Standards For IT GovernanceStandards For IT Governance
ITIL, COBIT, and ISO 17799 provide a blueprint for managing IT services.
December 7, 2007
But not all organizations are prepared for the level of overhaul implied by COBIT. ITIL addresses the immediate need for many IT organizations to provide systemization and structure to current processes without the work required by COBIT.
Two principal concepts characterize the basic thinking of ITIL: customer orientation and holism. ITIL's fundamental goal is for organizations to provide services at a reliable level of quality. To achieve that objective, ITIL seeks to empower customer-facing IT personnel--those individuals consulting with users, helping them use services, collecting their opinions, addressing incidents, monitoring service performance, and managing change--and makes them responsible for service delivery.
At the same time, ITIL pushes for holistic service design. All aspects involved in delivering a specific service are considered--the functional technological elements, the personnel needed to deliver and maintain those elements, and the processes necessary to ensure the functioning of those services. The possible risks and impact on the existing computing environment are assessed with contingency plans considered. Future service requirements are then factored in as well.
To illustrate how ITIL works, take the example of change management. When an event occurs, such as Cisco releasing an IOS upgrade (illustrated below), some organizations might simply deploy the change across their infrastructure. An ITIL-based process is more elaborate, providing a process for accountability, engaging the organization, and prioritizing the change in the context of other changes.
(click image for larger view)
In this instance, the Change Initiator, perhaps a network administrator, enters a change request into a database or some other tracking system for approval. The request is made up of a unique identifier, the name of the item to be changed, a brief description of the action, and the reason for the change. The request goes to a Change Manager, most likely the administrator's manager, for review in the context of IT's objectives, other pending changes, and other criteria.
Assuming the change is approved, the Change Initiator creates a plan explaining the full details of the change, its impact on services and users, the impact and risk of change failure, a rollback procedure in the event of a problem, and the date and time that the change will take place. The plan then goes through a peer review for technical accuracy and proceeds to the Change Manager or, depending on the severity of the change, a Change Board for approval. Depending on the size of the organization, the Change Board may be a single individual or it may be comprised of individuals across the organization, typically the individual responsible for delivering the service, a representative of the business, and the Change Manager. If the change is approved, then it's implemented according to the defined plan and the changes are logged in a central repository.
Similarly, problem resolution under ITIL is structured and thorough, and involves both reactive and proactive processes. The incident management process addresses resolution of specific problems. A user complaining about poor voice quality (illustrated on the previous page), for example, causes the service desk to log the issue in its ticketing system. The service desk then attempts to solve the problem, checking its knowledge base and repository of configuration information, such as a configuration management database, or CMDB. Unresolved problems are escalated to higher-level support teams for diagnosis. The service desk ultimately informs the user of the solution or why the problem can't be solved.
Problem resolution also involves proactive measures, which are described in the problem management process. Under this process, IT measures the importance of various incidents and then sets about investigating their root cause. Once resolved, the problem is logged in the company's knowledge base for use by the service desk in resolving future incidents.
By wrapping process, people, and technologies together, ITIL with COBIT and ISO 17799 give IT the reference framework for governing its operations. Whether they achieve their goals is up to you.
Write to Dave Greenfield at [email protected].
Continue to the sidebar:
ITIL's Five Books
About the Author(s)
You May Also Like
The Era of generative AI-enabled Security
Entering the era of generative AI-enabled security
Processing principles under the GDPR, CCPA, and the EU-US DPF
Responsible data use: Navigating privacy in the information lifecycle
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration