Integrated Approach To Iec/Iso 20000 Adoption Based On Itil V3 Framework in The Case of Macedonian Companies
Integrated Approach To Iec/Iso 20000 Adoption Based On Itil V3 Framework in The Case of Macedonian Companies
Integrated Approach To Iec/Iso 20000 Adoption Based On Itil V3 Framework in The Case of Macedonian Companies
85
Proceedings of the International Conference on
Information Technologies (InfoTech-2011)
15-16 September 2011, Bulgaria
1. INTRODUCTION
In accordance with the State Statistical Office of the Republic of Macedonia for
2010, 92.7% of the business subjects with 10 or more employees have used
computers in their operation, whereas 84.1% have used Internet access. The
companies with more than 250 employees, the statistical data display use of
computers in 100% of their work and 99.2% use of the Internet. These indicators
further assert the need for appropriate insight of the place and importance of the IT in
the companies. Moreover, the National Bank of the Republic of Macedonia adopted
86
the decision on the Banks Information System Security (2008) which stipulates the
methodology for security through defining the processes for IT Service Management
based on ITIL Process Model. The decision for amending of the act for Banks
Information System Security in the Republic of Macedonia (2008), the companies
providing IT services to the banks are obliged to be ISO 20000 certified. With these
decisions, the need for IT Service Management System based on ITIL Process Model
has become a regulation (Broussard F. and Others 2006).
The ITIL framework represents a process model which follows PDCA (PlanDo-Check-Act) principle of quality management of Edward Deming. Because of this
principle one can say that the ITIL framework is a system or quality management
applied in the IT organizations and departments (Addy R. 2007). The ITIL
framework is not the only practice of IT Service Management. As opposed to the
development of ITIL, other practices and standards of IT Service Management were
also created, such as COBIT, ISO 20000, MOF, as well as practices which the
companies have internally developed.
This paper presents a result from the research whose main goal was to obtain
information on the experience of the companies regarding the implementation of the
IT Service Management based on the ITIL Process Model and IEC/ISO 20000 status
in terms of the drivers that motivates organization to adopt the standard and perceived
barriers during the implementation projects.
2. ITSM CONCEPTS
The IT Service Management is a set of specialized organizational skills for
quality provision of IT services utilizing resources and capabilities of the Information
Technologies (Bon J.V., Other, 2007). Hence the goal of the IT Service Management
is coordination of the manner and quality of the service provision through the control
of the business process performances, at the same time control of the resources and
capabilities of the IT (Spremic M. and others 2008). The resources and the
capabilities represent assets for the enabling of the IT Service.
The resources include the infrastructure of the IT (servers, network, computers,
printers etc), the human resources (specialized engineers, managers etc.) and the
financial assets of the organization.
The capabilities develop through time and through the education and training of
the human resources who take part in the IT Service provision. The capabilities
include the overall knowledge and experience accumulated in the organization. The
experience is gathered through problem solving, dealing with situations, risk
management and error analysis.
Depending on the relation between the IT service providers and the users on the
one hand, and the users and the way of provision of the IT services on the other, there
are three types of IT Service providers shown.
87
The Internal Service Provider is rooted in the business organization unit itself.
This type is most commonly found in the larger companies which can afford
dedicating resources to only one business unit.
The Shared IT Service Provider is a type of organizational structure in which the
IT department provides IT services for more than one business unit. This type of
organizational structure is the most common in the Macedonian companies.
The External IT Service Provider is a way of obtaining services from an external
company. This organizational structure is used as one of the primary approaches
toward consolidation and optimization of the resources and costs. The best example is
SaaS (Software as a Service) distribution of the applications, as in the case of the use
of CRM (Customer Relationship Management), ERP (Enterprise Resource Planning)
tool (SalesForce.com).
2.1. ITIL Version 3 Framework
The IT Service life cycle is a central concept of the ITIL Version 3 framework.
It consists of the 5 segments in which the IT Service Management processes are
organized. Around this central concept revolve the roles, activities, metrics of the
process performance and corrective activities in the process of IT Service
Management. With the service strategy, as first stage of the IT Service life cycle,
followed by the Service Design, Service Transition and Service Operation, and
finally with Continual Service Improvement, proper management is provided.
Figure 1 represents the IT Service life cycle in accordance with ITIL framework
and the processes are defined in each stage respectively.
Service
Strategy
Service
Design
Service
Transition
Service
Operation
Service Strategy defines the needs, priorities, demands and importance of the
new IT Services or the changes in the existing ones. It identifies the values which
would be perceived by the IT Service, as well as the required financial resources
needed for the design, implementation and operation support.
In the Service Design stage of the IT Services, the infrastructure, processes and
support mechanisms are designed which are necessary for the availability and the
utility for the user.
88
89
90
In five of the surveyed companies and institutions ITIL processes are not
implemented and there is no initiative for theirs implementation.
Eight of the surveyed companies and institutions have still not implemented
processes for IT Services Management, but there is an initiative for a project for their
implementation in the upcoming period.
In eight of the surveyed companies have implemented a part of the processes
from the ITIL process model, and 3 of the companies have implemented all processes
(data shown on figure 2).
91
In the terms of IEC/ISO 20000 adoption and certification, the research provide
information that 10 from 17 companies and institutions are either IEC/ISO 20000
certified or there is ongoing initiative or plan for certification, shown on figure 3.
This is very important because it leads to a conclusion that surveyed companies and
institutions uses ITIL implementation to continue with IEC/ISO 20000 certification.
The conducted research provided a clear picture on both the experiences of the
companies in terms of the drivers for ITSM adoption based on ITIL process model,
and barriers during the implementation. Perceiving the possible barriers in the
theoretical analysis of the project for ITIL process implementation, the survey offered
answers which the companies and the institutions should rank according to the
importance. The most important drivers for implementation of the ITIL processes are
the need for more effective risk mitigation in IT, improvement of the IT
performances, and following the global IT standards, shown on figure 4.
92
As the greatest barrier which the companies and institutions deal with is the
resistance towards organizational changes, which is reasonable since the
implementation of the ITIL processes means redefining the existing and adding new
obligations and responsibilities in the IT departments, shown on figure 5.
Other barriers that the companies and institutions may experience are the lack of
management commitment and the unfamiliarity with the benefits of the ITIL
processes implementation.
Regarding the adopted and implemented processes in the Macedonian
companies and institutions, the research provided data for the most implemented ITIL
processes are Incident Management with 78.57% of companies that have
implemented, Problem Management with 69.23%, Change Management with
78.57%, Release Management with 75% and Service Level Management with
69.23%. The processes that are last adopted and implemented are Continual Service
93
The processes that are most important for future plans and initiatives are the
processes from the Service Strategy, Service Design and Service Transition stage.
Existence of the plans and initiatives for implementation of these processes
confirm the strong awareness of the benefits from integrated approach in adoption
and implementation of the ITIL framework and IEC/ISO 20000 certification.
4. CONCLUSION
The research is done in order introspect the current status of the ITSM
awareness, ITIL implementation and IEC/ISO 20000 initiatives and plans as well
quantification of the drivers and barriers from the implemented system for IT Service
Management based on the ITIL V3 process model. In 79.17% of the companies and
institutions exists ongoing initiative and plan for ITIL processes implementation, or
94
they already have implemented part or all ITIL processes. Due to late adoption of
ITSM frameworks in as opposed the global trends, 78.95% of the surveyed
companies and institutions adopted ITIL Version 3 framework.
The research has shown that companies uses ITIL Framework implementation at
first place and continue with IEC/ISO 20000 certification which makes the bridge
between the ITIL V3 practice and the standard requirements. As the most used
approach is starting implementation with group of processes and then integrating the
complete process model. Processes from the Service Operation are the most
implemented processes which is logical outcome because the main driver to adopt
ITIL is improvement if the IT performances. Still there are interest and future plans
on the other processes which will bring more benefits to the adopters.
The biggest drivers for adopting and implementing ITIL processes are need for
more effective risk mitigation and improvement of the IT performance, but following
the global IT standards, requests from clients and regulation are also driver for ITIL
initiatives. As biggest barriers in the implementation of the ITIL processes
implementation appear with the resistance to the organizational changes, lack of
management commitment and unfamiliarity with the benefits. Other barriers which
Macedonian companies and institutions come across are insufficient training and lack
of strategy. This confirms that the barriers greatly influence on all three aspects of the
implementation project (process, people and technology).
REFERENCES
Addy R. (2007). In: Effective IT Service Management, to ITIL and Beyond. Chapter 4, pages 23
31. Springer.
Amending Decision on the Banks Information System Security (2008) Official Gazette of the
Republic of Macedonia No. 31/2008.
Bon J.V., Other (2007). In: Foundation IT Service management based on ITIL v3. Chapter 2, page
16 and Chapter 3, page 21. Van Haren Publishing.
Balnaves M., Caputi P. (2001). In: Introduction to Quantitative Research Methods: An Investigative
Approach. Chapter 4, pages 64-90. Sage Publications.
Broussard F. W., Elliot S., Grieser T. (2006). In: ITIL Penetration Is Moving Faster than You Might
Think: Some Results of the System Management Software Strategies Study. Pages 1-7. IDC
Survey.
Decision on the Banks Information System Security (2008) Official Gazette of the Republic of
Macedonia No. 31/2008.
Spremic M., Zmirak Z., Kraljevic K., (2008). IT and Business Process Performance Management:
Case Study of ITIL Implementation in Finance Service Industry. In: Proceedings of the 30th
Int. Conf. on Information Technology Interfaces. June 23-26, 2008, pages 243-249, Cavtat,
Croatia.
Copyright of Proceedings of the International Conference on Information Technologies is the property of SAER
Forum Group and its content may not be copied or emailed to multiple sites or posted to a listserv without the
copyright holder's express written permission. However, users may print, download, or email articles for
individual use.