The Information Technology Infrastructure Library (ITIL) is a set of concepts and practices for managing Information Technology (IT) services (ITSM), IT development and IT operations.
ITIL stresses service quality and focuses on how IT services can be efficiently and cost-effectively provided and supported. In the ITIL framework, the business units within an organization who commission and pay for IT services (e.g. Human Resources, Accounting), are considered to be "customers" of IT services. The IT organization is considered to be a service provider for the customers.
It primarily focuses on what processes are needed to ensure high quality IT services; however, ITIL does not provide specific, detailed descriptions about how the processes should be implemented, as they will be different in each organization. In other words, ITIL tells an organization what to do, not how to do it.
The ITIL framework is typically implemented in stages, with additional processes added in a continuous service improvement program.
Organizations can benefit in several important ways from ITIL:
· IT services become more customer-focused
· The quality and cost of IT services are better managed
· The IT organization develops a clearer structure and becomes more efficient
· IT changes are easier to manage
· There is a uniform frame of reference for internal communication about IT
· IT procedures are standardized and integrated
· Demonstrable and auditable performance measurements are defined
ITIL is a series of books that outline a comprehensive and consistent set of process-based best practices for IT Service Management, promoting the ultimate achievement of IT Service Management goals. IT Service Management (ITSM) is the process of managing IT services to effectively and efficiently meet the needs of the customer.
In 2001, version 2 of ITIL was released. The Service Support and Service Delivery books were redeveloped into more concise usable volumes and consequently became the core focus of ITIL. Over the following few years it became, by far, the most widely used IT service management best practice approach in the world.
In May 2007 version 3 of ITIL was published. This adopted more of a lifecycle approach to service management, with greater emphasis on IT business integration.
Where ITIL V2 outlined what should be done to improve processes, ITIL V3 explains clearly how you should go about doing it.
ITIL V2 Explained
The Service Management section of ITIL V2 consists of eleven disciplines and is divided into two sections as follows:
• Configuration Management
• Service Desk
• Incident Management
• Problem Management
• Change Management
• Release Management
• Availability Management
• IT Services Continuity Management
• Capacity Management
• Financial Management
• Service Level Management
Here are the details of Service support components.
1. Configuration Management
• Providing information on the IT infrastructure
o To all other processes
o IT Management
• Enabling control of the infrastructure by monitoring and maintaining information
o All the resources needed to deliver services
o Configuration Item (CI) status and history
o Configuration Item relationships
• Identification and naming
• Management information
• Status Accounting
Asset: Component of a business process like people, accommodation, computer systems,
paper records, fax machines, etc.
Configuration Management Database: A database, which contains all relevant details of
each Configuration Item (CI) and details of the important relationships between CIs.
A Configuration Item (CI):
• Is needed to deliver a service
• Is uniquely identifiable
• Is subject to change
• Can be managed
A Configuration Item (CI) has:
• a Category
• a Status
Variant: A Configuration Item (CI) that has the same basic functionality as another
Configuration Item (CI) but is different in some small way (ex: has more memory)
Baseline: A snapshot of the state of a Configuration Item and any component or related
Configuration Items, frozen in time for a particular purpose (such as the ability to return a
service to a trusted state if a change goes wrong)
Configuration Management supports all other processes!
Scope vs. Detail
Relationships – Common Types:
• Is a component of
• Is a copy of
• Relates to
• Relates with
• Is used by
2. Service Desk
• To be the primary point of call for all:
• To restore the service as quickly as possible
• To manage the incident life-cycle (coordinating resolution)
• To support business activities
• To generate reports, to communicate and to promote
• Call Center: Handling large call volumes of telephone-based transactions.
• Help Desk: To manage, coordinate, and resolve Incidents as quickly as possible.
• Service Desk: Allowing business processes to be integrated into the Service
Management infrastructure. It not only handles Incidents, Problems and questions,
but also provides an interface for other activities.
Service Desk Essentials:
• Single point of contact / Restore service ASAP
• Tasks: Customer Interface, Business Support, Incident Control & Management
• Concentrates on incident lifecycle management
• Incident: Unexpected disruption to agreed service
• Priority determined by business impact and urgency
• Correct assessment of priorities enables the deployment of manpower and other
resources to be in the best interests of the customer
• Escalation and referral
3. Incident Management
• To restore normal service as quickly as possible
• Minimize the adverse impact on business operations
• Ensuring that the best possible levels of service quality and availability are
maintained according to SLAs.
Incident: Any event which is not part of the standard operation of a service and which
causes or may cause an interruption to or a reduction in the quality of that service.
Work-Around: Method of avoiding an Incident or Problem.
Service Request: Every Incident not being a failure in the IT Infrastructure.
Problem: The unknown root cause of one or more incidents.
