ITIL Catches On

British-bred quality framework is becoming the tool of choice in U.S. data centers

It seemed a reasonable approach at the time. Whenever a server went down, the IT operations people at The Procter & Gamble Co. tried to figure out why. They did root-cause analysis in order to discover the origin of the problem and fix it. Then they brought the server back up.

Trouble was, users had to cool their heels in the meantime, losing e-mail service or reporting capabilities for as long as an hour. But now, thanks to guidance from the Information Technology Infrastructure Library (ITIL), P&G reboots servers immediately and restores service within minutes. The root-cause analysis follows, out of view of users.

"We saw a large decrease in the time that customers were waiting for services to come back up," says Kevin McLaughlin, security system manager at P&G. "With ITIL, we might have been having the same number of issues initially, but [users] didn't feel them like in the past. It helped IT present a better face to the customer."

Presenting a better face to users is at the heart of ITIL, a collection of procedures and best practices for IT services management and operations.

Developed in the late 1980s by the British government and popular in Europe throughout the '90s, ITIL has more recently caught fire in the U.S. Although there are alternatives, ITIL is becoming the tool of choice for standardizing, integrating and managing IT service delivery. According to a survey by Cambridge, Mass.-based Forrester Research Inc., as of a year ago, 12% of $1 billion companies had adopted some portion of ITIL, and one-third said they were getting started on ITIL or were considering using it.

P&G was an early adopter of ITIL in the U.S. six years ago. The company started with two of the 10 ITIL components—incident management and configuration management—and has since adopted components for problem management, change management and help desk management. Along the way, P&G outsourced much of its IT service delivery to Hewlett-Packard Co., and ITIL practices are now in place at both companies.

McLaughlin says HP's use of ITIL was "one of the factors in their getting the outsourcing deal."

All About Risk

Fifth Third Bank in Cincinnati started with ITIL's components for incident, change and configuration management just a year ago. The bank considered other quality frameworks, such as the audit-focused Cobit (Control Objectives for Information and Related Technology), as well as operational standards from the Federal Financial Institutions Examination Council. "We felt that for what we wanted to accomplish, ITIL fit perfectly," says Eric Strunk, system vice president for service management.

Kevin McLaughlin, security system manager at Procter & Gamble Co.
Kevin McLaughlin, security system manager at Procter & Gamble Co.

Image Credit: Andy Snow


At the time, the bank had separate change processes for hardware, software and infrastructure, and its leadership felt ITIL would give them a unified view of those, Strunk says.

"We made 30,000 changes in 2004," he says. "What is the risk and impact of a change? We needed a better way of managing that. Being a bank, we are all about managing risk."

The bank also wanted to link its processes for incident and change management more tightly so as to help it pinpoint the causes of outages. "It allows us to narrow the search and very quickly get the right people to [analyze] the event," Strunk says.

He says the bank is currently developing metrics to help it measure the benefits of its investments in ITIL. He hopes to plot the relationship over time of change volume against the frequency and duration of outages. "You can't prove what you don't measure," Strunk says.

ITIL practitioners say that's a key to success with any quality-improvement effort. "As soon as you start, get metrics immediately," advises Brian Childers, a member of the board of directors of IT Service Management Forum USA (ITSMF), a coalition of ITIL users and software vendors. "As you get down the road, people will ask you what you've been doing since x time, and the failure to capture metrics at the very beginning makes it difficult to answer that question."

Integrating Excellence

IT operations were fragmented at EarthLink Inc. two years ago—each of the company's service areas had its own processes for IT service-level management. "People were practicing good process for particular areas," says Willa Fabian, an IT vice president at the Atlanta-based Internet services provider. "But there was no way to look at things as a whole."

Paradoxically, those pockets of operational excellence turned out to be a challenge to bringing in ITIL, Fabian says. "It's a huge cultural change to say, 'I know you are practicing good process in your particular area, but now we all have to come together and do it one way.' "

EarthLink was able to head off much of the anticipated resistance by having a workshop very early in the move to ITIL with about 40 of the company's "best thinkers" in IT engineering and operations, she says.

A decision to embrace ITIL wasn't dictated by a senior manager but emerged from the workshop participants. "It was a huge change, but we could always tie it back to, 'This came from your recommendations,' " Fabian says.

After the workshop, corporate-level "process owners" were named for each major ITIL area—change management, problem management and so on—and corresponding subprocess owners were named within each of EarthLink's service departments. As ITIL was rolled out, regular meetings among these people ensured consistency across the entire company, according to Fabian.

Forrester analyst Jean-Pierre Garbani recommends that companies take a very flexible approach to ITIL. Otherwise, he says, ITIL will suffer the same fate as some of the ideas for software development process improvement from the 1980s. "There was the creation in companies of 'process police,' and the result was that no one is using those process improvement methodologies anymore," he says.

Instead, "send a couple of guys to get certified and use them as resident experts," says Garbani. "Lead a couple of seminars to initiate the company to ITIL. Make sure people understand that the library is there for reference, and use it as a source of education."

While the degree to which companies embrace ITIL varies considerably, any reasonably rigorous adoption of ITIL is no small job. Fifth Third Bank, whose IT budget is $250 million, spent $1.2 million in the first year to implement three ITIL processes. "We still have a long way to go," Strunk says, adding that the whole thing will take three to five years total.

Taking Stock

Most ITIL practitioners say it's essential to do a thorough self-assessment at the beginning, both to pinpoint those areas most in need of improvement and to establish a baseline to measure improvements against.

The assessments can range from inexpensive in-house efforts, based on free templates from the ITSMF, to six-figure consulting engagements, says Tom Lydon, service desk and data center manager at Thomson Legal & Regulatory, an Eagan, Minn.-based unit of The Thomson Corp. that provides information services to professionals in the legal, tax and accounting fields, among others.

Lydon says ITIL "foundation" training, based on a three-day course, got the middle tier of IT managers at Thomson well on board. But that's not enough. "One of the things we struggle with is we have to continually sell the need for process investments up the chain," he says.

Despite the difficulties, George Spaulding, executive consultant at Pink Elephant, a Toronto-based ITIL consultancy, cautions against buying ITIL support software right away. "Tools will not make process; they will just automate your existing process," he says.

Another temptation is to start your ITIL initiative by building a configuration management database. The database is "the center, the one place where everything in ITIL intersects," Spaulding says. But he suggests that you hold off if you don't have one already.

"Wait until you have put in a couple of processes, like service desk, incident and problem [management]," he says. Why? A configuration management database does nothing in isolation; it's useful only as it supports other processes.

Meanwhile, P&G's McLaughlin advises being patient and persevering while moving to ITIL. "It's very time-consuming to get technologists to understand that it's OK to reboot a server without understanding immediately why it went down," he says. "There's a lot of retraining, a lot of cultural change."



(multiple responses allowed)
In-house processes
Other methods
How critical is ITIL to IT process management?
How well do you understand ITIL?

BASE: 195 global IT professionals

SOURCE: International Network Services Inc., Santa Clara, Calif., September 2004


ITIL only
ITIL and ISO 9000 or Six Sigma
ITIL and Cobit or CMM
Six Sigma only
Cobit only
CMM only
ISO 9000 only
All of the above
None of the above

BASE: 134 IT professionals

SOURCE: Gartner Inc., Stamford, Conn., December 2004

Copyright © 2005 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon