This action might not be possible to undo. Are you sure you want to continue?
Orientador: Miguel Mira da Silva MEIC Alameda, Intsituto Superior Técnico, Lisboa, Portugal email@example.com
Abstract. Information Technology Infra-structure Library (ITIL) is the most popular “best practices” framework for managing Information Technology (IT) services. However, implementing ITIL is not only very difficult but also there are no best practices for implementing ITIL. As a result, ITIL implementations are usually long, expensive, and risky. In this paper I propose a maturity model to assess an ITIL implementation and provide a roadmap for improvement based on priorities, dependencies and guidelines. I then demonstrate a practical application of the proposed model with a questionnaire to assess the ITIL Incident Management process that was evaluated in a real-world organization. Keywords: ITIL, implementation, maturity model.
IT Service Management (ITSM) is the discipline that strives to better the alignment of IT efforts to business needs and to manage the efficient providing of IT services with guaranteed quality . Although there are many other frameworks, the Information Technology Infrastructure Library (ITIL) has become the most popular for implementing ITSM [1,2] and, as a result, the framework of choice in the majority of organizations . With ITIL, organizations aspire to deliver services more efficiently and effectively, with more quality and less costs [2,3,4]. Furthermore, preliminary results have shown that ITIL works in practice . ITIL was launched by the Central Computer and Telecommunications Agency (now OGC) in the UK with the aim of providing technology-related services in a costefficient and reliable manner, by offering a systematic approach to the delivery of quality IT services . ITIL presents a comprehensive set of guidelines for defining, designing, implementing and maintaining management processes for IT services from an organizational (people) as well as from a technical (systems) perspective . Many organizations that decide to implement ITIL completely fail. Many others keep implementing ITIL long after the planned deadline. Empirical evidence shows that most organizations underestimate the time, effort, and risks – not to mention the cost – of implementing ITIL. The problem is that implementing ITIL is not easy . Maturity models in IT management have been proposed at least since 1973 . More than one hundred different maturity models have now been proposed  but most are too general and, as a result, not well defined and documented . The
Process Maturity Framework (PMF)  is the only maturity model specifically designed for ITIL but, in a few pages, cannot provide enough information to help an ITIL implementation. The maturity model I propose is more descriptive, detailed, and useful because it was designed specifically for ITIL and contains comprehensive questionnaires for each ITIL process. This model can be used to help an ITIL implementation step-bystep by assessing the maturity of the existing processes and suggesting what to improve or implement next. This paper is organized as follows. First, I describe the main maturity models and explain why they cannot solve the problem. Then, I describe the proposed Maturity Model for ITIL based on the requirements defined by Becker et al . The model contains a Stage Model for ITIL as a whole and a Continuous Model for each ITIL process based on questionnaires, including an example for the Incident Management process. Finally, I describe an evaluation performed in a real-world organization and conclude the paper with my planned future work. ITIL tell us what we should do but is not clear about how we should do it and this is the main reason several organizations keep failing ITIL implementation. What process should they implement first, should they full implement or just partial, how well is ITIL implemented in the organization, how well is it being implemented, is the organization following the right steps, these and other questions must be clarified. Organizations don’t have any tools to help them in ITIL implementation, assuring that the implementation is performed correctly or allow them to assess what already have been implemented, providing them a way to correct what is wrong and implement what is missing. To resolve the problem, I designed a maturity model for ITIL, based on other successful maturity models that already exist. I designed a Staged Model, a Continuous Model and a questionnaire for all ITIL processes (in this paper, only for “Incident Management” process). With this any organization with ITIL should be able to assess it and correct faults. It also should guide organizations in ITIL implementation.
ITIL is a methodology to improve delivery service efficiently and effectively, with high quality, based on the best practices of service. Every year more organizations desire implementing ITIL. However a considerable percentage of them fail and some organizations collapse trying it [7, 8]. Some of the most common mistakes made by organizations when implementing ITIL are : • • • Lack of management commitment Spend too much time on complicated process diagrams Not creating work instructions
• • • • • • •
Not assigning process owners Concentrating too much on performance Being too ambitious Failing to maintain momentum Allowing departmental demarcation Ignoring constant reviewing of the ITIL Memorizing self ITIL books
Certainly, many other reasons cause ITIL implementations to fail. In particular, reasons that cause information system projects in general to fail – such as organizational resistance to change, unproven business value, strong organizational culture, and so on – are also to blame, as ITIL implementations are usually based on complex IT platforms. But these other reasons can be dealt with general techniques for implementing projects in general. The main problem for implementing ITIL resides in the fact that ITIL dictates organizations “what they should do” but is not clear in “how they should do it” based on a large number of tightly integrated processes. Faced with so many processes, the majority of organizations have no idea which process to implement first and/or how far they should go with that first process. Then the problem is repeated for the second process, and so on, until they get lost and start looking for help. But since each ITIL implementation is unique there are no “silver bullets” to solve this problem. ITIL implementation is too expensive and CEOs think twice before go forward with the implementation. Combine that with unrecoverable money losses in many known ITIL implementation failures and this, certainly, becomes a problem. The key is making the ITIL implementation easier, understandable and secure.
3 Related Work
After studying the ITIL and understanding all the processes, goals and dependencies I realized the extensive relations between ITIL processes. Therefore, it was important to develop a processes dependencies map [Appendix 1.5]. It doesn’t have all the possible communications between them, only the most important ones, otherwise it was impossible to represent it graphically or to understand it. With a map of dependencies it was possible to have a perception of the priority of each process and then understand which processes need to be implemented together. With this, it was possible to proceed to the study of the existing maturity models. As mentioned earlier, there are many maturity models but few have succeeded. In this thesis, I will mainly focus in maturity models related with IT Service Management. The development of a new maturity model must be substantiated by a comparison with existing ones. But with so many models it’s important to choose the right ones, therefore I selected those that I consider to be, currently, the most important and interesting models.
