IT Service management system for EMBL’s European Bioinformatics Institute’s IT department [version 1; peer review: awaiting peer review]

EMBL-EBI, Europe's biomolecular data hub, is a world leader in managing and analysing big data in biology and making it freely available to scientists worldwide. Research infrastructures (RI) like EMBL-EBI rely extensively on information technology (IT) services to conduct research and support the delivery of scientific services. These IT services are complex and diverse and IT service management (ITSM) has been shown in other domains to help to improve efficiency and productivity. ITSM is a collection of standards that help organisations develop a process-based approach for managing the full lifecycle of IT services, while keeping their users' needs at the forefront and promoting continuous improvement. However, many organisations struggle with the design and implementation of an ITSM system as it involves the need for organisational change, and because the process approach can seem rigid and bureaucratic on the surface. This article aims to share the experience of the EMBL-EBI IT department in designing and implementing an ITSM system. ITSM implementation steps, benefits, challenges, opportunities, and practices are highlighted, critically analysed, and discussed.


Introduction
The European Molecular Biology Laboratory (EMBL) is the only intergovernmental laboratory for life science research in Europe. Aimed at advancing the study and understanding of molecular biology, training young scientists and fostering innovation in science and technology alike. It has six sites in five host nations and one of which is EMBL's European Bioinformatics Institute (EMBL-EBI).
In total, 85 members of the EMBL-EBI IT department provide IT services for more than 800 employees and visitors, operating IT services and a complex infrastructure, which is distributed across multiple data centres and buildings. The type of services provided by the EMBL-EBI IT department are access to and usage of systems and networks (Lovelock and Gummesson, 2004). The IT services include provision of robust and secure frameworks for deploying public bioinformatics services, virtualisation and cloud computing, database administration, software development, communications, authentication, desktop management, platforms for web services, website management, user experience design, web development and IT infrastructure management.
Four years ago, the EMBL-EBI IT department embarked on a journey to improve its efficiency and productivity by establishing a formal and strategic approach to design, deliver, manage, and continuously improve the IT services it provides, in order to align with the organisation's strategic goals and focus on user needs.
Selecting the right ITSM framework The first step of our ITSM initiative was to select the right ITSM framework. An ITSM framework -a detailed method and a set of supporting tools -encompasses all procedures, processes, and policies that help organisations manage and deliver their IT service. We reviewed some of the most globally recognised ITSM frameworks: ITIL (Rudd, 2010), COBIT (Harmer, 2014), ISO/IEC 20000 (Clifford, 2011) and TOGAF (Desfray et al., 2014). The frameworks were useful and detailed, but it also seemed difficult to move from a very early maturity level to one at the level of these frameworks. Hence after reviewing FitSM (FitSM.eu, 2014), it seemed the right fit.
FitSM is a lightweight ITSM framework with 14 processes. It is an open standard developed taking research centres into consideration and it is compatible with ITIL, COBIT and ISO/IEC 20000 should we want to implement these frameworks in the future.
In order to construct an ITSM system based on the FitSM standard, we need to implement three levels: governance, control, and operational. The governance level involves top management and process owners, and includes the ITSM policy and other relevant policies, such as IT security, the ITSM plan on how to implement the overall ITSM system, process-specific plans, the communication plan, as well as the assessment program. At the control level are the process managers and process teams, as well as all the process definitions that outline the expected inputs, outputs, roles, and responsibilities. The operational level is made up of the teams and staff who create and implement the procedures.

Establishing the ITSM governance level
The governance framework provides a mechanism for senior management, as well as for team members at the operational level, to have a clear understanding and oversight of each other's expectations, objectives, performance, risk appetite, and reporting requirements. In addition, these aspects are effectively communicated to relevant persons in the organisation (Smith and Brooks, 2013).
Our first step was to use the FitSM-6 capability/maturity assessment tool to identify what our ITSM maturity level was, which turned out to mostly be initial, as there is some awareness, but not defined. We also decided to use it as a tool for future internal assessments.
Second, a simple ITSM governance structure was created, which optimised the use of existing ITSM governance structures in the EMBL-EBI IT department and clarified all ITSM roles in a way that facilitates the implementation of ITSM. The governance structure also considers the role model recommendations by FitSM (FitSM.eu, 2016) and the EMBL-EBI organisation model, which has a dominant rational component. As a rational model clearly defines roles and procedures, it is perfectly aligned with the intent of integrating an ITSM system. Figure 1 summarises the main elements of the ITSM governance structure.
For the third step, we created an ITSM problem statement to identify the issues that must be addressed by the ITSM system, and we created balanced scorecards (Kaplan and Norton, 1992) that considered perspectives from the financial, user, internal business process, and the innovation and learning aspects that are depicted in Figure 2. Next, we developed an ITSM policy that addressed the issues identified in the ITSM problem statement and helped us achieve the balanced scorecard targets. The policy structure has the following elements: a purpose, a motivation, a scope statement, an IT-business alignment and definition of objectives, a description of the process approach, commitment to continuous improvement, leadership and contact information, and policy revision plans.
As a fourth step in developing the governance framework, we conducted a stakeholder analysis (Mendelow, 1981) to identify the key actors in ITSM and assess their level of interest and power to influence the actions to be developed. We used this analysis to determine the engagement strategy with all stakeholders and how we could involve them in co-creating and delivering services.
In the fifth step, we developed specific process plans for the FitSM processes we considered to be the building blocks of our ITSM: Service Portfolio Management, Service Level Management, Service Reporting Management, Incident and Service Request Management, and Problem Management.  Finally, a communication plan was created to inform all stakeholders how, when, and why communication would occur around the ITSM system, rather than individual processes and services, which will be described elsewhere.
The start of the ITSM control level ITSM Control Frameworks are similar to Internal Control Systems in organisations, but instead of focusing on the overall activities, they focus on specific ITSM activities. Using the control framework, the organisation can establish processes that will assist it in making decisions and allocating resources to meet ITSM goals and objectives described in the IT Service Management Policy that support IT-Business alignment and try to fill service quality gaps.
In our case, we adapted the FitSM implementation template for a process definition (FitSM.eu, 2014) by adding a section with the overall process inputs and outputs, a section with a communication matrix for the process team and stakeholders, and a section on risk assessment for the process implementation using a SWOT analysis and an impact and probability matrix.
With the template in place, we defined the Service Portfolio Management process and Service Level Agreement process. The ITSM Committee made the decision that our department would create a Service Portfolio and a Service Catalogue internally, since our ITSM maturity level was still low and it was premature to invest in an ITSM platform. The ITSM Committee also decided to define a corporate Service Level Agreement (SLA) covering all IT services provided and to implement a triage system in Request Tracker, the ticketing system at the time. Thus, we focused on addressing the department's cultural change through FitSM training and incrementally introducing ITSM processes using well-known tools.

Setting up the ITSM operational level
Along with the internal development of the control level, the different teams in the IT department began identifying services and collecting and centralising step-by-step instructions in procedures that other colleagues could follow easily. The procedures were defined using the FitSM template (FitSM.eu, 2014), but workflows were added to make it more visual and taking into consideration that they would be useful if an ITSM software platform was implemented in the future.
Having procedures documented allowed teams to delegate simple tasks to junior members, and repetitive tasks were automated using in-house development tools.
Evolving the ITSM governance, control and operational levels Two-and-a-half years after we started our ITSM journey, we had reached a maturity level that prompted the IT department to consider other options, such as centralising information in a way that it is easy to read and understand, expanding selfservice opportunities, taking advantage of automation, and incorporating governance into change management.
At the time the IT department used a combination of software products and services to track incident and user requests (mainly Request Tracker), share knowledge (Wikis, Confluence, Google Docs, and the intranet content database), the internally developed Service Portfolio and Service Catalogue, and internally developed service monitoring and service request management.
The number of tools we had made it difficult to integrate and centralise management to benefit our users' experience and IT team's productivity. Furthermore, the current tools could not meet previous requirements such as implementing SLAs and producing reports. That's when we decided to search for an ITSM software platform.

