The key to Baker’s enthusiasm for IT services management (ITSM) is the information technology infrastructure library (ITIL) that emerged from UK government in the 1980s. HP consultant Christian Kelbrick, a specialist in ITSM, says the reason ITIL came about was because of recognition of a rather important ratio within IT services management: 20% of the cost goes towards building the service, while the remaining 80% of cost goes towards running the service over its lifetime. That 80% revolves around people, processes and tools. ITIL pulls together all these factors by establishing a common language and a unified set of best practices.
In the end, as Baker says, it’s all about getting the right people in the right places with the right skillsets to fulfill the processes. But even that description is incomplete. It’s all those things, plus establishing a situation where the 80% part of the ratio – the services team -- can feel free to push for innovation and, via that freedom, achieve a sense of fulfillment that will keep them moving ahead successfully in their jobs.
When Baker started with the council a year ago he found a technically capable organisation that had room to grow on the customer service side. As he says, it all relates back to the people. One person had been in the same job for 15 years, surely making him an ideal candidate to expand his skillset. Baker set about providing an environment that would offer staff a framework within which they could grow.
“When it comes to service management you’ve basically got two aspects to consider. You’ve got the service support function, which is about how to operate the business day-to-day. It is about incident management, problem management, release management, all those sorts of things. The other side is about service delivery – about management of SLAs, service continuity planning… If you boil that down it is about the business process in delivering services within IT. Having an ITSM infrastructure makes my job easy. I can sleep at night knowing that I have a framework in use.”
Baker is the sort of manager who looks to his staff to determine their own future. His first task with ITSM was to get people to buy in to the idea. The basic message behind his offering was that ITSM – if they took it up – would supply numerous mutual benefits to the team and to the business. It could improve their performance by enabling them to work smarter rather than harder.
Baker expected a negative reaction. Instead, in his own words, he was blown away by the response. “It was if they had been waiting for me to introduce it,” he says.
Baker’s next step was to identify key players for the ITIL process, people with influence among the staff. Then began the in-house training programme, introducing the chosen ones to the world of ITIL and its processes. At this stage nearly half of the relevant staff – around 30 people -- have undergone the course and received certification in ITIL service management.
It is still too early to talk about solid benefits in ROI (return on investment) terms, but Baker has no doubts about how effective the programme has been internally. “There is a lot more to do,” he says. “We are still in the early stages.”
Aside from the staff aspect, Baker can point to some positive outcomes. With help from HP consultants, the council team – using the ITIL approach -- had identified a need for greater focus on repeat incidences. “As a result of that feedback we now have a problem management team and a forum that does exactly that,” he says. “They take those repeat incidences and micromanage them in order to ensure they don’t happen again. That’s an immediate customer benefit and one I can demonstrate. But we still haven’t achieved optimum benefits from the new framework. We are getting there.”
Baker says one aim is to achieve a seamless introduction of new technology without interfering with staff activities. Under the ITIL framework they are defining how and where their planning could improve. Staff have also developed a new system development lifecycle for one of the council’s key applications. “When we roll this thing out we don’t want to drop the business. Under the ITIL framework the product will work when staff turn up on Monday.”
ITIL has definitely resulted in helpdesk improvements, says Baker. The service management framework has been used to develop a trend analysis methodology that is resulting in fewer repeat calls for the same fault.
Baker says an important advance is that the IT team is now focused on being proactive, whereas in many businesses technical staff tend to be reactive. Problem management, a specific discipline within ITIL, focuses on trend analysis and ways to reduce the time of a fault as well as the number of faults. Customers of IT services at the council could expect to see definite benefits.
Baker recalls one application that had been undergoing numerous releases each year. It obviously needed to be managed in a more efficient way. “After going through the ITIL process we felt it needed to be re-worked under best practice guidelines. It is very refreshing to be able to use ITIL to bring you back to the basics when you are running at 90 miles an hour. Parts of the application needed to have ownership. So what the team did was identify the key components of the release management process. We needed a manager to own testing, a manager to own the infrastructure piece of the release and the business continuity piece. With all those pieces in place the release process moves more smoothly.”
Is it possible to over-manage? Absolutely, says HP’s Kelbrick. Some people can have ownership and do all the managing in the world – but in the wrong place. It’s like wheels spinning. “Part of ITIL is about recognising the value of what you do for the business,” he says. “It’s about focusing on adding more to that valuable piece. Let’s not waste time writing reports that are not required.”
