INNOTRAIN IT
IT Service Management
QUICK – SIMPLE - CLEAR
Preview
Extract
Chapter 4
2011
IT Service Management
I
Authors
Dr. Mariusz Grabowski, Universität der Wirtschaft Krakau
Dr. Claus Hoffmann, Beatrix Lang GmbH
Philipp Küller, Hochschule Heilbronn
Elena-Teodora Miron, Universität Wien
Dr. Dariusz Put, Universität der Wirtschaft Krakau
Dr. Piotr Soja, Universität der Wirtschaft Krakau
Dr. Janusz Stal, Universität der Wirtschaft Krakau
Marcus Vogt, Hochschule Heilbronn
Dr. Eng. Tadeusz Wilusz, Universität der Wirtschaft Krakau
Dr. Agnieszka Zając, Universität der Wirtschaft Krakau
4 ITSM Implementation in SMEs IT Service Management can be introduced in companies in different ways. Depending on the
maturity level and experience in the company, different processes can take priority. In addition to
incident and problem management, change management is frequently the first step of an ITSM
implementation. The change management scheme should be developed at the earliest possible
stage, as it is the core of continuous service improvement.
ITSM implementation is not only a technical, but primarily an organizational change process.
People in organisations have to change their behaviour. However, resistance to change is a trait
many people share. However, it is people who decide whether or not ITSM introductions are
successful. A few ITSM projects are specifically devoted to the capacity for change and willingness
to change of IT or service desk employees and pose these questions:
! Can the employees who have worked according to the same pattern for years internalise the
philosophy of ITSM in a short time and change their work processes?
! Do the employees have the capabilities required to bring a service organisation to life?
! Are the expectations with regard to the time and personnel outlay required for implementing
ITSM even realistic?
In practice, the greatest obstacle for IT Service Management is personnel-related, cultural and
organisational resistance to change. Change management measures should be planned at an
early stage during ITSM implementation. The aspects and methods of change management in
ITSM projects are described in detail in Chapter 5.
Real-world business experiences show that it is usually impossible to implement five to ten ITSM
processes in six months. The primary success factor is when the ITSM philosophy is conveyed
successfully and a corporate culture exists that is open to the change and promotes effective
introduction of ITSM. Many companies that claim not to have IT Service Management have already
dealt with the issue of disruptions in the operating workflow and frequently used existing
standardised procedures. These companies have then adapted IT Infrastructure Library (ITIL), for
example, to suit their needs ideally, but without understanding the philosophy. Therefore, they have
put the second step before the first. In other words: they have put up the walls without laying the
foundation. This chapter is intended to prevent exactly that. An example of a blueprint is provided
to introduce IT Service Management in the company. Each company and each IT department have
their unique characteristics. Therefore, this plan serves only as a rough guide that can be adapted
to the company's own needs and circumstances and has to be elaborated in detail. The following
information is focused on the essential steps of the ITSM implementation project that small and
medium-sized companies typically have to go through.
Based on the diverse requirements of the different types of companies, the following pages will
present a draft for a modular plan. It takes into account two concepts: Modularisation and
prioritisation.
Modularisation
In Chapter 3, we presented the INNOTRAIN IT method, and already made use of the
concept of modularisation there. Individual processes and functions have been compiled into
modules and can be but together like building blocks according to specific needs. This
principle is carried over into the introduction. In doing so, modules can be implemented in the
manner deemed most suitable.
Prioritisation
By prioritising the modules mentioned above and taking into account certain dependencies
between the modules, an individual flow chart for the company can be derived.
The following Figure 17 shows the implementation of these concepts. As mentioned earlier, the
modularisation has already been explained in Chapter 3; therefore, this aspect of the graphic is
also identical. The prioritisation is highly pragmatic and, in this case, contains only the distinction
between mandatory (shown in dark shades) and optional modules (shown in light shades). We
assume that individual companies have carried out a complete outsourcing of their IT. However,
implementing the mandatory modules is useful even in these cases.
Figure 17 - Overview and classification of the ITSM modules
The mandatory modules provide the basis for successful use of ITSM. The optional modules
supplement them. To utilise all the added value that can be provided by using ITSM, all modules
should be introduced. The selection of modules depends to a great extent on the company and its
facets, the strategy and requirements.
The following graphic shows an example of a blueprint shown as a introductory path. As mentioned
earlier, the defined steps reflect all basic modules. These have been arranged into a sequence
according to their dependencies and are expanded by adding relevant activities.
