IT—surrounded by alligators ...................................2Learning in year one..............................................2ITIL has changed as IT has changed.........................2ITIL is needed more than ever. .................................4ITIL serves a variety of IT needs................................5IT initiatives provide opportunities for ITIL v3 adoption. .................................................6

Why choose HP for IT service management?.............7We have the people. .............................................7We have the experience. .......................................7We have the technology.........................................7Learn more. ..........................................................7

ITIL v3—what have we learned in one year?White paper

IT—surrounded byalligatorsThere’s a well-known business proverb that when you’resurrounded by alligators, it’s hard to remember yourinitial objective was to drain the swamp. That’s thesituation IT executives have faced for a number of years.While analysts, vendors and the trade press touted“business-IT alignment,” IT operations executives havebeen pressed to deliver acceptable service levels for basicapplications, and they have had to focus their attentionon the mundane, though critical, task of containing costsby squeezing more productivity out of IT operations andsupport staff. This need was reflected in the widespreadadoption in the 1990s of the IT Infrastructure Library (ITIL)as a set of best practices designed to help IT deliverquality services and to increase operational efficiency.

But progress has been made. While IT maturity varies,most IT organizations have now implemented thefundamental processes needed to deliver basic servicesand to do it efficiently, and IT executives are nowbeginning to seek a more equal partnership with businessmanagers as providers of business value. According to asurvey by CIO Insight, 60 percent of CIOs say improvingalignment with business objectives is their top managementpriority for 2008. And just as ITIL played a key role inhelping IT solve the quality of service and operationalefficiency problems of the 1990s and early 2000s, ITILv3, released in 2007, offers IT a set of practices forbetter matching investments and activities with businesspriorities. ITIL v3 is a prescription for business-IT alignment.

Awareness and adoption of ITIL v3 varies widely. But forenterprises taking the first steps, how is it working? Whatdo the early returns say? This paper presents our findingsand experiences working with IT operations organizationsas they evaluate ITIL v3, develop implementationstrategies and begin to implement the expanded new processes.

Learning in year oneIt has only been one year, but IT organizationscommitted to ITIL are moving. According to IDC, a totalof 28.3 percent of respondents (companies with 10,000employees or more) are planning on moving to ITILversion 3 with at least one workflow within the next 18months.1 What else have we learned? Here are some ofthe trends and truths we have seen emerge as enterprisesevaluate and begin to implement elements of ITIL v3.

ITIL has changed as IT has changed.With v3, the authors of ITIL have shown us that theyunderstand the changing dynamics that affect IT. Earlierversions of ITIL helped IT improve operational efficiencyby implementing effective and efficient processes fordeploying, changing and managing services—the thingsIT delivers to the business so business users can do theirjobs. ITIL v3 retains and improves these previously definedprocesses. According to ITIL authors, approximately 95percent of ITIL v2 remains and is still applicable. WhatITIL v3 adds is a mandate for IT to view IT services inthe context of the business goals they support.

1 IDC, ITIL Adoption Continues: What’s Next on the Maturity Horizon,Document #211340, April 2008

2

To illustrate, suppose the IT organization in a largecorporation provides a remote access system—based onCitrix Presentation Server or Microsoft® Terminal Services—so remote users can access data center applications. ITmanagers would view this as an IT service and wouldsay the goal of the service is to provide remote access todata center applications, and further, that the businessneed fulfilled is remote access to data center applications.To measure the success of the service, IT operations wouldmeasure the conformance of factors like availability andresponse time to established service level agreements.This is not wrong; it’s just an IT-centric rather than abusiness-centric way to view the service.

ITIL v3 prompts IT to examine the actual business needsdriving the need for a service. Business managers mightsay an objective of the remote access service was toincrease repeat orders by enabling field sales people tolook up the status of an order and place follow-on orderswhile in the customer’s office. The support organizationmight view it as enabling support personnel to accessrepair parts inventory and order parts from on site so thatsupport commitments of the business can be fulfilled whileoperating within the efficiency parameters underlyingthe organization’s profitability model. Viewing servicesin the context of the actual business needs they fulfillalso leads us to measure their effectiveness differently.Measurement of our remote access service might nowfocus on the actual use of the service by sales peoplewhile on their customer’s site and on the measuredimprovement in the time it takes to get a repair part tothe customer. If such approaches do not appear tomeasure something IT can directly affect (i.e., “My jobis to make sure the service is available; I can’t make themuse it.”), they at least engage IT in the decision-makingprocess with business managers, and they provide IT abusiness vocabulary to use in discussions rather than“IT-speak.”

The business-IT alignment thrust of ITIL v3 also leads toits most obvious external change—management of ITservices across the span of a defined service lifecycle.The ITIL v3 books are “Service Strategy,” “Service Design,”“Service Transition,” “Service Operation” and “ContinualService Improvement” (Figure 1). Most of the ITIL v2processes for service delivery and service support(capacity management, availability management,incident management, problem management, changemanagement, etc.) have been updated and improvedand are now found in the ITIL v3 “Service Operations,”“Service Design” and “Service Transition” volumes. The ITIL v3 “Service Strategy” and “Continual ServiceImprovement” volumes are based largely on new content.Another new concept in ITIL v3 is the ConfigurationManagement System (CMS) extending the originalConfiguration Management Database (CMDB) to becomea more federated data system.

Anyone who has managed products for a companyrecognizes the lifecycle: identify a market need, evaluatethe financial opportunity, design a product to fulfill theneed, develop the product, etc. That’s the positionproposed for IT by ITIL v3 as it helps IT identify, quantifyand deliver the most value to the business. In ITIL v3“Service Strategy,” IT must become very specific aboutwhat the service does (Service Utility) and how to knowwhether it is meeting its requirements (Service Warranty).Further, the new volume on “Continual ServiceImprovement” underscores the lifecycle approach andprovides IT a set of best practices designed to continuallyassess the success of the service in the “marketplace”and to identify and implement the changes needed. Alifecycle approach and the concept of continual serviceimprovement allow an IT organization to get a service tothe market early to meet pressing needs and then expand

3

and improve it over time in a planned and structuredmanner. This is an important concept which HP hasbeen using to deliver HP Mission Critical and ProactiveServices for more than four years.

ITIL is needed more than ever.It is not coincidental that this major ITIL refresh came ata time when IT is challenged more than ever to both addbusiness value and maintain operational efficiency. Thereare several factors that are increasing pressure on IT.

The first is growth. Demand for IT services continues togrow as business managers use automation to improvetheir own productivity and, increasingly, to reach newcustomers and offer new services. While IT once servedthe needs of internal users to process business transactions,now services extend to customers and prospectivecustomers. And as enterprises begin to apply Web 2.0concepts to reach out and engage more people, thestakes—and corresponding quality of service goals—are higher.

The need for business agility also drives IT. Businessesstrive to respond quickly to market opportunities, andthey seek to improve their market and operating positionsthrough mergers, acquisitions and consolidations. IT mustexpand and change services rapidly as the organizationchanges. For example, blade servers and virtualizationhave enhanced flexibility and lowered hardwareacquisition costs. But these new techniques for hardware

efficiency are not accompanied by a correspondingincrease in management and administration efficiency.In fact, they introduce additional administrative tasks,they impose new training needs and they stress ITprocesses for change and release management. Surveysof CIOs consistently show that up to 80 percent of ITbudgets go to operations and maintenance. And thecost of server management and administration—alreadytwice the acquisition cost—is increasing while acquisitioncost declines.

New application architectures increase the operationalburden for IT. Service-oriented architecture (SOA), forexample, promises agility and software reuse by creatingmodular business services that can be more easilylinked into new “composite” applications by multipledevelopment teams and even multiple businessorganizations. One result is that the large, but predictable,application updates that IT previously rolled out arereplaced by the almost continual release of modifiedservice modules. Change becomes constant, and changein SOA services can ripple through many applicationsand many business units.

For IT, these factors not only up the ante for operationalefficiency, they put a spotlight on business value. ITorganizations that continue to view themselves as internalcost centers can actually impede the achievement ofbusiness goals; whereas, IT organizations that position

4

Figure 1. ITIL v3 volumes

Service strategy (SS)• Strategy generation• Financial management• Services portfolio management• Demand generation

Service transition (ST)• Transition planning and support• Change management• Service asset and configuration management• Release and deployment management• Service validation and testing• Evaluation• Knowledge management

Service design (SD)• Service catalog management• Service-level management• Capacity management• Availability management• IT service continuity management• Information security management• Supplier management

Service operation (SO)• Event management• Incident management• Request fulfillment• Problem management• Access management

Continual service improvement (CSI)• Seven-step improvement process• Service measurement• Service reporting

themselves as service providers to the business—andrecognize that they may compete with external serviceproviders for their role in the enterprise—can come tothe table as true business partners.

ITIL serves a variety of IT needs.ITIL is clear about one thing—if you don’t need ITIL v3,if it doesn’t fit your business or if you’re not ready for thatstep, don’t do it. Each enterprise is unique, and eachmust steer a course that best matches its situation andtracks its business strategy. While some enterprises HPworks with are planning full rollouts, most IT organizationsare initially looking for the low-hanging fruit in ITIL v3—the few basic practices that promise to solve pressingproblems or create quick wins. They are investigatingwhere they will get the most return on their investment,and they are planning an incremental implementationdesigned to capture the most value early.

IT maturity varies across industries, companies andeven within divisions of a company. (And the alligatorsmust still be held at bay.) IT organizations must achievecontrol of fundamental processes to prevent firefightingso they can develop the time and resources to improveprocesses and add new ones. Many organizations areat this stage and still have basic quality of service andoperational efficiency objectives to achieve. Many arein the midst of implementing the processes defined inITIL v2. Clearly they should continue the course. Overall,IDC expects that within four years, penetration of ITILwithin IT departments may increase to about 60 percentor more, given vendor efforts to market ITIL-based orsupported solutions as well.2

And it is not just a matter of IT maturity. Differententerprises have different focuses depending on theirstrategy for being successful in the markets they serve.Many businesses seek new markets and new businessmodels. For them, investments will be measured carefullyon the extent to which they further the business plan.However, the bread-and-butter of many enterprises isdelivering commodity goods and services into establishedmarkets, and the objective here is to squeeze out everybit of cost that is possible. For these companies, improvingIT operational efficiency is business-IT alignment.

ITIL v3 offers value for both business models andeverything in between. Even IT organizations for whichoperational efficiency is the watchword must arrive atthis conclusion through thoughtful strategy planning withbusiness users. Each existing and potential IT servicemust be evaluated on how it enhances the operationaleffectiveness of business users compared to the cost todevelop, deliver, support and maintain the service. In ITILv3, this is service strategy. If our remote access serviceis really just a convenience for users, then service strategyprocesses help IT and business managers understandthis, quantify the business value and make decisionsbased on it.

2 IDC, ITIL Adoption Continues: What’s Next on the Maturity Horizon,Document #211340, April 2008

5

In a similar way, the ITIL v3 processes for continual serviceimprovement offer value for every business. Continualservice improvement prompts IT to establish a seven-stepimprovement process as a systematic way to establishservice goals, measure progress and identify steps forimprovement. Underlying the seven-step improvementprocess are procedures for service monitoring andreporting. This recognizes the fact that things change—both IT services and the business needs prompting theircreation. Continual service improvement helps IT identifyand track changes and determine when to intervene bychanging the service. HP has found service improvementinitiatives to be so beneficial that we offer consultingservices, embodying continual service improvementprocesses and tools, specifically designed to helpenterprises improve services and service management.

