By Larry Lange
Winter 2007

Developed in the U.K., the Information Technology Infrastructure Library is an effective framework for IT best practices. A growing number of U.S. companies are taking notice.

Significant efficiency improvement. Cost savings across service support and delivery systems. Greatly improved customer satisfaction. These are the promises of the Information Technology Infrastructure Library, better known as ITIL®.

Sound good? If so, then you’ve got plenty of company. “I can’t say enough about ITIL,” Says Mike Tainter, IT service-management practice manager for Forsythe Solutions Group. His company, a unit of Forsythe Technologies, a Skokie, Ill., provider of technology infrastructure solutions, recently launched an ITIL implementation. “We’re going to great strides in IT innovation because of ITIL in the future. It will enable normalization in IT, especially from a terminology and process perspective. The more people adopt ITIL, the more they’re gong to create a standard language. That means we’ll be able to focus on enhancing and improving our systems — and create better availability, capacity and continuity in the future.”

In fact, an entire tools industry has emerged around the growing ITIL space, aiming to help CIOs implement ITIL with greater ease and efficiency. But several challenges remain for ITIL, not least of which is the political jockeying over the framework’s much anticipated next major revision, version 3.

Driving the rush to ITIL is a much broader desire, on the part of both CIOs and CEOs, to find new, creative ways of delivering high-quality IT services that drive competitive advantage, yet without straining today’s increasingly tight IT budgets. To those ends, a growing number of CIOs are deploying IT Service Management (ITSM) as an overarching discipline for bringing IT into alignment with business strategies. ITSM is a popular methodology that focuses on improving processes through best practices, rather than sheer technology, to better serve customers. ITIL, in turn, is now considered the de facto framework for meeting those ITSM requirements.

At its simplest level, ITIL is nothing more than a set of books developed by the U.K.’s Office of Government Commerce (OGC) in the late 1980s. These books, 10 volumes in all, contain an integrated, process-based, best-practice framework for managing IT services. Originally intended for use by the British government, ITIL gained popularity in its first iteration—version 1, published in 1998—as a practical framework for commercial organizations in Europe, particularly the Netherlands. Version 2 of ITIL was released in 2000, and it mainly improved on version 1 by distilling the original’s loose collection of 42 books down to just 10. In the process, version 2 also sharpened the focus of ITIL, jettisoning a raw collection of nearly every area of computer technology to include only IT processes. In fact, version 2 is today considered a comprehensive, nonproprietary guide for IT service management.

In much of the world, ITIL is nothing less than the global standard for IT best practices, experts say. “In a nutshell, ITIL is a catalyst for complete organizational change,” says Brian Johnson, ITIL practice manager at CA. “By deploying ITIL, companies in 35 countries around the world are now much more efficient and can focus directly on the needs of their customers.”

Johnson should know: He was one of the pioneering authors and compilers of the original ITIL library in the ‘80s. Since then he’s seen ITIL evolve into an entire industry that includes three levels of training and certification: consulting services for organizations seeking to handle huge implementation projects; tool vendors who design ITIL oriented workflows and definitions within their software; and trade associations involved in researching and promoting ITIL best practices worldwide.

ITIL can also help companies manage their outsourcing infrastructures. For instance, ITIL can help with such challenges as language, cultural and time-zone differences. “A lot of companies—particularly in Asia — are looking at ITIL as a way to help Them globalize,” Johnson of CA says. “It gives global companies a common vocabulary, which is an overlooked benefit of ITIL.”

In North America, however, IT executives are still familiarizing themselves with ITIL. “Because ITIL is a British government framework, many Americans are asking, ‘Why do we need to bow down to the British government as our primary source for best practices?’“ says Ron Muns, founder and CEO of the Help Desk Institute, a Colorado Springs, Colo., membership association for the IT service and support industry. Reflecting this cross-Atlantic acceptance gap, ITIL is even pronounced differently on each side of the pond. In North America, you’ll hear CIOs discussing “idol,” while the rest of the world calls it “eye-till.”

