ITIL Study Guide

ITIL (IT Infrastructure Library) Foundation (Course Code SM25)

Student NotebookERC 1.0

IBM Certified Course Material

V3.1.0.1

cover

�� Front cover

Student Notebook

September 2004 Edition

The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis withoutany warranty either express or implied. The use of this information or the implementation of any of these techniques is a customerresponsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. Whileeach item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results willresult elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.

© Copyright International Business Machines Corporation 2004. All rights reserved.This document may not be reproduced in whole or in part without the prior written permission of IBM.Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is subject to restrictionsset forth in GSA ADP Schedule Contract with IBM Corp.

Trademarks

IBM® is a registered trademark of International Business Machines Corporation.

Other company, product and service names may be trademarks or service marks of others.

Student NotebookV3.1.0.1

TOC
Contents
Course Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Course Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvITIL Foundation Course: IT Infrastructure Library Overview . . . . . . . . . . . . . . . . . . .xviITIL Foundation Course: Objectives and Contents of the Course . . . . . . . . . . . . . . xviiITIL Foundation Course: ITIL Defines a Three-Tiered Structure of Certification Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiiITIL Foundation Course: Process Chart Reference . . . . . . . . . . . . . . . . . . . . . . . . .xix

Unit 1. What ITIL Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Unit 01: What ITIL is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2What ITIL is: ITIL: de facto standard for service management built on industry “best practice” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3What ITIL is: Main characteristics of ITIL are: IT services are business-oriented, and provision of quality customer service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5What ITIL is: Originally created by the UK's Central Computer and Telecommunications Agency (CCTA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6What ITIL is: The BSI roadmap to make ITIL a standard for service management 1-7What ITIL is: ITIL is a library of books that aim to describe best practices for IT infrastructure management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9What ITIL is: The ITIL books describe best practices in IT management, with a special focus on service management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Most people think of ITIL as service support, but the increasing popularity of ITIL should be leveraged against a broader spectrum of services . . . . . . . . . . . . . . . . . . . . . . 1-12What ITIL is: Service management focuses on the tactical and operational processes of service support and service delivery and their relationships, including security management (separate ITIL book) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13What ITIL is: ITIL processes in service support represent many of the reactive processes within IT operations (operational) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14What ITIL is: Service Delivery focuses on what service the business requires in order to provide adequate support to the business users (tactical) . . . . . . . . . . . . . . . . 1-15What ITIL is: Service support process (operational processes) relationships and their interaction with the CMDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16What ITIL is: Service delivery process (tactical processes) relationships . . . . . . . 1-17What ITIL is: Other ITIL books . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18What ITIL is: Customers across the globe are asking more and more about ITIL 1-19What ITIL is: ITIL implementation: Adopt and Adapt . . . . . . . . . . . . . . . . . . . . . . . 1-20

Unit 2. Process Implementation Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1Unit 02: Process Implementation Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2Process Implementation: What is a process? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

© Copyright IBM Corp. 2004 Contents iii

Student Notebook

Process Implementation: A process flows across the organizational hierarchies within a company and sometimes flows across company boundaries . . . . . . . . . . . . . . . .2-4Process Implementation: Why do we need processes? . . . . . . . . . . . . . . . . . . . . . .2-5Process Implementation: What are the benefits? (1) . . . . . . . . . . . . . . . . . . . . . . . .2-6Process Implementation: What are the benefits? (2) . . . . . . . . . . . . . . . . . . . . . . . .2-7Process Implementation: What are the benefits? (3) . . . . . . . . . . . . . . . . . . . . . . . .2-8Process Implementation: Mission-critical changes or reorganizations within an IT corporation require new processes or needs to improve existing processes . . . . . .2-9Process Implementation: Continuous processes improvement is also a trigger . .2-10Process Implementation: Why implement service management? . . . . . . . . . . . . .2-11Process Implementation: Service and Process . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12Process Implementation: Service, Process, Procedure, and work instructions . . .2-13Process Implementation: Project Management . . . . . . . . . . . . . . . . . . . . . . . . . . .2-14Process Implementation: Factors who will influence the success of an ITSM project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15Process Implementation: People . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-16Process Implementation: Each task within a process is executed by a role . . . . . .2-17Process Implementation: ITSM Project (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-18Process Implementation: ITSM Project (2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-19Process Implementation: From the above model, 5 phases of a ITSM project are definable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-20Process Implementation: Ongoing quality improvement . . . . . . . . . . . . . . . . . . . .2-21Process Implementation: Communication Plan . . . . . . . . . . . . . . . . . . . . . . . . . . .2-22Process Implementation: Global Consideration . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24Process Implementation: Process Description . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-25Process Implementation: High-Level Design of a Process . . . . . . . . . . . . . . . . . . .2-26Process Implementation: A Process Implementation considers both an initial process design and an improvement of the existing environment . . . . . . . . . . . . . . . . . . . .2-27Process Implementation: A review is important for quality assurance . . . . . . . . . .2-28Process Implementation: A review is important for quality assurance . . . . . . . . . .2-29Process Implementation: Critical success factors . . . . . . . . . . . . . . . . . . . . . . . . .2-31Process Implementation: Possible problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32Process Implementation: Project costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-33

