THE ITIL SERVICE LIFECYCLE IN APPLICATION TO A NEW SERVICE

The ITIL Lifecycle is a step-by-step process for converting a new project into an operational one. It is a well-structured multistep, iterative procedure. It provides a framework for technical and non-technical activities that are required to provide a quality system that meets or exceeds an organization's objectives. Historically, the lifetime was divided into five parts. It now consists of seven phases. The number of phases was raised to let systems analysts define more specific activities to achieve certain goals. ITIL lifecycle is frequently utilized when an IT or IS project is in the works. It emphasizes the many stages of the development process. The life cycle approach can assist users to see and understand the activities that are involved in a given step. It can also assist in knowing the steps can be repeated or reworked when there is a need for modification or improvement of the system. The seven phases of ITIL lifecycle as follows: Planning; Systems Analysis; Systems Design; Development; Testing; Implementation; and Maintenance (Kumar, Zadgaonkar & Shukla, 2013). The paper focuses on proposing an ITIL service lifecycle that can be applied in the development of a new enrollment system for student at the University of South Australia.

It is crucial to have a good understanding of how ITIL works in addressing real world problems such as developing a new student enrolment system for an institution of higher learning. ITIL lifecycle comprises the following steps: defining the business case/problem and initiation of the project; gathering requirements and analysis; designing of the IT project; the building of the project; testing; implementation or deployment; delivery and support. Defining the business case is needed in justifying the cost and effort that are required to provide the new service or changing an existing service. Business case is vital in triggering the initiation of a project. The activities involved in the business case and project initiation occurs at the service strategy stage (Iden and Eikebrokk 2013, p. 514). The service design stage involves identifying and analyzing the detailed requirements of the service. Producing a design of the services that is in compliance with the requirements is also an essential step in service design stage. The building/ development is a physical bit the involves acquiring various solutions like building the hardware, networks, servers, as well as programming the software application. These activities occur in the service transition stage. It is essential to perform a test on the service transition stage with the aim of ensuring that the service meets the needs of the organization and works as expected (Conger 2011, p. 5-8).

Defining the business case

The business case is the need for a new information technology (IT) system for the enrolment of students at the University of South Australia. The current system is no longer capable of meeting the needs of the learning institution. The system is not providing an appropriate interface for the process of enrolling students. It is not capable of handling the high volume of registration request that the university is receiving. The institution wants to embrace a different approach with the aim of coming up with a new system. A robust student enrollment system should be developed to improve efficiency and cater for the high demands. It has become extremely tedious to record, retrieve, and update each record on the current system. There numerous complaints and frustrations that have emerged as a result of relying on the current system. The application of the ITIL service lifecycle is required for the new IT service. The engagement of an ITIL consultant is necessary to support the new project. The ITIL consultant must ensure that all the stakeholders in the institution such as the administrators, IT support staff, and students are actively engaged in the process with the aim of ensuring that all the internal and external factors and the requirements for customers are put into consideration.

An enrolment system is used to record the information of students. A well-built system is capable of reducing workload. The university needs a new enrollment system that can assist in retrieving essential information from the students. The system can be used to trace various parameters concerning a student. Lack of an efficient enrollment system can cause trouble and chaos in the institution since it triggers confusion among student. The confusion can be eradicated by making the process of enrolling students easy. The new enrollment system should be capable of capturing various categories of students such new and transferee, old students, and students who are shifting courses.