Equally important is ITIL’s effect on teamwork. Now that key staff are fully trained, says Baker, they have a common language when they talk about service continuity. Without that approach, service could mean different things to different people. “People now have a library book that service continuity is this, availability is this… It brings everyone together. What we have found is that people who haven’t gone through the ITIL process feel they are missing out. It’s a bit like the alien Klingons of television fame. They talk in their own language and people think, ‘Gee, I need a piece of this. This is great.’ They see the excitement that talking in Klingon creates, the great enthusiasm to move forward.”
Be warned, though. The last thing you want to do is apply ITIL-inspired changes over everything right from the start. Give yourself time to learn and time for your team to get accustomed to the idea of using the framework. Kelbrick advised Baker to get his staff to identify problem areas as a starting point. Once those had been detailed, Kelbrick suggested that the staff choose three or four that would not be too hard to fix. Items on the list ranged from large to small and included release management, service continuity, capacity performance management.
The next step was to work with HP to develop an enterprise roadmap. All the chosen processes went through an ITIL concept filter. What emerged was a series of business cases that identified the benefits of doing things a certain way. The process inspired staff involved with the projects to think creatively about concepts, business cases, benefits and ROI. Anyone seeking to improve a process had to put it through the ITIL filter. The emerging businesses cases are reviewed at peer level and senior management level, depending on the requirements. Finally they get accepted or not, like any other project.
“We are doing the right thing for our ratepayers by spending money on the right things after a suitable level of scrutiny,” says Baker. “That’s not to say we didn’t have a level of scrutiny but now it is more informed and we ask the question, ‘Hey, does this fit with business alignment?’ It ties everything back to giving our ratepayers what they want.”
Baker sees the ITIL imperative as similar to laying a foundation to enable meaningful innovation. Anyone coming up with a request for, say tablet PCs for inspectors, would get a reasoned response based on well defined principles. It’s treating IT changes as a business with a clear ROI.
Again, ITIL is more than that. Baker has used its principles to refine his team and reporting structure. “ITIL has helped us to a degree with writing of job descriptions to fulfill a need and then finding a person for that role.” It’s about structuring the business to better meet its targets. Staff are enthused by this approach – which they help to define – and eagerly volunteer their services. Even more satisfying for Baker is that he has been able to lead the changes without taking on new staff.
“It’s a credit to the staff here,” says Baker. “You start this groundswell and they see a mass of opportunities and they say, ‘Gee, I would love that job, I would like to do that, I am really good at that…’ They define their roles themselves. That makes my job easy because all I have to do is facilitate the change.”
A more subtle impact can be seen in the fact that fulfilled staff have less motivation to look outside than those who are not so happy. In a tight market that is a happy situation.
This happy situation leads Baker to talk of other possible outcomes. For example, Auckland City is embarking on a shared services plan with other councils. He sees potential for libraries to work more together and sees an opportunity for the council’s new data centre to be used more fully. “There’s an opportunity there,” he says. “Instead of having the consortium host it with an EDS or an IBM or an HP, we ask, ‘Why don’t we do it?’ As long as we are comfortable with the idea and have the capability and it makes sense, we could maximise our ROI, we could reduce costs to the consortium. ITIL helps us because we need to understand that we have the capability to provide this service and we have a benchmark that supports it. ITIL talks about budgets and their management as well.”
It’s hard to argue with a man who feels so positive about what he is doing. For Baker, it is apparent that ITIL is an enabler of cultural change within business. He talks about how, if he had walked into the data centre some months ago and said, “I want to host”, he would have been told to forget it. It’s all about growth, he says. People who feel more fulfilled will grab an opportunity and go for it. “Part of the feedback I get here is that if I had pushed for many of the same things 12 months ago I wouldn’t have got anywhere. We still have our issues, but from my perspective I have seen huge benefits. I have seen the quality of my leaders reach to best practice. I am very proud of that.”
ITIL appears to be a journey. It’s obvious that Baker’s vision of what is achievable will reach higher as each new goal is surmounted. But, like any journey, you and your team need to be ready for it. Embark on the journey at the right moment and you will take your team with you to ever greater heights. At least, that’s the way it looks at Auckland City Council.
IT frameworks demystified
By Bob Violino
As IT becomes increasingly automated under the new data centre architecture, more companies are embracing best-practices procedures outlined in formal IT frameworks. At stake are service quality, security, regulatory compliance and other increasingly important strategic corporate goals.
The IT infrastructure library (ITIL), control objectives for information and related technology (Cobit), capability maturity model integration (CMMi) and ISO 17799 are playing the biggest roles in the creation of the new data centre. "These frameworks were written by different groups at different times for different reasons . . . but each has contributions to make to the new (virtualised) data centre," says David Pultorak, president of Fox IT, a consulting firm specialising in IT service management.
