ITSM maturity assessment: where does your service desk stand?
A practical maturity model for your service desk, from reactive to rule-driven. Find out where you stand, recognize the next level, and see how to move up a step.
Everyone wants a mature service desk, but few teams can say precisely where they stand today. A maturity assessment makes that concrete. This post gives a practical model so you can place your own level and know what the next step is.
TL;DR
- Maturity runs from reactive (everything is a ticket) to rule-driven (the system keeps itself correct).
- Most teams sit somewhere in the middle: partly standardized, partly still manual.
- You do not move up in one go; you shift per area, starting with high volume and low risk.
- Access and licenses are often the areas with the fastest gains.
- An outside view helps you honestly place where you stand and what the next step is.
Why a maturity assessment is useful
A maturity assessment is not a grade to show off. It is a way to honestly establish where your processes stand, so you spend improvement energy where it pays off most. Without that picture, you easily invest in the wrong thing: a new dashboard while the real problem is manual access work.
The model below is deliberately simple. It is not about a precise score, but about recognizing where you sit and where you want to go.
The maturity model
| Level | Characteristic | How it feels |
|---|---|---|
| 1. Reactive | Everything is a ticket, little structure | Firefighting, backlog |
| 2. Standardized | Fixed processes, catalog, ITIL basics | More predictable, still much manual work |
| 3. Automated | Repetitive work runs through self-service | Fewer tickets, faster |
| 4. Rule-driven | Access and membership follow attributes | The system keeps itself correct |
| 5. Continuously improving | Data drives improvements, proactive | Prevent problems instead of solving them |
How to place where you stand
Ask yourself a few honest questions per area:
- Access. Do you handle access requests per ticket, or does access follow a rule on department, job title, and location?
- Offboarding. Do you remove rights manually, or do they fall away automatically when an attribute changes?
- Licenses. Do you know which seats are actively used, or do you only find out through a manual audit?
- Self-service. Can users submit standard requests themselves with a fixed flow, or does everything land on a human?
- Improvement. Do you steer on data, or mostly react to what comes in?
How to move up a step
You do not go from level 2 to level 4 in one go. You shift per area, and you start where the volume is high and the risk is low. In practice that is almost always access and licenses.
- Standardize first. Without a clear catalog and fixed processes there is little to automate. Level 2 is the foundation.
- Automate the repetitive. Bring standard requests to self-service with a fixed flow and approval. That is the step to level 3.
- Let rules do the work. For access that follows an attribute, replace the ticket with a rule. That is the step to level 4.
- Steer on data. Measure what happens and use it to improve further. That is level 5.
Where ServiceChanger and consultancy fit
ServiceChanger helps most on the jump to level 4: it automates group and role memberships across Entra ID and on-prem AD based on rules (ABAC), and tracks license usage based on Entra sign-in activity. The assignment of licenses itself stays with Microsoft, and ServiceChanger works on the attributes already in your directory, within Microsoft and Azure.
Placing where you stand and what the right next step is, is often the hardest part. For that Ruben offers ITSM and ESM consultancy: vision and strategy, a maturity assessment, tool selection, IT advice, and guiding ITSM projects. An independent view that helps you decide where the gains are, regardless of which tool you eventually choose.
FAQ
How long does an assessment take? A first estimate with the model above takes an hour. A thorough assessment across all areas takes longer, depending on the size of your environment.
Do I need to reach level 5 before ServiceChanger is useful? No. ServiceChanger specifically helps the jump from manual work to rules, often from level 2 or 3.
Is consultancy needed to do this? Not necessarily. The model is deliberately simple so you can start yourself. An outside view mostly helps when you want to honestly place where you stand and which step pays off most.
Does this only apply to large organizations? No. The model scales. A smaller team often sits at a lower level, and that is exactly where a focused step can remove a lot of manual work.
Further reading
- Shift-left on the service desk: what to automate first for the strategy behind the jump to rules.
- Scale your service desk without growing headcount for the capacity side of maturity.
Next step
Want to know where your service desk stands and what the smartest next step is? ServiceChanger automates the jump to rule-driven access, and Ruben helps with ITSM and ESM consultancy to plot the route. Book a demo or get in touch.
You might also like
From ITSM to ESM: bringing service management beyond IT
What ESM is, how to extend service management from IT to HR and facilities, how to grow your maturity, and when a consultancy partner pays off.
Scaling your service desk without hiring: when extra capacity makes sense
Sometimes you need extra service desk capacity, temporarily or for the long run, but a permanent hire does not fit. Here is how a remote service desk works as an extension of your own team, in your own ticket system and on your own processes.
ITIL request fulfilment without the ticket: a Microsoft approach
In ITIL, request fulfilment handles standard service requests. Many of those are about access. Here is how to map request fulfilment to attribute-driven assignment in Entra ID.