Professional Documents
Culture Documents
discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/220985390
CITATIONS READS
28 1,466
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Miguel Mira da Silva on 21 May 2014.
Abstract—Information Technology Infra-structure Library general and, as a result, not well defined and documented
(ITIL) is the most popular “best practices” framework for [11]. The Process Maturity Framework (PMF) [12] is the
managing Information Technology (IT) services. However, only maturity model specifically designed for ITIL but, in a
implementing ITIL not only is very difficult but there also are few pages, cannot provide enough information to help an
no best practices for implementing ITIL. As a result, ITIL
ITIL implementation.
implementations are usually long, expensive, and risky. In this
paper, we propose a maturity model to assess an ITIL The maturity model I propose is more descriptive,
implementation and provide a roadmap for improvement detailed, and useful because it was designed specifically for
based on priorities, dependencies, and guidelines. We then ITIL and contains comprehensive questionnaires for each
demonstrate a practical application of the proposed model with ITIL process. This model can be used to help an ITIL
a questionnaire to assess the ITIL Incident Management implementation step-by-step by assessing the maturity of
process that was evaluated in two real-world organizations. the existing processes and suggesting what to improve or
implement next.
Keywords- ITIL; implementation; maturity model
II. PROBLEM
I. INTRODUCTION
Every year, more organizations desire to implement
IT Service Management (ITSM) is the discipline that ITIL. However a significant number of them fail and some
strives to better the alignment of IT efforts to business needs
organizations collapse trying it [7,8]. Some of the most
and to manage the efficient provision of IT services with
common mistakes made by organizations when
guaranteed quality [1]. Although there are many other implementing ITIL are [8]:
frameworks, the Information Technology Infrastructure
• Lack of management commitment
Library (ITIL) has become the most popular for
• Spend too much time on complicated process
implementing ITSM [1,2] and, as a result, the framework of
diagrams
choice in the majority of organizations [3]. With ITIL,
organizations aspire to deliver services more efficiently and • Not creating work instructions
effectively, with more quality and less cost [2,3,4]. • Not assigning process owners
Furthermore, preliminary results have shown that ITIL • Concentrating too much on performance
works in practice [4]. • Being too ambitious
ITIL was launched by the Central Computer and • Failing to maintain momentum
Telecommunications Agency (now OGC) in the UK with • Allowing departmental demarcation
the aim of providing technology-related services in a cost- • Ignoring constant reviewing of the ITIL
efficient and reliable manner, by offering a systematic • Memorizing self ITIL books
approach to the delivery of quality IT services [5]. ITIL Certainly, many other reasons cause ITIL
presents a comprehensive set of guidelines for defining, implementations to fail. In particular, reasons that cause
designing, implementing, and maintaining management information system projects in general to fail – such as
processes for IT services from an organizational (people) as organizational resistance to change, unproven business
well as from a technical (systems) perspective [6]. value, strong organizational culture, and so on – also are to
Many organizations that decide to implement ITIL fail blame, as ITIL implementations usually are based on
completely. Many others keep implementing ITIL long after complex IT platforms. But these other reasons can be dealt
the planned deadline. Empirical evidence shows that with by general techniques for implementing projects in
several organizations underestimate the time, effort, and general.
risks – not to mention the cost – of implementing ITIL. The The main problem for implementing ITIL resides in the
problem is that implementing ITIL is not easy [7]. fact that ITIL dictates to organizations “what they should
Maturity models in IT management have been proposed do” but is not clear about “how they should do it.” Based on
since at least 1973 [9]. More than one hundred different a large number of tightly integrated processes, the steps for
maturity models have been proposed [10] but most are too ITIL implementation aren’t clear [3]. Faced with so many
processes, the majority of organizations have no idea which The scope of Service Design is not limited to new
process to implement first and/or how far they should go services. It includes the changes and improvements
with that first process. Then the problem is repeated for the necessary to increase or maintain value to customers over
second process, and so on, until they get lost and start the life cycle of services, the continuity of services,
looking for help. But since each ITIL implementation is achievement of service levels, and conformance to standards
unique, there are no “silver bullets” to solve this problem. and regulations. It guides organizations on how to develop
ITIL implementation is too expensive and CEOs think design capabilities for service management [23].
twice before going forward with the implementation.
