ARTÍCULO ORIGINAL

 

DOI: 10.17533/udea.redin.n77a15

 

How small and medium enterprises can begin their implementation of ITIL?

 

¿Cómo pueden empezar las PYMEs la implementación de ITIL?

 

 

Jose Antonio Calvo-Manzano^1*, Lohana Lema-Moreta¹, Magdalena Arcilla-Cobián², Juan Luis Rubio-Sánchez³

¹Escuela Técnica Superior de Ingenieros Informáticos, Universidad Politécnica de Madrid. Campus de Montegancedo s/n. C. P. 28660. Boadilla del Monte, España.

²Escuela Técnica Superior de Ingeniería Informática, Universidad Nacional de Educación a Distancia. C/ Juan del Rosal, 16. C. P. 28040. Madrid, España.

³Escuela de Ciencias Técnicas e Ingeniería, Universidad a Distancia de Madrid. Carretera de La Coruña, Km 38, 500, Vía de Servicio, 15. C. P. 28400. Collado Villalba, España.

* Corresponding author: Jose Antonio Calvo Manzano, e–mail: joseantonio.calvomanzano@upm.es

 

ISSN  0120–6230

e–ISSN 2422–2844

 

(Received March 17, 2015; accepted July 8, 2015)

 

 

---

ABSTRACT

Sequencing of Information Technology Infrastructure Library (ITIL) processes related to their order of implementation is one of the pending issues in the ITIL handbooks. Other frameworks and process models related to service management (e.g., COBIT, COSO and CMMI-SVC) are quite well described in the literature and their handbooks. However, the identification of the first process to be implemented has not been deeply analysed in the previous frameworks and models, and it is also a complex question to answer for organizations, especially Small and Medium Enterprises (SMEs). Moreover, SMEs are the organizations that have the largest presence in the world economy; official data of General Business Directory, show that their range of presence in different countries around the world is between 93% and 99%, and the average of employment contribution is around 60%. Consequently, the improvement of information technology service management is of vital importance to accomplish in this type of enterprises. This research has focused on two surveys that aim at helping SMEs to select the ITIL process by which starting the implementation of ITIL. In the first survey, data were gathered through a questionnaire to SMEs registered in the region of Madrid. The second survey obtained data from experts and enterprises in countries as Spain, Ecuador, Chile, Luxembourg, Colombia, Norway, El Salvador, and Venezuela. Finally, the results of both surveys show that the tendency for starting an ITIL implementation in SMEs points to one of the processes included in the Service Operation.

Keywords: ITIL, SMEs, implementation sequence, questionnaire, survey, ITSM

---

RESUMEN

La secuenciación de los procesos de la Biblioteca de Infraestructura de Tecnologías de Información (ITIL) en cuanto a su orden de implementación es un aspecto no abordado en sus libros. Otros marcos de trabajo y modelos de proceso relativos a la gestión de servicios (p.ej., COBIT, COSO y CMMI-SVC) son suficientemente explicados en la literatura y en sus libros guía. Sin embargo, la identificación del primer proceso a implementar no ha sido analizada en produndidad en los marcos de trabajo y modelos anteriores, y es también una pregunta difícil de contestar por las organizaciones, especialmente por las pequeñas y medianas empresas (PYMEs). Las PYMEs son organizaciones que tienen una abrumadora presencia en la economía mundial; los datos oficiales del Directorio Central de Empresas muestran que su rango de presencia en diferentes países alrededor del mundo es entre el 93% y el 99% del total de empresas legalmente registradas, y el promedio de contribución al empleo es alrededor del 60%. En consecuencia, la mejora de la gestión de servicios de tecnología de la información en este tipo de empresas es un asunto imperativo de lograr. Esta investigación se ha enfocado en dos estudios cuyo objetivo es ayudar a las PYMEs a seleccionar el proceso de ITIL por el que podrían comenzar a implementar ITIL. En el primer estudio, los datos fueron recogidos mediante una encuesta aplicada a PYMEs registradas en la Comunidad Autónoma de Madrid. El segundo obtuvo datos de empresas y expertos de países como España, Ecuador, Luxemburgo, Chile, Colombia, Noruega, El Salvador y Venezuela. Finalmente, los resultados de ambos estudios muestran que la tendencia para iniciar una implementación ITIL en las PYMEs apunta a uno de los procesos incluidos en la Operación del Servicio.

