Professional Documents
Culture Documents
Rúben Pereira
Orientador: Miguel Mira da Silva
1 Introduction
2 Problem
3 Related Work
After studying the ITIL and understanding all the processes, goals and
dependencies I realized the extensive relations between ITIL processes. Therefore, it
was important to develop a processes dependencies map [Appendix 1.5]. It doesn’t
have all the possible communications between them, only the most important ones,
otherwise it was impossible to represent it graphically or to understand it.
With a map of dependencies it was possible to have a perception of the priority of
each process and then understand which processes need to be implemented together.
With this, it was possible to proceed to the study of the existing maturity models.
As mentioned earlier, there are many maturity models but few have succeeded. In
this thesis, I will mainly focus in maturity models related with IT Service
Management. The development of a new maturity model must be substantiated by a
comparison with existing ones.
But with so many models it’s important to choose the right ones, therefore I
selected those that I consider to be, currently, the most important and interesting
models.
Page 3 of 32
3.1 CMM
3.2 Trillium
Trillium is a model that covers all aspects of software development life cycle and
was designed to be applied to embedded systems like telecommunications [13]. It was
based on:
• CMM version 1.1
• ISO 9001
• ISO 9000-3
It’s composed by 8 capability areas, each one having one or more associated road
maps and, in turn, each roadmap has associated practices, as shown in Table 1.
For a given road map, the level of practices is based on their respective degree of
maturity. The fundamental practices are at the lower levels, whereas more advanced
ones are at the higher levels. In order to increase effectiveness of higher level
practices, it is recommended that the lower level practices be implemented and
sustained [14].
Page 5 of 32
Trillium consists of five levels of maturity that can be described in the following way:
3.3 Bootstrap
• CMM
• ISO 9001
• ISO 9000-3
• ISO 15504
• Level 0: Incomplete.
• Level 1: Performed.
• Level 2: Managed.
• Level 3: Established.
• Level 4: Predictable.
• Level 5: Optimizing.
Process Maturity Framework (PMF), is described in the ITIL book. It can be used
either as a framework to assess the maturity of the ten Service Management processes
individually, or to measure the maturity of the overall Service Management process as
a whole [17].
However PMF is only described in ITIL v2 books and not on ITIL v3 books and
this creates some doubts about its usefulness and success.
The PMF is useful for examining the entire Continuous Service Improvement
Program (CSIP) and all implemented ITIL processes, or just an individual process. It
is defined in 5 levels as shown in Table 2.
Page 7 of 32
• Technology
• Culture
Each element has one or more goals that the organization needs to implement to
achieve the correspondent level.
Focus in ITIL, this maturity model doesn’t solve this thesis problem. Is a small
model, very simple (6 pages), and as we saw before, the ITIL implementation is a
complex project, it’s unrealistic to think that someone could implement ITIL, based
on such maturity model.
The IT Service CMM described in this document originates from two multi-
partner research projects, partly supported by the Dutch Ministry of Economic
Affairs. Partners in these projects – ‘Concrete Kit’ and ‘Kwintes’ – were Cap Gemini,
Twijnstra Gudde, the Tax and Customs Computer and Software Centre of the Dutch
Tax and Customs Administration, the Technical Universities of Delft and Eindhoven,
and the Vrije Universiteit Amsterdam. These projects were aimed at developing a
method to specify and control IT services.
The IT Service CMM is a capability maturity model that specifies different
maturity levels for organizations that provide IT services.
The main focus of the model is on the maturity of the service provided by the
organization. The model does not measure the maturity of individual services,
projects or organizational units [18]. The model covers the service delivery process.
The IT Service CMM is based on the Software CMM for two reasons:
• Commitment to Perform
• Ability to Perform
• Activities Performed
• Measurement and Analysis
• Verifying Implementation
Organization Process
Definition
Organization Service
Definition
Integrated Service
Defined Service Delivery
Management
Training Program
Intergroup Coordination
Resource Management
Problem Management
Service Commitment
Management
Configuration
Management
Service Delivery
Planning
Service Request and
Repeatable
Incident Management
Service Tracking and
Oversight
Service Quality
Assurance
Subcontract
Management
Initial Ad hoc process
Page 9 of 32
Among the 22 process areas there are few key processes, for IT Service CMM to
reside on a certain maturity level, it needs to implement all key processes for that
maturity level (Table 3) – and those for lower levels [18]. It’s a complete and detailed
model that provides several good practices to improve the service.
This maturity model doesn’t solve this thesis problem, although designed to guide
and assess service delivery, it does not take in consideration ITIL culture.
• Level 0: Incomplete. One or more of the specific goals of the process area
are not satisfied and no generic goals exist.
• Level 1: Performed. Satisfies the specific goals of the process area. It
supports and enables the work needed to provide services.
• Level 2: Managed. It is planned and executed in accordance with policy;
employs skilled people who have adequate resources to produce controlled
outputs; involves relevant stakeholders; is monitored, controlled, and
reviewed; and is evaluated for adherence to its process description.
• Level 3: Defined. The standards, process descriptions and procedures for a
project are tailored from the organization’s set of standard processes to suit a
particular project or organizational unit and therefore are more consistent,
except for the differences allowed by the tailoring guidelines.
• Level 4: Quantitatively Managed. Process is controlled using statistical
and other quantitative techniques. Quantitative objectives for quality and
process performance are established and used as criteria in managing the
process.
Page 11 of 32
• Level 5: Optimizing. Process that is improved based on an understanding
of the common causes of variation inherent in the process and continually
improves the range of process performance through both incremental and
innovative improvements.
It’s proved that the adoption of CMMI by companies brings good results with the
regard to delivery time and the reduction of defects and costs [20].
This maturity model doesn’t solve this thesis problem, although designed to guide
and assess service delivery, it does not take in consideration ITIL culture.
3.7 Comparison
There isn’t much difference between the models, all have levels, goals, practices,
but there are important aspects I took into account to make my selection.
At this point is important a comparison between the diverse models in order to
select the one that offers the most. In Table 5 we can see a comparison of the models,
based on the main features.
Trillium and Bootstrap are good and successful models, but are mainly based and
focus in software development and quality and not in service delivery and quality,
which is the main focus of ITIL. They both follow a continuous model and don’t have
a stage model. This could be seen unfavorable for organizations that want to be more
aggressive in the
he improvement.
improvement Besides, they are old models and they are not enough
description details.
CMM is a model very well known worldwide and used as basis by a set of many
other models. It’s
t’s consistent, coherent and complete; however, it was made for
software development and only has staged model representation.
ITSCMM Yes Not well Only Stage Very well Services For CMMI
known Model detailed
CMM Yes, Very well Only Stage Well Software For many
highly known Model detailed models
PMF is a small model, resumed to 6 pages in the book of ITIL, with few goals by
level. In the reality of the business world, it is surreal to think that some organization
organizations
could improve efficiently and effectively
effective their ITIL maturity with this model. On the
other hand describes the continuous and staged model and that is what I think to be an
important feature for my model.
ITSCMM is a very interesting model based on service servic delivery, it is detailed and
complete. So interesting,, that the author was invited to join the team that would
develop the CMMI-SVC SVC. The processes are similar to the ITIL process and the
practices could be very useful.
CMMI-SVC is known worldwide, is a very complete model, focuses on service
and contains concepts of CMMI and the most known standards like in ITIL, Cobit and
Page 13 of 32
others. It’s also a very detailed model. Describes both models continuous and staged
and that is excellent. Besides, the evolution of CMM is focused on services.
4 Proposal
4.1 Objectives
The main goal is to design a model that provides a roadmap to help the
organizations in ITIL implementation, in a correct way and avoiding errors that
already made other organizations failed and collapsed. For that I need to accomplish a
few objectives:
Section 3.7 shows that the most interesting models are CMM, CMMI-SVC,
ITSCMM and PMF. However CMMI-SVC is an evolution of CMM with the
advantage of being focused on services, than it makes no sense consider CMM.
PMF is a simple model and it’s the only one that was made for ITIL purpose, so it
will be taken in consideration but the main focus will be on ITSCMM and CMMI for
services.
Next step was mapping all processes of ITSCMM and CMMI-SVC with ITIL
processes and design a Staged model, then collect all the goals and practices of each
process of ITIL (and similar processes of the models) and create the questionnaire that
will assess the correspondent process in the organization. At the end, with all
questionnaires, it’s supposed to have a Continuous model.
At [Appendix 1.3] we can see a mapping of all the ITIL processes with ITSCMM
and CMMI-SVC processes. As it shows, some ITIL processes have more than one
process of each other models, but there are cases where an ITIL process apparently
doesn’t have any match process of the other models.
With this it’s possible start analyzing the goals and practices of each process,
collect them and try transform it in a realistic questionnaire based on CMMI-SVC and
ITSCMM but applicable to ITIL.
A staged model will enable the organization to have a global vision about the main
processes to implement.
All staged models proposed in the maturity models before have the particularity of
achieve the next level only if all the processes of the level below are fully
Page 15 of 32
implemented. This implies that in order to achieve a certain level the organization
should totally implement a set of processes and this is a huge effort in all the ways.
However it is the right choice for organizations that aren’t sure of which are the
priory process(es) for them. The Staged model is described in [Appendix 1.4] (a
summary can be seen in Table 6).
ITIL Level
Service Generation 3
Service Demand Management 3
Strategy IT Financial Management 3
Service Portfolio Management 3
Service Service Catalogue Management 2
Design Service Level Management 2
An innovative feature of this proposal is the fact that the stage model is
incremental, therefore an organization to achieve, for example, the level 2 must have
all the processes for level 2 at level 2, and to achieve level 3 must have all the
processes for level 3 at level 3 and all processes of level 2 at level 3 also, and the
same for the rest of the levels.
We can see in [Appendix 1.1] that in incremental Staged Model the organizations
have an incremental level of effort on the implementation and in [Appendix 1.2], a
non incremental Stage Model, the effort at the beginning is huge. Obviously the first
option is a better choice because the organizations avoid a huge first impact effort that
will avoid some mistakes.
It is visible that in Fig.1 to achieve Level 2 the company must reach 10 processes
at Level 2 and in Fig. 2 to achieve Level 2 the company must reach 10 processes at
Level 5 that is obviously much effort.
Try to implement more than one or two processes at the same time could not be
the rightist choice and some organizations may not be prepared for the effort.
It becomes important design a Continuous model that allows organizations to
implement and assess only a particular process. So I will make a leveled questionnaire
for each process of ITIL.
To design a Continuous model I need to have all processes leveled individually so
I will need to have questionnaires for all ITIL processes. Therefore in this paper I will
not describe the continuous model but only part of it, the next point will be the
description of the “Incident Management questionnaire”.
We can see part of the questionnaire in Table 7 and a little more at [Appendix
1.6].
Nível 3
Is there a description of how to notify customers or end users
Key that could be affected by an incident reported?
Describe the following parameters:
Non Key • Definitions of impact
Non Key • Response time
Non Key • Resolution time
Non Key • Rules for ordering
Non Key • Expectations in providing feedback to users
Depend Key Is created when needed a request for change to solve an
(Change M.) incident?
The first questionnaire created was for “Incident Management”, because it is one
of the most popular processes between the organizations that implement ITIL and I
already have a target organization to test it.
Each question of the questionnaire will be created from the goals or practices
described by the similar process of CMMI-SVC and ITSCMM, and pass by a
confirmation of ITIL book in order to design the most credible model possible.
The questionnaire will have three kinds of questions, classified as follows:
Page 17 of 32
• Depend Key The questions that only need to be implemented if the
related process also is
i implemented.
The questions will be classified as “Key” questions that must always ays be
implemented to achieve the correspondent level.
level Regarding the “Non Key” questions
the organization mustt satisfy at least 75% of them to achieve the correspondent level.
If there is any “Depend Key”
Key question and the correspondent process is implemented
too than the “Depend Key”
Key question becomes a “Key” question and too achieve the
correspondent level it must be implemented.
Each questionnaire will have 5 levels and to achieve
achieve one of them the organization
must have all levels before correctly implemented, all “Key” questions of thee level
implemented and at least 75% of “Non Key” questions implemented (e.g.:: to achieve
the level 2 the organizations must have all “key” questions of level 2 implemented
and at least 75% of “Non Key” questions implemented but to achieve the level 3 the
organization must have level 2 correctly implemented and “Key” questions of leve
level 3
implemented and at least 75% of “Non K Key” questions implemented).
5 Research Methodology
Diagnosing
Specifying Action
Learning Planning
Action
Research
Action
Evaluating
Taking
According to this methodology I will design a maturity model and then found an
organization that want assess their ITIL (or part of ITIL) and where I could test my
model.
After the assessment I will study the results and take my conclusions and then
improve the model according to the conclusions.
Finally I’ll describe what I learned in that new experience of assess an
organization with the model that I designed.
Page 19 of 32
6.1 Diagnosing
As told before, ITIL implementation is not an easy project and there aren’t any
ways for organizations to control how right they are doing it or even if they are trying
to do the right thing. Just complex and confuse Books.
In order to try to understand how true is this in Portuguese organizations I needed
to found a company to assess their ITIL, or part of it.
I found a company that has “Incident Management” process implemented and
wanted to know if the implementation was performed correctly or not, in order to fix
any problem.
With all the dependencies between ITIL processes identified and after I chose and
study the most important maturity models I design a maturity model, based on CMMI
and ITSCMM. The maturity model is composed by a Stage Model and a Continuous
Model.
The Stage Model was design to guide and assess ITIL implementation of
organizations as a whole.
The Continuous Model was design to guide and assess each ITIL process of
organizations. However to complete the Continuous Model I need all the
questionnaires of the processes.
In order to assess the “Incident Management” at this company, a questionnaire for
“Incident Management” was designed, based on goals and practices of CMMI and
ITSCMM and confirmed its validity with the ITIL.
To correctly assess the process the company must respond a set of questions
supposedly simple and easy to understand.
After contacting the company and get their agreement to assess “Incident
Management” process I book an appointment with the responsible for ITIL
implementation project.
I reviewed the entire questionnaire to assure that everything was right, checking
all the questions with CMMI, ITSCMM and ITIL books.
All the necessary questions to assess “Incident Management” were made and the
responsible for ITIL implementation project in the company answered them all.
6.4 Evaluating
Processes Not
Levels Questions Nº Implemented Approved
needed Implemented
Key 39 n/a 35 4 NO
Non Key 27 n/a 22 5 YES (81%)
Level CM
Depend Key 2 0 2 YES
2 SLM
CM
TOTAL 68 57 11 NO
SLM
Key 27 n/a 15 12 NO
Level Non Key 5 n/a 0 5 NO (0%)
3 Depend Key 2 CHM 0 2 YES
TOTAL 34 CHM 15 19 NO
Key 10 n/a 7 3 NO
Level Non Key 15 n/a 12 3 YES (80%)
4 Depend Key 0 n/a 0 0 YES
TOTAL 25 n/a 19 6 NO
Key 5 n/a 4 1 NO
Non Key 0 n/a 0 0 YES (100%)
Level PM
Depend Key 2 0 2 YES
5 CSI
PM
TOTAL 7 4 3 NO
CSI
Table 8 legend:
With these results I cannot affirm that the problem of this thesis applies to reality
of Portuguese organizations because I only assess one organization, but I can affirm
that the problem completely applies to the reality of this specific company.
Page 21 of 32
By all this reasons I can affirm that the assessment of the process was a success
and my objective was obviously achieved.
I can say that my first ITIL process assessment was productive. From this action,
we may conclude that:
7 Work Plan
8 Conclusion
References
1. Brenner, M.: Classifying ITIL Processes: A Taxonomy under Tool Support Aspects. In:
The First IEEE/IFIP International Workshop, pp. 19 – 28. IEEE Press (2006)
2. Hochstein, A., Zarnekow, R., Brenner, W.: ITIL as Common Practice Reference Model for
IT Service Management: Formal Assessment and Implications for Practice. In: e-
Technology, e-Commerce and e-Service, 2005. EEE '05. Proceedings of the 2005 IEEE
International Conference, pp. 704 – 710. IEEE Press (2005)
3. Ayat, M., Sharifi, M., Sahibudin, S., Ibrahim, S.: Adoption Factors and Implementation
Steps of ITSM in the Target. In: Modelling & Simulation, 2009. AMS '09. Third Asia
International Conference, pp. 369 – 374. IEEE Press (2009)
4. Kashanchi, R., Toland, J.: Can ITIL Contribute to IT/business Alignment? An Initial
Investigation. WIRTSCHAFTSINFORMATIK. 340-348 (2006)
5. ITIL Lifecycle Publication Suiite. Ofice of Government Commerce (OGC). 2008
6. Graupner, S., Basu, S., Singhal, S.: Collaboration Environment for ITIL. In: Integrated
Network Management-Workshops, 2009. IM '09, pp. 44 – 47. IEEE Press (2009)
7. Nicewicz-Modrzewska, D., Stolarski, P.: ITIL Implementation Roadmap Based on Process
Governance. In: EUNIS 2008. Adam Mickiewicz University Computer Centre (2008)
8. Sharifi, M., Ayat, M., Rahman, A.A., Sahibudin, S.: Lessons Learned in ITIL
Implementation Failure. In: Information Technology, 2008. ITSim 2008, pp. 1 – 4. IEEE
(2008)
9. Rocha, A., Vasconcelos, J.: Os Modelos de Maturidade na Gestão de Sistemas de
Informação. (Maturity Models for Information Systems Management, in Portuguese) In:
Journal of the Faculty of Sciences and Technology at University Fernando Pessoa, Nº 1, pp.
93-107 (2004)
10. Bruin, T., Rosemann, M., Freeze, R., KulKarni, U.: Understanding the Main Phases of
Developing a Maturity Assessment Model. In: 16th Australian Conference on Information
Systems (ACIS), Sydney (2005)
11. Becker, J., Knackstedt, R., Pöppelbuß, J.: Developing Maturity Models for IT Management
– A Procedure Model and Its Application. In: Journal Business & Information Systems
Engineering (BISE), Volume 1, Number 3. B&ISE (2009)
Page 23 of 32
12. Paulk, C.P.,Weber, V.C., Curtis, B., Chrissis, B.M.: The Capability Maturity Model:
Guidelines for Improving the Software Process. Addison-Wesley (1994)
13. Trillium: Model for Telecom Product Development and Support Process Capability,
Release 3.2, Technical Report, Bell, Montreal (1996)
14. Krishnan, M.S., Mukhopadhyay, T., Zubrow, D.: Software Process Models and Project
Performance. Information Systems Frontiers. 1:3,267 – 277 (1999)
15. Kuvaja, P.: BOOTSTRAP: A Software Process Assessment and Improvement
Methodology. In: Lecture Notes in Computer Science. LNCS, Volume 926/1995, 31-48.
