15 16 September 2011, BULGARIA

85
Proceedings of the International Conference on
Information Technologies (InfoTech-2011)
15-16 September 2011, Bulgaria

INTEGRATED APPROACH TO IEC/ISO 20000 ADOPTION

BASED ON ITIL V3 FRAMEWORK IN THE CASE OF
MACEDONIAN COMPANIES
Atanas Iliev1, Igor Kitanovski2
1

Faculty of Electrical Engineering and Information Technologies,

University Ss Cyril and Methodius, Skopje
2
LANCom Computers, Skopje
e-mails: ailiev@feit.ukim.edu.mk, igor.kitanovski@lancom.com.mk
Republic of Macedonia
Abstract: In order to utilize the Information Technologies properly, implementation of
processes is necessary which will manage the IT Services. The IEC/ISO 20000
Standard and ITIL (Information Technology Infrastructure Library) Framework are
globally adopted practices for IT Service Management. This paper represents an
analysis of the adoption of the IEC/ISO 20000 standard for ITSM through ITIL
processes implementation in the Macedonian organizations, the drivers for
implementation of the ITSM framework and perceived barriers in the implementation
projects. For this purpose a survey has been conducted on a set of companies, which
demonstrates the experiences from the IEC/ISO 20000 standard adoption and ITIL
framework implementation.
Key words: IT Service Management, ITIL, ISO 2000, Key Performance Indicators, IT
Service Provider, Quality Management

1. INTRODUCTION
In accordance with the State Statistical Office of the Republic of Macedonia for
2010, 92.7% of the business subjects with 10 or more employees have used
computers in their operation, whereas 84.1% have used Internet access. The
companies with more than 250 employees, the statistical data display use of
computers in 100% of their work and 99.2% use of the Internet. These indicators
further assert the need for appropriate insight of the place and importance of the IT in
the companies. Moreover, the National Bank of the Republic of Macedonia adopted

86

PROCEEDINGS of the International Conference InfoTech-2011

the decision on the Banks Information System Security (2008) which stipulates the
methodology for security through defining the processes for IT Service Management
based on ITIL Process Model. The decision for amending of the act for Banks
Information System Security in the Republic of Macedonia (2008), the companies
providing IT services to the banks are obliged to be ISO 20000 certified. With these
decisions, the need for IT Service Management System based on ITIL Process Model
has become a regulation (Broussard F. and Others 2006).
The ITIL framework represents a process model which follows PDCA (PlanDo-Check-Act) principle of quality management of Edward Deming. Because of this
principle one can say that the ITIL framework is a system or quality management
applied in the IT organizations and departments (Addy R. 2007). The ITIL
framework is not the only practice of IT Service Management. As opposed to the
development of ITIL, other practices and standards of IT Service Management were
also created, such as COBIT, ISO 20000, MOF, as well as practices which the
companies have internally developed.
This paper presents a result from the research whose main goal was to obtain
information on the experience of the companies regarding the implementation of the
IT Service Management based on the ITIL Process Model and IEC/ISO 20000 status
in terms of the drivers that motivates organization to adopt the standard and perceived
barriers during the implementation projects.

2. ITSM CONCEPTS
The IT Service Management is a set of specialized organizational skills for
quality provision of IT services utilizing resources and capabilities of the Information
Technologies (Bon J.V., Other, 2007). Hence the goal of the IT Service Management
is coordination of the manner and quality of the service provision through the control
of the business process performances, at the same time control of the resources and
capabilities of the IT (Spremic M. and others 2008). The resources and the
capabilities represent assets for the enabling of the IT Service.
The resources include the infrastructure of the IT (servers, network, computers,
printers etc), the human resources (specialized engineers, managers etc.) and the
financial assets of the organization.
The capabilities develop through time and through the education and training of
the human resources who take part in the IT Service provision. The capabilities
include the overall knowledge and experience accumulated in the organization. The
experience is gathered through problem solving, dealing with situations, risk
management and error analysis.
Depending on the relation between the IT service providers and the users on the
one hand, and the users and the way of provision of the IT services on the other, there
are three types of IT Service providers shown.

