The knowledge
behind the network.®
Five Steps to
Implementing ITIL
By Kerry Litten
Consulting Manager
INS
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 1
Five Steps to Implementing ITIL
By Kerry Litten, Consulting Manager
Introduction
Once an organization has decided to adopt ITIL best practices, the question becomes  What is the best way
to implement ITIL, and what are the practical steps involved? One possibility is to follow the classic
analytical approach: assessment followed by design and then implementation. This has the virtue of
simplicity, but it also has its drawbacks. An assessment takes time and resources, and may be perceived as
unnecessary by those within the organization who are already well aware of the main operational functions
or processes that need improvement. Similarly, the need to go through a design stage may be questioned
since ITIL best practices encapsulated within a process flow should be very much the same for any
organization, regardless of its size or industry sector. In other words it should be possible to customize a
 standard process design rather than create a completely new one for each implementation.
A rather different approach is described in the OGC1 book Planning to Implement Service Management.
This approach starts with the creation of a vision mutually agreed upon between IT and the business. It
continues through the development of measurable performance targets and culminates with the design of a
process improvement program. Whilst this approach provides a great deal of valuable guidance, it does not
describe how to encapsulate ITIL best practices in actual process flows. It also makes the tacit assumption
that there is an effective system of IT governance in place that enables business alignment, business value,
and the management of risk to be used to set targets for and to measure the success of the ITIL
implementation program. In our experience, this is usually not the case. Effective IT service management
processes are a prerequisite for effective IT governance.
This paper describes a practical way to implement ITIL best practices that incorporates the benefits of the
two approaches described above while overcoming their shortcomings. It offers:
A step-by-step approach, developed through real experience
Faster start to implementation and achievement of anticipated benefits
A foundation for effective IT governance
1
OGC  Office of Government Commerce, the body responsible for development of ITIL
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 2
Step 1: Process Workshops
ITIL documentation published by the OGC contains a lot of detail about how to implement best practices.
However, it stops short of providing detailed process flows that can be used as generic templates2. Such
templates do exist though. INS, which has worked with a wide range of clients on ITIL projects, has built
and refined templates through accumulated experience. Although no two organizations are the same in the
way that they choose to implement ITIL in terms of functions and organizational structure, their actual
process designs will have a great deal in common since they encapsulate best practices in IT service
management. Therefore, any organization planning to implement ITIL has a choice: 1) either create detailed
process designs from the ITIL documentation, or 2) use generic templates that are then tailored as
necessary. Of course, it is important to ensure that the templates have been created by skilled and
experienced practitioners, well-versed in ITIL.
The use of process templates as a starting point enables operational managers and practitioners within the
organization to immediately start to engage with ITIL in a positive way. In our experience, the best way to
do this is to bring the relevant individuals together in a workshop facilitated by an experienced third-party
ITIL practitioner to go through each ITIL process. To do this properly requires at least half a day per
process, but the benefits are substantial:
The process template provides a vision of best practices that keeps the discussion from getting bogged
down in the details of the way the process currently operates.
The use of a third-party facilitator creates a neutral environment in which comments can be expressed
and experiences shared more openly, which can start to break down barriers between different
technical specialists or operational groups.
The detailed review of an ITIL process stimulates participants to think about the differences between
the way things are done now and best practices, and to start to formulate ideas about process and
other changes that could (or should) be made.
At first glance, initiating the project with a set of process workshops may seem like starting in the middle
rather than at the beginning. But in practice, it provides an indispensable foundation for the implementation
process as a whole by providing a target that shows, to a high level of detail, what the IT service
management processes should look like when the project is complete. This helps to ensure that anything
other than best practice is eliminated and not inadvertently included as a building block that has to be
subsequently replaced.
Examples of Level 1, Level 2 and Level 3 process templates are shown in Figures 1-3. Figure 1 depicts the
Level 1 process architecture. Figure 2 focuses on a Level 2 view of a single process and the sub-processes
that it contains. Figure 3 shows the Level 3 activities and flow of control within an individual sub-process.
2
One exception to this is the Change process documented in the IT Service Management Pocket Guide
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 3
Figure 1: Example Level 1 Process Template (partial)
1.0 Request for Change 4.0
Incident Change
Management Management
Change
Authorization
Incident Change Authorization
Request for Change
History
CI Update
Update Output
2.0 3.0
Problem Configuration
Management Management
Figure 2: Example Level 2 Problem Management Process Template
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 4
Figure 3: Example Level 3 Problem Management Sub-process
Step 2: Gap Analysis
Step 2 identifies gaps between best practice process flows discussed in the workshops and the way that IT
service management is currently performed. These gaps will be used to identify detailed requirements for
the ITIL implementation project. To do this, information must be gathered from operational managers and
staff who attended the process workshops and, thus, already have a good understanding of the type of
information and level of detail required.
Data gathering should be done in a structured way. It is important to have one or more experienced ITIL
practitioners involved to ensure that gaps are correctly scoped and classified by process area. If desired, this
step can be extended into a full process capability assessment. This approach has the benefit of creating a
baseline against which subsequent improvement can be measured, but will also require more time and
resources as well as a commitment to undertake additional assessments in the future. In practice the
decision as to whether or not this is worthwhile usually depends on the attitude of executive management or
whoever is ultimately responsible for the budget for the implementation project.
Gaps may exist in a number of areas, including process issues (design or compliance), people (staff skills,
roles, numbers, or organization), technology (tools, systems, and facilities), third-party services, or any
combination of these. At this stage it is important to simply identify gaps and the process area(s) they affect
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 5
rather than attempting to find solutions. This comes later, after the gaps have been prioritized. The
following are some typical gaps relating to the Incident Management process:
Incidents are not recorded in a single system. The managed services provider uses its own system,
which is not linked with the system used by in-house IT.
There is no clear definition of the role of the Service Desk in performing the Incident Management
process.
Incidents are not classified in a consistent fashion.
No effective management reporting for Incident Management, e.g. incidents by application, etc.
No defined interface with other processes, particularly Change, Problem and Service Level
Management.
Step 3: Create a Roadmap and Plan
Having created a list of gaps in the previous step, the tasks that need to be completed before arriving at a
plan are:
Prioritize gaps
Identify actions required
Put the actions into a roadmap
Create a plan to implement the roadmap
Prioritize Gaps
It is unlikely that sufficient resources will be available to work on all identified gaps simultaneously. Even
if there are, it is still usually better to prioritize them and work on the most important first in order to:
Achieve a number of  quick wins that will help to establish the value of the project and encourage
participation and support
Ensure that the rate of change required does not impact current services
Incrementally improve the level of process capability by steadily building one enhancement upon
another
The way in which prioritization is done will vary from organization to organization, but generally speaking,
the main criterion to use at this stage is the value of closing a gap. Later on, when building the plan, it may
be necessary to adjust some of the priorities if it becomes clear that resource requirements cannot be met or
if other constraints exist.
Identify Actions Required
Next, it is necessary to identify the high-level actions needed to close the gaps. Start with the highest
priority gaps and work down the list to ensure that, as far as possible, the specified actions enable the higher
priority gaps to be addressed first. Although the purpose of the ITIL implementation project is to enhance
IT service management processes, many of these cannot be changed to fully incorporate ITIL best practices
until other prerequisite changes have been made to some or all of the following, on which successful
process operation depends:
Staff roles and activities
Third-party services
Tools and systems used to support IT service management
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 6
For some gaps it may be possible to identify a complete set of actions, all of which are required, whilst for
others it may be possible to identify just the initial action, such as  Investigate potential solutions, knowing
that subsequent actions cannot be specified in detail until this step has been completed. Some actions may
also be identified that apply to more than one gap. Table 1 lists typical Incident Management gaps and
actions that should be taken.
Table 1: Typical Gaps and Actions for Incident Management
Gap Actions
Lack of awareness in some support groups Establish and communicate an Incident Management
of the business drivers and priorities for policy
Incident Management
Incidents are not recorded in a single 1. Investigate and discuss potential solutions such as
system. The managed services provider migrating to a single existing system, integrating
uses its own system, which is not linked to existing systems, purchasing a new tool
the in-house IT system.
2. Select the preferred option and implement it
There is no clear definition of the role of Review roles defined in the ITIL Incident Management
the Service Desk in performing the Incident process and map to the current organizational structure.
Management process If there is a need to realign the organizational structure,
investigate possible options.
No effective management reporting for Define initial reporting requirements
Incident Management
Incidents are not classified in a consistent 1. Define classification scheme that will meet
way reporting requirements
2. Conduct awareness training for staff
3. Incorporate classification scheme into tools
4. Monitor reports to ensure that all incidents are
classified using this scheme via the ITIL Incident
Management process
No defined interface with other processes, 1. Ensure that a Request for Change (RFC) is
particularly Change, Problem and Service submitted for all changes required to resolve
Level Management incidents
2. Review the ITIL Problem and Service Level
Management processes to understand their interface
requirements
3. Implement interfaces to Problem and Service Level
Management
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 7
Create Roadmap
The purpose of the roadmap is to provide an overview of how the implementation will be carried out. This
is useful for anyone who will be affected by the ITIL implementation as well as for executive management
who will need this higher-level perspective. In order to create the roadmap, each of the actions identified
should be reviewed and classified by the approximate target time period for completion. INS suggests using
the time periods 0-6 months, 6-12 months and 12-18 months. The focus of the 0-6 month roadmap time
period should be on actions that address high priority gaps. But it may make sense to include actions for
lower priority ones, too, if they are easy to achieve or are prerequisites for subsequent actions.
