The Four Dimensions of Service Management in ITIL 4

Written by Mark Hillyard

The Issue with a Singular Focus on Improving ITIL Processes

ITIL has long suffered the perception that it is a collection of processes and procedures that are to be plugged into an organization, and…voila, everything’s fixed! This approach, by itself, does not dramatically improve how an organization works. While the very nature of the framework has always been meant to guide organizations to adopt practices that truly deliver value to the customer, the structure has often been reduced to an assembly of step-by-step instructions on how to “do ITIL.” We aim to change that misconception. And one of the most crucial ideas behind this shift is the Four Dimensions of Service Management in ITIL 4. Rather than just focusing on what processes need to be configured in an ITSM tool, this concept pushes an organization to look beyond how it gets from Point A to Point B. More particularly, it focuses on the shift in thinking (and acting) an organization must undergo to deliver an exceptional experience to its customers.

Four Dimensions of Service Management

Figure 1 – The Four Dimensions

So, What are the ITIL 4 Dimensions?

The Four Dimensions of Service Management is a new concept in the ITIL 4 publications. At first glance, it closely resembles what was known as the “Four Ps” of Service Design in ITIL v3 (People, Process, Partners, and Products), and it does share some thought space with those concepts. But it is important to understand that with the introduction of ITIL 4, this idea has been elevated to become key to the success of service management. Conceptually, the dimensions represent the necessary balance we must strike as an organization to ensure that all our planning, design, and delivery is successful. If we don’t think about these aspects, we will fail—or we will at least have a much steeper mountain to climb to realize our vision.

The Four Dimensions concept has a great deal of impact and influence on an organization’s overall system of how things work together. We call this the Service Value System, which is a model that ITIL 4 has established to illustrate how this puzzle fits.

Rather than being just another part of this system, the Four Dimensions stand alone as specific business characteristics we must evaluate and act upon. It is closely linked with ITIL’s Guiding Principle “Think and Work Holistically” as it is a top-down view of the vital aspects of how we must design and deliver products and services with a “systems thinking” view.

At the core of the Four Dimensions are the products and services we provide, the stuff that ultimately gives our customers value. There are also several external factors that can affect any number of the dimensions. ITIL has adopted the PESTLE set of external influencing factors to illustrate additional considerations an organization must undertake when designing and delivering products and services. More on that later.

The first of ITIL’s 4 Dimensions: Organizations and People—Wrestling a 400 Pound Gorilla

When a flower doesn’t bloom, you fix the environment in which it grows—not the flower.

—Alexander den Heijer

The first dimension speaks to roles and responsibilities, organizational structures, the talents and skills of our workforce, and culture. It’s no accident that we start with this aspect. After all, what could be more overarching than an entire organization and all its people? This dimension does cover a great deal of ground, but we are going to tackle one of the most vital components: organizational culture. This is, without question, one of the squishiest components of any organization. It is difficult to define and manage. And if leadership does not consider how its organization’s culture is affected by strategic decisions, the results can be disastrous.

Culture – Crucial to the Puzzle

Peter Drucker once famously said (or didn’t say, depending on who one asks), “Culture eats strategy for breakfast.” Culture is critically important to any organization’s success. According to a 2017 study by Mazars, culture is one of the top three priorities for company boards across Europe. In fact, some 62% of respondents felt that culture was the responsibility of executive management and should be influenced from the top down. Unfortunately, that same study found that nearly half of those respondents “believe they either do not devote enough time to cultural issues or that culture is not valued as a discussion topic.”

So, what is organizational culture, and why is it so important? Moreover, why is it so hard for an organization to properly consider culture? The reality is that neither of these questions is easy to answer. In fact, asking ten people these questions could produce ten entirely different responses. The Harvard Business Review ran a LinkedIn discussion in 2013 to discover what a sample of some 300 professionals thought of organizational culture and its importance. The results were, as one might expect, varied. But each highlighted response serves to more thoroughly describe what culture means in an organization. From “consistent, observable patterns of behavior” to “a social control system”, the concepts of values, incentives, activities, and even self-preservation emerged.

Let’s take a more practical approach. Think of organizational culture as how an organization respects governance in the absence of management. Or, more simply put, the way that people behave when leadership is not around. Consider a classroom full of primary school students. When the teacher and (maybe) the teaching assistant are in the room, the policies laid out by these authority figures can be demonstrably enforced, but what happens when these adults leave the room? Does the class remain on task, well-behaved, and follow the rules and guidelines laid out for them? If the adults have instilled a sense of purpose and mutual understanding with the class, they are likely to embrace the “rules” that have been established. This will not be perfect, but they will likely maintain a sort of order that is self-correcting—that is, those students who are bound to “act up” will do so no matter what, but the rest of the class will either ignore this behavior or address it themselves. However, if the teacher has been overly severe in enforcing his/her rules, policies, and standards, the class is more likely to adopt its own, more comfortable set of values when left alone. This is not something that substantially changes over the course of our lives. If a group of professionals think that the governance set forth is overly constraining, or—and this is the big point—that those policies are out of line with their values, that group is much more likely to reject them when management is removed from the equation. Observing behavior of a group governed by policies and procedures when those who manage the group’s behavior are absent can be very telling of the level of cultural maturity as well as the level of buy-in to the governing policies that exists within the group.

