ITservice Management Maturity Assessment Model
ITservice Management Maturity Assessment Model
ITservice Management Maturity Assessment Model
November 5, 2010
Executi v e S u mma ry
Difficult economic conditions have put the strain on all companies to find ways of reducing cost while at the same time improving services and competitiveness. IT is playing a very strong role in assisting organizations in innovating new ways to generate revenue and improve return on investment (ROI). After a year of seeing deep cuts to infrastructure and operations (I&O) budgets, businesses are returning to a growth agenda. We see that many organizations are dedicating as much as half of their I&O budget to new initiatives and supporting capacity expansion for business growth. The challenge is that the I&O departments ability to deliver quality services that empower its business customers is directly related to its overall organizational and process maturity. Forresters IT Service Management Maturity Assessment Model is designed to evaluate key operational and process activities and provide a snapshot of maturity as a baseline which then should be used to create improvement plans.
ta bl e of Contents
2 The ITSM Maturity Assessment Model An ITSM Maturity Assessment Model To Help You Identify Your Current State The ITSM Journey Requires Four Concrete Steps 4 ITSM Assessments Help You Achieve A BestPractice Implementation Get Started With 11 Process Attributes And Their Interdependencies Evaluate IT Infrastructure And Operations Within The Context Of Business Needs 6 Use The ITSM Maturity Model To Maximize The Value Of Your ITIL Initiatives Conduct A Self-Assessment By Scoring And Establishing Your Current Maturity
recommendations
N OT E S & R E S O URC E S
In developing this report, Forrester drew from a wealth of analyst experience, insight, and research through review of existing frameworks as well as advisory and inquiry discussions with end users and vendors across industry sectors.
Related Research Documents The Evolving Infrastructure And Operations Organization April 21, 2010
Market Projections For 2010: IT Management Software February 4, 2010 Service Catalog Your Prerequisite For Effective IT Service Management October 28, 2009
12 Dont Just Conduct An Exercise: Create An Actionable Road Map 13 Supplemental Material
2010, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com.
The itsm Maturity assessment Model Infrastructure and operations organizations are in a state of flux, either considering or actively moving to new organizational models.1 Why this change? With continued pressure to do more with less, I&O professionals are increasingly accountable for improving service-level performance. A recent Forrester survey identified IT process models as the most common model chosen for future I&O organizations (see Figure 1).2 Why? These IT process models, usually based on ITIL, can reduce costs, overcome traditional silos, and better align with how work is done, making it easier to ensure consistent and reliable service across multiple environments. However, moving too quickly with a highly complex installed base and people who think in terms of technology could potentially cause more problems than it solves. So how and when do you make the move to a more servicecentric department?
Figure 1 IT Shops Are Moving Toward Process-Based Models
What new organizational structure did you adopt/are you in the process of adopting? 38% 44%
IT processes
34%
Technologies
33% 30%
Business areas
25%
Hybrid
2%
Other
Dont know
Base: IT professionals at enterprises and SMBs worldwide at rms that have recently completed or are currently going through a reorganization of their I&O department Source: Q4 2009 Global IT Infrastructure And Operations Organizational Structures Online Survey
57719 Source: Forrester Research, Inc.
November 5, 2010
An ITSM Maturity Assessment Model To Help You Identify Your Current State Moving to a process-driven, service-centric department can be tough and its going to be a journey. Forresters ITSM Maturity Assessment Model is a self-assessment tool designed to help you identify your current IT service management (ITSM) maturity level. This assessment also helps you identify your desired process maturity end state. Specifically, it helps I&O professionals:
Isolate useful baselines. Understanding the current maturity level of the IT organization with
regard to its operational processes helps create a starting point for planning and implementing an ITSM initiative. Since the primary focus of ITSM is the application of best practices (founded in ITIL) to make IT a more effective, efficient, and competitive service provider, any company considering ITSM should assess its current state.
Identify gaps and develop remediation plans. By using the same method across multiple
process areas, this assessment allows an organization to understand the overall maturity of processes in conjunction with each other. Because IT is a continuum of interdependent processes, an ITSM assessment will provide details on the maturity of each process. If you combine this with an understanding of process dependencies gaps, you can establish a plan to improve each process and the entire value chain.
Prioritize and quantify investment validation. By understanding the current maturity level of Prepare or audit compliance. If companies aim for meeting some internal or external
The ITSM Journey Requires Four Concrete Steps The Forrester ITSM Maturity Assessment Model evaluates where an organization is located on its ITSM journey. In addition to a clear understanding of the current state relative to best practices, I&O professionals can take these concrete and prioritized steps for improvement:
a particular process (or processes) its possible to determine the amount of investment needed to move the process to the desired maturity stage.
compliance criteria such as ISO 20000, assessments can help reveal the gaps or prove compliance.
Find low-hanging fruit. Every VP of operations we have worked with has been able to find
simple, immediate activities that cut costs and improve operational efficiency. An assessment can identify simple process changes such as incident categories, incident routing, and incident closure that require little investment.
Prioritize the next round of activities. Is it better to push defined processes to the next level of optimization, or should an organization focus on processes with a very low maturity level? A maturity assessment presents these tradeoffs in stark relief, which helps the IT group and decision-makers come to an educated decision going forward.
November 5, 2010
Communicate the IT organizational progress, or lack thereof. A maturity assessment will identify those areas where IT has optimized, and conversely, those areas that need to emphasize action planning to address deficiencies. Identify short-term and longer-term initiatives. While there is a myriad of process improvements that require minimal financial or time investment, other processes are much more involved such as implementing end-to-end configuration management systems. IT can use the findings from the assessment to determine what opportunities havent been addressed and then plot the future for longer-term initiatives. ITSM Assessments help you achieve a best-practice implementation For organizations new to ITSM, an assessment provides an understanding of gaps and key issues. From there, you can address identified top priorities that speak to IT service effectiveness. An ITSM assessment is a necessary first step in achieving ITSM and best practice implementation because it determines current processes and service maturity. From there, you can determine a desired future state and develop a clear road map for implementation to reach the next maturity stage. For organizations already entrenched in ITSM, its important to remain flexible and continuously evaluate yourself, understanding your strengths and weaknesses. Regular assessments are quality management initiatives that provide the IT organization with facts and information that it can use to make decisions for improvement. Get Started With 11 Process Attributes And Their Interdependencies Forrester identifies 11 attributes that indicate process maturity (see Figure 2). Focusing on the descriptive rather than implementation-specific details makes these inputs collectable with limited effort. This approach provides a good indication of potential improvement areas and the order in which the associated activities should be executed. This is possible because the attributes build on each other incrementally, so you must proceed in sequential order. An example that illustrates these dependencies is the integration between incident management and change management. If both processes are implemented, it will help an organization identify incidents caused by changes and identify areas to support overall improvement to the change management process.
November 5, 2010
November 5, 2010
Evaluate IT Infrastructure And Operations Within The Context Of Business Needs To understand the context in which the I&O department operates including the goals and strategies for both the business and IT you need to: 1) integrate the feedback from the ITSM assessment; 2) identify potential skills gap; and 3) further develop a plan that addresses the specific and unique needs of the business. Forresters ITSM Maturity Assessment Model incorporates the ITIL v3 Process Maturity Framework (PMF) to facilitate an integrated business and IT view. It enables you to measure the maturity of your service management processes as a whole according to five distinct dimensions:
Vision and steering: The overall direction as it relates to the role and position of the IT
infrastructure and operations department within the business; the objectives and goals of the IT infrastructure and operations department in relation to realizing that vision.
Process: The procedures needed to achieve the goals and objectives. Processes are a standard set
of activities designed to accomplish a specific goal.
People: The skills and abilities needed to perform the processes. Technology (tools): The supporting IT management tools and infrastructure needed to enable
the processes to be carried out.
Culture: The behavior and attitude required in relation to the role of IT infrastructure and
operations within the business. Use the ITSM Maturity model To maximize the value of your ITIl initiatives The main objective of this ITSM assessment is to assess and plan your maturity in the selected ITSM areas. The final score is an accurate assessment of your organizations ITSM maturity and therefore a strong indicator of your organizations ability to demonstrate value from ITIL-related initiatives. When conducting the assessment, remember to:
Complete due diligence before you engage. Its imperative that you understand and can
articulate the drivers, purpose, and goals of the assessment in order to bring key stakeholders and sponsors on board. This ITSM assessment focuses on 11 areas that are key process or functional areas. Its essential to have the process or functional owners participate in the assessment.
November 5, 2010
Set aside time and resources to do it thoroughly. Choose carefully when identifying a
stakeholder to complete the assessment. It must include those who understand the current process and can truthfully respond to the questions. Avoid stovepipes and silos as much as possible. The assessment should benefit the service consumer; therefore, all groups participating in the process should be assessed. Typical participants include the service desk manager, operations manager, change manager, and configuration manager. Many times the effort is led by an already existing ITSM manager.
Assessments take time and effort. Use the work and outcomes to support the organizations management and business challenges. Conduct A Self-Assessment By Scoring And Establishing Your Current Maturity For the maturity model to work, it must measure each component in the same way. Forrester based its evaluation scale on a derivative of the IT Service Capability Maturity Model (CMM) and defines Initial, Repeatable, Defined, Managed, and Optimized maturity levels for both overall process and ITSM (see Figure 3).
November 5, 2010
Vision Minimal funds No clear and and resources objectives or steering with little activity formal targets Results Funds and temporary, not resources retained available Sporadic reports Irregular, and reviews unplanned activities, reporting, and review
Clear direction Integrated Document and agreed formal with business strategy objectives and goals, objectives, inextricably targets and formal linked with targets, overall business Formally measured plans, goals, and published, progress objectives monitored, and Continuous reviewed plans Effective monitoring, Well-funded and management reports actively measurement, appropriately used reporting, resourced alerting, and Regular, planned Integrated reviews linked to process plans reporting and a continual linked to reviews process of business and improvement IT plans Regular reviews Regular and/or audits for improvements e ectiveness, planned and efficiency, and reviewed compliance Procedures have been standardized and documented and communicated through training. It is mandated that these processes should be followed; however, it is unlikely that deviations will be detected. The procedures themselves are not sophisticated but are the formalization of existing practices. Management monitors and measures compliance with procedures and takes action where processes appear not to be working e ectively. Processes are under constant improvement and provide good practice. Automation and tools are used in a limited or fragmented way. Processes have been refined to a level of good practice, based on the results of continuous improvement and maturity modeling with other enterprises. IT is used in an integrated way to automate the workflow, providing tools to improve quality and effectiveness, making the enterprise quick to adapt.
Process
There is evidence that the enterprise has recognized that the issues exist and need to be addressed. There are, however, no standardized processes; instead, there are ad hoc approaches that tend to be applied on an individual or case-by-case basis. The overall approach to management is disorganized.
Processes have developed to the stage where similar procedures are followed by di erent people undertaking the same task. There is no formal training or communication of standard procedures, and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals, and therefore, errors are likely.
57719
November 5, 2010
People
Technology (tools)
Manual Many discrete processes or a tools but a lack few speci c, of control discrete tools Data stored in (pockets/islands) separate locations
Culture
Service- and Business-focused A continual customerwith an improvement oriented understanding attitude, together with a formalized of business goals, with a strategic approach strategy, and business focus vision An understanding of the value of IT to the business and its role within the business value chain
Source: Forrester Research, Inc.
57719
November 5, 2010
10
PM is integrated into IM, CM, RM, and AvM. Tools are well-deployed.
Most changes follow some informal process. CRs are not always complete.
The process is followed, impact assessments happen consistently, changes causing disruption are nearly extinct.
Multiple tools and approaches are used in a nonintegrated fashion. Reliance is on individuals expertise.
Nearly all areas of IT are covered though CfgM, automation exists, and exception analysis is done. Proactive maintenance is a well-planned element of the AvM plan. Not following the processes is not tolerated.
Con gMgmt is a strong contributor to CM and RM; also achieved through a high level of automation and reliability of data Best practices for availability are regularly discussed and enhanced through peer group discussions and other external sources.
AvailaNo formal process No planned bility approach toward manageAvM ment (AvM)
57719
November 5, 2010
11
IT service No formal process No planned contiapproach toward nuity ITSCM management (ITSCM) Security Control objectives Security controls manage- documented in a documented as ment security policy procedures (SecM) Financial management for IT (ITFM) IT investments are justi ed on an ad hoc basis. Reactive and operationally focused budgeting decisions occur. The need for a selection and budgeting process is communicated. Compliance is dependent on the initiative of individuals in the organization.
There is no consistent approach across project teams on how to build, test, and deploy releases. Partial reporting, not businessdriven (i.e., content de ned by IT)
The IT budget is aligned with the strategic IT and business plans. The budgeting and IT investment selection processes are formalized, documented, and communicated. IT sta members have the expertise and skills necessary to develop the IT budget and recommend appropriate IT investments. A process is de ned and followed. Training is typically not centrally enforced.
Post implementation problems are tracked; typically, releases match user expectations.
System life-cycle management is integrated into RM, peer reviews are done. Continuous reevaluation (i.e., SLA will go down if criticality goes down)
Service No responsibility level de ned, process manage- works informally ment (SLM)
57719
Resp. de ned, SLA SLM incorporated dev. processes into new services exist, reviews hap- design pen, procedures to x are informal.
November 5, 2010
12
Re c ommen d ations
1. Assemble a project team. This team should have the appropriate skills necessary to complete a successful project engagement. Its helpful to have a project lead and include owners of key process areas such as the service desk, change advisory board, operations manager, and possible service owners. 2. Conduct a project kickoff meeting. This kickoff meeting is between the Forrester consulting team and your project team. Here a project plan and timeline will be defined and developed. This plan will allow the documentation, planning, and tracking of activities and results of the engagement. 3. Gather the data and details. During this phase the project team will gather all necessary details about the current environment and the organizations expectations for the future. The areas to focus on are the service delivery and service support side. Additionally, its helpful to gather business strategy, organizational details, and technology plans. 4. Assess the findings. The project team will leverage the ITSM assessment sheet to determine the maturity scores. These details will be the baseline for analysis by the Forrester consulting team. 5. Develop an analysis phase and deliver a road map. If you choose to continue the ITSM assessment project with Forrester, the consulting team will analyze the details with your team, with possible additional questions and conversations, and then deliver a prioritized list of tactical recommendations to improve or mature your IT service management initiative. Additionally, a solution model or road map that focuses on the organization and strategic organizational goals can be developed.
November 5, 2010
13
Endnotes
1
In the Q4 2009 Global Infrastructure And Operations Organizational Structures Online Survey, Forrester surveyed 163 IT professionals at enterprises and SMBs worldwide and found that 53% of surveyed organizations have undergone a reorganization of their infrastructure and operations (I&O) department in the past five years. On top of that, another 29% are in the process of reorganizing their I&O departments now. Why so much change? See the April 21, 2010, The Evolving Infrastructure And Operations Organization report. Source: Q4 2009 Global Infrastructure And Operations Organizational Structures Online Survey.
November 5, 2010
For information on hard-copy or electronic reprints, please contact Client Support at +1 866.367.7378, +1 617.613.5730, or clientsupport@forrester.com. We offer quantity discounts and special pricing for academic and nonprofit institutions.
Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forwardthinking advice to global leaders in business and technology. Forrester works with professionals in 19 key roles at major companies providing proprietary research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 27 years, Forrester has been making IT, marketing, and technology industry leaders successful every day. For more information, visit www.forrester.com.
57719