ArticlePDF Available

Abstract and Figures

ContextIn recent years, many software companies have considered Software Process Improvement (SPI) as essential for successful software development. These companies have also shown special interest in IT Service Management (ITSM). SPI standards have evolved to incorporate ITSM best practices.Objective This paper presents a systematic literature review of ITSM Process Improvement initiatives based on the ISO/IEC 15504 standard for process assessment and improvement. Method A systematic literature review based on the guidelines proposed by Kitchenham and the review protocol template developed by Biolchini et al. is performed. Results Twenty-eight relevant studies related to ITSM Process Improvement have been found. From the analysis of these studies, nine different ITSM Process Improvement initiatives have been detected. Seven of these initiatives use ISO/IEC 15504 conformant process assessment methods. Conclusion During the last decade, in order to satisfy the on-going demand of mature software development companies for assessing and improving ITSM processes, different models which use the measurement framework of ISO/IEC 15504 have been developed. However, it is still necessary to define a method with the necessary guidelines to implement both software development processes and ITSM processes reducing the amount of effort, especially because some processes of both categories are overlapped.
Content may be subject to copyright.
IT Service Management Process Improvement based on ISO/IEC 15504: A
systematic review
Antoni Lluís Mesquida
a,
, Antonia Mas
a
, Esperança Amengual
a
, Jose A. Calvo-Manzano
b
a
Department of Mathematics and Computer Science, University of the Balearic Islands, Ctra. de Valldemossa, Km. 7.5, 07122 – Palma de Mallorca, Spain
b
Faculty of Computer Science, Technical University of Madrid, Campus de Montegancedo s/n, 28660 – Boadilla del Monte, Madrid, Spain
article info
Article history:
Received 3 February 2010
Received in revised form 14 September 2011
Accepted 10 November 2011
Available online 20 November 2011
Keywords:
Software Process Improvement (SPI)
ISO/IEC 15504 (SPICE)
IT Service Management (ITSM)
Systematic review
abstract
Context: In recent years, many software companies have considered Software Process Improvement (SPI)
as essential for successful software development. These companies have also shown special interest in IT
Service Management (ITSM). SPI standards have evolved to incorporate ITSM best practices.
Objective: This paper presents a systematic literature review of ITSM Process Improvement initiatives
based on the ISO/IEC 15504 standard for process assessment and improvement.
Method: A systematic literature review based on the guidelines proposed by Kitchenham and the review
protocol template developed by Biolchini et al. is performed.
Results: Twenty-eight relevant studies related to ITSM Process Improvement have been found. From the
analysis of these studies, nine different ITSM Process Improvement initiatives have been detected. Seven
of these initiatives use ISO/IEC 15504 conformant process assessment methods.
Conclusion: During the last decade, in order to satisfy the on-going demand of mature software develop-
ment companies for assessing and improving ITSM processes, different models which use the measure-
ment framework of ISO/IEC 15504 have been developed. However, it is still necessary to define a method
with the necessary guidelines to implement both software development processes and ITSM processes
reducing the amount of effort, especially because some processes of both categories are overlapped.
Ó2011 Elsevier B.V. All rights reserved.
Contents
1. Introduction . . . ...................................................................................................... 240
2. ITSM standards. ...................................................................................................... 240
3. Systematic review method . . . . . . . . . . ................................................................................... 240
3.1. Question formularization .......... ............................................................................... 241
3.2. Selection of sources. . . . . ...................................................... ................................... 241
3.3. Selection of studies . . . . . ............................................................. ............................ 241
3.4. Information extraction . . ............................................. ............................................ 242
3.5. Results summarization . . ................................ ......................................................... 242
4. Results and discussion . . . . . . . . . . . . . . ................................................................................... 242
4.1. Classification of studies. . ....................... .................................................................. 244
4.2. Results from the analysis of primary studies ............................................. ............................ 244
4.2.1. Standards used for ITSM Process Improvement . . . . . ........................................................... 244
4.2.2. New ITSM Process Improvement initiatives . . . . . . . . ........................................................... 244
4.3. Temporal view of primary studies . . . . . . . . . ......................................................... ................ 245
5. Conclusions and future work. . . . . . . . . ................................................................................... 245
Acknowledgments . . . . . . . . . . . . . . . . . ................................................................................... 246
Appendix A. List of primary studies in the systematic review . . . . . . . . . . . . . . . . . . ............................................. 246
A.1. List of primary studies in the systematic review . . . . . . . . . . . . . . . . ................ ...................................... 246
References . . . . ...................................................................................................... 247
0950-5849/$ - see front matter Ó2011 Elsevier B.V. All rights reserved.
doi:10.1016/j.infsof.2011.11.002
Corresponding author.
E-mail addresses: antoni.mesquida@uib.es (A.L. Mesquida), antonia.mas@uib.es (A. Mas), eamengual@uib.es (E. Amengual), joseantonio.calvomanzano@upm.es (J.A. Calvo-
Manzano).
Information and Software Technology 54 (2012) 239–247
Contents lists available at SciVerse ScienceDirect
Information and Software Technology
journal homepage: www.elsevier.com/locate/infsof
1. Introduction
Over the course of the last two decades, both large and small
software companies have made important efforts in order to
implement Software Process Improvement (SPI) programmes to
establish a process-oriented culture in the organization. A focus
on processes provides the stability and the management infra-
structure required to deal with the ever-changing and competitive
market. A well-defined management framework results in a better
monitoring of the processes so that they can reach higher maturity
levels.
Higher maturity enables a global understanding and a better vi-
sion of the workload and, as a result, a more consistent and repeat-
able work. Moreover, technical skills of the staff are improved and
the use of technology is maximized. When the productivity and
efficiency of development activities are improved, the organization
can develop, maintain and deliver high quality products, meeting
business objectives (usually focused on quality improvement and
cost and time reduction) and obtaining a higher customer
satisfaction.
The two most internationally used SPI models are Capability
Maturity Model Integration (CMMI) [1] and ISO/IEC 15504 (SPICE)
[2]. These models define a process improvement approach that
provide organizations with the essential elements to set process
improvement goals, establish a point of reference for assessing cur-
rent processes and support the improvement of their performance.
Nowadays, customers not only demand quality products
obtained from mature processes, but they also require quality in
the services they receive. In recent years, while companies have
been deploying their software development processes, there has
been an on-going demand for better IT services. In order to satisfy
this demand, SPI international standards have evolved and have
been adapted to incorporate IT Service Management (ITSM) best
practices. For mature software development companies, besides
the SPI initiative in which they are involved, the implementation
of an ITSM standard has currently become one of the main priori-
ties to assure their continuity and maximize the return of invest-
ment and business opportunities.
The main goal of our research is to analyse existent relations
between two disciplines that have traditionally been treated sepa-
rately: SPI and ITSM. With the intention of taking advantage of the
experience of the authors in the application of the ISO/IEC 15504
standard [3–7], the scope of the research is focused on this SPI
standard and pursues a double objective:
Facilitate the implementation of ITSM processes in software
companies already involved in an ISO/IEC 15504 SPI initiative.
Maximize the efficiency of a joint implementation of ISO/IEC
15504 and an ITSM standard. More concretely, the intention is
to consider ISO/IEC 20000 as the ITSM standard. The main rea-
son for this decision is that both standards have been developed
by the same organization and thus compatibility among them
should be feasible. Moreover, some processes of both ISO stan-
dards are overlapped.
As a first step of our research, a systematic review of the litera-
ture which deals with existing initiatives of ITSM Process Improve-
ment initiatives based on ISO/IEC 15504 for process assessment
and improvement is presented in this paper.
