INNOTRAIN IT
IT Service Management QUICK – SIMPLE - CLEAR Preview
Extract
Chapter 4
2011
IT Service Management
Authors
Dr. Mariusz Grabowski, Universität der Wirtschaft Krakau Dr. Claus Hoffmann, Beatrix Lang GmbH Philipp Küller, Hochschule Heilbronn Elena-Teodora Miron, Universität Wien Dr. Dariusz Put, Universität der Wirtschaft Krakau Dr. Piotr Soja, Universität der Wirtschaft Krakau Dr. Janusz Stal, Universität der Wirtschaft Krakau Marcus Vogt, Hochschule Heilbronn Dr. Eng. Tadeusz Wilusz, Universität der Wirtschaft Krakau Dr. Agnieszka Zając, Universität der Wirtschaft Krakau
I
4 ITSM Implementation in SMEs IT Service Management can be introduced in companies in different ways. Depending on the maturity level and experience in the company, different processes can take priority. In addition to incident and problem management, change management is frequently the first step of an ITSM implementation. The change management scheme should be developed at the earliest possible stage, as it is the core of continuous service improvement. ITSM implementation is not only a technical, but primarily an organizational change process. People in organisations have to change their behaviour. However, resistance to change is a trait many people share. However, it is people who decide whether or not ITSM introductions are successful. A few ITSM projects are specifically devoted to the capacity for change and willingness to change of IT or service desk employees and pose these questions: !
Can the employees who have worked according to the same pattern for years internalise the philosophy of ITSM in a short time and change their work processes?
!
Do the employees have the capabilities required to bring a service organisation to life?
!
Are the expectations with regard to the time and personnel outlay required for implementing ITSM even realistic?
In practice, the greatest obstacle for IT Service Management is personnel-related, cultural and organisational resistance to change. Change management measures should be planned at an early stage during ITSM implementation. The aspects and methods of change management in ITSM projects are described in detail in Chapter 5. Real-world business experiences show that it is usually impossible to implement five to ten ITSM processes in six months. The primary success factor is when the ITSM philosophy is conveyed successfully and a corporate culture exists that is open to the change and promotes effective introduction of ITSM. Many companies that claim not to have IT Service Management have already dealt with the issue of disruptions in the operating workflow and frequently used existing standardised procedures. These companies have then adapted IT Infrastructure Library (ITIL), for example, to suit their needs ideally, but without understanding the philosophy. Therefore, they have put the second step before the first. In other words: they have put up the walls without laying the foundation. This chapter is intended to prevent exactly that. An example of a blueprint is provided to introduce IT Service Management in the company. Each company and each IT department have their unique characteristics. Therefore, this plan serves only as a rough guide that can be adapted to the company's own needs and circumstances and has to be elaborated in detail. The following information is focused on the essential steps of the ITSM implementation project that small and medium-sized companies typically have to go through.
Based on the diverse requirements of the different types of companies, the following pages will present a draft for a modular plan. It takes into account two concepts: Modularisation and prioritisation. Modularisation In Chapter 3, we presented the INNOTRAIN IT method, and already made use of the concept of modularisation there. Individual processes and functions have been compiled into modules and can be but together like building blocks according to specific needs. This principle is carried over into the introduction. In doing so, modules can be implemented in the manner deemed most suitable. Prioritisation By prioritising the modules mentioned above and taking into account certain dependencies between the modules, an individual flow chart for the company can be derived. The following Figure 17 shows the implementation of these concepts. As mentioned earlier, the modularisation has already been explained in Chapter 3; therefore, this aspect of the graphic is also identical. The prioritisation is highly pragmatic and, in this case, contains only the distinction between mandatory (shown in dark shades) and optional modules (shown in light shades). We assume that individual companies have carried out a complete outsourcing of their IT. However, implementing the mandatory modules is useful even in these cases.
