Cloud Computing - A new name to 'Outsourcing'

I had been troubled by a question – Why cloud computing is suddenly getting so much of importance?

Technologies which form the building blocks of cloud computing existed for quiet some time now. Even cloud as a concept has been there for couple of years. Then why suddenly there is so much of hype? Today every IT organization is talking about cloud. Every IT service provider wants to embrace cloud mania and become a cloud service provider.

I feel that there definitely has to be something more than technology. One of my friend said that it is because of cost saving. I do agree that there could be significant cost savings but that would have always been there. If cost of components used for setting up an IT infrastructure or provisioning IT services has come down; it has come down for both the customer as well as service provider. So I do not agree that the sudden shift to cloud computing is because of the cost saving.

The cloud computing is gaining all the attention post the recent economic recession. Then, what could be the reason other than cost savings? If you have notices the economic and political scenario during and post recession, there has been huge hue and cry against off-shoring and outsourcing. Number of countries or states across Europe and America has taken up steps to come up with a legislation to ban the same. The focus on cloud has gained since then.

The answer to all these comes to my mind in form of a question – Is cloud computing another way of outsourcing that could be used to bypass the political or legislative stance of various governments?

Cloud computing is meant for real time provisioning of a cloud service to a customer without having the customer own the specific costs and risks. The customer is not aware of where the infrastructure is based. This fact further strengthens my belief.

Key ITIL Processes For Cloud Computing: Service Provider Perspective (External Facing) - Supplier Management

ITIL and Cloud Computing Series - Part 12

As Cloud Computing is all about real time provisioning, the supplier management becomes a very critical process for a cloud service provider. This is not only in terms of getting a good deal or price from their supplier but also in terms of having an excellent relationship so that they can fall back on their supplier as and when needed.

Key ITIL Processes For Cloud Computing: Service Provider Perspective (External Facing) - Financial Management

ITIL and Cloud Computing Series - Part 11

From the service provider, Customers needs information related to the details of their utilization for which the service provider has billed them and would also prefer to get information that could help them in billing their internal customers. Thus, Service provider need to have a well defined and implemented process for Financial Management, supported by a good tool.

Key ITIL Processes For Cloud Computing: Service Provider Perspective (External Facing) - Service Catalog Management

ITIL and Cloud Computing Series - Part 10

Entire service offering along with the relevant details for the offered services is part of a service catalog. Entire business of a cloud service provider would depend on their service catalog. Thus, it is one of the key processes.

Key ITIL Processes For Cloud Computing: Service Provider Perspective (External Facing) - Service Portfolio Management

ITIL and Cloud Computing Series - Part 9

Management of service portfolio has becomes very important in cloud computing. Number of cloud service providers are there in the market. Every one would always want to be a first to provide a new service. Thus, the entire process right from identifying the market feasibility of a service to deciding on the actual deployment of that service has to be very efficient. This is where service portfolio management becomes very important.

Key ITIL Processes For Cloud Computing: Service Provider Perspective (External Facing) - Service Level Management

ITIL and Cloud Computing Series - Part 8

With Cloud computing, SLM will become even more important. Customers are concerned with the service levels that would be or is being delivered to them. They are not concerned with how the service provider will deliver the same. In cloud environment, a well defined SLA will gain prime importance. Service provider will have to have a very effective OLAs and UCs so as to be able to commit to and meet the customer's service requirements. Hence there has to be a very effective coordination between SLM and supplier management.

Customers would be interested in knowing how the service provider can meet their service requirements. Customers would evaluate the service levels that the service provider has been delivering. So one of the first steps towards decision on selecting a service provider would be the detailed analysis and evaluation of the service levels that they guarantee to provide.

Thus, a service provider will need in place a very matured Service Level Management process along with an experience Service Level Manager. This would be very important to gain customer's confidence.

Key ITIL Processes For Cloud Computing: Customer Perspective - Release & Deployment Management

ITIL and Cloud Computing Series - Part 7

As in cloud environment customer could only be concerned about their hosted services or applications and not the cloud infrastructure, any release and deployment would be done remotely. In case of private cloud the release policy would not be drastically different to the one in traditional ITSM environment.

But in case of Public cloud the Release & Deployment process, policy and plan would be significantly influenced by the service provider. The customer would have to ensure that their interests are taken care of. They also have to ensure that the criteria for emergency releases are agreed upon with the Service provider.

Key ITIL Processes For Cloud Computing: Customer Perspective - Change Management

ITIL and Cloud Computing Series - Part 6

Every IT service has to go through a change at one point of time or other during its life cycle. Change to the hosted services or applications can be controlled by the customer organization following their organizational change policy.

But the concern starts when the customer is using public cloud, and even more so when the cloud infrastructure itself needs a change. These changes, specifically the ones related to cloud infrastructure, are controlled by the service provider and would be based on their change policy. Thus, for a customer it is very important to analyse the impact of such changes on their services, the associated risks and mitigation options.

Key ITIL Processes For Cloud Computing: Customer Perspective - Incident Management

ITIL and Cloud Computing Series - Part 5

When an IT service is hosted in a cloud environment, then the incidents that can trouble an organization could occur because of:

Error in application/service:

These are the incidents that occur because of error in the services or applications hosted by the organization. These incidents have to be resolved by the customers themselves. But a proper monitoring and recording of such events/errors should be done. It has to be integrated with the customers ticketing and incident management tool.

Error in the cloud infrastructure:

The responsibility to resolve such incidents is that of service provider. Customer should ensure that the defined SLA is inline with their organizational requirements. Also, this is again a case where Service Continuity Management is critical.

Key ITIL Processes For Cloud Computing: Customer Perspective - Service Continuity Management

ITIL and Cloud Computing Series - Part 4

In case the customer is having their own private cloud (within their premises) then their existing service continuity policy still holds good. But when they are availing the cloud services from a service provider then this becomes another critical process for them.

