ITIL: MY INTRODUCTION. PART-2 OF 3

Earlier I mentioned how impressed I was with the value that ITIL can bring to any organization. My positive impression led me to research it a little more—just enough so that I would get the big picture.

The beauty of ITIL, as mentioned previously, lies in its customizability. It specifies the framework, which means that while ITIL reveals the main outline of each best practice, it leaves substantial parts of the solution for you to fill in.

It should be possible to implement ITIL’s best practices using nothing more than Microsoft Office and a team of really dedicated evangelists. In order to implement these best practices, an organization needs a software tool, a team of evangelists, and a project plan.

ITIL needs a central repository for the knowledge and lessons learned by the organization. This repository takes the form of a database called the Configuration Management DataBase (CMDB). It is conceivable therefore, to use MS Office’s Access database for the CMDB. Of course, you should at least have a back-end SQL server to support it.

But don’t do it unless you have a small organization like a medical practice that has 10 physicians working together in one, maybe two, locations. Or, to put it another way, don’t do it unless the organization has an IT staff of two or three. I’m titillated by the idea but that would be a shoestring operation and wages may outweigh the cost of purchasing a dedicated ITIL software package. In short, I think it is feasible even though I have never heard of an implementation in such a small scale.

In order to implement ITIL effectively, the organization must maintain that CMDB and leverage it aggressively to share information to everyone in the organization about changes to existing processes, best practices that were adopted, standards that were set, timelines, etc. It is also important for the project team to roll out ITIL’s best practices in a sensible manner. The best practices should target related functions so that the improvements are quickly felt by the user organization. That will make it easier to adopt and, ultimately, shorten the time before the organization reaps the benefits.

WHAT ARE BEST PRACTICES ANYWAY?

If a user’s desktop starts malfunctioning, does the organization have a procedure that the user can follow confidently? In other words, can the user pick up the phone and call a service desk to report that her desktop isn’t working? And, when someone from IT picks it up, will she receive a loaner until her desktop is fixed and returned to her? Will the majority of her files be accessible through that loaner because the staff has been trained to save all of their files to a central server?

Those are all practices. In fact, those are all best practices. Note several things. First, the user has confidence in the procedure. Second, the process of receiving the loaner and setting it up for the user should take an hour or two—a quick response, in other words. And third, the user’s ability to access her files is possible only because of another practice, namely, saving user files to a central server.

None of these practices need special software to implement, correct? But how many organizations can execute this process consistently? Not many, would you agree?

This is why ITIL was developed. It is a compilation of the best practices for each conceivable function of the IT organization. These practices have one common goal—maximizing the value of IT’s services to its parent organization. ITIL accomplishes this by establishing a common language of terms and a set of service standards.

THE BIG PICTURE

The big picture I mentioned earlier consists of five major domains:

Service Support, which includes

1. Service Desk
2. Incident management
3. Problem management
4. Change management
5. Configuration management
6. Release management

Service Delivery

1. Service Level management
2. Financial management of IT services
3. Capacity management
4. Availability management
5. IT service continuity management

Business Perspective

Information & Communications Technology Infranstructure management

Software asset management

See Part-3 of 3 for an overview of the individual components.

PREPARING FOR DISASTER RECOVERY—CLEAR QUESTIONS THAT MUST BE ANSWERED

The recent photo above shows a building on fire in Karachi, Pakistan. Think it’s unlikely to happen to you? Well this was the second time in six months that this building caught on fire.

In a recent project involving disaster recovery, the owner insisted that we clarify the issues confronting his business very clearly. It forced us to look for the best (i.e., clearest) questions. Here they are. The questions were distilled from information that was found at Sungard, Iron Mountain, Forsythe.

November 3 update: I added three more important aspects to consider in your disaster recovery and business continuity planning. Click here.

We came up with five questions.

1. How will disaster impact your key assets? Your key assets are your people, your property, your computing systems, and your data.
2. What are the most likely disasters to strike your business? Prepare a response for each one. You might need different plans for a building fire and an earthquake.
3. Which systems must be restored in sequence? This requires you to prioritize your systems.
4. Identify the possible points of failure in your current systems. Can you plug those possible points of failure in your most critical systems?
5. How much will you budget for disaster recovery? To accurately budget for disaster recovery, quantify your possible losses from the interruption of your most critical systems.

YOUR KEY ASSETS
Let’s return to the four key assets. Questions are posed for each asset. Your answers will get you started.

1. People - How will your employees be notified and evacuated? How will they be able to work after the disaster? If your building burns down today, how will your people be able to work tomorrow to restore your business?
2. Property - What equipment will you need for your people during and after the disaster?
3. Systems - How much downtime can you tolerate? To be prudent, which systems must be duplicated before disaster strikes? If that wasn't done, which systems must be brought back online urgently?
4. Data - Identify your most critical data. How will you protect it before disaster strikes? How will you recover any lost data?

ABOUT OUR SOURCES
This information came from their respective websites:

• SunGard’s robust infrastructure, pressure-tested processes, and expertise keep client people and information connected. Sunguard helps 10,000 customers worldwide achieve uninterrupted access to their mission-critical data and systems
• Iron Mountain helps organizations around the world reduce the costs and risks associated with information protection and storage. Iron Mountain is a trusted partner to more than 120,000 corporate clients throughout North America, Europe, Latin America and the Pacific Rim.
• From the boardroom to the data center, Forsythe helps organizations solve business problems through technology. Forsythe can help you align & operate IT, manage risk, protect & manage data, optimize the data center, enhance IT infrastructure, and source & manage technology.