The subsequent paragraphs explain all five steps of the introduction process in detail:
1. Preparation, vision, evaluation and planning
2. Defining the strategy
3. Implementing the basic modules
4. Implementing the advanced modules
5. Optimising the implementation
Figure 18 - Relationship between project phases and the INNOTRAIN IT five-step implementation model
4.1 Step I – Preparation, vision, evaluation and planning
When introducing IT Service Management, the IT organisation faces the challenge of developing
and offering IT services for supporting the business processes. In many cases, this change
succeeds only after a delay, as the mission and philosophy of the IT organisation have to change
first. Just as the entire business has to face the changes, the IT organisation also has to undergo a
fundamental change from a technology provider to a service organisation. This new role evaluation
helps the IT organization to define and implement its new function as a supplier of IT services,
while also increasing is effectiveness.
At the beginning of an ITSM implementation, the benefits and necessity of IT Service Management
should be identified and discussed with corporate managers and executives. Management has to
be shown that the ITSM implementation is a change program and not just a technical solution or
technical project.
To identify the significance of the ITSM plans for the company and obtain the buy-in of executives,
a workshop should be held for them. This can be organised as part of the initialisation phase of an
ITSM change programme.
4.1.1 Vision
Defining a vision for the project is an important step towards implementing IT Service Management
successfully. The vision sets the direction for the project stakeholders and gives them orientation. It
helps to place a shared goal before the various groups of stakeholders. Implementing IT Service
Management requires vision, goals and resources. Moreover, the vision has to take into account
people, processes, cultures and technologies for all areas involved. The vision serves the following
purposes:
! Giving everyone a clear idea of where the plan is headed
! Motivating employees so that they act in the direction that has been agreed
! Co-ordinating all activities of the participating persons
! Bringing into agreement different perspectives in the company, such as between executive
management, the IT department, specialised departments and the employees
The vision is the central starting point for turning an ITSM plan into reality. In doing so, an important
element is exchanging and communicating with all IT stakeholders in the company, meaning all
those who are participate directly in the project or are affected by it. Typically, their interest
depends on the extent to which they are affected. The urgency of the plan (What happens if we do
nothing?) and the vision are the basis for communicating with IT stakeholders. This information is
intended to provide motivation, inspiration and support for implementation. In addition, it is
important to live out the philosophy of IT Service Management. Objections have to be discussed,
priorities agreed and decisions made jointly.
4.1.2 Preparation
Nowadays frequently referred to as the "enabler" of the company, IT is dependent on customers'
processes in a wide variety of forms. For this reason, after the project is approved by top
management, it is important to measure and analyse the environmental variables of IT. In many
cases, a corporate strategy is defined and processes are documented. If this is not the case, these
preparatory measures ought to be carried out. After going through the steps, an IT strategy, exact
requirements and required services are to be derived. The two relevant measures here are:
! Defining and documenting the corporate strategy
! Documenting the relevant business processes with the methods of business process
management
4.1.3 Evaluation
Measurements are indispensable for good management and the implementation of ITSM. Every
improvement programme with the objective of optimising IT services must have the current status
as a reference value. This is also an important starting point for attaining a quality standard and
meeting governance or compliance requirements.
A needs-based analysis of the existing IT processes and IT services is the basis for a successful
ITSM change project. For this purpose, there are various assessment forms for measuring
variables such as process maturity. In this process, it is important to keep an overall image in mind
so that employees, technology, processes and structures are matched to each other. From the
individual processes via the maturity level of an IT organization to the tools used, an inventory
should be carried out, recommendations and risk assessments carried out and the results
presented as part of a management workshop.
With the help of an IT Governance Maturity Assessment, the processes, control mechanisms and
responsibilities of an IT organization can be analysed, for example based on COBIT. Today,
statutory regulations such as the Sarbanes-Oxley Act, the Corporate Governance Codex or Basel II
require, from a business management and technical standpoint, corresponding accountability
reports for the efficiency and effectiveness of management and control of IT processes. The
objective is to create transparency in IT Service Management and reduce operational risks
significantly.
The full benefits of ITSM processes in fulfilling business requirements while simultaneously
maintaining the Service Level Agreement that has been reached are obtained only with co-
ordinated interaction of people, processes, structures and technology. In doing so, ITSM tools can
ensure efficient control of flows of information between the IT processes and provide the basis for
an ongoing identification of optimisation potential. It is necessary to check whether the ITSM tools
will meet present and future requirements and whether they provide optimum support to the IT
processes.