Since the services are hosted with the cloud service provider, it is very important to evaluate the service continuity process and policy offered by the service provider. This then should be analyzed to understand its relevance to organizational service continuity and business continuity policy. If need be then the offered service continuity process, policy and plan should be negotiated upon to address the organizations needs and concerns.

Key ITIL Processes For Cloud Computing: Customer Perspective - Security Management

ITIL and Cloud Computing Series - Part 3

One of the key concern for any organization that wants to move their services to cloud is how secure their data and services would be. This is even more true if one wants to move their services to a Public cloud. This makes Security Management as one of the key processes that customers are concerned with.

It needs to be ensured that the IT security is integrated with the business security. Thus, a organization seeking cloud services has to ensure that their overall corporate and IT security governance framework is not compromised upon while moving their IT services to a cloud environment.

Initially moving the services, which has a high  security risk, to cloud should be avoided. These services should only be moved when all the concerned security risks are adequately addressed.

If the private cloud is set up internally then Security Management will not be of any concern as the services are still hosted internally. But the above discussion holds true if private cloud is provided by any vendor (in this case services are not hosted within the organizations own premises) or for a public cloud.

Key ITIL Processes For Cloud Computing

ITIL and Cloud Computing Series - Part 2

With cloud computing, the only difference that is going to be in ITIL world would be that the ITIL processes could no longer be ignored. In my experience, today in many organizations ITIL processes exist in silos. Key processes like configuration management are ignored. In most of the processes, an option to bypass the process exists, i.e. the process adherence and its compliance with best practices are significantly low.

But with cloud computing ITIL processes can no longer be neglected. Service Asset and Configuration Management (SACM) process will become utmost important along with the IT security and demand management processes. To highlight the key processes in cloud computing environment, I would prefer to list 5 key processes from customer's and service providers’ perspective in the order of their importance.

Customer perspective:

1) Security Management

2) Service Continuity Management

3) Incident Management

4) Change Management

5) Release & Deployment Management

This perspective is important for a customer while finalising a vendor. These are the processes which concerns a customer the most.

Service provider perspective – External Facing

1) Service Level Management

2) Service Portfolio Management

3) Service Catalog Management

4) Financial Management

5) Supplier Management

These are the key processes which the service provider needs to focus on while approaching a customer.

Service provider perspective – Internal Facing

1) Service Asset & Configuration Management

2) Demand Management

3) Financial Management

4) Request Fulfillment

5) Capacity Management

These processes are important for a cloud service provider for their internal organization in order to provision customers’ requests.

The subsequent post will highlight the importance of above processes in cloud computing environment.

ITIL V3 or ITIL V4?

Sometime back words put forth by a very senior guy "ITIL V4 will be released next year. It will cover ITIL for cloud offerings" caught me off-guard. Being an ITIL expert, a senior consultant, I should have known the upcoming things or new releases for my domain. My experience said ITIL V4 is not possible as of now. ITIL V3 itself has not reached a maturity level. We are still in the process of phasing out ITIL V2. How can then we be talking about a new ITIL version altogether? Otganisations have started investing to upgrade their system to ITIL V3. How will their investments be justified? Is ITIL V3 a failure?

All these questions were troubling me. They should definitely be as the words on ITIL V4 have come from a guy much senior to me, with a consulting profile much stronger than me. What acted as a salt to my bruises further enhancing my agony was his claim of being part of OGC's ITIL V4 initiative. 

I was even told that ITIL V4 is covering all aspects of Cloud Computing. This triggered another question in my  mind - Why and how should ITIL best practices change for Cloud Computing?

I started my research moment I was free the things that had been keeping me busy. I got my clarity. I was correct. There was no ITIL V4. OGC was coming up with a new release or rather I should say probably a new revamped edition of ITIL V3 core volumes. The website clearly articulated that "there is no ITIL V4" and that "A new release of ITIL V3 (new edition of the publications) would be released next year".

Official News From OGC on ITIL V4

ITIL Mandate For Change - An Update To Core Publications 

If we revisit the ITIL V3 core volumes, one can easily make out that its quality reflected that it was a hush-hush release just like the OS releases from Microsoft. It looked as if the delivery targets were being missed so something was delivered to the customer (ITIL Community in this case). It was lacking on quality parameters in every sense, when we compare it to the two core volumes of ITIL V2. It definitely needed an update. And the OGC's initiative to revamp the core volumes should be appreciated.

ITIL and Cloud Computing

ITIL and Cloud Computing Series - Part 1

I had heard about Cloud Computing which is also often referred to as Cloud. I was aware that it is the 'next big thing'. I was not very sure what it covered and how ITIL would impact it or how it would impact ITIL.

Recently I got an opportunity to work for a cloud initiative. I realised it is a old wine in a new bottle. The technology existed. Lot of things which we perceived as an IT service earlier was now a cloud offering. A simplest of examples could be the hosting services.

Cloud computing is an internet based computing which shares resources, hardware and/or software and provisions the same on demand. The concept originates from virtualization technology, which could be either software or hardware virtualization, meant towards optimising the utilisation of computing power and/or storage. It covers dynamic on demand provisioning of scalable resources over the internet or intranet.

Types of Cloud:

1. Private Cloud – Cloud infrastructure is owned by the organization itself.
2. Public Cloud – Cloud infrastructure is owned by a Third Party.
3. Hybrid Cloud – This uses both Public and Private Clouds, i.e for an organization a portion of its services which are critical or sensitive are hosted on internal infrastructure or Private Cloud and the portion which is non-critical or non-sensitive is hosted on external infrastructure or Public Cloud.

With cloud computing the importance of service delivery processes changes. The focus shifts to “Service”. Earlier, various components of IT infrastructure as a CI were important. For cloud computing Service as a CI has become utmost important. Thus, Service reliability has become important for the customer from cloud perspective.