Unfortunately, when the culture in an organization is not aligned with leadership’s vision and governance, that same leadership may begin to ignore it. Or worse, tend toward punitive measures to change the workforce’s behavior through “edicts” and disciplinary threats and actions. This, in turn, creates an atmosphere of animosity and fear, and while the culture definitely changes, it is not in the way that leadership intended.

There is a concept that has arisen from the Agile movement that speaks to this dilemma. Instead of forcing individuals to change behavior through orders and control, provide a path whereby they are encouraged to change and flourish. This follows Large-Scale Scrum pioneer Craig Larman’s 5th Law of Organizational Behavior, “Culture follows structure.” Ultimately, if an organization wants the culture to change, leadership will have to change the environment within which the culture operates.

So, an organization’s leadership does have a significant amount of influence over the culture of its workforce. However, trying to change people’s behavior through strict policies of command and control will likely not produce a culture that is healthy and willing to change the status quo when organizational goals and vision demand.

Additionally, culture itself is dynamic. The departure of knowledgeable staff members, and the introduction of new, inexperienced staff can cause tectonic shifts in work habits. Plans and efforts to deliver new and enhanced products and services must be highly adaptable, encouraging deep collaboration and visibility in every project and initiative that can uncover gaps in cultural agreement. This allows for leadership to recognize when a course of action may cause too much of a shock and make a more informed decision on how to move forward. Rather than trying to create a documented, long-term “culture approach”, we gain insights regularly through iterative improvements and continuous feedback from within the organization.

The Second of ITIL’s 4 Dimensions: Information and Technology—Managing and Protecting a Vital Asset

Knowledge on its own is nothing. But the application of useful knowledge—now that is powerful.

—Rob Liano

If the last century of technological advancement has taught us anything, it is that learning never really ends, and it accelerates in direct proportion to the amount of information available. I have long harbored a theory that with each passing generation, a lot of knowledge and experience is discarded, but the truly meaningful information is essentially baked into our successors, which means that every time a new generation takes power, it is expected to already possess the sum total of all that its predecessors learned (and already knew), and build on that knowledge to, for lack of a better term, do better. This is a monumental expectation. Thankfully, we learned how to record information and knowledge very early on, making it much more reasonable to expect that it isn’t lost. This has never been more evident than in the last few decades as our entire civilization has begun to value information and knowledge above nearly everything else.

Manage Information Right

The information we maintain, create, and leverage in the delivery of services is vitally important. Understanding what data, its location, and the mechanisms in place for storing and delivering that information, is the primary focus of this aspect. As we have all witnessed in the last decade, not only is information a vital part of delivering great products and services, it is extremely valuable (both strategically and financially). Companies exist today solely to collect, aggregate, and correlate information, ultimately selling it to other organizations. This ecosystem has evolved in unexpected ways for consumers. As breaches of trusted organizations mount year after year, many consumers have begun—albeit slowly—to work harder at protecting personal information. In the EU, the GDPR has led the way as the most innovative, consumer-centric privacy regulation of the Internet Age. As a service provider, it is our duty to not only maintain the information we own, but to integrate it and evolve that information into shared knowledge. As we consider new and enhanced products and services, we must consider what information is managed, what adjacent knowledge and information will be necessary in the delivery of the product or service, and how we plan to protect that information on behalf of our consumers.

Perhaps the most critical piece of the information management pie, however, is how data is protected. While data and information repositories can help organize and integrate data across platforms and deliver the right information when it’s needed, there is also an undeniable need to secure that data with a solid strategy. The challenge is that information security is often at odds with operational effectiveness and efficiency. Thus, we must bake security into our wider strategy at the earliest possible stage. Establish the proper guard rails during design and integrate security tests directly into the development lifecycle. This is a critical step to better align operational procedures and security governance. And it ensures that security doesn’t slow down the pace of improvements and new features.

Define Knowledge from the Bottom Up

Information and knowledge have become so crucial to our success, that frameworks, methodologies and even industries have emerged to help better manage and leverage all that we know. One of these is Knowledge Centered Service, or KCS. This methodology is a great example of how an organization can address the ever-expanding importance of information management, while also encouraging its human resources to add to the success of every customer interaction. Simply put, KCS is a way of crowdsourcing the experience of our workforce. The fact is, IT staff is made up of people who want to contribute and share their collective knowledge and skills, the vast majority of which are determined to innovate and create the best possible work product. Too often, an organization stifles this inspired work ethic by establishing that only designated “experts” can provide knowledge, and that is a severe handicap, especially considering how valuable information and knowledge are in today’s world. Rather than defining what knowledge exists and from whom it originates, allow staff the latitude to express and share the knowledge that matters, based on their collective experience. In addition, giving every employee the ability to feed that experience back into the organization at-large can have a profound impact on policy direction, giving leadership creative suggestions on how to achieve its goals and vision that otherwise may have never seen the light of day.

The Third of ITIL’s 4 Dimensions: Partners and Suppliers—Who We Work with Matters

Managing yourself requires taking responsibility for relationships.

—Peter Drucker

For as long as IT has been IT (actually, even longer than that), organizations have leveraged partnerships with vendors and outside contractors for those products and services that they either cannot or choose not to produce on their own. This practice has evolved, and it has never been more important to business than it is today. Vendors provide everything from bare metal infrastructure to service desk staff, and the customer experience relies heavily on the success of these partnerships and contracts. As many organizations divest from traditional, internal resources (such as servers and data center networks owned or leased directly by the consumer) to ‘as a service’ platforms delivered from the cloud, these relationships become even more critical.

Outsource Wisely – Knowledge Follows Good People out the Door

For a long time, there was a belief that outsourcing IT staff was a great way to shave budget dollars and still get high quality service. And there have been a lot of vendors that became exceptionally effective at selling this notion. It still happens today (especially in rapidly growing, but still relatively immature organizations) because, well, IT staff doesn’t come cheap. And companies are looking for ways to stop bleeding capital quarter after quarter. There are two fundamental problems with this line of thinking: 1) while expensive, IT staff have an extensive amount of tacit knowledge that is difficult to document and is based on shared experience; and 2) internal IT staff are concerned with the welfare of the organization, often radically so. Jettisoning the knowledge and dedication that an internal IT worker has is, at best, a shortsighted way to cut costs. At worst, it can have a long-term negative impact.

None of this is to say that outsourcing staff is wrong, or that there are no circumstances under which this path is successful. But the decision to outsource even part of the IT organization should be carefully considered, and leadership needs to go into such partnerships with eyes open, understanding the potential pitfalls and consequences – including loss of a direct link to the customer and resulting knowledge.

Consider Cloud Services Carefully and Reap the Rewards

A lot has been (and can be) said about the vision of Amazon, but when they decided to commoditize online storage and application services on a scale that had, to that point, never been imagined, the revolutionary shift in how organizations use, manage, and consume IT services rocked the very foundation of the industry. When AWS launched in 2006, every established company on the planet with an IT infrastructure larger than a single website maintained everything in-house. The very idea of storing production data remotely was relegated to personal inventories of family photos and cat videos. Ask any company today about infrastructure, and the response will overwhelmingly skew to either established cloud infrastructure for most major applications and services, or a plan to do so in the next five years. Private companies and even government agencies are all scrambling to move as much as possible offsite. Other major players have emerged in this sector. Established names like Microsoft, IBM, and Oracle have all dedicated substantial resources to joining the movement.

What does this mean for the future of IT services? The biggest side benefit has been amazing innovation from development teams, no longer constrained by static infrastructure that required extensive approvals and effort to expand or change. Software containerization, microservices, infrastructure-as-code—these are more than just buzzwords. They represent a new way of working that cuts delivery time of new features and enhancements to days, if not hours, where once a single release could take weeks or months to fully implement.

There are risks and consequences that must also be considered. The most obvious is that of security. This is usually the first hesitation organizations have before moving services offsite. And that is a good thing. A healthy amount of fear surrounding the decision to hand over data to another company to manage on our behalf is rational and plainly good business practice. There is another substantial risk, however, and it has not always been top-of-mind for organizations when partnering with vendors with cloud-based solutions: data ownership. The truth is, there is no shortage of vendors who will go to great lengths to keep our business. And one of these tactics is to hold data hostage. The practice is not uncommon, and, frankly, it appears to be a shortcut to client retention. Rather than convince customers that the software or service is worth using through user and customer experience and satisfaction, a vendor will simply not allow their client to take their data with them should they choose to end the relationship. Every organization should carefully consider this possibility and weigh the risk of losing access to critical data.

Cloud services, however, are becoming more ubiquitous—seemingly—by the day. A prudent approach to this reality is to take it slowly, don’t simply eliminate the entire on-premise infrastructure for the promise of lower cost, higher availability cloud solutions. Start with systems that are less critical to manage internally. If that even seems to risky, try moving test and staging environments to the cloud to test viability. And no organization should move vital business functions and services without a full risk assessment, no matter how attractive the cost may appear. Remember, the cloud will still be there tomorrow, there is no reason to try to boil the ocean today.