Optimising an IT service organisation involves not only technical matters, but also soft factors.
Therefore, the corporate and organisational culture is another important aspect of a successful
business/IT alignment. A service culture analysis that surveys employees about the behaviours
they expect directly or indirectly can be used to identify deficiencies.
4.1.4 Planning
The planning phase is used for concrete development and implementation of an ITSM solution. It is
based on results of the vision and evaluation phase. Typically, a program for implementing or
improving service management consists of multiple projects that are focused on certain processes,
functions or regions of the overall programme. The strategic vision illustrates the desired future
status to be attained. The evaluation allows the organisation to determine where it currently is and
what is required for the progress. The planning phase provides the answer to the question "How do
we reach our goal?".
It is important that there is unanimity about the role and properties of the IT organisation, both in IT
and with executive management. With regard to a uniform understanding of the future role of IT, it
is not only important to understand the ITSM processes; rather, for implementation, it is also
relevant to determine the extent to which the employees have already gathered experiences with
the processes. Therefore, it is necessary to clarify which process activities and the required
capabilities of employees are most urgently necessary in order to fill the required role and thus to
provide the results expected of the implementation.
To justify the introduction of ITSM, the costs have to be compared to the savings and revenue. The
costs can be determined relatively easier, but revenues or savings are often more difficult.
Based on the gap analysis and progress review, a roadmap can be developed to close the
identified gaps. The multi-layered nature of the gaps means that a single measure is usually not
sufficient. Therefore, ideally, a roadmap is developed that matches the processes, technology and
employees to each other optimally. For each programme module, a detailed project plan with
expenses, deliverables and deadlines is required in order to thus create the basis for target-
oriented control of the programme
4.2 Step II – Defining the strategy
"The slowest person who never loses sight of his goal is still faster than someone who dashes
about without one." If we apply these words of wisdom from Gotthold Ephraim Lessing to IT, even
smaller organisations will be on the right path as long as they pursue the right goals. Accordingly,
the ITSM introduction also begins by defining the vision, strategy and goals of the IT organisation.
In many cases, people already act strategically without even realising it. In the simplest case, they
take a big sheet of paper, sit down with the colleagues involved, write down the strategy and the
goals derived from it and hang up the strategy paper in a readily visible location. This allows
everyone to align his or her everyday decisions with the strategy. It soon becomes evident that this
pragmatic strategy development is not a science one needs to be afraid of, but rather a tool.
So that all aspects relevant for IT are covered, it is useful to define two parts of the strategy:
Aligning the IT strategy with the corporate strategy
IT must not be an end in itself, but must provide ideal support to business processes. Therefore,
the first part is deriving the IT strategy from the corporate strategy. What has to be done for the
company to be successful and how can IT support the company? This is the central question, and
should be discussed between the responsible persons and the most important groups of
stakeholders. Many IT strategy documents are concerned with how to provide IT services efficiently
and effectively. However, that is only one side of the coin. The actual glue between the specialised
departments and IT lies in answering the following questions:
! What are the company's goals?
! What are the success factors in the individual specialised department?
! How can IT help to influence these success factors and reach the goals that have been set?
Even if, in many cases, the specialised departments do not have a documented strategy and the
question "What makes us successful?" provokes only general answers, the questions listed above
may be helpful in steering the discussion. Providing IT services effectively and efficiently that are
not even needed by the specialised departments is an error that should be avoided. According to
the philosophy: It went very well—but unfortunately towards the wrong goal!
IT strategy for SMEs
The actual IT strategy is an extension of the derived strategy and expands it by adding
technological and organisational aspects. The IT strategy can also define architectural aspects. For
example, consolidating the servers by virtualisation may be one goal of a company's IT strategy.
However, the IT strategy can also include that the company uses open source where possible and
useful, prefers a certain programming language or uses only one hardware manufacturer. In
summary, the IT strategy can address the following topics:
! Principles and guidelines of the use of IT
! Financing model and organisation of IT
! Application and system architectures
! IT infrastructure as required basis
! IT service and performance processes
! Internally and externally necessary implementation resources
! Risks in the implementation process
For additional information and details on the topic of strategy definition, refer to Chapters 3.1.1 and
3.1.2.