Page 3 of 32
The planning and management of new projects is based on experiences with similar projects. Level 3: Defined. and these processes are integrated as a whole. including both software-engineering and management processes. The organization has the means to identify weaknesses and strengthen the process proactively. at this level capability is a characteristic of individuals. an organization typically does not provide a stable environment for developing and maintaining software. 3. It’s called ah-doc or chaotic.1 CMM The CMM (Capability Maturity Model) was developed by the Software Engineering Institute (SEI) of Carnegie Mellon University and specifies five maturity levels to assess an organization’s process capability by measuring the degree to which processes are defined and managed: • Level 1: Initial.2 Trillium Trillium is a model that covers all aspects of software development life cycle and was designed to be applied to embedded systems like telecommunications . In each key process area several goals are defined to represent the desired outcomes of the process. Level 5: Optimizing. The entire organization is focused on continuous process improvement. practices are provided in order to lead to the transition of an organization’s process to the next higher maturity level. These measurements establish the quantitative foundation for evaluating a project’s processes and products.3. This maturity model doesn’t solve this thesis problem because it was designed to guide and assess software development projects and not service delivery or ITIL projects. Level 2: Repeatable. At this level organizations can be summarized as standard and consistent because both software-engineering and management activities are stable and repeatable. An organization sets quantitative quality goals for both products and processes and uses processes with well-defined and consistent measurements. with the goal of preventing defects. Each maturity level consists in some key process areas that are classified in goals and common features. Level 4: Managed. not organizations. • • • • The CMM presents sets of recommended practices in a number of key process areas that have been shown to enhance software-development and maintenance capability . A typical process for developing and maintaining software across the organization is documented. Policies for managing a software project and procedures to implement those policies are established. Organizations analyze defects and determine their causes. It was based on: . At the initial level. To fulfill the goals.
in turn. Table 1. as shown in Table 1. whereas more advanced ones are at the higher levels. In order to increase effectiveness of higher level practices.1 ISO 9001 ISO 9000-3 It’s composed by 8 capability areas. each roadmap has associated practices.• • • CMM version 1. each one having one or more associated road maps and. Capability Areas Organizational Process Quality Human Resource Development and Management Process Road maps Quality Management Business Process Engineering Human Resource Development and Management Process Definition Technology Management Process Improvement & Engineering Measurements Project Management Subcontractor Management Customer-Supplier Relationship Requirements Management Estimation Quality System Development Process Development Techniques Internal Documentation Verification & Validation Configuration Management Re-Use Reliability Management Development Environment Problem Response System Usability Engineering Life-Cycle Cost Modeling User Documentation Customer Engineering User Training Nº of Practices 35 52 - 99 Management 107 Quality 33 System Development Practices 110 Development Environment 12 Customer Support 60 Page 5 of 32 . it is recommended that the lower level practices be implemented and sustained . The fundamental practices are at the lower levels. For a given road map. Road maps for each capability area. the level of practices is based on their respective degree of maturity.
Level 5: Fully Integrated. 3. is based on individuals rather than on organizational infrastructure. and configuration management. estimation techniques. Level 4: Managed and Integrated. assessment and improvement. Level 3: Defined and Process Oriented. Success. • • • • To achieve a Trillium level. Level 2: Repeatable and Project Oriented. Level 4: Predictable. Individual project success is achieved through strong project management planning and control.Trillium consists of five levels of maturity that can be described in the following way: • Level 1: Unstructured. began with five levels and now has six . The development process is ad-hoc. Processes are defined and utilized at the organizational level. Level 1: Performed. • • • • • Level 0: Incomplete. while possible. . Process instrumentation and analysis is used as a key mechanism for process improvement. originated in a European Community project.3 Bootstrap The Bootstrap methodology for software process. Level 3: Established. Level 2: Managed. Formal methodologies are extensively used. with emphasis on requirements management. with a focus on evaluating investments in technology was based on : • • • • CMM ISO 9001 ISO 9000-3 ISO 15504 Bootstrap. over time was extended and adopted to include guidelines in the ISO 9000. based on the CMM and developed by the Software Engineering Institute (SEI). as well as CASE tools. although project customization is still permitted. 4 and 5 require the achievement of all lower Trillium levels . Levels 3. Organizational repositories for development history and process are utilized and effective. an organization must satisfy a minimum of 90% of the criteria in each of the 8 Capability Areas at that level. ISO 9001 requirements such as training and internal process auditing are incorporated. Projects frequently cannot meet quality or schedule targets. Processes are controlled and improved. Process change management and defect prevention programs are integrated into processes.
Software Process Improvement programs are implemented in many organizations.g. The Bootstrap process architecture rests on a triad of process categories in the areas of organization. A frequently used and successful methodology for improving the software process is the Bootstrap methodology . or just an individual process. The Bootstrap reference model includes all processes and base practices of the ISO 15504 reference model..4 Process Maturity Framework Process Maturity Framework (PMF). 3. However on process-level. or to measure the maturity of the overall Service Management process as a whole . Each process area specifies several key practices and activities . Table 2: PMF levels and description Level 1 2 3 4 5 PMF Initial Repeatable Defined Managed Optimizing Focus Technology Product/Service Customer Focus Business Focus Value Chain Comments Technology excellence/experts Operational processes (e. The PMF is useful for examining the entire Continuous Service Improvement Program (CSIP) and all implemented ITIL processes. However PMF is only described in ITIL v2 books and not on ITIL v3 books and this creates some doubts about its usefulness and success. Service Support) Proper service level management Business and IT aligned Seamless integration of IT into the business and strategy making Each level is characterized by a combination of five elements: • • • Vision and steering Process People Page 7 of 32 . some process names are different. Methodology and Technology. is described in the ITIL book. This maturity model doesn’t solve this thesis problem because it was designed to improve and assess software development projects and not service delivery or ITIL projects. and a few ISO 15504 processes are divided into two or more Bootstrap processes. It can be used either as a framework to assess the maturity of the ten Service Management processes individually.• Level 5: Optimizing. These three major categories consist of several process areas. It is defined in 5 levels as shown in Table 2.
