The truth is that whilst the ITIL® Best Practice framework is undoubtedly the most sensible, effective and efficient approach to managing IT services, there are some issues with using it in an outsourcing environment.

These issues were not properly addressed in what we now call version 2 of the ITIL® Framework and, perhaps most importantly, have not really been acknowledged or discussed by outsourcing service providers, or by their customers. Helen Sussex, OS-UK skills development manager reports.

I think it is in the mutual interest of our industry if these issues are brought out, examined, discussed and dealt with so that outsourced services can be fully integrated into the ITIL® service provision model. Interestingly, version 3 of the ITIL® Framework (ITIL® V3) has started to recognise many of them and to suggest solutions.

There are a great many issues that could be brought out, but the following are the ones that have caused, and are causing, the biggest issues to us as an outsource provider:

  • End to end processes - a great theory, but getting 'real' end to end processes working in a multi supplier outsourcing environment is not easy.
  • Where is my business customer? - trying to get ITIL® processes to work properly when you don't actually have a proper 'business' customer to work with.
  • ITIL®, ITIL® everywhere but no-one understands! - how a lack of understanding hampers true business / IT alignment.

End to end processes

ITIL® best practise assumes that you have control over all the service assets, even where you have a third party supplier. In outsourcing generally there are at least two stakeholders (the customer internal IT provider and the outsource provider).

However, there are often other suppliers and outsourcing partners; a common arrangement is to deliberately split service provision for the infrastructure and applications between two different outsourcing providers. 

In situations like this, even if all the different parties have adopted ITIL®, they will have their own adaptation of the processes including their own tools, procedures, reporting and data management.

This presents enormous potential for conflict, even if the customer has specified ITIL® alignment as a pre-requisite for the outsourcing deal and is especially difficult in incident, problem and change management. For example, a user calls an outsourced service desk, which logs an incident in their Remedy ITSM integrated toolset.

The user believes that it is an infrastructure issue and so the incident is assigned to the infrastructure outsourced provision team. Actually it turns out to be an application error - so a call has to be logged with the applications outsourced provider who uses Assyst as their integrated ITSM tool.

In the transfer, details get lost and the applications provider has to call the user to ask more questions. The incident resolution target is breached, but who is responsible? Who ‘owns’ the end to end process?

The solution to this issue has to be a carefully planned and implemented governance structure that ensures all the providers work together in an effective manner. ITIL® V3 has made it clear in the service strategy book that the responsibility for doing this lies with the customer.

Unless they appoint a 'prime contractor' to sub-contract all other suppliers, the only consistent point of governance has to be the customer themselves. This needs to be built into the outsourcing strategy and managed from the beginning.

Where is my business customer?

All service delivery processes in ITIL® assume that you have a business customer to work with, but many outsourcing contracts are with the IT department of the customer organisation.

This relationship with another IT provider affects many aspects of service provision, but especially on SLM where the concept of a 'business-based' SLA is often negated by a contract negotiated by IT staff that is very technical / OLA based. As an outsource provider, we can only hope the internal IT provider has a good SLM process in place with its own business customers.

Another aspect is that SLM is difficult to implement in a commercial environment. It simply doesn't take into account commercial pressures to 'win' the business. This leads outsource providers to not challenge unrealistic target-versus-cost scenarios in a competitive environment where, potentially, someone else might.

Linking this to the point about dealing with IT departments, this could also mean that the targets are not even linked to the actual business requirements. This type of mismanagement of customer expectations leads to serious problems later.

Three other processes particularly demand active business customer involvement: business capacity management, business continuity planning and business impact analysis in change management respectively. Without an actual business customer, you might be following ITIL®, but you're still a bunch of IT people making decisions on their behalf.

The solution to this one is not as clear. A realistic understanding of your customer's maturity, functional roles and structures can help identify potential issues. In addition, more effort during engagement and transition to clearly define the level of involvement of the genuine business customer will also help.

ITIL® V3, unfortunately, does not provide much help on this particular problem. Only a clear understanding of who you are dealing with and what they want out of the scenario will assist and, perhaps, forgetting SLM and looking to supplier management for guidance.

ITIL®, ITIL® everywhere but no-one understands

Many 'invitations to tender' received quote ITIL® throughout, including the proactive, planning processes like proactive problem management, availability and capacity management, but actually there is little understanding of what that really means.

This is reflected in a variety of ways, but commonly in wholesale cut and pasting of paragraphs from the books including key performance indicators which are then turned into targets with financial penalties attached.

The problem arises when those that write these ITTs and those that read them do so with (at best) a theoretical knowledge of ITIL® and little understanding of the real issues associated with establishing, developing, managing and measuring such processes.

A common example is the requirement to set up configuration management with a 100 per cent accuracy target from day one of service; this in an organisation that doesn't have any configuration management in place. Realistically it takes 6 -12 months to set up effective configuration management, requires a considerable initial investment and almost never delivers 100 per cent accuracy of everything.

In addition, the more strategic or planning processes have a focus on investing to improve, instead of paying for failure. The implications of this are not properly understood by many organisations which see outsourcing as a purely cost-saving exercise.

The dichotomy of demanding low prices for delivery, but expecting high investment strategic processes is not understood. Quality service means fit for purpose, not 'everything for nothing.'

Again the solution to this one is not easy and again ITIL® V3 presents no simple answers. The key is education and training for all involved, both customer and supplier, so that the grounds upon which the outsourcing relationship is being based are clearly understood.

ITIL® V3 - an improvement?

Version 3 of the ITIL® framework is a much clearer, more integrated approach to service management. The service strategy book in particular is much clearer about understanding the customer, around governance and understanding value driven services. There is much more discussion of different kinds of outsourcing including the pros and cons of each type.


We will continue to have the same problems if there is no education and communication on both sides. The outsourcing industry needs to become much clearer on its role, what it can and can't do and on dealing with customer perception issues at an earlier stage. Otherwise we are in danger of casting doubt upon the importance of ITIL® in service management if the perception that its use does not provide the benefits expected.

So in conclusion, ITIL® is not a stand-alone solution. Its use in outsourcing scenarios needs adaptation and careful thought. It means clearer communication and joint understanding between the customer and outsourcing provider. Outsource providers need to work harder to understand the business needs not just IT targets. We can use ITIL® V3 to help, but there is much more education and training needed by ALL.

About the author
Helen Sussex, OS-UK skills development manager, has been in IT service management for approximately 22 years as an infrastructure engineer, team leader, manager, consultant and trainer. For the last four years she has been working for an outsourcing service provider and started to see ITSM and ITIL® from a completely different perspective.