Minidrivers
One key to the growing success of ITIL is its flexibility. Unlike other process-focused strategies for business improvement, such as Six Sigma and Total Quality Management (TQM), ITIL is not a methodology per se. Rather, ITIL consists of a literal library of advice and guidance on how to deliver and support IT services. That, in turn, means organizations need not adopt all the ITIL best practices. Instead, they can freely choose only those parts of ITIL that are most relevant to their current needs.

In addition, there are three other drivers behind the ascendance of ITIL, according to Ed Holub, IT management research director at research firm Gartner: quality improvement, cost reduction and compliance. “Quality improvement means improving the quality and consistency of the services companies are delivering to their customers,” he explains. “That’s usually measured in terms of the availability of the systems.”

Regarding cost reduction, Holub notes that many CIOs turn to ITIL standardization to hold the line on staffing. An IT department that standardizes on ITIL may be able to meet ever-growing business requirements without adding staff; some may even be able to reduce staff headcount.

Compliance means help in meeting the requirements of Sarbanes-Oxley and other government regulations. “The ability to understand and audit what’s going on in the environment is a key part of ITIL,” Holub says. “Many companies under pressure from their auditors are certainly looking at ITIL to help them with ‘SOX’ compliance.”

So how effective is ITIL for organizations that actually adopt it? Very, if a recent survey conducted by Gartner is to be believed. Gartner’s survey found that a company that moves from zero adoption of ITIL to full adoption can typically reduce its total cost of ownership (TCO) of the ITIL implementation by as much as 48 percent. ITIL implementation costs include the price of the actual library, staff time, tools and more.

Big Hugs, Big Savings
What’s more, companies that have fully embraced ITIL — in the United States, they include Procter & Gamble, Shell Oil and Visa —reported significant operational cost savings as a direct result. P&G, for example, has publicly attributed nearly $125 million in annual IT cost savings to its adoption of ITIL. That savings, by the way, is equivalent to nearly 10 percent of the consumer-products company’s annual IT budget. Similarly, Shell Oil used ITIL best practices while overhauling and consolidating some 80,000 desktop PCs worldwide. With the project completed, Shell has significantly reduced the time it needs to upgrade software, potentially saving the firm 6,000 staff-days and $5 million dollars annually, according to company sources.

Track records like those of P&G and Shell are helping to transform ITIL into a major global force. In the past year alone, a “large percentage” of the Help Desk Institute’s 7,500 members worldwide have committed to ITIL, according to CEO Muns. Similarly, the number of official ITIL certifications issued has doubled over the past two years, according to a survey conducted by the IT Service Management Forum (ITSMF). This nonprofit consortium also expects that more than 500,000 ITIL certifications will be awarded during 2006. Looking even farther ahead, market watcher Forrester Research predicts that widespread adoption of ITIL will continue unabated through 2008. At that date, Forrester adds, ITIL will be poised to become the de facto best-practice, service-management standard for every IT department in the world.

The current ITIL library comprises 10 books in all, also known as “volumes,” which cover IT processes, plus one function (the service desk). Each book contains simple, generic process flows, terminology and information that can be applied across many organizations in many industries. Service Management is the best known and most mature discipline of ITIL, and it takes up two volumes all by itself: ITIL Service Support and ITIL Service Delivery. Service Support, in turn, comprises six processes, including service desk, incident management and problem management. Service Delivery, in turn, comprises five processes, including service level management, financial management and availability management.

Companies often begin implementing ITIL guidelines by working with the incident management process. In fact, a recent Forrester survey of large companies (that is, with sales in excess of $1 billion) found incident management to be their No. 1 ITIL priority. Incident management helps CIOs focus on restoring normal service levels as quickly as possible after anything that interrupts a system — crashes, slowdowns and the like — with minimal disruption to the business.

