ITIL® , the best practice framework for IT Service management-  by the time it has evolved into its third version or as it is called now into the 2007 edition –  came up with a comprehensive definition of “Service” (the same is retained in its 2011 edition as well):

“Means of delivering value to the customer by facilitating the outcomes customer want to achieve, without the ownership of specific costs and risks”

However, it seems to be still unclear (or missing the opportunity) in defining ‘IT service’ and  ‘IT Service Provider’ clearly.  As per the 2011 edition, the definitions are:

“IT service:  Services delivered by an IT Service Provider”

 “IT Service Provider: A service provider providing IT Services to internal or external customers”

Talk about Circular references!

 Can’t we have some better definition or at least better insights into understanding what an ‘IT Service’ is?

No, I don’t have a well thought out definition of ‘IT Service’ on offer here; not yet. However here are some thoughts that might lead us to defining ‘IT service’ better:

What is Information Technology (IT)?

Technology used to:  Process information, Store Information, Transfer information, or Present (visualize, for example) business information.

So the ‘outcome’ expected by customer or business from “IT” (as a provider of service) can be described through:

  • Process, Store, Transfer or Present business information as required by the business
  • While ensuring key aspects like Reliability, Security and Cost-effectiveness

Any systems/technology and/or activity which facilitate the above outcome described above,

  • Without the need of  business/customer to own, manage or worry about the specific risks and  costs of the underlying technology, assets, activities etc.

can be an “IT Service”.

With this context , one possible perspective of looking at IT Service can be as below: (more…)


Some of the definitions of terms in ISO/IEC 20000 fall short of expectations from an international standard, to say the least.

Of course, Improvements are visible such as this:

ISO/IEC 20000: 2005 defined “Service Provider” as: “the organization aiming to achieve lSO/lEC 20000”!.

ISO/IEC 20000: 2011 has a better definition: “organization or part of an organization that manages and delivers a service or services to the customer”.

However, more concerning are definitions which can create conflict or misinterpretation such as that of Incident are still existing:

The ISO20k:2011 defines Incident as:  “Unplanned interruption to a service, a reduction in the quality of a service or an event that has not yet impacted the service to the customer Though there is no official acknowledgement, it is very clear that this is adopted from ITIL® V3. But in that case, it is a case of incorrect or incomplete adoption. Here is why:

The latter part of the definition, which I underlined above says “or an event that has not yet impacted the service to the customer” – Now this dangerously equates ALL events to Incidents! An event is something that affects the service (mostly exception events causing interruption or reduction in quality) or that doesn’t affect a service (warnings and regular operation events). With this loose definition,
all three types of events can now fall under the bracket of Incidents.

It may not be a major issue of compliance from ISO/IEC 20000 context – where there is no separate Event management process. However the following questions needs clarity:

  • Does ISO/IEC 20000 view entire event management process as a subset of Incident management? In such a case, the controls specified under Incident management don’t seem to be enough to take care of the requirements of an event management process.
  • So will every event trigger Incident management process? I hope this is not what is implied by the standard.
  • What is the meaning of the word event that is used by the standard in multiple places? Unfortunately there is no definition of the same.

Here are some other definitions in ISO/IEC 20000 that may create misinterpretations and confusions:


In 2003-04, I have led a team of consultants in a Middle East based Bank for adoption of ITIL (at that time V2) practices into their IT organization. One of the deliverables was definition of a suitable Service Catalog framework for the IT Services. We found the guidance in ITIL documentation for Service Catalog to be not adequate enough to satisfy the needs of the Bank.

Through a series of brainstorming sessions and with significant inputs and involvement from the Bank’s IT management, we have zeroed in on a high-level categorization of IT Services into 3 groups:

  • Business Banking services – IT Services that are built into the Bank’s business services – like Core banking applications, Internet banking etc; for which the users are end-customers of the bank.
  • Business Support Services – IT Services that are supporting the bank’s business processes such as email, HR applications etc; for which the users are the Bank’s employees involved in Bank operations
  • IT Internal Services – Supporting services within IT such as System allocations, IP address management etc; for which the users were within IT.

We found the framework to be immensely useful for the Bank’s IT to manage the IT Services in an effective manner.  I have expected to see such guidelines for proper definition and categorization of services to be available in ITIL V3 – but was a bit disappointed (or, I could not find it, if it was defined in some corner of the vast documentation). I always thought that is a significant aspect in IT Service management framework which can have a direct impact on how other aspects/practices in ITSM are defined and governed.

Now, I am happy to see such a Service categorization has been documented in ITIL 2011.  The new revision of the ITIL gives details of Services to be categorized into:

  • External customer-facing services
  • Internal Customer facing Services
  • Support Services – for the interdependencies within IT

Especially the third category – Support Services, clarifies a long-pending confusion for IT outsourcing companies:

IT Outsourcing companies such as those into infrastructure Outsourcing provide services such as network administration/management, Service administration/management, Monitoring etc for which the customers are usually IT personnel in the customer organization. These services were often deemed confusing in the whole discussion of Business-IT Alignment and Integration context.

Now, with this categorization, the services provided by the outsourcing service providers can predominantly fit into the Category 3: Support Services.

A frequent discussion we have in most of the training programs and consulting engagements is about clarity on handling of “Potential Incidents“. On my previous post about Event vs Incidents, JJ has commented with a similar query:

What about those events which are likely to become an incident?

For Instance, Internet Link utilization increased from 60% to 70%. Say my threshold is 75%(Warning) and 80%(Critical) and the utilization increases to 70% on Tuesdays and Wednesdays, shouldnt an incident be created. Because Incident also includes degradation of service.

Since it is a common discussion, thought of putting this as a new post.

First of all, let us divide the context into two parts:

  1. How will this be treated within event management process
  2. What response will be appropriate from event management for this (in other words, what process/action will be triggered by event management process to handle this event)

Since the utilization is reaching a level close to (not equal to more than) the threshold or critical levels, it is still a “Warning” event (Unusual operation) for event management process – and not an exception. As it hasn’t reached the threshold nor critical level of utilization, we can safely assume that there is no ‘degradation of service’ currently. Hence it is not yet an Incident. Yes, this can be a potential incident later – if not handled.

This is my take on such scenarios: this event is actually detected NOT as part of ‘Incident detection’, but as a part of ‘Capacity Monitoring’ (iterative activities of capacity management as per ITIL) . The thresholds and guidelines for these event should be established by Capacity management process. Capacity management can give an instruction to create an incident ticket, if the utilization reaches or crosses a critical limit at any point. However, the first objective of capacity management is to identify issues concerning capacity, before it start impacting business. That is the reason they are setting thresholds adequately below the critical limits for taking proactive action before it starts affecting the service/business. (more…)

Just finished our final batch of ITIL V3 Manager Bridge this week – final because of APMG’s announced ‘Hard-stop’ of V3 manager Bridge certification on June 30th, 2011.

For ITIL V2 Service Manager certified professionals, the situation is not as bad as many of them think, even after June 30th: The available path towards ITIL expert certification are specified by APMG here:

As per this communication, a certified ITIL V2 Service Manager can still get to ITIL Expert Certification faster, by completing the following THREE certifications:

1. ITIL V3 Foundation (or V3 Foundation Bridge, if they have already done that)


2. ITIL V3 Intermediate Life cycle : Service Strategy OR Continual Service Improvement


3. ITIL V3 Managing Across Lifecycle (MALC)

Personally, I don’t really understand the logic of the second requirement there : Service Strategy OR CSI. But that is the decision and announcement from the Accreditation body.

However, I definitely see some confusions among students/candidates for certification, caused by the v3 Qualification scheme guide of APMG (that was published in 2009 – and still live on their site, no further updates on their site, hence we can assume that is the current one):

The criteria for ITIL Expert indicates shows the following: (more…)

ITIL Certifications are still in demand – and most probably, in growing demand.

Training organizations are asked, and they work towards “Passing rate” claims; some even with commitments – or Warranty of passing.

But what about Utility of ITIL trainings and certifications? Are they really improving the knowledge level of the people? 

Had an “interesting” experience of interviewing a couple of persons who are Certified ITIL V3 Experts last week: Those have completed ITIL v2 foundation, ITIL V2 Service Manager and ITIL V3 Manager Bridge certification; whose resume boasted of 7-10 years of Service management experience with few of the Largest global IT Companies.

At the end of the interview, I was particularly sad: Not about that persons, or my (and their) wasted time; but regarding the sorry state of ITIL Certification and its value in the Industry…

Note: The objective of this post is not to blame or ridicule those particular persons; I am actually trying to high-light the knowledge level or understanding of a person who is Certified as ‘ITIL V3 Expert’. Enough has been discussed on the internet as a medium about this concern – but here is a live scenario as it evolved.

What will the image or value such a certification be holding across the industry, if the so called ‘experts’ have a knowledge/understanding level such as this.

I am giving below a recollection of a few questions and answers from the interviews (it is not verbatim or exact words used, but as per my memory- However, absolutely no exaggeration is applied here) :

Q1: What are the key changes V3 has brought in compared to V2?

A: See, there are a large number of concepts and processes that are included in ITIL. When you accommodate all these concepts into two books, the books become very big and complicated, and hence in V3 these set of concepts are re-organized into five books covering the whole life cycle.

Q 1a: So, are you saying other than the structural changes in documenting the practices, there are no new concepts/changes brought in by V3?

A: (After a pause) Well, I don’t think so – nothing other than minor terminology changes


ITIL® Certifications traditionally had an advantage of fitting into all levels in an IT Organization – From junior technical and operation team members to senior managers, CIOs etc.

The ITIL V3 scheme seems to be missing that. With a certification scheme divided into Foundation, Intermediate, Expert and now Master level where there is only one way travel through the levels (upward, with each level mandatory), ITIL’s current scheme is definitely alienating a few significant group of people in IT.

Foundation certification is definitely the fundamental certification for any professional, as it always been and there is no debate on that – as it is the level where the professional is introduced to the fundamental concepts and structure of ITIL.

The concern here is about the Intermediate levels and the way the pre-requisites are defined for that.

Senior professionals and managers in IT (CIOs, IT Managers, IT Business managers etc) are definitely stuck with an unpleasant option after Foundation.:

Many of them find the next logical level they should be doing is Managing Across Lifecycle) – which kind of clearly represents their role. However, the Prerequisite for Managing Across the Lifecycle (MALC) states:

To be eligible for the ITIL Qualification: Managing Across the Lifecycle examination, candidates must have fulfilled the following requirements:
• Have obtained a minimum of 15 credits through formal Service Lifecycle Stream or Service Capability scheme qualifications.

It is as good as saying:

“As per your level you are in, the most suitable intermediate level certification for you in ‘Managing Across Lifecycle (MALC). However, you cannot do that training or certification till you complete at least FOUR other intermediate levels, whether you or your organization need it or not!”