Choosing the right platform for ITSM implementation
The ITSM Committee of the IT department evaluated five ITSM platforms based on their Gartner Magic Quadrant For ITSM Tools score (Doheny et al., 2019), recommendations from similar research supporting organisations and their professional experience with them.
The assessment took about three and a half months and included establishing requirements, demos, forming working groups, facilitating workshops, testing, and extensive communication and meetings to clarify requirements and scope, exploring solutions with regard to the tool and accompanying training, business implementation, and meetings with similar organisations.
The full list of requirements that we shared with different ITSM software platform providers can be seen in Table 1.

Requirement type
We eventually selected ServiceNow as the ITSM platform because it meets our requirements, it follows the ITIL framework which is compatible with FitSM by simplifying its implementation, is financially sustainable, has a pool of experts and staff trained to support it (including staff among the IT department who have used it in other companies and similar organisations), and is modular and flexible. Also, despite being outside the scope of the project, it was also considered as a potential resource for other EMBL-EBI departments in the future.

ITSM platform proof of concept
In view of the limited ServiceNow expertise of the EMBL-EBI IT department, we decided to start the implementation with a proof of concept, together with a ServiceNow Implementation Partner, Engage ESM.
Development of the proof of concept took two and a half months. It covered the following areas: Core system setup and core data, Authentication design, Service Portal (the ServiceNow equivalent of the Service Portfolio and the Service Catalogue), implementation of a corporate Service Level Agreement, Service Request management, Incident and Problem management, Change management, basic knowledge base creation, and reporting.
In addition to the functionality in scope, information assets were created to support the proof of concept that were extremely valuable for documenting the ITSM processes. As an example, a matrix for incidents categories and assignment groups.
Creating a basic Configuration Management Database was initially also in scope but was not achieved as time constraints meant priority was given to finishing work on other areas and learning more about how to integrate legacy systems and automate tasks.
Also, it must be mentioned that we faced some challenges during the proof-of-concept development due to the pandemic situation in 2021, since the team was working fully remotely, which presented challenges for clear and efficient communication with all the stakeholders.

ITSM platform implementation current and future work
Having completed the proof-of-concept phase, our platform was one step closer to being offered to the users of the IT services and the IT department staff.
When evaluating how the ITSM platform should be implemented, we have always considered which would be the processes that would create the greatest value for the end users and increase efficiency for the IT department. Hence, the current steps for the fully in-house development of ServiceNow involve building a comprehensive user-facing knowledge base as well as replacing our current RT-based ticketing system with a basic Service Portal, which allows end-users to report incidents and submit service requests.
It is important to note that a comprehensive knowledge base was not one of our initial goals, but this changed in response to suggestions from organisations using mature ServiceNow platforms, stressing how up-to-date instructions and information can empower end users to resolve issues themselves without contacting the IT department, thus saving IT support effort.
Configuration management is one of the first processes that many IT department members were focused on. Despite exploring autodiscovery for our configuration management database, we discussed it with other organisations (RIs and private companies) who recommended we not consider it a priority at this stage of our ITSM maturity level, since the effort would outweigh the benefits.
In the future, we are planning to develop a more comprehensive Service Portal that will allow granular types of incidents and service requests to be defined, as well as fully fledged problem and change management processes.

Conclusion
In this document, we present an example of the steps and results of the formal and strategic approach adopted by EMBL-EBI's IT department for designing, providing, managing, and continuously improving IT services aligned with business goals. In order for an ITSM system to be successful, it should be based on standards that consider the ITSM maturity level of the organisation, a solid governance framework, a well-established control framework, and an operational level that is backed by a technology platform that standardised and simplified ITSM tasks while also providing a user-oriented interface. We have shared an example of how to select an ITSM standard, a governance structure, a control, and an operational level, as well as the requirements considered to select a software platform and the steps to follow in order for other organisations to benefit from our experience.

Data availability
No data are associated with this article.