Incident management can also reduce service interruptions in the future, increase efficiency of in-house IT staff communications and systems in general, and improve user satisfaction. That’s been the experience of Visa USA. In 2002, the San Francisco, Calif., financial-services company began embedding ITIL incident management guidelines into its global transactions-processing operations. In so doing, Visa improved its monitoring of network and systems outages, which helped the company spot incidents in its systems much earlier than before. Speedier spotting, in turn, has enabled Visa to reduce the time needed to actually resolve these incidents by as much as 75 percent, according to company sources. ITIL has also made a major contribution to the creation of effective IT governance for MultiCare Health System in Tacoma, Wash., a not-for-profit organization of doctors and nurses, clinics and hospitals serving southwest Washington state. To comply with both the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes- Oxley, MultiCare executives mapped the respective processes of ITIL and COBIT (Control Objectives for Information and Related Technology), and found that the two frameworks complement each other nicely. Specifically, the COBIT framework informed MultiCare’s organization what to do in the delivery and support areas concerning the governance requirements — and ITIL best practices helped MultiCare define how to deliver those requirements. “Our ITIL initiative helped us enormously,” says Fran Findley, an information services project management analyst at MultiCare. “In light of shrinking health-care reimbursements and the limited resources we have, it’s been essential” (see sidebar below).

Chilling Challenges
Despite the many successes of ITIL, the approach faces several challenges that, experts say, could slow its full-scale adoption in the United States.

For one, implementing ITIL typically brings about sweeping changes. “You’re actually changing the entire culture of an IT department and, to a large degree, the organization itself,” says Tainter of Forsythe. “You’ll be adhering to new processes, and you’ll be forced to comply with what you set out to do in the first place. If you can’t get people to buy into those processes and best practices, then ITIL won’t provide you with any value.” Beyond that is a general perception that ITIL may fail to offer sufficient value. Statistics on the return on investment (ROI) of ITIL are still hard to come by. That leaves many CIOs struggling to garner support for ITIL initiatives from their CEOs and other top business executives. Without this business- leader support, ITIL projects can flounder. “Companies are most successful with ITIL when there’s top-down support,” Gartner’s Holub says. “They should see the value of it, even if there’s difficulty being able to offer a formal cost-benefit analysis.”

Tainter of Forsythe knows about the importance of top-level support for ITIL first hand. When he brought plans for ITIL adoption to his senior executives, he encountered stiff resistance. “With ITIL, there is no direct ROI,” he says. “Because you’re talking about how we do things, it’s a savings in soft costs. You’re reducing the amount of unplanned work. And that’s not easily proved.” But Tainter kept after his business colleagues, showing them the rare article with successful ITIL implementation quotes. In the end, he won out: Forsythe began a full implementation of ITIL in January 2006.

For another, some CIOs find the ITIL library so extensive that it’s nearly impossible to fully comprehend. They cite the fact that just two ITIL books, ITIL Service Support and ITIL Service Delivery, total 700 pages combined. CA’s Johnson strongly disagrees. “ITIL is overcomplicated by a lot of people,” he says. “It’s actually pretty simple.” In fact, to help keep ITIL simple, Johnson often likens the IT framework to a subway map. “You can stand back and ask ‘Where am I now?’ and ‘Where am I intending to go?’“ he says. “Of course, there’s more than one route to get where you’re going. So you just choose the best route that’s most convenient for you. When ITIL is distilled, it’s really that simple.”

Yet another challenge facing ITIL is the common perception that implementation is too time-consuming, too difficult and too costly. To be sure, implementing ITIL isn’t an overnight project. Tainter of Forsythe says a typical ITIL implementation needs an average of six to nine months before it even begins to reveal some ROI.

To counter these objections, and enlist some necessary patience, companies need to bring an “ITIL evangelist” on board, Johnson of CA says. Typically, this position would be filled by an IT manager or IT project analyst who “gets” ITIL and is excited by the prospect of seeing it implemented. Then they can move into implementation with a series of small, manageable steps. “You really need a pragmatist in charge, someone’s who’s read up on ITIL and understands its basic purpose,” he says. “That will enable the formation of ITIL process ‘owners,’ who can then form implementation teams.” Once that occurs, Johnson adds, everyone in the IT organization will need at least some ITIL education and training.

