What is IT Service Management? A Complete Guide.
IT Service Management (ITSM) is an approach that Information Technology Organizations use to optimize how they design, build, implement, operate, and improve the services they deliver to their customers. ITSM combines elements of organizational structure, processes, and supporting tools to support this mandate.
Table of Contents
The following table of contents will make it easier to navigate this comprehensive article on IT Service Management.
- ITSM History
- ITSM Benefits
- ITSM Services
- ITSM Framework
- ITSM Implementation
- ITSM Team Structure
- ITSM Assessment
- ITSM Roadmap
- ITSM Processes
- ITSM Tools
- ITSM Tool Implementation
- ITSM Governance
- ITSM Challenges
ITSM History
IT Service Management is not a new concept. It was born out of necessity in the early days of mainframe computing.
In the 1960s, only the most significant commercial, scientific and governmental organizations had access to computing resources. We saw mainframes used in management information systems, finance, insurance, airline reservation, census, and research applications.
Computer time was costly, and the technology was not as reliable as today. The primary focus of service management at that time was reliability and availability, ensuring maximum ROI from the mainframe computers.
As computing became more mainstream, there needed to be more focus on ensuring a computing failure didn't place an organization at risk. This growth necessitated more structure around how IT provided services leading to well-defined ITSM roles and ITSM processes.
Fast forward to today, computing is even more ubiquitous, and with the rapid growth in Digital Transformation initiatives, our reliance on IT services will continue to grow.
Computers may be more reliable, but the complexity and criticality of today's computing environment necessitate an even stronger IT service management foundation.
ITSM - a look back
In 1979, IBM released the ISMA (Integrated Systems Management Architecture). ISMA focused on IBM hardware, but many principles still apply today.
In 1989, the UK government commissioned a project to standardize a set of best practice processes across their growing number of data centers. That was the birth of the IT Infrastructure Library or ITIL.
In 1994 IBM rolled out the IT Process Model (ITPM). ITPM extended and enhanced the ISMA while becoming technology independent.
In 1999 we saw the release of the Microsoft Operations Framework (MOF). Similar to ITIL, MOF focused more on distributed computing.
In 2001 we saw the release of the ITIL version 2 glossary (10 processes divided between Service Delivery and Service Support).
In 2007, the British government released ITIL version 3. This new version contained 26 ITSM processes organized by the lifecycle phases of Service Strategy (SS), Service Design (SD), Service Transition (ST), Service Operation (SO), and Continual Service Improvement (CSI).
In February 2019, we saw the release of ITIL version 4, emphasizing agile and modern service delivery. It has 34 practices/processes spread across three categories (general management, service management, and technical management).
ITSM Benefits
The benefits of ITSM are many. The foremost benefit is better alignment of IT with the business's goals. These goals may include the digitization of business processes and services. This alignment requires IT to be an equal partner instead of a cost center. Other benefits include:
- Improved reliability and availability of services
- Cost-effective delivery of services
- Mitigation of risk
- Better customer experience
- Enhanced efficiency and effectiveness of IT staff
ITSM & Cybersecurity
IT Service Management (ITSM) can significantly enhance cybersecurity within an organization by providing structured processes and practices that, when followed, enhance an organizations IT Security posture. This goes beyond creating an IT Security Management process. Virtually every ITSM process can play a role in improving IT Security.
Here are just a few examples:
- Incident Management: This process enables quick detection and response to security incidents. By having a structured approach to managing incidents, ITSM ensures that security breaches are identified, reported, and resolved promptly, minimizing potential damage.
- Change Management: ITSM enforces a formal process for evaluating and implementing changes, which helps prevent unauthorized or reckless modifications that could introduce security vulnerabilities. Every change is assessed for potential security risks before it is approved.
- Configuration Management: Through this process, ITSM maintains an accurate record of all IT assets and configurations, providing essential visibility. This helps in identifying unauthorized changes, sets standards for hardened baseline configurations, and ensures that security patches are applied consistently and promptly.
- Problem Management: ITSM facilitates the root cause analysis of security incidents, allowing organizations to address underlying vulnerabilities and reduce the recurrence of similar issues. This proactive approach strengthens overall security.
- Boosting Cyber Resilience with IT Security Assessments and ITSM Processes
- Building an IT Security Management process
- The Benefits of Having a Strong Foundation of ITSM Processes
- Why is ITSM Important to Your Business
ITSM Services
You can't discuss IT Service Management without first defining what a Service is.
A simple definition is "something of value provided to a customer where the provider assumes the cost and risk of building and delivering the service in exchange for some form of payment." If you are an internal IT department, that payment may be in the form of a chargeback or cost allocation. Commercial service providers will charge directly for their services.
From an infrastructure perspective, sample services may include email, collaboration, data backup, monitoring, or cloud services.
Examples of commercial IT services may include financial services (banking apps), Infrastructure (Azure), lodging (Airbnb), reservation systems (Tripadvisor), Shopping (Amazon), or the multitude of SaaS applications in the market.
Services should be defined in a service catalog and governed by a service level agreement (SLA) between the service provider and the customer.
The SLA defines such things as a detailed description of the service, the parties involved, the service's term, the service's cost, availability of the service, support, and penalties for breach of service.
IT involvement with services goes beyond technology, operations, and service level agreements.
An effective ITSM program works with the business to develop strategies for the service's design, development, deployment, operation, and continual improvement.
The SLA defines such things as a detailed description of the service, the parties involved, the service's term, cost, availability of the service, support, and penalties for breach of service.
IT involvement with services goes beyond technology, operations, and service level agreements.
An effective ITSM program works with the business to develop strategies for the service's design, development, deployment, operation, and continual improvement.
ITSM Framework
ITSM frameworks are a collection of best practices that provides structure and guidance. The key word here is guidance. For a framework to have "universal" applicability, it must be, by definition, high level.
A framework guides what you should do but not how to do it. It is up to each organization to adapt the framework to meet the needs of their business.
An ITSM framework improves your efficiency by giving you a great jumpstart on building an ITSM practice.
There are multiple ITSM frameworks, each with a slightly different focus. Unfortunately, there is also overlap between the frameworks.
It is essential to understand the strengths and weaknesses of each framework and build your ITSM practice using a combination.
Here are two of the most popular ITSM frameworks:
ITIL is the deFacto standard for ITSM processes and practices. Initially created in 1989, it has evolved into 34 processes/practices spread across three categories (general management, service management, and technical management). According to PeopleCert (the owner of the Axelos and the ITIL intellectual property), there are over 2,000,000 professionals certified in the ITIL framework, making it one of the most widely accepted approaches to IT Service Management.
COBIT is one of the most popular frameworks for IT management and governance.
Released in 1996 as a set of IT Controls, COBIT has gone through many evolutions, the most current being COBIT 2019. Cobit aligns with many other ITSM frameworks, including ITIL.
ISACA organized COBIT's governance and management controls into five domains and 40 processes.
The five domains are:
Use cases for COBIT include IT Audit, process assessment, and implementation and governance of other frameworks such as the NIST Cybersecurity Framework.
ISACA, a global professional association focused on IT governance, created COBIT.
ITSM Frameworks Galore!
Many other ITSM frameworks are available to ITSM practitioners, including:
- ISO/IEC 20000 is an ITSM standard from the International Organization for Standardization, often used to assess Service Providers.
- MOF is the Microsoft Operations Framework. Initially seen as an alternative to ITIL, it no longer appears to be updated by Microsoft.
- eTOM is a service management framework initially focused on the telecommunications industry. Now known as the Business Process Framework, its touted as a framework for service-focused businesses.
- USMBOK, the Universal Serice Management Body of Knowledge, provides essential reference materials for the ITSM practitioner.
- USM, the Unified Service Management method, is a universal approach for service management.
- Lean IT applies lean manufacturing and services principles to information technology products and services.
This list is just a few of the more common frameworks; many more are available!
Which IT Service Management Framework is Best?
Each of the frameworks listed above emphasizes different aspects of ITSM. ITIL focuses on processes and practices, while COBIT looks at things from a control objective (audit) perspective. Lean IT is all about reducing waste and streamlining processes.
For example, use ITIL to define a common language and best-practice processes. Govern those with COBIT controls and improve and streamline using Lean IT.
You can also leverage project management methodologies such as PMBOK or PRINCE2 to manage your ITSM initiatives.
It's not a question of which ITSM framework is best, but what are the best elements of each ITSM framework you can leverage.
ITIL vs ITSM
What is the difference between ITSM and ITIL?
We see ITIL as a subset of ITSM. ITSM is everything you do to manage your IT Services.
ITSM encompasses strategy, planning, management oversight, organizational structure, roles, tools, processes, procedures, infrastructure, operations, and more.
ITIL is just one source of best practices that can guide you on elements of your ITSM program.
ITIL vs DevOps
Another question is how ITIL compares to DevOps and whether we should do one over another? This question is not an either-or.
DevOps is rooted in Agile Software Development and consists of a set of practices to get development and operations working together more agilely, continually delivering high-quality software.
The current version of ITIL aligns nicely with DevOps by providing processes and practices that support the development and operations (not to mention business) stakeholders.
There is no single ITSM framework or approach, each has its strengths and weaknesses, and there are many examples of how they can work together to support your IT Service Management goals.
ITSM Implementation
How does an organization go about implementing ITSM?
Before becoming a software company, we at Navvia were an ITSM consultancy. The following implementation approach comes from that experience.
- Define your ITSM team structure
- Assess your current state
- Create your ITSM roadmap
- Define your ITSM processes
- Select and implement your ITSM tools
- Set up your ITSM Governance approach
- Determine your approach to ITSM Continual Service Improvement
Let's explore each of the aspects mentioned above in more depth. Before diving in, why not take a quick look at this 1-minute video to understand how Successful ITSM Implementation revolves around People, Processes, and Tools?
ITSM Team Structure
One of the first steps in setting up your ITSM program is determining the organizational structure.
There is no single model, as much will depend on the size and culture of your company.
Some organizations centralize the function while others operate in a more distributed way.
There is one thing for sure: a successful ITSM program requires focus. Implementing a Service Management Office is one of the best ways to bring focus to your ITSM program.
A service management office (SMO) is a center of excellence within your organization chartered to improve the quality, effectiveness, and efficiency of delivering ITSM services.
Whether centralized or decentralized, an SMO combines the skills needed to design, implement and govern the processes and tools in support of an ITSM program.
Check out these articles for more information.
- What is a Service Management Office? Everything you need to know.
- Implementing a Service Management Office Organizational Structure.
ITSM Assessment
Whether you are just implementing your ITSM program or have a well-established one, an ITSM assessment can provide tremendous insight into how you are doing and where you need to improve.
An ITSM assessment gives you an excellent opportunity to engage your stakeholders using a combination of surveys, interviews, and workshops.
ITSM assessments aim to learn as much as possible about the state of your ITSM organization, processes, and tools.
Assessment models, such as CMMI or ISO/IEC 33001, help you present the results numerically on a maturity scale of 0 to 5, where 0 is incomplete, and 5 is optimized.
The assessment aims to identify gaps in your ITSM program and create a roadmap for improvement.
Other benefits include:
- Opens a dialogue with your ITSM stakeholders
- Provide you with an opportunity to promote ITSM
- Becomes a catalyst for making improvements
- Provide a baseline to measure success
- Drives Continual Service Improvement
Check out this article, "Assess or Get Lost! The Importance of a Process Maturity Assessment", written by Thorsten Manthey, an internationally recognized ITIL Expert, Agile Coach, Governance, Program Delivery & Change Champion.
ITSM Roadmap
A key deliverable from the ITSM assessment is your roadmap. It's an essential part of implementing or improving an ITSM program.
An ITSM roadmap lays out your current state, identifies quick wins, and provides recommendations for process enhancement, ITSM tools, and organizational improvements.
Much like a map helps you navigate the world, an ITSM roadmap lays out the path to service management success.
ITSM Processes
You can't discuss ITSM without talking about processes.
Information Technology processes are front and center regardless of your chosen ITSM framework. That goes for ITIL, COBIT, ISO20000, and most of the other frameworks as well.
Why are processes essential to your organization?
Processes are critical for getting people on the same page, directing staff on how to operate, and providing the blueprint for business process automation and continual improvement.
Many look at processes as overly restrictive and bureaucratic and get in the way of agility and speed. That is only true if you are not continuously assessing and improving your processes. Well-defined and implemented processes will save your organization significant time and money by streamlining operations, reducing rework, and mitigating the risk of failure.
Imagine if you didn't have a disaster recovery process, and your network was hacked and held hostage by ransomware. A robust and tested DR process will allow you to restore operations quickly with minimal data loss.
The ITIL framework defines 34 processes/practices spread across three categories (general management, service management, and technical management).
Some of the key II processes include:
Incident Management is the process that allows you to detect service disruptions and restore standard service as quickly as possible. Check out this article on Incident Management Best Practices.
Learn the difference between an incident and a service request
Service Request Management allows people to request products and services from the IT department. That can include access to a service, a laptop, software, or anything else the IT department provides.
Problem Management is the process that tracks and gets to the root cause of incidents that cannot be resolved immediately by first-line support or by the Service Desk. Check out this article on Problem Management Best Practices.
Change Management mitigates risk by enabling an organization to log, approve, test, implement and track a change to closure. Check out this article on Change Management Best Practices.