Palabras clave: ITIL, PYMEs, secuencia de implementación, cuestionario, encuesta, ITSM

---

1. Introduction

Since the 80s, software industry has emerged as a very significant economic activity around the world. The presence of the IT (Information Technology) area in enterprises has become imperative. A great number of enterprises (micro, small and medium-sized, SMEs) that make use of technology are starting up [1, 2]. Moreover, SMEs are becoming a major economic force in many countries, and they are also considered by other sectors of industry as valuable providers of products and services [3, 4]. Therefore, enterprises increase their IT investments in order to achieve a strategic advantage in the market. For instance, 13% of enterprises surveyed by [5] considered IT as a core for their business whereas 34% of enterprises did not consider IT as their central business, but rather as an important factor to improve their whole business operation.

Regarding the contribution of SMEs to the world economy, the continuous interest of SMEs in the quality of their products [6], which force them to find ways to strengthen their work, is both remarkable and comprehensible. Organizations are depending more and more on IT services to satisfy their business objectives and to cover their business needs [7-9]. This is the point where the Information Technology Service Management (ITSM) approach proposes to establish canons of quality to ensure product performance and to meet customer expectations through the implementation of efficient service management practices. Software products need to fulfill their mission properly [10]. Thus, ITSM is becoming an important factor for the success of many organizations.

A great number of ITSM standards and models have emerged in order to provide guidance on how services can be managed effectively during their life cycle [11]. Some of the main service management frameworks/standards and models are: Information Technology Infrastructure Library (ITIL) [12-16], Control Objectives for Information and related Technology (COBIT) [17, 18], Committee of Sponsoring Organizations of the Treadway Commission (COSO) [19], and CMMI for Services (CMMI-SVC) [20, 21]. These frameworks and models may assist organizations in implementing appropriate programmes and controls to mitigate risks [22]. Implementation of any quality standard, norm or model represents a big challenge for SMEs where the structure is considered small by definition (1 to 249 employees) and people are fully dedicated to pressing matters related to the tight deadlines generally attached to production tasks [23]. Despite the implementation of standards/norms, issues cannot be attributed only to characteristics of SMEs; high costs and extensive definitions of standards are evidences that they were not created to be implemented in this type of enterprise [8], although there are some approaches in different fields (e.g., related to IT Governance and SMEs [24], and governance and cloud computing services in healthcare [25]). A certification process may be unattainable for SMEs; implementation of all processes stated by selected standard/norm is a demanding process that requires technical and managerial resources [26]. However, this does not mean that SMEs cannot develop the needed capabilities to become a competitive and distinctive service provider even without certification [27]. Well-established good practices might be one place to look for help. Mentioned frameworks are considered to be a powerful tool for ensuring compliance and proper IT operation in modern organizations [28]. ITIL represents a set of processes that have been successfully proved and used by multiple enterprises, and therefore, they are considered good practices for ITSM, which is widely used at the international level.

The issues described previously have led to the need for a research in order to find a sequence or order for implementing the ITIL processes. This research addresses the implementation sequence of ITIL processes in SMEs from two surveys carried out at the Universidad Politécnica de Madrid UPM), the Universidad Nacional de Educación a Distancia (UNED), and the Universidad a Distancia de Madrid (UDIMA).

This paper is organized as follows. First, the research methodology is presented. Then, a brief description related to the main service management frameworks and models is given. Next, the surveys carried out and the results obtained are described. Finally, the conclusions are presented.

2. Research methodology

Once the main points have been addressed focusing on SMEs and their difficulty to increase quality through the implementation of any standard, this paper starts with a comprehensive study of the main ITSM standards/frameworks and process models. This first activity provides the answer to which standard or process model is going to be selected in order to implement the processes related to service management.

