The IT Infrastructure Library (ITIL) may have started as a relatively obscure UK government project, but the ITIL approach now underpins a wide variety of service management systems, and is becoming increasingly integrated with other quality standards. Just how can ITIL offer real benefits to your business and provide you with better IT service?

Most IT managers with any experience have learnt to be wary of two things: government IT proposals and acronyms. The former are generally several years behind the times and weighed down with jargon, while the latter are often designed to sound cute rather than delivering any useful features. The paranoia levels when contemplating dealing with the Information Technology Infrastructure Library (ITIL)--a project almost always referred to in its initialled form, and one originally developed by the UK government in the e-commerce-free days of the late 1980s--can thus quickly reach Marvin-like proportions.

While understandable, such an attitude would be dangerous. ITIL has now established a clear leadership position as a methodology for effective delivery and management of IT services. It is used in a wide range of systems and network management products, and is supported by an ever-growing army of consultants, trainers, and advisors.

Support for ITIL has been steadily building for some time. "Repeatable, documented processes are essential to improving IT service delivery and management. The ITIL framework provides an effective foundation for quality IT service management. Any Australian enterprise considering quality improvements in service delivery should start with the ITIL," Gartner analysts John Roberts and Simon Mingay concluded in an assessment of the relevance of ITIL to the Australian market back in 2001. Expectations of IT departments are, if anything, somewhat higher now than they were back in 2001, so the lessons of ITIL are likely to be doubly important.

A little history
ITIL was originally created by the UK government's Central Computer and Telecommunications Agency (CCTA), which had the role of advising on how government agencies could best make use of technology. (This is somewhat analogous to what NOIE does within Australia.)

The original ITIL, created in 1989, consisted of a series of books, describing how IT services could be delivered effectively and consistently via a series of best practices. The core of the approach was to apply established principles of management science to the then-emerging world of mass usage IT.

CCTA was quite canny in the process it used to create the books. Rather than spending UK taxpayer funds to author the ITIL volumes itself, it invited technology companies to contribute their expertise in specific areas. Editing and proofing was then carried out by rival IT companies, which ensured that self-promotion and technology-specific references were ruthlessly weeded out. CCTA then took on the final editing of the documents for consistency, and retained copyright in them. For their trouble, the vendors could be fairly sure that what was being proposed wasn't so outlandish that they'd all have to go out and build new systems before they'd managed to implement sales staff to sell them.

One key to the survival of ITIL principles is that they are not technology-specific, but focus squarely on service delivery. They also do so at an astounding level of detail. There were more than 40 volumes in the original series, describing best practices across 24 related disciplines.

The ITIL books have continued to be periodically refreshed, with the most recent batch of updates beginning in 2002, when the existing titles were consolidated down into seven core volumes, covering service support, service delivery, service management implementation, application management, infrastructure management, security management, and the business perspective on ITIL. In each of these areas, there are multiple disciplines to be considered (see sidebar Managing with ITIL for an overview of some of the key disciplines).

The recent consolidation process means that each volume is easier to buy, but costs a little more (the current price is around $170 per volume direct from the UK). For any full ITIL implementation, an understanding of the core volumes is deemed essential by most consultants (though they'll happily sell you plenty of support services as well).

From the UK, the ITIL approach spread into Europe and then gradually into other centres. A key influence in this process has been the support for ITIL by the IT Service Management Forum (ITSMF), an independent body of IT service managers which has established chapters all over the world. The official training supervisors for ITIL, which run certification programs for individuals, are located in the UK and the Netherlands (whose adoption of ITIL has at times threatened to outstrip the UK itself).

Australia's first ITIL course is said to have taken place in 1995. Certified training is currently available from five providers in Australia (Conan Group, Lucid IT, Pink Elephant, RedWorld, and The Art of Service), while exams for ITIL certification can be taken electronically through a large number of Thomson Prometric agencies. More recently, ITIL has seen increasing popularity in North America, an area not always noted for its receptiveness to business ideas from overseas. The dominance of US consulting firms and IT vendors has also seen an increase in ITIL enthusiasm even in markets which had already begun experimenting with it, creating something of a coals-to-Newcastle effect.

Typically, despite its origins, Americans now like to describe ITIL as "an emerging worldwide standard for IT service and support". The UK Office of Government Commerce (OGC), which continues to manage and develop ITIL, is unlikely to be impressed with that attitude. Its Web site includes a curt note reminding everyone that ITIL documents are Crown copyrighted and can't be reproduced without permission. (At least one prominent ITIL consultancy incorrectly identified the ITIL books as public domain.)

