A Rationale (Informative)
This informative appendix contains additional information concerning the contents of this standard.
The sections below parallel the chapters of the standard.
A.1 Introduction
The approach put forward in this standard is based on the long-standing thought experiment of “running IT as a business”, a common theme in IT management discussions for the past 40 years (see Betz 2011, p.10 for extensive citations). It is based in the mainstream of IT management guidance including frameworks such as ITIL, COBIT, and PMBOK, standards such as ISO/IEC 20000, and other IT management professional literature. Drawing on this base, the IT4IT Reference Architecture provides practicable guides for the information and data and is a better approach to running IT – one that is business-centric and ultimately user-centric – for advancing strategy and attaining goals.
A.2 Definitions
Harmonization with ArchiMate definitions is planned for a future release.
A.3 Overview
The IT Value Chain and IT4IT Reference Architecture represent the IT service lifecycle in a new and powerful way. They provide the missing link between industry standard best practice guides and the technology framework and tools that power the IT management ecosystem. The IT Value Chain and IT4IT Reference Architecture are a new foundation on which to base your IT operating model. Together, they deliver a welcome blueprint for the CIO to accelerate IT’s transition to becoming a service broker to the business.
The IT Value Chain and IT4IT Reference Architecture strategy and content was created by a consortium of enterprise IT customers, vendors, and partners to address strategic challenges brought about by mobility, cloud, big data, security, and Bring Your Own Device (BYOD). The IT Value Chain is a prescriptive model for how to manage the service lifecycle as well as broker services to the enterprise using a multi-sourced approach.
As you read this document, consider the proposition that this IT operating model is the “missing link” allowing the IT function to achieve the same level of business discipline, predictability, and efficiency as other functions in the business such as the supply chain function.
The absence of a service-centric IT operating model in the past helps explain why all the time and money invested in best practice process frameworks like ITIL and COBIT, working with consultants to optimize IT organizational structure, and investments in IT automation have fallen short of expectations. Are you still unable to deliver services in a way that is flexible, traceable, and cost-effective? Is your organization still unable to consistently deliver what the business asked for in the timeframe and cost requirements they need it? Is too much of your resource still spent on maintaining the IT4IT infrastructure instead of on innovation projects? If so, read on to learn how the IT Value Chain and IT4IT Reference Architecture together provide a usable model for standardizing the automation fabric for IT to support constant innovation and accelerate service delivery.
A.3.1 Business Drivers for an Improved IT Operating Model
Typical IT departments were built to deliver and manage technology assets and capabilities that power business processes. This capability-centric model depended on investing heavily in people, processes, and technology to deliver and maintain what has become the “system of record” fabric for the enterprise. This system of record fabric is where individual domains, or silos, operate with their own language, culture, and process irrespective of the organization in front of or behind them in the IT Value Chain. This leads to the loss of focus on the true role of IT: to deliver services that make the company more competitive. In order to compete in the service economy, IT must change from a technology and project-centric orientation to a new IT management ecosystem oriented around a “system of engagement” that is focused on connecting people in new ways and creating new experiences and innovation opportunities. This consumerization of IT, BYOD, and the explosion of cloud-based services has provided business professionals and IT practitioners with new means of sourcing business and technology capabilities. This disruption is having a significant impact on the IT organization and has become a forcing function for a new IT model – one that supports the multi-sourced service economy, and one that enables new experiences in driving the self-sourcing of services that power innovation. This is a new style of IT where IT is a business innovation center, measured by the innovation it delivers, not the cost it consumes.
What strategy does your IT organization have to support this new multi-sourced service economy? Will your IT department support self-sourcing of services to power innovation? The redesign of IT needs to be happening now to avoid IT being highlighted as a hindrance to business innovation or worse, marginalized.
“Building a new fully integrated approach for managing IT – going beyond the traditional process models and disjointed solution landscapes – based on a common industry data model will give an important boost to our effort of becoming a world class IT provider.”
Hans van Kesteren, VP & CIO Global Functions, Royal Dutch Shell
Where should you start on your transformation journey? The required changes do not start with the people, process, and technology. Instead the changes must start with the structure and focus of the organization, which in turn will impact roles, processes, and the IT automation and technology landscape. What is required is a new IT operating model – one that modernizes IT in the following four key areas:
- Engagement Model: Moving from exclusively project-led fulfillment to a self-service experience that puts the control over the pace of innovation in the hands of the service consumer (IT or business consumers).
- Deliverables: Shifting from the traditional “system of record” focus driven by monolithic, process-focused applications to a new service-centric orientation powered by hybrid, composite applications and information that evolve rapidly and continually.