Once the specific process model was selected (ITIL in our case), two surveys were carried out in parallel. Their aims were to determine the appropriate ITIL processes (in the sense of order/sequence) to be implemented in SMEs. The two surveys were: 1) ITIL use and future implementations in SMEs in the region of Madrid, Spain (Survey One); 2) Experts' criteria (considering experts as professionals in software engineering, software engineering teachers, etc.) and ITIL implementation cases carried out in enterprises that have not been presented in scientific publications (Survey Two).

Finally, results from both surveys were analyzed and solutions were provided.

3. ITSM frameworks and process models

The need to provide a service operation aligned with the business requirements has become a requirement within enterprises. A variety of standards and process models for services with different structures are presented in the following paragraphs.

3.1. COBIT

Control Objectives for Information and related Technology (COBIT) is a comprehensive framework that helps enterprises to achieve their goals and deliver value through effective governance and management of IT [17]. COBIT 5 is the latest version and it appeared in 2012. It helps enterprises to create optimal value from IT by maintaining a balance between realizing profits and optimizing risk levels and resources. For this purpose, five key principles were defined (meeting stakeholder needs, covering the enterprise end to end, applying a single integrated framework, enabling a holistic approach, and separating Governance from Management). Based on the five principles, COBIT 5 provides guidance, structure and tools to help enterprises effectively govern and manage IT [17]. Additionally, 17 generic corporate goals and 17 generic IT goals are defined. However, COBIT 5 framework does not suggest any implementation sequence based on any enterprise factor, such as size.

3.2. COSO

COSO (Committee of Sponsoring Organizations of the Treadway Commission) is a joint initiative of five private sector organizations dedicated to providing thought leadership to executive management and governance entities on critical aspects of organizational governance, internal control, enterprise risk management, fraud and financial reporting [19]. For this purpose, COSO suggests two frameworks: Internal Control Integrated Framework (ICF) and Enterprise Risk Management Integrated Framework (ERM). The COSO ICF is designed to provide ''reasonable assurance'' regarding the achievement of objectives related to enterprise operations, financial reporting reliability, application and regulation of laws, and safeguarding of assets. This is possible thanks to five interrelated components (control environment, risk assessment, control activities, information and communication, and monitoring) [19]. On the other hand, COSO ERM is the framework that expands on internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. Eight components of ERM (internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring) encompass the previous five components of the ICF while expanding the model to meet the growing demand for risk management. COSO framework does not suggest any implementation sequence based on any enterprise factor, such as size.

3.3. CMMI-SVC

Capability Maturity Model Integration (CMMI) is an evolution of the initial standard Capability Maturity Model (CMM) developed by the Software Engineering Institute (SEI) of Carnegie Mellon University in 1986. The Capability Maturity Model Integration for Services (CMMI-SVC) focuses on activities for providing quality services to customers and end users. CMMI-SVC integrates bodies of knowledge which are essential for a services provider. It was designed to improve mature service practices and contribute to the performance, customer satisfaction, and profitability of the economic community [20]. CMMI-SVC is composed of 24 processes that are characterized by specific goals and specific practices, considering that some generic goals and generic practices can be used for all the processes. Processes can be implemented through two representations: continuous representation, which is concerned with selecting both a particular process area to improve and the desired capability level for that process area, and the staged representation, which is concerned with the overall maturity of the organization [20]. The structure of this maturity model is considered closed-fitting because the levels defined in both representations determine the processes that should be implemented. As a result, processes implementation sequence is not decided according to the enterprise's needs and/or capabilities or particular characteristics. CMMI-SVC's structure does not consider the enterprise's size as a factor to define their levels, hence it will be hard for SMEs to complete the implementation.

