & training
Management System
Control Processes
Configuration Management
Change Management
Release Processes
Resolution Processes
Release Management
Incident Management
Problem Management
Relationship Processes
Business Relationship Mgt
Supplier Management
Further details on ISO 20000 can be found on the ISO 20000 Central
website http://20000.fwtk.org/index.htm
Adoption of ISO
20000 will become
widespread, but it is
not an appropriate
framework for
measuring process
maturity.
Page 12 of 20
ProActive Services
Baselining ITSM
PMF
The Process Maturity Framework (PMF) comes from the ITIL book
Best Practice for Planning to Implement IT Service Management which
was published by the OGC in 2002.
When instigating a service improvement program, the IT department
must be aware of the maturity or growth stages of IT organisations as
a whole, and where they currently stand in relationship to their own
2
Repeatable
1
Initial
on a five-tier
model.
ProActive Services
Page 13 of 20
Baselining ITSM
PMF measures
and weaknesses of an
and has become proactive. It also integrates with all other ITSM
individual process.
processes.
Page 14 of 20
ProActive Services
d
g
i
s
w
Baselining ITSM
support
could
be
weak
and
the
process
poorly
Good documentation
The major
weakness with
PMF is that the
criteria for
measuring
maturity is generic
and is open to
interpretation.
However, what does this mean for Change Management? At this level
of maturity, would you expect to be carrying out risk assessments;
conducting Change Advisory Boards; ensuring business participation;
requiring backout plans for changes; conducting reviews following
successful as well as failed changes?
If organisations at equivalent levels of maturity are evaluated by two
equally experienced ITIL professionals the results could vary
significantly. Much is left open to interpretation.
Extended PMF
On the basis that PMF offered the best available building blocks,
ProActive Services has extended the PMF matrices significantly into
been developed by
The first major task was to extend the descriptions of all 10 ITSM
ProActive to
processes, across all five dimensions for all five maturity levels. We
brought together the combined (and extensive) experience of all of
our consultants. The concept was to write down what we would
overcome the
weakness in the
OGC version.
The assessment
criteria for all five
dimensions of all
processes has been
extended with process
specific details.
ProActive Services
Page 15 of 20
Baselining ITSM
The next task was to add the other three processes covered by ISO
20000,
namely
Business
Relationship
Management,
Supplier
5
4
Interfaces
Process
3
2
Management example
Technology
Culture
Overall Maturity
By Sub-area
People
Process Maturity
Security
Supplier
Business Relationship
Financial
IT Service Continuity
Capacity
Availability
Service Level
Release
Configuration
Change
Problem
Incident
1.00
Page 16 of 20
1.50
2.00
2.50
3.00
3.50
4.00
4.50
5.00
ProActive Services
Baselining ITSM
Extended PMF
provides a consistent
and repeatable
easily be used in
20000 compliance
assessment.
Conducting a Baseline
So, youve decided to conduct a baseline, youve selected your
preferred approach and youre ready to start. This section looks at the
process involved in conducting a baseline and discusses some
additional elements considered integral to the success (or failure) of
baselining.
Basic steps
Kickoff presentation: A typical baseline involves interviewing a
reasonable number of people to gain a sound understanding of how
each process is carried out. Most people want to understand whats
going to happen in the interviews. Some may even want to
understand whats going to happen after the interviews (e.g. does this
mean I can lose my job?).
An initial kickoff
can save time and
confusion, and can
flush out any
major concerns.
Interviews should
ProActive Services
bring together a
good cross section
of people to
process is carried
out today.
Page 17 of 20
Baselining ITSM
Business Perceptions
If all of the key customer-facing processes are at a very high level of
maturity, the likelihood is that IT and the business will be aligned.
There will be complete agreement on the quality of services delivered,
and IT will have a thorough understanding of the business needs.
Business
perceptions of
service quality are
important,
especially where
there are some
disconnects
between IT and
the business.
Page 18 of 20
ProActive Services
Baselining ITSM
Organisational Review
This involves a summary appraisal of the IT organisational structure to
assess its alignment with the objectives of the CSIP and cost effective
end-to-end services delivery. It is conducted as a series of one on
one interviews and/or focus group meetings, with the CIO and key
direct reports and where necessary, key business managers.
The Organisational review will identify possible structural issues that
could predicate against the cost effective delivery of end-to-end IT
services. The commonly used IT organisation structure, based on
technology silos, tends to inhibit the effective delivery of end-to-end
services.
An organisational
review can identify
structural issues
such as technology
silos.
Cultural Assessment
Another area which has been widely misunderstood is the cultural
aspect of the CSIP, in particular the readiness of the organisation to
embrace change. It is not uncommon for significant cultural issues to
become apparent during the staff interviews, especially where these
interviews are being conducted by an external consultant.
Besides people being the key to the success of a CSIP they can also
be the biggest barrier! It is important that there is some measure of
how customer focused your organisation is and how open they are to
change. These issues pose a risk to the CSIP if not managed
adequately.
ProActive Services
Cultural issues
need to be
understood as
these can be major
inhibitors to
change.
Page 19 of 20
Baselining ITSM
Conclusion
Baselining is an essential element of any Continuous Service
Improvement Program (CSIP). It identifies what works as well as what
doesnt work. It gains consensus from all parties involved in the CSIP
and provides a means to measure progress. It should be considered
high risk to embark on a CSIP without first baselining processes.
Baselining should
be an essential
element of any
CSIP.
ISO 20000-1
measures
compliance and
PMF measures
maturity they
easily work in
parallel.
ProActive has adopted ISO 20000-1 and the extended PMF. These
have differing objectives but can easily work in parallel. ISO 20000-1
is used to determine if an organisation complies with the standard i.e.
if it can be certified. PMF is used to determine process maturity. A
process currently at a maturity level of 1 looking to satisfy the
certification criteria may need to jump as much as 2 to 3 levels on the
PMF scale, which requires careful planning and implementation.
Although it is not a precise measurement, a fully ISO 20000-1
compliant process will generally be around a maturity level of 3 to 4 on
the PMF scale. This varies by process.
The basic steps involved in baselining are: kickoff, interviews, data
gathering, analysis and reporting. A kickoff presentation is essential to
ensure all participants understand whats going to happen and to
ensure the context for the baseline is understood.
Business Perceptions are important. If the baseline and subsequent
CSIP is too inwardly focused, it is possible to build some excellent
processes which do not align with the business. The focus here is to
gain a perspective from the business on service quality.
An Organisational Review and Cultural Assessment may also be
relevant. They can identify potential barriers to planned CSIPs e.g.
there may be strong technology silos or there may be a history of
management rewarding hero cultures.
Page 20 of 20
ProActive Services