Beruflich Dokumente
Kultur Dokumente
The publications in the ITSM Library cover best practice in IT management and are published on behalf
of itSMF International.
The IT Service Management Forum (itSMF) is the association for IT service organizations, and for
customers of IT services. itSMFs goal is to promote innovation and support of IT management; suppliers
and customers are equally represented within the itSMF. The Forums main focus is exchange of peer
knowledge and experience. Our authors are global experts.
The following publications are, or soon will be, available.
Introduction, Foundations and Practitioners
books
Foundations of IT Service Management based
on ITIL
A
Management Guide (English, German)
Pocket guides
ISO/IEC 20000 A Pocket Guide (English,
German, Japanese, Italian, Spanish, formerly BS
15000 A Pocket Guide)
IT Services Procurement based on ISPL
A Pocket Guide (English)
IT Service CMM A Pocket Guide (English)
IT Service Management A summary based on
ITIL
(V2, Dutch)
IT Service Management A Pocket Guide
(v3, English, Dutch; translations in Japanese,
German, French, Spanish to be published end of
2007 / early 2008)
IT Service Management based on ITIL A
Pocket Guide (V3, English, Dutch; translations
in Japanese, German, French, Spanish to be
published end of 2007 / early 2008)
IT Service Management from Hell!! (V2,
English)
IT Service Management from Hell. Based on
Not ITIL (V3, English)
Six Sigma for IT Management A Pocket Guide
(English)
Frameworks for IT Management A Pocket
Guide (English, Dutch)
For any further enquiries about ITSM Library, please visit www.itsmfbooks.com,
http://en.itsmportal.net/en/books/itsm_library or www.vanharen.net.
A publication of itSMF International
IT Service
Management
An Introduction
IV
Colophon
Title: IT Service Management An Introduction
Authors: Jan van Bon (chief editor ITSM Library for itSMF International)
Arjen de Jong (co-author, Inform-IT)
Axel Kolthof (co-author, Inform-IT)
Mike Pieper (co-author, Inform-IT)
Eric Rozemeijer (co-author, Quint Wellington Redwood)
Ruby Tjassing (co-author, Inform-IT)
Annelies van der Veen (co-author, Inform-IT)
Tieneke Verheijen (co-author, Inform-IT)
Copy editor Jayne Wilkinson
Publisher: Van Haren Publishing, Zaltbommel, www.vanharen.net
Design & layout CO2 Premedia bv, Amersfoort - NL
ISBN: 978 90 8753 051 8
Edition: First edition, rst impression, September 2007
Crown copyright. Published under license from the Controller of Her Majestys Stationery Ofce.
ITIL Glossaries/Acronyms Crown Copyright Ofce of Government Commerce. Reproduced with the
permission of the Controller of HMSO and the Ofce of Government Commerce.
ITIL
is a Registered Trade Mark, and a Registered Community Trade Mark of the Ofce of Government
Commerce, and is Registered in the U.S. Patent and Trademark Ofce.
itSMF-International 2007
All rights reserved. No part of this publication may be reproduced in any form by print, photo print,
microlm or any other means without written permission by the publisher.
Although this publication has been composed with much care, neither author, nor editor, nor publisher can
accept any liability for damage caused by possible errors and/or incompleteness in this publication.
TRADEMARK NOTICES
ITIL
and PRINCE2 are Registered Trade Marks and Registered Community Trade Marks of the Ofce
of Government Commerce, and are Registered in the U.S. Patent and Trademark Ofce.
COBIT
is a registered trademark of the Information Systems Audit and Control Association (ISACA)/IT
Governance Institute (ITGI).
The PMBoK
series (version 2): Service Support, Service Delivery and Security Management and placed them
in a broader context of quality management.
ITIL, although widely used, was actually never in the public domain
1
, but there were few
restrictions on its use in practice. This has been acknowledged as one of the main reasons for
ITILs wide acceptance. With the transfer of the management, publication, and qualications of
ITIL to the APM Group (for qualications) and TSO (for publications), a signicant shift in the
market has occurred. ITIL is now operationally run by commercial organizations that control the
use of ITIL by providers in the market, through regulations in the areas of copyright, branding
and accreditations. This does not inuence the use of ITIL within organizations to a great extent,
but it does have a specic effect in the provider market.