- Lifecycle: Moving from a technology-centric, project lifecycle to managing the end-to-end Service Model and lifecycle. This opens the door for using new development methodologies like SCRUM, agile, and models such as DevOps and DevOpsSec.
- Operating Model: Moving from a technology delivery organization focused on silos toward a value chain model that promotes value-based consumption, greater cost transparency, and multi-sourced delivery of a broad-based service portfolio.
The IT4IT Forum developed the IT Value Chain to share a prescriptive standard for end-to-end automation of the IT service lifecycle. When captured and modeled correctly, the IT Value Chain-based model remains constant regardless of changes to process, technology, organization, and/or capabilities. The remainder of this chapter describes the IT Value Chain, the IT Value Streams, and the IT4IT Reference Architecture that support it.
Supporting activities will be further articulated in a future release of the Reference Architecture.
Many industries and organizations have already institutionalized the value chain in their operating models. But the IT function has not, because of its heritage of providing technology enablement to the enterprise. Instead, it has organized around capabilities and technology silos, with each team being responsible for delivering different components of a particular business system using a multitude of disparate tools and methods. So, the traditional IT approach evolved around technology and process. Over the course of time this legacy IT approach has become ineffective for delivering outcomes that satisfy business needs in a timely manner. It has also made IT less competitive with third-party suppliers who are organized to deliver technology from a service-centric point of view.
Frameworks such as ITIL, COBIT, and eTOM, and standards such as ISO/IEC 20000, ISO/IEC 27002, ISO/IEC 38500, and others have also been applied inside traditional IT organizations in an attempt to drive greater efficiency, predictability, and reliability in the deliverables. The IT Value Chain does not replace these existing industry frameworks, it is complementary to them. The IT Value Chain and IT4IT Reference Architecture provide the missing underpinning IT operating model that removes the costly guesswork out of how to associate these frameworks to technology and how to implement vendor products in alignment with them. Together, they help to ensure repeatability and predictability of IT outcomes.
Through hundreds of hours interviewing customers and thousands of hours of functional and product analysis in R&D, it became obvious that a better, more business-centric approach to running IT was possible. IT deliverables were re-examined – shifting from technical capabilities to technology-enabled services. The IT4IT Forum applied an IT Value Chain framework to the IT function as the foundation on which to design a robust and versatile IT operating model.
The IT Value Chain construct and the integration in the IT4IT Reference Architecture permeate everything that goes on in IT, to enable full service lifecycle traceability, mitigate risk and compliance concerns, improve cross-silo collaboration (DevOps), and ensure continuous delivery of business innovation. It can reduce cycles that are focused on maintenance to return more time and resource to the CIO to invest in what makes the business competitive – new services and innovation. Security is designed into the functional components of each value stream to provide a secure and cost-effective system for managing risk and compliance and to provide a more streamlined integration with the security teams. Once in place, this modular framework provides the foundation for successful adoption of the “IT as service broker” model and provides the CIO with the flexibility needed to successfully navigate an IT management ecosystem.
“In our industry, control of the end-to-end IT value chain is mandatory. That particularly includes effective and dynamic management of a multi-sourced landscape, which can only become a cost-efficient and high-quality reality with the right level of standardization. We’re committed to the Consortium initiative as we strongly believe in the community as the basis for sustainable competitiveness. We’ve done it in other areas and know that it works.”
Ton van der Linden, CIO, Achmea
A.4 IT4IT Core
Once industries and professions reach a certain level of maturity, efforts arise to standardize key terminology and concepts to foster improved knowledge exchange and collaboration. When done using an Enterprise Architecture framework or method, such attempts may be termed “reference architecture” or “reference models”. Notable examples of such efforts include:
- Frameworx (eTOM), by the TM Forum
- BIAN – the Banking Industry Architecture Network
- ARTS – the work of the Association for Retail Technology Standards, an affiliate of the National Retail Federation
- The ACORD framework – an Enterprise Architecture for the insurance industry
- EMMM – the work of The Open Group Exploration, Mining, Metals & Minerals Forum
Advocates of these models point to their utility in defining standard interfaces as being a key contributor to reducing complexity and implementation costs for their industries. More broadly, as forms of frameworks they assist in stabilizing terminology, educating newcomers, and establishing shared meaning between collaborating parties.
The IT4IT Reference Architecture is an attempt to standardize certain aspects of IT management and has strong parallels to the efforts described above.
This chapter functions as the reference text that describes the structure, notation, models, and other concepts used in the IT4IT Reference Architecture. It also provides the rationale underpinning the design choices made by the standards team in developing the body of work. It is intended to help readers correctly interpret the content within the architecture so that it may be applied consistently by IT practitioners and by suppliers of IT management products and services.
The IT4IT Reference Architecture is fundamentally a Functional Model for the IT management ecosystem. However, function-oriented reference models are frequently published from vendors of IT management products. These models are often viewed as “marketecture” which is designed to demonstrate the strengths of a vendor’s products but are too ambiguous to be implementable. Most of these models are not based on architectural principles and/or are not connected to the broader IT operating model that describes how the function works. Therefore, the IT4IT Forum made two deliberate decisions: first, to design a reference model based on architectural design principles that could be implemented, and second to connect the Reference Architecture with an IT operating model based on an industry standard construct: the value chain.
The value chain concept focuses on the activities by which a company adds value to an article as it flows through the production and post-production lifecycle. This was combined with the concept of value streams[4] to capture the customer-in perspective. The value stream concept is rooted in Lean Six Sigma and emphasizes customer-oriented results.
The term functional component may be unfamiliar to some IT practitioners and vendors because it is not widely used. It has its roots in SOA reference models (such as the SOA Reference Architecture from The Open Group) and is intended to convey the notion of a small building block of technology. In the IT4IT Reference Architecture a single IT management product might play the role of one or more functional components. Conversely, a functional component might instead be as small as a web service or micro-service.
A.5 Strategy to Portfolio Value Stream
A.5.1 Related Standards, Frameworks, and Guidance
The S2P Value Stream extends the best practices put forward by various authors and frameworks, including ISO/IEC, the Capability Maturity Model Integration (CMMI), AXELOS Ltd. in its ITIL series on IT Service Management, ISACA in its COBIT Framework, and others, by defining the technology components necessary to implement them. A range of organizational maturity is also accommodated by the S2P Value Stream.
A non-normative list of related capabilities addressed by the S2P Value Stream is provided here, with the industry sources supporting their existence. Overall industry sources not tied to any one capability are: ISO/IEC 2005; Betz 2011; ISACA; ITIL Continual Service Improvement; ITIL Service Design; ITIL Service Operation; ITIL Service Strategy; ITIL Service Transition; ISO/IEC 2008; and CMMI for Services.
IT Strategy and Architecture
Planning and overall strategy for IT services and sourcing (Benson, Bugnitz et al 2004; Kaplan 2005; Spewak & Hill 1993; Cook 1996; Carbone 2004; Ulrich & McWhorter 2010).
IT Demand and Portfolio Management
Business relationship management and pipeline for new IT services, service changes, and ongoing IT investment optimization (McFarlan 1981; Kaplan 2005; Maizlish & Handler 2005; ITIL Service Strategy).
IT Financial Management
IT financial planning and control, including pricing, budgeting, accounting, and charging (Quinlan 2003; Quinlan & Quinlan 2003; Remenyi, Money et al 2007; ITIL Service Strategy).
IT Governance, Risk, Security, and Compliance
Ensuring well-governed IT (direct-monitor-evaluate), correct management of adverse scenarios, protecting against malicious actors, and adhering to relevant governmental laws and regulations (ISACA; Van Grembergen 2004; Weill & Ross 2004; Van Grembergen & Haes 2009; ISO/IEC 2013).
A.6 Requirement to Deploy Value Stream
A.6.1 Related Standards, Frameworks, and Guidance
The R2D Value Stream extends the best practices put forward by various authors and frameworks, including ISO/IEC, the Capability Maturity Model Integration (CMMI), AXELOS Ltd. in its ITIL series on IT Service Management, ISACA in its COBIT Framework, and others, by defining the technology components necessary to implement them. A range of organizational maturity is also accommodated by the R2D Value Stream.
A non-normative list of related capabilities addressed by the R2D Value Stream is provided here, with the industry sources supporting their existence. Overall industry sources for this value stream are: Agile Alliance; ISO/IEC 2005; Betz 2011; ISACA; ITIL Continual Service Improvement; ITIL Service Design; ITIL Service Operation; ITIL Service Strategy; ITIL Service Transition; ISO/IEC 2008; PMBOK 2013; CMMI for Development; CMMI for Services; Rational Software 2011; Leffingwell, Yakyma et al 2014; and ISO/IEC 2013.
Project Management
Define, manage, and control a defined set of (typically) non-repeatable work, to a scope of time, resources, and quality (PMBOK 2013).
