This paper presents the process-oriented digital transformation within the Agencia Digital de Andalucía, focusing on the standardization of ITIL-aligned processes and the challenges and dificulties of implementing a centralized ICT management model in a complex public sector environment. Focuses on the deployment management and change enablement processes and presents detailed lessons learned as a valuable contribution. The Andalusian Digital Agency (ADA) is a body of the Andalusian Regional Government. Its digital services are addressed to citizenship and mission focussed on the digitalization of the andalusian society and public administration. The resources managed or influenced by the ADA are extensive and diverse. They include improvements to digital infrastructures, as well as specialized networks such as the Health Emergency Network. ADA manages significant corporate systems for citizen engagement and internal administration, including Junta de Andalucia website with more than 50 millions visits annually, the virtual ofice of the public administration (VEAJA) which registered more than 1.140.000 submmissions in 2023 [1] and the Digitization of many sector-specific services in key areas, reflecting the large volume of technological resources under its scope of action.
ADA is conducting a meaningful internal digital transformation process [
These processes integrate information and communication technology competence with the aim of consolidating a shared vision among its diferent organisms and efectively managing the increasing demand for digital services. ADA works to make uniform and converge the diferent technological solutions, as well as the methodologies and functions in use, in order to improve turnaround times, minimizing costs, time and efort in the implementation of the technological solutions.
The new organization has migrated from a distributed information technology (IT) model to a centralized one with the aim of improving services, reducing costs, and unifying technological management. This shift involves reorganizing resources, redefining access, and transforming the development models of each ministry into a single, unified system - facing challenges such as increased risk in the event of failures, staf adaptation, concern of union and political constraints. Centralization can cause service interruptions and requires balancing eficiency with respect to local particularities. In addition, it involves integrating complex legacy systems, ensuring cyber-security, managing hidden costs, and carefully planning to avoid cost overruns and failures. Standardization extends beyond infrastructure; it demands transforming processes, organizational culture, and legislation, ensuring a clear vision and objectives, always focused on improving citizen services. Therefore, it is essential to map and redesign processes, manage exceptions efectively, and secure political support in order to build a more eficient, agile, and citizen-focused public administration.
Although IT centralization may aim for uniformity and greater control in Public Administration, the risks associated with the legal framework, organizational resistance, citizen impact, and technical complexity are especially significant and require exceptional planning, communication, and change management to have any real chance of success.
The paper is structured as follows. Section 1 summarizes the digital transformation of ADA and
explains the complexity of changes in the regional government. Section 2 provides details on a key
process, deployment management, following the lifecycle of BPM proposed by Marlon Dumas et al.[
The business process management lifecycle emphasizes that managing business processes is not a one-time project, but a continuous efort aimed at improving organizational performance. This lifecycle typically consists of six phases: 1. Process identification. This initial phase involves understanding an organization’s business processes, defining their limits, and identifying key processes that are strategically important or require improvement. 2. Process discovery. Once identified, processes need to be documented and understood in detail. This phase involves gathering information on how processes are currently executed and representing them using process modeling languages. 3. Process analysis. After modeling, processes are analyzed to identify weaknesses, bottleneck, ineficiencies, and nonvalue-adding activities. This phase can involve both qualitative analysis (e.g., interviews, workshops, checklists) and quantitative analysis (e.g., simulations, performance metrics) to understand the root causes of problems. 4. Process redesign. Based on the analysis, new and improved ways of executing processes are designed. This can involve various redesign techniques, such as eliminating unnecessary steps, resequencing activities, automating tasks, or changing organizational roles. The goal is to achieve specific improvement objectives, such as reduced costs, faster cycle times, or better quality. 5. Process implementation. In this phase, the redesigned processes are put into practice. This can involve changes in information technology systems (for example: implementing a Business Process Management System-BPMNS, organizational structures, job descriptions, and training for employees). 6. Process monitoring and control. Once implemented, processes need to be continuously monitored to ensure that they are performing as expected and to identify new opportunities for improvement.
