ITIL v3 — IT service management in Czech practice

“The IT department is a black hole where money disappears.” Every CIO hears that sentence at least once a year from the CFO. And no wonder — if IT can’t clearly show what services it provides, how much they cost and how it measures their quality, it’s hard to justify the budget. ITIL v3 gives us the framework to change that. And after three years of implementations, we know it works — but not for free.

What ITIL is and what it isn’t¶

ITIL (Information Technology Infrastructure Library) is not a standard in the strict sense — unlike ISO 20000, organizations cannot be certified against it. ITIL is a collection of best practices for IT service management. Five books, five phases of the service lifecycle: Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement.

The key shift in ITIL v3 compared to v2 is precisely this lifecycle. ITIL v2 was process-focused — Incident Management, Problem Management, Change Management. ITIL v3 puts that in the context of the service as a whole. First you define the strategy, then you design the service, transition it into operation, operate it and continuously improve it. It sounds logical. In practice, however, it means you cannot simply deploy a Service Desk and say you’re “doing ITIL”.

Where to start — Service Desk and Incident Management¶

Even so — most of our clients start exactly where it hurts the most. And that is typically the Service Desk. Users call different numbers, email different people, incidents get lost, nobody knows what’s resolved and what isn’t. Classic.

Implementing a Service Desk according to ITIL means a single point of contact (SPOC), a ticketing system, incident categorization and prioritization, escalation rules and SLAs. As the tooling we use HP Service Manager (formerly HP OpenView Service Desk) or BMC Remedy for most clients. For smaller companies we also consider OTRS, which is open source and surprisingly capable.

Incident Management is the first process we formalize. The goal is simple: restore the service as quickly as possible. Not finding the root cause — that’s Problem Management. This distinction is often unfamiliar to IT departments. Admins naturally want to find the root cause. But the user whose email isn’t working doesn’t care why — they want it back. Now.

Change Management — control over changes¶

The second process we deploy is Change Management. And this is where we encounter the most resistance. Developers and admins are accustomed to making changes whenever they need — Friday evening, a patch to production, a hotfix without testing. Change Management says: every change must be recorded, assessed (risk assessment), approved (CAB — Change Advisory Board) and planned.

The most common objection: “It will slow us down.” And yes, initially it will. But after three months, when the client sees that eighty percent of outages were caused by unapproved changes, the resistance fades. The important thing is not to implement Change Management as bureaucracy. Standard changes (routine, pre-approved changes) go through a simplified process. Emergency changes have a shortened procedure with retrospective approval. Only normal changes go through the full cycle.

Configuration Management — CMDB¶

The Configuration Management Database is the holy grail of ITIL — and also the place where most implementations fail. In theory, the CMDB should contain all configuration items (CIs) and their relationships. Servers, applications, databases, network elements, licenses, documentation — and how it all relates.

In practice we advise clients: start with a small scope. Don’t try to map everything at once. Focus on critical services and their infrastructure. Connect the CMDB with Incident Management (which CI is the incident related to?) and Change Management (which CIs will the change affect?). And above all — automate discovery. Manual CMDB maintenance is a path to stale data hell.

For automated discovery we use HP Universal Discovery (formerly HP DDM) or Microsoft SCCM, which most clients already run for desktop management. Data from discovery is then fed into the CMDB in HP Service Manager.

Service Level Management — measuring what we promise¶

An SLA (Service Level Agreement) is an agreement between IT and the business on the level of service. 99.5% availability, Service Desk response within 15 minutes, P1 incident resolution within 4 hours. It sounds simple, but correctly defining an SLA requires understanding the business.

How many times have we seen SLAs built on technical metrics — server availability 99.9%. But the user doesn’t care about the server. They care about whether email, ERP or the intranet is working. SLAs should be defined at the service level, not at the infrastructure level. And that requires a service catalog — a list of services IT provides, comprehensible to the business.

Tools and certifications¶

ITIL certification for individuals has four levels: Foundation, Intermediate, Expert and Master. Foundation is manageable for any IT professional with a three-day course and one exam day. We recommend it for the entire IT department — not for the certificate, but for the shared language. When everyone knows what an incident is, what a problem is and what a change is, communication improves significantly.

As for tools, the market is broad today. HP Service Manager and BMC Remedy dominate the enterprise segment. ServiceNow is becoming an interesting alternative — SaaS model, modern UI, rapid deployment. For smaller companies OTRS or Mantis is a reasonable choice. The key thing to remember is: a tool is just a tool. Without processes and people who follow them, even the most expensive software won’t help.

Conclusion¶

ITIL v3 is not a silver bullet. It is a framework that requires investment in people, processes and tools. But for companies where IT is ceasing to be “the guy who fixes the printer” and is becoming a key service provider to the business, ITIL is the best available map. It is no coincidence that most large public-sector and private-sector tenders now require it.