3.4. ITIL

In the 80s, many experts needed to explore more in depth the concept of Information Technology Service Management (ITSM). From this need, the Information Technology Infrastructure Library (ITIL) emerged. ITIL provides guidance to services providers on the provision of quality IT services, and on the processes, functions and other capabilities needed to support them. It is globally recognized as the best practices framework. ITIL's general opinion is that it provides a set of processes and procedures that are efficient, reliable and adaptable to organizations of all sizes, enabling them to improve their own service provision [12]. The standard to be achieved and maintained through ITIL is ISO/IEC 20000 [26]. The latest version of ITIL is based on a service lifecycle that is described in a set of five core publications that contain some processes for provision and high quality service support [26]. The useful body of knowledge for achieving the standard is described in the five stages of ITIL service life cycle which uses a hub-and-spoke design, that is: Service Strategy at the hub, Service Design, Service Transition and Service Operation as the revolving lifecycle stages or ''spokes'', and Continual Service Improvement surrounds and supports all stages of the service lifecycle. Each stage has influence on the others and relies on them for inputs and feedback [12]. Throughout the service lifecycle, checks and balances, ITIL ensures that as business demands changes with business needs, the services can be adapted and respond effectively. ITIL lifecycle ensures that ITIL embraces a practical approach to Service Management based on a single aim: delivering value to the business. As ITIL handbooks do not specify that they are created for SMEs, ITIL is considered a framework with an open structure, which means certain flexibility at the moment of implementation.

3.5. Final considerations related to standards and process models

As mentioned previously, standards/frameworks and process models describe conceptually ''what'' is important to do in order to establish, manage and deliver services that meet or exceed customer needs. In some cases (e.g., CMMI-SVC), the order of implementation is established by levels. This way of implementation means that it is mandatory to fully implement a level in order to access the next level, but the standards and process models do not say anything about what should be the first process to be implemented at each level. This situation is really difficult for SMEs to manage.

In any case, there are two main reasons why we have chosen ITIL as our base model:

• The first one is that it is specifically focused on service management, and therefore, it provides organizations the best practices for implementing an adequate service management.

• The second one is that it is used by thousands of every size organizations around the world [29-32].

Accordingly, and taking into account that ITIL is the process model that has been selected, selection of the first process to be implemented is the first challenge that an SME faces [33]. To the best of the author's knowledge there is no systematic review related to getting a sequence of processes in order to begin the implementation of ITIL.

Two surveys were carried out in order to answer this question (which is the first (service management) process to be implemented in an SME?).

4. Surveys

A survey can characterize the knowledge, attitudes, and behaviors of a large group of people through the study of a subset of them. For this reason, surveys are used extensively by software and systems engineering organizations to provide insight into complex issues, assist with problem-solving, and support effective decision making [34].

As mentioned previously, two surveys have been carried out as part of this research. Two questionnaires were sent, taking into account that the target audience was different.

• Survey One was carried out in the region of Madrid (called Comunidad de Madrid –CAM by its Spanish acronym), Spain.

• Survey Two was carried out by sending mails to personal contacts and the itSMF Spain (IT Service Management Forum Spain). Participants from Spain, Ecuador, Chile, Luxembourg, Colombia, Norway, El Salvador and Venezuela answered the questionnaire.

4.1. Survey One

As indicated by the Industry Ministry of Spain [35], there are almost 500.000 SMEs in the CAM and about 60% of them have only self-employed personnel. 200.000 companies have at least one employee besides the owner. In these 200.000 companies, we find more than 25.000 with 10 or more employees, which represent more than 10%.

It is important to stress that values for error and confidence level were fixed at the beginning of the process, so the survey remained opened until these ratios were reached. This means that the range of date was classified as undefined and it was closed as the error and confidence levels were reached.

The importance of an error value of 8.5% may seem really big, but it is not, due to the fact that responses are fixed at 1, 2 and 3 as we will see later on. The percentages of error should be interpreted, as the response is in the interval 2±0.17, which still avoids overlapping with the rest of the intervals for responses 1 and 3.

Fact sheet

• Objective: to determine which ITIL processes are being used in the enterprises, and which ITIL processes will be implemented in the future.

• Scope: CAM.

• Universe: companies from 1 to 250 employees, located in CAM, from any sector (excluding the self-employed).

• Type of survey: web questionnaire sent by e-mail with automatic response reception.

• Format: web.

• Range of date: 19^th May 2014 to 8^th June 2014.

• Sent to 150 companies.

• Minimum number of responses: 60

• Obtained responses: 64.

• Confidence level: 90%.

• Population: 200.000 companies.

• Error: <8.5%

• Sample selection: random

The questionnaire was available on a web platform, and the link was sent by e-mail. It was based on a list of questions about each ITIL process in order to know if they are already implemented or will be implemented in a short-term. The responses were automatically stored in a database so the more responses we received, the richer the database was. In order to simplify the responses, a scale from 1 to 3 was identified as follows: 1) no answer or totally discharged; 2) planned medium term (1 year or more); and 3) implemented or planned short term (less than 1 year ahead). The director responsible of the enterprise should answer by clicking on the first, second or third toggle as indicated in the instructions. The companies that fulfilled the survey are related to the industries shown in Table 1.

Although the purpose of the survey was not to analyze the situation of ITIL implementation in the different industries, it is possible to indicate that the closer the industry is to technology, the better implementation of ITIL processes.

Detailed Description of the Survey

The survey includes several pages. There is an initial page asking about each of the processes related to the Service Strategy stage (Strategy Management for IT Services, Service Portfolio Management, Financial Management for IT Services, and Demand Management). Once this page was filled in, the remaining questions were about the rest of the ITIL stages (Service Design, Service Transition, Service Operation, and Continual Service Improvement) and, therefore, their processes. For the Service Design stage, the processes were Design Coordination, Service Catalogue Management, Availability Management, Service Level Management, IT Service Continuity Management, Information Security Management, Supplier Management, and Capacity Management. For the Service Transition stage, the processes were Transition Planning and Support, Change Management, Release and Deployment Management, Service Validation and Testing, Service Asset and Configuration Management, Change Evaluation, and Knowledge Management. For the Service Operation stage, the processes were Problem Management, Access Management, Event Management, and Request Fulfillment. For the Continual Service Improvement, the process was the Seven-Step Improvement Process, and Reporting Data on Services. The responses for each of the processes were 1, 2 or 3 (as previously indicated).

It is important to point out that ITIL processes were not completely mapped in the survey. Due to the fact that most SMEs are not familiar enough with the lexical of ITIL, it was decided to make some slight modifications to the questions (compared with the official list of ITIL processes). For instance, many companies did not know the difference between an incidence, a request, and a problem. The interpretation was that an incidence was similar to a problem and it always brings up a request for a solution. So, all of them were grouped into the Problem Management process.

Survey Results

After the survey was carried out, the data were analyzed (see Figure 1 for processes in the short term and Figure 2 for processes in the short, mid and long term), and the answers to the questions (i.e., processes) in the survey were the following:

• Top-three processes, classified by number of answers, that are used in the enterprises or that are planned to be implemented in the short term are: 1) Seven-step improvement process; 2) Request Fulfillment; and 3) Problem Management (note that this process includes incidence, request, and problem).

Due to the design of the responses, we cannot distinguish whether the process is already being used or will be implemented in the short term.

• Future ITIL processes to be implemented are classified in two groups (in Figure 2, see bars filled with vertical lines for mid-term and horizontal lines for long-term):
  • Top-three processes (see bars filled with vertical lines in Figure 2), classified by number of answers, that are planned medium term are: 1) Knowledge Management; 2) IT Service Continuity Management, Supplier Management, and Change Evaluation; and, finally, 3) Design Coordination, Information Security Management, and Event Management.

  

  • Top-three processes (see bars filled with horizontal lines in Figure 2), classified by number of answers, with no answer or totally discharged are: 1) Strategy Management for IT Services; 2) Event Management; and 3) Service Level Management.