Combine that with unrecoverable money losses in many C. Service Transition
known ITIL implementation failures and this certainly Service Transition provides guidance for the
becomes a problem. development and improvement of capabilities to transition
new and changed services into operations. It provides
III. ITIL guidance on how the requirements of Service Strategies
ITIL (Information Technology Infrastructure Library) is encoded in Service Design are realized effectively in
a standard that was introduced and distributed by the Office Service Operation while controlling the risks of failure and
of Government Commerce (OGC) in the UK and includes disruption. It provides guidance on managing the
all IT parts of organizations. At present, ITIL is the most complexity related to changes in services and service
widely accepted approach to IT Service Management in the management processes, preventing undesired consequences
world. It has an iterative, multidimensional and lifecycle while allowing for innovation [24].
form structure [3]. ITIL has an integrated approach as
D. Service Operation
required by the ISO/IEC 20000 standard, with the following
components that we can see in Fig. 1: Service Operation provides guidance on achieving
effectiveness and efficiency in the delivery and support of
services so as to ensure value for the customer and the
service provider.
Guidance is provided on ways to maintain stability in
Service Operations, allowing for changes in design, scale,
scope, and service levels. Managers and practitioners are
provided with knowledge that allows them to make better
decisions in areas such as managing the availability of
services, controlling demand, optimizing capacity
utilization, scheduling operations, and fixing problems.
Guidance is provided on supporting operations through
new models and architectures such as shared services, utility
computing, Web services, and mobile commerce [25].
E. Continual Inprovement
This provides instrumental guidance in creating and
Figure 1. ITIL v3
maintaining value for customers through better design,
A. Service Strategy introduction, and operation of services. It combines
principles, practices, and methods from Quality
Service Strategy provides guidance on how to design,
Management, Change Management, and Capability
develop, and implement service management not only as an
Improvement.
organizational capability but also as a strategic asset. Topics
Organizations learn to realize incremental and large-
covered in Service Strategy include the development of
scale improvements in service quality, operational
markets, internal and external, service assets, Service
efficiency, and business continuity.
Catalogue, and implementation of strategy through the
Guidance is provided to link improvement efforts and
Service Lifecycle.
outcomes with service strategy, design, and transition [26].
Financial Management, Service Portfolio Management,
Organizational Development, and Strategic Risks are among IV. RELATED WORK
other major topics [22].
There are many maturity models, like CMM, CMMI for
B. Service Design services, PMF, Trillium, Bootstrap, ITSCMM, etc. These
Service Design provides guidance for the design and models differ from each other in terms of their factors and
development of services and service management processes. characteristics. In this paper, we will compare different
It covers design principles and methods to convert strategic maturity models in order to select the most suitable to base
objectives into portfolios of services and service assets. our maturity model. Basically, we need three steps: the first
step is to select some models for comparison; the second The main focus of the model is on the maturity of the
step is to find the variables for comparing the models; and service provided by the organization. The model does not
the third step is to select the most suitable model(s) from the measure the maturity of individual services, projects, or
comparison. organizational units [18].
Table 1 shows the comparison of the chosen models by CMMI-SVC integrates bodies of knowledge that are
the selected variables. essential for a service provider. It was designed to improve
mature service practices and contribute to the performance,
A. Models compared
customer satisfaction, and profitability of the economic
We will compare the models Trillium, Bootstrap, community [19]. It has been proven that the adoption of
Capability Maturity Model (CMM), Process Maturity CMMI by companies brings good results with regard to
Model (PMF), IT Service Capability Maturity Model delivery time and the reduction of defects and costs [20].
(ITSCMM) and Capability Maturity Model Integration for
Services (CMMI SVC). B. Adopted variables
Trillium is a model that covers all aspects of software The adopted variables were:
development life cycle and was designed to be applied to 1. Success: know if the model was implemented and
embedded systems like telecommunications [13]. used successfully before and try to count how many
The fundamental practices are at the lower levels, times.
whereas more advanced ones are at the higher levels. In 2. Number of maturity levels: know how many levels of
order to increase the effectiveness of higher level practices, maturity they assume and what their descriptions are.
it is recommended that the lower level practices be 3. Stage Model/Continuous Model: understand what
implemented and sustained [14]. kind of model approach is used by each model.
Bootstrap, based on the CMM and developed by the 4. Details: the detail level of each model, given the
Software Engineering Institute (SEI), was extended over goals, practices, and factors addressed.
time and adopted to include guidelines in the ISO 9000; it 5. Scope: know the area where each model is
began with five levels and now has six [15]. Software applicable.
Process Improvement programs are implemented in many 6. Base for: understand if the model was base for other
organizations. A frequently used and successful models.
methodology for improving the software process is the These certainly are important variables to consider in
Bootstrap methodology [16]. comparing the models. To measure these variables, we
Process Maturity Framework (PMF) is described in the study documentation about the models.