Unit 3. Service Desk (SPOC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Unit 03: Service Desk (SPOC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2Service Desk: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3Service Desk: The Service Desk is the Single Point of Contact [SPOC] between the users and the IT Services Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4Service Desk: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5Service Desk: The Service Desk is traditionally seen as a group of specialists who have the required knowledge to process any kind of request or incident . . . . . . . . . . . . .3-6Service Desk: The Importance of the Service Desk . . . . . . . . . . . . . . . . . . . . . . . . .3-7Service Desk: Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8Service Desk: Service Desk Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9Service Desk: Service Desk Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10Service Desk: Processes within the Service Desk . . . . . . . . . . . . . . . . . . . . . . . . .3-11Service Desk: Inputs and Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12


iv ITIL Foundation © Copyright IBM Corp. 2004


TOC
Service Desk: There are 3 Service Desk Types (1): the Local Service Desk . . . . 3-13Service Desk: There are 3 Service Desk Types (2): Central Service Desk . . . . . 3-14Service Desk: There are 3 Service Desk Types (3): Virtual Service Desk . . . . . . 3-15Service Desk: User empowerment (self-help) enhances customer satisfaction while lowering support cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16Service Desk: A crucial success factor is standardized working methods . . . . . . 3-17Service Desk: Setting up a Service Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18Service Desk: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19Service Desk: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20Service Desk: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21Service Desk: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Unit 4. Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Unit 04: Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Incident Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 4-3Incident Management: Mission statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4Incident Management: Definition: Incident, Problem and “Known Error” . . . . . . . . 4-5Incident Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6Incident Management: Activity incident handling . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7Incident Management: The status of an incident reflects its current position in its lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8Relationship with other IT services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10Incident Management: Use of standard registration, documentation, and methods is basis of success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11Incident Management: Classification: Find service affected, match against SLA, and assign priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12Incident Management: Priority order for handling incidents is primarily defined by impact and urgency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13Incident Management: Each priority is related to a certain recovery time… . . . . . 4-14Incident Management: … This results in an appropriate escalation . . . . . . . . . . . 4-15Incident Management: Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17Incident Management: Escalation – Trigger and Measures . . . . . . . . . . . . . . . . . 4-18Incident Management: Escalation – Escalation Levels . . . . . . . . . . . . . . . . . . . . . 4-19Incident Management: Escalation – Example of an Escalation Matrix . . . . . . . . . 4-20Incident Management: Input and Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21Incident Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22Incident Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23Incident Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24Incident Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

Unit 5. Problem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1Unit 05: Problem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2Problem Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 5-3Problem Management: Mission statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4Problem Management: Some definitions: Problem, Known Error, and RFC . . . . . . 5-5Problem Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6Problem Management: Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8Problem Management: Activity: Problem Control . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9


© Copyright IBM Corp. 2004 Contents v

Student Notebook

Problem Management: Activity: Error Control . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10Problem Management: Activity: Proactive Problem Management . . . . . . . . . . . . .5-11Problem Management: Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12Problem Management: Reactive - Proactive . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-13The Complete Picture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-14Problem Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-15Problem Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-16Problem Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-17Problem Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-18

Unit 6. Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1Unit 06: Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2Change Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . .6-3Change Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-4Change Management: Some definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-5Change Management: Why Change Management is so important . . . . . . . . . . . . .6-7Change Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8Change Management: The Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9The Process Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-10Change Management: Content of a Request for Change (RFC) . . . . . . . . . . . . . .6-11Change Management: Categorization: Minor – Significant – Major . . . . . . . . . . . .6-13Change Management: Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14Change Management: Composition of the Change Advisory Board (CAB) should reflect user, customer, and service provider view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15Change Management: Optimization can be reached through correlation of RFCs on related CIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16Change Management: Interfaces to other SM processes (1) . . . . . . . . . . . . . . . . .6-17Change Management: Interfaces to other SM processes (2) . . . . . . . . . . . . . . . . .6-18Change Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19Change Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-20Change Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-21Change Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22

Unit 7. Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1Unit 07: Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2Configuration Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . .7-3Configuration Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4Configuration Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5Configuration Management: Definition: Configuration Item . . . . . . . . . . . . . . . . . . .7-6Configuration Management: Definition: Configuration Item – Scope and Level of Detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7Configuration Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-9Configuration Management: Configuration Management Database (CMDB) – Structure Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-11Configuration Management: CMDB – Status of CI . . . . . . . . . . . . . . . . . . . . . . . . .7-12Configuration Management: Interfaces with all other processes . . . . . . . . . . . . . .7-13Configuration Management: Relationship with Release and Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-15


vi ITIL Foundation © Copyright IBM Corp. 2004


TOC
Configuration Management: CIs and their relations to other processes . . . . . . . . 7-16Configuration Management: Variant and Baseline . . . . . . . . . . . . . . . . . . . . . . . . 7-17Configuration Management: Licence Management . . . . . . . . . . . . . . . . . . . . . . . . 7-18Configuration Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19Configuration Management: Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20Configuration Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21Configuration Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-23Configuration Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-24
Unit 8. Release Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Unit 08: Release Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2Release Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 8-3Release Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4Release Management: Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5Release Management: Why Release Management . . . . . . . . . . . . . . . . . . . . . . . . 8-6Release Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7Release Management: Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8Release Management: Major Activities of Release Management . . . . . . . . . . . . . . 8-9Interactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11Release Management: DSL and DHS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12Release Management: Software Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13Release Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16Release Management: Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17Release Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18Release Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19Release Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20

Unit 9. Service Level Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Unit 09: Service Level Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2Service Level Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . 9-3Service Level Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4Service Level Management: Why Service Level Management . . . . . . . . . . . . . . . . 9-5Service Level Management: SLM – Balance service capabilities and service requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6Service Level Management: Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7Service Level Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8Service Level Management: Service Level Management Activities . . . . . . . . . . . . 9-9Service Level Management: Manage relationship with customers and suppliers (internal and external) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10Service Level Management: Different points of view: Communication . . . . . . . . . 9-11Service Level Management: Content of a Service Level Agreement (SLA) . . . . . 9-12Service Level Management: Service Level Agreement (SLA) – Basic Structure . 9-13Service Level Management: Service Level Agreement (SLA) – Legal Contents . 9-14Service Level Management: Elements of a Service Spec Sheet . . . . . . . . . . . . . 9-15Service Level Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16Service Level Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17Service Level Management: Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-18Service Level Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19


© Copyright IBM Corp. 2004 Contents vii

Student Notebook

Service Level Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-20

Unit 10. Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1Module 10: Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2Availability Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . .10-3Availability Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-4Availability Management: Definitions (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-5Availability Management: Definitions (2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-6Availability Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-7Availability Management: Inputs and Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-8Availability Management: Uptime, Downtime, and Availability . . . . . . . . . . . . . . . .10-9Availability Management: Availability Measurements (1) . . . . . . . . . . . . . . . . . . .10-11Availability Management: Availability Measurement (2) . . . . . . . . . . . . . . . . . . . .10-12Availability Management: Availability Measurement Example (3) . . . . . . . . . . . .10-13Availability Management: Risk Management is also an aspect of availability . . .10-14Availability Management: Availability Reporting . . . . . . . . . . . . . . . . . . . . . . . . . .10-16Availability Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18Availability Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-19Availability Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-20Availability Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-21

Unit 11. Capacity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1Unit 11: Capacity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2Capacity Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . .11-3Capacity Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-4Capacity Management: Why Capacity Management? . . . . . . . . . . . . . . . . . . . . . .11-5Capacity Management: Capacity Management has three sub-processes . . . . . . .11-6Capacity Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-8Capacity Management: Input & Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-10Capacity Management: Iterative Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-11Capacity Management: Capacity Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-12Capacity Management: Capacity Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-14Capacity Management: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-16Capacity Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-17Capacity Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-20Capacity Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-21

Unit 12. Financial Management for IT Services . . . . . . . . . . . . . . . . . . . . . . . . 12-1Unit 12: Financial Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-2Financial Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . .12-3Financial Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-4Financial Management: Why Financial Management for IT Services (1) . . . . . . . .12-5Financial Management: Why Financial Management for IT Services (2) . . . . . . . .12-6Financial Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-7Financial Management: Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-8Financial Management: Process – Budgeting and Accounting Activities (mandatory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-10Financial Management: Process – Charging (optional) . . . . . . . . . . . . . . . . . . . .12-11


viii ITIL Foundation © Copyright IBM Corp. 2004


TOC
Financial Management: Cost Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-12Financial Management: Cost Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-14Financial Management: Costs types – Example: Printing a report . . . . . . . . . . . 12-17Financial Management: Example of IT Accounting . . . . . . . . . . . . . . . . . . . . . . . 12-18Financial Management: Links to other processes . . . . . . . . . . . . . . . . . . . . . . . . 12-19Financial Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21Financial Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22Financial Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24Financial Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25
Unit 13. IT Service Continuity Management (ITSCM) . . . . . . . . . . . . . . . . . . . . 13-1Unit 13: IT Service Continuity Management (ITSCM) . . . . . . . . . . . . . . . . . . . . . . 13-2ITSCM Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 13-3ITSCM: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4ITSCM: Why ITSCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5ITSCM: Definitions: Business Continuity Management (BCS) and ITSCM . . . . . . 13-6ITSCM: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-7ITSCM: Continuity Management Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8ITSCM: Risk of events that can cause disaster . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-9ITSCM: Some events that have caused problems . . . . . . . . . . . . . . . . . . . . . . . 13-10ITSCM: Risk Analysis as part of BCM Requirements definition . . . . . . . . . . . . . 13-11ITSCM: The continuity strategy involves the selection of recovery options . . . . 13-12ITSCM: Continuity Plan Invocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14ITSCM: Test and Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15ITSCM: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16ITSCM: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-18ITSCM: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-19

Unit 14. Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1Unit 14: Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2ITSCM Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 14-3Security Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4Security Management: Definitions: CIA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5Security Management: Why Security Management? . . . . . . . . . . . . . . . . . . . . . . 14-6Security Management: Information Security Incident . . . . . . . . . . . . . . . . . . . . . . 14-7Security Management: Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8Security Management: Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-9Security Management: Process- Input from Customer . . . . . . . . . . . . . . . . . . . . 14-10Security Management: Process – Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-11Security Management: Process – SLA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12Security Management: Process – Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13Security Management: Process – Implement . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14Security Management: Process – Evaluate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15Security Management: Process – Maintain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16Security Management: Process – Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17Security Management: Level of measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18Security Management: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19Security Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-20


© Copyright IBM Corp. 2004 Contents ix

Student Notebook


x ITIL Foundation © Copyright IBM Corp. 2004


pref
Course Description
ITIL (IT Infrastructure Library) Foundation

Duration: 2 days

Purpose

Learn the basics of Information Technology (IT) Infrastructure Library (ITIL) and discover the importance of a systematic approach to management. The ITIL contains a comprehensive description of the processes involved in managing IT infrastructures. Build your awareness of the best practice approach to IT service support and service delivery. Gain an understanding of the importance of an IT infrastructure and IT service for an organization, a process-like approach to business organization, the ITIL management framework, basic terms, and concepts of the work processes used to manage an IT infrastructure. Take the ITIL Foundations Certification Exam upon course completion.

Audience

This course is intended for people working in the field of IT service management.

Prerequisites

None

Objectives

Upon completion of the course, the student will be able to:

• Understand the importance of an IT infrastructure

• Describe the best practices for IT service

• Develop a process-like approach to business organization

• Describe the ITIL management framework

• Understand the basic terms and concepts of the work processes used to manage an IT infrastructure


© Copyright IBM Corp. 2004 Course Description xi

Student Notebook

Contents

Topics include:

• ITIL best practice: history, purpose, and acceptance

• Introduction to the ITIL booklets of best practices

• ITIL scope, infrastructure, and process terms

• Characteristics of the ITIL sets and process groups

• Strategic, tactical, and operational perspectives

• Service support set: configuration management, service desk incident management, problem management, change management, and release management

• Service delivery set: service level management, availability management, capacity management, IT service continuity management, and financial management for IT services

• Links with the security management process

• Example examination

Curriculum relationship

The Foundation Certificate in IT Service Management is a prerequisite for the Practitioner's and Manager's Certificate in IT Service Management.


xii ITIL Foundation © Copyright IBM Corp. 2004


pref
Agenda
Day 1

ITIL IntroductionService Desk Incident ManagementProblem ManagementChange ManagementConfiguration ManagementRelease ManagementExercise

Day 2

Recap DiscussionSLMAvailability ManagementCapacity ManagementFinancial ManagementContinuity ManagementSecurity ManagementExamination


© Copyright IBM Corp. 2004 Agenda xiii

Student Notebook


xiv ITIL Foundation © Copyright IBM Corp. 2004


pref
Course Introduction

© Copyright IBM Corp. 2004 Course Introduction xv

Student Notebook

Figure 0-1. ITIL Foundation Course: IT Infrastructure Library Overview SM251.0

Notes:

4

IBM Global Services

ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

ITIL Foundation CourseIT Infrastructure Library Overview

Bu

sin

es

s

Tech

no

log

y

ITIL – Planning to Implement Service Management

The

Business

Perspective

Application Management

ICT

Infrastructure

Management

Service Management

Service Delivery

Service Support

Security

Management


xvi ITIL Foundation © Copyright IBM Corp. 2004


pref

Figure 0-2. ITIL Foundation Course: Objectives and Contents of the Course SM251.0

Notes:

5

IBM Global Services


ITIL Foundation CourseObjectives and Contents of the Course

Objectives

– Understand the ITIL Framework (what, who, where, why, and how)

– Understand the benefits of adopting ITIL

– Use the same language for Service Management

– Pass for the Foundation Certification Exam

Contents

– Overview of the 2 ITIL core modules:

• 5 Processes of Service Support und 1 Function

• 5 Processes of Service Delivery

• Security Management for IT Services

– Activities of each ITIL process

– Benefits/difficulties/costs of implementing ITIL process

– Links with other ITIL processes

– ITIL process roles and responsibilities

– Order of implementation within ITIL process

– Success factors within an ITIL implementation

– No details of procedures within process, which are organization-dependent!


© Copyright IBM Corp. 2004 Course Introduction xvii

Student Notebook

Figure 0-3. ITIL Foundation Course: ITIL Defines a Three-Tiered Structure of Certification Training SM251.0

Notes:

ITIL defines three levels of certification. The Foundations Certificate is the first level and covers Service Management essentials. Foundations classes typically last 2 days, and culminate with a 1-hour multiple choice exam.

Next, 9 Practitioner Certificates are available. These each concentrate on a specific process area within Service Management, such as Change Management. Each of the Practitioner classes lasts 5 days and ends with a 1-hour multiple choice exam.

ITIL's highest level of certification is the Service Manager, or Masters certificate. Service Manager classes involve two weeks of intense study, and Service Managers must pass two 3-hour essay-based exams: one for Service Support, and one for Service Delivery. Furthermore, the exam board must assess and validate that each person sitting for the Service Manager exam has met all of the defined prerequisites.

So, when someone holds ITIL certification, you know what you're getting because the levels of certification and testing are independently defined and verified.

