Chapter 5 of this publication introduced a number of common Service Operation activities. Due to the technical nature and specialization of these activities, the teams, groups or departments that perform them are often given names that correspond to the particular activities. For example, Network Management could be performed by a ‘Network Management Department’. This, however, is by no means a rule. There are a number of options available in mapping activities to a team or department, for example:
One activity could be performed by several teams or departments, e.g. if an organization has five major Application Support departments, each supporting a different set of applications, each of these departments could perform Database Administration for ‘its’ applications
One department could perform several activities, e.g. the Network Management Department could be responsible for managing the network, Directory Services Management and Server Management
An activity could be performed by groups, e.g. Security Administration can be performed by any person with responsibility for managing an application, server, middleware or desktop.
These organizational decisions are influenced by a number of factors, such as:
The size and location of the organization. Smaller, less distributed organizations will tend to combine these functions, whereas large, decentralized organizations may have several teams or departments performing the same activity (e.g. per region).
The complexity of technology used in the organization. The higher the number of different technologies used, the more likely there are to be several different teams, each doing something similar, but in a different context (e.g. UNIX Server Management and Windows Server Management).
The availability of skills. Where technical skills are scarce, it is common for organizations to use generalists to perform multiple groups of activities – although, in some cases, security considerations make this very difficult. For example, an organization working on classified or secret projects may have to hire expensive, specialized resources even when that means relocating them or contracting through security-cleared vendors.
The culture of the organization. Some organizations prefer to work in highly specialized environments, while others tend to prefer the flexibility of generalist staff.
The financial situation of the organization will determine how many people, with what type of skill, can be employed and how they will be organized.
As a result of these factors, it is impossible for this publication to prescribe an appropriate organizational structure that will fit every situation, however, the following sections list the required activities under the functional groups most likely to be involved in their operation. Please note that this does not mean that all organizations have to use these divisions. Smaller organizations will tend to combine these activities into single departments, or even individuals – if they are even needed at all.
Special note onoutsourcing
These organizational considerations are likely to be most relevant to internal IT organizations. The situation becomes even more complex when some or all of a particular activity or function are outsourced. Prime opportunities for outsourcing have been the Service Desk and Network Operations. This will be covered in more detail in ITIL Complementary Guidance, but some of the key points to remember are:
Regardless of who is performing the activity, the company contracting the outsourcer is still responsible for ensuring that it is performed to a standard that will support the delivery of services to their customers and users.
Outsourcing to solve an organization’s problems or as an alternative to good Service Management processes rarely works. The best results are obtained if these are in place before outsourcing.
Outsourcing works best when there is active involvement by both organizations. If the staff and managers of the customer organization disengage, the outsourcer is unlikely to be successful, simply because nobody understands the organization better than the people who work there.
The outsourcer should not determine their outputs or how they are measured. These are determined by understanding the business requirements of users and customers and ensuring that they can be met by the outsourcer’s capabilities.
Although the outsourcer’s services become an integral part of the organization, they are still a third-party organization, with a different set of business objectives, policies and practices. Security standards must be upheld and both parties must clearly understand their respective roles and contributions.