‘ITIL’ is a term that has gained currency around the IT world. It is often wrongly described as ‘IT governance’ – in fact, on its own, it certainly isn’t this. ITIL is a collection of best practices that helps companies implement an IT Service Management culture. However, its growing popularity reflects the substantial impact it can make on a company’s IT and business performance and the fact that, in combination with other frameworks, it is a vital ingredient in creating true IT governance.
What is IT Service Management?
Today’s businesses are increasingly delivered or enabled using information technology. Business and IT management need guidance and support on how to manage the IT infrastructure in order to cost-effectively improve functionality and quality. IT Service Management is a concept that deals with how to define and deliver that guidance and support.
In common with other modern management practice, it views things from the customer’s perspective, i.e. IT is a service that the customer or consumer receives. It can be made up of hardware, software and communications facilities, but the customer perceives it as a self-contained, coherent entity.
So what is ITIL?
Standing for ‘IT Infrastructure Library’, ITIL is a set of best practices that are at the heart of the IT Service Management approach. It provides guidance on how to manage IT infrastructure so as to streamline IT services in line with business expectations. ITIL is a best practice framework, presenting the consolidated experience of organizations worldwide on how best to manage IT services to meet business expectations.
ITIL was originally developed during the 1980s by the UK’s Central Computer and Technology Agency (CCTA), a government body, which created ITIL version 1 as an approach to incorporating various vendor technologies and serving organisations with differing technical and business needs. CCTA has now become part of the Office of Government Commerce (OGC), which, as official publisher of the ITIL library, updated it, published version 2 and continues to develop and support it.
ITIL has since become widely adopted across the world in both public and private sectors and is recognised as best practice, being deployed in organisations of all shapes and sizes.
What makes up the ITIL Library?
ITIL documentation consists of seven ‘sets’ or ‘volumes’: Service Support, Service Delivery, ICT Infrastructure Management, Security Management, Planning to Implement Service Management, The Business Perspective and Applications Management.
Of these, Service Support, Service Delivery and Security Management are considered the central components of the ITIL framework, covering vital issues such as Incident Management, Configuration Management, Change Management, IT Service Continuity Management, Availability Management and IT Security Management.
ITIL Standards
Part of the reason for the growth in ITIL awareness is the publication in December 2005 of a new global standard to which businesses can become certified. ISO 20000 (or ISO/IEC 20000:2005, to give it its correct name) is closely based upon the pre-existing British standard BS15000.
The ISO/IEC 20000 standard comprises two parts: ISO/IEC 20000-1 is the specification for IT Service Management against which an organisation’s practices can be certified; ISO/IEC 20000-2 is the ‘code of practice’ that describes best practices and the requirements of Part 1.
ITIL and ISO/IEC 20000 share many of the same principles, but some differences are important to note.
- ISO/IEC 20000 is a certification scheme for organizations, whereas ITIL certifications are available for individuals only.
- While ITIL is a collection of best practices, ISO/IEC 20000 is an international standard that lays out specific requirements for IT service management.
- Most organizations that claim they are compliant with ITIL are not able to prove it; however, a certification according to ISO 20000 means an objective evaluation has taken place.
ITIL and IT Governance
When combined with certain other frameworks, ITIL makes a major contribution to the creation of effective IT governance. ITIL processes can be mapped to CobiT (Control Objectives for Information and Related Technology) processes, and the two frameworks complement each other nicely: if the CobiT control framework tells the organization ‘what’ to do in the delivery and support areas, ITIL best practices help the organisation define ‘how’ to deliver these requirements.
Similarly, ITIL works very effectively with ISO 17799 and ISO 27001, the international code of best practice for information security, providing guidance on how to manage the various processes that both certifications prescribe.
By drawing upon these three complementary frameworks as appropriate to its needs, an organisation can establish an IT governance regime that delivers real and lasting competitive advantage to its business.