The phases ITIL lifecycle

Planning is the first phase of ITIL lifecycle that is crucial in identifying whether or not a new service is needed to achieve the strategic objectives of the institution. It can also be referred to as a preliminary plan (or a feasibility study) for the organization that is conducted with the aim of acquiring the necessary resources for building an infrastructure to modify or improve a service. The business case has established that a new student enrollment system is needed due to the inefficiency of the current system. The step is vital in finding out the scope of the problem and determining the solutions. It entails putting into consideration various factors such as time, resources, costs, benefits and other items. The planning phase entails describing all the requirements needed for the development of a new student registration system (Correa, Oviedo-Trespalacios, Niebles, Amaya and Bernal 2014, p. 112). The hardware requirements for the new system include: University network infrastructure (wire and wireless); client computers (Windows, Macs, Unix); IBM mainframe for hosting the databases of the University; and production support systems such as the computers for web server, and related hardware for provision of support like UPS and backup tapes. Software requirements are as follows: client operating system (Window, Mac, Unix); client application such as browsers that are compatible with JavaScript; network software and protocols like FTP, TCP/IP, HTTP and HTTPS which are crucial in enabling the communication of the system; mainframe system like the IBM Gateway and DB2 database; and valid licenses that are needed in running software from third party vendors. The figure below shows a good example of deployment requirements (Lee, Xing, Yang, Lujing, YANG, LUJING and Ieee 2011).

Figure 1: Deployment requirements

Source: Langer and Springerlink (2012).

The second phase is business analysis. It entails identifying the source of the problem and identifying the need for change. After a problem has been identified, possible solutions are submitted and analyzed with the aim of identifying the best fit that would lead to the attainment of the ultimate goal(s) of the project. Systems analysis helps to determine the needs of the business, how the needs can be met, the individuals who will have the responsibility for individual pieces of the project, and the type of timeline that is expected. The phases require specific tools such as Structured analysis; CASE (Computer Aided Systems/Software Engineering); and Requirements gathering (Kumar, Zadgaonkar and Shukla, 2013).

System design is the third phase. It is vital in describing the necessary specifications, features as well as operations that are needed to satisfy the functional requirements of the new service that has been proposed. It is considered to be an end user step, and assist in discussing and determining specific information needs for the proposed system. Designing phase factoring essential components like the hardware and software, structures like networking capabilities as well as the process and procedures that required for the system to accomplish its objectives (Hintsch, Kramer, Jamous and Turowski 2016, p. 123-125). Real work in the ITIL cycle starts at the fourth phase in which a programmer, database developer or network engineer embark on doing the major work on the project. The work entails using a flow chart with the aim of ensuring that the process of the system is well organized. The development phase signifies the beginning of production. Installation and changes occur in the development stage. The institution should focus on training during this phase for maximum benefit.

Integration and testing occur in the fifth phase. It is executed by a Quality Assurance (QA) professional to establish whether the proposed design is capable of meeting the initial set of objectives set by the institution. Testing may be conducted repeatedly with the aim of checking for errors, bugs, and issues of interoperability. It should be done until the system becomes acceptable to the end user. Verification and validation form a crucial part of the fifth phase since they assist in ensuring that the program is successfully completed. Implementation is the sixth phase of the ITIL lifecycle that involves the actual installation of the newly-developed system that would provide the required service. The step is crucial in putting the project into production since it moves components from the previous system and integrating it into the new system. It should be noted that cutover can be complicated and risky. It is highly recommended that cutover should be done during off-peak hours (Hintsch et al. 2016, p. 128-130). The end-users and the system analysts should be capable of seeing the realization of the project at this stage. The final phase of the ITIL lifecycle is maintenance and conducting regular updates of the new service delivery system. The stage is essential in enabling the end users to fine-tune the system with the aim of boosting performance, adding new capabilities or meeting additional requirements of the user.

Challenges and mitigation measures

The three main challenges in the adoption and execution of the ITIL lifecycle include inadequate resources, and aligning the process to meet the unique and future needs of an organization; dealing with change management; and security issues. The planning and designing phases are very important since they determine whether a project will succeed or not. The constraint in the availability of resources makes organization unable to put up robust systems. Many institutions struggle to develop programs that can satisfy their needs and meet their future demands. The planning and designing should be done in a manner that ensures the flexibility of a system with the aim of giving room for future Demand. Change management is a big challenge facing many organizations during the implementation of new programs. The workforce of an organization should be ready and willing to adapt to the new operating environment to maximize benefits. Some employees often resist change thereby dragging their organization behind (Iden and Eikebrokk 2013, p. 520).

The most important challenge associated with the phases of the ITIL lifecycle is security. It is important to integrate information security into any information system model. It assists in ensuring that appropriate protection of the information the system is in place to facilitate the transmission, processing, and storage of information. The risk management process enables the organization to balance requirements of protecting the information and the assets by factoring the cost of security controls and mitigation strategies throughout the entire process. Risk management processes entail identifying the critical assets and operations. It also defines systemic vulnerabilities across the institution. The integration of security features is associated with several benefits. It contributes to prompt identification of security issues that are likely to affect the configuration of systems. It lowers the costs of implementing security controls and mitigation of vulnerabilities (Jones & Rastogi, 2004). Integration of security is crucial in creating awareness of the possible technical challenges that result from mandatory security controls. It helps in identifying the security services that can be shared and reused to reduce the cost of development, and improve the security posture of the system by applying proven methods and techniques. The integration of security feature is vital in facilitating informed executive decision making through the prompt application of comprehensive risk management process. It is essential in documenting important security decisions that are established during the development process with the aim of informing the management on security considerations during all the stages of development. It enhances the confidence of the organization and its customers thereby facilitating the adoption and use of the new system. It can also boost the confidence of the institution of investing into the new system. Lastly, security integration in ITIL lifecycle is crucial in improving the interoperability and integration of the systems that would be difficult to realize if the security feature is implemented separately at the various levels of the system (Motahari-Nezhad, Saint-Paul, Benatallah and Casati 2008, p. 1686).

It is important to start security planning in the initiation stage by identifying the key security roles that should be executed in while developing the system. The evaluation of security requirements should factor in the information to be processed, transmitted, or stored. The stakeholders should understand the security considerations of the new system. Information System Security Officer (ISSO) is required to integrate security measure in the service development lifecycle. Security considerations assist in the early integration of security measures and concerns into the service development lifecycle. It assists in ensuring that the possible constraints in functionality are put into consideration. Assessing the requirements for integrity, and confidentiality should be done at the initiation stage (Lee, Xing, Yang, Lujing, YANG, LUJING and Ieee 2010). The institution should categorize its IT system into various risk categories like as low, moderate or high based on the impact on confidentiality, integrity, and privacy to assist in the selection of appropriate security controls. The privacy requirements need to be established at this stage. Costs and time can be saved by enabling early planning and awareness through proper risk management planning. The institution should be capable of clearly defining its project objectives and high-level requirements for information security at the initiation phase. The architecture for enterprise security system should also be defined in this stage.

Performing risks assessment and utilizing the result in supplementing the baseline security controls is considered to be a key security activity during the development/initiation phase. The institution should do the following: the analysis of security requirements; conduct functional security test; preparation of documents for the accreditation of the system certification; and designing the security architecture. The risk assessment is vital in enabling the institution to establish the risk to its workforce, assets, and operations that emanate from the operation of the information system as well as the processing, storage, or transmission of information. Security planning entails establishing the security requirements for the IS, describing the selected security controls, and presenting the rationale for security categorization. It also defines how the implementation of controls is going to be done, as well as how o restrict the use of the system in high-risk situations. Security planning assists in documenting the decisions that have been selected and approved by authorized officials. It is vital to ensure that the system is functioning as intended before its launch by conducting a test of its functionality and security features (Bonvoisin, Lelah, Mathieux and Brissaud 2014, p. 148).

The implementation phase entails configuring and enabling security features of the system, testing the functionality of these features, the installation of the system, and obtaining a formal authorization needed for operating the system. The reviewing of the design and testing the system need to be done before the operation of the system is started with the aim of ensuring that it is in compliance with all the required security specifications. Additional acceptance tests for new controls should be done in case there is an addition of new controls to the application system. The step is crucial in ensuring that new controls are complying with the security requirements and are not conflicting or invalidating the existing controls (Kumar, Zadgaonkar and Shukla, 2013).

The continuous monitoring of the system performance is usually done during the operation/maintenance phase. It is vital in ensuring that the system is in compliance with the pre-established user, and security requirements. It also ensures the incorporation of the system modifications. Conducting Configuration management (CM) assists in documenting any proposed or actual changes in the security plan of the system (Iden and Eikebrokk 2013, p. 516). IT system is continuously evolving with upgrades to hardware, software and firmware. Documentation of the changes in the information system should be done as well as the assessment of the potential impact of the changes on the security of a system with the aim of giving assurance that there is prevention of lapses in the accreditation of the system security.

The disposal phase involves plans for doing away with the old system and transitioning into the new system. The hardware, software, and information may be archived, discarded, destroyed or transferred to another system. Unauthorized disclosure of sensitive data can occur in the disposal phase if the process is not done properly. The institutions should put into consideration the need for future retrieval and the methods to be used in the retrieval process. The disposal activities are vital in ensuring the orderly transition and preservation of essential components of the system. It makes it possible for future reactivation of all the information if necessary. Emphasis should be placed on the appropriate preservation of the data to enable efficient migration of data to another system (Bonvoisin, Lelah, Mathieux and Brissaud 2014, p. 150). The process of archival should comply with the required regulations and policies that facilitate potential future access.

Methods of implementing a new IT service system

There are four main ways of implementing a new IS platform once it has been designed. They include direct cutover, parallel roll-out, phased roll-out, and pilot roll-out. It is characterized by a changeover that takes places as soon as the new system becomes operational. It is considered to be the least expensive approach to the implementation of a new service system. Its main demerits is that there is a high risk of data loss due to lack of backup. There is no option for reverting to the old system once the direct cutover takes effect. It is highly prone to the risk of total system failure. It is recommended when there are inadequate funds due to its low cost (Langer and Springerlink 2016).

Parallel roll-out involves allowing both the old and the new system to run simultaneously. The method of parallel operation changeover requires the old and the new information systems to be fully operational for a specified period. The old system can only be terminated when the stakeholders are satisfied that the operation of the new system. The approach is associated with very low risks since it is possible to revert to the old system if the new system fails to work correctly. The disadvantage is that it is the most expensive changeover method. An institution has to cater for the cost of operating two systems. It requires data input in both systems. There is an increased workload since users have to work on both systems. It is recommended when handling highly sensitivity project that requires backup, and when the resources are adequate (Mohamad, Aziz, Jawawi, Ghazali, Arbaie and Ibrahim 2012, p. 79).

The pilot roll-out is changeover method involving the implementation of a completely new system at a specific location in an institution referred to as the pilot site. The old system continues to be operational. After the new system has been successfully implemented at the pilot site, its implementation is carried out in the rest entire institution using the direct cutover. The pilot roll-out involves combining both parallel and direct cutover. The pilot site plays a crucial role in ensuring that the new system is working properly thereby reducing the risks of systemic failure. It is less costly as compared to parallel roll-out since only one part of both systems operates for a limited period. It is considered to be less costly and safer since both the parallel-roll out and direct cutover are combined (Langer and Springerlink 2012).

Phased roll-out involves implementing the new system in phases. The implementation of a new system is carried out in modules. It entails combining the direct cutover and parallel roll-out like the pilot operation. Unlike the pilot roll-out, phased roll-out involves providing the entire system to some users instead of allowing all users to access a part of the system (Sonnemann, Margni and Springerlink 2015). It is favorable approach since the risk of errors or failures is limited to the module that is being implemented. It is less expensive as compared to parallel roll-out. Phased roll-out can be more expensive than the pilot approach when there are large numbers of separate phases involved in the system.

Conclusion

Parallel roll-out is the most suitable approach for implementing a new student enrollment system. The use of the new students’ enrolment system can only be efficient by enabling Continual Service Improvement (CSI). CSI is vital continuously aligns and re-aligns IT services by putting into consideration the changes needed by an institution. It can be achieved by identifying and implementing improvements to IT services with the aim of supporting the business processes for the new service (Rodriguez-Martinez, Mora, Alvarez, Garza, Duran and Munoz 2012, p. 114). The objective of CSI is to improve effectiveness, efficiency, and to make the entire process cost effective. It also focuses on analyzing, reviewing, and recommending the approaches that need to be taken to improve each phase of the ITIL service lifecycle. All the stages of the ITIL service lifecycle can be summarized as the service strategy, design, transition, operation, and CSI (Verlaine, Jureta and Faulkner 2015, p. 127). The seven steps involved in CSI include the definition of goals and strategy; defining the metrics; the collection of data needed for CIS; processing of the CSI data; performing analysis of the information in the CSI context; the presentation and use of information in a meaningful manner; and the implementation of CSI.

References

Bonvoisin, J, Lelah, A, Mathieux, F & Brissaud, D 2014, 'An integrated method for environmental assessment and ecodesign of ICT-based optimization services', Journal of Cleaner Production, vol. 68, pp. 144-154.

Conger, S 2011, 'Software Development Life Cycles and Methodologies: Fixing the Old and Adopting the New', International Journal of Information Technologies and Systems Approach (IJITSA), vol. 4, no. 1, pp. 1-22.

Correa, C, Oviedo-Trespalacios, O, Niebles, R, Amaya, C & Bernal, W 2014, 'SERVICE DESIGN AND DEVELOPMENT: A NEW PROPOSAL FROM THE LIFE CYCLE PERSPECTIVE', Interciencia, vol. 39, no. 2, pp. 111-115.

Hintsch, J., Kramer, F., Jamous, N. & Turowski, K 2016, November. The Application System Landscapes of IT Service Providers: A Multi Case Study. In Enterprise Systems (ES), 2016 4th International Conference on (pp. 122-131). IEEE.

Iden, J. & Eikebrokk, T.R 2013. Implementing IT Service Management: A systematic literature review. International Journal of Information Management, 33(3), pp.512-523.

Jamous, N., Bosse, S., Görling, C., Hintsch, J., Khan, A., Kramer, F., Müller, H. & Turowski, K 2016, November. Towards an IT Service Lifecycle Management (ITSLM) Concept. In Enterprise Systems (ES), 2016 4th International Conference on (pp. 29-38). IEEE.

Kumar, N., Zadgaonkar, A. S., & Shukla, A 2013. Evolving a new software development life

cycle model SDLC-2013 with client satisfaction. International Journal of Soft Computing and Engineering (IJSCE), 3(1), 2231-2307.

Langer, AM & Springerlink, SPRINGERLINK 2016, Guide to Software Development Designing and Managing the Life Cycle, 22016th edn, Springer London : Imprint: Springer, London.

Langer, AM & Springerlink, SPRINGERLINK 2012, Guide to Software Development Designing and Managing the Life Cycle, Springer London, London.

Lee, S, Xing, K, Yang,Lujing, YANG,LUJING & Ieee, -J 2011, Life-cycle oriented design model for product-service system development, IEEE, US.

Lee, S, Xing, K, Yang,Lujing, YANG & LUJING 2010, A new conceptual life cycle model for result-oriented product-service system development, IEEE, Qingdao, China

Mohamad, R, Aziz, M, Jawawi, D, Ghazali, M, Arbaie, M & Ibrahim, N 2012, 'Service identification guideline for developing distributed embedded real-time systems', Iet Software, vol. 6, no. 1, pp. 74-82.

Motahari-Nezhad, H, Saint-Paul, R, Benatallah, B & Casati, F 2008, 'Deriving Protocol Models from Imperfect Service Conversation Logs', Ieee Transactions On Knowledge And Data Engineering, vol. 20, no. 12, pp. 1683-1698.

Rodriguez-Martinez, L, Mora, M, Alvarez, F, Garza, L, Duran, H & Munoz, J 2012, 'Review of Relevant System Development Life Cycles (SDLCs) in Service-Oriented Software Engineering (SoSE)', Journal Of Applied Research And Technology, vol. 10, no. 2, pp. 94-113.

Sonnemann, G, Margni, M & Springerlink, SPRINGERLINK 2015, Life Cycle Management, Springer Netherlands : Imprint: Springer, Dordrecht.

Verlaine, B., Jureta, I. and Faulkner, S 2015, February. Towards the alignment of a detailed service-oriented design and development methodology with ITIL v. 3. In International Conference on Exploring Services Science (pp. 123-138). Springer International Publishing.