Configuration Management manages the lifecycle of configuration items (CI) that comprise a service. A CI can be hardware, software, devices, documents, locations, or even staff. Most importantly, it identifies the relationships between these assets and stores the information in a configuration management database (CMDB).
A well-documented process should contain the following information:
Check out this "Introduction to Process Mapping" article for more information on documenting your processes.
Back to top >>
ITSM Tools
Organizations use a set of IT Service Management tools to support and manage the ITSM processes within their organization.
Some tools cover a full range of ITSM processes, including those mentioned above. Examples of these ITSM suites include ServiceNow, EasyVista, BMC Helix, and Ivanti.
Others are very specialized and focus on a specific function, for example, IT Financial Management. One such example is Flexera, with capabilities covering asset management and visibility into IT costs.
Many tools are cloud-based and offer an inexpensive subscription model ideal for smaller companies, while other ITSM tools have a more enterprise focus.
You must perform a needs analysis and choose a suitable tool today that can grow with your company. We've seen many companies purchase expensive tools with features they never use.
ITSM Tool Implementation
A significant number of ITSM tool implementations fail. The reasons are many and include:
- Pressure to go out of the box, resulting in a solution that fails to meet requirements
- Lift & Shift, meaning you configure the new tool precisely like the old, without making improvements
- Time pressure versus scope creep, resulting in cost overruns and missed deadlines
- Poor requirements definition, resulting in poor user experience
- No process definitions which can result in poor automation workflows
We recommend five steps to a successful ITSM tool implementation:
- Identify gaps with your existing tool; this helps build a roadmap for improvement.
- Collaborate with your stakeholders; you need to understand requirements from their point of view.
- Define your processes, and they will guide your automation workflows.
- Capture user stories and requirements to guide the developer/implementor during implementation
- Drive sustainability for the tool through training, defining controls, reporting metrics, and implementing governance.
Check out this webinar on Leading a Successful ITSM Tool Implementation.
ITSM Governance
Without good governance, processes will ultimately fail. Take your eye off the ball, and entropy takes hold leading to process failure.
There is more to governance than auditing your processes. Effective process management requires periodic assessment, efficient design, and ongoing verification of your ITSM processes.
That is a daunting task, so where do you begin?
There is no point in starting from scratch. COBIT is an excellent starting point for anyone looking to implement ITSM governance. COBIT stands for Control Objectives for Information and Related Technology, and auditors widely use it as a process governance guideline.
Align COBIT controls wth your process, then periodically verify the control by collecting evidence of compliance.
For example, COBIT identifies four controls for Change Management:
- BAI06.01: Evaluate, Prioritize and Authorize Change Requests
- BAI06.02: Manage Emergency Changes.
- BAI06.03: Track and Report Change Status
- BAI06.04: Close and Document Changes
An auditor looks for evidence that you are meeting these objectives.
Continual Service Improvement
As they say, "the only constant in life is change," and that goes for ITSM services. ITSM Continual Service Improvement aims to find opportunities to improve IT processes and services and track the results of these improvements over time.
One approach for ITSM CSI is ITIL's seven Step Improvement Process.
The steps include:
- Identify the Strategy for Improvement
- Define What to Measure
- Gather the Data
- Process the Data
- Analyze the Information and Data
- Present and Use the Information
- Implement Improvements
ITSM Challenges
Every IT organization practices some form of service management. The question is, have they implemented a robust ITSM program that optimizes how they design, build, implement, operate, and improve the services they deliver to their customers.
ITSM implementation is not easy, and it's not a one-time project. It's a fundamental change in how you operate. When implementing a significant organizational change, you will often face resistance, some very vocal and some passive. You will need someone experienced in an organizational change to lead the effort.
Executive sponsorship is essential, and you will need a solid business case highlighting the ROI. It is also necessary to work closely with the management team providing education on the benefits and listening to their ideas and concerns.
If your team is overburdened, they will push back, saying there is no time. That's like saying there is no time to pull off the highway to change a flat. ITSM will ultimately make things more efficient and will save time.
Another challenge is implementing a framework like ITIL as if it's the law. Doing so will create pushback. Keep what is working for you, acknowledge what you are doing well, and adapt the framework to your organization.
Bottom Line: ITSM is a set of best practices that have evolved from the early days of computing. Born from necessity, ITSM has improved the reliability, availability, and cost-effectiveness of Information technology organizations. With Digital Transformation and the rapid digitization of business workflows, ITSM is even more essential to your business.
Originally published Sep 17, 2018 14:53 PM, updated May 27, 2022