Making It Real

How companies get started on ITIL.

In 2004, the Food Lion supermarket chain needed to automate its change management to help comply with the requirements of the Sarbanes-Oxley Act. It decided to adopt ITILs change management processes, but initially it put aside the rest of the best-practices framework. Were not going to do everything ITIL says to do not if it doesnt make sense for us, says Dale Edmiston, the companys senior manager of IT operations.

Even so, Salisbury, N.C.-based Food Lion LLC soon began to look seriously at the other pieces of ITIL and has been expanding its adoption ever since.

Like many companies, Food Lion turned to ITIL to help with one problem area and ended up using it much more widely. Thats because ITIL the Information Technology Infrastructure Library is a framework of IT best practices that has something for everyone. The service support and service delivery sections, for example, include guidance for incident management, problem management, configuration management, change management, release management, IT financial management, IT continuity management, capacity management and service-level management. Try finding a company that doesnt need improvement in at least one of those areas.

Cathy Kirch

Cathy Kirch In fact, the breadth of ITIL can make it seem intimidating. We have to explain exactly what ITIL is, what value it brings and how to get the process going, says Rick Lemieux, vice president of ITSM Solutions LLC, an ITIL training company in Lexington, N.C.

But the bottom-line value is something anyone in IT can understand. ITIL teaches you what you should be doing to align the IT goals with the business, says Lemieux.

Start Small

Although adopting ITIL involves a lot of work, it is not terribly complex, especially when you take it one step at a time, starting with the areas that need the most improvement.

At Carfax Inc., a provider of vehicle history records in Centreville, Va., the trouble area was capacity planning. Thats what got us started, says senior analyst Robert Stinnett. We liked how ITIL handled capacity planning, so it just sort of grew.

Stinnetts experience with ITIL began in 2004, when Carfax bought BMC Software Inc.s Control-M enterprise job-scheduling software. BMC offered classes on ITIL, so Stinnett and his colleagues signed up.

For Carfax, the first step toward applying ITIL was to diagram IT proc­esses and workflows. We had huge flowcharts on the wall for a credit card process or the running of a vehicle history report, says Stinnett. We broke each process up into services, like the dealer log-in, with Server A talking to Server G, and so on, says Stinnett.

Carfax also purchased BMCs Atrium configuration management database (CMDB) to serve as a central repository for data on Carfaxs IT assets and processes. A CMDB is a core component of ITIL.

Carfax manually populated the CMDB with information such as hardware and network configurations, the physical locations of enterprise applications, and the other applications and databases with which each system exchanges data. The CMDB became a comprehensive inventory and description of all the hardware, software and integration links throughout Carfaxs IT environment.

That effort took about a year. We went through old documents, asked departments what servers they had, what software, what services they provide to the enterprise, Stinnett says.

Using BMCs service-modeling editor, Service Impact Manager, they also put the workflow diagrams into the Atrium CMDB, showing how proc­esses and transactions move from one application to another. Those can now be easily updated.

Since implementing the CMDB and the service-modeling tool, Carfax has reduced manual IT tasks by about 400% over the past two years, says Stinnett. For example, IT staff can automatically see which other systems will be affected by a planned upgrade and make adjustments for it without having to spend hours analyzing the upgrade and then troubleshooting the inevitable postupgrade glitches. Its helped us to track our changes and do capacity planning better, says Stinnett.

He thinks of the various ITIL proc­esses as Tinker Toys, to be used as needed. You can build what you want to out of them, he says. There are no hard and fast rules that you have to implement this or that.

Allstate Assessment

Allstate Insurance Co. in Northbrook, Ill., has been involved with ITIL since 2002, when a small group of IT employees persuaded upper management to send them for training. Today, the company has adopted ITIL across its IT organization and sent hundreds of IT employees for training to get certified.

To decide where to begin its ITIL implementation, the IT department developed a maturity scale to rate its various processes. Most organizations use some type of maturity scale, such as the Capability Maturity Model, for assessing their IT operations. ITIL contains its own means of assessing the service maturity of an IT organization, called the Process Maturity Framework.

The team at Allstate used the maturity scale to assess each practice, including capacity management, availability management and service-level management: How well did it work? Did employees understand proper procedures and follow them? How consistent was the documentation?

They decided to work on incident management, change management and configuration management. We asked, Where should we improve? says Cathy Kirch, an Allstate process consultant. Then we did a project plan and said, Lets go deliver it.

Kevin Pugh, an Allstate process consultant who works with Kirch, notes that understanding, and then documenting, the interdependencies and handoffs between processes is critical to success with ITIL. Problem management cant analyze and fix something if its not been documented first in incident management, he says. Just like if a police officer doesnt make out a report, then the detective has nothing to work on.

Big-Bang Approach

Unlike many organizations, Tarrant County, Texas, opted from the start for a large-scale adoption of ITIL. The countys IT department began the proc­ess in September 2005 by hiring Pink Elephant Inc., an international ITIL consulting firm, to conduct a formal analysis of its practices. The resulting 20-page report rated IT operations as fairly immature across the board, says Pete Rizzo, director of operations. For instance, we didnt have a service desk. We had a help desk. A help desk answers a call and passes it on to someone else. A service desk answers the call with the goal of resolving the issue.

Early on, IT employees attended a four-hour awareness class, given by ITSM Solutions, and 24 employees went on to achieve ITIL certification.

Once certified, employees can participate in one of several process introduction teams (PIT). These teams focus on a specific ITIL process, such as problem management. Each PIT has a cross section of employees from the server group, the database administration group, desktop support and so on, says Jan Allred, project manager in IT operations for Tarrant County. (All team members also have full-time day jobs in the IT department.)

They decided to begin with incident and problem management and then move on to change and configuration management. With the help of a consultant, they compared their practices with ITILs and created road maps for closing the gaps. For instance, they converted the help desk into an ITIL service desk and increased its staff and hours of operation. They expanded their Hewlett-Packard Service­Center software with modules for incident management, change management and configuration management.

In the process, they began to internalize ITILs worldview. For example, says Rizzo, ITIL defines incident management as rapid restoration of service, so if somebodys printer isnt working, the goal of the service desk is to help them print not necessarily to fix the printer. Its the problem management side who finds the root cause of the printers problem.

Beyond Sarbanes-Oxley

Though the Sarbanes-Oxley Act and the need for better change management opened the door to ITIL at Food Lion, Edmiston and his staff soon became convinced of its value and decided to adopt additional ITIL processes, in combination with the Cobit standard for IT security and control practices.

Its difficult to do one of the ITIL service areas without looking at related ones, Edmiston explains. If youre doing incident management, you also need to look at problem and change management, because some incidents will require root-cause analysis and invoke a change.

Food Lions IT group created cross-functional teams of 10 employees, and each team focused on one of four ITIL process areas to be implemented initially: change management, incident management, problem management and service-level management. Each team developed a road map of tasks needed to align the process with the ITIL model.

With the first four process areas well under way, two teams are now planning to focus on configuration and release management. But an ITIL effort is never really done, Edmiston says. Its always evolving, with continuous cycles of improvement.

Hildreth is an IT writer based in Waltham, Mass. She can be reached at

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon