Did the chicken come first or the egg?
- A Yes
- B No
- C Maybe
While preparing for the ITIL Foundation Certificate exam this was one question I was stuck for a long time. The intuitive answer seems to be 'Yes', because if you don't know what you have how do you know it has changed? This is not a blanket statement, of course a change from Solaris to Linux in the enterprise is perceptible and can be assessed without a CM process in place. However, how do you measure if all the Solaris libraries, packages, etc have been ported to Linux without having a CMDB that holds information about the low-level modules? So to truly manage low-level infrastructure and control its change through ChM CM must be implemented. Right? Wait, but who specifies the order of ITIL process implementations? I didn't come across any suggested implementation guidelines during my study, as far as I had learnt ITIL was a collection of best practices and didn't propose any rigid implementation order for the processes. So the answer must be 'No.' As it turns out the latter reasoning turns out to be the correct one and the correct answer is no. As a side note for those preparing for the exam look out for words such as 'must' or 'should' in the questions, ITIL does not impose the implementation.
To make this interesting...shouldn't ChM exist before everything else because you really want to control everything that gets changed? Shouldn't the CM process and the CMDB be instituted under a controlled environment? I am not sure of what the right sequence of implementation is, in a company where I worked earlier the ChM and Release Management (RM) processes were already in place when I joined and the CM was instituted later. I had a very narrow view of the IT infrastructure through the application I was supporting and I didn't really see the need for the CMDB back then. I can see now how things would have been smoother if the relationships between CIs (applications/modules/libraries) had been documented someplace.
But the question to answer is this, is there really an order in which the ITIL processes should be implemented? If yes, then where are these additional best practices on implementation documented. If no, then is that because there is no 'one size fits all' solution? I am curious to know how other organizations have gone about this, please feel free to share your thoughts and opinions on this topic.