2. ITSM standards
ITSM is a process-oriented discipline which combines process
management and industry best practices into a standard approach
for optimizing IT services. ITSM provides a framework to structure
IT operations that enables organizations to deliver quality IT ser-
vices to meet business needs and adhere to service level
agreements.
Because ITSM is process-focused, it shares common interests
with the process improvement movement. ITSM provides specific
processes, frameworks, methodologies and guidance to manage
planning, implementation and assessment of IT service processes
to optimize tactical and strategic IT operations-related activities.
Some of the most internationally accepted ITSM standards are ITIL
(Information Technology Infrastructure Library), ISO/IEC 20000
and CMMI for Services (CMMI-SVC).
In spite of the diversity of fields that this work deals with, and
with the intention of making its comprehension easier, this section
offers a brief description of the different standards mentioned so
far: ISO/IEC 15504, ITIL, ISO/IEC 20000, and CMMI-SVC.
ISO/IEC 15504 Information Technology – Process Assessment
[2] is an International Standard for process assessment and
improvement. It can be used by any organization to determine
the current and potential capability of its own processes, and also
to define areas and priorities for process improvement. In order to
perform a process assessment conformant with the assessment
model defined in ISO/IEC 15504-2 [8], a Process Assessment Model
(PAM) based upon a suitable Process Reference Model (PRM) needs
to be properly defined. Regarding ITSM, a new part describing an
ITSM PAM is currently under development, called ISO/IEC NP TR
15504-8 Information Technology – Software process assessment
– Part 8: An exemplar process assessment model for IT Service
Management [9].
ITIL is a series of documents that contains a set of best practices
to aid the implementation of a framework for ITSM. ITIL has been
accepted in the industry as the de facto standard for ITSM around
the world. It is focused on the continual measurement and the
quality improvement of the services, from both the business and
the client perspectives. The current version of ITIL, ITIL V3, contains
five reference books [10–14] and its main contribution is the defi-
nition of a structure based on the services life cycle.
ISO/IEC 20000 is an ITSM quality standard that promotes the
adoption of an integrated process approach to effectively deliver
managed services to meet the business and customer require-
ments. This standard, consisting of two parts [15,16], is under a
review process in order to provide a better alignment with ITIL
V3 and other ISO standards. New part 4 [17] will describe an ITSM
PRM which is expected to be closely related to the new Part 8 of
ISO/IEC 15504 [9].
CMMI models are collections of best practices developed by the
Software Engineering Institute (SEI) for the application of process
improvement in the development of products and services cover-
ing the entire product lifecycle. Current CMMI version, CMMI
V1.3, was created with the main intention of defining constella-
tions for being applied in different areas of interest. Regarding to
Service Management, the CMMI-SVC [18] constellation was partic-
ularly created for Service Management process improvement.
CMMI-SVC includes a collection of services best practices that
provides guidance for the application of CMMI-SVC by a service
provider organization. CMMI-SVC best practices focus on activities
for providing quality services to the customer and end users.
3. Systematic review method
The research is undertaken as a systematic literature review
based on the guidelines proposed by Kitchenham [19,20] and the
review protocol template developed by Biolchini et al. [21] which
describes each phase of the systematic review process in terms
of template sections. Other systematic reviews in SPI [22–24] have
also been used as a basis for the work presented in this paper.
240 A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247
The protocol used for the systematic review is composed of five
different stages: Question formularization, selection of sources,
selection of studies, information extraction and results summariza-
tion. These five stages are detailed in the next sections.
3.1. Question formularization
With the aim of defining the context in which the systematic re-
view is applied, the protocol suggests to specify a set of items [21].
In the particular case of our systematic review, each item has been
defined specifically for ITSM Process Improvement initiatives
based on ISO/IEC 15504 International Standard for process assess-
ment and improvement.
Problem: software companies have shown a growing interest in
providing quality services to their customers. SPI could be
extended in order to include ITSM processes. The context of this
research is particularly focused on ITSM Process Improvement
models based on the ISO/IEC 15504 assessment framework.
Question: what ITSM Process Improvement initiatives based on
ISO/IEC 15504 exist?
Keywords and synonyms: Software Process Improvement (SPI), IT
Service Management (ITSM), ISO/IEC 15504 (SPICE).
Intervention: analyse ITSM Process Improvement according to
ISO/IEC 15504.
Control: there are no initial data for this systematic review.
Effect: identify all the ITSM Process Improvement initiatives,
frameworks and models performed according to ISO/IEC 15504.
Outcome measure: the number of identified initiatives, frame-
works and models.
Population: the set of research proposals related to ITSM Process
Improvement and ISO/IEC 15504 which have been published in
the list of sources selected for conducting the systematic
review.
Application: companies interested in assessing and improving
their ITSM processes within an ISO/IEC 15504-based SPI initia-
tive. Researchers working on SPI models, more concretely on
ISO/IEC 15504, or on IT Service Management standards.
Experimental design: none statistical analysis methods will be
applied.
3.2. Selection of sources
To perform the selection of the sources where searches for pri-
mary studies will be executed, the systematic review protocol pro-
poses to address the following issues: definition of source selection
criteria, language of the studies, identification of sources, definition
of search strings, and selection of sources [21].
With regard to source selection criteria, the following criteria
have been defined:
Publishing companies or websites suggested by experts.
High-impact publications.
Availability of search mechanisms using keywords.
Non-variability in search results by using the same set of
keywords.
Availability on the web.
Concerning language studies, the obtained primary studies
must be written in English.
The sources have been identified on the basis of the judgement
of the authors of this paper. The list of sources includes relevant
journals in which SPI research area is widely dealt with, such as:
Information and Software Technology, Software Process: Improvement
and Practice, IEEE Software,IEEE Transactions on Software Engineer-
ing and ACM SIGSOFT Software Engineering Notes, Software Quality
Journal, among others. Moreover, the authors have also considered
papers published in the proceedings of different conferences, such
as: the EuroSPI Conference where experts discuss and exchange SPI
practices and the SPICE Conference which is one of the most rele-
vant events regarding the ISO/IEC 15504 standard, among others.
By taking the list of keywords defined in Section 3.1 and making
combinations with the logical operators ‘‘AND’’ and ‘‘OR’’, the
search strings shown in Table 1 have been obtained. To carry out
the searches, these search strings need to be adapted to each of
the search engines of the selected sources.
Taking into account the defined sources selection criteria the
initial list of sources is shown in Table 2. Each element of the initial
list of sources presented above has been evaluated according to the
source selection criteria. After this evaluation, all the elements
have been included in the final list of sources. The authors of the
paper have evaluated the list of sources obtained and approved
all the elements of this list.
3.3. Selection of studies
Once the sources are defined, it is necessary to describe the pro-
cess and the criteria for studies selection and evaluation [21]. The
criteria by which studies will be evaluated to decide if they must
be selected or excluded in the context of the systematic review
have been defined by the authors of the paper taking into account
Kitchenham’s proposals [19,20]. These criteria, Inclusion Criteria
(IC) and Exclusion Criteria (EC), are shown in Table 3.
The process performed to obtain and evaluate primary studies
according to the defined inclusion and exclusion criteria is illus-
trated as a flow diagram in Fig. 1. This flow diagram shows two
main groups of activities. The goal of the first group is the selection
of primary studies. The second group of activities aims to extract
the information of the selected primary studies. Information
extraction will be presented later in this paper in Section 3.4.
