Implementing ITIL for Effective IT Governance

In our previous articles on IT strategy, we discussed the importance of developing a clear and well-designed IT strategy and explored frameworks such as COBIT that can help organizations achieve their digital transformation goals. However, once an IT strategy is in place, it’s crucial to have an effective governance framework to ensure that the IT initiatives align with business goals, comply with regulations, and are well-managed. In this article, we’ll take a deep dive into ITIL and explore how it can help organizations with IT governance.

What is ITIL?

TIL stands for the IT Infrastructure Library, an internationally accepted IT service delivery framework. The ITIL recommends best practices for IT service management (ITSM) to support the standardization of various processes and stages in the IT lifecycle.

The ITIL started in the 1980s when the United Kingdom’s Central Computer and Telecommunications Agency (CCTA) saw a need to establish standardized guidelines to avoid inconsistencies among the increasingly diverse IT architectures.

The first version of ITIL was released in 1989, but the framework continues to be revised, overseen by Axelos. The current iteration, ITIL 4, has evolved to meet IT administrators’ needs adapting to newer IT management approaches. Thus, along with providing best practices for incident management and continual improvement, it also addresses cloud computing, automation, AI, DevOps, Agile and more.

ITIL is widely adopted by organizations worldwide and has become the de facto standard for ITSM. While ITIL is primarily known for its application in ITSM, it can also be used for IT governance.

The Benefits of ITIL

Implementing ITIL can provide numerous benefits for organizations in terms of IT governance. Some of the key benefits include:

Improved alignment between IT and business

ITIL helps organizations align their IT services with business objectives, ensuring that technology investments support the organization's overall goals.

Improved service quality

ITIL provides a structured approach to IT service management, which can help organizations deliver high-quality services that meet or exceed customer expectations.

Better risk management

ITIL includes a risk management component that helps organizations identify and manage potential risks associated with IT services.

Greater efficiency

By implementing ITIL, organizations can streamline their IT service management processes, reduce duplication, and improve overall efficiency.

Compliance with regulations

ITIL provides a framework for ensuring that IT services comply with relevant regulations and standards.

ITIL Key Components

ITIL includes several key components that organizations can use to manage IT services and governance:

Service Strategy

This component focuses on understanding the business and customer needs, defining the IT services, and creating a service portfolio that aligns with business goals.

To do this, the IT organization must decide on a strategy for effectively serving its customers. As part of Service Strategy, the IT organization works with the business to determine what services the IT organization should offer and what capabilities must be developed.

There are five processes described in the Service Strategy volume of ITIL V3:

1. Strategy Management for IT Services — a process that helps the IT organization assess its offerings and capabilities before developing a strategy to serve its customers effectively.
2. Service Portfolio Management — a process for managing the service portfolio, which includes services in development, active and available services and retired services.
3. Financial Management for IT Services — a process that helps the IT organization manage its budgeting, charging and accounting requirements.
4. Demand Management — a process for assessing customer demand for services. A demand manager follows industry trends and communicates with customers to anticipate what services the business might want in the future.
5. Business Relationship Management — a process that helps the IT organization maintain good relations with the business by communicating to identify business needs and collecting feedback on IT performance and customer satisfaction.

Service Design

This component focuses on designing IT services that meet the business needs, including processes, policies, and procedures.

There are eleven processes described in the Service Design volume of ITIL V3:

1. Design Coordination — a process for coordinating service design activities with respect to modified or newly implemented IT services.
2. Service Catalog Management — a process for establishing and maintaining a catalog of all available services offered by the IT organization.
3. Service Level Management — a process for negotiating service level agreements with customers, ensuring that services are adequately designed to deliver services according to the agreements, and ensuring that operational agreements and contracts are effectively negotiated and managed.
4. Risk Management — a process for the identification and control of risk within the IT organization. Risk management includes an assessment of IT assets along with their value and potential vulnerability as an attack vector. The risk management process helps IT managers determine how IT assets will be protected and secured.
5. Capacity Management — a process for ensuring that the IT organization has allocated sufficient resources towards providing IT services in accordance with service level agreements.
6. Availability Management — similar to capacity management, this process contains activities and sub-processes that help define, measure and improve the availability of IT services. Availability management includes testing, monitoring and reporting activities that verify the availability of services and alert IT operators when a service experienced unplanned downtime.
7. IT Service Continuity Management — a process for minimizing service downtime and minimizing the impact of disaster events on IT service availability.
8. Information Security Management — a process for maintaining the security of data owned by the business, including sensitive customer data, payment data and proprietary business information.
9. Compliance Management — a process for ensuring and verifying that the IT organization is effectively complying with internal and external company policies, software license agreements, industry-specific privacy and data security standards, regulations and any adopted standards or best practice frameworks.
10. Architecture Management — a process for planning the future development of information technologies and how they will fit into the existing technology stack.
11. Supplier Management — a process for establishing and maintaining supplier or vendor relationships that meet the changing needs of the business.