And then there's MS
Such patriotic considerations aside, one of the more significant developments in the history of ITIL was its adoption by the IT industry's favourite 800-pound gorilla, Microsoft. Microsoft used the principles developed in ITIL as a key element in its Microsoft Operations Framework (MOF), first introduced in 2000, which is embedded in many of its enterprise products, including Systems Management Server.

Of course, being Microsoft, the non-proprietary aspect of ITIL wasn't seen as particularly essential. "[MOF] provides comprehensive technical guidance for achieving mission-critical production system reliability, availability, supportability, and manageability for solutions and services built on Microsoft's products and technologies," the company's own overview comments (the emphasis is ours). "MOF also extends the ITIL code of practice to support distributed IT environments and industry trends such as application hosting and Web-based transactional and e-commerce systems."

Despite its self-centred view, Microsoft's approach has helped cement the importance of ITIL. META Group estimates that by 2007 more than 75 percent of companies will be using some form of Microsoft management software--which means that they'll be using an approach based on ITIL, even if they completely fail to realise this or perform any kind of more general overhaul on their processes.

Microsoft is far from being the only company which had added ITIL into its proprietary management framework. HP's OpenView, CA's Unicenter, and IBM's Tivoli families all have support for ITIL within some of their components, as do many other more specialised management platforms and tools vendors.

Some of these companies proudly boast that their systems have been "certified" as ITIL-compliant. It's important to note that such certification is done by external agencies, it isn't done by the OGC itself, or even by its training supervisors. In the strictest sense, ITIL certification for products isn't possible, since the products have to be adapted to work within a specific environment, and ITIL assessment would only be possible after that had happened.

Nonetheless, boasting about ITIL compliance now appears to be a checkbox in the marketing materials of many management systems vendors. "There's a lot of lip service paid to ITIL, but not always a lot of substance," says Dominic Schiavello, marketing manager for Computing Associates Australia. (This is hardly unusual behaviour when it comes to marketing enterprise services, of course.)

Business benefits

On one level, ITIL provides a practical means for achieving what has rapidly become the most clichéd of all information systems goals: putting technology into the service of business goals, rather than making the business subservient to the capabilities of the technology. "IT is going to be very much measured by quality of service," notes Schiavello. ITIL provides a set of practices which, if implemented, should see that quality of service increased in a fashion that can be directly measured, providing better budgetary justification. "It's all about creating a continual, repeatable quality process," says Schiavello.

"ITIL's systematic approach is a refreshing change to the historical chaos that has long existed in many IT organisations," notes an assessment by Enterprise Management Associates. "More formalised processes and procedures have been required to take full advantage of the vast investments in IT infrastructure."

"IS organisations are being asked to make the most of what they have and still deliver cost management improvements," says Gartner analyst Kris Brittain. "To meet these demands, many have turned to refinements and efficiency improvements through benchmarking, best practices, processes, and standards analysis. ITIL has been at the forefront of best-practice and process methodology."

ITIL's core principles are also generalised enough that they can be adapted to the needs of each user. Indeed, at times ITIL seems to go out of its way to demonstrate its non-prescriptive nature; see sidebar Are your people an IT asset? for one example.

ITIL consultancy Pink Elephant has identified more than a dozen central benefits to a comprehensive ITIL implementation, including better resource utilisation, increased competitiveness, improving project deliverables and timing, justifying service costs, and providing demonstrable service indicators.

Making it happen
While ITIL may be appealing, make no mistake about it: implementing it can be extremely hard work. A complete ITIL implementation will often take years and require major adjustments to IT processes at all levels, along with significant staff retraining. Nor does implementing ITIL simply mean following blindly a set of invariant procedures. "ITIL does not cast in tablets of stone every action you should do on a day-to-day basis because that is something which will differ from organisation to organisation," says Gerard Blokdijk, managing director for The Art of Service. The rewards can be as large as the effort required, though. In one oft-cited example, Procter & Gamble claimed savings of more than US$500 million in the first four years after adopting ITIL.

Like any best practices approach, ITIL is often implemented in stages; indeed, an all-in-one implementation would challenge even the most resourceful information executive. This will often be tied in with specific technology rollouts. For instance, the introduction of a new service desk application might allow for a business' processes to become more closely aligned with ITIL best practices.

Other processes might require more fundamental changes within the business itself, however, rather than drawing on supporting technologies. "A lot of ITIL processes go across technology boundaries," says Schiavello. "The key is for these disciplines to interact with each other."

This can lead to some fairly radical changes in the functions performed by the IT department. "Identifying the services where internal IT organisations add the most value to the business is key to determining core competencies," notes IBM GSA in its white paper on ITIL. "Core competencies can then be defined on the basis of value-add to the business rather than what the IT organisation does best today."

Technology neutrality, while valuable, also imposes some limitations. "ITIL's development has been slowed by its funding and development model, and will always lag technological advancements, which places an additional load on the enterprise to perform additional process design work itself," Gartner's Roberts and Mingay noted in their assessment.

One lingering question over ITIL is how readily it can be extended from larger enterprises--whose processes are large and costly enough to justify significant revamping--into smaller firms. On one level, this can of course be accomplished by implementing technologies which themselves are based on ITIL principles, as discussed earlier, but this can hardly be considered as aspiring in any way to best practices.

"The perception that ITIL is best suited to large corporations may not be entirely accurate," a white paper from InterProm USA points out. "The list of companies that have adopted ITIL include multiple Fortune 500 companies. They may appear as if they have implemented ITIL company-wide. In most cases this is not a fact. In general we see that small units within these multinationals have implemented ITIL. It is also true that larger companies usually adopt the latest management styles faster than smaller ones. But this doesn't automatically mean that these smaller companies are not able to benefit from these management styles as well."

Indeed, ITIL was adopted as the best practice model by the Managed Service Provider Association, an international consortium of companies providing managed services to businesses, which might suggest a possible pathway for ITIL into smaller organisations. However, the consortium itself eventually collapsed, a victim of the generally lacklustre market for managed services in most areas. Nonetheless, if managed services eventually extend their reach into small enterprises, it seems likely that ITIL will also be making the journey.

Managing with ITIL

• Incident management. Incidents range from individual user problems to catastrophic network failures.
• Problem management. ITIL defines a four-stage process designed to ensure that information from individual incidents is used to resolve more fundamental structural problems.
• Change management. Systems for measuring and managing changes to IT infrastructure.
• Configuration management. Allows tracking of both system configurations and individual assets. (This is an area where software vendors frequently become involved.)
• Software release and distribution. Ensuring software is up to date, legal, and relevant. This includes the perennially unpleasant area of patch management.
• Service level management. Defining acceptable and affordable levels of service delivery.
• Cost management. Creating and maintaining a costing and charging system.
• Availability management. Ensuring maximum uptime.
• Capacity management. Making sure that systems are neither over or under-utilised, and that service levels will be maintained over time.
• Contingency planning. Everyone's other perennial favourite, how to recover in the event of a disaster.

Many of these disciplines will sound familiar when encapsulated in this fashion. One crucial difference is that ITIL views them as necessary for enhancing business performance, not merely as means for solving existing technical problems. Thus availability management is important not just because it means the network is up and running, but because numerous business processes depend on the network.

"The focus of ITIL in all its disciplines is on defining the best practice for the processes and the responsibilities that must be established to effectively manage the business's IT services to drive forward the objectives of that business in service delivery and revenue generation," note Computer Associates technologists Mike Stephenson and Eli Egozi in a recent white paper.

Executive summary: ITIL at a glance
If you haven't already heard of the IT Infrastructure Library, chances are you will sometime soon. Here's what you need to know about how it will work in your business.

• ITIL defines best practices. First initiated by the UK government in 1989, ITIL outlines a series of best practices for ensuring optimised IT service delivery within your organisation. These were created via industry consultation and have been subject to a process of ongoing revision.
• ITIL emphasises services, not technologies. ITIL is designed to provide a means of managing services and measuring how effectively they are contributing to your overall business. As such, they make minimal reference to specific technologies. This can make them confusingly abstract on occasion, but has ensured their long-term applicability.
• ITIL certification is available for your staff. A variety of training courses is available to build ITIL expertise within your business. Examinations are supervised from a central European location, but can be taken throughout Australia. Certification isn't essential for implementing ITIL, but provides a useful metric of staff knowledge.
• ITIL is increasingly supported by vendors. Virtually without exception, network management products and frameworks are now promoted as being ITIL-based. However, you won't be able to "implement ITIL" simply by installing these products; they simply provide a support framework for more accurately measuring the performance of your services.

Subscribe now to Australian Technology & Business magazine.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.