very simple (6 pages). projects or organizational units . the Tax and Customs Computer and Software Centre of the Dutch Tax and Customs Administration. Improvement should be an integral part of the framework. this maturity model doesn’t solve this thesis problem. and as we saw before. These projects were aimed at developing a method to specify and control IT services. Focus in ITIL. This is the case with the CMM where the framework functions as a prescriptive model and assessments are used to compare the actual situation with the model. it’s unrealistic to think that someone could implement ITIL. To provide IT service providers with directions and steps for further improvement of their service capability. and the Vrije Universiteit Amsterdam. 2. Twijnstra Gudde. They wanted to provide organizations with a mechanism with which they can perform step-wise improvement. The main goals are: 1. partly supported by the Dutch Ministry of Economic Affairs. Is a small model. The model does not measure the maturity of individual services. The main focus of the model is on the maturity of the service provided by the organization. The Software CMM is a widely used and well-known software process improvement model. .5 IT Service CMM The IT Service CMM described in this document originates from two multipartner research projects. Its structure is generic enough to facilitate other areas besides software processes. Partners in these projects – ‘Concrete Kit’ and ‘Kwintes’ – were Cap Gemini. To enable IT service providers to assess their capabilities with respect to the delivery of IT services. 2.• • Technology Culture Each element has one or more goals that the organization needs to implement to achieve the correspondent level. the ITIL implementation is a complex project. 3. The IT Service CMM is based on the Software CMM for two reasons: 1. based on such maturity model. The model covers the service delivery process. The IT Service CMM is a capability maturity model that speciﬁes different maturity levels for organizations that provide IT services. the Technical Universities of Delft and Eindhoven.
Key process areas assigned to process categories. Common features consist of key practices that describe activities that have to be performed or infrastructures that have to be present. Common features are practices that.It’s composed by 22 process areas and each one is structured using common features. when performed together. Process Categories Levels Optimizing Managed Management Service planning Enabling Delivery Support and Actual service standardization delivery Technology Change Management Process Change Management Problem Prevention Quantitative Process Management Service Quality Financial Service Management Management Organization Process Focus Organization Process Deﬁnition Organization Service Deﬁnition Service Delivery Training Program Intergroup Coordination Resource Management Problem Management Service Commitment Management Service Delivery Planning Conﬁguration Management Service Request and Incident Management Service Quality Assurance Ad hoc process Deﬁned Integrated Service Management Repeatable Service Tracking and Oversight Subcontract Management Initial Page 9 of 32 . guarantee that the key process area is implemented and institutionalized. These common features are: • • • • • Commitment to Perform Ability to Perform Activities Performed Measurement and Analysis Verifying Implementation Table 3.
Level 3 Defined: The IT service processes are documented.Among the 22 process areas there are few key processes. Best practices in the model focus on activities for providing quality services to the customer and end users. • • • • This maturity model doesn’t solve this thesis problem. which are: • Level 1 Initial: The IT service delivery process is characterized as ad hoc. standardized. CMMI-SVC integrates bodies of knowledge that are essential for a service provider. and integrated into standard service processes. and occasionally even chaotic. Few processes are defined and success depends on individual effort and heroics. Both the service processes and the delivered services are quantitatively understood and controlled. It was designed to improve mature service practices and contribute to the performance. Level 4 Managed: Detailed measurements of the IT service delivery process and service quality are collected. tailored versions of the organization’s standard service processes. The necessary discipline is in place to repeat earlier successes on similar services with similar service levels. Level 5 Optimizing: Continuous process improvement is enabled by quantitative feedback from the processes and from piloting innovative ideas and technologies. it needs to implement all key processes for that maturity level (Table 3) – and those for lower levels . Level 2 Repeatable: Basic service management processes are established. and profitability of the economic community . All services are delivered using approved. customer satisfaction. it does not take in consideration ITIL culture. It’s a complete and detailed model that provides several good practices to improve the service. although designed to guide and assess service delivery. CMMI-SVC draws on concepts and practices from several service-focused standards and models. 3. It consists of five maturity levels. for IT Service CMM to reside on a certain maturity level. including: • • • • Information Technology Infrastructure Library (ITIL) ISO/IEC 20000: Information Technology—Service Management Control Objects for Information and related Technology (CobiT) Information Technology Services Capability Maturity Model (ITSCMM) .6 CMMI for Services The Capability Maturity Model Integration for Services (CMMI-SVC) provides guidance for the application of CMMI best practices by the service provider organization.
Satisfies the specific goals of the process area. Level 3: Defined. It supports and enables the work needed to provide services. Table 4. and is evaluated for adherence to its process description. except for the differences allowed by the tailoring guidelines. employs skilled people who have adequate resources to produce controlled outputs. • • Page 11 of 32 . involves relevant stakeholders. Level 4: Quantitatively Managed. Level 2: Managed. Levels for Stage and Continuous models. Level 1: Performed.CMMI-SVC provides two ways of assessment: it can assess the whole organization (staged) or each process (continuous). Definition of Continuous representation levels: • • • Level 0: Incomplete. controlled. Continuous Representation Level Capability Levels Level 0 Level 1 Level 2 Level 3 Level 4 Level 5 Incomplete Performed Managed Defined Quantitatively Managed Optimizing Staged Representation Maturity Levels (not applicable) Initial Managed Defined Quantitatively Managed Optimizing The continuous representation is concerned with selecting both a particular process area to improve and the desired capability level for that process area . is monitored. There are 24 processes that are characterized by specific goals and specific practices. It is planned and executed in accordance with policy. process descriptions and procedures for a project are tailored from the organization’s set of standard processes to suit a particular project or organizational unit and therefore are more consistent. Process is controlled using statistical and other quantitative techniques. One or more of the specific goals of the process area are not satisfied and no generic goals exist. and reviewed. however there are some generic goals and generic practices used for all the processes. Quantitative objectives for quality and process performance are established and used as criteria in managing the process. The standards.
They both follow a continuous model and don’t have a stage model. which is the main focus of ITIL. Quantitative objectives are based on needs of the customer. These standard processes are used to establish consistency across the organization. goals. organization.• Level 5: Optimizing. The staged representation is concerned with the overall maturity of the organization. This could be seen unfavorable for organizations that want to be more . Process that is improved based on an understanding of the common causes of variation inherent in the process and continually improves the range of process performance through both incremental and innovative improvements. The service provider ensures that processes are planned in accordance with policy. whether individual processes are performed or incomplete is not the primary focus . but are mainly based and focus in software development and quality and not in service delivery and quality. Trillium and Bootstrap are good and successful models. based on the main features. Level 5: Optimizing. although designed to guide and assess service delivery. all have levels. Level 3: Defined. Level 4: Quantitatively Managed. it does not take in consideration ITIL culture. 3. • • • It’s proved that the adoption of CMMI by companies brings good results with the regard to delivery time and the reduction of defects and costs . Definition of Staged representation levels: • • Level 1: Initial. At this point is important a comparison between the diverse models in order to select the one that offers the most. Projects establish the foundation for an organization to become an effective service provider. In Table 5 we can see a comparison of the models. end users. Processes are usually ad hoc and chaotic Level 2: Managed. Projects establish their defined processes by tailoring the organization’s set of standard processes according to tailoring guidelines. Process that is improved based on an understanding of the common causes of variation inherent in the process and continually improves the range of process performance through both incremental and innovative improvements. and process implementers. Service providers establish quantitative objectives for quality and process performance and use them as criteria in managing processes. This maturity model doesn’t solve this thesis problem. but there are important aspects I took into account to make my selection.7 Comparison There isn’t much difference between the models. practices.
focuses on service and contains concepts of CMMI and the most known standards like in ITIL. It’s consistent. is a very complete model. CMM is a model very well known worldwide and used as basis by a set of many other models. that the author was invited to join the team that would . Comparison of the diverse models. coherent and complete. however. it is surreal to think that some organization organizations could improve efficiently and effectively their ITIL maturity with this model. resumed to 6 pages in the book of ITIL. develop the CMMI-SVC The processes are similar to the ITIL process and the SVC. they are old models and they are not enough he improvement description details. Models Is it a success model? Yes. Cobit and Page 13 of 32 . On the effective other hand describes the continuous and staged model and that is what I think to be an important feature for my model. In the reality of the business world. So interesting. highly Is it a known model? Very well known Does it have SM and/or CM? Both models How detailed is it? Well detailed What is the main focus? Services Was it basis for other models? No CMMI for Services ITSCMM Yes Not well known Only Stage Model Very well detailed Services For CMMI CMM Yes. it is detailed and servic complete. ITSCMM is a very interesting model based on service delivery. CMMI-SVC is known worldwide. Besides. Table 5. with few goals by level.aggressive in the improvement. practices could be very useful. highly Very well known Only Stage Model Well detailed Software For many models PMF No Not well known Both models Very simple ITIL No Trillium Yes Not well known Only Continuous Model Not well detailed Software No Bootstrap Yes Not well known Only Continuous Mode Not well detailed Software No PMF is a small model. it was made for t’s software development and only has staged model representation.
Therefore a dependencies map should be done. relation. Today many organizations spend a lot of money in ITIL implementation projects and fail. It’s also a very detailed model. For that I need to accomplish a few objectives: • Global vision of ITIL The study of ITIL is essential to realize a good work. understand the process. It can be seen in [Appendix 1. 4 Proposal I propose a complete maturity model that organizations could use as guidelines to assure that they don’t fall in any of the most common mistakes made by organizations in ITIL implementation. with which other process. in a correct way and avoiding errors that already made other organizations failed and collapsed. Processes dependencies The processes dependencies are important to understand which process should be implemented. • • • • . etc. when. Chose the right maturity models Select the advantages of each maturity model studied to design a good maturity model that could be applied to ITIL. how high.1 Objectives The main goal is to design a model that provides a roadmap to help the organizations in ITIL implementation. 4. Describes both models continuous and staged and that is excellent. Study maturity models Comparing existing maturity models is an important goal in order to identify the most reliable model(s). Mapping processes Mapping the processes between the maturity model(s) selected and ITIL to identify the relevant goals and practices of the model(s).others. Only with a good knowledge of ITIL it is possible to design a model to evaluate it. goals. Nowadays there isn’t any complete and detailed maturity model for ITIL that could guide organizations in ITIL implementation or assuring that they will do it correctly. the evolution of CMM is focused on services. dependencies. Besides. etc. A maturity model will solve this problem as it will allow not only assessing the level of ITIL in organizations but also will guide them and will tell them what they miss or need to achieve the level they want.5].
With this it’s possible start analyzing the goals and practices of each process. collect them and try transform it in a realistic questionnaire based on CMMI-SVC and ITSCMM but applicable to ITIL. so it will be taken in consideration but the main focus will be on ITSCMM and CMMI for services.3 Mapping processes At [Appendix 1. Next step was mapping all processes of ITSCMM and CMMI-SVC with ITIL processes and design a Staged model. 4. on dependencies map and on the mapping of processes made before. then collect all the goals and practices of each process of ITIL (and similar processes of the models) and create the questionnaire that will assess the correspondent process in the organization. design a staged model leveling the processes with coherence. If possible test each questionnaire in organizations. 4. PMF is a simple model and it’s the only one that was made for ITIL purpose. As it shows. some ITIL processes have more than one process of each other models. Create questionnaire for each ITIL process After identifying the processes of the selected models that correspond to each ITIL process a questionnaire for each process should be created and leveled by a maturity scale. than it makes no sense consider CMM. with all questionnaires. CMMI-SVC. it’s supposed to have a Continuous model. collect them all and design the continuous model.4 Staged model A staged model will enable the organization to have a global vision about the main processes to implement. All staged models proposed in the maturity models before have the particularity of achieve the next level only if all the processes of the level below are fully Page 15 of 32 . At the end.7 shows that the most interesting models are CMM. 4. Design continuous model After creating a questionnaire for each ITIL process.2 Selected Model(s) Section 3. ITSCMM and PMF.• • • Design staged model Based on the model(s) selected.3] we can see a mapping of all the ITIL processes with ITSCMM and CMMI-SVC processes. However CMMI-SVC is an evolution of CMM with the advantage of being focused on services. but there are cases where an ITIL process apparently doesn’t have any match process of the other models.
4] (a summary can be seen in Table 6). Level 4. end users. Quantitatively Managed: Service providers establish quantitative objectives for quality and process performance and uses them as criteria in managing processes. However it is the right choice for organizations that aren’t sure of which are the priory process(es) for them. Optimizing: Continuous process improvement is enabled by quantitative feedback from the processes and from piloting innovative ideas and technologies. standardized.implemented. This implies that in order to achieve a certain level the organization should totally implement a set of processes and this is a huge effort in all the ways. We can see in [Appendix 1. the effort at the beginning is huge. Table 6. for example. Level 5. and integrated into standard service processes. Quantitative objectives are based on needs of the customer. the level 2 must have all the processes for level 2 at level 2.4 Service Strategy Service Design ITIL Service Generation Demand Management IT Financial Management Service Portfolio Management Service Catalogue Management Service Level Management Level 3 3 3 3 2 2 The Staged model will be classified by five levels of maturity: • • Level 1. Level 3. and process implementers. Managed: Basic service management processes are established. Level 2. a non incremental Stage Model. Summary o Appendix 1. and the same for the rest of the levels. Defined: The IT service processes are documented. Most IT processes are included up to this level to allow high levels of performance in the management of IT. Obviously the first . Success depends on individual effort and heroics. and to achieve level 3 must have all the processes for level 3 at level 3 and all processes of level 2 at level 3 also. Processes related to service operation are addressed in this level because they support day-to-day activities and are critical to keep the organization IT operational.1] that in incremental Staged Model the organizations have an incremental level of effort on the implementation and in [Appendix 1. The service provider ensures that processes are planned in accordance with policy. • • • An innovative feature of this proposal is the fact that the stage model is incremental. The Staged model is described in [Appendix 1. organization. Initial: Characterized as ad hoc. and occasionally even chaotic. therefore an organization to achieve.2].
1 to achieve Level 2 the company must reach 10 processes at Level 2 and in Fig. Each question of the questionnaire will be created from the goals or practices described by the similar process of CMMI-SVC and ITSCMM. Table 7. 4. classified as follows: • • Key Non Key The main questions that really need to be implemented The questions that don’t need to be all implemented Page 17 of 32 . the next point will be the description of the “Incident Management questionnaire”.) Is there a description of how to notify customers or end users that could be affected by an incident reported? Describe the following parameters: • Definitions of impact • Response time • Resolution time • Rules for ordering • Expectations in providing feedback to users Is created when needed a request for change to solve an incident? The first questionnaire created was for “Incident Management”.option is a better choice because the organizations avoid a huge first impact effort that will avoid some mistakes. It becomes important design a Continuous model that allows organizations to implement and assess only a particular process. 2 to achieve Level 2 the company must reach 10 processes at Level 5 that is obviously much effort. Therefore in this paper I will not describe the continuous model but only part of it. It is visible that in Fig. Summary of Appendix 1. because it is one of the most popular processes between the organizations that implement ITIL and I already have a target organization to test it.6]. To design a Continuous model I need to have all processes leveled individually so I will need to have questionnaires for all ITIL processes. The questionnaire will have three kinds of questions. So I will make a leveled questionnaire for each process of ITIL. We can see part of the questionnaire in Table 7 and a little more at [Appendix 1.6 Nível 3 Key Non Key Non Key Non Key Non Key Non Key Depend Key (Change M.5 Continuous Model Try to implement more than one or two processes at the same time could not be the rightist choice and some organizations may not be prepared for the effort. and pass by a confirmation of ITIL book in order to design the most credible model possible.
Composed by 5 stages (as shown in Figure 1): Diagnosing Specifying Learning Action Planning Action Research Evaluating Action Taking Fig. t If there is any “Depend Key question and the correspondent process is implemented Key” too than the “Depend Key” question becomes a “Key” question and to achieve the Key o correspondent level it must be implemented. 5 Research Methodology The chosen research methodology for this thesis is Action Research Methodology methodolog esearch Methodology. i The questions will be classified as “Key” questions that must always be ays implemented to achieve the correspondent level. Each questionnaire will have 5 levels and to achieve one of them the organization achieve must have all levels before correctly implemented. . because it is grounded in practical action. Toward the end of the 1990s it began growing in popularity for use in scholarly investigations of information systems.g. Regarding the “Non Key” questions level the organization must satisfy at least 75% of them to achieve the correspondent level. aimed at solving an immediate problem situation while carefully informing theory . all “Key” questions of the level e implemented and at least 75% of “Non Key” questions implemented (e.: to achieve : the level 2 the organizations must have all “key” questions of level 2 implemented and at least 75% of “Non Key” questions implemented but to achieve the level 3 the organization must have level 2 correctly implemented and “Key” questions of leve 3 level implemented and at least 75% of “Non K Key” questions implemented). Action Research Methodology.• Depend Key The questions that only need to be implemented if the related process also is implemented. The method produces highly relevant research results. 1.