IT initiatives provide opportunities for ITIL v3 adoption.SOA initiatives and other significant projects like thedeployment of new infrastructure and major enterpriseresource planning (ERP) updates can serve as catalystsfor the implementation of improved processes. Planningfor these activities provides an opportunity to considerwhat improvements in processes will be required tosupport them and how those new processes can beleveraged across existing operations.

We see many enterprises implementing ITIL v3 practicesusing this opportunistic approach. When the projectinvolves rolling out new services, for example, that isthe ideal time to establish new lifecycle managementprocesses and bring the service under lifecyclemanagement. Once processes for service lifecyclemanagement are established, they can more easily beapplied to existing services.

The galloping rate of change in IT hardware and softwareand the interdependency of services enabled by SOAalso drive a need for IT to implement effective changeand configuration management processes. And it presentsan opportunity to implement a federated configurationmanagement database (CMDB). A CMDB provides asingle version of truth that all teams can use for decision-making, and it lets IT see the impact of change beforethe trigger is pulled. Because CMDBs are supported byautomatic discovery tools, and because a federatedCMDB enables linking to other data sources, CMDBs—once implemented in support of major initiatives—canbe easily extended to other services and facilities. Thisextended view of data sources is reflected in the ITIL v3Configuration Management System (CMS).

CMDBs and configuration management are examplesof improving IT processes through automation. And sinceinitiatives and new programs force IT to re-examine andimprove fundamental processes, they often create theopportunity to introduce automation. Automation canmake processes like incident management, problemmanagement, release and deployment management,and service validation and testing more efficient andmore reliable. When important new systems roll out,this can be as important as system reliability andacquisition cost.

6

Figure 2. HP Universal CMDBenables the ITIL v3 ConfigurationManagement System (CMS).

Visualization

HP Universal CMDB

Changemanagement Impact analysis

Data source

Data m

odel

Discovery and

dependency mapping

Data source Data source

Why choose HP for ITservice management?HP provides products and services to help enterprisesuse IT service management to get the most out of theirinvestments in IT people and infrastructure. Why turnto HP?

We have the people.HP has over 7000 ITIL-skilled professionals in more than170 countries. Twenty-four HP professionals participatein the Institute for Service Management including sixfellows and six luminaries. Five HP consultants authoredportions of ITIL v3.

To help HP consultants deliver consistent and positiveresults working with enterprises, we have developedthe HP Service Management Framework—a holisticapproach for enterprise IT organizations that want tobuild and run an effective service management system.The framework organizes people, processes andtechnology within the service management system basedon related international standards like InternationalOrganization for Standardization/InternationalElectrotechnical Commission (ISO/IEC) 20000 andindustry best practices including ITIL v3, Control Objectivesfor Information and related Technology (COBIT) andCapability Maturity Model Integration (CMMI).

We have the experience.HP has helped enterprises accomplish over 1,000successful ITIL implementations and transformationprojects. More than 80 HP Education Centers havetrained more than 100,000 IT professionals in ITIL,ITSM and HP software.

We have the technology.HP Business Technology Optimization (BTO) softwaresolutions—built around HP Universal ConfigurationManagement Database software—span the ITIL v3service lifecycle and help IT automate and integratethe processes that make IT work. HP BTO softwareenables predictable and reliable business outcomes,and the modular HP approach lets you solve yourbiggest problem or capitalize on your biggest opportunityfirst, then grow the solution to meet your full set of needs.

Learn more.To learn more about HP products and services for ITService Management, visitwww.hp.com/go/servicemanagement andwww.hp.com/go/itsm.

7

To learn more, visit hp.com/go/btosoftware© Copyright 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject tochange without notice. The only warranties for HP products and services are set forth in the express warrantystatements accompanying such products and services. Nothing herein should be construed as constituting anadditional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.Microsoft is a U.S. registered trademark of Microsoft Corporation.

4AA1-9819ENW, June 2008

Technology for better business outcomes