Figure 17 - Overview and classification of the ITSM modules
The mandatory modules provide the basis for successful use of ITSM. The optional modules supplement them. To utilise all the added value that can be provided by using ITSM, all modules should be introduced. The selection of modules depends to a great extent on the company and its facets, the strategy and requirements. The following graphic shows an example of a blueprint shown as a introductory path. As mentioned earlier, the defined steps reflect all basic modules. These have been arranged into a sequence according to their dependencies and are expanded by adding relevant activities. The subsequent paragraphs explain all five steps of the introduction process in detail: 1. Preparation, vision, evaluation and planning 2. Defining the strategy 3. Implementing the basic modules 4. Implementing the advanced modules 5. Optimising the implementation
Figure 18 - Relationship between project phases and the INNOTRAIN IT five-step implementation model
4.1 Step I – Preparation, vision, evaluation and planning When introducing IT Service Management, the IT organisation faces the challenge of developing and offering IT services for supporting the business processes. In many cases, this change succeeds only after a delay, as the mission and philosophy of the IT organisation have to change first. Just as the entire business has to face the changes, the IT organisation also has to undergo a fundamental change from a technology provider to a service organisation. This new role evaluation helps the IT organization to define and implement its new function as a supplier of IT services, while also increasing is effectiveness. At the beginning of an ITSM implementation, the benefits and necessity of IT Service Management should be identified and discussed with corporate managers and executives. Management has to be shown that the ITSM implementation is a change program and not just a technical solution or technical project. To identify the significance of the ITSM plans for the company and obtain the buy-in of executives, a workshop should be held for them. This can be organised as part of the initialisation phase of an ITSM change programme.
4.1.1
Vision
Defining a vision for the project is an important step towards implementing IT Service Management successfully. The vision sets the direction for the project stakeholders and gives them orientation. It helps to place a shared goal before the various groups of stakeholders. Implementing IT Service Management requires vision, goals and resources. Moreover, the vision has to take into account people, processes, cultures and technologies for all areas involved. The vision serves the following purposes: !
Giving everyone a clear idea of where the plan is headed
!
Motivating employees so that they act in the direction that has been agreed
!
Co-ordinating all activities of the participating persons
!
Bringing into agreement different perspectives in the company, such as between executive management, the IT department, specialised departments and the employees
The vision is the central starting point for turning an ITSM plan into reality. In doing so, an important element is exchanging and communicating with all IT stakeholders in the company, meaning all those who are participate directly in the project or are affected by it. Typically, their interest depends on the extent to which they are affected. The urgency of the plan (What happens if we do nothing?) and the vision are the basis for communicating with IT stakeholders. This information is intended to provide motivation, inspiration and support for implementation. In addition, it is
important to live out the philosophy of IT Service Management. Objections have to be discussed, priorities agreed and decisions made jointly.
4.1.2
Preparation
Nowadays frequently referred to as the "enabler" of the company, IT is dependent on customers' processes in a wide variety of forms. For this reason, after the project is approved by top management, it is important to measure and analyse the environmental variables of IT. In many cases, a corporate strategy is defined and processes are documented. If this is not the case, these preparatory measures ought to be carried out. After going through the steps, an IT strategy, exact requirements and required services are to be derived. The two relevant measures here are: !
Defining and documenting the corporate strategy
!
Documenting the relevant business processes with the methods of business process management
4.1.3
Evaluation
Measurements are indispensable for good management and the implementation of ITSM. Every improvement programme with the objective of optimising IT services must have the current status as a reference value. This is also an important starting point for attaining a quality standard and meeting governance or compliance requirements. A needs-based analysis of the existing IT processes and IT services is the basis for a successful ITSM change project. For this purpose, there are various assessment forms for measuring variables such as process maturity. In this process, it is important to keep an overall image in mind so that employees, technology, processes and structures are matched to each other. From the individual processes via the maturity level of an IT organization to the tools used, an inventory should be carried out, recommendations and risk assessments carried out and the results presented as part of a management workshop. With the help of an IT Governance Maturity Assessment, the processes, control mechanisms and responsibilities of an IT organization can be analysed, for example based on COBIT. Today, statutory regulations such as the Sarbanes-Oxley Act, the Corporate Governance Codex or Basel II require, from a business management and technical standpoint, corresponding accountability reports for the efficiency and effectiveness of management and control of IT processes. The objective is to create transparency in IT Service Management and reduce operational risks significantly.
The full benefits of ITSM processes in fulfilling business requirements while simultaneously maintaining the Service Level Agreement that has been reached are obtained only with coordinated interaction of people, processes, structures and technology. In doing so, ITSM tools can ensure efficient control of flows of information between the IT processes and provide the basis for an ongoing identification of optimisation potential. It is necessary to check whether the ITSM tools will meet present and future requirements and whether they provide optimum support to the IT processes. Optimising an IT service organisation involves not only technical matters, but also soft factors. Therefore, the corporate and organisational culture is another important aspect of a successful business/IT alignment. A service culture analysis that surveys employees about the behaviours they expect directly or indirectly can be used to identify deficiencies.
