METHOD ENGINEERING: INTEGRATING IT SERVICE FRAMEWORKS Pap, Albert, Utrecht University, Princetonplein 5, 3584 CC Utrecht, The Netherlands, a.p.pap@students.uu.nl, 3764168, Group 1 Keywords: Method engineering, IT-Governance, Service frameworks, ITIL, Meta Model 1 1 Introduction IT-Governance is a hot topic for years now due to changing laws such as Sarbanes Oxley (KaarstBrown & Kelly, 2005) that held employees responsible for a sustainable use of information technology. Other factors that stimulate companies to implement a solid IT-governance is the constant strive to become more efficient and the reduction of cost through technological means (Weill & Jeanne, 2004). Companies are still struggling how to implement a good governance structure and many papers are written on Business – IT alignment such as Henderson & Venkatraman (1993). Mechanism on how to implement a good structure are given in governance and IT service oriented methods such as ASL, BISL, Cobit and ITIL (Grembergen, 2004). Most of these methods come from an industrial background but less academic research has been done. Methods such as ITIL give a detailed description what roles should be implemented to create a solid IT-governance, but doesn’t really cover in which order to implement the processes of the method. The reason that is given by most of these methods is that no situation should be considered equal. Therefore every company should decide without any guidelines in what order to implement the method. We think that in most cases the basic implementation order is similar, therefore it’s possible to create a guideline. A group of researchers in Australia already tried to assess through a survey and case studies what important pieces are implemented so far by companies (Cater-Steel & Tan, 2007) (Pollard & Steel, 2009) . Also different maturity models based on CMM give a distinct order to implement the processes of the different frameworks (Niessink, Clerk, Tijdink, & van Vliet, 2005) (Filipe, 2010). With all the different IT service methods out there it’s hard to decide which one to use. Also a hybrid situation is possible where different parts of IT service oriented models are used together within the same company. For companies it’s important to have a mechanism to objectively evaluate the different methods. Companies also need to have a mechanism to pick and combine fragments from different methods. The discipline of method engineering (Brinkkemper, 1996) is used in this paper to make the ITIL method comparable to other similar methods. Method engineering is defined by Sjaak Brinkkemper (1996) as following: ”Method engineering is the engineering discipline to design, construct and adapt methods, techniques and tools for the development of information systems.” Method will be comparable by creating a meta model (Brinkkemper, Seaki, & Harmsen,1999) that describes how the method is working. A meta model can be used to objectively compare method fragments and integrate them into new methods. The main focus of this research will be the creation of a meta model, that shows in what logical order ITIL can be implemented. 1.1 ITIL ITIL stands for IT Infrastructure Library and it is developed by the former CCTA (Central Computer and Communication Agency) which is part of the British government. Currently the standard is maintained and improved by the British office of commerce and international localized nongovernmental institutes. According to the official ITIL website (2012) thousands of companies use 2 ITIL such as: Disney, HP, IBM and NASA. At the moment of writing, version 3 is the latest edition of the method. ITIL is a client method focused on how to arrange the IT service processes, mainly for managing the technical infrastructure. ITIL has five main service lifecycles: Service Strategy, Service Design, Service Transition, Service Operations and Continual Service Improvements (Alison, Hanna, Rudd, Macfarlane, Windebank, & Rance, 2007). All these lifecycles contain different processes that together add to a total of 27 processes. Table one contains an overview of all ITIL processes. Service strategy Service design Service transition Service operation Continual service improvement • Financial management • Service portfolio management • Demand management • Service catalogue management • Service level management • Capacity management • Availability management • IT service continuity management • Information security management • Supplier management • Service Transition Planning and Support • Change Management • Service Asset and Configuration Management • Release and Deployment Management • Service Validation and Testing • Evaluation • Knowledge Management • Event Management • Incident Management • Request Fulfillment • Problem Management • Access Management • Operational activities of processes from other lifecycle phases •Service Desk •Monitoring and control • CSI Improvement Process • Service Reporting • Service Measurement • Return on investment for CSI • Business questions for CSI • Service Level Management Table 1: ITIL processes based on the reference Alison et al. (2007) For more information about ITIL we would recommend the book ”Foundations of ITIL” (Veen & Bon, 2007) that is used in the education of Windesheim University and Exin. A freely available alternative is the industrial paper "An introductory overview of ITIL v3" written by Cartlidge, Hanna, Rudd, Mafarlance, Windebank & Rance (2007). Also different case study material is available where a sketch is given on how ITIL is used in practice, such as the Disney case (Taylor, 2010). A very interesting scientific case study made by Spremic, Zmirak, & Kraljevic (2008) shows how ITIL is implemented within a company. 1.2 Practical example To get a better understanding of the benefits and the practical implementation process of the ITIL method, a short case is provided that is based on the experience of the author. A hospital in the Netherlands with approximately 3000 employees and several locations introduced ITIL in its company about five years ago. IT was getting a more prominent role in the hospital because patient information was only going to be stored in a digital format. The hospital also went through many merges that complicated the IT landscape and governance even more. All the IT projects, support and maintenance were done in an ad-hoc manner. With so much inefficiency and no control over the IT finances and processes, a hold was imminent. Therefore a proven and clear method was needed to make everything more manageable again – the ITIL. A group of external consultants was asked to assist the hospital with the implementation of ITIL. The consultants formed a project group together with employees from the hospital that already received basic ITIL training. The project team created a business case to see what resources are needed for the implementation. After the project was accepted by the hospital 3 board, men started to make an inventarisation of the organizational processes’structure. The company needs and process structure were used to shape the IT department and IT-infrastructure in a customer oriented way. This new way was efficient, cheaper and more service oriented. After the fundamental processes were in place, the implementation was not finished yet. More processes are still implemented iteratively and current processes are still being improved. Customers (end users) and staff still receive ITIL training to get a better understanding of the framework. The implementation of ITIL resulted in a cost drop of ten thousands of euros annually. A survey done before and after the project showed that customer satisfaction has dramatically improved about IT services. Because problems got solved quicker, procedure became more clear and the technical infrastructure became more robust. 2 Related literature In the world you see several different industrial methods to organize your IT processes into a service oriented manner. Different frameworks such as Cobit, ISO 12207/17799 and ITIL are very popular ITGovernance frameworks. Cobit is a really high level framework that has its main focus on auditing and corporate responsibility (von Solms, 2005). ISO 17799 is oriented to information security governance (von Solms, 2005). We have chosen to focus on ITIL because it is the most service oriented method and it gives clear guidelines how to implement the right processes within the organization (Hardy, 2006). ITIL is also the most popular IT service oriented framework and worldwide used service method according to Bon, et al.(2007). Two other popular service oriented techniques are ASL(Application Service Library) and BISL (Business Information Service Library). Both techniques are complementary to ITIL and could be integrated into one solution according to industrial research (Meijer, Smalley, & Taylor, 2008) (Meijer, Smalley, Taylor, & Dunwoodie, ITIL V3 and BiSL: Sound guidance for business IT, 2011) and based on scientific research (Tapia Santana, 2006). However limited research has been done on how to integrate all three methods together and there is limited scientific research on the matter. The ASL/BISL method is maintained and improved by the ASL BISL foundation. The organization works closely with the NEN in the creation of IT standards. ASL is an application management method that describes how to develop and maintain software in a company. BISL is a method that helps to implement the right information management processes in the organization. Information management is mainly the translation of business needs into structured IT solutions while ITIL is focused more on the maintenance of the technical infrastructure. A clear difference is sketched in the paper of Tapia (2006). Therefore we use his model to show the difference between the focus areas of ASL, BISL and ITIL. Figure 1: Positioning of IT-service frameworks Reference Tapia (2006) 4 3 PDD The PDD (Product Deliverable Diagram) (van de Weerd & Brinkkemper, 2009) is a meta model style that is developed to get a clear alignment between the process and the deliverables within the process. In this case we will create the ITIL implementation process at the left side of the diagram. On the right side are all the deliverables of this process. For the project implementation steps of ITIL we use a popular tool “ITIL Process Map v3” as inspiration, due to the lack of other literature on this subject (Kempter, Kempter & Lea Cox, 2006) . The tool is a best practice application that is also supported by the ITSMF (ITIL foundation). The tool has ten logical steps to implement ITIL: “Step 1: ITIL Project Preparation, Step 2: Definition of the IT Service Structure , Step 3: Selection of ITIL Roles and Role Owners, Step 4: Analysis of As-Is Processes: ITIL-Assessment, Step 5: Definition of the To-Be Process Structure, Step 6: Definition of Process Interfaces, Step 7: Establishing Process Control, Step 8: Designing the Processes in Detail, Step 9: Selection and Implementation of Application Systems, Step 10: ITIL Process Implementation and Training” (Kempter, Kempter, & Lea Cox, 2006). All these steps in the tool will be used as the main guideline for the conceptual version of the PDD model. However the scientific literature and industrial research that was previously mentioned in this paper will be used to verify each step. The steps taken and verified from the scientific case study material will result in a final PDD model. In the legend tables every step of the PDD will be explained. Also details are provided per step to see their coverage in literature. The main deliverable in the PDD is the service portfolio. Every step influences the portfolio but only the ones that directly change the portfolio are linked. The PDD can be found on the next page. 5 Prepare ITIL project Initiate project PROJECT INITIATION DOCUMENT Get resources 1 BUSINESS CASE 1 [Else] [Approved] Create education programm EDUCATION PROGRAM SUPPORT SERVICE 1 Identify and define support services Identify and define business services 1 SERVICE PORTFOLIO 1..* Define IT service structure 1 1..* SERVICE LEVEL PACKAGE 1 1..* BUSINESS SERVICE 1..* 1..* SERVICE DESIGN PACKAGE Define service structure 1..* Define Defineservice servicevision vision 1..* SERVICE VISION Select ITIL roles and owners Select required roles ROLE 1..* 1..* Assign owners Influences ROLE OWNER 1..* Describe roles 1..* ROLE DESCRIPTION Implement service structure 1..* IMPLEMENTATION PLAN 1..* [Else] PROCESS FLOW DIAGRAM KPI Analyze current processes 1..* Define criteria Identify flows Perform benchmark Determine interaction 1..* Influences Influences 1..* 1..* PROCESS FLOW TEST BENCHMARK 1..* Create SWOT 1..* Influences [Complete] 1 1 Influences SWOT Implement improvements Select improvements Influences Update 1 1..* IMPROVEMENT LIST Implement improvements Perform benchmark IMPROVEMENT DOCUMENT [Else] 1..* 1 1..* [Approved] DETAILED PROCESS DESCRIPTION MONITORING PROCEDURE Establish control Determine metrics Define detailed process description 1..* 0..* Influences SLA Determine goals 1..* Define reporting procedure Influences Implement tool support Select tool Implement tool 0..* REPORTING PROCEDURE TOOL SELECTION DOCUMENT TOOL IMPLEMENTATION PLAN 1..* 0..* Influences Figure 2: PDD model 6 When analyzing this PDD you can instantly pick certain rarities. The first rarity is the use of only closed concepts. This is done because ITIL is a high level method and every implementation varies due to the differences between organizations. The second rarity is that the product flow doesn’t go down all the way through the process. The reasons for this are that an implementation uses several phases with different deliverables that do not always form one final product. For instance the project initiation document is used for the project but will never be part of the service portfolio. The same goes for the implementation plan of a tool and the establishment of controlling procedures. 7 3.1 Roles Usually a PDD can contain roles that perform a specific activity. For example a project manager could be writing a project plan. The role of project manager is then added in the lower right corner of that activity (write project plan), to show that he is responsible to perform this task. All these roles are described in detail in the method that you are modelling. The different roles that could perform an activity in the process are not added in the PDD of this paper. A variety of reasons influenced this choice. To start with, ITIL is a very high level method that doesn’t give much detail about whom should do what, at least in case of developing documentation and services. The method of ITIL implementation is also relatively new and has not been thoroughly described in literature. This makes the adding of roles a matter of guessing and not based on scientific standards. In a PDD model everything should be backed up by thorough materials. The last reason why roles cannot be added is because of organizational/situational influences. This means that the roles in an ITIL project could be really different due to for example: organization size, budget, products, type of market the company is active in and outsourcing of support. However this chapter will contain a table that shows all the activities that could contain general roles. For these activities we will suggest a role that is picked through common sense and experience of the author. The reader should keep in mind that these results may not be generalized to a specific company. Activity Role Initiate project Project manager Get resources Project manager Create education program Project team Identify and define business services Process architect that assists the project team Identify and define support services IT-Architect or Information manager that assists the project team Define service structure Service level manager Define service vision Select IT roles and owners Management board Project team and management executives in the organization Implement service structure Project team Analyze current processes Project