As a result of this operational shift, various reactions in the market can be observed. On the one
hand, there is more interest in the independent ISO/IEC 20000, the ofcial standard for IT
service organizations. Meanwhile, providers are responding by addressing the general eld of IT
Service Management more, including the Service Lifecycle approach of ITIL version 3, and also
by choosing their own approach or model.
1 Based on the denition in Cambridge Advanced Learners Dictionary: If something such as a book, song,
computer program, etc. is in the public domain, no one has the right to control its use and anyone may use it
without charge.
4 IT Service Management - An Introduction
The book before you is a reection of this shift: it contains information about ISO/IEC 20000,
as well as about ITIL and other relevant standards and frameworks that are relevant for the
broad eld of IT Service Management. In addition, it contains detailed information about the
individual IT Service Management processes which can be used in the individual approach of
the reader.
The continuous development of the eld is, to a large degree, supported by a uniform language.
The communication between companies all over the world is served expressly by unambiguous
terminology and accompanying denitions. This terminology is based on the terms that are
mentioned in ISO/IEC 20000, in the ITIL Glossary, and in the main terms of the other
standards and frameworks. The various itSMF chapters use a common list of English terms that
are translated into their own language. In this way, the communication between and within
various language domains is supported.
As a result of continuous development of best practices, various terms have disappeared between
the introduction of ITIL version 2 and 3, and a large number of new terms have been added to
version 3. As many of these concepts are part of the scope of an IT Service Management training
or exam, they have been included in the relevant descriptions. For a denitive list of concepts,
readers should refer to the various training and exam programs.
1.5 Structure of the book
This book starts with an introduction into the backgrounds and general principles of IT Service
Management (Chapter 1). It describes the parties who play a role in the development of best
practices and standards for IT Service Management, and which basic premises and standards are
used.
In Chapter 2 a number of important paradigms for IT service organizations are examined. This
includes how organizations deal with services, what the services are, how organizations operate
and what the role of communication is.
In Chapter 3 there are details of a series of elementary concepts from IT Service Management
(service, project, program, quality, governance, maturity, standards, etc.). These elements are
used in the next chapter. The chapter offers information about management systems, maturity,
denitions and terminology.
In Chapter 4, ITIL version 3 is explored. The basic premises for the IT Service Lifecycle are
discussed, followed by an overview of the ve different phases of that lifecycle: Service Strategy,
Service Design, Service Transition, Service Operation and Continual Service Improvement. The
main points of each phase are presented in a consistent way to aid readability and clarity, so that
the text is clear and its readability is promoted. Each section follows a consistent structure:
Introduction
Basic concepts
Processes and other activities
Organization
Methods, techniques and tools
Implementation
Introduction 5
Chapter 5 examines the processes for IT Service Management. First, the necessity for using
process models is examined, after which the differences between core processes, supported
processes and functions are reviewed. After that, the various systems for process clustering are
discussed. The chapter then offers detailed information on an extensive series of processes and
functions.
Chapter 6 gives a detailed review of ISO/IEC 20000, the standard for IT Service Management.
Chapter 7, nally, offers information on a large number of additional standards and frameworks
for IT (service) management. These standards and frameworks provide a foundation for managing
aspects and elements from the IT world, but also for managing general matters that apply to all
elds, such as quality systems.
The Appendices provide useful sources for the reader. A Reference list of used sources is provided,
as well as the ofcial ITIL Glossary. The book ends with an extensive Index of relevant terms,
that will support the reader in nding relevant text elements.
1.6 How to use this book
Those who are primarily interested in ITIL can read about the background of IT Service
Management in Chapters 1, 2 and 3, followed by the ITIL lifecycle in Chapter 4, and then select
processes and functions from Chapter 5.
Those who are not ready for a lifecycle approach, or who prefer a process approach, can read
the background of IT Service Management in Chapters 1, 2 and 3, and add their own selection
of processes and functions from Chapter 5 as well as, if so desired, information from another
framework.