Due to the design of the responses, we cannot distinguish whether the process is totally discharged or with no answer.

4.2. Survey Two

Fact sheet

• Objective: to know which is the order for implementing the processes of ITIL in SMEs according to experts (professionals in software engineering, software engineering teachers, etc.) from the point of view of themselves, and/or from the point of view of their company.

• Scope: Worldwide.

• Universe: Worldwide Experts and Enterprises.

• Type of survey: web questionnaire.

• Survey Name: Exploratory Study: ITIL For Small and Medium enterprises

• Format: web.

• Range of date: 19th May 2014 to 8th June 2014.

• Minimum number of responses: Not applicable.

• Obtained responses: 40.

• Sample selection: random

• The questionnaire was available on a web platform and the link was sent by e-mail. The responses were automatically stored in a database so the more responses we received, the richer the database was. In most cases, respondents were personal contacts of the authors of this research. It means that all of them are working or conducting research in topics related to ITIL, and most of them get the Foundation certify. Participants in Survey 2 are shown in Figure 3, where the sum of % respondents (bars filled with upward diagonal lines) is 100%, and % Experts (bars filled with vertical lines) and % Companies (bars filled with horizontal lines) are relative to the % respondents in each country.

Detailed Description of the Survey

The questionnaire was created with the Lime Survey platform, which enables the construction of electronic online questionnaires. In the survey, a set of introductory and sample data is formulated, including the country of the respondent. In addition, the experts were asked to choose whether they were answering as individual experts or in the name of the company where they are working for. The respondents were in all cases chosen because of their expertise, experience, and we believe that (given that all respondents were personal contacts) they may present comparable levels of knowledge or expertise in the topic.

After, a list of the ITIL processes was presented (related to Service Strategy, the processes are Service Portfolio Management, Financial Management for IT Services, and Demand Management; related to Service Design, the processes are Service Catalogue Management, Service Level Management, Availability Management, Capacity Management, Information Security management, IT Service Continuity Management, and Supplier Management; related to Service Transition, the processes are Change Management, Service Asset and Configuration, Release and Deployment Management, and Knowledge Management; related to Service Operation, the processes are Event Management, Incident Management, Request Fulfillment, Problem Management, and Access Management; and related to Continual Service Improvement the process is the Seven-step improvement process), and the experts were asked to choose 3 to 5 processes from that list prioritized by implementation number order (i.e., the fist one would be the first process to be implemented, and so on). Finally, the expert was asked to provide the criteria used for selecting these processes. After these steps, the survey was completed.

Detailed Description of the Survey

The results show that Incident Management was selected as the first process to be implemented according to eight respondents (see Figure 4, and the bars filled with upward diagonal lines in Figure 5).

The second process in order of implementation, according to nine respondents, was: Service Level Management, and Service Catalogue Management (see bars filled with vertical lines in Figure 5). Finally, the third process was Service Asset and Configuration Management Process by seven respondents (see bars filled with horizontal lines in Figure 5).

Regarding the criteria followed by respondents to decide the order of prioritization, the respondents defined 10 criteria, although sometimes more than one criterion was sometimes mentioned per response and one criterion was explicitly specified six times. Thus, Quick Wins is the criterion most suggested by experts; as well as Strengthen Service Support, Customer Services and Demands Prioritization.

5. Conclusions

From experience, it is well known that there are three approaches used to start an ITIL implementation:

• The technical approach centers on Capacity Management, Availability Management and IT Service Continuity processes because these processes allow the enterprise to operate in a stable and predictable way (service delivery efficiency).

• Another approach is the management approach which centers on Incident and Problem Management processes (Service Desk) because these processes allow improving customer centricity.

• Finally, the Service Charge Back approach centers on paying for IT services based on use and other criteria and, for this purpose the Financial Management of IT Service process is suggested.

The results obtained using these two surveys are related closely to the management approach. The reason is very simple: these processes show results more quickly than other processes related to the ITIL life cycle, especially from the customer perspective.

