In Part 1 of this blog I offered five tips for getting started with ITIL, the IT service management (ITSM) best practice framework: establishing a formalized service desk, identifying root causes (problem management), managing changes, tracking software licenses, and starting to use a configuration management database (CMDB). In this blog (Part 2), I offer five more tips for getting started with ITIL, which will improve:
- ITSM capabilities
- IT service delivery and IT support, and
- Business outcomes.
Tip 6: Exploit Knowledge
For many, this is the process of knowledge management and involves the introduction of knowledge management technology – ITIL suggests the service knowledge management system (SKMS). But it’s so much more, and like ITIL, it’s about people, process, and technology (and in this order) – with organizational change management (OCM) required to help create the right attitudes, behaviors, and culture (ABC) for knowledge management to work. You can read more about this in one of my previous blogs (BTW, self-promotion is the new black).
Returning to the technology for now though, an SKMS is a huge request in an organization with a mature ITIL framework in place, let alone one that’s just getting started. So being realistic, the SKMS isn’t something that you can do quickly but having a knowledge management capability is hugely important in terms of resolving incidents efficiently, minimizing downtime, and empowering both support teams and end users.
So, when getting started with ITIL, spend at least as much time working out how to encourage the required people change as you do building the architecture and tooling for knowledge management. As failing to do the former will leave you with a something that, while fit for purpose in technology terms, will never be used in the exploitation of knowledge, i.e. people just won’t use it to store and access important knowledge.
Tip 7: Manage Expectations with SLAs
Sometimes it isn’t enough to simply deliver great IT services. There are times when you need proof of that greatness. Within ITIL, service level agreements (SLAs) are a way of codifying the relationship, and expectations, between IT and the rest of the business – the customers and end users of IT services. These SLAs can be likened to a written handshake – an agreement on how both parties, service provider and consumer, will behave.
When starting to formalize your relationship with the business it’s best to keep your SLAs short and to the point. Start by covering your most business-critical services and applications as they will likely be the ones that cause the most pain. And keep your SLAs on point by focusing on your customer. Ask them what “good” really looks like and make sure that both parties can agree on how that can be both delivered and measured.
Elements to include when drafting SLAs are: an outline of the service so it’s really clear what’s in scope, agreed service hours, and availability targets. You can then always add more detail over time. Also, make your SLAs as easy to read and navigate as possible. Use business language and if your organization has any standard templates for documentation, then use them for your SLAs so that they have a look and feel that’s consistent and easily recognizable by the reader.
Tip 8: Communicate Your Services Using a Service Catalog
The scope of a service catalog is to provide and maintain accurate information on all IT services that are either being transitioned, or have already been transitioned, into the production environment; i.e. anything that IT offers that’s live or about to go live shortly. Essentially a service catalog, often in the form of a service request catalog, is a giant menu for IT to advertise its available services to the rest of the business.
Not everyone has a dedicated service (request) catalog tool. So as a starting point, a simple service catalog can be built in a spread sheet and made available online internally. Key information to communicate about each service listing includes:
- Service name
- Supported hours
- Where to go for help
Having some form of service catalog in place means that your end users can quickly see what is and isn’t supported, making them more likely to engage with IT rather than circumventing IT processes. As your service catalog grows over time, you can start to look at ITSM tool sets and automation, linking into service requests, incidents, or knowledge articles.
Tip 9: Invest in Information Security Management (ISM)
There isn’t a week that goes by where there isn’t some news story about a corporate security incident, embarrassing data breach, or website hack. Thus, when designing your business processes and IT services, look to build in suitable security considerations.
If your organization has a risk or general security function, then reach out to them to see what’s in place already. We’re not looking to invent the security wheel here, so if there’s something you can build on, that’s great. It means that you’re not starting from scratch and you can spend the time looking at your biggest areas of exposure and putting together an action plan.
From an ITSM perspective, a key part of ISM is having a policy that states what is and isn’t acceptable within your corporate IT environment. It might seem like a time-consuming task, but by having a sensible IT security policy in place, you’re not only protecting the here and now, it also means that you have something to build on later when you look at ITIL processes such as access management or request fulfilment.
When creating your IT security policy, perhaps in tandem (no, you don’t need to be able to ride a bicycle) with corporate security personnel, elements to include are:
- Scope – what is and isn’t covered by the IT department, and the associated risks and controls
- Password requirements, for example complexity and the reset process
- Requirements for encryption, for example for emails and portable storage units
- Provisions for bring your own device (BYOD) use cases – determine which device types are allowed and what support provisions will be made available
- Requirements for using cloud-based storage, including personal cloud services such as Dropbox
- Where to go for help or to ask questions
- How to report a security incident
Tip 10: Keep Improving Through CSI
Continual service improvement (CSI) is now increasingly touted as the first thing to do in ITSM, or ITIL, adoption – not the last. It can seem like overkill when just starting with ITIL, but the reality is that the sooner you start embedding CSI into your processes, the easier it gets to improve on the status quo.
An easy way of capturing opportunities for improvement is by creating a CSI register – a document where you can record, prioritize, and manage identified opportunities for improvement to services or operations. Each entry should include what service is affected, a short description of the suggested improvement, and how much effort is involved as well as the team or teams responsible and any timings.
By building CSI into your processes, you demonstrate to your customers that you are committed to delivering the best possible levels of service – something that goes a long way in service reviews or contract renewals. An added benefit of embedding CSI into your ways of working is that the quicker and easier you can make it to engage with IT, the more likely people will use the right channels to ask for help, support, or guidance. Ultimately this will improve the relationship between the service provider and consumer. I recommend Stuart Rance’s white paper on this subject: 7 Tips to Help you Adopt Continual Service Improvement (psst, Stuart is an ITSM genius).
So, that’s my top ten “getting started with ITIL” tips. What tips would you add? Please let me know in the comments!