In order to provide guidance for the efective management of information technology services (ITS),
several standards and process models related to Information Technology Service Management (ITSM)
have emerged [
Focusing on our daily work in the areas of tourism, culture, and sports, we have aligned our processes with ITIL v4.
In ITIL v4 there is a main change in the way to structure how to manage services versus previous versions such as ITIL v3. The main diference is the path from thinking in process to thinking in practices.A process is a part of a practice, while a practice is a flexible and complete approach to achive an objective, that may include many processes.From now on both term practice and process will be used in the same way, although they are diferent. In our context these diferences are not relevant.
ITIL framework does not suggest an implementation order for their processes. This decision
constitutes the first challenge that an organization must overcome when starting an ITIL implementation[
We center on Deployment management Practice, that is responsible for deploying the deliveries into production and establishing the efective use of the service in order to deliver value to the customer and allow the transfer of service operations. It is illustrated in 1. This practice works closely with change enablement practice,illustrated in ??, because deployments are a controlled way to introduce changes, and with configuration management, to maintain updated information technology infrastructure.
There are three actors in our Deployment management practice: • Development provider. They create the new version of software that must be deploy • QA Development Provider. They analyze the code to ensure the quality of the development is correct and the Quality Assurance Rules are fulfilled • Project Management Ofice. They analyze the code to ensure the deployment is correct.
The developer provider registers a delivery request and characterizes the software version and the parameters that conform the delivery. After that, the quality assurance ofice analyzes the code according to the quality assurance rules and creates a request for change to deploy the new version. If the deploymnet is correct, the project management ofice analyzes the deployment to verify the validity of it.
The Change enablement practice usually is invoked by other practices or it can be the resulting from other practice such as Service Catalog Management, Incident management, etc. This practice has been one of the most challenging to implement, as it requires diferent teams to start adopting a process-oriented culture and modify their operations to gradually adapt to a new way of working. Ongoing support and a guide on how to document actions have been necessary to foster a new process-based working culture. It is now starting to show results, one of the most notable being a reduction in response times for handling security cyber incidents, which unfortunately occur more often than we would like.
The operation of Change enablement practice is as follows: • Development project manager. He or she orchestrates the execution of the request for change. • Project management ofice. Afterwards, they review the request for change and ask the change authority to give them the authorization to carry out the change. • Change Authority : It is a person, a virtual group, an automated workflow, or a CAB-like body, depending on the situation. It is flexible and adapts to the type, risk, and impact of changes.
As we mentioned, the change enablement practice requires that diferent equipments start to adopt a process oriented culture and change their operation to get used gradually to a new way of work. Continuous support and a guide on how to document the actions were necessary to promote a new culture based on processes.
We need to improve the deployment management practice because the number of development providers’ deliveries per month were insuficient. It became necessary to identify bottlenecks since this was causing problems in terms of financial billing and visibility of the work being carried out.After addressing this process, we needed to have traceability of all changes and improve coordination between the diferent organizational areas. For this reason, the implementation of the Change enablement practice was undertaken.
It is very important to define the figure of a process/practice manager to take responsibility of the assurance that the process works without problems.
We conducted iterative monitoring to progressively improve the working relationship with providers. We needed to ensure that providers fulfill their Service Level Agreements (SLA).
After many iterations, it was observed that monthly deployment grew and there was a reduction of response time of development providers.
Another aspect that we must improve is to introduce the concept of package and unit delivery in order to better manage when we have a delivery of a complex information system. In Deployment management practice we have diferent concepts:
• delivery: Set of configuration elements, new or updated that are tested to deploy jointly in a production environment. • unit delivery: Part of the service or infrastructure included in a delivery according to the operation delivery rules.
• delivery package : It is a package of delivery units.
It is important to note that having a tool that supports the implementation of this process represents a significant step forward in embedding a process culture within the organization.
Redmine, illustrated in 3, is used for the implementation of the process. Redmine is a web-based
project management information system that includes a complete set of tools to collaborate on projects.
The system allows you to run several projects simultaneously, track their status, manage project steps,
tasks, priorities, and flexibly assign roles to participants [
However, a diferent tool is already planned for future adoption. Given that process modeling was conducted using BPMN, the selection of a diferent tool presents only a minor issue, making the transition seamless.