Service Transition

This component focuses on the delivery of IT services, including testing, deployment, and training.

There are eight processes described in the Service Transition volume of ITIL V3:

1. Change Management — the change management process control changes throughout their entire lifecycle, ensuring that IT organizations can implement changes without disrupting essential services
2. Change Evaluation — the change evaluation process is used to assess the impact and success of major changes at key points in the IT service lifecycle: prior to planning, prior to building, prior to deployment, and after deployment.
3. Project Management (Transition Planning and Support) — a process for effectively coordinating new service releases in a way that achieves cost, time and quality objectives.
4. Application Development — a process for building new applications that meet the needs of the business. The IT organization can build and maintain its own applications or customize an application that was purchased or licensed from a software vendor.
5. Release & Deployment Management — a process for planning and scheduling the testing and release of new deployments in a way that protects the live environment and minimizes disruption to services.
6. Service Validation and Testing — this process verifies that new services meet the business requirements that they were designed for and that IT operations teams have the tools and information required to support the newly released or modified service.
7. Service Asset and Configuration Management — a process for maintaining a configuration management database (CMDB) that contains information about the attributes and inter-dependencies of configuration items (CIs) needed to enable IT service delivery.
8. Knowledge Management — a process whose goal is to reduce the need for the IT organization to rediscover knowledge. ITIL Knowledge management supports the gathering, analysis, storage and deployment of knowledge within an organization.

Service Operation

This component focuses on managing and delivering IT services, including incident management, problem management, and service desk support.

The six processes are:

1. Event Management — event management deals with the monitoring of available services and configuration items to capture event logs, analyze events and determine whether an event requires any action.
2. Incident Management — a process for managing the lifecycle of all IT incidents from when they are reported through to resolution.
3. Request Fulfillment — a process that allows users or customers to submit requests to the IT organization for specific services and for the IT organization to fulfill those requests.
4. Access Management — access management deals with controls of user authorization for specified systems and applications, ensuring that only authorized users can gain access to restricted systems and helping to maintain security of the IT infrastructure.
5. Problem Management — a problem can be described as the root cause of an incident that is observed repeatedly within an organization. This process manages the lifecycle of problems and helps to minimize the impact of incidents that cannot be prevented (known issues that have not yet been resolved).
6. Facilities Management — a set of best practices for managing the physical location where the IT infrastructure (data centers, servers, other IT assets) can be found.

Continual Service Improvement

This component focuses on ongoing improvement of IT services to ensure they continue to meet the changing business needs.

There are four processes described in the Continual Service Improvement volume of ITIL V3:

1. Service Review — business and infrastructure services are reviewed on a regular basis to verify that they are being delivered to customers efficiently.
2. Process Evaluation — while the service review process focuses on services themselves, the goal of process evaluation is to measure the effectiveness of other business processes, measure their efficiency and determine whether any changes are needed. Process evaluation entails the use of metrics, audits, maturity assessments and benchmarks to assess process performance.
3. Definition of CSI Initiatives — a process whereby the change manager identifies specific ways to change and improve processes or services.
4. Monitoring of CSI Initiatives — a process for monitoring the effectiveness of newly implemented changes to services or processes and measuring their impact.

In today's digital age, IT governance is a critical component of organizational success. Implementing ITIL can help organizations manage their IT services in a structured and efficient way, improving alignment between IT and business, service quality, risk management, efficiency, and compliance with regulations. By incorporating ITIL into their IT governance framework, organizations can achieve their digital transformation goals and stay competitive in a rapidly changing business environment.
In the next article of this series, we will explore the benefits of implementing ISO/IEC 38500 for IT governance. Stay tuned to learn more about how effective IT governance can help organizations achieve their digital transformation goals.

AXELOS. (2019). What is ITIL?
ITIL Practitioner Guidance. TSO (The Stationery Office)
https://www.ivanti.com/glossary/itil