4.1.4
Planning
The planning phase is used for concrete development and implementation of an ITSM solution. It is based on results of the vision and evaluation phase. Typically, a program for implementing or improving service management consists of multiple projects that are focused on certain processes, functions or regions of the overall programme. The strategic vision illustrates the desired future status to be attained. The evaluation allows the organisation to determine where it currently is and what is required for the progress. The planning phase provides the answer to the question "How do we reach our goal?". It is important that there is unanimity about the role and properties of the IT organisation, both in IT and with executive management. With regard to a uniform understanding of the future role of IT, it is not only important to understand the ITSM processes; rather, for implementation, it is also relevant to determine the extent to which the employees have already gathered experiences with the processes. Therefore, it is necessary to clarify which process activities and the required capabilities of employees are most urgently necessary in order to fill the required role and thus to provide the results expected of the implementation. To justify the introduction of ITSM, the costs have to be compared to the savings and revenue. The costs can be determined relatively easier, but revenues or savings are often more difficult. Based on the gap analysis and progress review, a roadmap can be developed to close the identified gaps. The multi-layered nature of the gaps means that a single measure is usually not sufficient. Therefore, ideally, a roadmap is developed that matches the processes, technology and employees to each other optimally. For each programme module, a detailed project plan with expenses, deliverables and deadlines is required in order to thus create the basis for targetoriented control of the programme
4.2 Step II – Defining the strategy "The slowest person who never loses sight of his goal is still faster than someone who dashes about without one." If we apply these words of wisdom from Gotthold Ephraim Lessing to IT, even smaller organisations will be on the right path as long as they pursue the right goals. Accordingly, the ITSM introduction also begins by defining the vision, strategy and goals of the IT organisation. In many cases, people already act strategically without even realising it. In the simplest case, they take a big sheet of paper, sit down with the colleagues involved, write down the strategy and the goals derived from it and hang up the strategy paper in a readily visible location. This allows everyone to align his or her everyday decisions with the strategy. It soon becomes evident that this pragmatic strategy development is not a science one needs to be afraid of, but rather a tool. So that all aspects relevant for IT are covered, it is useful to define two parts of the strategy: Aligning the IT strategy with the corporate strategy IT must not be an end in itself, but must provide ideal support to business processes. Therefore, the first part is deriving the IT strategy from the corporate strategy. What has to be done for the company to be successful and how can IT support the company? This is the central question, and should be discussed between the responsible persons and the most important groups of stakeholders. Many IT strategy documents are concerned with how to provide IT services efficiently and effectively. However, that is only one side of the coin. The actual glue between the specialised departments and IT lies in answering the following questions: !
What are the company's goals?
!
What are the success factors in the individual specialised department?
!
How can IT help to influence these success factors and reach the goals that have been set?
Even if, in many cases, the specialised departments do not have a documented strategy and the question "What makes us successful?" provokes only general answers, the questions listed above may be helpful in steering the discussion. Providing IT services effectively and efficiently that are not even needed by the specialised departments is an error that should be avoided. According to the philosophy: It went very well—but unfortunately towards the wrong goal! IT strategy for SMEs The actual IT strategy is an extension of the derived strategy and expands it by adding technological and organisational aspects. The IT strategy can also define architectural aspects. For example, consolidating the servers by virtualisation may be one goal of a company's IT strategy. However, the IT strategy can also include that the company uses open source where possible and useful, prefers a certain programming language or uses only one hardware manufacturer. In summary, the IT strategy can address the following topics: !
Principles and guidelines of the use of IT
!
Financing model and organisation of IT
!
Application and system architectures
!
IT infrastructure as required basis
!
IT service and performance processes
!
Internally and externally necessary implementation resources
!
Risks in the implementation process
For additional information and details on the topic of strategy definition, refer to Chapters 3.1.1 and 3.1.2.
4.3 Step III – Implementing the basic modules After the future strategies are defined and the IT is aligned accordingly, the actual implementation can begin. The following process map provides an overview of the required steps within the basic implementation. For some companies, the conclusion of the process is also the end of the introduction project. If the advanced modules are not absolutely necessary, at least the optimisation in Step V should be considered.
