By Paula Klein

Now that the new version of the Information Technology Infrastructure Library framework, better known as ITIL® V3, has been released, CIOs Can move ahead with their Service Management initiatives. Many ITIL advocates see the latest guidelines—five initial core volumes that represent the phases of the service lifecycle, plus a sixth that introduces the service lifecycle concept—as expanding and improving on both ITIL V1 and V2. That’s because, on a strategic level, V3 maps out a future in which IT is far more firmly integrated and aligned with the business than it was in either of its previous versions.

Today, however, the ITIL framework remains a work in progress. Because ITIL V3 was released only in May 2007, the new version’s intricacies have yet to be mastered and widely accepted, and most IT shops are still taking a measured approach to its implementation. In fact, many CIOs are still poring over V3’s details to determine how this version could help improve their day-to-day operations while providing them with strategic guidance to develop new services that will create value. CIOs are also comparing V3 with its seven-year old predecessor, ITIL V2, first to identify their differences and then to evaluate the importance and value that these differences will make to their IT organizations.

Among the main and most dramatic differences between V2 and V3: The older version was centered on processes, while the newer version focuses on the services provided to the business. In fact, ITIL V3 defines Service Management as a “set of specialized organizational capabilities for providing value to customers in the form of services.” These capabilities, functions and processes manage IT services over their lifetime, or what ITIL V3 refers to as the service lifecycle. Equally important, ITIL V3 focuses on continual service improvements across the lifecycle.

The service lifecycle consists of five distinct phases:

1. Service Strategy: Designing, developing and implementing Service Management as a strategic resource and setting overall objectives for IT services.
2. Service Design: Developing appropriate IT services, including architecture, processes and policy development.
3. Service Transition: Developing and improving capabilities for the transition of new, modified services to production.
4. Service Operation: Developing effective and efficient support services.
5. Continual Service Improvement: Creating and maintaining value for the customer by designing service improvements over time.

Each phase targets a slightly different audience. For example, while business and IT leaders might jointly define service strategies (Phase 1), only IT service managers and service providers are likely to need to worry about design (Phase 2).

ITIL V3 promotes service portfolio management as a way to prioritize new or existing services with business goals — and to manage all service projects throughout their lifecycle, from conception to retirement. Unlike ITIL’s previous versions, V3 provides guidance on the management of outsourcing services and the proliferation of e-business applications.

That pleases IT services and consulting providers like Satyam Computer Services Ltd., where Srinivasu Chintapalli, VP of Networking and Systems, says his company studied V3 during 2007 and expects to begin more widespread client migrations in the first quarter of this year. The new version is well suited to outsourcing businesses already familiar with the service lifecycle, Chintapalli says. Satyam works with businesses to help them discover “pain points” and use V3 to address them.

The ITIL V3 framework also describes ways IT can deliver services to the business on time and within budget. While these goals may sound basic, they still elude many CIOs in high-pressure, resource constrained environments.

Together, these benefits have resulted in sales of more than 200,000 copies of the ITIL library worldwide, with more than 15,000 companies around the globe adopting ITIL best practices, according to David Pultorak, CEO of IT consulting and training firm Pultorak & Associates.

Most of the companies investigating ITIL V3 at this point are already familiar with the previous versions. One such company is EFW Inc., a defense electronics supplier in Fort Worth, Texas. “We follow ITIL best practices to cut costs and create repeatable processes,” says Harry Butler, Support Center Manager at both EF Wand its parent company, Elbit Systems of America . “It’s the easiest, most effective way to do things.”

But even as he moves to ITIL V3, Butler isn’t scrapping his V2 methods entirely. While V3 provides better guidance to improve processes such as roles and industry-accepted Key Performance Indicators (KPIs), many processes themselves are unchanged. For example, he says, “Change management and incident management don’t change.”

Follow the Blueprint
To be sure, Butler expects to update some of EFW’s processes to follow the V3 blueprint. And he plans to offer training on the new books. But he isn’t anticipating a major upheaval just because the updated guidelines are now available.

Butler ’s approach is typical of businesses using ITIL. Ed Holub, Research VP of IT Operations Management at industry watcher Gartner, says that while he has received inquiries about the V3 guidelines, generally the market is “underwhelmed.” V3, Holub explains, “comes up [in discussions], but there aren’t a lot of early adopters. Most are in the middle of V2 training and projects, and they want to finish that before they bridge to V3.”Actually, that’s a good plan, Holub says: “Don’t stop what you’re doing even as you begin to look at the next phase.”

Although ITIL V3 is just ramping up, ITIL’s broader concepts have gained traction among IT departments that, like Elbit’s, must meet a growing number of complex business objectives in a timely manner. Because ITIL provides established IT best practices to follow, CIOs don’t have to reinvent the wheel. More specifically, V3 can help CIOs improve services, drive down unit costs, gain agility and meet new business requirements, says Holub of Gartner. In fact, based on two surveys of large data-center clients—one conducted in late 2006, the other in mid-2007 — Gartner saw some uptick in ITIL implementations and a growing awareness of its benefits. In particular, the largest category of respondents, about 40 percent, is in the initial two years of implementing ITIL, the survey finds. Those with no plans to adopt ITIL dropped by nearly half from the previous survey, to about 10 percent. ITIL offers “good content, but it’s not a cookbook,” Holub explains. “It requires people to change, and that takes time.”

For IT executives who want to run their shop by the book, ITIL offers a holistic, documented set of best practices for managing infrastructure processes and functions in a service-oriented manner. CIOs can think of these best practices as a way to map IT to the business. While earlier ITIL guidelines described the territory, ITIL V3 moves toward telling CIOs how to navigate through it.

Small Fixes, Big Bother
First developed in 1989, ITIL V1 remained in place until the U.K.’s Office of Government Commerce (OGC) announced V2 in 2000. One key goal of all versions has been to reduce the need for IT staffers to repeatedly fix system errors. Although that’s a seemingly small bother, repeated fixes can lead to big inefficiencies in production environments, where software has to be tested—and retested—countless times.

What’s more, since ITIL is not a standard, CIOs can pick and choose the ITIL processes and functions that best address their own business priorities — and then implement them in phases. To do this, however, CIOs must wade through guidelines that are cumbersome at best and esoteric at worst. “It’s still hard to read through the books,” says Nancy Hinich, CA’s ITIL Solutions Manager. “There’s a lot to absorb.”

Although ITIL V2 included 10 books, only two — service support and service delivery—were widely used, says consultant Pultorak. By contrast, he expects V3’s six books will resonate with a greater number of businesses because they cover the entire lifecycle of a service.

ITIL V3’s emphasis on the service lifecycle is supported by research that shows how IT services are now managed, says Morgan Chmara, an industry analyst with Info-Tech Research Group. She expects V3 to provide CIOs with methodologies that are in sync with their current thinking and operations. Moreover, the new version incorporates many improvements and expansions recommended by users over the years, such as communications and defining roles. Web 2.0-style online resources — including blogs, forums and communities—are now available to ITIL users on an open source basis.

Brian Johnson, ITIL Practice Manager at CA and a co-author of the framework’s earlier versions, says that while service concepts were described and advocated in the past, they weren’t implemented. Businesses may now be more willing to accept the changes, he adds.

CIOs who are increasingly aware of the new service architectures laid out in V3 will welcome the new ITIL framework because they understand such architectures better than in the past, advocates say. For example, it’s more widely understood that when insurance customers submit an online request for an estimate, they’re actually requesting a business service that is underpinned by IT services and processes. For such clued in CIOs, V3 provides “guidance about how to mold IT for their business environments,” says Bob Sterbens, Director of ITIL Product Marketing at CA.

Demonstrating IT’s value to the business also helps internal customers understand and support IT’s contributions, Sterbens adds. Here, ITIL V3 fills several process gaps from the previous versions, including security, event management and the handoff at each phase of the service lifecycle. Also, V3 can aid CIOs by improving the quality of IT-powered business services. Once IT is known as a high-quality service provider, the CIO can then drive business innovation and control costs, instead of focusing primarily on maintenance and upgrades.