15 16 September 2011, BULGARIA

87

The Internal Service Provider is rooted in the business organization unit itself.
This type is most commonly found in the larger companies which can afford
dedicating resources to only one business unit.
The Shared IT Service Provider is a type of organizational structure in which the
IT department provides IT services for more than one business unit. This type of
organizational structure is the most common in the Macedonian companies.
The External IT Service Provider is a way of obtaining services from an external
company. This organizational structure is used as one of the primary approaches
toward consolidation and optimization of the resources and costs. The best example is
SaaS (Software as a Service) distribution of the applications, as in the case of the use
of CRM (Customer Relationship Management), ERP (Enterprise Resource Planning)
tool (SalesForce.com).
2.1. ITIL Version 3 Framework
The IT Service life cycle is a central concept of the ITIL Version 3 framework.
It consists of the 5 segments in which the IT Service Management processes are
organized. Around this central concept revolve the roles, activities, metrics of the
process performance and corrective activities in the process of IT Service
Management. With the service strategy, as first stage of the IT Service life cycle,
followed by the Service Design, Service Transition and Service Operation, and
finally with Continual Service Improvement, proper management is provided.
Figure 1 represents the IT Service life cycle in accordance with ITIL framework
and the processes are defined in each stage respectively.

Service
Strategy

Service
Design

Service
Transition

Service
Operation

Continual Service Improvement

Fig. 1. ITIL V3 Service Lifecycle

Service Strategy defines the needs, priorities, demands and importance of the
new IT Services or the changes in the existing ones. It identifies the values which
would be perceived by the IT Service, as well as the required financial resources
needed for the design, implementation and operation support.
In the Service Design stage of the IT Services, the infrastructure, processes and
support mechanisms are designed which are necessary for the availability and the
utility for the user.

88

PROCEEDINGS of the International Conference InfoTech-2011

In the Service Transition, the technical changes over the infrastructure

necessary for the IT Service are planned, tested and validated.
In the Service Operation, the necessary processes for supporting the IT
Services are deployed, which provide full operation.
With the processes of the Continual Service Improvement, the metrics and
analysis of the performances of the IT services is coordinated and on based upon
analysis, corrective activities are taken for service improvement.
The processes through the IT Service life cycle enable the IT Service
Management (Bon J.V., Other, 2007). The IT Service Management System based on
ITIL process model is entirely a quality management system of the Information
Technologies.
2.2. IEC/ISO 20000 and ITIL Version 3 Comparison
There were documented differences between ITIL V2 and ISO/IEC 20000.
However, the most common route to achieving the requirements of ISO/IEC 20000 is
still via the use of ITIL framework implementation. Changes from ITIL V2 to ITIL
V3 include the service lifecycle approach in ITIL V3, which is a closer alignment to
the service lifecycle approach of ISO/IEC 20000. It is of importance to have
comparative analysis between ITIL V3 framework and IEC/ISO 20000 standard
given in Table 1.
2.2. Implementation approaches
Implementation of the ITIL processes needs a lot of companys resources and it
is recommended to approach on this challenge using some of the globally recognized
Project Management methodologies. Also, although the most benefits are visible in
the scenario where all the processes that ITIL defines, there are three different
approaches in ITIL implementation.
(1) Single process approach this type of implementation approach addresses
only one process that needs to be implemented. Usually this includes changes on the
working procedures in order to bring more effective functioning of the existing
process or in situation where there is new regulation.
(2) Group process approach in this type of approach the companies implement
a group of interdependent processes. The experience shows that processes are
grouped around the following segments: operations support processes (Event
Management, Request Management, Incident Management, and Problem
Management), processes dealing with service level and contracts (Service Level
Management, Supplier Management, Service Catalogue Management), testing,
deployment and release processes (Release Management, Testing, Evaluation,
Configuration Management) and planning and security processes (Capacity

15 16 September 2011, BULGARIA

89

Management, Availability Management, Continuity Management and Security

Management).
(3) All processes approach this is integrated approach where companies
implemented all processes from the framework. This approach requires a lot of
financial and human resources, but the benefits from implementation are maximized.

IEC/ISO 20000 Requirements

6.1 Service Level Management
6.2 Service Reporting
6.3 Service Continuity and
Availability
Management
6.4 Budgeting and Accounting for
IT
Services
6.5 Capacity Management
6.6 Information Security
Management
7.2 Business Relationship
Management
7.3 Supplier Management
8.2 Incident Management
8.3 Problem Management
9.1 Configuration Management