4.3.1
Creating an ITSM plan
In close co-ordination with business, key suppliers and managers, an advance plan should be created that defines tasks, schedules and responsibilities. This provides the basis for a continuous improvement process and establishes the guideline for a mature ITSM organisation. Continuous improvement of the ITSM organisation should provide an ideal level of support to the business and meet the requirements for stability, availability and security at optimal cost. An ITSM plan should be drafted defining the concrete goals for the coming business year for individual management activities such as process reviews, customer satisfaction surveys, budget planning or Change Advisory Boards.
4.3.2
Developing an ITSM process design
Ideally, the process design for the ITSM process implementation is drafted in workshops. In particular, this involves configuring the individual processes and developing a target concept that serves as input for customising the ITSM tools and training the involved employees. Here, considering a company's individual starting position is of special importance.
The
objective
is
to
implement
ITSM
processes in the organisation. In doing so, one should concentrate on the essentials, ideally directly and in everyday practice without generating great additional expenses.
4.3.3
Providing the relevant tools
At the beginning, Step III includes providing the relevant tools. A brief requirements analysis pays off at this point, as following ITIL best practices in a strict manner, for example, would require a great number of different tools. The purpose of most of these tools is managing knowledge. In many cases, the response is: "But our Administrator already knows all that." What happens if, for whatever reason, the admin is no longer available? This is only one of the reasons why basic and thorough
Figure 19 - Process of implementing the basic modules
documentation
can
be
organisation's
survival.
of
vital
However,
importance the
to
an
principle
of
pragmatism applies here also. Therefore, as part of implementing the basic modules, only a small selection of
available tools is helpful and useful, even for very small companies.
Configuration Management Database In the ITSM community, the important-sounding term "Configuration Management Database" (CMDB) can refer to nothing more elaborate than a list of all elements of the IT landscape. The objective being pursued is a consistent collection of all so-called "Configuration Items" (CI). CIs include, for example, the servers, printers, and network components, as well as software licenses and contracts—in short, everything that deserves to be managed. The granularity and types of CIs can be defined according to one's own needs. The information to be managed also has to be defined and updated accordingly. Logical additions and links are then added to this list, such as a change log, a collection of known errors and incident and problem messages. The tool support can vary greatly: In an extreme case, a CMDB can be either a physical file folder in which all
configuration items are maintained and updated manually or a tool costing millions of dollars that requires dedicated administrators to keep it running. Clearly, each company has to find its ideal middle ground. In doing so, the CMDB should always be structured so that it is complete for the corresponding services, without being so large as to cause problems for configuration management. One of the most important foundations for the success of ITSM in an organisation is a functioning configuration management database that can be used, administered and monitored efficiently by the employees. Therefore, it should always be co-ordinated, developed and optimised to match the present needs of IT and business. Ticket system As the single point of contact, the service desk plays a central role in communication between service provider and customer. A ticket system supports this exchange in a wide variety of ways, including: !
Entering various enquiries (incidents, problems, service requests etc.)
!
Documenting the individual activities in the lifecycle of a system
!
Distributing the enquiries among employees
!
Defining and supporting the escalation process of tickets (1st, 2nd, 3rd Level)
!
Optional communication channels (e.g. Web interface, e-mail)
To be sure, the simplest version is setting up a central e-mail address for all enquires. However, this is effective only if the IT department consists of just a very few employees. Thus the "e-mail" version lacks obvious features of a ticket system such as structured entry of the data, categorisation and prioritisation options, reservation of tickets and reporting functions. Ticket systems, frequently based on Web technologies, are available in a great number of different versions, both as a commercial and Open Source solution. Service catalogue & service portfolio To "sell" a service, you have to publicise your services. Setting up a structured service portfolio management system answers questions about service benefits, quality and price structure as well as about the strengths, weaknesses and risks of the IT services offered. In doing so, service portfolio management system documents all planned services (in the service pipeline), all currently offered services and all withdrawn services. The service catalogue is a sub-product of the service portfolio and contains only the currently offered services. The appearance of the portfolio and the catalogue can be extremely different, including everything from a simple document that is forwarded, to databases in the intranet to small online stores in which the customer can "order" services directly. Here, too, a pragmatic approach that suits the company can be selected.
