White Paper

Baselining
IT Service Management
W
H
I
T
E

P
A
P
E
R
Alan White
ProActive Services
March 2006
HEAD OFFICE
Level 4,
60 Albert Road
South Melbourne VIC 3205
www.proactiveservices.com.au
BUSINESS DRIVEN IT SERVICE MANAGEMENT
Baselining ITSM

ProActive Services Page 1 of 20



Table of Contents

Preface ........................................................................................ 3
Summary ..................................................................................... 5
Why Conduct A Baseline? .............................................................. 7
Potential Frameworks.................................................................... 8
CMM / CMMI / SPICE ................................................................. 8
CobiT........................................................................................ 9
OGC Maturity Matrices.............................................................. 10
ISO 20000 .............................................................................. 11
PMF........................................................................................ 13
Extended PMF ......................................................................... 15
Conducting a Baseline ................................................................. 17
Basic steps.............................................................................. 17
Business Perceptions................................................................ 18
Organisational Review.............................................................. 19
Cultural Assessment................................................................. 19
Conclusion.................................................................................. 20

Baselining ITSM
ProActive Services Page 3 of 20
Preface
The purpose of this paper is to provide the reader with an
introduction to the concept of baselining the maturity of IT Service
Management processes. The paper looks at the rationale for
conducting a baseline and raises the question Is it really worth the
effort?
A number of approaches are discussed. Some are relevant to IT
Service Management and some are more relevant to Software
Engineering but have been included as part of the discussion since
they have the capability to confuse and cloud the issue. By clarifying
what is not relevant, we can focus the discussion on the more suitable
approaches.
The primary focus of this paper is on the two approaches adopted by
ProActive Services. The first deals with accreditation to the ISO
20000-1 standard and the second aligns maturity to the ITIL Process
Maturity Framework (PMF) which has been extended considerably to
ensure consistency and repeatability of the baselining process.
This paper also discusses the overall baselining process, from the
initial kick-off through to the final report.
It ends with a discussion on additional criteria which may be included
in a baselining exercise, such as gathering customer perceptions,
together with the rationale for including these steps.
Your comments and feedback on this paper are welcomed and can be
emailed to the author at: info@proactiveservices.com.au.
Baselining ITSM
ProActive Services Page 5 of 20

Summary
Baselining is an essential element of any Continuous Service
Improvement Program (CSIP). It identifies what works, as well as
what doesnt work. It gains consensus from all parties involved in the
CSIP and provides a means to measure progress. It should be
considered high risk to embark on a CSIP without first baselining the
processes.
ISO 20000 is an important framework for measuring organisational
capability and will become more prevalent in the next few years as
many organisations seek to achieve certification. However, it is not
designed to measure process maturity.
The ITIL Process Maturity Framework (PMF) is the emerging
framework for maturity baselining. It is complementary to ISO 20000
and the two frameworks can easily be used in parallel. Its major
drawback is that it is too generic in its current form.
ProActive extended the existing PMF to overcome this weakness and
to provide an approach which is truly consistent and repeatable.




Baselining ITSM
ProActive Services Page 7 of 20
Why Conduct A Baseline?

The first issue to consider is the rationale for conducting a baseline.
Typical arguments include:
Is it really worth the effort?
We know our processes dont work well, so why bother
spending valuable time (and money) to prove something is
broken?
We dont really want a poor scorecard since it will just
demoralize everyone.
Lets just get on and fix it.
All of these arguments ignore the main reasons for conducting a
baseline:
Understanding what does work
In most cases, an IT organisation with relatively immature IT Service
Management (ITSM) processes will be delivering reasonable quality
services, or else the business would not be operating today. How is
this possible? Well, there may be a few bits of processes here and
there which work and there are almost certainly some very capable IT
staff compensating for the lack of formal processes. This situation can
be successful in the short term but tends to lead to inconsistency of
results and is a major exposure if there is staff turnover.
Hence the importance of understanding what needs to be retained or
built on, as well as what needs to be captured and formalised,
BEFORE embarking on a process improvement initiative.
Getting internal agreement
A Continuous Service Improvement Program (CSIP) is a team effort,
almost certainly bringing together many people from many different
departments.
The initial reaction from many participants is defensive on the basis
that they genuinely believe they are doing a good job. In most cases
they are performing very well individually, but it is not easy to
separate the people and process aspects.
The other common reaction is territorially based Yes, but Change
Management works well in our team. Again, the lack of a big picture
view clouds critical issues such as the ability of the processes to work
across departmental boundaries.

It is important to
understand what needs
to be retained, or can be
built on.

Baselining ITSM
Page 8 of 20 ProActive Services
A well conducted baseline ensures a common and agreed
understanding of the starting point for a CSIP. Everyone begins on the
same page. Everyone also has the same understanding of the IT
organisations strengths and weaknesses from a process perspective,
which is essential to any joint planning exercise on where to focus the
process improvement effort.
Measuring progress
If the objective is to reach an agreed target maturity for any one
process within an agreed timeframe (e.g. a maturity level of 4 in
Capacity Management within 2 years), how will you know six or
twelve months down the track whether you are making genuine
progress? Measuring maturity is one method but the real benefit lies
in linking process performance measures to maturity levels.
The ability to measure progress has two major advantages. Firstly, it
allows management to manage. Without measurement, management
is extremely difficult. Secondly, it allows everyone involved in the
process improvement activities to see that progress is being made.
This includes all of the IT Service Management staff involved in
carrying out the improved processes from consultants on the
Service Desk to desktop support, server support and other IT staff.
Conclusion
Baselining is definitely worth the effort. In fact, it should be
considered high risk to embark on a CSIP without first baselining the
processes within the scope of the CSIP.
Potential Frameworks

Now we have decided to conduct a baseline, the next major issue is
to pick a framework. Typical comments are:
Cant we standardise on CMM the developers use that?
Cant we use CobiT the auditors use that?
How about ISO 20000 the new international standard?
The following is a discussion on the more commonly suggested
approaches, together with their strengths and weaknesses.
CMM / CMMI / SPICE
The Capability Maturity Model Integration (CMMI) is a process
improvement approach that provides organisations with the essential
elements of effective processes. It has been developed by the
Carnegie Mellon Software Engineering Institute.

A baseline provides an
agreed starting point for
the CSIP.

Maturity levels, linked to
performance metrics,
allow progress to be
measured.

Baselining ITSM
ProActive Services Page 9 of 20
CMMI is built on multiple process models: Software CMM, Systems
Engineering CMM, IPD CMM, ISO 15504, EIA 731, People CMM,
Software Acquisition CMM and Systems Security Engineering CMM.
Software Process Improvement and Capability dEtermination (SPICE)
is a major international initiative to support the development of an
International Standard for Software Process Assessment.
Strengths and weaknesses
CMMI is a relatively mature and very widely used model. However, it
has been designed and developed for Software Engineering (i.e.
Applications Development) and has very little relevance to IT Service
Management. It also takes a holistic view of Software Engineering and
measures maturity at the organisational rather than process level.
Similarly, the focus of SPICE is software processes rather than ITSM
processes.
These are not appropriate frameworks for measuring ITSM process
maturity.

CobiT
Control Objectives for Information and Related Technology (CobiT) is
an IT governance, control framework and maturity model. It defines
34 significant processes and links 318 recommended detailed control
objectives to provide an internal control framework.
CobiT can be used by business or IT management, but its origins are
as an auditors tool. It was developed by the Information Systems
Audit and Control Association, and is published by the IT Governance
Institute (ITGI). See http://www.itgi.org for further details on CobiT.
CobiT is built on established frameworks such as CMM, ISO 9000 and
ITIL. However, CobiT does not include control guidelines or practices,
which are the next level of detail. It does not include process steps
and tasks.
Strengths and weaknesses
CobiT is a control framework rather than a process framework. It
focuses on what needs to be done, not how it needs to be done. Its
target audience is auditors and senior management.
CobiT and ITIL are not mutually exclusive and can be combined, but
the development of the two frameworks is not linked and the
frameworks require effort to be used in parallel.
Unless CobiT is already widely used within the organisation, it is not
recommended as an appropriate framework for baselining ITSM
process maturity.



CMM and SPICE are
designed to measure
Application
Development, not IT
Service Management.

CobiT is a control
framework rather than a
process framework, and
is regularly used by
auditors.

Baselining ITSM
Page 10 of 20 ProActive Services
OGC Maturity Matrices
In 1997, the OGC (then known as CCTA) introduced a five-level
process maturity model, based on similar models that had been
developed for software engineering (e.g. CMM and SPICE).
The five levels were:
1. Organisational commitment
2. Performance ability
3. Actual activity
4. Measurement & analysis
5. Verification of the actual process
This was later revised by OGC and intermediate levels added to create
nine levels of increasing maturity ranging from prerequisites to
customer interface as shown in Figure 1.

Level 1: Prerequisites
Level 4.5: External Integration
Level 5: Customer Interface
Level 1.5: Management Intent
Level 2: Process Capability
Level 2.5: Internal Integration
Level 3: Products
Level 3.5: Quality Control
Level 4: Management Information


In conjunction with this model, the OGC developed two self-
assessment questionnaires that can be of assistance in determining an
organisation's current level of ITSM implementation. Copies of the
questionnaires may be obtained free of charge from the itSMF website
at http://www.itsmf.com/bestpractice/selfassessment.asp

Questionnaires are available for all of the processes within the scope
of IT Service Management i.e. those in the ITIL Service Support and
Service Delivery publications.
Strengths and weaknesses
The questionnaires are relatively simple to use, and can be carried out
as a self-assessment.
The OGC maturity
matrices are good for
showing what is
currently in place,
but less suitable for
planning what to do
next.

Figure 1: OGCs ITSM
Maturity Model

Baselining ITSM
ProActive Services Page 11 of 20

They have several major weaknesses. Firstly, there is more emphasis
on form and less on the content of individual processes. Secondly, the
structure appears granular but is very much the opposite. It is not
uncommon for an organisation to meet criteria at the 3 to 5 maturity
level while missing mandatory elements at the lowest levels. In the
same way, any process improvement initiatives which simply look to
climb this maturity ladder from 1 to 1.5, to 2, etc. are at serious risk
of failure.
The implications are that the OGC Maturity Matrices can be used to
show what is currently in place, but are not the most appropriate for
planning what to do next. They also do not align well with ISO 20000.

ISO 20000
ISO 20000 is the international standard for IT Service Management.
The standard comprises two parts: ISO/IEC 20000-1 and ISO/IEC
20000-2.
ISO 20000 has been fast-tracked as an international standard based
on the original BS15000 standard.
ISO 20000-1 is the first part of the standard, and is the Specification
for Service Management. If an organisation meets all of the criteria
listed in ISO 20000-1 it will have achieved certification and can get
a plaque on the wall.
Certification against ISO 20000-1 is binary you either meet all of the
criteria or you do not meet all of the criteria.
A trend is already emerging whereby major service providers (such as
the larger outsourcers) are being asked to prove their ITSM
capabilities by achieving certification. This trend is expected to
increase significantly in the next few years.
A second major driver for ISO 20000-1 certification is legislation such
as Sarbanes Oxley (SOX) which requires organisations to prove that
appropriate governance processes are in place.
ISO 20000-2 is the second part of the standard, and is the Code of
Practice for Service Management. It describes best practices within
each of the process areas, building on the compliance criteria in ISO
20000-1.
ISO 20000 covers the 10 ITIL processes within IT Service
Management with some minor variations, as well as the processes
involved in managing internal customers, external suppliers and
information security. It also includes three categories focusing on
management capability and intent.
Baselining ITSM
Page 12 of 20 ProActive Services

The process areas covered by ISO 20000 are shown below:


Management System
Management responsibility
Documentation requirements
Competences, awareness & training
Planning & Implementing
Plan, Implement, Monitor & Improve
(Plan, Do, Check, Act)
Planning New Services
Planning & implementing new or changed
services
Service Delivery Processes
Capacity Management
Service Continuity &
Availability Management
Service Level Management
Service Reporting
Information Security Mgt
Budgeting & Accounting
for IT Services
Control Processes
Configuration Management
Change Management
Resolution Processes
Incident Management
Problem Management
Relationship Processes
Business Relationship Mgt
Supplier Management
Release Processes
Release Management


Further details on ISO 20000 can be found on the ISO 20000 Central
website http://20000.fwtk.org/index.htm
Strengths and weaknesses
The adoption of ISO 20000 will become widespread in the next few
years. Many service providers will be required to achieve certification
as a prerequisite to doing business in the field IT Service
Management.
However, ISO 20000 is not an appropriate framework for measuring
ongoing process maturity. Meeting the criteria in ISO 20000-1 is
binary, which means that an organisation is either compliant or non-
compliant. It is possible to calculate (rough) percentage compliance
but this means nothing in relation to the standard. It can also be
misleading if it is the only measure used. An 80% compliance to ISO
20000-1 doesnt show whether the initial 20% or the last 20% is
missing. It tells you nothing about the maturity of the process as this
relates to efficiency or effectiveness.
There is also no concept of meeting the criteria in ISO 20000-2, which
is the collection of best practices. In reality, there are some you may
choose to meet and others you may choose to ignore.



Adoption of ISO
20000 will become
widespread, but it is
not an appropriate
framework for
measuring process
maturity.

Figure 2: ISO 20000
Process Areas

Baselining ITSM
ProActive Services Page 13 of 20
PMF
The Process Maturity Framework (PMF) comes from the ITIL book
Best Practice for Planning to Implement IT Service Management which
was published by the OGC in 2002.
When instigating a service improvement program, the IT department
must be aware of the maturity or growth stages of IT organisations as
a whole, and where they currently stand in relationship to their own
business. This Organisational Growth Model consists of five stages
ranging from Technology (stage 1) where the focus is primarily
internal through to Value Chain (stage 5) where IT is tightly
integrated with the business and is a significant enabler to the success
of the business.
Each growth stage represents a transformation for the IT organisation
and requires careful leadership, planning and coordination. A need to
grow more than two stages in one improvement effort has a
considerable high risk of failure and may have a serious impact on
staff motivation and morale, and on customer satisfaction.
Not all organisations have to be at the highest level (stage 5). The
required maturity is dependent on the business requirements of the
role that IT fulfils or needs to fulfil for the business.
The Process Maturity Framework (PMF) has been adapted by the OGC
from the Organisation Growth Model. The five stages in the growth
model have been translated into:


Initial: the process has been recognised but there is little or no
process management activity, and it is allocated no importance,
resources or focus within the organisation. The level can be
described as ad-hoc or occasionally even chaotic.
Repeatable: this process has been recognised and is allocated
some importance, resources and focus. However, general
activities related to the process are uncoordinated, irregular and
without direction. They rely heavily on individuals.
1
Initial
2
Repeatable
3
Defined
4
Managed
5
Optimised
PMF comes from
the ITIL Planning
to Implement
book.
PMF measures the
maturity of
individual
processes, based
on a five-tier
model.

Figure 3: PMF Maturity
Levels

Baselining ITSM
Page 14 of 20 ProActive Services
Defined: the process has been recognised and is documented,
and to some extent has become institutionalised. Activities are
now more regular and planned, and the outcomes are much more
reliable. Less reliant on a few key individuals. Greater emphasis
on services and customers.
Managed: fully recognised and accepted throughout IT and the
business. Service focused with objectives and targets based on
business objectives and goals. Process is fully defined, managed
and has become proactive. It also integrates with all other ITSM
processes.
Optimising: process is now fully recognised and has strategic
objectives and goals aligned with overall strategic business and IT
goals. The process also has inbuilt mechanisms to ensure
continuous improvement.
As stated above, a transition from one stage to the next involves
more than simply implementing or installing ITIL processes and
procedures with supporting technology. Each stage requires that a
combination of elements be changed in order to succeed in the
transformation. These elements can be categorised as:
Vision and Steering: this encompasses the mission and
objectives for the process as a whole. It considers the extent to
which these have been translated into making adequate
resourcing available, conducting regular reviews and appointing
process owners.
Process: the activities and procedures required to achieve the
mission and objectives.
People: the skills and abilities needed to perform the process. It
includes the allocation of roles and responsibilities, as well as the
setting of objectives at the individual or team levels.
Culture: the behaviours and attitudes required to successfully
achieve the desired outcomes. Does the IT department function
as one team with a strong focus on achieving the desired
outcomes for the customer, or does everyone operate within
narrow technology silos?
Technology: the supporting infrastructure and tools required to
achieve successful outcomes from the process.
Strengths and weaknesses
PMF has been developed by the OGC and aligns closely with ISO
20000 at the process level. The matrices are sufficiently generic to be
applied to all 13 processes within ISO 20000.

d
g
i
s
w
PMF measures
maturity across five
dimensions this
gives a deeper insight
into the strengths
and weaknesses of an
individual process.

ISO 20000 and PMF
align closely and can
be used in parallel.

Baselining ITSM
ProActive Services Page 15 of 20
The five different dimensions can help to better understand specific
strengths and weaknesses e.g. people and culture may be strong but
technology support could be weak and the process poorly
documented. It can also help to identify where process improvement
activities should be focused.
The generic nature of the matrices is also a potential weakness, since
it places emphasis on form rather than on substance. For example,
the Process dimension at a maturity level of 3 should be (see page
189 from Planning to Implement Service Management):
Clearly defined and well publicised processes and procedures
Regular planned activities
Good documentation
Occasionally proactive process
However, what does this mean for Change Management? At this level
of maturity, would you expect to be carrying out risk assessments;
conducting Change Advisory Boards; ensuring business participation;
requiring backout plans for changes; conducting reviews following
successful as well as failed changes?
If organisations at equivalent levels of maturity are evaluated by two
equally experienced ITIL professionals the results could vary
significantly. Much is left open to interpretation.
Extended PMF
On the basis that PMF offered the best available building blocks,
ProActive Services has extended the PMF matrices significantly into
what we believe is now a consistent and repeatable process.
The first major task was to extend the descriptions of all 10 ITSM
processes, across all five dimensions for all five maturity levels. We
brought together the combined (and extensive) experience of all of
our consultants. The concept was to write down what we would
typically expect to find for a process such as Change Management for
an organisation at each maturity level e.g. process activities at a
maturity level of 3 for Change Management would typically look like:
There is good enforcement of entry criteria with some Requests For
Changes (RFCs) rejected early.
Evaluation criteria regularly include risk assessment. Lead times are
defined but not always enforced. RFCs are sent out electronically for
Change Advisory Board (CAB) review.
Standard change models are more common, with some analysis of
effectiveness. More likely to focus on changes delegated to the
Service Desk or Desktop Support.
The major
weakness with
PMF is that the
criteria for
measuring
maturity is generic
and is open to
interpretation.
Extended PMF has
been developed by
ProActive to
overcome the
weakness in the
OGC version.

The assessment
criteria for all five
dimensions of all
processes has been
extended with process
specific details.
Baselining ITSM
Page 16 of 20 ProActive Services
There may be some business involvement. Likely form would be one
business representative sitting in on the CAB and forming part of the
approving group.
The next task was to add the other three processes covered by ISO
20000, namely Business Relationship Management, Supplier
Management and Information Security Management.
There was still one major element not covered by PMF the degree
of interaction between the processes. As an organisation moves up
through the levels of maturity, interaction between processes should
increase. ProActive decided that interaction is an element of maturity
(not a result of maturity) so we decided to add interfaces as a sixth
dimension.
Interfaces: recognising the high degree of interaction within ITIL
processes, this area considers the extent to which any one process
integrates with associated ITSM processes.
We can now assess each process across all six dimensions.

Incident Management
1
2
3
4
5
Vision & Steering
Process
Culture
People
Technology
Interf aces
Overall Maturity
By Sub-area

We can also show the maturity for all 13 processes:
Maturity Summary
1.00 1.50 2.00 2.50 3.00 3.50 4.00 4.50 5.00
Incident
Problem
Change
Configuration
Release
Service Level
Availability
Capacity
IT Service Continuity
Financial
Business Relationship
Supplier
Security
Process Maturity

Figure 4: PMF Incident
Management example

Figure 5: PMF Maturity
Summary example

Interfaces has
been added as a
sixth dimension
since process
interaction is a key
factor in maturity.
Baselining ITSM
ProActive Services Page 17 of 20
Strengths and weaknesses
ProActives extended PMF provides a consistent and repeatable
approach. It does not depend on which consultant conducts the initial
maturity baseline. It also does not depend on whether the same
consultant conducts the next baseline in 12 or 24 months time.
It encompasses the most important dimension of each process,
including interfaces. These give a deeper insight into particular areas
of strengths and weaknesses and allow improvement initiatives to be
more carefully targeted.
It covers the 13 processes within ISO 20000, including the
management of business relationships, suppliers and information
security. It maps very closely to the combined ISO 20000 (ISO 20000-
1 plus ISO 20000-2). This means we can apply PMF in parallel with an
ISO 20000-1 assessment.
Conducting a Baseline
So, youve decided to conduct a baseline, youve selected your
preferred approach and youre ready to start. This section looks at the
process involved in conducting a baseline and discusses some
additional elements considered integral to the success (or failure) of
baselining.
Basic steps
Kickoff presentation: A typical baseline involves interviewing a
reasonable number of people to gain a sound understanding of how
each process is carried out. Most people want to understand whats
going to happen in the interviews. Some may even want to
understand whats going to happen after the interviews (e.g. does this
mean I can lose my job?).
The objective of the kickoff is to bring as many of these people
together as possible to explain why the baseline is being conducted
and how it will be conducted. It saves considerable time at the start of
each interview, avoids unnecessary confusion and can flush out any
serious concerns.
Interviews: These need to be held on a process by process basis.
Depending on the maturity of each process, it may be desirable to
build as-is process models / flows as a basis for clarification and as a
starting point for any process improvement initiatives.
Each interview is like a mini-workshop. It brings together a cross
section of support staff involved in the execution of any one process
e.g. the Incident Management workshop may involve first, second
and third tier representatives from the service desk, desktop, server
and UNIX support teams.
Extended PMF
provides a consistent
and repeatable
approach and can
easily be used in
parallel with an ISO
20000 compliance
assessment.

An initial kickoff
can save time and
confusion, and can
flush out any
major concerns.

Interviews should
bring together a
good cross section
of people to
determine how the
process is carried
out today.

Baselining ITSM
Page 18 of 20 ProActive Services
The objective of each interview is to determine how things are done
today not how they should be done, and not to pass judgement.
Customer interviews should be handled differently see Business
Perceptions below.
Other forms of data gathering: These can vary significantly. Any
potential reports should be reviewed e.g. monthly reporting can give
insights into several processes, and may also form part of Service
Level Management. Significant meetings should be observed e.g. a
CAB or even a weekly Service Management review held at 8am on
Monday mornings. Where tools exist, the data held in the tools and
the way in which they have been implemented needs to be
understood.
Analysis and reporting: Much of this will be driven by the overall
objective for the baseline, but an important principle should be to
verify with a few key individuals that the data captured in the earlier
steps through interviews, reports or observations is accurate.
Business Perceptions
If all of the key customer-facing processes are at a very high level of
maturity, the likelihood is that IT and the business will be aligned.
There will be complete agreement on the quality of services delivered,
and IT will have a thorough understanding of the business needs.
This situation is fairly uncommon. Generally there are some
disconnects. IT often thinks it is doing a good job without knowing how
that links to service quality. A process can look good on paper but can
also be delivering poor results from the business perspective.
This step provides the IT department with an understanding of the
business managements perception of the issues related to the
delivery of IT service. This is typically carried out through a focus
group meeting with nominated Business Unit managers or key users,
or by one-on-one interviews. A focus group meeting should take no
more than one hour, while individual interviews should be limited to 30
minutes. Alternatively, it can be run as a web-based customer
satisfaction survey.
The objective is to gain a customer perception on service quality. For
the critical services, does the IT department deliver acceptable quality
to enable the business to achieve its objectives? Has the quality
improved or deteriorated in the last 12 or 24 months? What are the
strengths and weaknesses of IT from a service perspective?
Business
perceptions of
service quality are
important,
especially where
there are some
disconnects
between IT and
the business.
Baselining ITSM
ProActive Services Page 19 of 20
Organisational Review
This involves a summary appraisal of the IT organisational structure to
assess its alignment with the objectives of the CSIP and cost effective
end-to-end services delivery. It is conducted as a series of one on
one interviews and/or focus group meetings, with the CIO and key
direct reports and where necessary, key business managers.
The Organisational review will identify possible structural issues that
could predicate against the cost effective delivery of end-to-end IT
services. The commonly used IT organisation structure, based on
technology silos, tends to inhibit the effective delivery of end-to-end
services.
Cultural Assessment
Another area which has been widely misunderstood is the cultural
aspect of the CSIP, in particular the readiness of the organisation to
embrace change. It is not uncommon for significant cultural issues to
become apparent during the staff interviews, especially where these
interviews are being conducted by an external consultant.
Besides people being the key to the success of a CSIP they can also
be the biggest barrier! It is important that there is some measure of
how customer focused your organisation is and how open they are to
change. These issues pose a risk to the CSIP if not managed
adequately.
An organisational
review can identify
structural issues
such as technology
silos.

Cultural issues
need to be
understood as
these can be major
inhibitors to
change.

Baselining ITSM
Page 20 of 20 ProActive Services
Conclusion
Baselining is an essential element of any Continuous Service
Improvement Program (CSIP). It identifies what works as well as what
doesnt work. It gains consensus from all parties involved in the CSIP
and provides a means to measure progress. It should be considered
high risk to embark on a CSIP without first baselining processes.
ISO 20000 is an important framework for measuring capability and will
become more prevalent in the next few years as many organisations
seek to achieve certification. However, it is not designed to measure
process maturity. Only a pass or fail is recorded.
The ITIL Process Maturity Framework (PMF) is the emerging
framework for maturity baselining. It is complementary to ISO 20000
and the two frameworks can easily be used in parallel. Its major
drawback is that it is too generic in its current form.
ProActive extended the existing ITIL Process Maturity Framework to
overcome this weakness and provide an approach which is truly
consistent and repeatable.
Other approaches such as CMM/CMMI/SPICE, CobiT or the OGC
self-assessment matrices are either unsuitable or not as appropriate.
ProActive has adopted ISO 20000-1 and the extended PMF. These
have differing objectives but can easily work in parallel. ISO 20000-1
is used to determine if an organisation complies with the standard i.e.
if it can be certified. PMF is used to determine process maturity. A
process currently at a maturity level of 1 looking to satisfy the
certification criteria may need to jump as much as 2 to 3 levels on the
PMF scale, which requires careful planning and implementation.
Although it is not a precise measurement, a fully ISO 20000-1
compliant process will generally be around a maturity level of 3 to 4 on
the PMF scale. This varies by process.
The basic steps involved in baselining are: kickoff, interviews, data
gathering, analysis and reporting. A kickoff presentation is essential to
ensure all participants understand whats going to happen and to
ensure the context for the baseline is understood.
Business Perceptions are important. If the baseline and subsequent
CSIP is too inwardly focused, it is possible to build some excellent
processes which do not align with the business. The focus here is to
gain a perspective from the business on service quality.
An Organisational Review and Cultural Assessment may also be
relevant. They can identify potential barriers to planned CSIPs e.g.
there may be strong technology silos or there may be a history of
management rewarding hero cultures.
Baselining should
be an essential
element of any
CSIP.
ISO 20000-1
measures
compliance and
PMF measures
maturity they
easily work in
parallel.