9.2 Change Management

10.1 Release Management

Table 1. IEC/ISO 20000 and ITIL V3 Framework mapping

Related ITIL Processes
Requirements are fulfilled by the ITIL process
"Service Level Management
Requirements are fulfilled by the ITIL process
"Service Level Management"
Requirements are fulfilled by the ITIL processes "IT
Service Continuity Management" and "Availability
Management"
Requirements are fulfilled by the ITIL process
"Financial Management" (optional, i.e. non-obligatory
component of the ISO 20000 standard)
Requirements are fulfilled by the ITIL process
"Capacity Management"
Requirements are fulfilled by the ITIL process "IT
Security Management"
Requirements are fulfilled by various ITIL processes:
Service Portfolio Management, Service Level
Management; and Continual Service Improvement
Requirements are fulfilled by the ITIL process
"Supplier Management"
Requirements are fulfilled by the ITIL process
"Incident Management"
Requirements are fulfilled by the ITIL process
"Problem Management"
Requirements are fulfilled by the ITIL process
"Service Asset and Configuration and Asset
Management"
Requirements are fulfilled by the ITIL process
"Change Management"
Requirements are fulfilled by the ITIL process
"Release and Deployment Management"

3. RESEARCH METHODOLOGY AND RESULTS

The research which was conducted has the goal to perceive the level of
awareness and adoption of the ITSM practices and standards in the Macedonian
companies. The focus of the research is the ITIL framework as one of the globally
most widely adopted practices for IT Service Management and ISO 20000 adoption

90

PROCEEDINGS of the International Conference InfoTech-2011

in the case of a set of companies and institutions in Republic of Macedonia. The

quantitative methodology is used as a research method, as a survey in which the
surveyed companies should quantify the propositions which derived from the
theoretical analysis of the ITIL processes as the possible barriers and drivers for the
ITIL implementation (Balnaves M. and Caputi P., 2001).
The survey consists of 16 questions, which have a predefined selection of
answers which the surveyed companies should answer based on their experience from
their implementation of the ITIL processes. The survey was distributed via the
Internet to all surveyed companies and was active from February 1 to March 14,
2010. The questions in the survey should give the profile of the surveyed companies,
the level of the ITSM awareness, ITIL processes implementation status, drivers and
barriers of the implementation projects.
The survey was conducted over a group of companies and institutions which
have complex IT infrastructure and which provide IT services to their business
processes or clients, and are also familiar with the concept of IT service management
and have implemented all processes or a part of the processes, and with some of the
surveyed companies and institutions there is an initiative for implementation of the
ITIL processes and IEC/ISO 20000 certification.
The survey has been distributed to a total of 24 companies and institutions. The
companies and institutions have been divided into 4 categories according to the
number of employees and the size. Table 2 shows the distribution of the surveyed
companies and institutions by the number of the employees.
Table 2. Distribution of the surveyed companies by number of employees
Number of employees
Number of companies
%
Less then 50
5
20,83%
From 50 to 100
7
29,17%
From 100 to 500
8
33,33%
More then 500
4
16,67%
Total
24
100%

In five of the surveyed companies and institutions ITIL processes are not
implemented and there is no initiative for theirs implementation.
Eight of the surveyed companies and institutions have still not implemented
processes for IT Services Management, but there is an initiative for a project for their
implementation in the upcoming period.
In eight of the surveyed companies have implemented a part of the processes
from the ITIL process model, and 3 of the companies have implemented all processes
(data shown on figure 2).

15 16 September 2011, BULGARIA

91

Fig. 2. Status of the ITSM Initiatives in the surveyed organizations

In the terms of IEC/ISO 20000 adoption and certification, the research provide
information that 10 from 17 companies and institutions are either IEC/ISO 20000
certified or there is ongoing initiative or plan for certification, shown on figure 3.
This is very important because it leads to a conclusion that surveyed companies and
institutions uses ITIL implementation to continue with IEC/ISO 20000 certification.

Fig. 3. IEC/ISO 20000 adoption status at the surveyed organizations

The conducted research provided a clear picture on both the experiences of the
companies in terms of the drivers for ITSM adoption based on ITIL process model,
and barriers during the implementation. Perceiving the possible barriers in the
theoretical analysis of the project for ITIL process implementation, the survey offered
answers which the companies and the institutions should rank according to the
importance. The most important drivers for implementation of the ITIL processes are
the need for more effective risk mitigation in IT, improvement of the IT
performances, and following the global IT standards, shown on figure 4.

92

PROCEEDINGS of the International Conference InfoTech-2011

Fig. 4. Main drivers in ITIL adoption

As the greatest barrier which the companies and institutions deal with is the
resistance towards organizational changes, which is reasonable since the
implementation of the ITIL processes means redefining the existing and adding new
obligations and responsibilities in the IT departments, shown on figure 5.