With regard to the selection of primary studies, the analysis of
the title and the keywords will be the main inclusion criteria. In
case this information is not enough to decide about the inclusion
or the exclusion of the study then the abstract will be also analysed
and the full text, if necessary. Initially all types of primary studies
related to ITSM Process Improvement according to ISO/IEC 15504
will be taken into account. More concretely, the focus will be on
studies presenting ITSM Process Improvement models based on
the ISO/IEC 15504 assessment framework and the results of the
application of these models to software companies.
Table 4 shows the distribution of the studies obtained from
each search source. The format of this table is adapted from other
systematic reviews in software engineering [22–24]. As a result of
the search execution 1944 studies have been obtained for further
evaluation. Table 4 shows the number of initial studies obtained
from each source (see the column ‘‘Discovered’’).
After applying the inclusion criteria IC1, IC2, IC3 and IC4,
defined in Table 3, only 82 of the 1944 discovered articles have
been considered as relevant articles. Applying the criterion EC2
for the exclusion of duplicated articles, only 49 articles have been
obtained. From these, applying the criterion EC1, finally 28 articles
have been selected as primary studies. These results are shown in
Table 1
Search strings.
Search strings
1 (15504 OR SPICE) AND (ITSM OR ‘‘IT service’’ OR ‘‘service’’)
2 (ITSM OR ‘‘IT service’’ OR ‘‘service’’) AND (improvement OR assessment)
AND (15504 OR SPICE)
3 (15504 OR SPICE) AND ‘‘service’’ AND (ITIL OR 20000 OR ‘‘CMMI-SVC’’)
A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247 241
the last row of Table 4. The complete list of selected primary
studies is presented in Appendix A of this article. This primary
study selection has been reviewed by the authors in order to guar-
antee the quality of the included studies.
3.4. Information extraction
Once primary studies are selected, the extraction of relevant
information begins [21]. The criteria by which the information ob-
tained from the studies has been included were defined. These
Information Inclusion Criteria (IC
inf
) are presented in Table 5.
To analyze the data obtained from the selected primary studies
and to standardize the way in which information should be regis-
tered, a data extraction form has been designed in order to meet
our particular research goals. This form, which is shown in Table
6, has been used to record comments, impressions and the most
important ideas from each primary study. The structure and con-
tents of this form are based on the information extraction format
proposed in [25] and other systematic reviews [22–24]. The con-
tents are grouped into objective and subjective results. The first
category, objective results, refers to those results that can be
directly extracted from the selected primary studies. These results
have been organized in the form into the following four sections:
Study identification: the main data to identify the primary
study: a consecutive number assigned to the paper, the publica-
tion title, its authors, the author’s contact information, the
journal or conference in which it was published, the date of
publication and the source from which it was obtained.
Study methodology: the type of the study, the country in which
it was developed or applied, the improvement strategy goals
and the ITSM Process Improvement models used or developed,
among other information.
Study results: information about the improved processes, the
key factors for successful improvement and the conclusions.
Study problems: study limitations and the deviation between
the expected and the obtained results.
The second category, subjective results, refers to those results
that cannot be extracted directly from the study. The ‘‘Results
Extraction’’ section of the form shows the study outcomes, the
study contribution, as well as other issues.
After a complete and detailed reading of each primary study
and an unbiased evaluation of the information, the objective and
subjective results have been extracted. During the information
extraction execution, the authors’ perception of some aspects var-
ied. Nevertheless, none of them was considered an important
divergence. The authors reached a consensus and different percep-
tions were considered complementary to obtain a comprehensive
analysis of the study.
3.5. Results summarization
The last stage of the systematic review protocol aims to present
the data resulting from the selected primary studies [21].
Results statistical calculus: with the purpose of showing the rel-
evant findings of this systematic review, a statistical analysis
has been conducted with the information extracted from the
selected primary studies. A more detailed discussion of these
results is further presented in Section 4of this article.
Results presentation in tables: with the aim of facilitating the
analysis, the results obtained from the systematic review have
been summarized in tables and displayed in graphics under dif-
ferent perspectives. These results are shown in Tables 7–10 and
in Fig. 2 in Section 4.
Sensitivity analysis: it was not applied.
Plotting: it was not applied.
Final comments:
Number of studies: 1944 studies were found and 28 of them
were considered primary studies.
Search, selection and extraction bias: none search, selection or
information extraction biases that could invalidate the sys-
tematic review results were identified.
Publication bias: none was defined.
Inter-reviewers variation: there were no divergences between
reviewers regarding the systematic review results.
Results application: the obtained results suggest that new
ITSM Process Improvement models have arisen to satisfy
the growing demand of software companies for managing
the services they provide.
Recommendations: the results of the systematic review pre-
sented in this paper should be applied to get an idea of the
state of the art of ITSM Process Improvement based on the
ISO/IEC 15504 standard.
4. Results and discussion
This section presents a summary of the results after the system-
atic review execution.
Table 2
List of sources.
Source Name Web site
1 ACM Portal (Digital Library &
Guide)
http://portal.acm.org/portal.cfm
2 IEEE Computer Society Digital
Library
http://www.computer.org/portal/
web/csdl
3 IEEE Xplore http://ieeexplore.ieee.org
4 Springer Link http://www.springerlink.com
5 ScienceDirect http://www.sciencedirect.com
6 Wiley InterScience http://
www.interscience.wiley.com
7 CiteSeerX http://citeseerx.ist.psu.edu
8 IET Digital Library http://www.ietdl.org
9 ISI Web of Knowledge http://www.isiknowledge.com
10 Google Scholar http://scholar.google.com
11 EuroSPI (Proceedings of) (since
2004)
http://www.eurospi.net
12 SPICE (Proceedings of) (since
2003)
http://www.spiceconference.com
Table 3
Definition of studies inclusion and exclusion criteria.
Criterion Description
IC1 Include papers whose title is related to ITSM Process Improvement according to ISO/IEC 15504
IC2 Include papers that contain keywords that match with those defined in the search string
IC3 Include papers whose abstract is related to the topic under consideration
IC4 Include papers that contain information related to the definition or application of ITSM Process Improvement models
EC1 Exclude those papers that refer to ITSM Process Improvement and ISO/IEC 15504 separately, without showing any kind of relationship between both topics
EC2 Exclude all duplicated papers
242 A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247
Fig. 1. Procedure for executing the systematic review.
Table 4
Distribution of studies by source.
Source Search date Discovered Relevant Not repeated Primaries %
ACM Portal 25/07/2011 15 0 0 0 0
IEEE Computer Society Digital Library 25/07/2011 98 3 2 2 7
IEEE Xplore 25/07/2011 43 2 0 0 0
Springer Link 26/07/2011 178 9 3 3 11
ScienceDirect 25/07/2011 106 0 0 0 0
Wiley InterScience 25/07/2011 11 1 0 0 0
CiteSeerX 26/07/2011 99 2 1 1 4
IET Digital Library 26/07/2011 0 0 0 0 0
ISI Web of Knowledge 26/07/2011 39 4 2 2 7
Google Scholar 26/07/2011 778 42 30 9 32
SPICE 27/07/2011 211 8 4 4 14
EuroSPI 27/07/2011 366 11 7 7 25
Total 1944 82 49 28 100
Table 5
Definition of information inclusion criteria.