For ease of communication, the actions in each of the three time periods covered by the roadmap should be
summarized as a number of themes as illustrated in Table 2.
Table 2: Typical Roadmap (partial)
Roadmap: 0-6 Months
1 Focus on the process areas Incident, Change, and Configuration Management and the interfaces
among them.
2 Investigate options for integrated systems to support these process areas (also considering
Problem and Service Level Management).
3 Ensure that there is a coherent organizational structure for Incident Management with clear
management direction regarding this process.
Prepare a Plan
The roadmap provides an overview of the activities to be carried out in each six-month time period, but a
detailed plan must also be produced to determine the order in which things are done and to ensure that they
can be properly managed. The plan should take into account the availability of resources and any other
constraints that can be identified, for example the lead time needed to appoint and train new staff. If it
becomes clear that not all of the activities in a particular timeframe can be completed, the roadmap should
be modified accordingly. For this reason, it is probably wise not to publish the roadmap until the plan has
been completed and approved.
Step 4: Act and Measure
Now that a plan has been developed, the temptation is to start acting on it straight away. However, there is
one additional task that should be undertaken first: identify an initial set of metrics, called Key Performance
Indicators or KPIs, which can be used to measure the effect of the ITIL implementation project. KPIs can
help determine whether a process is working as it should and is likely to produce the desired outcome or
result. Some KPIs can be measured prior to completion of the process. This type of KPI enables action to be
taken to correct an issue early on rather than after a process has failed. Other KPIs measure the outcome of
the process, often as a percentage change up or down.
Careful selection of appropriate KPIs for each IT service management process will provide a measurement
framework that can be used to monitor process performance. There are a number of aspects of performance,
however, and in order to reflect this, INS recommends choosing KPIs that apply to each of the four
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 8
categories of the Balanced Scorecard3 - Business Value, Operational, Customer4 and Organizational
Learning. Table 3 shows a set of sample KPIs for the Capacity Management process.
Table 3: Typical KPIs for Capacity Management
Business Value KPIs
Increased average utilization of infrastructure resources
Percentage accuracy of forecasts of capacity needed to meet future business needs
Operational KPIs
Increased number of infrastructure components whose utilization is monitored
Increased number of IT services whose performance is accurately monitored
Review and/or implementation of a new technology in line with business requirements and at optimum
point in product lifecycle (as defined by IT policy)
Customer KPIs
Number of incidents due to inadequate capacity
Percentage of new services for which a service impact study (used to assess ability of the infrastructure
to facilitate service performance targets and capacity requirements) has been performed prior to
implementation
Time taken to reflect changes to business plans in the Capacity Plan
Organizational Learning KPIs
Percentage of components sized and configured according to standard capacity models
Cost of capacity monitoring and reporting
Percentage of recommendations put forward in the Capacity Plan agreed and acted upon
Step 5: Establish Process Governance
The final step in the ITIL implementation project is to establish a governance framework and process for
the IT service management processes (unless this is already in place). The goal of this governance is to
ensure that the way in which IT services are managed meets the requirements of the business and makes
effective and efficient use of the resources used for delivery. The scope of IT Governance is not just service
management but also service development (i.e., which services or applications should be developed and
implemented) as well as any other IT activities.
Whilst the ITIL processes provide a structured framework for control of service delivery, governance
provides a framework to drive the continuous development, adoption and improvement of these processes
to achieve organizational goals. In this discussion however we are focusing on the relationship between
governance and IT service management. This relationship is depicted in Figure 4.
3
An innovative management technique introduced by Kaplan & Norton in 1992
4
We interpret  Customer as any direct or indirect user of the service management process in question
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 9
Figure 4: IT Process Governance
Governance Framework
Governance Framework
- IT Principles
- IT Principles
Governance Process
Governance Process
- Standards
- Standards
- Performance Metrics
- Performance Metrics
Priorities &
Priorities &
allocated
allocated
resources
resources
Measurements
of performance
Service Development Service Management
Processes Processes
How does ITIL help  meet the requirements of the business ? Without a clear and convincing answer to this
question, the task of justifying an ITIL implementation project in the first place will be difficult  except as
a means to increase efficiency. INS believes that there are three objectives that IT service management
should strive for, namely to:
Maximize the value delivered by IT services using metrics agreed by the business
Ensure that IT-related risks are effectively managed
Maximize alignment between service delivery strategy and business strategy (e.g., provide secure
remote access to services to enable executives to access them worldwide)
The governance framework should therefore define the metrics for these objectives and the way that they
can be used to measure achievement against each of them.
In most organizations, IT is primarily an enabler for the creation of value rather than a direct value
generator. Hence, it is difficult to express the value of IT services in purely financial terms. The one
obvious financial metric is the cost of service delivery, although unless this can converted to a unit cost by
measuring the volume of services delivered, it may not be a good measure of value. There are a number of
other metrics that can be used to measure business value, however, including service availability and
reliability, the consistency with which service levels are achieved, the reduction of the number of service-
affecting incidents, ease of use (assessed rather than measured), process efficiency, and efficiency in the use
of resources. Business processes need to evolve and change, however. IT service management can add
significant value by responding to and enabling these changes and in some circumstances actually driving
them. Metrics that can be used to measure this type of value include:
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 10
 Time required to deploy new services
Time to design and deploy new or improved service delivery mechanisms
Percentage of projects completed on time
Percentage of projects completed within budget
Perception survey of IT responsiveness and innovation in relation to business needs
Whatever metrics are chosen, it is important that they be agreed upon by both IT and the business. Ideally,
to provide a complete assessment of value, IT will have its own Balanced Scorecard, with metrics covering
each of the four categories, namely Business Value and Operational, Customer and Organizational Growth
and Learning. Business users may not be very interested in the Growth and Learning category, but
achievement in this area plays a key role in the ability of IT to support business agility.
ITIL best practices play an important role in ensuring that IT-related risks are effectively managed.
However, unless incidents occur frequently, there is no way to directly measure the effectiveness (or
otherwise) of risk avoidance. Probably the most straightforward way to provide assurance of the
effectiveness of risk management for the purpose of governance is to measure compliance with ITIL
process activities associated with it, for example the regular performance of a service availability risk
assessment and production of an Availability Plan, or the updating of the Continuity Risk Register and
making the necessary amendments to IT Service Continuity Plans.
Alignment between service delivery strategy and business strategy is something that needs to be assessed
rather than measured. However, it is important that the governance framework should also cover alignment,
as it can have a profound effect on the ability of the business to operate in the way that its strategy demands.
For example, if business strategy dictates that new services should be designed and implemented within six
weeks, but service delivery capability cannot accommodate this in less than 10 weeks, then there is a
serious issue.
Once the governance framework has been established and measurements are being regularly taken, the
governance process can use these measurements to monitor the performance of IT service management. If
monitoring indicates that there is a problem  for example risk management procedures are not being
complied with or business value metrics show a downward trend  then the governance process is used to
decide what needs to be done and to acquire and assign the resources needed to resolve it. The governance
process, therefore, enables IT service management to be continually tuned to ensure that it maintains its
effectiveness in supporting and enabling the operation of business processes.
Conclusion
The potential benefits of adopting ITIL best practices for IT service management are becoming ever more
widely recognized. Organizations that have made the decision to proceed with implementation want to
know the quickest and most effective way to go about this. They also want to know how much help they
need from experienced ITIL practitioners and how to make best use of them.
A practical approach that provides a fast start to implementation is to make use of predefined ITIL process
templates. Experienced practitioners can work closely with key staff to rapidly create a gap analysis, a
roadmap, and a detailed implementation plan. KPIs are used to measure the effect of the implementation
project on IT services, and the use of four categories supports well-rounded and meaningful measurement.
Finally, establishing a governance framework and process for IT service management ensures that these
processes fully support the achievement of organizational goals and can form part of a broader IT
governance process designed to maximize the business value of IT services.
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 11
About INS
INS (International Network Services Inc.) provides IT infrastructure consulting services, software, and
business solutions to help companies build, secure, and manage their business-critical networks. Our end-to-
end consulting solutions address customers' needs in IT Strategy and Planning, IT Infrastructure, Operating
Systems and Directory Services, Storage Systems and Services, Security, Network and Systems
Management, and Project Management, helping them optimize their business to better face competitive
challenges and meet future demands. The Diamond IP family of software from INS provides flexible and
scalable solutions for today's complex IP networks. We are one of the world's largest independent network
consulting and solutions providers with a track record of thousands of successful engagements. INS is
headquartered in Santa Clara, Calif. and has offices in the U.S., Europe and Asia. For additional
information, please contact INS at 1-888-767-2788 in the U.S., 44 (0) 1628 503000 in Europe, 65 6549
7188 Asia, or 1-408-330-2700 worldwide.
Copyright © 2005, International Network Services Inc.
This is an unpublished work protected under the copyright laws.
All trademarks and registered trademarks are properties of their respective holders.
All rights reserved.
Five Steps to Implementing ITIL January 2005 INS Whitepaper " 12