What’s more, any company with at least 150 people in the IT department should have at least one full-time ITIL project manager, advises Muns of the Help Desk Institute. For companies with fewer then 150 IT staffers, a part-time ITIL team can work, he adds. “It depends on how bad your processes are in the first place,” Muns says. A company may need a full-time person or staff to deal with ITIL, or it may simply need to hire a consultant or a tools company to assess the situation and help implement ITIL.

In addition, CIOs considering ITIL also need to consider the likelihood that the current release of ITIL will be updated by a version 3 release sometime soon. While this major refreshing of ITIL is not yet available, industry sources say it will offer several advantages over the current version that directly respond to the challenges CIOs are now facing. These improvements are expected to include an easier implementation methodology, a better understanding of ROI, more leverage of the Web and the consolidation of vertical-sector supporting materials.

Other planned improvements include reducing the current library of 10 books to just five, according to CA’s Johnson. What’s more, they’ll all have new titles, including Service Strategies, Service Design and Continual Service Improvement. The Service Strategy book, for instance, will be written to help companies continuously develop and improve their IT environments. There will also be a business awareness title that will help IT managers explain ITIL to their business colleagues.

At the same time, some aspects of version 3 have already sparked controversy. One issue: This time out, the OCG has outsourced the job of revising ITIL to a company. In fact, OGC accepted bids from the commercial marketplace to not only handle official custodianship of ITIL (including certification), but also to devise and write new process books and offer improvements to the older volumes. To the consternation of some industry experts, the OGC selected APM Group, a U.K. company that offers accreditation and certification services. The arrangement, which goes into effect in January, essentially ousts ITSMF, which has been the unofficial custodian of ITIL for years. The award also surprised a number of U.S. and European organizations that had been handling various aspects of ITIL, including the European Examination Institute for Information Science (EXIN), the Information Systems Examination Board (ISEB) and the Help Desk Institute.

Some sour grapes are perhaps inevitable. “I’ve said many times that the OGC should give custodianship of ITIL to the ITSMF—but they didn’t do it,” Muns of the Help Desk Institute says. “Now the No. 1 community that’s been supporting ITIL—the ITSMF—is relegated to being a ‘stepchild,’ and to only be able to contribute what APM Gasks them to.”

The OGC expects ITIL to need refreshes every three to five years, as a way to ensure that the framework continues to reflect the changing needs of users. To do so, the group has decided to hold open competitions for the right to contribute to improving the entire library. Authors are to be selected based on their knowledge of the subject, track record and professional standing in their field. For ITIL version 3, this competition began 18 months ago, and this time out, the call to authors went out to commercial firms worldwide, not just U.K.-based government groups as in the past. While the negotiations have not been completely formalized as of press time, both CA and Hewlett-Packard have been given OGC’s green light to write two of the five new books.

But some industry members worry that commercial leadership over what was previously openly devised content could close off future licensing options. “It’s unclear who is going to be responsible for writing and improving the ITIL content going forward,” Holub of Gartner says. “Companies are asking, ‘Should I train now on version 2, or should I wait until version 3 is released?’ It’s bad timing, because there’s a huge snowball effect in the United States of people getting interested in ITIL.”

In response to that question, CA’s Johnson is telling people to stick with version 2. “They don’t have to upgrade to version 3, because the current version forms the basis of ISO 20000 — and that’s a standard that will stay in place for three to five years,” he explains. “Even if somebody decides that version 3 might be worth waiting for, I don’t see version 3 being ready until 2008.”

Between now and then, expect U.S. CIOs to join their counterparts in Europe and Asia in making ITIL an all-encompassing best practice. “ITIL is a real answer for us,” says Robyn Brooks, IT manager at MultiCare. “We have ITIL fever!”