team Implement improvements Project team and business employees Establish control Project team, management board and business employees Implement tool support Project team, IT-staff, management board and business employees Table 2: Responsible roles 8 3.2 Attributes The PDD modeling technique allows that the different concepts contain attributes. This means that a product could contain different properties. For example a customer wish document could contain a: date, number and author. These are the properties of a customer wish document. For similar reasons as the roles, these attributes where not added in the PDD model of this paper even though different ITIL templates are available on the web (ITSMF site). The ITIL foundation and authors of different ITIL literature advise to create standards for documents within the company or adjust the templates found available in other sources. From this we can conclude that documents cannot be generalized. To overcome this we supply the reader with a table that contains possible attributes for the concepts (when applicable) of the PDD model. Again these attributes are taken from online templates (example sites are: http://www.best-management-practice.com/Knowledge-Centre/ , http://itsmportal.we-share-it.nl/node/42033, and http://www.myitiltemplates.com/) and experience of the author but may not be applicable to other companies. Concept Project initiation document Business case Education program Service level package Service design package Service vision Role description Implementation plan KPIs Process flow test Benchmark Improvement document Attributes Project mandate Project description Planning Goals & Problems Stakeholders Required resources Financial analysis ROI Planning Description Indentified target group Business process drawings Service process drawings Description of services Description what business processes use the service Information architecture Technical architecture Required resources Company mission and vision Company strategy IT strategy Responsibilities Tasks Description of the role Impact analysis Risks Planning Change plan Communication plan Activity plan Measurable value Test set up Test results Test plan Benchmark set up (for example survey) Benchmark results Selected improvements Implementation method 9 SLA Reporting procedure Tool selection document Tool Implementation plan Service description Service levels Contract agreements Stakeholders Responsibilities Communication plan Communication method Stakeholders Cost - benefit analysis Tool benchmark Tool acquisition method (buy, develop) Technical tests User opinion Implementation method Maintenance plan Risk analysis Impact analysis Planning Table 3: Concept attributes 10 3.3 Activity table The activity table (van de Weerd & Brinkkemper, 2009) covers the left side of the PDD model. All activities in the implementation process are explained. The table also contains an extra column “Source”. This shows from what literature a certain activity originates. Activity Sub activity Description Source of the sub activity Prepare ITIL project Initiate project Form a temporary group of people with separate tasks working on a single goal. The project group is selected by the board for the implementation of ITIL and the project group is responsible to govern the results required by the organization. (Grit, 2005) Get resources Make an analysis about the resources that are available and needed to finish the project. (Grit, 2005) Create education program Every member of the project group or staff that will work with ITIL should receive education to make the project a success (Spremic, Zmirak, & Kraljevic, 2008) Identify and define business services Identify all of the business needs that should be supported by information technology. Because all service solutions and activities should be driven by business needs and requirements. (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007). The business services should then be defined by the project group to get a good overview what processes should be supported. “A service strategy cannot be created or exist in isolation of the over-arching strategy and culture of the organization that the service provider belongs to.” (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007) Identify all current support processes in place and the services gaps that need to be filled. “Achieving a deep understanding of customer needs, in terms of what these needs are, and when and why they occur, also requires a clear understanding of exactly who is an existing or potential customer of that service provider” (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007). The supporting services in place should then be defined by the project group to create an understanding of all supported actions within the organization. (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007) The project group will create a service architecture and an overview how resources are allocated across the service portfolio. (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007) The vision on the supporting services should be defined by the project group to create an overview of all supported actions desired by the organization. (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007) The project group should select the responsible roles (such as incident manager) that are suitable and required by the organization to be filled in to improve the IT-services (Spremic, Zmirak, & Kraljevic, 2008). Spremic, Zmirak, & Kraljevic, 2008 Spremic, Zmirak, & Kraljevic, 2008 Spremic, Zmirak, & Kraljevic, 2008 Veen & Bon, 2007 Define IT service structure Identify and define support services Define service structure Define service vision Select ITIL roles and owners Implement service Select required roles Assign owners Owners should be assigned to bear the responsibility to perform the selected roles Describe roles Define and document all aspects of the roles and processes that will be implemented in the organization Implement the first selected roles (process) and services within the organization. Veen & Bon, 2007 Veen & Bon, 2007 Veen & Bon, 2007 Spremic, Zmirak, & Kraljevic, 2008 Spremic, Zmirak, & Kraljevic, 2008 Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 Spremic, Zmirak, & 11 structure Analyze current processes Kraljevic, 2008 Define criteria Identify flows Implement improvements Perform benchmark Create a first benchmark(null value) that captures the current results of the defined KPIs. This benchmark will be used to compare the results from before and after the improvement project. Determine interaction Test and determine which interactions exist in and between ITIL processes. The test also look into the end result of a service. Test these flow by means such as simulations and customer satisfaction surveys (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007) Create SWOT Create a strength and weakness analysis to see what could be improved. The SWOT uses the results from the benchmark and the flow tests as input for its creation. Also actions are taken to evaluate which future ITIL processes are required. Select which activities should be performed to improve the service processes. Select improvements Veen & Bon, 2007 Veen & Bon, 2007 Define reporting procedure Define detailed process description Select tool Creating a standard procedure for the creation, evaluation, communication and monitoring of reports about the service results van Bon, et al., 2007 After the fundamental processes are in place, start to describe them in more detail. This should be done in documents such as working procedures van Bon, et al., 2007 Select an appropriate tool that helps to automate and support the ITIL processes that are defined in previous steps Spremic, Zmirak, & Kraljevic, 2008 Implement tool The selected tool should be implemented in the organization Spremic, Zmirak, & Kraljevic, 2008 Perform benchmark Implement tool support Spremic, Zmirak, & Kraljevic, 2008 Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 Spremic, Zmirak, & Kraljevic, 2008 Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 Veen & Bon, 2007 “Implement corrective action, The knowledge gained is used to optimize, improve and correct services, processes, and all other supporting activities and technology” (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007) Create a second benchmark that captures the results of all defined KPIs after the improvements are implemented. Compare the benchmark with the first one from before the implementation project. If more improvements are needed start the improvement process again. Set up a process and metrics that will continuously monitor and evaluate the performance of the IT-services Set a list of targets that should be met now and in the future. Targets should be negotiated and described in SLA contracts with the business customer. Implement improvements Establish control A list of key performance indicators (KPI) that are in line with the companies needs should be formulated to measure the success of the ITIL processes. These metrics give you insight in what could be improved within a process. (Spremic, Zmirak, & Kraljevic, 2008) Identify which end-to-end flows occur within and between processes to get a clear understanding of all interactions between processes. (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007). Determine metrics Determine goals Veen & Bon, 2007 Veen & Bon, 2007 van Bon, et al., 2007 Table 4: Activity table 12 3.4 Concept table The concept table (van de Weerd & Brinkkemper, 2009) covers the right side of the PDD model. All concepts (deliverables - products) that are made in the process are described in the meta model side. This table explains all concepts used in the PDD. Concept Is part of PROJECT INITATION DOCUMENT BUSINESS CASE PROJECT INITATION DOCUMENT EDUCATION PROGRAM SERVICE PORTFOLIO SERVICE PACKAGE LEVEL SERVICE PORTFOLIO SERVICE DESIGN SERVICE PACKAGE LEVEL PACKAGE SUPPORT SERVICE SERVICE LEVEL PACKAGE BUSINESS SERVICE SERVICE LEVEL PACKAGE SERVICE VISION SERVICE PORTFOLIO Description Source “The Project Initiation Documentation bundles the information to start up a project and initiating project processes in a controlled project environment” (Shire, 2011) Spremic, Zmirak, Kraljevic, 2008 & “A business case is a component of the Project Initiation Spremic, Zmirak, Document (PID) and lies at the heart of every project. It is the key Kraljevic, 2008 driver of all projects undertaken. The business cases will contain justifications for a project such as value for money for what is to be done and why it should be done now.” (APMG, 2012) & Every member of the project group or staff that will work with ITIL should receive education to make the project a success (Spremic, Zmirak, & Kraljevic, 2008). The project education program is a plan that shows how to do so. A service portfolio is a high level documental overview of all ITservices that are provided to the customer. Every action influences the service portfolio but only the ones that directly change the document are linked. The service level package describes a single service that is part of the service level portfolio. & Spremic, Zmirak, Kraljevic, 2008 Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 The service design package is a technical overview that shows the Cartlidge, Hanna, Rudd, necessary architecture to provide the service Mafarlance, Windebank, & Rance, 2007 The service support concept is an overview of one current indentified supporting service. The business support concept is an overview of one current indentified business process that requires supporting services. The service vision contains a strategy how the service portfolio should evolve. Details such as all service gaps and desires are described. A document that describes all roles that will be implemented within the organization that are selected in the selection process. Defines the responsible owner(s) to execute a role. Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 Spremic, Zmirak, & Kraljevic, 2008 Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 “defines the specific roles and responsibilities associated with the execution of a successful service strategy ” (Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007) Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 IMPLEMENTATION PLAN A plan that supports how to implement the first ITIL structure (roles and processes) within the organization. Veen & Bon, 2007 KPI Metrics that shows how well a process performs Spremic, Zmirak, Kraljevic, 2008 PROCESS FLOW DIAGRAM BENCHMARK A diagram that show how a service flows through the organization. This makes the interaction of roles and activities in and between processes visible. A report is created that contains the current results from the KPIs Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 Spremic, Zmirak, & Kraljevic, 2008 PROCESS FLOW TEST A report that contains the description of the different flow tests and the test results. Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance, 2007 ROLE ROLE OWNER ROLE DESCRIPTION ROLE DESCRIPTION SERVICE DESIGN PACKAGE & 13 SWOT IMPROVEMENT LIST “SWOT Analysis is (one of many possible strategic planning tools) used to evaluate the Strengths, Weakness, Opportunities and Threats involved in a project, or any other situation requiring a decision.” (Hay & Castilla, 2006) IMPROVEMENT Create a list of actions to improve the service portfolio. Use the DOCUMENT SWOT as input. Veen & Bon, 2007 Veen & Bon, 2007 IMPROVEMENT DOCUMENT A procedure is created where all selected process improvements are registered. The procedure also contains the way how to implement the improvements Veen & Bon, 2007 MONITORING PROCEDURE Create a procedure to constantly monitor and update the organizational KPIs Veen & Bon, 2007 SLA Service level agreement are negotiated targets that should be met by the IT service department and provided to the customer The procedure describes how the results of the IT services should be created, evaluated and communicated to the customer van Bon, et al., 2007 DETAILED PROCESS DESCRIPTION Add more detailed information to the service design package and create procedures for the IT staff such as working procedures van Bon, et al., 2007 TOOL SELECTION DOCUMENT The considerations are documented to select a proper tool to support the ITIL processes Spremic, Zmirak, Kraljevic, 2008 & TOOL IMPLEMENTATION PLAN A plan is created how to implement the ITIL tool Spremic, Zmirak, Kraljevic, 2008 & REPORTING PROCEDURE van Bon, et al., 2007 Table 5: Concept table 14 3.5 Selecting processes and roles In the PDD we depicted an overview how to implement ITIL. However it’s still not clear in what order the processes of ITIL should be implemented. Therefore we will zoom in on step 3 (Selection of ITIL Roles and Role Owners) of the previous model. For the order in which the processes should be implemented we selected the previously mentioned maturity model of Filipe (2010) because it is based on multiple cases and version three of ITIL. On the left axis of the table you can find all life cycles ITIL version three has. On the upper axis all the CMMI maturity levels are presented: Initial, Repeatable, Controlled, Managed and Optimizing (Filipe, 2010). The table shows what processes should be implemented when a company has a certain maturity level. Life CMMI cycles 1 2 Service strategy Service design • Service catalogue management • Service level management • Supplier management Service transition • Service Asset and Configuration Management Service operation • Event Management • Incident Management • Request Fulfilment • Monitoring and control • Service desk Continual service improvement 3 • Demand management • Financial management • Service portfolio management • Capacity management • Availability management • IT service continuity management • Service Transition Planning and Support • Change Management • Release and Deployment Management • Service Validation and Testing • Problem Management • Access Management 4 5 • Information security management • Evaluation • Knowledge Management • Service Reporting • Service Measurement • CSI Improve ment Process Table 6: Role selection table reference Filipe (2010) 15 4 Template To give the reader a better understanding of the deliverables created in the implementation process, we created an example document (template). The example is a service design package because this is the most complicated implementation document. For all other types of documents are more standards available. Where the service portfolio is a strategic (high level) document that contains multiple service level packages, it’s easier to create it due to the lack of details. The creation of a service design package requires deeper technical and organizational understanding. The details for the service design package are based on Cartlidge, Hanna, Rudd, Mafarlance, Windebank, & Rance (2007). Also materials from previous working experience and several internet sources weere used to compile a final format (sources can be requested from the author). The table is compiled from many different materials due to the lack of scientific and industrial research papers. The first table shows what details a service design package could contain. Service Design Package Header Description Service details Contains the name of the service, high level service description, the acceptance document (autographs), service owner and the contact details. Detailed service requirements Contains a more detailed description of all resources and requirements needed to fulfill the service. The description should contain the following details: Service level requirements (such as uptime), description of the functionalities, security details, business and supplier constrains, technical constraints, system links (interaction with other systems), migration details (such as sharing of databases), operational details (such as backups), User profile authorizations Blue print for implementation Contains all the details how to implement the service and what impact this will have. Sections that are described are: test plan, implementation plan, roll back plan and the architecture documents. Service relations Contains an overview of all related services and infrastructure that influences the design package . This section describes details such as: supplier contracts, infrastructure, other service design packages and SLA that influence the service but are outside of the scope of this specific design package. Operational maintenance Describes who and how operational maintenance of the service is done. Sub sections are: how risks and issues are managed , monitoring and evaluating of services, resources needed to perform maintenance, maintenance procedures and documentation Change and improvement Contains how new requirements, changes and improvements for this specific service are handled. Subsections are: continues improvement plan for human resources and procedures, transition and update strategies, technical change plan, organizational change plan, needed resources to make improvements and financial analysis Table 7: Service design package template 16 The details in a service design package can be described through the use of different methods and instruments. This all depends on the company’s preferences and the specific situation at hand. An instrument that is more widely used for service level requirements are the many variations of the table below: Service Ordering Users Company employees Customer Company name Openings time 8:00 – 17:30 Data storage time 1 week Days availible Monday till Friday Availibility High Data integrety High Information integrity Low Exclusive Average Response time issues Within 2 hours Response time changes 5 days Amount of users 25 Amount of usage per year 215 Amount of support requests 40 Availibility percentage 92,5% Backup saving time Untill out of service Table 8: Service specification reference Scmidt (2002) To comprehend the functionalities and infrastructure of a service, usually companies use models to back up their descriptions. Companies could use a drawing technique that is developed in-house, but the market has many alternatives. Methods that could be used for instance are BPM (Business Process Management), process models (such as swimming lanes) or architectural languages such as Archimate. An example picture of a service model could be found below. It’s a simplified model that shows a customer that makes an order at a supplier and what infrastructure supports these activities. 17 Business process layer Customer Order Supplier Services Webstore Email Infrastructure Hardware Software Databases Figure 3: Architectural diagram 18 5 Conclusion ITIL is a broadly used industrial standard for the management of the companies IT-Governance. However the amount of scientific literature and research on this topic is minimal. Because ITIL is a wide spread phenomenon it’s important that more scientific research is done on the matter. ITIL is a complete framework that describes what roles are required for thorough IT-Governance. But ITIL completely lacks a process how to implement the framework. Even though the situations could differ, an assisting model with process implementation steps could fill in this gap. Therefore this paper contains a first effort to do so. The method is compiled from different sources, so