6

IBM Global Services


ITIL Foundation CourseITIL Defines a Three-Tiered Structure of Certification Training

Essential (2 days)

Availability Mgmt (5 days)Incident Mgmt (5 days)Problem Mgmt (5 days)

Configuration Mgmt (5 days)Service Level Mgmt (5 days)

Change Mgmt (5 days)

Service Support (5 days)

Service Delivery (5 days)

1 hour Multiple Choice

1 hour Multiple Choice

3 hours Essay Examination

3 hours Essay Examination

Prerequisites

assessed by

Examination

Board

Foundations

Practitioners (9 certificates)

Service Manager


xviii ITIL Foundation © Copyright IBM Corp. 2004


pref

Figure 0-4. ITIL Foundation Course: Process Chart Reference SM251.0

Notes:

The chart which aims to show the flow of ITIL processes, and the most referenced by itSMF (IT Service Management Forum), is the IPW Process Model, a trade mark of Quint Wellington and KPN. The IPW Model is neither a complete nor a perfect plot of ITIL processes. It will, however, be used during the training, just to show some interfaces between processes, and the position of a process within the operational or tactical activities of the business.

7

IBM Global Services


ITIL Foundation CourseProcess Chart Reference

Source: IPW Model is a trade mark of Quint Wellington Redwood and KPN Telecoms


© Copyright IBM Corp. 2004 Course Introduction xix

Student Notebook


xx ITIL Foundation © Copyright IBM Corp. 2004


Uempty
Unit 1. What ITIL Is
What This Unit Is About

This unit is an introduction to ITIL. We will start with a short history, then discover ITIL, and explain why it is increasingly popular to help managing IT.

What You Should Be Able to Do

After completing this unit, you should be able to think about how a formalized framework can help a company manage its asset.

References

BS 15000-1:2002 IT Service Management (Part 1: Specification for Service Management)

BS 15000-2:2003 IT Service Management (Part 2: Code of Practice for IT Service Management)

PD 0005:2003 IT Service Management – A Manager’s Guide

PD 0015:2002 Service Management – Self-Assessment Workbook


© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-1

Student Notebook

Figure 1-1. Unit 01: What ITIL is SM251.0

Notes:

2

IBM Global Services


Unit 01What ITIL is

Contents of this module:

What ITIL is

ITIL history

Contents of ITIL books

Popularity and benefits of ITIL


1-2 ITIL Foundation © Copyright IBM Corp. 2004


Uempty

Figure 1-2. What ITIL is: ITIL: de facto standard for service management built on industry “best practice” SM251.0

Notes:

• Service support is currently the most popular topic worldwide in terms of customer popularity; the ITIL book on Service Support is most often referenced.

• ITIL is a library of books on what you need to do to manage IT as business; but it does not explain in detail how to do it.

• The ITIL framework places a strong emphasis on process; and is of most interest to customers who see process as important.

• Application management is NOT application development. Instead, it looks at the entire lifecycle of managing applications from a service point of view. For example, for SAP, when you are gathering requirements, you need to think about all of the service management elements to make the lifecycle effective. How will the application be configured? Will it be available at the required service levels? How will new releases be deployed? How will it be supported? And so on.

3

IBM Global Services


What ITIL isITIL: de facto standard for service management built on industry “best practice”

What is ITIL?

ITIL stands for Information Technology Infrastructure Library

A set of books that describe best practices for IT infrastructure management

An internationally-recognized set of best practices in the public domain

• Provides guidance, but not a step-by-step methodology

A holistic approach to IT infrastructure management

ITIL by its widespread use became a de facto standard

The aims in developing the IT Infrastructure Library are

To facilitate the quality management of IT services, and in doing so increase the efficiency

with which the corporate objectives and business requirements are met

To improve efficiency, increase effectiveness, and reduce risks

To provide codes of practice in support of total quality

Benefits of implementing ITIL

Enhanced customer satisfaction, as it is clear what service providers know and deliver

Formalize the use of procedures so that they are more reliable to follow

Improved quality of service – more reliable business support

Better motivated staff through better management of expectations and responsibilities



Student Notebook

• All books are released except for The Business Perspective which will cover the business value chain (customer/IT/business), business alignment (how an organization is set up, how it is governed, and managing the relationship between IT and business); it is mostly an overview of ITIL's value to the business, and emphasizes that IT should have a business perspective.