Those who wish to concentrate on the ISO/IEC 20000 approach can read the background of IT
Service Management in Chapters 1, 2 and 3, then read Chapter 6 on ISO/IEC 20000, and use
as much as they want from relevant processes in Chapter 5.
In this way, this new edition of the Introduction book aims to provide support to a variety of
approaches to IT Service Management.
6 IT Service Management - An Introduction
When setting up service organizations, a series of paradigms can be used which are widely
accepted in the market. Some of the main paradigms are reviewed successively over the following
pages.
2.1 People - Process - Technology - Partners - Information
A widely accepted paradigm for dening the core focus areas in organizational improvement is
the paradigm of Process, People, Technology, which is also called People/Process/Product (Note:
ITIL uses both). In addition to these three, a fourth focus area is often recognized: the P from
Partners, based on the fact that only a few organizations can completely manage their information
support by themselves.
In the end, all these domains are only there to facilitate the fth component: the I from
Information (Figure 2.1). The core message of the resulting combined paradigm is that we always
need to address all of these elements within the organization, to make sure that we reach an
optimal information result.
Chapter 2
Services and Organizations
People
Technology Process
Partners
Information
Figure 2.1 Focus areas for organizational change, P-P-T-P-I: People, Process, Technology, Partners
and Information
8 IT Service Management - An Introduction
There is a logical order in creating these four areas (PPTP) in a new organization on behalf of the
targeted I of the information support function. However, real greeneld situations are extremely
rare in practice. In organizational change, we usually have to deal with existing organizations,
with established patterns for these four focus areas. In theory (greeneld situation), the most
logical order might be:
rst the PPT set in the order of Process (set your identity and goals), People (organize and
establish the organization), Technology (choose the required equipment to realize this), and then
choose Partners or do it all yourself (determine your make or buy strategy) to get to the resulting
I for Information.
The rst P stands for Process. This refers to what the organization does, in terms of the structured
sets of activities. This relates directly to the identity of the organization and its products or services:
what is the core business of the organization, what is its market, what does the organization have
to do to be in business. Describe the processes of the organization and you will know its kind of
business: is this a machine factory, an insurance company, an energy plant, a retail organization,
a government department? Within specic markets we will nd similar processes within similar
organizations. The best organizations often have the best designed processes and are in control
of their performance by means of managing those processes in the most effective way. This
applies to IT service organizations as well as to any other type of organization. And although the
processes may vary a bit from IT service organization to IT service organization, it is broadly
accepted that we can nd best practices for these processes, which are generic for the entire IT
services market.
The second P stands for People. This refers to the organizational specications: who does what?
How are responsibilities and authorizations distributed over the staff and the teams? What skills
and competences do we need to deliver the processes? What are the local cultural and behavioral
standards and policies to be used?
Processes depend upon People, eg based on the granularity of the organization. We nd much
more variation in the second P (People) than in the rst P (Process). The People dimension is
highly inuenced by culture, by local preferences of a manager, by law, by nancial strength of the
organization and by various other factors. We can nd centralized organizations, decentralized/
distributed organizations, and any kind of mix of those. The specic position of the organization
can change in time: moving people and reorganizing your company seems to be a national
sport from time to time in many countries. But the processes will not normally vary with these
reorganizations: an insurance company will still be an insurance company, a transport company
will still be a transport company, a bank will be a bank. This underlines the crucial role of the
rst P: if you are in control of your processes, you can reorganize easily without losing grip on
your performance.
The T stands for Technology (sometimes called Product). If we know what we have to do
(process) and we know who we have in place to do that (people), we will need the infrastructure
and the tools, the methods and techniques, to reach an optimal result. A carpenter is as good as
his tools: without good equipment we cannot deliver high performance. On the other hand: a
fool with a tool is still a fool.
Services and Organizations 9
The third P stands for Partners. This is related to the widely accepted sourcing strategy adopted
in modern organizations. The sourcing strategy is based on the concept of make or buy, where
the strategic approach is to choose what is the right mix between buying products and services
from external providers and creating them internally. In practice, it is almost impossible to work
without external providers, which makes the Partner domain increasingly important.
