ITIL demystified

Expert discusses v3, how ITIL saves money, vendor marketing ploys and ITIL certifications in a Network World chat

Lou Hunnebeck, vice president for the ITIL training and consulting firm, Third Sky discusses v3, how ITIL saves money, vendor marketing ploys and ITIL certifications in a Network World chat

Moderator-Julie: Welcome and thank you for coming. Our guest today is IT Infrastructure Library (ITIL) expert Lou Hunnebeck, vice president for the ITIL training and consulting firm, Third Sky. Hunnebeck served on the public QA team for ITIL v3. She is also currently on the ITIL Examination Panel for ITIL v3, and she's a well-known regular on the IT service management speaker circuit. Hunnebeck has over 20 years of experience in IT service industries and has led global teams in best practice and methodology design.

Lou_Hunnebeck: Hello, everyone.

Moderator-Julie: While we wait for questions to come in from the crowd, here's a pre-submitted question/answer: Are there any experience requirements for ITIL certification similar to what is required for the CISSP?

Lou_Hunnebeck: For the basic Foundation level, the answer is no. For the Intermediate levels a candidate must hold the Foundation certificate and there is advice regarding the level of practical experience recommended, but no rigid requirement.

BartKnight: Can you explain why a large enterprise would need to adopt ITIL?

Lou_Hunnebeck: "Need" is a loaded word. Any enterprise that is struggling with repeating the same unsuccessful behaviors, spending too much time and too much money on service provisioning should look at ITIL for some assistance. I would like to commend Bart, though, for using the word "adopt." You don't implement ITIL, you adopt a new way of working.

TechieGirl: Does ITIL save money or cost money? How do I plan for the expense?

Lou_Hunnebeck: To embark on any effort with seriousness you will need to fund it. But in the long run, organizations do save money – more than what they spend on adopting these work methods. That's why it's so popular.

TechieGirl: Why should a company choose ITIL instead of other frameworks like Six Sigma? Should you just use one or should you mix and match from different ones?

Lou_Hunnebeck: Good question. But it's not an either-or situation. ITIL and Six Sigma can be used extremely well together to improve an organization. In regards to the concern about how to make the business case for adopting these principles, it is important to try to quantify how much your current way of working is costing you. Most organizations do an extremely poor job of putting a cost on change, re-work, inefficiency and waste. Start there.

BartKnight: Some recent surveys have suggested that ITIL isn't a large priority for a lot of enterprises. What's your thoughts on those surveys?

Lou_Hunnebeck: Without knowing which surveys you are referring to, it is difficult to comment on the particulars. Gartner and Forrester, for example, have come to precisely opposite conclusions in many of their surveys. I would rather say that ITIL itself should not be the priority in any case. Improving your way of working is the priority. ITIL just happens to be the most trusted and best recognized framework for how to improve IT service management.

BartKnight: There was a recent Network World story about an IDC survey that said about two-thirds of companies polled had no plans to adopt ITIL v3, or were uncertain about adopting it in the next three years.

Lou_Hunnebeck: Thanks for the context. It sounds to me that this survey is focusing on ITIL v3. It is quite possible that an organization that is achieving a lot of success drawing their guidance from v2 does not see any need to move on to v3 yet.

Fog: What are the major differences between ITIL foundations and ITIL foundations v3?

Lou_Hunnebeck: I'm assuming you are looking for the difference in content between the actual body of knowledge from v2 to v3, not the content of training courses. Or am I mistaken? Please clarify your question for me.

Fog: Yes, the body of knowledge in v2 vs. v3.

Lou_Hunnebeck: Thanks so much! This is a big question. The underlying principles and most of the core concepts are exactly the same. The key differences are in how the guidance is organized and enhanced and how the new presentation supports more comprehensive understanding and adoption of the ideas. In v2 people didn't even read most of the seven books. In v3 you need to look at all the guidance in context. The Lifecycle approach is more obviously strategic and business-oriented.

In regards to v2 vs. v3, I encourage organizations to be less concerned with versions and more concerned with value. Get educated on v3 so you can make good decisions, compare the ideas of v3 to what you are currently doing and what you need to drive improvement, and then integrate the new ideas as part of your Continual Service Improvement approach.

Gusti: Can companies be certified on ITIL, or only professionals?

Lou_Hunnebeck: Only persons can be certified in ITIL, because it is not a standard, but a framework of recommendations. Organizations can, however, seek ISO/IEC 20000 certification. This is an international standard for IT Service management, based on ITIL.

Default User: Are there any service management solutions that run on the mainframe? Do you see value in running those applications on the host environment with the bulk of an enterprise's processes and data?

Lou_Hunnebeck: I am not familiar with the particular platforms on which the SM tools can run, but I don't think it really matters so long as it produces the right results. ITIL is extremely results-oriented. If the solution is producing the desired results, than you are doing it "right."

TechieGirl: What is the "Lifecycle" approach? If people didn't read the material for v2, why will they read it for v3?

Lou_Hunnebeck: The Lifecycle approach refers to the reorganization of the guidance into the five phases of the Service Lifecycle: Svc Strategy, Svc Design, Svc Transition, Svc Operation and Continual Service Improvement. As to why they'll read it now, we've revamped the qualification program to reflect the whole library. In the v2 qualification scheme, almost no attention was paid to the other 5 books, so people focused on the ones in the exams. When the qualification scheme essentially ignored half of the guidance, it implied that it wasn't important. We've corrected that misimpression now.

