The Pillars of ITIL

ITIL started out as just the books, but it is much more today: it is a movement, a professional group, and an industry. A great deal of activity goes on in promotion and support of ITIL worldwide. Much of it is ungoverned and ad-hoc. There are many pillars of the house of ITIL and OGC governs and manages only four.

OGC’s own part of ITIL isn’t growing at all. With v3, OGC is maturing what they have — documentation — but where is the surrounding infrastructure? As ITIL has grown in adoption it has also grown in scope to match. ITIL isn’t just books anymore and hasn’t been for some years. The growth that is happening is ad-hoc and outside the control of OGC or any one body.

OGC (the U.K.'s Office of Government Commerce) is providing an essential public service by creating and owning ITIL for which we are all grateful. It is hard to think of a better owner than a government body. But it is time the OGC either hand over the reins to someone that can control all the pillars, or take it to that level themselves.

There are several components that make up the scope of ITIL, my “Pillars of ITIL." You may name a few more.

Core content

The tangible part of ITIL is a set of books. Owned by OGC and tightly controlled through copyright. Good stuff.

Individual certification

Other than the content, certification is the other Pillar of ITIL that OGC did well: establishing the ITIL Certification Management Board (ICMB) and accrediting the trainers and examiners. In late 2006, OGC outsourced accreditation and examination to a private company, APM Group or APMG.


The ITIL brand is wrapped up by trademark in the UK and USA.

Complementary content

The official complementary publications are well regulated and quality assured. The independent – and hence unregulated - ITIL book industry (of which this book is an example) is of course a mixed bag.

Those are the four pillars that OGC has some control over. But there is so much more that constitutes "ITIL":

Governing body

There isn’t one. There is no über-body that represents all the stakeholders, has elected members, sets policy and strategy, and provides governance, for all the Pillars of ITIL. As one vendor says “The ITIL market is still predominantly a market guided by customers but dependent on a delicate coalition of interests (OGC, itSMF, APMG, ISO, TSO, EXIN, ISEB, education companies, consulting companies, and tool suppliers). For the market to work effectively, the players need to collaborate.”

The Combined Strategy Board (CSB), chaired by OGC, may provide this function – it remains to be seen but it is unlilkely. APMG says said [link no longer active] the Board has “responsibility for global marketing and overall product development” which is a promotional role rather than governance one. Moreover there is no transparency of this body: it publishes little, its membership is appointed not elected, and it has no accountability.

Professional body

There was nothing until recently that provided registration or a college for practicing professionals. Now we have the Institute of Service Management in the UK and the Institute of Certified Service Managers in the USA. Or the ITSM Institute. Or the Service Management Society. Or the IT Infrastructure Management Association. Or the Association for Services Management International. Or the AITP or IEEE or … None of these have the official recognition or charter of OGC, and OGC provides no governance over their activities or standards.

User group

The itSMF, the IT Service Management Forum , arose from ITIL and regards itself as the unofficial guardian of the “integrity” of ITIL (although the OGC is not consistent in seeing them that way). It is often presumed to be the user group for ITIL practitioners and users. But it isn’t. According to its aims, itSMF is a body dedicated to the promotion of service management standards and practices, including ITIL. itSMF’s purpose is to promote the service management industry not the interests of the user community (unless they happen to coincide).

In practice it varies from country to country: in some it is an ITIL networking club; in others it is the public face of ITIL, serving the theoretical aims; in others it veers close to being the captive body of vendors. Sometimes it presents itself as the voice of members, but how does it derive its understanding of what members want? There is now an official online forum , but feedback mechanisms into OGC are primitive or nonexistent. There is no voting, no surveys. Try suggesting additional or better content for a book. It would be more accurate to say itSMF represents the voice of the senior network of the ITIL “elite”.

OGC has done nothing to create or control a community of ITIL practitioners and users (see ITIL Must Embrace the Collective). We hope it will address the whole issue of creating an online community and embracing 21st century collective technologies.

Industry regulation and governance

There is no control over the ITIL industry other than exam certification of trainers. When vendors of products or services are given the right to use the trademarked term ITIL, no body governs what they do to ensure they do not misrepresent the concepts of ITIL or their capabilities to deliver them. In theory it is OGC, but there is no mechanism to effect this in practice.

Product certification

One of the leading ITIL consulting firms, Pink Elephant (a brand nobody forgets) stepped up to provide PinkVerify as a commercial offering to certify ITIL products because OGC consciously backed away from the whole issue of product certification.
Nor does ISO20000 appear to address it (yet – there are rumours of a “part four” that will).
There needs to be an open transparent non-commercial product certification mechanism run by an independent body and we needed it about ten years ago.

Organisational certification

The world’s many consulting firms all had to (re-)invent their own ITIL maturity measurement methods and scales for assessing where their clients are at.

ITIL emphasises the Deming cycle , and assessing As-Is status. But it provides no standard mechanism to measure ITIL status within an organisation. ITIL refers to CMM maturity levels but provides no guidance as to how to assess them. This was forgivable in the first version. It has been an obvious crying need ever since. Perhaps with ITIL3’s emphasis on a lifecycle we can hope for an assessment standard (though early indications are not good).

A standard

We waited a long time for BS15000, and now ISO20000, service management standard. An ITIL standard would have addressed the organisational certification issue and possibly the product one too, and given ITIL additional credibility in business. The result is that BS15000 and now ISO20000 came out so long after ITIL2 that the evolution of the industry meant the new standards are well in advance of what is in ITIL V2.

We all hoped that ITIL3 would bring them back closer. While ISO20000, (and other important bodies of knowledge such as COBIT), are acknowledged in the books, there has been no systematic work done in the books to bring them all into alignment, or even to point out the links along the way, and ITIL V3 persists in going its own way. Whilst the two have drawn closer there is still a gap.

The theorists offer the rationale that ITIL is not absolute (it is only guidance: “adopt and adapt”) so there cannot be a standard, and/or that following a standard would constrain ITIL somehow. The fact that just about every consulting vendor manages to define their own assessment “standard” undermines this argument.

Much of this article first appeared as The Pillars of ITIL are Crumbling on ITSMWatch


True comments

But at times it seems like it has all the structure of a house of cards.

Some competition for Pink?

Hi Skep,

I just found on the APMG site that they also provide some sort of product evaluation for tooling, never new that one before. Seems that Pink has got some competition. When you look at the APMG reports, it is quite funny realy. Descriptive and all, not too much SMART-ness is included. It seems to me that this does not fill in a gap that should be solved 10 years ago ;-)



Syndicate content