Through the course of the year, I have colleagues ask about ITIL, what will it do for their organization and where to start. ITIL is a very large under taking and should really be a multi year adventure. Because it's impractical -- if not impossible -- to implement the IT Infrastructure Library (ITIL) in a wholesale manner across all IT processes, organizations must decide exactly where they want to begin.
Ideally, this starting point should be determined based on a careful assessment of practices and a convincing analysis of where the greatest business gains can be achieved quickly. A large percentage of IT organizations, however, have historically started with incident management. This decision has often been based on "gut feel" more than anything else. After all, incident management is what allows IT to quickly restore services to the business -- so by using ITIL to improve these processes, business should be able to reduce downtime, improve IT staff productivity and ensure end-user satisfaction. In addition, most already communicate - "we have a tool already in house to help us with that..."
But do CEOs really measure the value of IT based on how quickly it's able to solve problems? Will IT organizations be able to garner executive-level support for ITIL implementation based on time-to-fix and other incident management performance metrics? Does the CIO have a good handle on some key performance indicators?
Probably not. In fact, as IT performance is increasingly measured based on alignment with the business and the delivery of quantifiable business value, many IT organizations are focusing their initial ITIL efforts and investments on change management. I always recommend to my colleagues - start with Change Management. If you don't have a good handle on changes occuring in your environment - you are out of control.
There are two fundamental reasons why change management is increasingly the initial focus of ITIL implementations: It can prevent problems before they occur, and it works.
I propose to you that Change is the root cause of many incidents/issues in the environment. A significant percentage of the problems that threaten critical IT services have their origins in poorly executed changes. The consequences of these changes are often dire in terms of both service availability and regulatory compliance. So, instead of focusing on incident management -- which deals with the problem after it presents itself -- IT organizations need to be looking at change management to prevent problems before they occur.
In fact, if you don't improve the way you manage change, your IT department will be predisposed to constant firefighting. If incidents related to changes are not brought under control, IT service provisioning -- and consequently the business itself -- can spiral out of control. IT becomes locked in a deadly embrace where the number of incidents rises and each incident requires a firefight, leading to more and more incidents.
ITIL change management breaks that embrace by balancing flexibility (facilitating change) with stability (preventing changes from creating problems). Corrective measures reduce the number of incidents and IT can then drive innovation and improvements. I also recommend a technology review board or committee to sign off on all significant changes.
Once you get your change management established, a change review board weekly meeting, a change tracking system and meeting minutes are all key to this process, move to next step. You can then tackle incident management, configuration management, release management and onto a CMDB. I recommend you get one working very well and then move onto the next. Don't overload your staff, keep this process positive and staff engaged.
One last thing, don't forget your metrics and measurements. Know that ITIL is making a difference, that IT performance has improved and that you are doing things right. This will help drive a good working relationship with the business.
Good luck!
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
No comments:
Post a Comment