the evaluation must critically question whether the action undertaken. Where the change was successful. With all the work performed until now and with all information collected by the assessment in the company. Action Planning . the success or failure of the theoretical framework provides important knowledge to the scientific community for dealing with future research settings. Evaluating – includes determining whether the theoretical effects of the action were realized.This activity specifies organizational actions that should relieve or improve these primary problems. and the changes that would achieve such a state. among the myriad routine and non-routine organizational actions. According to this methodology I will design a maturity model and then found an organization that want assess their ITIL (or part of ITIL) and where I could test my model. it is usually an ongoing process. Finally I’ll describe what I learned in that new experience of assess an organization with the model that I designed. where the change was unsuccessful. the additional knowledge may provide foundations for diagnosing in preparation for further action research interventions. Page 19 of 32 . Specifying Learning . is possible to say that I’ve completed an Action Research cycle. • Finally. The knowledge gained in the action research can be directed to three audiences: • First the restructuring of organizational norms to reflect the new knowledge gained by the organization during the research. After the assessment I will study the results and take my conclusions and then improve the model according to the conclusions.While the activity of specifying learning is formally undertaken last. which indicates both some desired future state for the organization. Action Taking – Is the implementation of the planned action.Diagnosing corresponds to the identification of the primary problems that are the underlying causes of the organization’s desire for change. and whether these effects relieved the problems. 6 First Action Research Cycle With a Maturity Model and the questionnaire for “Incident Management” completed it was time to test my model in a small IT provider. This first Action Research cycle is described below. The discovery of the planned actions is guided by the theoretical framework. causing certain changes to be made. • Second. was the sole cause of success.• • • • • Diagnosing . The researchers and practitioners collaborate in the active intervention into the client organization.
ITIL implementation is not an easy project and there aren’t any ways for organizations to control how right they are doing it or even if they are trying to do the right thing.6. I reviewed the entire questionnaire to assure that everything was right. based on CMMI and ITSCMM. I found a company that has “Incident Management” process implemented and wanted to know if the implementation was performed correctly or not. It’s visible that although almost all levels are implemented they don’t have any level fully implemented. a questionnaire for “Incident Management” was designed. 6. Just complex and confuse Books. based on goals and practices of CMMI and ITSCMM and confirmed its validity with the ITIL. The Continuous Model was design to guide and assess each ITIL process of organizations.3 Action Tacking After contacting the company and get their agreement to assess “Incident Management” process I book an appointment with the responsible for ITIL implementation project. All the necessary questions to assess “Incident Management” were made and the responsible for ITIL implementation project in the company answered them all. 6. or part of it.2 Action Planning With all the dependencies between ITIL processes identified and after I chose and study the most important maturity models I design a maturity model. The Stage Model was design to guide and assess ITIL implementation of organizations as a whole. However to complete the Continuous Model I need all the questionnaires of the processes. In order to try to understand how true is this in Portuguese organizations I needed to found a company to assess their ITIL.1 Diagnosing As told before. The maturity model is composed by a Stage Model and a Continuous Model. 6. To correctly assess the process the company must respond a set of questions supposedly simple and easy to understand.4 Evaluating We can see in Table 8 the results of the “Incident Management” process assessment of the company. so I can affirm that by this evaluation the Company’s Incident Management is at level 1. checking all the questions with CMMI. in order to fix any problem. however the effort needed to get to level 2 is . In order to assess the “Incident Management” at this company. ITSCMM and ITIL books.
the questionnaire contains everything that was done in this project” and “There are goals identified by the questionnaire that we should even had implemented”. Page 21 of 32 . The responsible for the Company’s project understood all the questions and didn’t object any of them. the same for level 4 and 5. Table 8. Assessment of Incident Management (summary only) Levels Questions Key Non Key Nº 39 27 2 68 27 5 2 34 10 15 0 25 5 0 2 7 Processes needed n/a n/a CM SLM CM SLM n/a n/a CHM CHM n/a n/a n/a n/a n/a n/a PM CSI PM CSI Implemented 35 22 0 57 15 0 0 15 7 12 0 19 4 0 0 4 Not Implemented 4 5 2 11 12 5 2 19 3 3 0 6 1 0 2 3 Approved NO YES (81%) YES NO NO NO (0%) YES NO NO YES (80%) YES NO NO YES (100%) YES NO Level 2 Depend Key TOTAL Level 3 Level 4 Key Non Key Depend Key TOTAL Key Non Key Depend Key TOTAL Key Non Key Depend Key TOTAL Level 5 Table 8 legend: CHM – Change Management PM – Problem Management CSI – Continual Service Improvement CM – Configuration Management SLM – Service Level Management n/a – No process dependence With these results I cannot affirm that the problem of this thesis applies to reality of Portuguese organizations because I only assess one organization. The level 3 is the less evolved and the one which needs more effort to complete. At the end of the questionnaire it was asked to the responsible for ITIL implementation project if I miss something in the questionnaire that they had implemented and he said “No. This shows the simplicity and coherency of the questionnaire.insignificant compared with the effort already made. it was simple and objective. There wasn’t any obstacle in the meeting. but I can affirm that the problem completely applies to the reality of this specific company.
By all this reasons I can affirm that the assessment of the process was a success and my objective was obviously achieved. 7 Work Plan Actions already made (Appendix 1. It could be important. to try to understand why some features are not implemented. but not in the right way. to find out if there was any resistance by people or culture of the organization on process implementation. 6.5 Specifying Learning I can say that my first ITIL process assessment was productive.8): Design questionnaires for all the ITIL processes Test all the possible questionnaires in organizations Improve the questionnaires with the assessments learning’s Collect all the questionnaires and complete the Continuous Model Write another paper 8 Conclusion ITIL implementation is the most popular ITSM approach used by worldwide organizations. Although with all this adherence by companies. also in the next assessment. in the next assessment.7): Study maturity models Chose the most interesting maturity model(s) to base my model Design a dependencies map of ITIL processes Mapping ITIL processes with the chosen maturity models processes Design a Stage Model for ITIL Design a questionnaire for Incident Management Assess Incident Management process of a real organization with the questionnaire Draw conclusions of the assessment and complete an action research cycle Improve the questionnaire with the assessment learning’s Write and submission of a paper State of the art Actions for the future (Appendix 1. From this action. we may conclude that: • • • Some features that organizations need to implement the processes correctly are already implemented. most of them don’t . I think that is important.
: Classifying ITIL Processes: A Taxonomy under Tool Support Aspects. With the Staged model completed. ITIL Lifecycle Publication Suiite. (Maturity Models for Information Systems Management. References 1. KulKarni. pp. pp.: Lessons Learned in ITIL Implementation Failure. Vasconcelos. J. test it was an objective. S. A. 2009.. In: Modelling & Simulation. in order to give companies more options. IEEE (2008) 9. In: EUNIS 2008. clear and simple the questionnaire is. in Portuguese) In: Journal of the Faculty of Sciences and Technology at University Fernando Pessoa. A. Freeze. IEEE Press (2009) 4. U. Sahibudin.. R.: ITIL as Common Practice Reference Model for IT Service Management: Formal Assessment and Implications for Practice.. S. B&ISE (2009) Page 23 of 32 .. Ibrahim.: Understanding the Main Phases of Developing a Maturity Assessment Model. Sharifi.: Os Modelos de Maturidade na Gestão de Sistemas de Informação. Becker. as was desired. R. P. IEEE Press (2005) 3. Brenner. M. S.. S. S. In: 16th Australian Conference on Information Systems (ACIS). D.. 2005. T.. e-Commerce and e-Service. pp. J. 2008 6.. Rosemann. IEEE Press (2009) 7. Kashanchi.: ITIL Implementation Roadmap Based on Process Governance. Knackstedt. In: The First IEEE/IFIP International Workshop. Third Asia International Conference.. AMS '09. Rocha.: Can ITIL Contribute to IT/business Alignment? An Initial Investigation. however and even being a business project.. WIRTSCHAFTSINFORMATIK. M. Sahibudin. Bruin. 1 – 4. Proceedings of the 2005 IEEE International Conference. Adam Mickiewicz University Computer Centre (2008) 8.. At the end of the questionnaire the responsible for ITIL implementation project understood all the questions and said that everything they had implemented was in the questionnaire. ITSim 2008. J. M. enough information was collected to design a new maturity model focused in ITIL.. M. After a bibliographic research over other maturity models approaches. Sydney (2005) 11. 704 – 710. finding themselves in a complicated situation. this model describes what organizations should do and also how they should do it. 2008. 19 – 28. Brenner. helping them do it correctly.. Rahman. In: Integrated Network Management-Workshops. Basu. Graupner. Nº 1. pp. R. pp. Singhal. 340-348 (2006) 5.. Ofice of Government Commerce (OGC). J.. S.. IM '09.A. Besides containing a Stage Model and Continuous Model. 93-107 (2004) 10. Pöppelbuß. Sharifi. Zarnekow. what gave us an idea about how completed. M. Ayat. Hochstein. pp. Nicewicz-Modrzewska. Volume 1. tests of a Staged Model at this phase is complicated. In: Information Technology. 369 – 374. M. In this thesis the chosen option was to design a maturity model. R. Stolarski. This nonsense creates the need of a framework that guides organizations in ITIL implementation.: Developing Maturity Models for IT Management – A Procedure Model and Its Application. 2009. A.. Toland.know how to implement it correctly and make mistakes.. Ayat. 44 – 47.: Adoption Factors and Implementation Steps of ITSM in the Target. In: eTechnology. EEE '05. The part of the Continuous Model designed at this phase was tested in a Portuguese organization and produced very good results. IEEE Press (2006) 2. W. In: Journal Business & Information Systems Engineering (BISE).: Collaboration Environment for ITIL. Number 3.
Addison-Wesley (1994) 13. C.: Software Process Models and Project Performance. Information Systems Frontiers. B. L.: Investigating Information Systems with Action Research (1999) . D. Robben... Paulk. Forrester...P. Trillium: Model for Telecom Product Development and Support Process Capability. Springer Berlin / Heidelberg (2006) 16. Software Quality Journal. M.12.267 – 277 (1999) 15.. S. Springer Netherlands (2008) 21.V. K.2.Weber. P. Van Vliet. T. Krishnan. Volume 926/1995.: The Capability Maturity Model: Guidelines for Improving the Software Process.. Technical Report. F.: BOOTSTRAP: A Software Process Assessment and Improvement Methodology.. Shrum. Division of Mathematics and Computer Science Vrije Universiteit Amsterdam (2005) 19. Version 1. Curtis.C.: The Vrije Universiteit IT Service Capability Maturity Model. Pinheiro dos Santos.: CMMI for Services. C. Pereira da Silva. B. In: Lecture Notes in Computer Science. (2006) 17. D. Bell. Zubrow. Richard L. Baskerville. LNCS. Niessink. 31-48. E. Nederland. Technical Report.: TPI. BOOTSTRAP and Testing. W. 1:3... Buteau.: Evaluating the Service Quality of Software Providers Appraised in CMM/CMMI. V. V. OGC (2002) 18. Mukhopadhyay. Marçal de Oliveira. R. B. 283-301. Release 3.: Planning to Implement Service Management (ITIL). Kuvaja. Chrissis.. Software Engineering Institute (2009) 20.2. H.S.S.M. Lloyd. Montreal (1996) 14. Faculty of Sciences.. B.