Criterion Description
IC1
inf
Identify existent methodologies, techniques, methods and procedures for ITSM Process Improvement
IC2
inf
Collect information about proposed initiatives or models used to assess or improve ITSM processes
IC3
inf
Collect information about ITSM Process Improvement strategies followed by software organizations
IC4
inf
Collect information about improved processes and key factors for successful ITSM Process Improvement in software organizations
A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247 243
4.1. Classification of studies
After the extraction of relevant information from each primary
study, it was possible to determine that these studies could be clas-
sified into the four categories presented in Table 7.
According to Table 7, most of the studies provide a new ISTM
Process Improvement model based on ISO/IEC 15504. In addition,
there is an interest in analysing the need of ITSM Processes
Improvement, as well as combining ISO/IEC 15504 and ITSM Pro-
cess Improvement standards. Finally, five primary studies offer a
summary of the results of the application of new ITSM Process
Improvement models.
4.2. Results from the analysis of primary studies
This section details the results obtained after analysing the pri-
mary studies. These results have been classified into two different
groups.
4.2.1. Standards used for ITSM Process Improvement
Table 8 presents a classification of the primary studies regard-
ing each different standard used for ITSM Process Improvement.
Regarding process reference models, the results from the anal-
ysis of the primary studies reveal that ISO/IEC 20000 is the ITSM
process reference model most frequently used. ITIL V2 and ITIL
V3 follow in order of importance. ITIL V1, which is out of market,
is only mentioned in two primary studies. Moreover, ISO new work
item proposals, specifically ISO/IEC 15504-8 and ISO/IEC 20000-4,
define an ITSM process assessment model and an ITSM process ref-
erence model, respectively. Finally, CMMI models, including the
CMMI-SVC constellation, have also been used for guidance in ITSM
Process Improvement initiatives.
4.2.2. New ITSM Process Improvement initiatives
Table 9 presents the initiatives specifically created with the aim
of developing new ITSM Process Improvement models.
Table 10 shows the distribution of these new ITSM Process
Improvement models depending on the process assessment meth-
od and the process reference model they use.
As Table 10 shows, both SCAMPI and ISO/IEC 15504-2 have been
used as process assessment methods. Then, the feasibility of using
these measurement frameworks for ITSM process assessment and
improvement has already been tested.
Starting with the first row, MITO and IT Service CMM are two
ITSM Process Improvement initiatives with self-developed process
reference models which use SCAMPI as assessment method.
Regarding ITSM initiatives based on ISO/IEC 15504, the assess-
ment method defined in ISO/IEC 15504 Part 2 has been used to
assess both ITIL and ISO/IEC 20000 processes, as well as to assess
new developed process reference models:
SPINI+ defines an ITSM process library from ITIL and ISO/IEC
20000.
The TIPA, NOEMI and SPICE Lite [ITSM] models use ITIL (V2) as
process reference model.
TickIT Plus core includes, among others, ISO/IEC 20000 as
optional standard in its certification model.
SPICE 1-2-1 for ISO 20000 uses the ISO/IEC 15504-2 assessment
method for ISO/IEC 20000 process assessment.
The NiCE model uses the ISO/IEC 15504-2 assessment method
to assess the processes provided by NOVE-IT, a set of IT procure-
ment, development, operation and service provision processes.
Table 6
Information extraction form.
Information extraction form
Study identification
Consecutive number:
Publication title:
Authors:
Contact information:
Journal/Conference:
Date:
Source:
Study methodology
Type of Study:
Country:
Improvement strategy goals:
Models/Standards used:
Models/Standards developed:
Study results
Improved processes:
Improvement success key factors:
Conclusions:
Study problems
Limitations:
Deviation between expected and obtained results:
Results extraction
Study outcomes:
Study contribution:
Other issues:
Table 7
Classification of primary studies.
Category Primary studies Percentage of primary studies
1 Analysis of the need of assessing and improving ITSM processes. 7, 8, 14, 17, 20, 25 21.4% (6/28)
2 Combining ISO/IEC 15504 and ITSM Process Improvement frameworks. 2, 5, 12, 15, 16, 24 21.4% (6/28)
3 Development of an ISO/IEC 15504-based model, framework
or approach for ITSM Process Improvement.
1, 3, 4, 6, 9, 11, 18, 19, 21, 22, 28 39.3% (11/28)
4 Results of the application of an ITSM Process Improvement model. 10, 13, 23, 26, 27 17.9% (5/28)
Table 8
Standards used for ITSM.
Standard Primary studies Percentage of primary studies
1 ISO/IEC 20000 1, 3, 4, 5, 7, 8, 12, 14, 15, 16, 18, 19, 21, 22, 25, 26, 28 60.7% (17/28)
2 ITIL V1 20, 25 7.1% (2/28)
3 ITIL V2 1, 2, 3, 4, 5, 6, 7, 9, 10, 12, 13, 15, 22, 26, 27 53.6% (15/28)
4 ITIL V3 4, 8, 11, 17, 19, 23, 27, 28 28.6% (8/28)
5 ISO/IEC 15504–8 & 20000–4 4, 5, 7, 8, 19, 21, 24, 26 28.6% (8/28)
6 CMM/CMMI 7, 11, 16, 17, 20, 25 21.4% (6/28)
7 CMMI-SVC 7, 8, 16, 19 14.3% (4/28)
244 A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247
4.3. Temporal view of primary studies
Fig. 2 shows the temporal distribution of primary studies result-
ing from the review carried out. Since most of the models were
developed from 2006 onwards, there is a notable increment from
this year in the number of published studies showing the
experiences of their development and usage. This recent increase
may be a reflection of a growing awareness of the importance of
ITSM Process Improvement.
5. Conclusions and future work
In this systematic review we have formulated a research ques-
tion which aims to identify existing ITSM Process Improvement
initiatives based on the ISO/IEC 15504 standard for process assess-
ment and improvement.
By examining the results obtained after the systematic review
execution, we have detected nine different ITSM Process Improve-
ment initiatives in which new models for the assessment of this
kind of processes have already been developed. We have observed
that all these models are composed of an ITSM process reference
model and an assessment method. This review suggests that ISO/
IEC 20000, ITIL (V2 and V3) and CMMI-SVC are the ITSM process
reference models most frequently used. Both SCAMPI and ISO/IEC
15504-2 have been used by these new ITSM Process Improvement
models as process assessment methods.
If we focus on the models based on ISO/IEC 15504, seven of the
nine detected models use ISO/IEC 15504 conformant process
assessment methods to assess the ITSM processes defined by ITIL
or ISO/IEC 20000. Then, the results suggest that the feasibility of
using the ISO/IEC 15504 measurement framework for ITSM process
assessment and improvement has already been examined and
proved during the last decade. With that same purpose, ISO started
the development of an ITSM Process Reference Model (ISO/IEC
20000-4) and its Process Assessment Model (ISO/IEC 15504-8)
conformant to the ISO/IEC 15504 assessment method.
Bearing in mind the final goal of our research (the development
of a new method with the necessary guidelines for the assessment
according to ISO/IEC 15504 of both software lifecycle and ITSM
processes reducing the amount of effort), further work would have
to be performed. To meet this goal the first step would consist of
examining SPINI+, TickIT Plus and SPICE 1-2-1 for ISO 20000, the
three models which use the ISO/IEC 15504 assessment method to
assess the ISO/IEC 20000 processes. These models will be
Table 9
ITSM process improvement initiatives.
Initiative Primary studies Year Description
TIPA (formerly
called AIDA)
1, 2, 3, 4, 7, 13, 22,
23, 26, 27
2007 ‘‘The TIPA model was inspired by ITIL best practices, with the goal to enable objective ITSM capability assessments.