The I stands for Information, the actual target for this paradigm. If we know the information
ows within and between the other focus areas, the organization is largely characterized.
Information is based on data that are handled in the processes by people, using the technology to
process the data. Users utilise the data and add value by combining and processing them, creating
meaningful information to be used in business processes.
Most often, organizational change projects are focused at one or two areas, and we often see that
organizational change starts in the Technology domain (buying a tool). Neglecting one or more
of these focus areas is a risk for the outcome of the project: the management system will suffer
from inefciencies, incompleteness and it may not realize the projected results at all. It is urgently
advised that all focus areas be addressed, preferably in the explained order of analysis.
A number of additional paradigms, which are useful when addressing these focus areas, are
described in the following paragraphs.
2.1.1 Customer-Provider paradigm for Information Support
The Customer-Provider paradigm refers to the fundamental split between the domains of customer
and provider (Figure 2.2). IT service organizations are basically considered to be providers of
information services, and therefore always have one or more customers. The provision of these
services is the one and only goal of the provider, and alignment to the customer domain should
be maximized.
To support a clear and manageable relationship between customer and provider, both parties
should agree on the SMART
1
specication of the services that should be provided. The provider
then delivers the agreed services.
According to the agreement, users can request for support and for specic volumes of the agreed
services. And, of course, there should be some kind of compensation (payment, funding) for the
provider, to cover the cost of delivering the services: even if the provider is an internal cost centre,
the organization will have to create funding for the incurring cost.
The agreed services are based on customer requirements and are limited by the providers capacity,
capability and availability to provide the required services. The actual services delivered are most
often a compromise in terms of the required quality and the available nances.
The principle of the Customer-Provider paradigm is iterative: the provider on his turn is the
customer for his sub-provider, who is the customer for the sub-sub-provider, and so forth.
1 SMART stands for Specic, Measurable, Achievable (or Appropriate), Realistic (or Relevant), Timely (or Time-
bound).
10 IT Service Management - An Introduction
The principle is also an N-to-N relationship: a customer can have more than one provider, and
a provider can have more than one customer.
2.1.2 SoD - Separation of Duties
Another widely accepted management paradigm is SoD: Separation of Duties. In this context, it
simply says that - to be in control - an organization should distinguish between setting goals and
realizing them. Both elements should be managed by separate responsibility domains, to prevent
situations of conicting interests. Judging the results of a project or work should always be done
by a party that is not also responsible for delivering that result. SoD is one of the basic principles
of any audit.
For Information Support this comes down to having one responsibility domain responsible
for determining which IT service should be delivered, and another domain for delivering that
required service (Figure 2.3).
In Information Support, the resulting domains are recognized as the Information Management
domain (IM) and the Information Technology domain (IT).
The Information Management domain sets the information requirements on behalf of the
Business and makes sure they are realized. The Information Technology domain realizes the IT
services and facilitates the use of the required IT services.
An organization can plot a Demand Organization and a Supply Organization according to these
two domains, but the borders need not necessarily align: it is not uncommon for the Supply
Organization to cover part of the Information Management responsibility domain (middle
column).
CUSTOMER
users
PROVIDER
PROVIDER
PROVIDER
AGREEMENT
Requests
IT Services
Payment
Figure 2.2 The Customer-Provider paradigm for Information Support
Services and Organizations 11
2.1.3 The Management Paradigm
Another widely accepted paradigm is the Management Paradigm (Figure 2.4): all activities of an
organization are managed from a specic perspective, in terms of:
1. long-term goals (strategic level: setting directions)
2. mid-term objectives (tactical level: design and control)
3. short-term achievements (operational level: realization)
Organizations should make sure that they manage their activities from each of these perspectives.
Organizations that forget to manage from either one of these management perspectives will,
most likely, not realize their goals or only at unnecessary high cost.