4.3.4
Introducing a central service desk
Introducing a central service desk not only is an easily attained intermediate goal (known as a "Quick Win"), it also addresses the uncomfortable topic of user support within IT and thus creates acceptance within the IT department. Thirdly, it provides the basis for many modules that require the service desk as a central communication unit. In this regard, the service desk does not necessarily mean more work, but rather a different organisation of the work and a structured procedure. For example, if we implement a ticket system with Web interface and understandable categorisation, the customer's enquiry will be routed to the correct employee rather than also needlessly adding to the workload of employees who are not involved. In addition, the employee can concentrate on his or her regular activities and work on the service desk in a targeted manner. However, in this labour-divisional version, it has also proven helpful to define a service desk manager who takes over responsibility for the entire service desk and can delegate enquiries if necessary. The following three steps can be introduced simultaneously. All three steps can be implemented in various ways in practice: !
Iteratively and simultaneously with the regular activities
!
Broken up into portions
!
On a one-time basis
4.3.5
IT service portfolio and catalogue
Earlier, we described the "shell" of the service portfolio. Now, we'll bring this shell to life. We enter the critical information for each service: !
All information that the customer needs (prices, conditions, service level agreements etc.)
!
All information the service provider needs (costs, priorities, risks, business case, terms and condition for support, escalation mechanisms etc.)
!
Guidelines, objectives and responsibilities
Then, the service catalogue can be derived by selecting the current services from the service portfolio and published for the customer. For additional information on this topic, refer to Chapter 3.1.3.
4.3.6
Systems and outsourced services
This area means relatively minor changes, as it describes the regular activities of IT. Accordingly, this module is usually present in this form even before the ITSM introduction. However, the instructions from Chapter 3.2.1 should be observed.
4.3.7
Documenting the infrastructure
The configuration management database (CMDB) is the vital information source of IT Service Management. It also requires an initial filling with data via the configuration items. As described above, this can be carried out iteratively or eruptively (eruptive is preferred). The company can use inventory tools that scan the network and associated configuration items and obtain a thorough database automatically.
4.3.8
Continuous improvement
At an early stage, the objective is to define operational objectives and metrics on three levels: expectations of the business areas for IT, output of the IT processes and performance capacity within the process flow. The defined metrics should have a good balance between the effort they require and the amount of information they provide, be comparable internally and externally and easy to measure. The objective is long-term anchoring of continuous improvement on all levels. In addition, an IT governance report (or dashboard) with the most important metrics can provide an overview of the service quality provided, the status of the control measures and thus the respective current compliance situation. The service, process and activity goals help to identify areas where there is potential for improvement. Accordingly, the continuous improvement process is one of the basic modules of the implementation. In the first step, the improvement process does not necessarily require a complex deployment of tools or employees; rather, the way of thinking has to be internalised and all modules, processes, functions and tools checked regularly for areas where they may be room for improvement. For more information, refer to Chapter 0.
4.4 Step IV – Implementing the advanced modules Experience has shown that only very few companies implement all functions and processes suggested in the relevant frameworks. Accordingly, after the implementation of the basis in Step IV, the advanced modules (in Figure 17 green, with a dashed outline) can be implemented. According to the building block principle, IT departments can equip themselves with modules to fit their own needs. Therefore, before selecting one or more blocks, the requirements should be analysed. Once the needs have been identified, the corresponding module can be introduced.
4.5 Step V – Optimising the implementation The modularisation practised as part of the implementation provides many advantages. However, it also requires regular verification and optimisation: Does the selection and composition of the modules still meet the requirements of IT? The continuous improvement process (CSI), introduced in Chapter 3.3.4, is responsible for improving the services and processes. However, it is also useful to optimise the actual ITSM. Potential for improvement exists, for example, with regard to the selection of the modules or the tools used. To implement continuous improvement in a successful and lasting manner, it is important to understand the various activities that can be applied for this process. The following activities support the continuous improvement plan: !
Reviewing management information and trends to ensure that the output of the ITSM processes reaches the goals that have been set.
!
Periodically carrying out internal audits to verify that employees are complying with processes.
!
Carrying out periodic customer satisfaction analyses.
!
Carrying out internal and external service reviews to identify areas where there is room for improvement.