The references used to create the PRM and the PAM were the Service Support and Service Delivery books published
by OGC.’’ (Primary study 1)
SPINI+ 4, 28 2007 ‘‘The SPINI-methodology was supplemented with process modeling methods and the process library was extended
with IT Service Management processes (ITIL, ISO/IEC 20000).’’ (Primary study 28)
NiCE(NOVE-IT) 6 2002 ‘‘A process model for IT procurement, development, operation, and service provision (also called NOVE-IT) was
developed.’’ ‘‘For the NOVE-IT project, it was decided to create an assessment model consisting of a process
dimension adopted as-is from Part 2 of ISO/IEC TR 15504. The model is called NOVE-IT Capability dEtermination, or
NiCE.’’ (Primary study 6)
MITO 6, 25 2000 ‘‘A maturity model for the assessment of companies or parts of companies providing IT Operations services. The
assessment is process based thus able to reveal the potentials for improvement. The model combines features of the
SEI CMM and the assessment method of the EFQM.’’ (Primary study 25)
NOEMI 9, 10 2003 ‘‘The development and experimentation of an IT process assessment methodology especially designed to be used in
very small enterprises (VSEs).’’ ‘‘The processes themselves are based on a combined approach of ISO/IEC 15504 and
the IT Infrastructure Library.’’ (Primary study 9)
SPiCE Lite [ITSM] 11 2008 ‘‘SPiCE Lite [ITSM] supports the guided assessment of ITIL IT organization processes. SPiCE applies its own maturity
level model to ITIL processes. It thus provides a qualitative evaluation of process maturity in accordance to the
SPiCE-process maturity model (ISO/IEC 15504).’’ (Primary study 11)
TickIT Plus 14 2008 ‘‘ISO/IEC 15504, ISO/IEC 15288 and ISO/IEC 12207 will form the core around which TickIT Plus is designed: the
capability model and the process structure. Each of other three standards: ISO/IEC 20000, ISO/IEC 27001 and ISO/IEC
25030, termed ‘Requirements Standards’, are all optional standards that can be included under the TickIT Plus
certification.’’ (Primary study 14)
SPICE 1-2-1 for
ISO 20000
18 2007 ‘‘So ISO/IEC 15504 can be used as universal model for process assessment and process improvement. Following this
idea I have defined an ‘ISO 20000 – PAM’, a process assessment model for IT Service Management according to ISO/
IEC 20000–1:2005. Based on the ISO 20000 – PAM we have implemented an Assessment Tool for IT Service
Management: SPICE 1-2-1 for ISO 20000.’’ (Primary study 18)
IT service CMM 20 1998 ‘‘We propose an Information Technology Service Capability Maturity Model (IT Service CMM) that can be used to
assess the maturity of IT service processes and identify directions for improvement.’’ (Primary study 20)
Table 10
Classification of ITSM Process Improvement models.
Assessment
method
Process reference model
ITIL ISO/IEC 20000 Self-developed
SCAMPI – MITO
IT service CMM
NiCE (NOVE-IT)
ISO/IEC 15504-2 SPINI+ SPINI+
TIPA TickIT plus
NOEMI SPICE 1-2-1
for ISO 20000SPICE lite [ITSM]
Fig. 2. Number of primary studies included in the review.
A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247 245
considered as a starting point for the assessment of the ISO/IEC
20000 processes. Then, our work will focus on the development
of a new process assessment model based on the ISO/IEC 15504
measurement framework for the assessment and improvement of
both the ISO/IEC 15504-5 software development processes and
the ITSM processes provided by ISO/IEC 20000-4. As some pro-
cesses of both process reference models are overlapped, the com-
monalities between them should be carefully analysed.
Acknowledgments
This work is supported by CICYT-TIN2010-20057-C03-03 ‘‘Sim-
ulación aplicada a la gestión de equipos, procesos y servicios’’,
Sim4Gest.
Appendix A. List of primary studies in the systematic review
Next, selected primary studies in the development of this sys-
tematic review are presented.
A.1. List of primary studies in the systematic review
[1] B. Barafort, A. Rousseau, ‘‘Sustainable Service Innovation
Model: A Standardized IT Service Management Process
Assessment Framework’’, Software Process Improvement:
EuroSPI 2009. Communications in Computer and Information
Science, vol. 42, pp. 69–80, Springer-Verlag, Heidelberg, 2009.
[2] B. Barafort, B. Di Renzo, O. Merlan, ‘‘Benefits resulting from
the combined use of ISO/IEC 15504 with the Information
Technology Infrastructure Library (ITIL)’’, International Con-
ference on Product Focused Software Process Improvement
(PROFES 2002). Lecture Notes in Computer Science, vol.
2559, pp. 314–325, Springer-Verlag, 2002.
[3] B. Barafort, B. Di Renzo, V. Lejeune, S. Prime, J.-M. Simon,
‘‘ITIL Based Service Management measurement and ISO/IEC
15504 process assessment: a win–win opportunity’’,
Proceedings of the 5th International SPICE Conference on
Process Assessment and Improvement (SPICE 2005),
Klagenfurt, Austria, 2005.
[4] B. Barafort, D. Jezek, T. Mäkinen, S. Stolfa, T. Varkoi, I. Vond-
rak, ‘‘Modeling and Assessment in IT Service Process
Improvement’’, Software Process Improvement: EuroSPI
2008. Communications in Computer and Information Sci-
ence, vol. 16, pp. 117–128, Springer-Verlag, 2008.
[5] B. Barafort, A. Renault, M. Picard, S. Cortina, ‘‘A transforma-
tion process for building PRMs and PAMs based on a collec-
tion of requirements - Example with ISO/IEC 20000’’,
Proceedings of the International SPICE Conference on Pro-
cess Improvement and Capability dEtermination (SPICE
2008), Nuremberg, Germany, 2008.
[6] A. Cass, C. Völcker, P. Sutter, A. Dorling, H. Stienen, ‘‘SPiCE in
Action - Experiences in Tailoring and Extension’’, Proceed-
ings of the 28th Euromicro Conference (EUROMICRO 2002),
Dortmund, Germany, 2002.
[7] Cater-Steel, ‘‘Integration of service management with
CMMI
Ò
and SPICE’’, 5th Annual SEPG Australia Conference,
Gold Coast, Australia, August 2007.
[8] Cater-Steel, ‘‘IT Service Departments Struggle to Adopt a Ser-
vice-Oriented Philosophy’’, International Journal of Informa-
tion Systems in the Service Sector, vol. 1, issue 2, pp. 69–77,
2009.
[9] Di Renzo, C. Feltus, ‘‘Process assessment for use in very small
enterprise: the NOEMI assessment methodology’’, Proceed-
ings of the European Software Process Improvement Confer-
ence (EuroSPI 2003), Graz, Austria, December 2003.
[10] Di Renzo, C. Feltus, S. Prime, ‘‘Collaborative management for
ICT process improvement in SME: experience report’’, Pro-
ceedings of the European Software Process Improvement Con-
ference (EuroSPI 2004), Trondheim, Norway, November 2004.
[11] T. Goldschmidt, A. Dittrich, M. Malek, ‘‘Quantifying Critical-
ity of Dependability-Related IT Organization Processes in
CobiT’’, IEEE Proceedings of 15th Pacific Rim International
Symposium on Dependable Computing (PRDC 2009), Shang-
hai, China, 2009.
[12] Grandry, E. Dubois, M. Picard, A. Rifaut, ‘‘Managing the
Alignment between Business and Software Services Require-
ments from a Capability Model Perspective’’, Towards a Ser-
vice-Based Internet (ServiceWave 2008), Lecture Notes In
Computer Science, vol. 5377, pp. 171–182, 2008.
[13] R. Hilbert, A. Renault, ‘‘Assessing IT Service Management
Processes with AIDA - Experience Feedback’’, Proceedings
of the European Systems & Software Process Improvement
and Innovation Conference (EuroSPI 2007), Potsdam, Ger-
many, September 2007.
[14] Irving, ‘‘TickIT Plus - the Future of TickIT!’’, TickIT Interna-
tional, issue 2Q08, pp. 3–7, 2008.
[15] A. Kramer, ‘‘ISO/IEC 15504 and ITIL’’, International SPICE
Days 2008, Prague, Czech Republic, June 2008.
[16] D. Malzahn, ‘‘A service extension for SPICE?’’, Proceedings of
the International SPICE Conference on Process Assessment
and Improvement (SPICE 2007), Seoul, South Korea, May
2007.
[17] D. Malzahn, ‘‘Assessing - learning - improving, an integrated
approach for self assessment and process improvement sys-
tems’’, Proceedings of the fourth International Conference on
Systems (ICONS 2009), pp. 126–130, Cancun, Mexico, March
2009.
[18] A. Nehfort, ‘‘SPICE Assessments for IT Service Management
according to ISO/IEC 20000–1’’, International SPICE Days
2007, Frankfurt, Germany, June 2007.
[19] R. Nevalainen, M. Johansson, ‘‘Comparison of CMMI-SVC and
ISO20000 – A Case Study’’, Proceedings of the European Sys-
tems & Software Process Improvement and Innovation Con-
ference (EuroSPI 2008), Dublin, Ireland, September 2008.
[20] Niessink, H. Van Vliet, ‘‘Towards Mature IT Services’’, Soft-
ware Process - Improvement and Practice, vol. 4, issue 2,
pp. 55–71, June 1998.
[21] M. Picard, A. Renault, S. Cortina, ‘‘How to Improve Process
Models for Better ISO/IEC 15504 Process Assessment’’, Sys-
tems, Software and Services Process Improvement (EuroSPI
2010), CCIS 99, pp. 130–141, 2010.
[22] Public Research Centre Henri Tudor: B. Barafort, V. Betry, S.
Cortina, M. Picard, M.St-Jean, A. Renault, O. Valdés, ‘‘ITSM
Process Assessment Supporting ITIL
Ò
’’, Van Haren Publish-
ing, Zaltbommel, December 2009.
[23] A. Renault, B. Barafort, ‘‘TIPA: 7 years experience with SPICE
for IT Service Management’’, Proceedings of the European
System & Software Process Improvement and Innovation
Conference (EuroSPI 2011), Roskilde, Denmark, June 2011.
[24] A. Rifaut, ‘‘Goal-Driven Requirements Engineering for Sup-
porting the ISO 15504 Assessment Process’’, Software Pro-
cess Improvement: EuroSPI 2005. Lecture Notes in
Computer Science, vol. 3792, pp. 151–162, Springer-Verlag,
2005.
[25] Q. Scheuing, K. Frühauf, W. Schwarz, ‘‘Maturity model for IT
operations (MITO)’’, Proceeding of the 2nd World Congress
on Software Quality, Yokohama, Japan, September 2000.
[26] M. St-Jean, ‘‘TIPA to keep ITIL going and going’’, Proceedings
of the European Systems & Software Process Improvement
and Innovation Conference (EuroSPI 2009), Alcalá de Hen-
ares, Spain, September 2009.
246 A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247
[27] M. St-Jean, A.-L. Mention, ‘‘How to evaluate benefits of
Tudor’s ITSM Process Assessment?’’, Proceedings of the
International SPICE Conference on Process Improvement
and Capability dEtermination (SPICE 2009), Turku, Finland,
June 2009.
[28] T. Varkoi, T. Makinen, ‘‘Proactive elicitation of software pro-
cess improvements’’, Proceedings of the Portland Interna-
tional Conference on Management of Engineering &
Technology (PICMET 2008), pp. 1576–1579, Cape Town,
South Africa, July 2008.
References
[1] Software Engineering Institute (SEI), CMMI-DEV, CMMI
Ò
for Development
(CMMI-DEV) Version 1.3, 2010.
[2] International Organisation for Standardization (ISO/IEC), ISO/IEC 15504-
1:2004 Information Technology – Process Assessment – Part 1: Concepts and
Vocabulary, 2004.
[3] A. Mas, E. Amengual, La mejora de los procesos de software en las pequeñas y
medianas empresas (pyme). Un nuevo modelo y su aplicación en un caso real,
Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS) 1 (2)
(2005) 7–29.
[4] A. Mas, E. Amengual, A Method for the implementation of a quality
management system in software SMEs, in: Proceedings of the Twelfth
International Conference on Software Quality Management, British Computer
Society, March 2004, pp. 61–74.
[5] E. Amengual, A. Mas, Software process improvement in small companies: an
experience, in: Proceedings of the European Systems & Software Process
Improvement and Innovation Conference (EuroSPI 2007), Potsdam, Germany,
September 2007.
[6] A. Mas, B. Fluxà, E. Amengual, Lessons learned from an ISO/IEC 15504 SPI
programme in a company, in: Proceedings of the European Systems & Software
Process Improvement and Innovation Conference (EuroSPI 2009), Alcalá de
Henares, Spain, September 2009.
[7] A.L. Mesquida, A. Mas, E. Amengual, La madurez de los servicios TI, Revista
Española de Innovación, Calidad e Ingeniería del Software (REICIS) 5 (2) (2009)
77–87.
[8] International Organisation for Standardization (ISO/IEC), ISO/IEC 15504-
2:2004 Software Engineering – Process Assessment – Part 2: Performing an
Assessment, 2003.
[9] International Organisation for Standardization (ISO/IEC), ISO/IEC NP TR 15504-
8 Information Technology – Process Assessment – Part 8: An Exemplar Process
Assessment Model for IT Service Management, Standard Under Development,
ISO/IEC JTC1/SC7 3798, NWI Proposal, 2007.
[10] Office of Government Commerce (OGC), ITIL Version 3 Service Strategy, 2007.
[11] Office of Government Commerce (OGC), ITIL Version 3 Service Design, 2007.
[12] Office of Government Commerce (OGC), ITIL Version 3 Service Transition,
2007.
[13] Office of Government Commerce (OGC), ITIL Version 3 Service Operation,
2007.
[14] Office of Government Commerce (OGC), ITIL Version 3 Continual Service
Improvement, 2007.
[15] International Organisation for Standardization (ISO/IEC), ISO/IEC 20000-
1:2005 Information Technology – Service Management – Part 1:
Specification, 2005.
[16] International Organisation for Standardization (ISO/IEC), ISO/IEC 20000-
2:2005 Information Technology – Service Management – Part 2: Code of
practice, 2005.
[17] International Organisation for Standardization (ISO/IEC), ISO/IEC CD TR 20000-
4 Information technology – Service Management – Process Reference Model,
Standard Under Development, ISO/IEC JTC1/SC7 3797, NWI Proposal, 2007.
[18] Software Engineering Institute (SEI), CMMI-SVC, CMMI
Ò
for Services (CMMI-
SVC) Version 1.3, 2010.
[19] B. Kitchenham, Guidelines for Performing Systematic Literature Reviews in
Software Engineering Version 2.3, Technical Report EBSE-2007-01, Software
Engineering Group, School of Computer Science and Mathematics, Keele
University, and Department of Computer Science, University of Durham, July
2007.
[20] B.A. Kitchenham, S.L. Pfleeger, L.M. Pickard, P.W. Jones, D.C. Hoaglin, K. El
Emam, J. Rosenberg, Preliminary guidelines for empirical research in software
engineering, IEEE Transactions on Software Engineering 28 (8) (2002) 721–
734.
[21] J. Biolchini, P. Gomes, A.C. Cruz, G. Horta, Systematic Review in Software
Engineering, Systems Engineering and Computer Science Department, COPPE/
UFRJ, Technical Report RT-ES679/05, Rio de Janeiro, Brasil, May 2005.
[22] J.A. Calvo-Manzano, G. Cuevas, G. Gasca, T. San Feliu, State of the art for risk
management in software acquisition, ACM SIGSOFT Software Engineering
Notes 34 (4) (2009) 1–20.
[23] J.A. Calvo-Manzano, G. Cuevas, G. Gómez, J. Mejía, M. Muñoz, F. Rabbi, T. San
Feliu, Service level management for IT services in small settings: a systematic
review, in: Proceedings of the European Software Process Improvement
Conference (EuroSPI 2009), Alcalá de Henares, Spain, September 2009.
[24] F.J. Pino, F. García, M. Piattini, Software process improvement in small and
medium software enterprises: a systematic review, Software Quality Journal
16 (2) (2008) 237–261.
[25] D. Cruzes, M. Mendonça, V. Basili, F. Shull, M. Jino, Extracting Information from
Experimental Software Engineering Papers, in: Proceedings of the XXVI
International Conference of the Chilean Society of Computer Science (SCCC
2007), 2007, pp. 105–114.
A.L. Mesquida et al. / Information and Software Technology 54 (2012) 239–247 247
... Cuando se mejora la productividad y la eficiencia de las actividades de los procesos, la organización puede desarrollar, mantener y prestar servicios de alta calidad, cumplir los objetivos de negocio y obtener una mayor satisfacción del cliente. Para ayudar a las empresas de TI a mejorar su nivel de madurez, se han desarrollado varios modelos para la evaluación y mejora de los procesos de ITSM, como TIPA para ITIL [3], ISO/IEC 15504 [12] y CMMI-SVC [10]. Estos modelos definen un enfoque de mejora de procesos que proporciona elementos básicos para establecer objetivos de mejora de procesos, establecer un punto de referencia para evaluar los procesos actuales y apoyar la mejora del rendimiento de los procesos [11]. ...
... Con el fin de proporcionar orientación para gestionar los servicios de TI con eficacia, han surgido varias normas y modelos de procesos relacionados con ITSM) [13,14] La implementación de los modelos de ITSM permite mejorar la calidad de los servicios de TI y la satisfacción del cliente, así como reducir el coste de la prestación del servicio. Así, la implantación de un modelo de referencia ITSM se ha convertido en una de las principales prioridades de las empresas de TI para asegurar su continuidad y maximizar el retorno de la inversión y las oportunidades de negocio [12]. ...
Conference Paper
Full-text available
Hoy en día, los servicios digitales cada vez son más com-plejos y numerosos, por lo que se les exige una mayor calidad en su prestación. Son el resultado de una cadena de organizaciones que traba-jan juntos para proporcionar dichos servicios, pudiendo ser vistos inter-namente como una cadena de servicios digitales (IT Service Chains). Por un lado, la problemática de las cadenas de servicios de TI es distinta de los desafíos de las cadenas de suministros (Supply Chain), dada la difer-encia entre servicio y producto. Las cadenas de servicios empiezan a ser un elemento de estudio novedoso que están cobrando recientemente gran interés entre la comunidad investigadora, debido a la creciente transfor-mación digital de las empresas y su movimiento paulatino a la nube. Por otro lado, se ha probado conéxito en la industria que la adopción de las buenas prácticas de ITSM mejoran la prestación de los servicios digitales. Este artículo describe un modelo formal sobre las cadenas de servicios digitales tomando como base un servicio público digital de la Administración de la Junta de Andalucia y se analizan las ventajas de este modelo. Con esta publicación se abre la puerta a nuevas líneas de investigación que afrontan muchos desafíos y mejoran la prestación de los servicios digitales.
... ITIL aims at supplying IT "best practices", while ensuring an efficient management and service delivery [8]. This allows organizations to achieve high levels of control, in alignment with their own business objectives [9]. Developed in the 1980s by a British Government organization, ITIL framework bases its practices on five supporting processes: Incident and Service Request Management, Problem Management, Change Management, Configuration Management, and Delivery Management [10,11]. ...
Article
Full-text available
The growing economic pressures and increased competitiveness has forced companies to invest in increasing their efficiency and productivity in the provision of their services. In this sense, literature has shown that investing in ITSM platforms to perform this task helps in monitoring these services, in allocating the company’s resources and, therefore, in increasing its competitiveness. Furthermore, identical to any change, the implementation of something new, may be met with some resistance, jeopardizing the whole process of its adoption. In this study, through interviews with employees of a Portuguese company, done between November and December of 2022, it was possible to analyze impact an implementation of a service management platform can have on monitoring services, as well as in the workers’ day-to-day activities, when applied to a practical case. It was concluded that the use of an ITIL framework allowed the company to meet the proposed objective, and that the selection of the ServiceNow platform proved to be an advantage for increasing the quality of IT service management. Additionally, there was an increase in employee satisfaction and in the support that the platform can provide, facilitating the execution of their tasks, once the first barrier of resistance has been overcome.
... Later, IT Service Management (ITSM) was introduced to incorporate various management strategies to shape and manage the organizational background. The study (Mesquida et al.,2012) says that IT service management (ITSM) is a platform that combines process management and industry best practices to improve IT services. Some ITSM standards have been established due to efforts made by academics and practitioners. ...
Article
Full-text available
In today's rapidly evolving environment, two critical factors for organizations to maintain their competitive edge are speed to market and adaptability. Over the past ten years, a significant number of organizations have achieved success in delivering IT services by utilizing IT management frameworks. One widely adopted framework in this domain is ITIL, an abbreviation for the IT Infrastructure Library. ITIL serves as a guiding framework, facilitating the attainment of high-quality IT service management at an organizational level. When it comes to software development, it is crucial for managers and development teams to select an appropriate methodology that aligns with their project's needs. Agile software development is one prominent approach based on iterative and incremental development. It has gained significant prominence in the IT industry due to its ability to enhance project development processes. Combining ITIL and Agile methodologies has proven to be a valuable strategy for streamlining project development in the IT industry. This fusion results in what is known as the Agile-ITIL combined framework, often referred to as A-ITIL. This paper primarily focuses on the integration of ITIL processes with agile phases, shedding light on the amalgamation of ITIL and Agile with other frameworks and technologies. Furthermore, it examines the utilization of ITIL and Agile in various companies, offering valuable insights into how these methodologies can be applied effectively. Consequently, this publication is a valuable resource for researchers seeking comprehensive knowledge in the ITIL and Agile-related domains. It aims to identify potential avenues for future research and development in this dynamic field.
... A critical aspect of digital transformation in project management is the enhanced capacity for collaboration and efficiency. Mesquida et al. (2016) highlight the role of digital platforms in improving communication among dispersed teams, asserting that tools such as Slack and Trello have revolutionized project coordination. Similarly, Highsmith (2009) acknowledges the contribution of digital tools in streamlining workflows and facilitating real-time decision-making, thus significantly reducing project timelines and costs. ...