Pultorak uses ITIL for service management as an example of how an IT framework can serve as a steppingstone to the new, more agile data centre. "The ITIL framework supports defining services in a way that is distinct from the technology that underpins them, allowing flexibility in what technology components are used to support and deliver the service," he says.
While some duplication occurs among the frameworks, they are more complementary than overlapping and companies often employ more than one.
Popular in Europe for years, ITIL is gaining attention at US organizations and in New Zealand. The framework originates with the Central Computer and Telecommunications Agency (now the Office of Government Commerce) in the UK, which developed this set of best practices standards for IT service management in the late 1980s. The IT Service Management Forum, a global organisation consisting of more than 12,000 corporate and government members, is responsible for advancing IT best practices through the use of ITIL.
Organised into a set of "books", ITIL offers a customisable framework of practices to provide high-quality service to internal users. ITIL covers functions such as service support, software support, computer operations and security management.
"ITIL is applicable to the data centre because companies can use it to make sure they're doing the right things in terms of processes," Pultorak says. For example, an insurance firm with a service-oriented data centre could use ITIL procedures to ensure claims processing data is always available.
Organising around services sets the stage for the linkages between business and IT to be automated, Pultorak says. "With this stage set, and with the right infrastructure and management technologies, previously unimaginable levels of data centre agility will enable greater business agility."
Developed in 1996 by the Information Systems Audit and Control Association and IT Governance Institute as a standard for IT security and control practices, Cobit provides a reference framework for IT, security, auditing managers and users. Now in its third edition, Cobit is growing in acceptance as a good practice for control over data, systems and related risks. It helps companies deploy effective governance over systems and networks.
Cobit's Management Guidelines component consists of tools to measure a company's capabilities in 34 IT processes. These include performance measurement elements, a list of critical success factors that provides best practices for each IT process, and maturity models to help in benchmarking.
"Cobit's real focus is on whether or not you have controls in place that ensure you are compliant with relevant regulatory authorities," Fox IT's Pultorak says. "It helps organisations determine if they are doing what they said they would and if they are able to show evidence of this." For example, if a corporation said it would secure entry to its data centre using a logon process, it can show completed logs for a given period based on Cobit.
The standard is becoming important as organisations work to be compliant with the Sarbanes-Oxley Act and other regulations. It's also important to the data centre because it offers a way to implement controls in processes.
Published by the Software Engineering Institute at Carnegie Mellon University in 1991, CMMi has evolved into a framework to help guide process improvements in software development, systems engineering and R&D.
The framework is used to improve the quality of products and services, increase development efficiency and reduce the risks associated with development projects. It has five levels of organisational "maturity", with each level representing a set of best practices that organisations must implement to make improvements.
CMMi can be helpful for new data centre efforts when it is used to measure the relative maturity of IT processes. For example, before the IT department at a retailer began operational process improvements, it called on Fox IT to assess maturity, Pultorak says. The problem management process was immature while the incident management process was mature, he says. "This was an important first step ... so it had the basis for making improvements in the right places and in the right measure," he says.
ISO 17799, developed by the International Organisation for Standardisation in 2000, is a detailed security standard organised into major areas: business continuity planning, system access control, system development and maintenance, physical and environmental security, compliance, personnel security, security organisation, computer and operations management, asset classification and control and security policy.
In fact, ITIL's security management guidelines are based on the ISO 17799 standard.
The standard establishes best practices to ensure that business operations will keep running if a systems outage or other interruption occurs; to control access to data, systems and networks; to protect the confidentiality and integrity of information; to prevent unauthorised access to business facilities; and to comply with regulations.
Beware of framework overload
All the IT frameworks are generally accepted as best practices, experts say. Adopting them for data centre automation lets companies align processes internally and with business partners.
"If you cook up your own thing, it becomes harder to integrate with others and harder to defend yourself under scrutiny of an audit," Pultorak says. Still, firms need to be aware of framework overload.
"Companies need to have a focus, set goals for implementing frameworks and devote adequate project management resources," Pultorak says. "If you overdo these frameworks and misapply them or are not sure what the implementation is, the result can be less than satisfactory."
It also can be expensive. Depending on the scope, each implementation can cost global companies hundreds of thousands of dollars. Costs can be hard to pin down because they include expenses such as training, consulting and software products that support the frameworks.
Measuring ROI of deployments also can be difficult. "Since the focus is on process improvements -- not just technology assets -- IT managers generally don't understand how to do an ROI assessment," says Ruben Melendez, president of Glomark Group, a consulting firm specialising in technology ROI. "Very few companies have done an ROI assessment of their ITIL (or other framework) implementations." Most of the economic benefits come from higher business processes uptime, he says.