For CIOs to truly reap the rewards of ITIL, they must consider new process models, experts say. While software developers are familiar with the Capability Maturity Model® Integration (CMMI) lifecycle approach, it’s an unfamiliar concept for some CIOs and many in IT operations who have never developed software using a lifecycle process. Robert Stroud, author of a blog about ITIL and CA’s IT Service Management and IT Governance Evangelist, says this gap between application developers and IT operations needs to be closed. V3 attempts this by acknowledging an awareness of both environments and modeling communication between the two. Also, because V3 is less IT-centric than its predecessors, the new framework can help CIOs to more seamlessly address the needs of the business, Stroud adds.

The ideal V3 business is already on the path to this transformation and will use ITIL in conjunction with other models and industry standards, experts say. The guidelines are spreading as businesses encourage uniform IT management processes with their partners and stakeholders.

To reach this level of integration, business groups and IT all need to be in sync about their approach to services, says CA’s Hinich. “Previously, business requests went directly to application developers, who would then toss them back over the fence to the operation guys to support,” she explains. Developers often failed to understand that all applications work together and affect the entire business. “If you get that idea, you get ITIL,” Hinich says.

Culture Change
IT and application-development cultures both need to change, according to a recent blog entry on IT-Director.com by David Norfolk , a Senior Analyst at Bloor Research. “Developers may have thought of ITIL as a purely operations thing (if they thought of it at all), but that was ITIL V2,” Norfolk writes. “ITIL V3 is the spec for holistic services delivery, and developers should start taking notice of it.”

The business Service Management aspects of V3 could also be a sore point for businesses, like those Hinich describes, where line-of-business managers still hold onto process ownership and resist IT, or where IT doesn’t understand business needs. “ITIL has failed where corporate culture is static, and senior executives are hesitant to consider new models that require adaptive cultural change,” Sterbens of CA says.

Compromise is clearly needed. V3 will take hold only when businesses think about services in a more global way, says Malcolm Fry, an IT expert who has studied ITIL and business services for decades. “V3 is not vaporware; it makes sense,” he says, “but the problem is how to develop a Service Management department.”

Too often, IT performs many Service Management tasks on behalf of customers that can be performed by the customers themselves; for example, by managing service requests and managing the priority of their incidents. Turning it back to them would empower customers and reduce IT workloads, Fry says. “Business managers can contribute to managing their own service levels if IT gives them control over their services. Why do they have to wait for IT?”

Once this mission is accomplished, IT can establish business service agreements for customers — similar to Service Level Agreements (SLAs) with providers — that guarantee the appropriate level of service delivery. “It’s a different approach that requires a change in mind-set, especially from CIOs,” Fry says. In the past, CIOs misunderstood the needs of the business and customers, Fry adds, and they weren’t providing the right business tools. ITIL V3 will help CIOs see the benefits that highly reliable services can yield for the business, he says.

Fry expects adoption of ITIL V3 will vary among vertical industries and individual business cultures. For example, manufacturers are already familiar with business processes and standards, while retail is far more price-sensitive and volatile, Fry says. But CIOs in all businesses should think in terms of continuous improvement and then adopt practices that make sense for their business model. “Wal-Mart and Nordstrom will have different needs, even though they’re both retailers,” Fry says.

Despite all the discussion, for some CIOs, the new thinking in ITIL V3 isn’t all that new. EFW’s Butler, for example, says that when it comes to business service provisioning, IT has always been the tail, not the dog. EFW’s IT department has always had one clear, unequivocal mission: to support and enable the business.

“IT is not a separate entity,” Butler says. “To build our case for more infrastructure, we need to show how it will benefit the business, not how it will benefit IT,” he says. “That’s how we get executive buy-in. That’s our goal. Unless we’re enabling the business to do its job better, IT is just overhead.”

Paula Klein is a business and technology writer and editor based in New York and the former Executive Editor of Optimize magazine.

ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office