Article
Full-text available
In the wake of the digital era, project management as a field has undergone significant transformation. This article delves into the impacts of digital transformation on project management practices, exploring both the opportunities and challenges it presents. By synthesizing current literature and incorporating real-world examples, the article sheds light on how digital tools and methodologies have reshaped the landscape of project management, enhanced efficiency, communication, and resource management, while also presenting new challenges such as security concerns and resistance to change. The findings aim to provide project managers, C-level executives, IT professionals, and researchers with insights into leveraging digital transformation for improved project outcomes, setting the stage for future advancements in the field. Keywords Digital transformation in project management Project management digital tools Impact of digital technology on project management Evolution of project management practices Digital project management methodologies Agile and digital transformation AI in project management Machine learning in project management Data analytics in project management Challenges of digital transformation in project management Future of project management in the digital age Digital collaboration tools for project management Automation in project management Risk management in digital project management. Digital transformation strategies for project management
... The international standard for security development framework has been created by the ISO/IEC [118]- [121]. This comes in the form of Secure Software Engineering Capability Maturity Model (SSE-CMM) [122] which consists of the best practices for security engineering. ...
Article
Full-text available
The continued dependence on information technology applications has led to the adoption of electronic channels and software applications to support businesses, online transactions and communications. In this perspective, both functional and non-functional requirements are critical for the provision of necessary needs at the early phases of the software development process. This is specifically important in the requirement phase of the software development process. Software security is increasingly becoming a necessity concern in this environment. Unfortunately, security concepts such as access control requirements are mostly considered after the functional requirement definition stage. In addition, majority of the developers and organizations regard security as an activity that can be incorporated after the development of a system. This leads to flaws and security defects in the access control mechanism. Therefore, software security issues must be given higher priority in the early stages of the development process. The aim of this paper is to offer a survey of the software security techniques, frameworks and models that have been developed to deal with these issues. The results obtained indicate that software vulnerabilities have made it possible for attackers to exploit them to cause havoc in computerized systems and has become one of the most critical risks facing modern corporate networks. Since most of these vulnerabilities involve exploitable weaknesses introduced through badly written code, the cyber security community has tried to come up with techniques to enhance software products.
Article
The object of research is the software development process. The subject of the study is models, methods and information technology for planning quality improvement of a subset of processes of the SPICE maturity model. The aim of the work is to implement the developed models, method and technology within the framework of information technology and check its performance on test examples. Research methods: quality engineering of software systems; the theory of utility, on the basis of which the target function of the model is built; the method of options sequential analysis; the decision-making theory and modeling of business processes in the development of decision-making support information technology. Applied models: the SPICE maturity model is formalized, which is presented in the form of a hierarchical system; a model for evaluating the level of possibility of a separate process/subprocess of the SPICE model was synthesized; the quality improvement-planning model of a subset of the SPICE model processes under conditions of limited resources is synthesized. The method of options sequential analysis was applied, which was implemented on the basis of the "Kyiv Broom" algorithm. The obtained results: a technology for solving the given task was developed, which is presented in the form of a sequence of execution of individual business processes using the IDEFO standard; the requirements for software were defined; a data model of the subject area was developed; the toolkit for software development is substantiated; the software architecture was chosen; a diagram of software components placement is presented; the performance of the developed information technology was verified on test examples. The practical significance of the work lies in the fact that the obtained information technology allows the managers of IT companies within the limits of the allocated resources in a certain planning period to build the trajectory of the development of the most significant processes of software, to determine how their level of opportunity will increase in each planning sub-period in order to obtain quality software.
Chapter
The application of social research methods in cybersecurity requires a multidisciplinary combination since the security of technologies and communication networks is made up of a set of uses, techniques, and results directly conditioned by the parameters of confidentiality, data availability, integrity, and privacy. However, each of these technological concepts is prepared and subject to conditions of use that involve ethical, sociological, economic, and legal aspects. Firstly, social engineering techniques in cybercrime tend to combine social investigation techniques with computational engineering and telecommunications elements. Secondly, research on cybersecurity phenomena in industrial environments implies the adaptation to the organizational specificity of each sector. In this chapter, the social research topics commonly addressed by leading companies and researchers in cybersecurity at a global level are analyzed from a comparative point of view, extracting a taxonomy of social research on cybersecurity.
Conference Paper
Full-text available
Information Technology Service Management (ITSM) can be defined as the implementation, management and provision of quality information technology services that meet the needs of the enterprise to support business goals and customer needs in the area of IT operations. ITSM is an important factor in the success of many organizations and for this reason a large number of norms, standards, frameworks and models have been created (ITIL, COBIT, ISO/IEC 20000, ETOM, TOGAF, MOF and others) through which the company can use best practices and management practices information technology services. The most widely used standard is ITIL, which in its current version is aligned with the digital technologies of the digital era, so that together with consumers they create value, support business strategy and embrace digital transformation. The aim of the scientific article is to map the use of conceptual frameworks, norms and standards in the field of information technology service management. Business entities should use frameworks, standards and norms to be competitive, efficient and more profitable.
Article
Full-text available
The objective of this report is to propose comprehensive guidelines for systematic literature reviews appropriate for software engineering researchers, including PhD students. A systematic literature review is a means of evaluating and interpreting all available research relevant to a particular research question, topic area, or phenomenon of interest. Systematic reviews aim to present a fair evaluation of a research topic by using a trustworthy, rigorous, and auditable methodology. The guidelines presented in this report were derived from three existing guidelines used by medical researchers, two books produced by researchers with social science backgrounds and discussions with researchers from other disciplines who are involved in evidence-based practice. The guidelines have been adapted to reflect the specific problems of software engineering research. The guidelines cover three phases of a systematic literature review: planning the review, conducting the review and reporting the review. They provide a relatively high level description. They do not consider the impact of the research questions on the review procedures, nor do they specify in detail the mechanisms needed to perform meta-analysis.
Article
Full-text available
Interest in quality of service that providers of Information Technology services have shown has favoured the emergence of a new discipline: Information Technology Service Management. With the aim of focusing the attention not only on product development or service provision, but also on the relationship with customers, different initiatives have appeared. In this article these initiatives are analyzed. Some of them are based on the extension of the existent software process assessment and improvement models (such as CMMI and SPICE) by adding new service management processes. Other projects focus on the development of new service quality standards (such as ITIL and ISO/IEC 20000).
Chapter
This thesis has looked extensively at planar defects that can be found in self-catalysed III-V nanowire (NW)s when growth proceeds at sub-optimal conditions, particularly during catalyst droplet consumption. Defects have been identified through the use of atomic resolution electron microscopy enabled by probe corrected scanning transmission electron microscope (STEM). A large variety of defect types have been observed, including familiar partial dislocations with unfamiliar core structures. Unfamiliar core structures are a result of multiple twinning and inclined twins that interact with defects. The presence of defect structures in NWs can diminish optoelectronic performance and so identifying the exact type of defects can help to guide efforts made in reducing their prevalence.
Article
The integration of software development and service delivery gets more and more important. Therefore a capability approach for software or systems does not only have to cover development, but the combination of development and operation. As SPICE has its strengths in system development, systems operation is not sufficiently covered by the defined processes. On the other hand, there is no combined approach at all. ITIL and ISO 20000 cover service delivery but don't address the development part. The CMMI – which addresses the development part in a way similar to SPICE -is much weaker in the definition of service delivery than SPICE. As there is no "silver bullet" for the integration by now, the CMMI chose the way to define a service constellation. For the SPICE community it has to be discussed whether a similar approach may be applicable, or how SPICE can be combined with other standards like ISO 20000 or ITIL.