Now coming back to my other confusion on ITIL and cloud computing. I do not see any impact on fundamentals of ITIL from cloud computing or vice versa. ITIL will now gain even more importance as efficient service management will be the key to success of any cloud initiative. Like any IT infrastructure which is benefited by ITIL implementation, cloud would also be benefited by implementing ITIL framework. We do not need to define a new version of ITIL for cloud. ITIL V3 framework is well laid to manage the challenges arising out of the cloud buzz word.

...To be continued...

ITIL IPR: The Crown Copyright

Many ITIL professionals are not aware about what Crown Copyright is and that it covers ITIL publications. They freely use the contents - both textual as well as diagrammatic from these publications, without realising that they might be infringing the copyright. It is true that for using ITIL you need not pay any royalty to OGC, but it is also true that these publications are copyrighted.

Let us first understand Crown Copyright. It is a form of copyright that is used by the governments of a number of Commonwealth dominion. The name is derived from the Crown, i.e., the entities of the state of Queen of Great Britain. It provides special copyright rules.

Crown Copyright covers ITIL and all related OGC publications. These publications are owned by OGC. For reproduction or usage of these materials (including logos, contents from publications, diagrams, etc.) in any form, one is required to have a license from OGC or their official Accreditor – APM Group.

In case one is using OGC word marks, like ITIL, one has to mention the acknowledgement as specified below, along with the usage of symbology of registered trademark (®), which has to be on the same page as product work mark. This has to be done only for the first usage of the product word mark.

“ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries”.

For further information on crown copyright and licensing please refer to:

1) Understanding Crown Copyright:
http://www.opsi.gov.uk/advice/crown-copyright/index.htm

2) ITIL IP Awareness Leaflet: http://www.itil-officialsite.com/nmsruntime/saveasdialog.asp?lID=940&sID=114

3) http://www.itil-officialsite.com/IntellectualPropertyRights/TrademarkLicensing.asp

4) http://www.ogc.gov.uk/copyright_using_ogc_copyright_material.asp

5) http://www.ogc.gov.uk/copyright_charging_for_ogc_material.asp

How To Get The User Buy-In

In continuation of "Getting User Buy-In for ITIL Implementation"

 

Let us focus on how you can answer the questions of my previous post.

 

Organization is because of employees. Any initiative can be beneficial to the organization only if it benefits the employees as well. Benefit need not always mean financial benefit. ITIL processes are meant to:

• Make your life simpler…simpler in terms of doing your day-to-day activity
• Make your professional life better…better in terms of doing quality work
• Make you performance highlighted…highlighted because there will be metrics defined which will give a qualitative and quantitative indication of your performance levels
• Have a clearly defined roles and responsibilities. This will open up additional avenues for growth.

 

Taking an example of incident management, you can highlight how it will help in clear categorization of task/activities to be performed by the resources based on their expertise. How it can prevent the resources from having to answer calls related to incidents when they are actually midway in their effort to resolve one of the incidents.

 

We can take this example a step further…

By defining and implementing a service desk, we have a dedicated team to answer to the user’s calls, logging incidents, taking care of service requests, updating users with the status, etc. Thus, it would free the experienced resources from having to undertake these tasks in parallel to their task of resolving incidents. This would help in improving their performance level.

 

Also, with incident prioritization and categorization only the team with right skill set and expertise will work on that incident. This will help in faster resolution.

 

 

In this way, ITIL consultants need to come out with examples and answered to the questions that trouble the end users. This small exercise on part of the ITIL consultants will surely make the implementation a success.

 

Kindly note that these recommendations are in addition to other activities that are planned to promote the initiative and its awareness.

Getting User Buy-In for ITIL Implementation

Taking a step further from my last post, I will focus now specifically on getting user buy-in for ITIL implementation. The same logic of getting buy-in for process consulting applies to ITIL as well.

Although, the stakeholders are well aware of the business benefits of ITIL implementation, awareness is lacking in end users about the benefits of the same. Moreover end users are more concerned about the benefits which they will drive from the initiative. Following questions trouble them:

ITIL is for the organization and not for me. Why should I follow the process?

• 
  
  What is there in ITIL for me?
• 
  
  How is ITIL going to benefit me?
• 
  
  How will the ITIL process (es) benefit my team?
• 
  
  Is the organization trying to make me replaceable? Am I going to loose my job?

ITIL Consultants should be prepared to answer these questions. Specifically regarding the last question, the consultant should advise the stakeholders to adopt ‘change management’ and take the end users into confidence before trying to roll out the new initiative.

Every ITIL Consultant focuses on benefits of ITIL for the organization. But one should remember that this will just help in getting the ITIL consulting or implementation contract. But in order to make the ITIL initiative a success, one needs to get the buy-in of the end users as well. Consultants should also take out time to answer the above questions which trouble the end users.

(Con’t…)

Process Consulting: Getting Customer's or End User's Buy-In

I have seen process definition or improvement initiatives fail because of the lack of desired level of support from the customers or end users. Some of the reasons for the same includes:

• Fear of job loss
• Poor perception of the process
• ‘Just another’ initiative

Customer in this scenario are not only the sponsors or the people who are going to pay for your service but includes the sponsors or the stakeholders, internal and/or external customers and the end users of the process.

It is very important to get customer buy-in for any process consulting initiative. Process consultant should ensure that the customer understands and sees the benefits of the initiative. Answering the following questions will help a process consultant to be prepared to handle such situations.

• Why would the customer need the process?
• What does the customer expect from the process?
• What is the customer’s view of the process?
• How will the process benefit the customer?
• How is the process performance from customer’s perspective?
• What are the customer’s measurement criteria for the process?
• What can we do to improve the process?
• What performance levels does the customer expect from the process?
• What is critical to the quality of the process from customer’s perspective?

A kick-off workshop focusing on the benefits covering points from the answers to the above question enables the consultant to break the ice and build on the confidence level of the customers. During future process definition workshops, consultants should stress (but not beyond a point) on the benefits of the process and how it can simplify customer’s way of working. This would help in getting full cooperation from the process owners or customers and would help in making the initiative a success.

Con't...

