Home �   ITIL�  Index

Why MSPs Struggle with ITIL

ITIL is not designed for "externally" facing IT services, writes Mike Drapeau of the Drapeau Group.
Mar 5, 2007

Mike Drapeau,Steve Loftness

The ITIL framework was designed for and has been largely applied to "internal" IT departments. Yet, some of the largest data centers are external providers in their own right, whose customers are not other departments but in fact other companies. Such third-party IT service firms are also known as managed service providers (MSPs).

ITIL practitioners often indicate the guidance for each process can be extended to address the unique issues that confront MSPs, but the reality of doing this leaves much to be desired. Simply put, the framework does not apply as currently constructed and the effort it make it so, as part of an organization-wide implementation, is neither straightforward nor tidy.


Although not specified as such, the current ITIL version 2 is geared for internal-facing IT shops, and most vendor tools and case studies follow this lead. The U.K.'s Office of Government Commerce (OGC) tacitly recognized this when Sharon Taylor, who is leading the program delivery of the updated version 3 of ITIL, stated the new release will provide “a structure … for addressing Outsourcing and Shared Services Environments?”

Taylor further added this change has lead many organizations to request ISO 20000 certification from the outsourcers with whom they contract.

We do not yet know the outlines of version 3’s expanded applicability to the MSP community and, even if it is significant, it will be a good while before these disciplines are deployed.

Accordingly, MSPs face a key question: Can the ITIL best practices framework and tools in their current manifestation be extended to face external customers as well as internal ones?

This is an important question because as more businesses adopt ITIL disciplines and ask their business partners to do the same, the pressure to demonstrate IT Service Management capability will intensify, particularly for MSPs.

Something very similar occurred in the late 1990s when retailers and other service providers demanded their suppliers adopt electronic data interchange (EDI) formats, protocols, technology and processes. Those who could not or would not were eventually abandoned.

When ITIL shops begin interfacing more intimately with the IT departments of their business partners who have not adopted ITIL, friction is likely to follow. MSPs may then be faced with a difficult choice — tell customers and prospects, “It is not possible to implement ITIL as written,” or “Sure, we are going to implement ITIL" and then have to make a go of it, with the risk of misinterpretation and process inapplicability or incompatibility.

Addressing the Issue

In November 2005, the ITIL services firm Pink Elephant produced a white paper titled ITIL, IT Governance & the Managed Service Provider (MSP) and in the same year BMC published Remedy for IT Service Providers. Both documents addressed the overlap between business service management (BSM) and ITIL and they introduced several key points with regard to ITIL and the MSP community:

  • The pressure for MSPs to demonstrate ITIL disciplines and expertise are greater on internal organizations because, even if privately held, MSPs are subject to Sarbanes Oxley Act pass-through audits if they have large public customers.
  • Incident Management and the Service Desk must, by definition, be significantly different for an MSP than for an internal IT department as the service desk is supposed to be the single point of customer contact; an acceptable condition for an IT department to its internal customers but not for an MSP to its customers.
  • The most developed and mature processes for an MSP should be Financial Management, Service Level Management, and Change Management. Everything else can take a back seat. The same cannot be said for an internal IT shop.

  •     1 2 >> Last Page

    IT Management Daily Newsletter

    Related Articles

    Most Popular