The service level management practice in ITIL v4 aims to define, negotiate, monitor, and improve server level agreements to ensure that IT services meet the expectations and needs of the business. We are getting quantitative temporal metrics using a test tool that monitors SLAs in real time (LCW-SLA), illustrated in 4
LCW-SLA, illustrated in 4 is a tool for real-time monitoring of SLA based on the Lucid Chain model,
providing a structured approach to describing service chains. LCW-SLA ofers a specialized user
interface, enabling users to eficiently monitor SLA compliance. Supports service chains in diferent
tools: iTop[
The challenges encountered in process implementation are the following.
1. Resistance to change: Perhaps employees reject changes, but they afect their routines and comfort zones. It is necessary to manage this resistance through communication, training, and active participation. To share knowledge, we have a common place for information and invite the other departments to change how to produce knowledge. Wikis are another tool for sharing this knowledge. 2. Dificulty integrating areas: Processes, such as change management, require more collaboration between diferent departments, which can cause coordination challenges. We guide other departments on how to use our tool in order to obtain quick wins for all. 3. Lack of metrics and indicators: Without KPIs to measure the efectiveness and eficiency of processes, it becomes impossible to assess results and justify improvements. We are starting to get metrics in the processes that we are maturing. 4. Complexity in managing cultural change: Changing habits and mindsets requires a solid and sustained change management plan over time. That is, from our point of view, the cornerstone of our work. In change management, we guide other departments on how to model an instance of the process for some situations in order to learn how to do it in practice in the future.
The dificulties in standardizing processes stem primarily from the situation that existed before the unification and consolidation eforts began. The starting situation in which the ADA aims to transform is the main source of these dificulties. Before eforts to homogenize and standardize, the system operations of the ADA constituent bodies exhibited the following characteristics, which represent the challenges to overcome.
• Each body had its own infrastructure and system architectures, resulting from the need to integrate, standardize, and consolidate infrastructure and services. • Each entity had its own unique IT operational processes, stemming from the need for standardization. • Unique IT operational processes were present in each organization, highlighting the need for standardization. • In-house development standards were used, tailored to specific needs, priorities, and budgets, arising from the need to create and publish general standards for new developments. • There was an absence of a standardized service catalog, prompting the action to define and pilot an initial service catalog and a single one for the workstation.
LCW-SLA represents an extension of two following papers: The first focuses on the formalization and
modeling of service chains [
The business process compliant ensures that the business processes of an organization are designed
and executed according to the regulations and internal policies that govern the company.[
Another way to monitor closely the process compliant is through process event logs that record information about the execution of the activities of a business process. Process mining techniques use these event logs to discover, analyze, and optimize the business process.
Implementing processes within an organization involves overcoming significant cultural, organizational, and technical barriers and tools are key to making it a reality.
Our future research will implement ITIL practices with BMC Helix migrating our current implementation. The organization goal is to delete the remaining ITSM tools so that we have only a unique ITSM Tool.
Another main line of future work is to apply STATUS in real scenarios related to the General Data Protection Regulation and NIS 2: Directive of the European Union.
Another research line is applying process mining techniques to analyze and optimize business processes, such as grants to citizens, using the results of the ISA Group in [17].
The authors declare that generative AI tools, specifically ChatGPT, were used during the preparation of this paper for language editing and improvement of expression only. The AI was not used to generate original content, research results, or analysis. All substantive ideas and conclusions are the result of the authors’ own work.
The authors have reviewed and verified all content to ensure accuracy and originality and take full responsibility for the integrity of the manuscript. [16] Á. Bernal, F. Montero, C. Cabanillas, P. Fernández, M. Resinas, Status: A low-code business process compliance management system (2024). [17] M. Salas-Urbano, C. Capitán-Agudo, C. Cabanillas, M. Resinas, Lovizql: a query language for visualizing and analyzing business processes from event logs, in: International Conference on Service-Oriented Computing, Springer, 2023, pp. 13–28.