ITIL book. It can be used either as a framework to assess As result of Table 1, we conclude that the most suitable
the maturity of the ten Service Management processes models to base our model are ITSCMM and CMMI-SVC.
individually, or to measure the maturity of the overall The reasons for our choice are:
Service Management process as a whole [17]. 1. Both focus on service
However, PMF is described only in ITIL v2 books and 2. ITSCMM are very well detailed
not on ITIL v3 books, which creates some doubts about its 3. CMMI-SVC have Stage Model and Continuous
usefulness and success. Model
The IT Service CMM is a capability maturity model that
specifies different maturity levels for organizations that V. PROPOSAL
provide IT services. A. Methodology
To design our maturity model for ITIL, we will study the
TABLE I. COMPARISON BETWEEN MATURITY MODELS chosen models ITSCMM and CMMI-SVC. In order to give
organizations more flexibility in ITIL assessment, we will
design our model with Stage Model and Continuous Model
Change
Continual
Data Creates / Problem Can
Service
Management generates
Improvement update
KEDB Change
Data
input
Capacity input
Capacity
helps plan input
Management Can
input
input generate Change input input
PBA Data results
For each
SLP
in
creates
Continuity generates
plan input
ITSCM
input tests
policy
Demand Creates / SDP SAC
Management update
Creates / BIA y/n
Creates / update CMIS
update update input
update y input
influences update
y/n input input creates
input input
input input
Service Service
use creates Change Transition input
Portfolio Continuity Release &
proposal Change Plan &
Management Management in Deployment
Creates / AMIS Management Support
Creates / Management Transition Service
input update Capacity Creates update creates Plan Validation &
plan
input Creates / input Test
influences creates
Availability update input
IT Financial input PSO creates
Management Management creates
Creates / input
input support update
input input
creates CMDB release
input SC
input support plan deployment
recorded plan
input VCD help input
creates
creates use
CI CAB Strategy
RFC Generation creates strategy
SKMS ECAB
in
Access Change
in Management Data Aplication
support Can
in Management
influences input input generate
input
Can
Is part Service generate
Catalogue in Manage Is part
of CMS SQP access of
Service
Portfolio update SIP input
input
update Change Tecnical
input input Data Event Management input
input creates Change Service Assets & Management
update creates Data Configuration
Request
Can Management Can
Fullfilment
input evoke generate
Incident Can
Management evoke
Service Level Is part
Creates / Monitoring and
Service Change Management helps Supplier of
Catalog Management update Service Desk Is part control
Data
Management of
Operation
creates Change IT Operation Is part
creates Creates / Management Is part
influences creates Data DML of
involve update of
Can
involve
generate
SLA
Client SCD
SLR BU OLA
input
input
research cycles). The questionnaire is the most complete practices have been implemented in all levels. This means
possible and we differentiate three kinds of question: that they don’t have all the key questions of each level
1. Key question: All these questions are essential for implemented; some basic activities are not implemented and
the correct implementation of each specific level of in some case they probably will face problems that, as we
the process, and all must be implemented to reach the saw before, could be serious to the organization’s future.
level. Basically, they’re related with roles, At the end of each questionnaire, some questions were
responsibilities, activities, documents, audits, asked in order to understand the quality and completeness of
reviews, etc. the questionnaire and the vision that each organization has
2. Non-key question: Not all of these questions need to of its own ITIL implementation. Table 4 shows the results
be implemented, just 75 percent of them. Basically, of these questions. The used variables were:
they’re related with sub-practices; they are not the 1. Simple: If the person responsible for the
main focus. process understood all the questions.
3. Dependent key question: These questions are 2. Complete: If the questionnaire had all the
related to dependencies between processes. If the activities and practices implemented by the
process that is being assessed depends in some way organization.
on other ITIL processes and the organization has 3. Copy: If the organization wants a copy of the
those processes implemented, too, then the question questionnaire with the results.
must be implemented; otherwise, it shouldn’t be. 4. State: What is the idea of the person responsible
Table 3 shows the results of the assessment of Incident for the process about the percentage of
Management process in two Portuguese organizations. As implementation until now?
