IT Service Management

Definition: Information Technology (IT) Service Management (ITSM) is a generic umbrella for frameworks, processes, and models that address best practices in managing, supporting, and delivering IT services. IT services may include (as defined by NIST for cloud computing): Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

Keywords: CMM, COBIT, infrastructure services, ISO 20000, ITIL, ITSM, service delivery, service desk, service management, service support

MITRE SE Roles and Expectations: MITRE system engineers (SEs) supporting sponsors procuring new IT systems, migrating existing IT-based systems to common or shared infrastructure, or upgrading their internal business systems must have an understanding of the IT and associated processes for control, operations, shared use, and governance. MITRE SEs develop comprehensive programs around an ITSM framework or approach or address specific issues in particular process areas. Examples include developing implementation plans for migrating from decentralized help desks to centralized service desks, recommending process improvements to improve overall system availability, designing end-to-end monitoring systems, developing service catalogs and service level agreements, and identifying critical support factors for service management process areas.


IT service providers have several frameworks and best practices to use, whether they are commercial providers or internal IT organizations. This article focuses on the processes and practices defined in the Information Technology Infrastructure Library (ITIL®), the most comprehensive and widely adopted framework for IT service management [1].

Other related best practice frameworks for ITSM include:

  • Control Objectives for Information and related Technology (COBIT), which was developed by the ISACA IT Governance Institute [2].
  • IT Service Capability Maturity Model (CMM, CMMI, CMM Services), which provides standards for defining process areas and measuring an organization's level of maturity within these process areas [3].
  • ISO/IEC20000, which is an international standard, based on the ITIL Framework, for IT organizations that want formal certification of their service management processes [4].

The ITIL is a framework developed by the United Kingdom Office of Government Commerce (OGC). The original ITIL framework was developed in the late 1980s and was then documented in a collection of books in the 1990s known as ITIL v2. The current version of the framework, ITIL v3 was released in 2007. An update for ITIL v3 was released in 2011. Also, in 2011 ownership for ITIL was transferred from OGC to HM Government.

The ITIL framework is based on the concept that IT organizations provide services, not technologies, to business customers. The difference between a service and a technology is the added value IT organizations provide to their customers by accepting and managing the risk associated with that technology. In simple terms, a Microsoft Exchange server is a technology. Electronic mail or messaging is a service that includes support and management functions whose details are hidden from the end user or customer. The ITIL divides these support and management functions into 30 process areas that arise through the service life cycle.

Although the ITIL does describe the major elements of the 30 process areas that are considered to be best practice, the ITIL is not prescriptive. For example, the ITIL describes Continual Service Improvement processes but does not require the use of one process improvement methodology over another. Practitioners can rely on Lean, Six Sigma, or other methodologies for process improvement. Similarly, the ITIL can be used in conjunction with COBIT. For example, for the change management and governance related processes, both frameworks have similar, complementary relationship with CMM. The ITIL also provides descriptions of roles associated with each of the process areas that should be considered within the governance structure.

The ITIL service life cycle is divided into five phases, each with its set of processes and functions that play critical roles during that phase (see Figure 1). Note that some of the process areas mentioned in the ITIL body of knowledge are relevant throughout the service life cycle. The classification of processes under a specific phase is only meant to demonstrate when these process areas are most important.

ITIL v3 Phases and Process Areas
Figure 1. ITIL v3 Phases and Process Areas

Why Implement ITIL?

The ITIL provides a framework for viewing IT support and service processes. None of the ITIL process areas is "new" or different from the traditional IT process areas. What is different about the ITIL is the acknowledgment that IT is no longer driving business decisions. To the contrary, IT services have largely become a commodity. This shift has often caused IT organizations to become separated and marginalized from the business operations they support. The ITIL framework was designed with the objective of injecting IT back into business decisions; that is, the ITIL aims to reestablish the participation of IT in making business or mission decisions with the goal of delivering relevant, improved services at a reasonable cost. By involving IT at the beginning of the service life cycle, support and service level offerings can become a standard part of every IT service.

Underperforming IT operations are often a symptom of the problem but not the problem itself. IT operations receive systems from business units, applications development, systems engineering, and other parts of the organization. Lack of organizational processes and standards can mean IT operations groups have to manage every version of every platform and application available on the market. Often this is a consequence of an organizational business model in which IT operations has limited involvement in the decision making for the design of systems that they later own after the transition portion of the life cycle. The earlier in the design phase life-cycle management (or sustainment) is built in, the more likely the overall cost and performance objectives can be achieved. This is a critical and often overlooked point.

The ITIL helps point to the processes that begin from the conceptualization phase of a new system, continue through acquisition, and then move to change, configuration, and release management processes that directly impact application development and systems engineering teams. Most important, the processes include mission/business representatives as an integral part of the service development process.

Finally, the ITIL stresses the importance of metrics, both in measuring the success of the ITIL program itself and for measuring the performance of the IT organization in delivering customer services. Because ITIL implementation programs are often lengthy, it is critical to demonstrate improvements throughout the duration of the program.

Best Practices and Lessons Learned

During the early 2000s, ITIL became a popular framework for IT organizations to adopt, including those within federal government agencies. However, federal government agencies are still catching up with the private sector in implementing ITIL.

Are we there yet? Implementing an IT Services Management framework is a lengthy process. Organizations can expect to spend up to two years on these efforts, even if they focus on just a subset of the ITIL process areas. For this reason, ITIL programs require senior leadership buy-in in order to be successful. Strong governance is a key component of even limited success.

It's not just about the IT. IT services management extends beyond IT operations and into all aspects of IT services, including acquisition planning, financial planning, service portfolio management, and release management. Don't make the mistake of focusing IT services efforts only on IT operations. As noted, operational performance issues are usually the symptom, not the root cause of the problem.

Are you being served? Often IT organizations are hesitant to include representatives from outside of their organization in their IT services efforts. Instead, they focus exclusively on internal IT process improvement efforts. This misses the whole point of IT services management, which is to view stakeholders and especially customers or users as partners. IT's shift toward being a commodity means bringing customers or users into the project and that translates into a better understanding of their needs and the level of service required.

Measuring business value. Defining metrics for an IT services program is often overlooked. It is not always obvious that an improvement in change management can directly impact the availability of critical systems. Metrics need to be closely tied to the strategic goals and value of the IT program, and they need to be relevant to the business or mission being supported. Metrics need to be defined, collected, and shared throughout the program. Good sources of material on metrics useful for IT can be found on Gartner, Corporate Executive Board, and CIO Executive Council websites (access is for members).

References and Resources

  1. AXELOS, IT Service Management (ITIL®), accessed July 10, 2014.
  2. ISACA, COBIT 5 Resource Center, accessed July 10, 2014.
  3. CMMI Institute, CMMI for Services, accessed July 10, 2014.
  4. ISO/IEC 20000-1:2011, Information technology—Service management—Part 1: Service management system requirements.

Additional References and Resources

NIST Special Publication 800-145, September 2011, The NIST Definition of Cloud Computing.

van Bon, J., and T. Verheijen, 2006, Frameworks for IT Management, Zaltbommel, Netherlands, Van Haren Publishing.


Download the SEG

MITRE's Systems Engineering Guide

Download for EPUB
Download for Amazon Kindle
Download a PDF

Contact the SEG Team