Skip to main content

Can You Really Get ITIL Out of the Box?

IT organizations are under intense pressure to reduce the cost of managing IT and ensure that decisions are based on business value and business priorities.

Many are turning to the IT Infrastructure Library (ITIL®) for guidance on how to meet these demands.

But ITIL is not a panacea. It is a set of guidelines. It’s left up to each organization to translate those guidelines into workable and effective ITIL implementations for their specific environment.

Specifically, ITIL is a best-practice process roadmap based on real-world customer experiences in managing IT to achieve business objectives and realize business value.

Although ITIL provides guidelines for processes, successful implementation requires the harmonic convergence of those processes with the other two components of the IT environment - people and technology.

To use an automobile analogy, to reach a planned destination (business objective) requires the harmonic convergence of a roadmap (processes), a vehicle (technology), and a driver (people).

Even if the roadmap is accurate, the vehicle must be capable of making the journey, and the driver must be knowledgeable in a variety of disciplines, including vehicle operation.

If any of these are lacking, the destination may remain difficult to reach.

To implement ITIL successfully, then, you must address all three components of the IT environment - people, processes, and technology.

That may seem like quite a challenge, but take heart. Technology is available that can help you toward successful ITIL implementations.

Some industry experts are skeptical about whether you can actually use out-of-the-box technology to implement ITIL. Here are some of the reasons they cite for their concern:

> You can select technology that you believe aligns closely with your intended goals, but when you actually take it home and unwrap the box, you might be surprised at what you find - or don’t find - in the box. Getting the functionality you need may require an extensive consulting engagement, and that drives up cost.

> The technology may not integrate with the other elements of your infrastructure, or it may fail to map to the processes you’ve decided to keep.

> You may have trained your staff on ITIL and even gotten some of them ITIL certified, but they may not fully understand their roles in the ITIL processes, or may not follow the ITIL processes

> You must define your own set of processes first.

Are the skeptics correct? Or are they overly pessimistic? This paper addresses that question head on. It examines the people, processes, and technology issues that you must address to get ITIL up and running in an organization. And it demonstrates that you can obtain technology that addresses those issues and delivers a substantial portion of ITIL right out of the box.

Of course, technology alone cannot bring you the entire distance. There are still tasks left up to you. For example, you need to bring about the necessary organizational changes to transition your staff to a more business-oriented approach to IT service.

You also have to determine the implementation sequence best suited to your particular environment by deciding which ITIL processes to begin with, based on your most pressing needs. And you will have to personalize the solution to your particular environment

So if you want to implement ITIL, but are put off by the skepticism, this paper should help relieve your concerns. It describes the extensive capabilities you can gain from today’s advanced IT service management solutions and how they can propel you forward in your journey to ITIL implementation.

The paper also provides a step-by-step approach to planning, selecting, and implementing an ITIL out-of-the box solution. Finally, it presents a real-world example of how one organization is taking advantage of out-of-the-box technology in implementing ITIL.

Fuel for skepticism

ITIL implementation presents a significant challenge, but the benefits far outweigh the level of effort. ITIL provides practical guidance for organizations to manage from a business perspective and deliver greater value to their customers. ITIL also defines processes at a high level - telling you what to do, not how to do it. It focuses on methodology and provides a roadmap for building processes.

However, ITIL leaves it up to you to implement the processes in the manner most suitable to your organization’s situation and needs. That presents a challenge, one that requires you not only to implement the processes, but also to deploy underlying technology to support those processes, and finally, to define how your staff will follow them. It is the magnitude of this challenge that has fueled skepticism concerning the ability to implement ITIL out of the box

Scoping the Challenge

To meet the challenge, you must first define the tasks and workflows that enable ITIL processes. Then you have to. provide IT service management applications to support the processes.

Next, you have to integrate these applications, because application integration makes process integration possible, and process integration is a key ITIL requirement To support your ITIL processes and ensure they have a consistent and accurate view of IT assets and their relationships, you also need to implement a configuration management data. base (CMDB), also referred to as a Configuration Management System (CMS).

The CMS has the CMDB,. plus a full management system for managing it, such as. a reconciliation engine. It interfaces to data collection tools and a federation facility to source data. The CMDB is an essential component of an IT service management implementation based on ITIL. The CMDB defines a set of configuration items (CIs) and can maintain information about all components of the IT environment — technology, processes, and people — as CIs in the database.

It maintains descriptions of the CIs, such as the hardware and software configurations of client and server machines. It also maintains information about the relationships of the CIs, such as the physical and logical relationships of the IT infrastructure components, including dependencies, such as information regarding which database runs on which server The CMDB provides two primary functions:

> A single source of reference and control across all IT disciplines to ensure that all processes are working. from consistent and accurate data
> A point of integration for the individual IT service management applications

In addition, after taking care of the process and technology components of the IT environment, you have to address the people component. That includes bringing your staff up to speed on the use of ITIL processes, which requires training and possibly ITIL certification programs.

In view of the magnitude of the challenge, some industry experts have expressed their skepticism that technology out of the box can move an organization far along the path to ITIL.

Addressing the skeptics’ concerns
Despite the skepticism, IT service management technology is available today that can simplify and speed your ITIL implementation.

The advances that IT service management solutions can bring to an ITIL implementation are analogous to the advances in PC technology that have simplified the deployment of personal computers In the early PC days, very little was included out of the box. Users had to be technology experts to get computers up and running.

They had to grapple with a primitive operating system that employed an arcane command-line user interface. Furthermore, they had to install applications and peripheral drivers without benefit of install shields and wizards. Today, PCs are nearly ready to go right out of the box. Hardware and software (operating system, peripheral devices, and applications) are all integrated.

The user simply supplies. specific details, such as personal preferences, e-mail account information, and local network and Internet access information, and the computer is ready to perform useful work. The integration between the PC applications in now seamless IT service management technology has advanced in the same way to simplify ITIL implementation.

Solutions are available that implement key ITIL processes — as defined in the ITIL Service Support book — right out of the box. Some include a suite of applications that support a variety of IT disciplines, using proven best practices.

The applications are integrated at the process level to permit ITIL process integration, a key ITIL requirement. Some solutions also include a CMDB, which is shared by the applications This section indicates a number of areas in which IT service management technology has advanced, enabling it to address the concerns of skeptics and give you a substantial head start in ITIL implementation.

Remember, however, that IT service management solutions vary considerably in their ability to address these concerns. Consequently, approach your selection of an out-of-the box ITIL solution with care to be sure you chose the one that will bring you farthest along the ITIL path out of the box. You want to use these advancement areas as criteria in making your selection.

Demonstrate ITIL Compliance

Most important, the solution must be aligned with ITIL. and use ITIL processes, language, and naming conventions. The naming conventions include the ITIL definitions of. IT disciplines: incident management, problem management, change management, release management, configuration management, service level management, and service. desk function.

One way to ensure ITIL compliance is to look for solutions that Pink Elephant, a leading ITIL consulting firm, has verified as ITIL aligned through its PinkVerifyTM program (opens in new tab).

PinkVerify is the only certification program worldwide to recognize software that supports the definitions and workflow requirements of specific IT management. processes, such as ITIL.

All service management tools. considered for PinkVerify are objectively assessed by qualified Pink Elephant consultants who hold the highest level. of ITIL certification, the Management Certificate in IT Service Management

Implement ITIL Processes Out of the Box

The concept of “ITIL processes out of the box” implies three important capabilities: definition of roles and responsibilities, definition of process flow, and implementation of a CMDB.

Roles and Responsibilities

The solution must predefine the roles involved in the ITIL processes, along with the responsibilities of those roles. All you should have to do is define the access rights and permissions necessary for the individuals assigned to execute the various ITIL processes. For example, an effective solution defines the roles of those responsible for solving hardware and software problems within problem management.

Process Flow

A process consists of one or more connected activities (tasks) that make up the process lifecycle. As Figure 1. illustrates, each activity requires input, and its output becomes the input to the next sequential activity.

The solution should specify the process flow for the standard, documented ITIL processes defined in the ITIL guidelines. Furthermore, it should move and manage each process though its entire lifecycle.

To meet this criterion, the solution must define the individual best-practice activities that make up each process. This involves specifying the work instructions and establishing the parameters for controlling process flow, such as service level agreement (SLA) parameters. (See Figure 2)

This out-of-the-box capability of translating ITIL process guidelines, documented in the ITIL books into actual bestpractice processes, gives you a significant head start in ITIL implementation.

Figure 3 shows an example of a process flow for the escalation process.

Figure 4 shows an actual predefined problem management workflow implemented by an existing IT service management solution.


The CMDB is the heart of the ITIL implementation. Consequently, an ITIL out­of­the­box solution should implement. a CMDB automatically, so that the user need only populate the CMDB with the data describing the organization’s IT environment.

Some solutions simplify CMDB population by providing discovery tools that automatically capture information, record it in the CMDB, and keep it updated by regularly scanning the environment and recording any changes.

This includes topology discovery, and within the CMDB is the ability to have a rules­based reconciliation engine to enable data cleansing and concatenation (the operation of joining two character streams end to end) from the various source tools.

Integrate ITIL Processes Within and Across. IT Disciplines

One of the key themes of ITIL and a critical requirement. for out­of­the­box ITIL implementation is process integration. To achieve this integration, a solution must integrate the IT service management applications that support the ITIL processes, at both the data level and the process level.

The CMDB provides the foundation for application (and process) integration at the data level by providing a shared source of data about the IT environment. In addition, the IT service management applications should interoperate to provide integration at the process level.

For example, inter operation of the change management application with the incident and problem management application makes it possible for a service desk agent to generate requests for change (RFCs) to resolve problems, and be notified of successful change completion - all from the service desk application.

As another example, integration of the change, release, and configuration management applications. permits implementation of a closed­loop change process that encompasses all phases of the change lifecycle - request, planning, implementation, and verification.

Address the People Component
Certainly process and technology are important components of ITIL, but the solution must also address the third component - people. Although the solution certainly can’t take care of all the people issues, it can be of considerable help.

For example, a comprehensive out­of­the­box solution defines the roles of the groups involved in ITIL processes. All that remains for you to do is to supply the actual people’s names within the groups.

For example, in the escalation process, you supply the names of the people at the various escalation levels to permit automatic routing of problems to the appropriate people or groups of people (resolving teams). In the change process, you supply the names of the people authorized to approve and implement changes, based on the type of change requested.

This permits you to track who authorized each change and when they did this, and who implemented each change and when it was made. This detailed level of change tracking is essential for regulatory compliance.

Some solutions also guide the user through the steps of various processes. In essence, this provides training and adherence on ITIL processes.

Implementing the Solution
Although IT service management solutions are available that accelerate ITIL implementation with substantial out­of­the­box capability, implementing ITIL is still by no means a trivial task. That’s why you should approach it in a disciplined manner. This section provides a three­phase, step­by­step approach to implementation. Each phase consists of five steps for a total of 15 steps. (See Figure 5)

Phase 1 — Assessment
Step 1 — Create Goals and Mission
In this first step, you define the goals and the mission of your ITIL implementation. Keep it simple. If possible, limit the scope to between five and ten goals, and ensure that your goals relate to ITIL principles. Don’t just consider immediate pain points. Instead, take a long­term view, and make sure you clarify the direction of your program so you can motivate people to take action in the desired direction.

Remember that your mission statement will become your final deliverable, so make sure that you clearly reflect your intentions. A mission statement should clarify the direction of the program, motivate people to take action in the right direction, coordinate the actions of different people, and maybe most importantly, outline the view of senior management.

Step 2 — Review Service Management Best Practices
Search out and review all the service management best practices you wish to consider to implement your service management solution. Document the results of the search by generating a comprehensive list of all contenders. It’s a good idea to manage the list using a standard component approach, such as a spreadsheet.

Step 3 — Select Service Management Best Practices
From the list you generated in Step 2, select the service management best practices you want to implement. Bear. in mind that organizations don’t typically implement all of ITIL — at least not all at once. In making your selections,. it’s a good idea to appoint a selection committee that. represents all stakeholders. With the help of the committee, you can:
> Identify the best­practice needs common to. the stakeholders
> Establish key selection criteria, such as governance. and quality
> Identify the areas of conflict between the business managers (For example, one business manager may want to implement a process that could inadvertently have a negative impact on the objectives of another business manager) Eliminate the obvious non­contending best practices
> Rate the remaining contenders

Step 4 — Select Complementary Best Practices from other Frameworks
Determine the best practices you wish to implement from other frameworks that are complementary to ITIL, such as Control Objectives for Information and related Technology (COBIT), Six Sigma, and ISO 20000.

Step 5 — Decide Which Processes to Implement to Support the Best Practices
Decide which processes you need to implement to support the best practices you have selected. Your choices may be limited by various factors, such as practicality, cost and time to implement, IT/technology structure, and business practices.

You may have to prioritize or restrict your process list to fit your specific situation. In the case of the ten ITIL processes, you may only adopt a limited number. For example, you may decide not to adopt continuity management, because you already have a strong independent continuity function.

Phase 2 — Software Selection, Purchase, and Installation
Step 1 — Create a Software Needs Analysis

Scope the software requirements to support each of the processes in the list that you created in Phase 1 and prioritize the requirements for each process. (See Figure 6.)

Be sure to anticipate future requirements. Identify the components for the overall software scope and the components required by each individual process and this will provide the basis for your needs analysis. Refer to the ITIL books for guidance. They are available from The Stationery Office at (opens in new tab).

NOTE: The overall scope relates to those components that are common to each process, such as process­driven integration, federation, reporting, security, and technology criteria. The individual scope “by process only” describes those criteria that are unique to each individual process.

Step 2 — Identify Potential Software
Based on the software needs analysis, identify the available software solutions that meet your requirements. In deter mining what is available, take advantage of such resources as IT Service Management Forum (itSMF), IT Infrastructure Management Association (ITIM), and industry conferences and seminars.

Step 3 — Select Software

Make a selection from the list you generated in Step 2. In making this selection, it’s important to consider:

> How closely the software meets the out–of­the­box criteria outlined in the previous section of this paper

> How closely the software meets your specific software needs, as scoped in Step 1

> Licensing and maintenance options

> Level of support available

> Complementary products available from the vendor, such as solutions that automate identity management, provisioning, and software configuration management

> The vendor’s solution roadmap (Examine the vendor’s roadmap to be sure the software meets your current and future requirements)

> The vendor’s reputation in the industry

You can also check evaluation tests, such as PinkVerify, to help you rate the solutions.

Step 4 — Prepare a Business Case

Once you have made your choice, you need to develop a business case for acquiring the solution. That involves determining the return on investment (ROI) for the software, considering such cost factors as software purchase, implementation, customization, maintenance, and the required hardware and supporting technology. Then weigh these against the expected benefits, such as improved IT efficiency, reduced risk, and improved regulatory posture.

Step 5 – Purchase and Install Software

Your purpose in deploying the solution is to implement and follow ITIL processes, and by the time you’ve reached this step, you have selected a solution that implements these processes out of the box. So rather than attempting to adapt the solution to your organization’s processes, focus on how your organization can adapt to follow the ITIL processes implemented by the solution.

In choosing to install the software, it’s important to trust your supplier. You should install the software in the way that the vendor recommends, and resist the temptation to make on­the­fly changes. That helps ensure the implementation remains true to ITIL processes, and permits hassle­free maintenance and upgrades.

Phase 3 — Software Localization

Step 1 — Create Process/Work Instructions

In this step, you tailor the solution to your specific environment by supplying the information that defines your environment. This involves populating the solution with data, such as the people’s names for each role, and with service level agreement parameter values, such as the maximum elapsed time allowed before escalation of an incident. You also need to consider what is required to familiarize people with new processes or ways of doing things. The solution can help by guiding the user through the various processes, providing a self­teaching environment.

A comprehensive, out­of­the­box ITIL solution saves considerable time and effort in this step by predefining both the activities involved in each process and the process workflow that integrates the activities. It also provides the work instructions by guiding the user through each activity.

Step 2 — Perform Essential Personalization

In this step, you personalize the solution, doing such things as tailoring screen layout, adding custom data fields, and specifying rules unique to your specific organization. Any personalization you do, however, should meet the vendor’s specifications for tailoring.

Step 3 — Create a Capability Maturity Model (CMM)

You need to establish a model that defines your organization’s maturity level with respect to process management. One such model is the Capability Maturity Model (CMM), developed initially in the mid-1980s by the Software Engineering Institute (SEI) at Carnegie Mellon University in Pittsburgh. As Figure 7 shows, the CMM defines five evolutionary phases that describe maturity growth in managing processes.

Step 4 – Perform Gap Analysis

Using the maturity model, first determine the maturity level your organization has reached for each of the processes that you have defined. Then, identify the maturity level that you want to achieve. This will tell you how closely you are aligned with ITIL processes and where you have to modify your processes to bring them into closer alignment.

Step 5 — Fine-Tune

Fine-tuning is, quite simply, closing the gap between the actual and target maturity levels. This is illustrated in Figure 8, where you can see the actual maturity compared with the desired level of maturity.

In the case of processes A and C, you need to progress one level. For process B, you must progress two levels. However, there is a bonus, because process D is already at the desired level of maturity.

The best way to approach this activity is to prioritize your processes into a logical order, because you cannot fine-tune all of the process simultaneously. Remember, you should not be designing the processes from scratch, but instead, you should be fine-tuning your out-of-the-box solutions.


IT organizations are under intense pressure to meet ever-increasing demands for business services in an IT environment that is characterized by growing complexity, tight budgets, and the need for regulatory compliance. ITIL can help you address these demands, but many IT professionals perceive the effort required to implement ITIL processes to be substantial and don’t realize that you can implement key ITIL processes out of the box. Some have compared the effort to that required to implement enterprise resource planning (ERP) software.

Fortunately, viable IT service management solutions are available which, contrary to the opinion of skeptics, make it possible to implement ITIL processes out of the box. These solutions address the key process, technology, and people components of ITIL. They define ITIL-based roles, responsibilities, and process flows, as well as provide ITIL process integration and create a CMDB. As a result, these solutions significantly reduce the effort required to implement ITIL.

With these advanced IT service management solutions, you get a substantial head start on ITIL implementation, so you can move up in process management maturity to drive down cost, increase efficiency, and better support business requirements. What’s more, as ITIL evolves, your vendors should enhance their solutions through software upgrades that will evolve your ITIL process implementation — giving you additional capabilities out of the box.

Reaping the Benefits

Companies are already taking advantage of ITIL out-of-the-box solutions to facilitate and speed their ITIL implementations. Here’s one example. After studying ITIL for a few years, the IT staff of a large clothing retailer decided to implement ITIL processes to enable IT to better support the company’s rapid growth.

The IT operations staff had been hampered by limited tools for managing the IT infrastructure. Unplanned outages, delays in service restoration, and numerous recurring incidents were disrupting business operations.

Only minimal data had been available for determining the business impact of outages, tracking assets, deploying operating system patches, estimating resources, and rolling out new functionality. The IT staff opted to begin its ITIL implementation with its service desk, replacing its current basic ticketing system with one that implemented ITIL processes to support incident, problem, change, and configuration management.

After considering several options, including building the system in house, the company opted to purchase a solution that provided ITIL capability out of the box. There was significant internal resistance to this management decision, with many employees and managers bemoaning that an out-of-the-box approach would not give them the functionality they needed.

So, the vice president in charge of the project asked them to list of all the functions they identified as “missing” within the first six to 12 months after implementation. According to the vice president, people kept a list for a while.

Eventually, however, people quit talking about their lists, and it became a lot easier for them to conform to the out of the box processes. He said that was the key to getting the project done so quickly.

It took only eight to ten weeks to deploy an integrated suite of IT service management applications that supported an ITIL-compliant service desk; incident management, problem management, and change management processes; and the underlying CMDB. The customer has since added asset management and application management to further its ITIL journey.

The benefits have been substantial and include:

> Reduction of $1.8M in annual expense budget (Savings contributed nearly two cents to annual earning per share.)

> Over $1M in gross profit from accelerating retail store openings

> Over $500,000 in savings on licensing agreements

> Over $200,000 in savings from hardware vendor negotiations

> Ability to track assets and decrease maintenance costs for improperly recorded retired assets

> Ten percent reduction in operating expenses of technology operations

> Ability to offer new services to customers more quickly, with higher levels of service through proactive response to problems

BMC offers solutions that help IT organizations facilitate ITIL implementation out of the box. For more information on these solutions, please visit For information about ITIL training, visit (opens in new tab).

You can download a PDF version of the whitepaper by clicking here.

About the authors

Malcolm Fry is a recognized IT industry luminary with more than 35 years of experience in information technology. He is the author of four best-selling books on IT service and support, has been published in many journals and magazines, and is regularly contacted as a source of information by technology journalists. Fry holds ITIL Masters certification, and is an original contributor to ITIL. He serves as an independent executive advisor to BMC.

Ken Turbitt is best practices director for BMC, and has broad experience in best practices management, IT, and consulting. He has held an ISEB ITIL Manager/Masters qualification for more than 12 years, and has been a Gartner-qualified TCO consultant.