My Appeal To ITIL Professionals

There are few training providers, who not only allow candidates to have an open book exam but also give answers to the question paper. I am referring to Service Manager Certification. With ITIL V3, focus on V2 exams got reduced as attention shifted to the new version.

I got a word doc from a candidate who had taken the exam. It contained all questions and answers. He send it to me for comment on his performance. If I try to recollect my exam, I remember that I was not able to confidently recall even a single question word by word. Not only that, the properties of the word doc clearly showed the authors name to be that of a training provider. This type of activities is reducing the overall value and recognition of Managers certification.

I lodged a complaint with APMG, EXIN, ISEB and OGC. APMG identified the Examination Institute which was offering that case study and replaced the case as well as has taken steps to tighten the examination system.

As ITIL professionals it is up to us that how we can maintain the recognition and sanctity of our certification. My appeal to entire ITIL community, please do not turn to be a blank spectator to such incident; be proactive and be assured that APMG & OGC will take necessary action.

ITIL Foundation Certified Professionals: The New Breed

I had been a bit busy for last couple of days with my organizational activities. Also, I had been interviewing potential candidates for openings that we have for various ITIL operational roles. I have come across many ITIL foundation certified professionals, whom I would prefer to call a new breed of ITIL professionals.

One of the candidates I interview had mentioned ‘Foundation Certified in IT Service Management’ and ITIL V3 Foundation certified. I asked him ‘what is the difference between these two certifications’…answer was ‘I don’t know’.

My next question – ‘What are the various lifecycle phases of ITIL V3’…I got another blank face…I went on to next question ‘Name any 5 processes of ITIL V3’…again a blank face and then an answer ‘I don’t know’. I asked ‘you are ITIL V3 Foundation certified and I expect the name of ITIL processes at least’…A great answer I got ‘My company asked us to get certified. I was shocked. I thought that this would be a one of case. But thereafter I have found many guys like him, who do not even recall the process names. Another interesting case was when I asked one candidate, ‘which version of ITIL you are certified in’…he thought for a while and then answered ‘Version 1’. He had completed his engineering in 2006, probably would have been just a couple of years old when ITIL version 1 was introduced.

Service Request Vs Change

I have faced a question from many people - Are all service requests a change? People believe that it is so as they do not understand the fundamental difference between the two. They feel that every service request involves a change in the state of live IT infrastructure.

To answer this question, I would first prefer to explain the two individually:

Service Request:

Service request is the request from the user for any information, documention, advice or access.

Example: user manuals, password reset, etc.

Change

Change is defined as an addition, modification or removal of an approved, supported or basedlined CI.

Example: Upgrade of a server, modification of a documentation, addition of a new service.

 

Now going back to our question, I would like to make a statement - 'Service request is not a change'. It does happen that a number of low impact changes, which are known to cause no negative impact to the IT environment are pre-approved for implementation. These changes are referred to as standard changes. These pre-approved changes are also treated as a Service Request and the request is fulfilled by Request Fulfillment team.

ITIL V2 & V3: My Views

OGC rolled out new version of ITIL, ITIL V3, in June 2007. I would prefer to term this as an excellent initiative. With ITIL V3 OGC has encapsulated every function and process area of an IT organization. 

In ITIL V2, the focus was on 'aligning IT with business'. Today, IT is at core for success of any business. Thus, it can be said that IT is integral to business. This has resulted in the shift of focus in ITIL V3 to 'integrating IT with business'.

Although the initiative is excellent, motive and objective is great, but way the things have come out is far from any thing that can be termed as good. I feel that as far as publication of core volumes of ITIL V3 is concerned, it definitely lacks the 'depth' when compared to ITIL V2. Besides it has ambiguities at couple of places. For example in change management in one of the process flows, an activity box 'update plan' is mentioned. No where in the book its description has been given. Reader are left to make a guess based on ones experience.

I have observed that a person certified at ITIL V3 Foundation level lacks ITIL knowledge when compared to the person with ITIL V2 Foundation certification. An ITIL V2 certified person had a significant understanding of the processes whereas ITIL V3 foundation certified individual lacks that. He just has an overview or basic understanding of the ITIL V3 processes.

Referring to the certification scheme, ITIL V2 was designed to test both the practical as well as theoritical knowledge of the individual. ITIL V2 Manager certified individual had an indepth understanding of the processes and its practical application. The certification scheme was so designed that based on a persons capability, one can directly appear for Manager certification after clearing the Foundation. This was the route that I had taken. It was a very cost effective option.

On the other hand, ITIL V3 certification scheme looks to be more 'business' oriented. You need to accumulate required credits to reach the next level by clearing multiple exams. I would like to mention that to take each of these exams, with foundation being an exception, attending training from an Accredited Training Provider is mandatory. Thus, clearing each of these trainings/certification is pretty expensive.

While ITIL V2 certification scheme (to Manager level) tests your knowledge of ITIL at the first place, I feel that ITIL V3 certification scheme (to Master level) tests your financial capability at the first place. Testing ones knowledge becomes secondary as you need to arrange for the finances needed to clear a number of trainings and certification exams.

As far as overall knowledge is concerned, I feel it would be the same at ITIL V3 Expert level for both the set of individuals who have taken the ITIL V2 Managers route or the ITIL V3 route to ITIL V3 Expert certification. But definitely the people who are V2 Managers certified will be better placed for ITIL V3 Master certification, when the same is rolled out as it will be testing the practical knowledge and experience towards ITIL implementation.

Gap Analysis

Gap Analysis is the analysis of the difference between two states. It is used to identify the gaps or potential improvement opportunities. For financial or sales domain, it is the analysis of actual or current financial/sales performance with that of the projected financial/sales performance.

In the same way, in process consulting, gap analysis is the tool used to identify gaps in the current process ('As-Is' process). Gaps are identified using either an industry accepted process framework, like ITIL, or an ideal scenerio as a reference. All of these identified gaps maps to potential improvement opportunities.  These are then used to define the new process ('To-Be' process).

Baseline:

Baseline is the current state or the 'As-Is' state used as a reference point or benchmark - for our consideration it is the 'As-Is' state of the process.

Gap Analysis & Continuous Improvement

New process is defined or existing process is improved (referred to as 'To-Be' process) using the existing process as a reference or baseline. For continuous improvement, newly defined 'To-Be' process becomes the 'As-Is' process or the new baseline.

So everytime gap analysis is performed in order to identify further improvement opportunities. These identified gaps are then improved upon in the new 'To-Be' process. This eventually becomes a continuous improvement cycle.

Some Common Misconceptions

I have come across a number of misconceptions that people have about ITIL and would like to clarify the same. Some of the common misconceptions are:

1. "We have installed ITIL"/ "We have bought ITIL and are in process of its installation"

 ITIL is not a software package that can be bought or installed.

2. "We are following ITIL Standard"

ITIL is not a standard but a framework of good/best practices. ISO20000 is the standard which is based on ITIL.

3. "ITIL is dependent on Tools"

ITIL consists of a set of processes. Processes are not dependent on tool and so is ITIL. Tools acts as the enablers.

4. "I am ITIL Master Certified"

ITIL Master certification is not available yet. Thus, none of us can be ITIL Master certified. ITIL V2 Managers certification was commonly referred to as Masters by a section of people in the industry and this definition still exists for them. And this is the misconception being carried forth by the group of people following that school of thought.

ITIL and Organizational Cultural Change

I believe that ITIL implementation or anything that changes the way you work needs a change in organizational culture. Specially in case an organization is not process oriented, then ITIL implementation in such organization demands huge cultural change.

What is culture change in an organization?

Organizational culture can be defined as a set of 'ways', 'values' and 'beliefs' that its employees has and they use these to control the way they:

• Interact with one another,
• Outside world, and
• Perform their day to day functions

A change to any of these directly impacts the day-to-day activities of the employees. This is a cultural change.

Thus, any process implementation or automation initiative results in an organizational cultural change. ITIL implementation, being a process implementation, is not an exception.

It is a human tendency to resist a change. It is embedded in the human psychology. Hence, organizational cultural change also faces a tremendous resistance from employees. The top three key factors that contribute to the overall resistance are:

1. Fear of Job Loss: It is a common perception in IT departments of organizations across the globe that their 'work' might be outsourced. Process implementation demands process adherence, a unique 'one' way of working, which further increases their fear of outsourcing.
2. My way is a better way: Every individual feels that existing way of working or the system itself is the best one. This is because they are used to the existing system and are very comfortable with it.
3. Relearning: A change would mean that the new system or 'way’ should be learned and well understood. For many of us (especially after a certain age) relearning is a difficult task.

Change in organizational culture is very important for organization’s growth. It is inevitable. A change is acceptable to any individual when its benefits outweigh the perceived troubles. Thus, a change should be properly planned; employees convinced about the benefits that it brings.

It is very important to plan organizational cultural change for an ITIL implementation initiative to be successful.

Key factors that would constitute Organizational Change strategy are:

Strategic Vision: Formulation and communication of clear strategic vision

Top management commitment: Commitment of top management is required and ‘communication’ of this commitment (following a top-down approach)

Initiation: Culture change should be started at the highest level

Organizational Re-structure: Organization restructuring should be done, if required, to support the organizational change

Control: Select ‘takers’ (those who are ready to accept change) and terminate deviants (blockers of change)

Develop sensitivity: Ethical and legal sensitivity to change should be developed.

ITIL implementation strategy should follow or encompass organizational change strategy. This will ensure that the ITIL implementation initiative is successful.

Understanding ITIL

ITIL stands for Information Technology Infrastructure Library. ITIL is a set of best practices for service management.

Till date three versions of ITIL has been released. Version 1 of ITIL  (ITIL V1) was published in 1989 by CCTA, which is now Office of Givernment Ccommenrce (OGC), an administrative body of government of Great Britain. Version 2 of ITIL (ITIL V2) was published in 2000 and finally in 2007 Version 3 (ITIL V3) was released.

ITIL V2 consisted of two core volumes - Service Support & Service Delivery each having set of 5 processes.

With ITIL V3, the focus is now on 'integration of IT with business'. ITIL V3 has 5 core volumes or phases of lifecycle - Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. All of the old ITIL V2 processes has been moved to one of these lifecycle phases.

ITIL is a framework of best practices. It is not a standard. BS15000 was the standard that was based on ITIL V2 and it has subsequently given way to ISO 20000.

Note: I have or would be publishing seperate blogs to understand different ITIL concepts.

ITIL Certification Scheme

THE CREDIT SYSTEM:

V3 certification is based on credit system that provides the flexibility to opt for an intermediate level module, allowing one to select a course based on his/her expertise and interest in pursuit of ITIL Expert level of certification, thus accumulating the credits required for the next level.

Each V3 certification is allocated a credit value. One needs to accumulate atleast 22 credits across various levels to gain ITIL V3 Expert certification. After achieving the V3 Expert certification, one can pursue the ITIL Master certification (currently under development).

LEVELS OF CERTIFICATION IN V3:

Foundation: Foundation certification is the entrance level of ITIL V3. It is a mandatory level for all higher level of certifications. It provides a general awareness of the Service Lifecycle and its key elements. It focuses on the overall linkages between the stages in the Lifecycle, the processes used and their contribution to Service Management practices.

No pre-requisites. One can take the certification exam without taking training from an accredited training organization.

Intermediate: It provides a deep level understanding of V3 processes and roles. It focuses on the Lifecycle, the use of process and practice the elements used within it besides the management capabilities needed to deliver quality Service Management practices in any organization. Intermediate level consists of 5 Lifecycle Modules and 4 Capability Modules.

Foundation certification (2 credits) is the pre-requisite for attending the training from an accredited training organization. The training is a mandatory requirement for taking the certification exam.