Business
activities
use
Information
management
design and
control
Information
technology
facilitate
Information Technology Business
Figure 2.3 Separation of Duties
S
T
R
A
T
E
G
I
C
T
A
C
T
I
C
A
L
O
P
E
R
A
T
I
O
N
A
L
Setting the directions
identity, value creation, relations, goals, conditions
Direct and control the organization
for the realization of goals
organize, direct, control
Realize the goals
within chosen directions and arrangements
operate, realize
Figure 2.4 The Management Paradigm
12 IT Service Management - An Introduction
2.1.4 The 3x3 matrix for Information Support
The combination of the Separation of Duties paradigm and the Management Paradigm provides
us with a very interesting management model: the 3x3 matrix for Information Support (Figure
2.5).
The 3x3 matrix is known (with slightly different labels and slightly different explanations)
under several different names
2
. Either way, they prove to be very useful to explain the role of
IT Service Management, the scope of standards and frameworks of best practice in IT (Service)
Management, and many issues on the sourcing of IT services.
The 3x3 matrix is used as a high-level model for many discussions on the organization of
Information Support responsibilities. For example, it highlights the question of where the
responsibility for Information Demand and Information Supply is located in the organization
(Figure 2.6). Basically this comes down to a question of how the Information Management
domain is organized:
A. Stuck-in-the-middle - Information Management is positioned at equal distance from
the Business and the Information Technology domain, in many instances emblematic for
organizations trying to implement Information Management as a liaison function. The result
is fairly often an Information Management function stuck in the middle: missionaries talking
to a brick wall at the Business side, renegades for the Technology side, and peacekeeping troops
STRATEGIC
TACTICAL
OPERATIONAL
BUSINESS INFORMATION TECHNOLOGY
USE DESIGN/CONTROL FACILITATE
D
I
R
E
C
T
D
E
S
I
G
N
/
C
O
N
T
R
O
L
O
P
E
R
A
T
E
Figure 2.5 The 3x3 matrix for Information Support
2 The 3x3 model was published as A generic model for information management in the magazine Management
en Informatie in 1997, as BII in the Dutch Yearbook IT Service Management 1998, as MIP in the World Class IT
Service Management Guide 2000 and in The Guide to IT Service Management 2002, as Generic Framework for
Information Management in the ITSM Library book Frameworks for IT Management.
Publications came from the University of Amsterdam, and from individual authors. Some of the 3x3 models
were derived from the Strategic Alignment Model (Henderson & Venkatraman, 1993), while others were strict
combinations of the Separation of Duties Paradigm and the Management Paradigm. Here, the model is named 3x3
matrix (or 3x3 model) for Information Support. It is a public domain model, to be used freely by anyone.
Services and Organizations 13
in the middle, missing a clear identity in their own mindset. In this scenario, Information
Management will be an independent Demand Organization, loosely coupled with the
Business.
B. As an extension of the IT function - The Information Management responsibilities of the
organization have largely been delegated to the Technology domain, where the IT services
are produced. Although still often found in practice, this approach is not recommended:
management tends to be expressing itself in terms of technology, not in terms of business
values. And the information service provider is now controlling itself, which leaves the
Business vulnerable in its relationships with suppliers. The organization has set Information
Management at a distance, making it highly vulnerable to misalignment between Technology
and the Business.
C. As an extension of the Business function - Here, information is considered to be a business
asset, and the relationship with Technology can be a contractual one: IT is a supportive
function, to be managed as such, and conceivably governed via outsourcing. Moreover,
Information Management is a shared business responsibility, while Information Management
as a separate function is only accommodating and stimulating, but never leading. Information
Management and Business responsibilities are tightly bound and IT can be regarded as a
replaceable commodity, to be provided by any adequate supplier.
Matters of outsourcing are often initially considered for (parts of ) the IT domain. The Business
wants to stay in control, and will initially hold on to the Information Management domain.
Only when outsourcing has become a commodity, is the next step considered: outsourcing the IT
function. This is a form of Business Process Outsourcing (BPO), where the business information
process is outsourced.
2.1.5 Management of processes
Every organization aims to realize its vision, mission, strategy, objectives and policies, which
means that appropriate activities have to be undertaken.