1 Appendixes Service Catalog… Service Level Management Supplier Management Service Asset &… Event Management Incident Management Request Fulfillment Monitoring & Control Service Desk Technical Management Service Generation Demand Management IT Financial Management Capacity Management Availability Management T Service Continuity… Transition Plan & Support Change Management Release & Deployment… Service Validation & Test Access Management Application Management Information Security… Evaluation Knowledge Management Service Report Service Measurement Problem Management Service Improvement 1 2 3 4 5 Implementation at level 2 Implementation at level 3 Implementation at level 4 Implementation at level 5 .Levels Appendix 1.
Levels Appendix 1.2 Service Catalog… Service Level Management Supplier Management Service Asset &… Event Management Incident Management Request Fulfillment Monitoring & Control Service Desk Technical Management Service Generation Demand Management IT Financial Management Capacity Management Availability Management T Service Continuity… Transition Plan & Support Change Management Release & Deployment… Service Validation & Test Access Management Application Management Information Security … Evaluation Knowledge Management Service Report Service Measurement Problem Management Service Improvement 1 2 3 4 5 Implementation at level 2 Implementation at level 3 Implementation at level 4 Implementation at level 5 Page 26 of 32 .
Supplier Management Transition Plan & Support Change Management Service Asset & Configuration Management Configuration Management Service Delivery Service System Development Service System Transition Service Delivery Service System Development Organization Process Performance Quantitatively Project Management Incident Resolution and Prevention Incident Resolution and Prevention Causal Analysis and Resolution Service Transition Release & Deployment Management Service Validation & Test Evaluation Knowledge Management Event Management Incident Management Problem Management Request Fulfillment Access Management Operation Management IT Operation Manag. Subcontract Management Service Delivery Planning Service Delivery Process Change Management Technology Change Manag. Service Quality Management Service Request and Incident M. Quantitative Process Man. Organization Service Defen. Quantitative Process Man. Service Catalogue Manag. Resource Management Service Delivery Planning Integrated Service Man. Information Security Manag. Organization Process Focus Service Continuity Supplier Agreement Management Service Delivery Service System Transition IT Service Continuity Manag. Organizational Training Process and product quality assur. Configuration Management Service Delivery Service Delivery Quantitative Process Manag. Service Quality Management Continual Service Improvement Service Improvement Service Report Service Measurement . Risk Management Project Planning Capability and Availability Manag. Organization Process Focus Process Change Management Technology Change Manag. Service Delivery Planning Service Tracking and Oversight Service Quality Assurance Service Delivery Planning Integrated Service Man. Intergroup Coordination Service Commitment Manag. Organization Service Defen. Organization Process Defen. Organizational Training Organization Innovation and Deploy. Risk Management Organization Process Definition Service System Development Strategic Service Management Strategic Service Management Requirement Management Service Delivery Service System Development Strategic Service Management Capability and Availability Manag. Organization Process Defen.Appendix 1.3 ITIL Service Generation Demand Management CMMI Project Planning Service System Development Project Planning Capability and Availability Manag. Problem Management Problem Prevention Service Portfolio Manag. ITSCMM Service Strategy IT Financial Management Financial Service Manag. Service Tracking and Oversight Quantitative Process Manag. Service Request and Incident M. Service Operation Monitoring & Control Service Desk Technical Management Application Management Process Monitoring and Control Service Tracking and Oversight Service Quality Assurance Service Request and Incident M. Service Level Management Capacity Management Service Design Availability Management Capability and Availability Manag. Measurement and Analysis Measurement and Analysis Quantitatively Project Management Training Program Training Program Resource Management Organization Process Focus Process Change Management Technology Change Manag. Service Commitment Manag. Service Commitment Manag.
4 ITIL Service Generation Demand Management IT Financial Management Service Portfolio Manag. Monitoring & Control Service Desk Technical Management Application Management Service Improvement Service Report Service Measurement Level 3 3 3 3 2 2 3 3 3 4 2 3 3 2 3 3 4 4 2 2 5 2 3 Service Strategy Service Design Service Transition Service Operation 2 2 2 3 5 4 4 Continual Service Improvement . Information Security Manag. Supplier Management Transition Plan & Support Change Management Service Asset & Configuration Management Release & Deployment Management Service Validation & Test Evaluation Knowledge Management Event Management Incident Management Problem Management Request Fulfillment Access Management Operation Management IT Operation Manag.Appendix 1. Service Level Management Capacity Management Availability Management IT Service Continuity Manag. Service Catalogue Manag.
Appendix 1.5 .
Appendix 1.6 Level 3 Key Key Key Key Key Key Key Key Key Key Key Key Non Key Non Key Non Key Non Key Non Key Key Depend Key (Change M.) Is the policy for the planning and implementation of the process documented? Was a plan defined for the implementation of the process? • Was the plan reviewed by the stakeholders and had their consent? • Is the plan revised when necessary? Is the plan for the execution of the process documented? Is the description of the incident management documented? Is described how the responsibility in the handling incidents are assigned and transferred? Is there a description of the process that tells the needs and objectives for the implementation of the process? • Is it maintained? • Is it updated? • Is it revised when necessary? Is there a description of how to notify customers or end users that could be affected by an incident reported? Describe the following parameters: • Definitions of impact • Response time • Resolution time • Rules for ordering • Expectations in providing feedback to users Is the repository audited in accordance with a documented procedure? Is created when needed a request for change to solve an incident? .
7 .Appendix 1.
Appendix 1.8 Page 32 of 32 .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.