As future lines of investment, it would be interesting to define some ''agile'' practices/processes in order for SMEs to tailor them easily. Moreover, the idea of developing platforms and tools that support SMEs in their implementation of ITIL could be analyzed further.

6. References

1.  L. Márquez, I. Martínez, E. Sanjuan and C. Suárez, ''Efecto de las TIC sobre el comercio y el desarrollo económico. Análisis para el caso de España'', Estudios de Economía Aplicada, vol. 25, no. 1, pp. 313-340, 2007.         [ Links ]

2.  M. Gorriti and J. Ruiz, ''La contribución de las TIC al crecimiento económico en España y los retos del sector'', Presupuesto y gasto público, no. 39, pp. 243-266, 2005.         [ Links ]

3.  F. Pino, F. García and M. Piattini, ''Software process improvement in small and medium software enterprises: a systematic review'', Software Quality Journal, vol. 16, no. 2, pp. 237-261, 2008.         [ Links ]

4.  M. Estayno, G. Dapozo, C. Greiner, L. Cuenca and S. Pelozo, ''Caracterización de las pymes de software de la región NEA orientada hacia un marco de mejora de calidad'', in XV Congreso Argentino de Ciencias de la Computación, San Salvador de Jujuy, Argentina, 2009, pp. 901-910.         [ Links ]

5.  K. Huang, ''Towards An Information Technology Infrastructure Cost Model'', M.S. thesis, Massachusetts Instítute of Technology, Cambridge, USA, 2007.         [ Links ]

6.  T. Lucio, R. Colomo, P. Soto, S. Popa and A. Amescua, ''Implementing an IT service information management framework: The case of COTEMAR'', Int. J. Inf. Manag., vol. 32, no. 6, pp. 589-594, 2012.         [ Links ]

7.  B. Johnson and J. Higgins, ITIL and the Software Lifecycle: Practical Strategy and Design Principles, 1^st ed. Zaltbommel, Netherlands: Van Haren Publishing, 2007.         [ Links ]

8.  Office of Government Commerce (OGC), ITIL Managing IT Services: Service Delivery. London, UK: The Stationery Office (TSO), 2001.         [ Links ]

9.  Office of Government Commerce (OGC), ITIL Managing IT Services: Service Support. London, United Kingdom: The Stationery Office (TSO), 2001.

10.  H. Oktaba, ''Moprosoft: El nuevo modelo que impondrá una norma mexicana para la calidad de la industria del software'', Boletín IIE, vol. 27, no. 3, pp. 81-83, 2003.         [ Links ]

11.  C. Pardo, F. Pino, F. García, M. Piattini and M. Baldassarre, ''An ontology for the harmonization of multiple standards and models'', Computer Standards & Interfaces, vol. 34, no. 1, pp. 48-59, 2012.         [ Links ]

12.  Cabinet Office, ITIL® Service Strategy, 2^nd ed. Norwich, UK: The Stationery Office (TSO), 2011.         [ Links ]

13.  Cabinet Office, ITIL® Service Design, 2^nd ed. Norwich, UK: The Stationery Office (TSO), 2011.         [ Links ]

14.  Cabinet Office, ITIL® Service Transition, 2^nd ed. Norwich, UK: The Stationery Office (TSO), 2011.         [ Links ]

15.  Cabinet Office, ITIL® Service Operation, 2^nd ed. Norwich, UK: The Stationery Office (TSO), 2011.         [ Links ]

16.  Cabinet Office, ITIL® Continual Service Improvement, 2^nd ed. Norwich, UK: The Stationery Office (TSO), 2011.         [ Links ]

17.  Information Systems Audit and Control Association (ISACA), COBIT® 5: A Bussiness Framework for the Governance and Management of Enterprise IT. Rolling Meadows, USA: ISACA, 2012.         [ Links ]

18.  Information Systems Audit and Control Association (ISACA), COBIT® 5 - Executive Summary. Rolling Meadows, USA: ISACA, 2012.         [ Links ]