Moderator-Julie: Pre-submitted question: What do IT shops working on ITIL v2 need to know now when they decide to upgrade to ITIL v3? And do they need to consider an upgrade in the near future?

Lou_Hunnebeck: The idea that this is an "upgrade" implies that this is like a software implementation. IT Service Management isn't a project. It is a new way of working. Using v3 as the source of your guidance on these principles and approaches is just a change of which books you read. As for timing, I would definitely explore the value of the ideas in v3 in the near future. Then the organization can choose which new or revised ideas have near-term value for them and which they are not yet ready to approach.

SoxFan34: What does ITIL v3 say about how to better manage security?

Lou_Hunnebeck: This is a good example of how ITIL leverages and respects other available bodies of knowledge. ITIL provides guidance on Security Management processes and integration with other processes. It leaves the technical detail to other frameworks and standards as it is not necessary to try to re-create powerful bodies of knowledge already in existence. ITIL believes in leveraging many other frameworks and standards in concert to maximum effort.

Gusti: Are there any software tools that help an organization in knowing how well they are with regards to the ITIL best practices?

Lou_Hunnebeck: I'd like to encourage everyone to try to move away from the systems focus when it comes to Service Management. ITSM is about organizational effectiveness, process management, quality management and utilizing measurement to ensure consistent and reliable results. It's about aligning with the business and ensuring that everything we do is in service of the business. It is not about tools, except to the degree that tools enable the work. Whatever you have can be leveraged for the work. When you find a gap between what you have and what you need, then shop for another tool.

FrankF: In terms of the certification issue, is there more money to be made going after an ITIL certification versus some other ones? What's the future job market look like?

Lou_Hunnebeck: I formerly worked for an IT recruiting firm. We were receiving more and more explicit requests from clients for people with formal ITIL qualifications. It was being listed in job descriptions, just as PMP certification is requested for project managers. The more traction ITIL itself gets, the more we saw informed companies asking for it.

Jen: A large organization is considering making each application in the 2,000+ catalog of applications a separate image. I think a Configuration Item should be the image. What do you think?

Lou_Hunnebeck: From ITIL's perspective they absolutely are separate Configuration Items. A CI is merely a component of a service that allows it to deliver value to the end customer and is under control. These include hardware CIs, software CIs and controlled documentation.

SoxFan34: Why is it important to have set processes around security management established in ITIL if it is not the authority on security?

Lou_Hunnebeck: Good question. Because security doesn't exist in a vacuum. It is critical that all processes, functions and roles integrate with each other appropriately and that the left hand knows what the right hand is doing. Security is ubiquitous, but not autonomous.

Moderator-Julie: Pre-submitted question: Should IT organizations tackle incident and problem management processes simultaneously?

Lou_Hunnebeck: There is no pat answer to that. Usually some basic improvement in Incident Management is needed as a foundation for Problem, but very quickly most organizations can add Problem as they continue to mature Incident. One size does not fit all. If your Incident process is already solid, you might actually start with Problem.

Gusti: When I was talking about tools, I was not talking about tools to do/implement the processes, but to assess how well/bad an organization was doing in comparison with the ITL best practices. Sort of like a checklist tool. It could even be a spreadsheet with all items that one must go after, and then, eventually, you come up with a rating telling you: well, you're are 45% in compliance with the ITIL best practices. I am ignorant about ITIL, so maybe I am asking a silly question.

Lou_Hunnebeck: I'm sorry. I did understand that this is what you meant, but perhaps I was entirely too general. In terms of establishing a baseline assessment of your current state, there are some items that can help. Start, of course, with the measurement tools you already have in place, to establish base levels of performance on your services. There are some questionnaire-type tools to help do a self-assessment on the process side, including one available from the IT Service Management Forum, itSMF  (the global practitioner association for ITSM), but it is currently being updated for v3. Organizations such as my own (Third Sky) also have our own standardized approaches to perform an assessment of current state.

It is important to recognize, however, that "compliance" with ITIL is a myth. Organizations don't need to comply with ITIL, but rather to set their own objectives and goals and then adopt and adapt the principles of ITIL to help them achieve these goals. Comparing what you are doing with what other organizations are doing is only relevant if you have the same objectives.

DeniseD: When should companies consider establishing a configuration management database? What is a good indicator they might need to go down that road?

Lou_Hunnebeck: Excellent question. The answer is, if all the rest of your work is slower, less reliable and less accurate because of the absence of Service Asset and Configuration Management. (By the way, this is the new name of Configuration Management.) Also, don't focus on the "database" aspect of it. Focus on the Service Asset and Configuration Management aspect, with the data repositories simply as technical components of a successful approach. If you don't know why you are doing it and what your goals are, any Config effort is doomed to scope creep and failure.

DeniseD: What do vendors mean when they say their products are ITIL-compliant?

Lou_Hunnebeck: This is a marketing ploy. Since the owners of ITIL, the Office of Government Commerce (OGC), do not endorse products, some of the vendors in the space have decided to sell a service to the software vendors to evaluate their products and to pronounce the product to be "ITIL Compliant" or "ITIL Verified" or the like. The question to ask is, "ITIL compliant based on whose judgment?" If you don't value the judgment of the organization doing the pronouncing, it's hard to measure the value of the rating.

Moderator-Julie: Pre-submitted question: Many experts talk of mixing ITIL adoption with the use of other frameworks. What other process frameworks best complement ITIL? CoBIT? Six Sigma?

1 2 Page 1
Page 1 of 2
The 10 most powerful companies in enterprise networking 2022