we see, both have the process at level 1although several
TABLE III. INCIDENT MANAGEMENT ASSESSMENTS
Organization 1 Organization 2
Level Questions Nº Processes needed Not Not
Implemented Approved Implemented Approved
Implemented Implemented
Key 39 n/a 35 4 NO 33 6 NO
Non-Key 36 n/a 22 14 NO (61%) 25 11 NO (69%)
Level CM 0 1 YES 1 0 YES
Depend Key 2
2 SLM 0 1 YES 1 0 YES
CM
TOTAL 77 57 20 NO 60 17 NO
SLM
Key 27 n/a 15 12 NO 14 13 NO
Non-Key 18 n/a 0 18 NO (0%) 5 13 NO (28%)
Level CHM 0 2 YES 1 1 NO
Depend Key 3
3 PM 0 1 YES 0 1 YES
CHM
TOTAL 48 15 33 NO 20 28 NO
PM
Key 10 n/a 7 3 NO 6 4 NO
Level Non-Key 15 n/a 12 3 YES (80%) 8 7 YES (80%)
4 Depend Key 0 n/a 0 0 YES 0 0 YES
TOTAL 25 n/a 19 6 NO 14 11 NO
Key 5 n/a 4 1 NO 3 2 NO
YES YES
Level Non-Key 0 n/a 0 0 0 0
(100%) (100%)
5
Depend Key 1 CSI 0 1 YES 1 0 YES
TOTAL 6 CSI 4 2 NO 4 2 NO
5. Model State: What is the state of the have idea of the state of their ITIL implementation they skip
implementation based on the results of the important goals.
questionnaire?
This information is important to understand if our VIII. DISCUSSION
questionnaire is adequate, for the organizations about their Although quite useful, the model is not perfect and this
own implementation, and for our future works. section will identify the pros and cons of the model.
The identified pros of the model are:
TABLE IV. RESUME OF THE FINAL QUESTIONS 1. Extremely needed in worldwide reality of ITIL
implementation
2. Very detailed
Simple Complete Copy State Model 3. Can be used to assess and to guide the
state
implementation
Organization Yes Yes Yes 90% 60%
1 4. The stage model follows an incremental path in order
Organization Yes Yes Yes 60% 63% to reduce the initial effort
2 5. Enables organization to know “where” they are and
what they need
The organizations have different perspectives of their 6. Organizations that follow this model avoid the most
own ITIL implementation state. While organization 1 might common mistakes of ITIL implementation.
be at 60 percent of implementation and our maturity model 7. Apparently the questions are easily understood
confirms it, organization 1 might believe it is at 90 percent 8. Apparently the questionnaire is complete
of the ITIL implementation and our maturity model shows it 9. The organizations want a copy of the questionnaire,
is at 60 percent. This is which shows that they believe it is useful
Although both are at 60 percent of the ITIL
implementation, they both are at level 1. This meets our The identified cons of the model are:
initial point: organization fail because they miss critical 1. Only Incident Management questionnaire is
practices or activities of the implementation. These completed.
organizations remain at level 1 because they skip important 2. The sequence of implementation processes by stage
steps on ITIL implementation that could be crucial in the model might not be the most appropriate for all kinds
future. of businesses.
The assessment of organization 2 is interesting, although
know how they implement percentage is, they skip
important goals too. Organization 1 is the worse, they don’t
About the percentage of non-key questions that need to [6] Graupner, S., Basu, S., Singhal, S, “Collaboration environment for
ITIL,” in: Integrated Network Management-Workshops, 2009. IM
be implemented (75 percent), we don’t have any empirical
'09, pp. 44 – 47. IEEE Press (2009)
validation. However the idea isn’t new and the value isn’t [7] Nicewicz-Modrzewska, D., Stolarski, P, “ITIL implementation
arbitrary. Trillium defines a minimum percentage to reach roadmap based on process governance,” in: EUNIS 2008. Adam
the next level, too (90 percent), but Trillium doesn’t have Mickiewicz University Computer Centre (2008)
[8] Sharifi, M., Ayat, M., Rahman, A.A., Sahibudin, S, “Lessons learned
distinct questions (key, non-key, dependent key). Therefore
in ITIL implementation failure,” in: Information Technology, 2008.
90 percent was a high value for those who must implement ITSim 2008, pp. 1 – 4. IEEE (2008)
all key questions, and then we believe that three-quarters of [9] Rocha, A., Vasconcelos, J, “Maturity models for information
non-key questions is acceptable. systems management. (Os modelos de maturidade na gestão de
sistemas de informação, in Portuguese),” in: Journal of the Faculty
The advantages of the proposal are evident. The present
of Sciences and Technology at University Fernando Pessoa, Nº 1,
reality of ITIL implementation in the world makes this pp. 93-107 (2004)
proposal extremely useful. [10] Bruin, T., Rosemann, M., Freeze, R., KulKarni, U, “Understanding
the main phases of developing a maturity assessment model,” in:
IX. CONCLUSION 16th Australian Conference on Information Systems (ACIS), Sydney
(2005)
It’s clear that ITIL implementation is not easy, as seen [11] Becker, J., Knackstedt, R., Pöppelbuß, J, “Developing maturity
by the fact that several organizations fail in efforts to do so; models for IT management – A procedure model and its
they clearly lack something that helps them do it. application,” in: Journal Business & Information Systems
Engineering (BISE), Volume 1, Number 3. B&ISE (2009)
We propose a maturity model to help organizations [12] Paulk, C.P.,Weber, V.C., Curtis, B., Chrissis, B.M.: The Capability
assess the actual maturity of ITIL and implement what they Maturity Model: Guidelines for Improving the Software Process.