19.  S. Dawson and S. McCallum, ''COSO Releases for Public Comment Internal Control over External Financial Reporting: Compendium of Approaches and Examples'', Committee of Sponsoring Organizations (COSO), New York, USA, 2012.         [ Links ]

20.  CMMI Product Team, ''CMMI for Services, Version 1.2'', Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA, Tech. Rep. CMU/SEI-2009-TR-001, Feb. 2009.         [ Links ]

21.  CMMI Product Team, ''CMMI for Services, version 1.3'', Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA, Tech. Rep. CMU/SEI-2010-TR-034, Nov. 2010.         [ Links ]

22.  C. Casado, A. Hernández, R. Colomo and P. Soto, ''Personnel Performance Appraisal Coverage in ITIL, COBIT and CMMi: A Study from the Perspective of People-CMM'', International Journal of Knowledge Society Research, vol. 2, no. 2, pp. 59-70, 2011.         [ Links ]

23.  N. Habra, S. Alexandre, J. Desharnais, C. Laporte and A. Renault, ''Initiating software process improvement in very small enterprises: Experiences with a light assessment tool'', Information and Software Technology, vol. 50, no. 7-8, pp. 763-771, 2008.         [ Links ]

24.  S. Dzombeta, V. Stantchev, R. Colomo, K. Brandis and K. Haufe, ''Governace of Cloud Computing Services for the Lifes Sciences'', IT Professional, vol. 16, no. 4, pp. 30-37, 2014.         [ Links ]

25.  H. Garbarino, ''IT Governance and Human Resources Management: A Framework for SMEs'', International Journal of Human Capital and Information Technology, vol. 4, no. 3, pp. 40-57, 2013.         [ Links ]

26.  L. Selm, Information Technology Service Management Forum (itSMF), ISO/IEC 20000 – Una introducción. Madrid, Spain: Van Haren Publising, 2008.         [ Links ]

27.  F. Scalone, ''Estudio Comparativo de los modelos y estándares de calidad del software'', M.S. thesis, Universidad Tecnológica Nacional, Buenos Aires, Argentina, 2006.         [ Links ]

28.  L. Stantcheva and V. Stantchev, ''Addressing Sustainability in IT-Governance Frameworks'', Int. J. of Hum. Cap. and Inf. Technol. Prof., vol. 5, no. 4, pp. 79-87, 2014.         [ Links ]

29.  M. Winniford, S. Conger and L. Erickson, ''Confusion in the Ranks: IT Service Management Practice and Terminology'', Inf. Sys. Management., vol. 26, no. 2, pp. 153-163, 2009.         [ Links ]

30.  Axios Systems, ITIL adoption surges despite confusion, says Axios survey, 2008. [Online] Available: http://www.axiossystems.de/en/news/detail.html/211. Accessed on: Sept 23, 2015.         [ Links ]

31.  R. Espindola, E. Luciano and J. Audy, ''An overview of the adoption of IT Governance models and software process quality instruments at Brazil: preliminary results of a survey'', in 42^nd Hawaii International Conference on System Sciences (HICSS), Big Island, USA, 2009, pp. 1-9.         [ Links ]

32.  A. Hoerbst, W. Hackl, R. Blomer and E. Ammenwerth, ''The status of IT service management in health care – ITIL® in selected European countries'', BMC Medical Informatics and Decision Making, vol. 11, no. 76, pp. 2-12, 2011.         [ Links ]

33.  N. Figuerola, ITIL V3 ¿Por dónde empezar?, 2012. [Online] Available: https://articulosit.files.wordpress.com/2012/07/itil-v33.pdf. Accessed on: Sept 23, 2015.         [ Links ]

34.  M. Kasunic, Designing an Effective Survey. Pittsburgh, USA: Carnegie Mellon University, Software Engineering Institute, 2005.         [ Links ]

35.  Ministerio de Industria, Energía y Turismo, ''Estadísticas PYME. Evolución e Indicadores'', Ministerio de Industria, Energía y Turismo, Madrid, Spain, 2013.         [ Links ]