Managing Across Lifecycle: It completes the Lifecycle and Capability streams. It focuses on the ancillary knowledge required to implement and manage the necessary skills associated with the use of the Lifecycle practices. This certification is mandatory for reaching the ITIL Expert level (ITIL V1 or V2 Service Managers are exempted).

Accumulating atleast 15 credits from Intermediate level (Lifecycle and/or Capability modules) is a pre-requisite. The training is a mandatory requirement for taking the certification exam.

ITIL Expert: One needs to accumulate atleast 22 credits across various levels to gain ITIL V3 Expert certification. There is no separate exam for this level.

ITIL Master: ITIL Master Certification is currently under development and the exact course structure, syllabus and pre-requisites are yet to be finalized.

UPGRADING YOURSELF TO ITIL V3:

The existing ITIL certifications have been duly recognized in the ITIL V3 Qualifications scheme. The credits awarded are:

S.No.	Certification	Credits
1.	ITIL V2 Foundation	1.5
2.	ITIL V2 Practitioner Clusters	3.5
3.	ITIL V2 Practitioner individual	2.0
4.	ITIL V1/V2 Service Manager	17.0

 Following certificate holders can:

• ITIL V2 Foundation Certificate: Upgrade to ITIL V3 Foundation by clearing the ITIL V3 Foundation Bridge examination (follow the route of Blue and then Black Lines for ITIL Expert level certification).
• ITIL V2 Practitioner Certificate: Can use their existing credits to take the ITIL V3 Managers Bridge examination (need 12 credits and can take the Green Line for ITIL Expert level certification. Also, one can even take other ITIL V2 Practitioner certifications to accumulate the required 12 credits. In case if the total credit value is less than 12, then one needs to take ITIL V3 Foundation Bridge examination and then accumulate the remaining credits by taking various ITIL V3 intermediate level certifications.ITIL V1/V2 Service Managers: Can take the ITIL V3 Managers Bridge examination (following the Red Line) for ITIL Expert level certification. They are exempted from taking “Managing Across Lifecycle” exam.

Should A Problem Ticket Be Created For Every Incident?

I have come across this question quite often. There is a section of people who believe that a problem ticket should be created for every incident. There is another section of people who believe that a problem ticket should be created for every major incident.

As per the ITIL best practice, whenever an incident is recorded, even if it is a major incident, it has to be matched with the known error database (KEDB). In case the incident has a match in KEDB then a problem ticket should not be created. The reason for this is that - a similar incident has already been resolved, its resolution is available and no further investigation is required. This incident would be tagged to the matched known error thereby also increaing the incident count against that known error. This data can be further used by the problem management team for Proactive Problem Management.

On the other hand, if there is no match in KEDB for a incident, then a corresponding problem ticket should be created. As the goal of incident management is to resolve the incident as quickly as possible, so incident management team can work towards resolving the same. Any resolution provided by incident management team for such an incident should be updated against its problem record. This is meant to get the resolution evaluated by the problem management team, who will add it to KEDB in case the resolution is correct, or else will provide a correct workaround or resolution.

What Is a Process?

A Process can be defined as a connected series of actions, activities, changes, etc. performed by agents with the intent of satisfying a purpose or achieving a goal. In other words process is a structured set of activities designed to accomplish a specific objective. It takes one or more defined inputs and turns them into defined outputs. It may include any of the roles, responsibilities, tools, and management controls required to reliably deliver the outputs. Also, it may define policies, standards, guidelines, activities, and work instructions, if necessary.

Is Process Dependent On Tool?

Another misconception that I have often come across is that there are certain group of individuals who believe that process is dependent on tools.

Lets assume that this belief is correct, and take an example of process of going to office from our home. The tool that is being used for this process is a car. Thus, if this belief is correct, it would mean that the process (going to office) is dependent on the tool (car). This would signify that a person cannot take any other mode of transport to go to his office, which is not the case. Hence our assumption is wrong.

We should remember that Tool is dependent on the process and not vice-a-versa. Tool is just an enabler of a process. Multiple tools can be available in the market which can help in process implementation or its automation. It depends on the organizational requirements or preferences that decides the tool that has to be used.

Will An Incident Become A Problem?

I have often come across discussions and queries regarding when an incident would become a problem. Interestingly, I have found that some of my co-consultants and many practitioners of ITIL, despite being ITIL certified at various levels themselves, provide various reasons for the same. Some of the ‘so called’ conditions when an incident would become a problem are:-

• When there is a major incident
• When the incident approaches SLA breach time
• Business impact of incident is very high
• Etc.

The fact is an incident never becomes a problem.

In generic terminology or layman’s language, incidents are referred to as problems. But such explanations are not expected from an ITIL certified individual.

Let us see how ITIL defines incident and problem:

• ITIL defines incident as an unplanned interruption to an IT service or a reduction in the quality of an IT service.
• ITIL defines problem as unknown cause of one or more incidents.

Let us take an example to understand difference between the two – Your PC hanged and that happened quite frequently. Every time you rebooted your PC, it started working fine. Eventually, you called the support team. They checked your PC and installed a patch. Thereafter, your PC never hanged.

The condition when your PC hanged was an incident. You resolved that incident by rebooting it. It was a workaround. Finally, when the support team checked your PC, they did a root cause analysis. It was a problem. They provided resolution to this problem by installing the patch.

Asset Vs Configuration Item

Another area that people find it difficult to differentiate is a configuration item and an asset. Some of us feel that both are same. I will focus this post on key differences between the two.

Asset has a financial value along with a depreciation rate attached to it. IT assets are just a sub-set of it. Anything and everything that has a cost and the organization uses it for its asset value calculation and related benefits in tax calculation falls under Asset Management, and such item is called an asset. Asset's life is for duration till its financial value becomes 'Zero', which depends on the associated depreciation rate. There is no relationship between assets.