Fig. 5. Perceived barriers during ITIL processes implementation

Other barriers that the companies and institutions may experience are the lack of
management commitment and the unfamiliarity with the benefits of the ITIL
processes implementation.
Regarding the adopted and implemented processes in the Macedonian
companies and institutions, the research provided data for the most implemented ITIL
processes are Incident Management with 78.57% of companies that have
implemented, Problem Management with 69.23%, Change Management with
78.57%, Release Management with 75% and Service Level Management with
69.23%. The processes that are last adopted and implemented are Continual Service

15 16 September 2011, BULGARIA

93

Improvement processes. This situation is understandable considering the main driver

for ITIL adoption and implementation which is need for improvement of the IT
performances and which consider the Service Operation stage of IT Service life cycle,
research data are given in table 3.
Table 3. Implementation of the ITIL Processes in the surveyed organizations
Process
Percentages of the companies that
have implemented the process
Service Portfolio Management
58,33%
Demand Management
41,67%
IT Financial Management
41,67%
Service Catalogue Management
63,64%
Service Level Management
69,23%
Capacity Management
41,67%
Availability Management
54,55%
IT Service Continuity Management
66,67%
Information Security Management
61,54%
Supplier Management
41,67%
Service Asset and Configuration Management
61,54%
Service Validation and Testing
45,45%
Evaluation
45,45%
Release Management
75,00%
Change Management
78,57%
Knowledge Management
36,36%
Event Management
61,54%
Incident Management
78,57%
Problem Management
69,23%
Request Management
58,33%
Access Management
54,55%
CSI processes
36,36%

The processes that are most important for future plans and initiatives are the
processes from the Service Strategy, Service Design and Service Transition stage.
Existence of the plans and initiatives for implementation of these processes
confirm the strong awareness of the benefits from integrated approach in adoption
and implementation of the ITIL framework and IEC/ISO 20000 certification.

4. CONCLUSION
The research is done in order introspect the current status of the ITSM
awareness, ITIL implementation and IEC/ISO 20000 initiatives and plans as well
quantification of the drivers and barriers from the implemented system for IT Service
Management based on the ITIL V3 process model. In 79.17% of the companies and
institutions exists ongoing initiative and plan for ITIL processes implementation, or

94

PROCEEDINGS of the International Conference InfoTech-2011

they already have implemented part or all ITIL processes. Due to late adoption of
ITSM frameworks in as opposed the global trends, 78.95% of the surveyed
companies and institutions adopted ITIL Version 3 framework.
The research has shown that companies uses ITIL Framework implementation at
first place and continue with IEC/ISO 20000 certification which makes the bridge
between the ITIL V3 practice and the standard requirements. As the most used
approach is starting implementation with group of processes and then integrating the
complete process model. Processes from the Service Operation are the most
implemented processes which is logical outcome because the main driver to adopt
ITIL is improvement if the IT performances. Still there are interest and future plans
on the other processes which will bring more benefits to the adopters.
The biggest drivers for adopting and implementing ITIL processes are need for
more effective risk mitigation and improvement of the IT performance, but following
the global IT standards, requests from clients and regulation are also driver for ITIL
initiatives. As biggest barriers in the implementation of the ITIL processes
implementation appear with the resistance to the organizational changes, lack of
management commitment and unfamiliarity with the benefits. Other barriers which
Macedonian companies and institutions come across are insufficient training and lack
of strategy. This confirms that the barriers greatly influence on all three aspects of the
implementation project (process, people and technology).

REFERENCES
Addy R. (2007). In: Effective IT Service Management, to ITIL and Beyond. Chapter 4, pages 23
31. Springer.
Amending Decision on the Banks Information System Security (2008) Official Gazette of the
Republic of Macedonia No. 31/2008.
Bon J.V., Other (2007). In: Foundation IT Service management based on ITIL v3. Chapter 2, page
16 and Chapter 3, page 21. Van Haren Publishing.
Balnaves M., Caputi P. (2001). In: Introduction to Quantitative Research Methods: An Investigative
Approach. Chapter 4, pages 64-90. Sage Publications.
Broussard F. W., Elliot S., Grieser T. (2006). In: ITIL Penetration Is Moving Faster than You Might
Think: Some Results of the System Management Software Strategies Study. Pages 1-7. IDC
Survey.
Decision on the Banks Information System Security (2008) Official Gazette of the Republic of
Macedonia No. 31/2008.
Spremic M., Zmirak Z., Kraljevic K., (2008). IT and Business Process Performance Management:
Case Study of ITIL Implementation in Finance Service Industry. In: Proceedings of the 30th
Int. Conf. on Information Technology Interfaces. June 23-26, 2008, pages 243-249, Cavtat,
Croatia.

Copyright of Proceedings of the International Conference on Information Technologies is the property of SAER
Forum Group and its content may not be copied or emailed to multiple sites or posted to a listserv without the
copyright holder's express written permission. However, users may print, download, or email articles for
individual use.