The Fourth of ITIL’s 4 Dimensions: Value Streams and Processes – How We Work is More Important than What We Do

Every organization exists to take a customer demand or a great idea and turn it into a (hopefully) great product or service, and (hopefully) do so quickly. As a business ages, such a basic, foundational concept sometimes gets lost in the day-to-day operations in which we become mired. This last dimension ensures that we reconsider these “paths” to delivery and make sure we’re keeping up with our customers’ expectations. Having a focus on improving our value streams pushes us to find more efficient ways of working—even to the point of eliminating those processes that cease to make sense or add value.

Value Streams – Achieve Objectives Through Thoughtful Design

Keeping up with all the various ways to get a product or service to the customer is no easy task. In fact, the concept of visualizing and mapping these value streams is over a century old. It came into vogue in manufacturing in the mid-twentieth century, most notably in Japan. Toyota Corporation was one of the pioneering organizations that proved its effectiveness. It has since been adapted to other industries, made part of different methodologies, and has now found its way into ITIL.

It may seem like ITIL is just drawing on another methodology—one based primarily in the manufacturing world—to sound familiar and relevant. Quite the contrary. As with many of the ideas and concepts set forth by the framework, value streams play a significant role in providing a tremendous customer experience. Understand that every documented workflow, each set of activities we perform, is meant to deliver a valuable product or service. If there are steps or activities that do not contribute to that goal, eliminate them.

Processes – The Hand Inside the Glove

If the value stream is the map to how we work, processes are the car and driver that get us there. Traditionally defined as how we turn inputs into outputs, processes are made up of both the who (roles and responsibilities) and the how (specific procedures) of each value stream. Focus on how your workforce accomplishes all the amazing feats of customer service. Help eliminate the wasteful steps and roadblocks that frustrate and demotivate team members by regularly observing real-world activity and comparing that to documented workflows. This is a sure-fire way to uncover bottlenecks in the machine.

Be mindful of all the outside influences that are competing for attention.

—Steven Redhead

Beyond ITIL’s 4 Dimensions: External Factors – Dealing with the (Often) Immutable Outside World

No organization makes decisions in a bubble. We cannot work in isolation from the world at-large. So, too, the Four Dimensions are influenced by external factors. We represent these in a marketing analysis model known as PESTLE (or PESTEL). This acronym covers those outside influences that can support—or derail—our efforts: Political, Economic, Social, Technological, Legal, and Environmental factors all conspire to affect organizations in myriad ways, and to varying degrees.

One of the most significant examples of this influence—which, coincidentally also stems from nearly every one of these factors—is the EU’s General Data Protection Regulation (GDPR). Approved in April 2016, the full force of the regulation came into effect on May 25, 2018. Its reach is global, though the regulation is meant to handle the data and privacy of EU residents. Any organization wishing to process or hold the personal data of a person residing within the European Union is subject to the policies, regardless of the company’s location. The penalties for non-compliance are stiff: 4% of annual global turnover or €20 Million (whichever is greater). For a small company, that could represent utter ruin. Organizations across the world have scrambled to meet the minimum requirements. Fines have already been issued in the short time the regulation has been in force. And there is no question that any company that has its sights set on Europe as a fertile market must take stock of the impact this regulation will have on how data is processed, controlled, and protected. The GDPR is also an example of how immutable some external factors can be. There is no negotiating around this regulation. All any organization can do is understand the significance and impact, and then act accordingly. While many external factors cannot be worked around, the analysis and understanding of how each may impact an organization’s strategy is a significant advantage. While the GDPR is a well-known regulation, there are numerous other factors that need careful research and consideration. Failure to understand the impact outside influences can have, at the very least, a delaying effect on an organization’s plans. At worst, it could result in financial or legal penalties that could be devastating to the bottom line.

Final Thoughts

The 4 Dimensions are more than just a model on a PowerPoint® slide. They represent those aspects of our business that are crucial to the success of every product and service we deliver. When we see them, it may seem obvious how they should fit into our strategy, but often we lose sight of them as day-to-day operations take over, and we are scrambling just to keep our collective heads above the water line. It is vital that we return to these aspects even when we are doing something as simple as resolving an incident or fulfilling a request for our customers. We must remember that we aren’t just going from Point A to Point B on a flowchart. We are delivering valuable products and services, and there is very seldom a straight line to get there. Maintaining focus on the bigger picture can often lead to innovative solutions that we may never have considered if we keep our heads down in the weeds and fail to consider the wider impact of the work we do every day.

Show the Tangible Benefits of Your Improvement Efforts

Continual service improvement starts with a solid CSI Register.
Download Now

Originally published October 10 2019, updated January 01 2020
ITIL/ITSM