For example, a restaurant will have to purchase fresh ingredients, the chefs will have to work
together to provide consistent results, and there should be no major differences in style among
the waiting staff. A restaurant will only be awarded a three-star rating when it manages to provide
the same high quality over an extended period of time. This is not always the case: there will
A B C
Figure 2.6 The position of the Information Management domain, between Business and Information
Technology in the 3x3 matrix
14 IT Service Management - An Introduction
be changes among the waiting staff, a successful approach may not last, and chefs often leave to
open their own restaurants. Providing a constant high quality also means that the component
activities have to be co-ordinated: the better and more efciently the kitchen operates, the higher
the quality of service that can be provided to the guests.
In the example of the restaurant, appropriate activities include buying vegetables, bookkeeping,
ordering publicity material, receiving guests, cleaning tables, peeling potatoes and making
coffee. With just such an unstructured list, something will be left out and staff will easily become
confused. It is therefore a better idea to structure the activities. Preferably these should be arranged
in such a way as to allow us to see how each group of activities contributes to the objectives of
the business, and how they are related.
Such groups of activities are known as processes. If the process structure of an organization is
clearly described, it will show:
what has to be done
what the expected inputs and results are
how we measure whether the processes deliver the expected results
how the results of one process affect those of another process.
Processes can be dened in many ways. Depending upon the objectives of the creator, more or
less emphasis will be put on specic aspects. For example, a highly detailed process description
will allow for a high level of control. Supercial process denitions will illustrate that the creator
does not care much about the way in which the steps are executed.
Once the processes are dened, the roles, responsibilities and people can be assigned to specic
aspects, bringing the process to the level of a procedure.
Processes
When arranging activities into processes, we do not use the existing allocation of tasks, nor the
existing departmental divisions. This is a conscious choice. By opting for a process structure,
we can often show that certain activities in the organization are unco-ordinated, duplicated,
neglected or unnecessary.
A process is a structured set of activities designed to accomplish a dened objective.
Instead, we look at the objective of the process and the relationships with other processes. A
process is a series of activities carried out to convert input into an output, and ultimately into
an outcome; see the ITOCO model (Input-Throughput-Output-Control-Outcome) in Figure
2.7. The input is concerned with the resources being used in the process. The (reported) output
describes the immediate results of the process, while the outcome indicates the long-term results
of the process (in terms of meaningful effect). Through control activities, we can associate the
input and output of each of the processes with policies and standards to provide information
about the results to be obtained by the process. Control regulates the input and the throughput
in case the throughput or output parameters are not compliant with these standards and policies.
This produces chains of processes which show what input goes into the organization and what
the result is, as well as monitoring points in the chains in order to check the quality of the
products and services provided by the organization.
Services and Organizations 15
The standards for the output of each process have to be dened, such that the complete chain
of processes in the process model meets the corporate objective. If the output of a process meets
the dened requirements, then the process is effective in transforming its input into its output.
To be really effective, the outcome should be taken into consideration rather than focusing on
the output. If the activities in the process are also carried out with the minimum required effort
and cost, then the process is efcient. It is the task of process management to use planning and
control to ensure that processes are executed in an effective and efcient way.
We can study each process separately to optimize its quality. The process owner is responsible
for the process results. The process manager is responsible for the realization and structure of
the process, and reports to the process owner. The process operatives are responsible for dened
activities, and these activities are reported to the process manager.
The logical combination of activities results in clear transfer points where the quality of processes
can be monitored. In the restaurant example, we can separate responsibility for purchasing and
cooking, so that the chefs do not have to purchase anything and can concentrate on their core
skill activities.
The management of the organization can provide control on the basis of the quality of the
process as demonstrated by data from the results of each process. In most cases, the relevant
performance indicators and standards will already be agreed upon. The day-to-day control of
the process can then be left to the process manager. The process owner will assess the results based
on a report of performance indicators and whether they meet the agreed standard. Without clear
indicators, it would be difcult for a process owner to determine whether the process is under
control, and if planned improvements are being implemented.
Processes are often described using procedures and work instructions.
standards and
policies
economical
considerations
efficiency effectiveness
realization
of goals
INPUT THROUGHPUT OUTPUT OUTCOME
CONTROL
Figure 2.7 Process diagram, based on the ITOCO model