Known Error: A condition that exists after the successful diagnosis of the root cause of a
problem when it is confirmed that a CI (Configuration Item) is at fault.
Impact on the business + Urgency / Effect upon business deadlines = Priority
Category: Classification of a group of Incidents (Application, Hardware, etc.)
Escalation (Vertical Escalation): escalates up the management chain.
Referral (Horizontal Escalation): escalates to a different knowledge group. Routing.
• Accept Service Event, Register and Consult the CMDB
Reporting is VERY important.
• Daily reviews of individual Incident and Problem status against service levels
• Weekly management reviews
• Monthly management reviews
• Proactive service reports
4. Problem Management
• Stabilizing IT services through:
o Minimizing the consequences of incidents
o Removal of the root causes of incidents
o Prevention of incidents and problems
o Prevent recurrence of Incidents related to errors
• Improving productive use of resources
• Problem Control
• Error Control (including raising RfCs – Request for Change)
• Proactive Prevention
• Identifying Trends
• Management Information
• Posit Implementation Review (PIR)
Goal is to get from reactive or proactive. Stop problems from occurring / recurring.
• Incident details
• Configuration details
• Defined work-arounds
• Known Errors
• Requests for Change
• Updated Problem Records including work-arounds and/or solutions
• Response to Incident Management from Matching Management Information
• Assign Resources
• Investigation and Diagnosis
• Establish Known Error
• Error Identification and Recording
• Error Assessment
• Recording Error / Resolution (Send out RfC)
• Error Closure
Known Error: An Incident or Problem for which the root cause is known and for which a
temporary Work-around or a permanent alternative has been identified.
Proactive Problem Management:
• Trend Analysis
• Targeting Support Action
• Providing Information to the Organization
Known Errors resulting from Development should be made known to the Helpdesk.
Reporting is also key for Problem Management.
5. Change Management
Objective: To implement approved changes efficiently, cost-effectively and with minimal
risk to the existing and to the new IT infrastructure. Only approved changes made, risk
and cost minimized.
Change Management Tasks:
• Filtering Changes
• Managing Change Process
• Managing Changes
• Chairing CAB and CAB/EC
• Review and Closure
• Management Information
• Requests for Change (RfC)
• Forward Schedule of Changes (FSC)
• Forward Schedule of Changes (FSC)
• Requests for Change (RFC)
• CAB minutes and actions
• Change management reports
Impact of change:
• Category 1
o Little impact on current services. The Change Manager is entitled to
authorize this RfC.
• Category 2
o Clear impact on services. The RfC must be discussed in the Change
Advisory Board. The Change Manager requests advice on authorization
• Category 3
o Significant impact on the services and the business. Considerable
manpower and/or resources needed. The RfC will have to be submitted to
the board level (CAB/EC – Change Advisory Board / Executive
o Change necessary now (otherwise severe business impact)
o Change needed as soon as possible (potentially damaging)
o Change will solve irritating errors or missing functionality (can be
o Change leads to minor improvements
A change backout plan must always be possible.
Change management always ends with a review of the change.
Change: The addition, modification, or removal of approved, supported or baselined
hardware, network, software, application, environment, system, desktop build or
Request for Change: Form or screen, used to record details of a request for a change to
any CI within an infrastructure or to procedures and items associated with the
Forward Schedule of Changes (FSC): Schedule that contains details of all the Changes
approved for implementation and their proposed implementation dates.
Change Management Process
1. Request for a Change
2. Registration and Classification
3. Monitoring and Planning
5. Build & Test
6. Authorize Implementation
6. Release Management
• Safeguard all software and related items
• Ensure that only tested / correct version of authorized software are in use
• Ensure that only tested / correct version of authorized hardware are in use
• Right software, right time, right place
• Right hardware, right time, right place
• Define the release policies
• Control of the Definitive Software Library (DSL)
• Control of the Definitive Hardware Storage (DHS)
• Distribute Software and Associated CIs
• Carry out S/W audits (using CMDB)
• Manage the software releases
• Oversee build of the software releases
Releases are done under the control of Change Management.
DSL : Definitive Software Library. Reliable versions of software in a single logical
location. However, software may be physically stored at different locations.
• Release Unit
• Full / Package / Delta Releases
• Emergency Change
• Software Control and Distribution (operational)
• Change Management (control)
• Configuration Management (control and administration)
Only process which creates its own policy.
Here are the details of Service Delivery components.
1. Availability Management
• To predict, plan for and manage the availability of services by ensuring that:
o All services are underpinned by sufficient, reliable and properly
o Where CIs are not supported internally there are appropriate contractual
agreements with third party suppliers
o Changes are proposed to prevent future loss of service availability
• Only then can IT organizations be certain of delivering the levels of availability
agreed with customers in SLAs.