Configuration Item or CI on the other hand may or may not have financial values assigned to it. It will not have any depreciation linked to it. Thus, its life would not be dependent on its financial value but will depend on the time till that item becomes obsolete for the organization. CI has a relationship. So from a CI all information on subsequent parent and child CIs can easily be obtained. Also, CI is restricted to items specific for use in live IT environment.

Let’s take an example that can easily signify the similarity and differences:

1) Similarity:

Server - It is both an asset as well as a CI.

2) Difference:

Building - It is an asset but not a CI.

Document - It is a CI but not an asset.  

Good Practice Vs Best Practice

I have observed that most of us confuse between Good Practice and Best Practice. Whenever it is recommended that a practice should be followed, it is said to be a best practice. When this practice becomes a part of life, it becomes a good practice. So a good practice is always automatically followed by everyone concerned. We can say that a best practice when followed over a period of time becomes a good practice.

Let us take couple of examples from our day to day life. Initially when the seat belts were introduced in cars, it was said to be a best practice to wear the seat belt. Eventually, wearing seat belt became a habit and thus a good practice.

Another example is wearing helmets. Initially people were not used to wearing helmets and thus it was said to be best practice to wear a helmet. But over a period of time, in most countries, wearing helmet became a habit and it became a good practice.

Let’s take an example from ITSM space. For an organization where service desk has been recently introduced, it is a best practice to call the service desk in case of any issue, help or information required. But eventually when the process matures, it becomes a practice to call the service desk for any support issues and hence a good practice.

ITIL V2 Vs V3

Like any other process framework evolution, ITIL is also evolving and ITIL V3 is the latest generation of this evolution. This evolution has really caused a lot of anxiety in ITIL followers in terms of “What it is?”, “How will it impact our ITIL V2 implementation?”, “Should we go for ITIL V2 or V3” and so on.

I would like to mathematically term V3 as:

ITIL V3 = ITIL V2 Refined + ‘X’

Where, ‘X’ is a set of new processes, most of which probably your organization would already be following.

Also, there has been a level of ambiguity in the ITIL V2 jargons and the terms the industry was actually using. A best example of it can be the CMDB. The ITIL V3 has not only taken care of these ambiguities but also provided a simplified framework in terms of what industry was “actually” using. In other words we can say that it has refined ITIL V2 to be aligned with the industry. Not only that it has broadened its scope covering the processes that industry is already using but were not included in ITIL V2.

Besides, while ITIL V2 talked about “Aligning IT with business”, the ITIL V3 is talking about “integrating IT with business”; i.e., making IT a part of the strategic layer of an organization and thus covering strategic, tactical and operational layers.

ITIL V3 has introduced us to Service Life Cycle approach. This raises a question – “Why was it required?” ITIL V3 is having a major focus on IT Strategy (Business – IT integration) and Continual Service Improvement. The entire approach from identifying a service for creating value to business, to its design, transition, operation and improving on its performance and cost parameters needed a continuous cycle, and thus what we have is a Service Life Cycle. Accordingly a process realignment (of all ITIL V2 processes) was required.

In the corresponding tables we would try to map all the existing processes of ITIL V2 to ITIL V3 and understand the key processes that are new to ITIL V3. The description under the column “In V3 under” has the names of core ITIL V3 books. These five books help an organization in understanding:

• How can they develop business driven ITSM strategy?

• How can they design a system to support the selected ITSM strategy?

• How would they transition the designed system to production, in terms of people, processes and technology?

• How would they support the operation of the implemented system on an ongoing basis?

• How would they continuously improve the processes and operations?

Mapping ITIL V2 processes to ITIL V3

1. Process: Financial Management For IT Services

Process Name in V3: Financial Management

In V2 under: Service Delivery

In V3 under: Service Strategy

Additional Details: Concept of Return on Investment (RoI) introduced.

2. Process: Service Level Management

Process Name in V3: Service Level Management

In V2 under: Service Delivery

In V3 under: Service Design

Additional Details: No changes. It is also covered briefly in Continual Service Improvement.

3. Process: Capacity Management

Process Name in V3: Capacity Management

In V2 under: Service Delivery

In V3 under: Service Design

Additional Details: Resource Capacity Management is renamed as Component Capacity Management (consisting of Resource Management & Performance Management). Capacity Management Information System (CMIS contains info. on capacity & performance reports and data, Forecast and Capacity plan) introduced.

4. Process: Availability Management

Process Name in V3: Availability Management

In V2 under: Service Delivery

In V3 under: Service Design

Additional Details: Availability Management Information System (AMIS contains info. on Availability Mgmt. reports, Availability plan, Availability design criteria and Availability testing schedule) introduced.

5. Process: IT Service Continuity Management

Process Name in V3: IT Service Continuity Management

In V2 under: Service Delivery

In V3 under: Service Design

Additional Details: No changes.

6. Process: Change Management

Process Name in V3: Change Management

In V2 under: Service Support

In V3 under: Service Transition

Additional Details: No changes.

7. Process: Configuration Management

Process Name in V3: Service Asset & Configuration Management

In V2 under: Service Support

In V3 under: Service Transition

Additional Details: Configuration Management and Asset Management exist as two sub-processes. Configuration Management System (CMS) and Service Knowledge Management System (SKMS) introduced. CMS contains a set of tools and databases (Eg. CMDB, Asset database, etc) used to manage configuration data and includes information about Incidents, Problems, Known Errors, Changes, and Releases.

DHS & DSL replaced by Definitive Media Library (DML). DML is one or more locations in which the definitive and approved versions of all software Configuration Items are securely stored).

8. Process: Release Management

Process Name in V3: Release & Deployment Management

In V2 under: Service Support

In V3 under: Service Transition

Additional Details: Release and deployment activities separated as two separate sub-processes – Release and Deployment.

9. Process: Incident Management

Process Name in V3: Incident Management

In V2 under: Service Support

In V3 under: Service Operation

Additional Details: No changes.

10. Process: Problem Management

Process Name in V3: Problem Management

In V2 under: Service Support

In V3 under: Service Operation

Additional Details: No more bifurcation of process into problem control and error control activities. Known error can be created during any stage of problem management.