Springer Berlin / Heidelberg (2006)
16. Robben, D., Nederland, B.V.S.: TPI, BOOTSTRAP and Testing. (2006)
17. Lloyd, V.: Planning to Implement Service Management (ITIL). OGC (2002)
18. Niessink, F., Van Vliet, H.: The Vrije Universiteit IT Service Capability Maturity Model.
Faculty of Sciences, Division of Mathematics and Computer Science Vrije Universiteit
Amsterdam (2005)
19. C. Forrester, E., L. Buteau, B., Shrum, S.: CMMI for Services, Version 1.2. Technical
Report, Software Engineering Institute (2009)
20. Pinheiro dos Santos, R., Marçal de Oliveira, K., Pereira da Silva, W.: Evaluating the
Service Quality of Software Providers Appraised in CMM/CMMI. Software Quality
Journal, 283-301, Springer Netherlands (2008)
21. Baskerville, Richard L.: Investigating Information Systems with Action Research
(1999)
Levels
1
2
3
4
5
Appendix 1.1
Appendixes
Service Catalog…
Service Level Management
Supplier Management
Service Asset &…
Event Management
Incident Management
Request Fulfillment
Monitoring & Control
Service Desk
Technical Management
Service Generation
Demand Management
IT Financial Management
Capacity Management
Availability Management
T Service Continuity…
Transition Plan & Support
Change Management
Release & Deployment…
Service Validation & Test
Access Management
Application Management
Information Security…
Evaluation
Knowledge Management
Service Report
Service Measurement
Problem Management
Service Improvement
Implementation at level 2
Implementation at level 3
Implementation at level 4
Implementation at level 5
Levels
1
2
3
4
5
Appendix 1.2
Service Catalog…
Service Level Management
Supplier Management
Service Asset &…
Event Management
Incident Management
Request Fulfillment
Monitoring & Control
Service Desk
Technical Management
Service Generation
Demand Management
IT Financial Management
Capacity Management
Availability Management
T Service Continuity…
Transition Plan & Support
Change Management
Release & Deployment…
Service Validation & Test
Access Management
Application Management
Information Security …
Evaluation
Knowledge Management
Service Report
Service Measurement
Problem Management
Service Improvement
Implementation at level 2
Implementation at level 3
Implementation at level 4
Implementation at level 5
Page 26 of 32
Appendix 1.3
ITIL Level
Service Generation 3
Service Strategy Demand Management 3
IT Financial Management 3
Service Portfolio Manag. 3
Service Catalogue Manag. 2
Service Level Management 2
Service Design Capacity Management 3
Availability Management 3
IT Service Continuity Manag. 3
Information Security Manag. 4
Supplier Management 2
Transition Plan & Support 3
Change Management 3
Service Transition Service Asset & Configuration 2
Management
Release & Deployment 3
Management
Service Validation & Test 3
Evaluation 4
Knowledge Management 4
Event Management 2
Incident Management 2
Problem Management 5
Request Fulfillment 2
Service Operation Access Management 3
Operation Management
IT Operation Manag.
Monitoring & Control 2
Service Desk 2
Technical Management 2
Application Management 3
Continual Service Service Improvement 5
Improvement Service Report 4
Service Measurement 4
Appendix 1.5
Appendix 1.6
Level 3
Key Is the policy for the planning and implementation of the process documented?
Key Was a plan defined for the implementation of the process?
Key • Was the plan reviewed by the stakeholders and had their consent?
Key • Is the plan revised when necessary?
Key Is the plan for the execution of the process documented?
Key Is the description of the incident management documented?
Key Is described how the responsibility in the handling incidents are assigned and
transferred?
Key Is there a description of the process that tells the needs and objectives for the
implementation of the process?
Key • Is it maintained?
Key • Is it updated?
Key • Is it revised when necessary?
Key Is there a description of how to notify customers or end users that could be affected by
an incident reported?
Describe the following parameters:
Non Key • Definitions of impact
Non Key • Response time
Non Key • Resolution time
Non Key • Rules for ordering
Non Key • Expectations in providing feedback to users
Key Is the repository audited in accordance with a documented procedure?
Depend Key Is created when needed a request for change to solve an incident?
(Change M.)
Appendix 1.7
Appendix 1.8
Page 32 of 32