Release and Deployment Management
Organize and coordinate the overall transition of new product functionality to a market available or enterprise production state. Includes both technical and organizational Change Management concerns (Klosterboer 2009; ITIL Service Transition; Humble & Farley 2011; OASIS TOSCA).
Requirements Management
Elicit, capture, track, and analyze the business needs of IT-centric products (CMMI for Development; Cockburn 2001; Leffingwell, Yakyma et al 2014).
Software Engineering
The core effort of developing new products and features based on computing and IT for market and enterprise needs (Duvall, Matyas et al 2007; Bourque & Fairley 2014; CMMI for Development).
Test Management
The activity of developing and executing specific assessments of an IT product’s quality, lack of errors, and satisfaction of requirements (CMMI for Development, IEEE 730-2014).
Change Management
The activities and concerns related to implementing new functionality in an IT product, including communication, risk assessment, and correct execution (Klosterboer 2009; ITIL Service Transition; Van Schaik 1985).
Configuration Management
The capability supporting the overall management and understanding of complex inventories and dependencies in IT products and ecosystems (Betz 2011; ITIL Service Transition; O’Donnell & Casanova 2009).
A.7 Request to Fulfill Value Stream
A.7.1 Related Standards, Frameworks, and Guidance
The R2F Value Stream extends the best practices put forward by various authors and frameworks, including ISO/IEC, the Capability Maturity Model Integration (CMMI), AXELOS Ltd. in its ITIL series on IT Service Management, ISACA in its COBIT Framework, and others, by defining the technology components necessary to implement them. A range of organizational maturity is also accommodated by the R2F Value Stream.
A non-normative list of related capabilities addressed by the R2F Value Stream is provided here, with the industry sources supporting their existence. Overall industry sources not tied to any one capability are: ISO/IEC 2005; CMMI for Services; ISACA; ITIL Continual Service Improvement; ITIL Service Design; ITIL Service Operation; ITIL Service Strategy; ITIL Service Transition; ISO/IEC 2008; and O’Loughlin 2009.
Service Request Management and Service Desk
The capability and associated processes for interacting directly with end-users to provide operational support and benefits by an IT capability (market or enterprise-facing) (O’Loughlin 2009; ITIL Service Operation).
Supplier Management
The activity of defining needs, assessing sources, and establishing new vendor relationships for supplying the IT Value Chain, or its end-users (CMMI for Acquisition).
Service-Level Management
The activity of defining and managing to agreed performance criteria for IT services (Sturm, Morris et al 2000; ITIL Service Operation).
Access Management
The activity of provisioning and authenticating end-users in IT systems that require control over the user base (ISO/IEC 2013).
A.8 Detect to Correct Value Stream
A.8.1 Related Standards, Frameworks, and Guidance
The D2C Value Stream extends the best practices put forward by various authors and frameworks, including ISO/IEC, the Capability Maturity Model Integration (CMMI), AXELOS Ltd. in its ITIL series on IT Service Management, ISACA in its COBIT Framework, and others, by defining the technology components necessary to implement them. A range of organizational maturity is also accommodated by the D2C Value Stream.
A non-normative list of related capabilities addressed by the D2C Value Stream is provided here, with the industry sources supporting their existence. Overall industry sources not tied to any one capability are: ISO/IEC 2005; CMMI for Services; Betz 2011; ISACA; ITIL Continual Service Improvement; ITIL Service Design; ITIL Service Operation; ITIL Service Strategy; ITIL Service Transition; ISO/IEC 2008; Van Schaik 1985; Schiesser 2010; and Kern, Shiesser et al 2004.
IT Operations Management
The set of activities related to actually running systems, ensuring that they are available, and performing on a day-to-day basis (Allspaw & Robbins 2010; Limoncelli, Chalup et al 2014).
Event Management
The detailed tracking of state changes within a managed IT resource or collection of resources, and the application of business roles and workflow to those raw occurrences for further treatment by processes such as Incident and Problem Management (Luckham 2002; Allspaw & Robbins 2010).
Incident Management
The identification, tracking, and resolution of occurrences where a service is not meeting expectations (Schiesser & Kern 2002; Kern, Shiesser et al 2004).
Application Management
The overall development and maintenance of market or enterprise-facing solutions (Office of Government Commerce 2002; ASL Foundation).
Capacity, Availability, and Problem Management
The reactive and proactive tracking and resolution of recurring or emerging problems in an IT product, including design shortcomings, over-consumption of resources, or emergent requirements (Behr, Kim et al 2005; Allspaw & Robbins 2010; ITIL Service Operation; Limoncelli, Chalup et al 2014).