Aspects of Availability:
• Maintainability: Maintenance you do yourself, as a company
• Resilience: Redundancy
• Serviceability: Maintenance done by someone else
Availability Information is stored in an Availability Database (ADB). This information is
used to create the Availability Plan. SLAs provide an input to this process.
MTTR: Mean Time to Repair (Downtime) – Time period that elapses between the
detection of an Incident and it’s Restoration. Includes: Incident, Detection, Diagnosis,
Repair, Recovery, Restoration.
MTBF: Mean Time Between Failures (Uptime) – Time period that elapses between
Restoration and a new Incident.
MTBSI: Mean Time Between System Incidents – Time period that elapses between two
incidents. MTTR + MTBF.
“An IT service is not available to a customer if the functions that customer requires at
that particular location cannot be used although the agreed conditions under which the IT
service is supplied are being met”
Simplistic Availability Calculation:
Agreed Service Hours – Downtime 100
------------------------------------------ X ----
Agreed Service Hours 1
2. IT Service Continuity Management
• Increases Business dependency on IT
• Reduced cost and time of recovery
• Cost to customer relationship
Many businesses fail within a year of suffering a major IT disaster.
Business Impact Analysis:
• Value of Assets
• Planning for potential disasters
• Managing a disaster
Risk Analysis: Based on the CCTA Computer Risk Analysis and Management
1. Do nothing
2. Manual workarounds
3. Reciprocal arrangements
4. Gradual Recovery (cold standby)
5. Intermediate Recovery (warm standby)
6. Immediate Recovery (hot standby)
Cold start = accommodation. Environmental controls; power and communications
Hot start = cold start + computing equipment and software
7 Sections of the Plan:
2. The IT Infrastructure
3. IT Infrastructure management & Operating procedures
6. Contingency site
7. Return to normal
Test and Review:
• Initially then every 6 to 12 months and after each disaster
• Test it under realistic circumstances
• Move / protect any live services first
• Review and change the plan
• All changes made via the CAB – Change Advisory Board
• Assists in fast, controlled recovery
• Must be given wide but controlled access
• Contents (incl. Admin, Infrastructure, People, Return to normal)
• Options (incl. Cold & Hot Start)
• Must be tested regularly – without impacting the live service
3. Capacity Management
To determine the right, cost justifiable, capacity of IT resources such that the Service
Levels agreed with the business are achieved at the right time.
• Demand Management
o Business Capacity Management
• Workload Management
o Service Capacity Management
• Resource Management
o Resource Capacity Management
While doing the above, also need to do:
• Performance Management
o Internal and External Financial Data
o Usage Data
o SLM Data / Response Times
CDB – Capacity Data Base – Contains all Metrics, etc. Used to create a Capacity
Management Plan. Performance Management Data populates the CDB.
• From Customer Demands to Resources
• Demand Management
• Workload Management
• Performance Management
• Capacity Planning
• Defining Thresholds and Monitoring
Application Sizing: To estimate the resource requirements to support a proposed
application change to ensure that it meets its required service levels.
• Trend Analysis
• Analytical Modeling
• Simulation Modeling
• Baseline Models
• Used to Answer the “What If… “ questions
• Data for Modeling comes from the CDB
4. Financial Management
To provide information about and control over the costs of delivering IT services that
support customers business needs.
Costing is a must!
Input cost units recommended by ITIL:
• Equipment Cost Units (ECU)
• Organization Cost Units (OCU)
• Transfer Cost Units (TCU)
• Accommodation Cost Units (ACU)
• Software Cost Units (SCU)
Equipment = hardware
Organization = staff
Transfer = costs which IT incurs acting as an agent for the customer, they do not appear
as a cost against the IT department’s budget
Accommodation = buildings
Software = software
Different Cost Types:
• Fixed - unaffected by the level of usage
• Variable - varying according to the level of usage
• Direct - usage specific to one service
• Indirect or Overhead – usage not specific to one service
• Capital – not diminished by usage
• Revenue or running – diminish with usage
• Recover from customers the full costs of the IT services provided
• Ensure that customers are aware of the costs they impose on IT
• Ensure that providers have an incentive to deliver and agreed quality and quantity
of economic and effective services
Charging and Pricing Options:
• No Charging – IT treated as support center
• Notional Charging – IT treated as cost center
• Actual Charging
• Recover of Costs – IT treated as a service center
• Cost Price Plus – IT treated as a profit center
• Market Prices – IT treated as a profit center
Support and Cost centers used “soft charging” in which no money changes hands; service and profit centers use “hard costing” in which money is transferred between bank
Profit centers focus on the value of the IT service to the customer
Good Financial Management minimizes the risks in decision making
Three Main Processes:
Budgeting: The process of predicting and controlling the spending of money within the
enterprise and consists of periodic negotiation cycle to set budgets (usually annual) and
the day-to-day monitoring of the current budgets. Key influence on strategic and tactical
IT Accounting: The set of processes that enable the IT organization to fully account for
the way its money is spent (particularly the ability to identify costs by customer, by
service, by activity).