4.3 Step III – Implementing the basic modules
After the future strategies are defined and the IT is aligned accordingly, the actual implementation
can begin. The following process map provides an overview of the required steps within the basic
implementation. For some companies, the conclusion of the process is also the end of the
introduction project. If the advanced modules are not absolutely necessary, at least the
optimisation in Step V should be considered.
4.3.1 Creating an ITSM plan
In close co-ordination with business, key suppliers and managers, an advance plan should be
created that defines tasks, schedules and responsibilities. This provides the basis for a continuous
improvement process and establishes the guideline for a mature ITSM organisation. Continuous
improvement of the ITSM organisation should provide an ideal level of support to the business and
meet the requirements for stability, availability and security at optimal cost. An ITSM plan should be
drafted defining the concrete goals for the coming business year for individual management
activities such as process reviews, customer satisfaction surveys, budget planning or Change
Advisory Boards.
4.3.2 Developing an ITSM process design
Ideally, the process design for the ITSM process implementation is drafted in workshops. In
particular, this involves configuring the individual processes and developing a target concept that
serves as input for customising the ITSM tools and
training the involved employees. Here, considering a
company's individual starting position is of special
importance. The objective is to implement ITSM
processes in the organisation. In doing so, one should
concentrate on the essentials, ideally directly and in
everyday practice without generating great additional
expenses.
4.3.3 Providing the relevant tools
At the beginning, Step III includes providing the relevant
tools. A brief requirements analysis pays off at this point,
as following ITIL best practices in a strict manner, for
example, would require a great number of different tools.
The purpose of most of these tools is managing
knowledge. In many cases, the response is: "But our
Administrator already knows all that." What happens if, for
whatever reason, the admin is no longer available? This is
only one of the reasons why basic and thorough
documentation can be of vital importance to an
organisation's survival. However, the principle of
pragmatism applies here also. Therefore, as part of
implementing the basic modules, only a small selection of
available tools is helpful and useful, even for very small companies.
Configuration Management Database
In the ITSM community, the important-sounding term "Configuration Management Database"
(CMDB) can refer to nothing more elaborate than a list of all elements of the IT landscape. The
objective being pursued is a consistent collection of all so-called "Configuration Items" (CI). CIs
include, for example, the servers, printers, and network components, as well as software licenses
and contracts—in short, everything that deserves to be managed. The granularity and types of CIs
can be defined according to one's own needs. The information to be managed also has to be
defined and updated accordingly. Logical additions and links are then added to this list, such as a
change log, a collection of known errors and incident and problem messages. The tool support can
vary greatly: In an extreme case, a CMDB can be either a physical file folder in which all
Figure 19 - Process of implementing the
basic modules
configuration items are maintained and updated manually or a tool costing millions of dollars that
requires dedicated administrators to keep it running. Clearly, each company has to find its ideal
middle ground. In doing so, the CMDB should always be structured so that it is complete for the
corresponding services, without being so large as to cause problems for configuration
management. One of the most important foundations for the success of ITSM in an organisation is
a functioning configuration management database that can be used, administered and monitored
efficiently by the employees. Therefore, it should always be co-ordinated, developed and optimised
to match the present needs of IT and business.
Ticket system
As the single point of contact, the service desk plays a central role in communication between
service provider and customer. A ticket system supports this exchange in a wide variety of ways,
including:
! Entering various enquiries (incidents, problems, service requests etc.)
! Documenting the individual activities in the lifecycle of a system
! Distributing the enquiries among employees
! Defining and supporting the escalation process of tickets (1st, 2nd, 3rd Level)
! Optional communication channels (e.g. Web interface, e-mail)
To be sure, the simplest version is setting up a central e-mail address for all enquires. However,
this is effective only if the IT department consists of just a very few employees. Thus the "e-mail"
version lacks obvious features of a ticket system such as structured entry of the data,
categorisation and prioritisation options, reservation of tickets and reporting functions. Ticket
systems, frequently based on Web technologies, are available in a great number of different
versions, both as a commercial and Open Source solution.
Service catalogue & service portfolio
To "sell" a service, you have to publicise your services. Setting up a structured service portfolio
management system answers questions about service benefits, quality and price structure as well
as about the strengths, weaknesses and risks of the IT services offered. In doing so, service
portfolio management system documents all planned services (in the service pipeline), all currently
offered services and all withdrawn services. The service catalogue is a sub-product of the service
portfolio and contains only the currently offered services. The appearance of the portfolio and the
catalogue can be extremely different, including everything from a simple document that is
forwarded, to databases in the intranet to small online stores in which the customer can "order"
services directly. Here, too, a pragmatic approach that suits the company can be selected.
4.3.4 Introducing a central service desk
Introducing a central service desk not only is an easily attained intermediate goal (known as a
"Quick Win"), it also addresses the uncomfortable topic of user support within IT and thus creates
acceptance within the IT department. Thirdly, it provides the basis for many modules that require
the service desk as a central communication unit. In this regard, the service desk does not
necessarily mean more work, but rather a different organisation of the work and a structured
procedure. For example, if we implement a ticket system with Web interface and understandable
categorisation, the customer's enquiry will be routed to the correct employee rather than also
needlessly adding to the workload of employees who are not involved. In addition, the employee
can concentrate on his or her regular activities and work on the service desk in a targeted manner.
However, in this labour-divisional version, it has also proven helpful to define a service desk
manager who takes over responsibility for the entire service desk and can delegate enquiries if
necessary.
The following three steps can be introduced simultaneously. All three steps can be implemented in
various ways in practice:
! Iteratively and simultaneously with the regular activities
! Broken up into portions
! On a one-time basis
4.3.5 IT service portfolio and catalogue
Earlier, we described the "shell" of the service portfolio. Now, we'll bring this shell to life. We enter
the critical information for each service:
! All information that the customer needs (prices, conditions, service level agreements etc.)
! All information the service provider needs (costs, priorities, risks, business case, terms and
condition for support, escalation mechanisms etc.)
! Guidelines, objectives and responsibilities
Then, the service catalogue can be derived by selecting the current services from the service
portfolio and published for the customer. For additional information on this topic, refer to Chapter
3.1.3.
4.3.6 Systems and outsourced services
This area means relatively minor changes, as it describes the regular activities of IT. Accordingly,
this module is usually present in this form even before the ITSM introduction. However, the
instructions from Chapter 3.2.1 should be observed.
4.3.7 Documenting the infrastructure
The configuration management database (CMDB) is the vital information source of IT Service
Management. It also requires an initial filling with data via the configuration items. As described
above, this can be carried out iteratively or eruptively (eruptive is preferred). The company can use
inventory tools that scan the network and associated configuration items and obtain a thorough
database automatically.
4.3.8 Continuous improvement
At an early stage, the objective is to define operational objectives and metrics on three levels:
expectations of the business areas for IT, output of the IT processes and performance capacity
within the process flow. The defined metrics should have a good balance between the effort they
require and the amount of information they provide, be comparable internally and externally and
easy to measure. The objective is long-term anchoring of continuous improvement on all levels. In
addition, an IT governance report (or dashboard) with the most important metrics can provide an
overview of the service quality provided, the status of the control measures and thus the respective
current compliance situation. The service, process and activity goals help to identify areas where
there is potential for improvement. Accordingly, the continuous improvement process is one of the
basic modules of the implementation. In the first step, the improvement process does not
necessarily require a complex deployment of tools or employees; rather, the way of thinking has to
be internalised and all modules, processes, functions and tools checked regularly for areas where
they may be room for improvement. For more information, refer to Chapter 0.
4.4 Step IV – Implementing the advanced modules
Experience has shown that only very few companies implement all functions and processes
suggested in the relevant frameworks. Accordingly, after the implementation of the basis in Step IV,
the advanced modules (in Figure 17 green, with a dashed outline) can be implemented. According
to the building block principle, IT departments can equip themselves with modules to fit their own
needs. Therefore, before selecting one or more blocks, the requirements should be analysed. Once
the needs have been identified, the corresponding module can be introduced.
4.5 Step V – Optimising the implementation
The modularisation practised as part of the implementation provides many advantages. However, it
also requires regular verification and optimisation: Does the selection and composition of the
modules still meet the requirements of IT? The continuous improvement process (CSI), introduced
in Chapter 3.3.4, is responsible for improving the services and processes. However, it is also useful
to optimise the actual ITSM. Potential for improvement exists, for example, with regard to the
selection of the modules or the tools used.
To implement continuous improvement in a successful and lasting manner, it is important to
understand the various activities that can be applied for this process. The following activities
support the continuous improvement plan:
! Reviewing management information and trends to ensure that the output of the ITSM
processes reaches the goals that have been set.
! Periodically carrying out internal audits to verify that employees are complying with
processes.
! Carrying out periodic customer satisfaction analyses.
! Carrying out internal and external service reviews to identify areas where there is room for
improvement.