it is very hard to guarantee the quality of the method. It should be tested in practice first and evaluated through expert reviews. The method should be gradually improved to increase its quality. Also the situation where ITIL is implemented is very different. That could make the method not applicable for certain companies. Finally the method is still very high level and needs more details to make it an extra edition to the ITIL method. A preferred setup for future research will be a light version for smaller companies, that is also easy to comprehend. For the bigger companies a detailed version that describes all the efforts of an ITIL implementation should be available. Science also has many opportunities to assists the industrial field by researching methods such as ASL, BISL and ITIL. 19 References Alison, C., Hanna, A., Rudd, C., Macfarlane, I., Windebank, J., & Rance, S. (2007). An introductory overview of ITIL v3. ITSMF. APMG. (2011, september 8). Retrieved February 24, 2012, from ITIL official site: ITIL site http://www.itil-officialsite.com/AboutITIL/WhatisITIL.aspx APMG. (2012). Retrieved March 1, 2012, from Official Prince2 site: http://www.prince2.com/prince2business-case.asp Brinkkemper, S. (1996). Method engineering: engineering of information systems development. Elsevier, Information and software technology, 38 (4),275-280. Brinkkemper, S., Seaki, M., & Harmsen, F. (1999). META-Moddeling based assembly techniques for situational method engineering. Elsevier, Information systems volume, 24 (3), 209-228. Cartlidge, A., Hanna, A., Rudd, C., Mafarlance, I., Windebank, J., & Rance, S. (2007). An introductory overview of ITIL V3. ITSMF. Cater-Steel, A., & Tan, W. G. (2007). Implementation of IT Infrastructure Library (ITIL) in Australia: Progress and success factors. IT Governance International Conference. Toowoomba: University of Southern Queensland. Filipe, R. (2010). A Maturity Model for Implementing ITIL v3. 2010 6th World Congress on services. Lisabon: Technical university of Lisabon. Grembergen, W. (2004). Strategies for information technology governance. Antwerpen: Idea group publishing. Grit, R. (2005). Projectmanagement. Groningen: Wolters Noordhof. Hardy, G. (2006). Guidance on Aligning COBIT ITIL and ISO 17799. Information system control journal, Vol. 1 . Hay, G., & Castilla, G. (2006). Object-Based image anlysis, strengths, weaknesses, opportunities and threats (swot). International Archives of Photogrammetry, Remote Sensing and Spatial Information Sciences. Calgary: OBIA. 20 Henderson, J., & Venkatraman, N. (1993). Strategic alignment: Leveraging information technology for transforming organizations. IBM Systems Journal, 32 (1). Hong, S., van den Goor, G., & Brinkkemper, S. (1993). A formal approach to the comparison of object-oriented analysis and design methodologies. Proceeding of the 26th Hawaii International Conference on System Sciences. Hawaii: IEEE Computer Science Press, 1993. Kaarst-Brown, M., & Kelly, S. (2005). IT Governance and Sarbanes-Oxley: The latest sales pitch or real challenges for the IT function? Proceeding of the 38th Hawaii International Conference on System Sciences. Hawaii: Syracuse University. Kempter, S., Kempter, A., & Lea Cox, T. (2006). Wikipage. Retrieved February 2012, from IT Process map: http://en.it-processmaps.com/ Meijer, M., Smalley, M., & Taylor, S. (2008). ITIL v3 and ASL. ASL and BISL foundation. Meijer, M., Smalley, M., Taylor, S., & Dunwoodie, C. (2011). ITIL V3 and BiSL: Sound guidance for business IT. ASL and BISL Foundation. Niessink, F., Clerk, V., Tijdink, T., & van Vliet, H. (2005). The IT Service Capability Maturity Model version 1. Amsterdam: Vrije Universiteit. Pollard, C., & Steel, A. (2009). Justifications, strategies and critical succes factors in succesfull ITIL implementations in U.S. and Australian companies: an exploratory study. Information systems management, 26 (2), 164-175. Shire, J. (2011, September 27). Wikipedia. Retrieved March 1, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Project_initiation_document Scmidt, V. (2002). IT service management. Haren publishing. Spremic, M., Zmirak, Z., & Kraljevic, K. (2008). IT and business process performance management: Case study of ITIL implementation in finance service industry . The conference proceeding of Information Technology Interfaces, 2008. ITI 2008. 30th International Conference on services (pp. 243-250). Dubrovnik: Office of governance and commerce. Tapia Santana, R. (2006). IT process architectures for enterprises development: A survey from a maturity model. Enschede: University of Twente. 21 Taylor, G. (2010). Disney's ITIL journey. APMG. van Bon, J., de Jong, A., Kolthof, A., Pieper, M., Rozemijer, E., Tjassing, R., et al. (2007). IT service management an introduction (PP. 4). Amersfoort: Van Hare Publishing. van de Weerd, I., & Brinkkemper, S. (2009). Meta-Modeling for situational analysis and design methods. In M. Rahman Sayed, & S. Nessa Syed, Handbook of Research on modern system analysis and design technologies and applications (pp. 35-54). IGI Global. Veen, A., & Bon, J. (2007). Foundations of ITIL v3. Van Haren Publishing. von Solms, B. (2005). Information Security governance: COBIT or ISO 1799 or both. Elsevier,Computers & Security 24, 99 - 104. Weill, P., & Jeanne, R. (2004). IT governance on one page. Massachuetes : CISR. 22