By Hank Marquis
UPDATED APR. 21, 2006: ADDED LINK TO "LOOKING IN THE MIRROR: PART 1"

You hear often that the IT Infrastructure Library (ITIL^®) is not prescriptive — it does not tell you where or when to begin. This is a common misconception since “Planning to Implement IT Service Management” (the ITIL “green book”) provides exactly this detail!

The ITIL provides an implementation framework and indicates that assessing maturity is key to success.  The ITIL includes a Process Maturity Framework (PMF), model, and instructions for assessing organizational maturity.   

Yes, you can use the ITIL do determine both the “What” to consider, as well as the “Where and When” to implement.  If I dare say so, this makes the ITIL downright prescriptive! 

While there are reasons to use a different maturity model, like COBIT GMM, if audit does not drive your PMF decision, then the ITIL PMF is completely acceptable. 

Following is an introduction to maturity, the ITIL PMF, how it works and how and why to use it.  [See ‘‘Looking in the Mirror: Part 1’ DITY Vol. 2 #15 for more on assessing maturity.] 

Maturity

Organizational maturity refers to an organizations ability to perform.  Most maturity models define five evolutionary levels an organization passes through as it becomes more competent.  At each maturity level organizational competence increases. 

In a mature organization repeatable practices becomes the norm, and there are fewer and fewer “individual acts of heroism.”  The higher the organizational maturity the more efficient, effective and economical are its operations.

In short, organizational maturity indicates how much of ITIL to implement, and where to start.  Thus, assessing organization maturity is critical to ITIL implementation. 

Maturity Assessments

Maturity assessments measure the degree to which an organization uses its people, processes, tools and products, and management.  Assessments show how the organization compares to other organizations.  You use organizational maturity assessments to help you manage an organization and evolve it.  Assessments show opportunities to improve, identify required standards, processes and procedures, and facilitate continuous improvements.  You also use the assessment to show needed tools, techniques, and technologies.

This is where those who make the statements about ITIL not being prescriptive misspeak.  The IT Service Support and Service Delivery books describe all process activities – reactive and proactive.  These books mention maturity lightly since their purpose is to fully describe the entire process.  However, the “green book” “Planning To Implement Service Management” covers only ITIL implementation.

For example, consider Problem Management.  Problem Management, composed of reactive activities like Problem Control and Error Control, also has proactive activities, like Proactive Problem Management.  Clearly, if an organization cannot perform the reactive activities of, for example, Problem Management, then the organization cannot expect to perform the proactive activities.  However, as organizational maturity increases, that is, the organization gains control of the reactive processes, then they will be able to continue implementing the balance of the process – the proactive processes.

Thus, assessing organizational maturity becomes a preliminary step required before ITIL implementation begins.  As the implementation progresses, continued maturity assessment shows the improvement of the organization and shows when to implement new processes or additional activities.

Maturity Model

A maturity model is a system for measuring the process maturity of an organization.  A maturity model includes indicators that show evidence of capabilities.  Using the maturity model, you document the process capabilities of your organization on a known, objective scale.

Most maturity models rely upon a 5-layer model, ranging from 1 to 5.  Most often, 1 represents “initial” or minimal maturity, and 5 represents “optimized” or fully mature capabilities.

There are many maturity models from which to choose.  The ITIL offers CMM, COBIT (Governance Maturity model or GMM) and ISO 15504 as examples.  The ITIL also includes its own maturity model called the Process Maturity Model (PMF.)  The ITIL PMF is a 5-layer model like GMM, CMM, or CMMI (CMM Integration.) 

GMM works within the larger process-oriented control framework of COBIT.  CMM (and CMMI) originated from software development.  The nice thing about the PMF is that it is part of the ITIL and designed to work with ITIL. 

If you plan to use COBIT as the control structure that defines the Critical Success Factors (CSF) and Key Performance Indicators (KPI) of your ITIL implementation, then, by all means, use GMM.  However, if you are not going to use COBIT, then the ITIL PMF is a suitable alternative. 

You can hire a consultant to assess maturity for you, or you can learn to do it yourself.  If you learn to do it yourself, then you can assess your organizational maturity as often as required for very little cost.  Regardless of the maturity model you choose, be sure to learn it thoroughly and apply it consistently.

Process Maturity Framework

A maturity framework provides the context for measuring maturity.  The PMF may be used to measure or benchmark a particular process inside an organization, or a third party delivering services to the organization.  The PMF is useful for examining the entire Continuous Service Improvement Program (CSIP) and all implemented ITIL processes; or an individual process.

The PMF assumes that a Quality Management System (QMS) is in place and there is a goal to improve one or more aspects of the processes effectiveness, efficiency, economy, or equity.  The ITIL offers Deming, Juran, Baldridge, Crosby, and others as QMS models.  

The ITIL PMF has 5 levels:

Table 1.  The ITIL PMF

The ITIL PMF defines several dimensions that comprise each level.  A given level of maturity is a result of the following factors:

·         Vision and Strategy – “the overall direction as it relates to the role and position of IT within the business”

·         Steering – “the objectives and goals of IT in relation to realizing the strategy”

·         Processes – “the procedures needed to achieve the goals and objectives”

·         People – “the skills and abilities needed to perform the processes”

·         Technology – “the supporting infrastructure to enable the processes to be carried out”

·         Culture – “the behavior and attitude required in relation to the role of IT within the business”

For each of these dimensions of maturity, the ITIL describes ways to evaluate maturity.  The “green book” offers observations on how to determine the proper maturity level by examining each of the factors that comprise maturity. 

Note that to move from one level to another requires substantial changes in each of the dimensions.  The ITIL even mentions that trying to improve more than one level holds a considerable chance of failure.  Also, note that not every organization needs the same, or even highest, maturity to be successful.  Given the number of factors comprising maturity, this is now easy to understand.  Make sure you take this into account and don’t try to do too much or improve too fast!

Using Your Maturity

Once you have a feel for where your organization is on the maturity scale, you can then determine the best approach for implementation.  The ITIL offers three broad categories of implementation plans:

1. Single process approach
2. Multi process approach
3. All processes approach

The ITIL indicates that at lower maturity levels you should proceed along the single process approach.  As maturity increases, you will need to move more toward the multi process approach due to the interactions and dependencies of processes.  In fact, level four or higher requires the all process approach for this very reason.  Highest levels of maturity only occur through small steps in all processes over time.

The ITIL offers specific details on how to begin:

Table 2.  ITIL Implementation Approaches

Maturity in all its forms is how you manage the implementation and ongoing operations of the ITIL.  Even if you do not plan to perform your own assessments, you should learn how to do so and become familiar with the tools and techniques involved.

The benefits of learning how to do your own assessments are many:

·         Reduced costs

·         Improved management ability

·         Increased awareness of organizational capability

·         Motivation to staff

·         Improved likelihood of success

·         Increased Business/IT alignment

·         Enhanced decision making

As you can see, the ITIL is actually quite prescriptive!  It defines the “what” (processes) as well as the “where/when” (process maturity framework) to begin implementation.  Overall, the ITIL “Green Book” provides a complete roadmap to understanding what you need to do in order to implement ITIL.  It contains a wealth of information critical to helping you “Do IT Yourself” – so the next time someone tells you that ITIL is not prescriptive, you can tell them they don’t know ITIL!

--

Entire Contents © 2006 itSM Solutions LLC.  All Rights Reserved.