New processes in ITIL V3

1. Demand Management (Service Strategy): It is a critical aspect of service management. It consists of activities that understand and influence customer demand for services and the provision of capacity to meet these demands. At a strategic level Demand Management involves analysis of patterns of business activity & user profiles and the strategy to influence the demand. At a tactical level (as part of Business Capacity Management it involves implementation of strategies to influence the demand. In ITIL V2 the concepts of Demand Management was discussed under Business Capacity Management).

Key Terminologies:

• Pattern Of Business Activity (PBA): It defines dynamics of a business & includes interactions with customers, suppliers, partners, and other stakeholders.

2. Service Portfolio Management (SPM) (Service Strategy): SPM is the process responsible for managing the Service Portfolio. It considers Services in terms of the business value that they provide.

Key Terminologies:

• Service Portfolio: It is the complete set of services that are managed by a service provider. It is used to manage the entire lifecycle of all services (Service Pipeline, Service Catalog and Retired Services). It is not normally published to customers.

• Service Pipeline: It is a database or structured document listing all IT services that are under consideration or development, but are not yet available to customers. It provides a business view of possible future IT services.

• Service Catalog: It is a database or structured document with information about all live IT Services, including those available for deployment. It is the only part of the Service Portfolio published to customers, and is used to support the sale and delivery of IT Services. It includes information about deliverables, prices, contact points, ordering, and request processes. It contains accurate information on all services that are currently operational and all services that are about to transition into operation.

3. Service Catalog Management (Service Design): Service Catalog Management is the process responsible to provide a single source of consistent information on all of the agreed services and ensure that it is widely available to all who are approved to access it. They are responsible for the maintenance of Service Catalog. In ITIL V2 Service Catalog was discussed under Service Level Management.

4. Supplier Management (Service Design): Supplier Management is the process responsible for ensuring that all contracts with suppliers support the needs of the business, and that all suppliers meet their contractual commitments. In other words they are responsible to manage suppliers and the services they supply, thus ensuring that value for money is obtained by provision of high quality of IT Services to the business.

Key Terminologies:

• Supplier and Contract Database (SCD): It is a database or structured document used to manage Supplier Contracts throughout their lifecycle. The SCD contains key attributes of all contracts with suppliers, and should be part of the Service Knowledge Management System.

5. Information Security Management (Service Design): It is the process that ensures the confidentiality, integrity, and availability of an organization’s assets, information, data, and IT Services. It is a comprehensive process designed to address the strategic direction for security activities of the organization and to ensure that its business objectives are achieved. They are responsible for aligning IT Security with business security and thus ensuring that information is effectively managed in all services and Service Management activities. In ITIL V2 it was a part of Availability Management.

6. Transition Planning & Support (Service Transition): Its purpose is to plan for the capacity & resources required for any transition and provide support to the transition teams. Besides planning & co-ordination they are responsible for identifying, managing & controlling the risks of failure & disruption across transition activities. When needed they also co-ordinate activities across projects, suppliers and service teams.

7. Service Validation & Testing (Service Transition): It is responsible for ensuring the quality assurance, i.e., to ensure that a service being transitioned is fit for purpose and fit for use. Its responsibility also includes planning and implementation of validation and test activities. It also identifies, assesses and addresses issues, errors and risks through out the Service Transition activity.

8. Evaluation (Service Transition): It is a generic process. It considers whether the performance of something is acceptable, value for money, etc. – and whether it will be continued with, accepted into use, paid for, etc. They are responsible for correctly setting the stakeholder expectations and providing effective and accurate information to Change Management to make sure changes that adversely affect service capability and introduce risk are not transitioned unchecked.

9. Knowledge Management (Service Transition): It is responsible to ensure that the right information is delivered to the right person at the right time to enable him/her to make an informed decision, thereby improving the quality of the management decision.

10. Event Management (Service Operation): It is a stand-alone process for detecting and managing events and alarms, which ITIL calls “exceptions”. In ITIL v2, Event Management was covered under Incident Management. It is responsible for monitoring all events that occur anywhere in the IT infrastructure, to detect and escalate exception conditions and determine the appropriate control action.

11. Request Fulfillment (Service Operation): It is a new process for managing the lifecycle of all customer and user generated service requests. These types of requests include facilities, moves and supplies as well as those specific to IT services. In ITIL V2, it was covered under Incident Management.

12. Access Management (Service Operation): It provides rights and identity management related to granting authorized users the right to use a service, while restricting access to non-authorized users. Its goal is to provide right to users to be able to use a service or group of services.

13. Continual Service Improvement: It is responsible for continuously aligning and re-aligning IT services to the changing business needs by identifying the improvement opportunities and implementing the improvement plans/activities to IT services that supports the business processes.

ITIL Functions

ITIL V2 had Service Desk as the lone function. While ITIL V3 has 3 more functions other than the Service Desk. These functions are:

1. Technology Management: Provides the detailed technical skills and resources needed to support IT services and management, along with the ongoing operation of the IT Infrastructure.

2. IT Operations Management: It is responsible for the daily operational activities needed to manage IT services and the IT Infrastructure. It includes IT Operations Control and Facilities Management.

3. Application Management: It manages applications throughout their lifecycle.

Impact Of ITIL V3 On ITIL V2 Implementation

What if your organization is already implementing (or has already implemented) ITIL V2? In fact a very minimal impact is there. You can carry forward your ITIL V2 implementation plans and once you have already implemented ITIL V2, you can identify the areas which would need some modifications or tweaking of your processes. The changes to the old processes are in terms of refinements and thus are minimal. So taking your organization from ITIL V2 to ITIL V3 is not going to be an ‘uphill’ task. And in terms of the new processes of ITIL V3, a lot of them would be what your organization would already be following. So you have to only work around these processes to follow the ITIL V3 framework.

And for the organizations that are thinking of implementing ITIL, well you can take up your implementation plan with ITIL V3 straight away.