Charging: The set of processes required to bill a customer for the services applied to
them. To achieve this requires sound IT Accounting, to a level of detail determined by
the requirements of the analysis, billing, and reporting procedures.
5. Service Level Management
Balance between the Demand for IT services and the Supply of IT services by knowing
the requirements of the business and knowing the capabilities of IT.
• Business-like relationship between customer and supplier
• Improved specification and understanding of service requirements
• Greater flexibility and responsiveness in service provision
• Balance customer demands and cost of services provision
• Measurable service levels
• Quality improvement (continuous review)
• Objective conflict resolution
• Service Catalog
• Service Level Requirements
• Service Level Agreement
• Operational Level Agreements (OLA) and Contracts
• Service Specsheet
• Service Quality Plan
• Monitor, Review and Report
• Service Improvement Programs
• Customer Relationship Management
Minimum Requirements for an Agreement:
• Service Description
• Response Times
Other Possible Clauses:
• Contingency arrangements
• Review procedures
• Change procedures
• Support services
• Customer responsibilities
• Inputs and Outputs
Ideally contracts are based on targets in the SLA
SLAs must be monitored regularly and reviewed regularly
• Monitor to see if service is being delivered to specification
• Review to see if service specification is still appropriate
Overview of the ITIL v3 library
Five volumes comprise the ITIL v3, published in May 2007:
1. ITIL Service Strategy
2. ITIL Service Design
3. ITIL Service Transition
4. ITIL Service Operation
5. ITIL Continual Service Improvement
As the center and origin point of the ITIL Service Lifecycle, the ITIL Service Strategy volume provides guidance on clarification and prioritization of service-provider investments in services. More generally, Service Strategy focuses on helping IT organizations improve and develop over the long term. In both cases, Service Strategy relies largely upon a market-driven approach. Key topics covered include service value definition, business-case development, service assets, market analysis, and service provider types. List of covered processes:
- Service Portfolio Management
- Demand Management
- IT Financial Management
- Supplier Management
The ITIL Service Design volume provides good-practice guidance on the design of IT services, processes, and other aspects of the service management effort. Significantly, design within ITIL is understood to encompass all elements relevant to technology service delivery, rather than focusing solely on design of the technology itself. As such, Service Design addresses how a planned service solution interacts with the larger business and technical environments, service management systems required to support the service, processes which interact with the service, technology, and architecture required to support the service, and the supply chain required to support the planned service. Within ITIL v2, design work for an IT service is aggregated into a single Service Design Package (SDP). Service Design Packages, along with other information about services, are managed within the service catalogs. List of covered processes:
- Service Catalogue Management
- Service Level Management
- Risk Management
- Capacity Management
- Availability Management
- IT Service Continuity Management
- Information Security Management
- Compliance Management
- IT Architecture Management
- Supplier Management
Service transition, as described by the ITIL Service Transition volume, relates to the delivery of services required by a business into live/operational use, and often encompasses the "project" side of IT rather than "BAU". This area also covers topics such as managing changes to the "BAU" environment.
List of processes:
- Service Asset and Configuration Management
- Service Validation and Testing
- Release Management
- Change Management
- Knowledge Management
Best practice for achieving the delivery of agreed levels of services both to end-users and the customers (where "customers" refer to those individuals who pay for the service and negotiate the SLAs). Service operation, as described in the ITIL Service Operation volume, is the part of the lifecycle where the services and value is actually directly delivered. Also the monitoring of problems and balance between service reliability and cost etc are considered. The functions include technical management, application management, operations management and Service Desk as well as, responsibilities for staff engaging in Service Operation.
List of processes:
- Event Management
- Incident Management
- Problem Management
- Request Fulfillment
- Access Management
Continual Service Improvement (CSI)
Aligning and realigning IT services to changing business needs (because standstill implies decline).
Continual Service Improvement, defined in the ITIL Continual Service Improvement volume, aims to align and realign IT Services to changing business needs by identifying and implementing improvements to the IT services that support the Business Processes. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. To manage improvement, CSI should clearly define what should be controlled and measured.
CSI needs to be treated just like any other service practice. There needs to be upfront planning, training and awareness, ongoing scheduling, roles created, ownership assigned, and activities identified to be successful. CSI must be planned and scheduled as process with defined activities, inputs, outputs, roles and reporting.
List of processes:
- Service Level Management
- Service Measurement and Reporting
- Continual Service Improvement