are missing. Addison-Wesley (1994)
Basing our model in ITSCMM and CMMI-SVC gave us [13] 13. Trillium: Model for Telecom Product Development and Support
Process Capability, Release 3.2, Technical Report, Bell, Montreal
a solid base to design our complete and detailed maturity (1996)
model. [14] 14. Krishnan, M.S., Mukhopadhyay, T., Zubrow, D.: Software
With the evaluation of Portuguese organizations, we Process Models and Project Performance. Information Systems
show that in most cases, at least on these, ITIL Frontiers. 1:3,267 – 277 (1999)
[15] 15. Kuvaja, P.: BOOTSTRAP: A Software Process Assessment and
implementation is not at the level that organizations believe; Improvement Methodology. In: Lecture Notes in Computer Science.
rather, sometimes they miss important goals necessary to the LNCS, Volume 926/1995, 31-48. Springer Berlin / Heidelberg
success of ITIL in the organization. (2006)
With the assessment on these organizations we saw that [16] 16. Robben, D., Nederland, B.V.S.: TPI, BOOTSTRAP and
Testing. (2006)
they implement ITIL as they want and not by a right set of [17] 17. Lloyd, V.: Planning to Implement Service Management (ITIL).
steps, and that’s what our model purpose. OGC (2002)
We finally conclude that the assessments made [18] 18. Niessink, F., Van Vliet, H.: The Vrije Universiteit IT Service
emphasize the need of our model purpose in the Capability Maturity Model. Faculty of Sciences, Division of
Mathematics and Computer Science Vrije Universiteit Amsterdam
implementation of ITIL in the worldwide organizations. (2005)
As part of our future research work, we will make more [19] 19. C. Forrester, E., L. Buteau, B., Shrum, S.: CMMI for Services,
assessments, in more organizations, of the processes that we Version 1.2. Technical Report, Software Engineering Institute
already have the questionnaires, and design the (2009)
[20] Pinheiro dos Santos, R., Marçal de Oliveira, K., Pereira da Silva, W.:
questionnaire for the other processes in order to complete Evaluating the Service Quality of Software Providers Appraised in
our model. CMM/CMMI. Software Quality Journal, 283-301, Springer
Netherlands (2008)
REFERENCES [21] Baskerville, Richard L.: Investigating Information Systems with
[1] Brenner, M, “Classifying ITIL processes: A taxonomy under tool Action Research (1999)
support aspects,” in: The First IEEE/IFIP International Workshop, [22] Sharon Taylor, M.Iqbal, M.Nieves, ITIL:Service Strategy,TSO
pp. 19 – 28. IEEE Press (2006) publications.Norwith,UK,2007
[2] Hochstein, A., Zarnekow, R., Brenner, W, “ITIL as common [23] Sharon Taylor, V. Lioyd,C.Rudd, ITIL:Service Design,TSO
practice reference model for IT service management: Formal publications.Norwith,UK,2007
assessment and implications for practice,” in: e-Technology, e- [24] Sharon Taylor,S. Lacy,I.Macfarlane, ITIL:Service Transition,TSO
Commerce and e-Service, 2005. EEE '05. Proceedings of the 2005 publications.Norwith,UK,2007
IEEE International Conference, pp. 704 – 710. IEEE Press (2005) [25] Sharon Taylor, D. Cannon,D.Wheeldon, ITIL:Service Operation
[3] Ayat, M., Sharifi, M., Sahibudin, S., Ibrahim, S, “Adoption factors ,TSO publications. Norwith,UK,2007
and implementation steps of ITSM in the target,” in: Modelling & [26] Sharon Taylor, G.Case,G.Spalding, ITIL:Continual Service
Simulation, 2009. AMS '09. Third Asia International Conference, Improvement,TSO publications.Norwith,UK,2007
pp. 369 – 374. IEEE Press (2009)
[4] Kashanchi, R., Toland, J, “Can ITIL contribute to IT/business
alignment? An initial investigation,” WIRTSCHAFTS
INFORMATIK. 340-348 (2006)
[5] ITIL Lifecycle Publication Suiite. Ofice of Government Commerce
(OGC). 2008