Uempty

Figure 1-3. What ITIL is: Main characteristics of ITIL are: IT services are business-oriented, and provision of quality customer serviceSM251.0

Notes:

4

IBM Global Services


Partners

What ITIL isMain characteristics of ITIL are: IT services are business-oriented, and provision of quality customer service

Other Characteristics of ITIL

– Service and customer focused

– Helicopter view of processes and activities

– Provides a common language. This makes education very important to provide this common language to all people in the process.

– Independent of organizational structures, architectures or technologies

IT management is all about the efficient and effective use of the four Ps: people, processes, products (tools and technology), and partners (suppliers, vendors, and outsourcing organizations).

ProductsProcesses

People



Student Notebook

Figure 1-4. What ITIL is: Originally created by the UK's Central Computer and Telecommunications Agency (CCTA) SM251.0

Notes:

5

IBM Global Services


What ITIL is

Originally created by the UK’s Central Computer and Telecommunications Agency (CCTA)

Origin and History of ITIL

Originated from UK government in late 1980s (CCTA Central Computer and Telecommunications

Agency

First publications appeared in 1989

Further developed by incorporating public and private sector best practice (IBM, HP, Microsoft, and

so on)

Consolidated in 1999 into ITIL Version 2. Two books to improve consistency and focus on service

management were published – Service Support and Service Delivery

These two core books were supplemented by new books that cover implementation planning,

security management, infrastructure management, application management, and the business

perspective

2001: the CCTA is incorporated within the Office of Government Commerce (OGC). ITIL is a

registered mark of OGC.

ITIL has subsequently been used as the basis for the development of a British Standard for Service

Management.




Uempty

Figure 1-5. What ITIL is: The BSI roadmap to make ITIL a standard for service management SM251.0

Notes:

ITIL consists of modules containing advice and guidance on best practice relating to the provision of IT services. ITIL has subsequently been used as the basis for the development of a British Standard for Service Management. The standard and ITIL are aligned, and the standard has itself been recently revised and is now defined in the following set of documents:

• BS 15000-1:2002, IT Service Management (Part 1: Specification for Service Management)

• BS 15000-2:2003, IT Service Management (Part 2: Code of Practice for IT Service Management)

• PD 0005:2003, IT Service Management – A Manager's Guide

• PD 0015:2002, IT Service Management – Self Assessment Workbook

These documents provide a standard against which organizations can be assessed and certified with regard to the quality of their IT Service Management processes.

6

IBM Global Services


What to

achieve

Deployed

solution

Management

overview

Process

definitions

Guidance

Standard

BS15000

In-house processes &

procedures

PD0005

ITIL

Specification

Code of Practice

OGC

questionnaire

PD0015

What ITIL is

The BSI roadmap to make ITIL a standard for service management

British Standards Institution (BSI)

1998 - Code of Practice [PD0005]

2000 - Self-assessment Workbook [PD0015]

- Specification [BS15000:2000]

2001 - Early adopters Feedback

2002 - Rewrite as Part 1 & 2

- Rewrite PD0015/PD0005

2003 - Formal certification scheme

2006 - ISO Standard



Student Notebook

A BS 15000 Certification scheme was introduced in July 2003. The scheme was designed by the itSMF and is operated under their control. A number of auditing organizations are accredited within the scheme to assess and certify organizations as compliant to the BS 15000 standard and its content. The BS 15000 standard is now progressing towards an international (ISO) standard on Service Management.




Uempty

Figure 1-6. What ITIL is: ITIL is a library of books that aim to describe best practices for IT infrastructure management SM251.0

Notes:

ITIL is a framework, not a methodology. It describes what needs to be done, but the advice it offers may be implemented in a variety of ways. ITIL provides guidance, not a step-by-step “how-to” for managing IT services, but it does include a rich body of documentation.

7

IBM Global Services


What ITIL is

ITIL is a library of books that aim to describe best practices for IT infrastructure management

Content of ITIL“Currently ITIL consists in a set of

books, which document and place

existing methods and activities in a

structured context."

ITIL as a Guidance

"ITIL does not cast in stone every action you should do on a day to day basis because that is something that will differ from organization to organization. Instead it focuses on best practice that can be utilized in different ways according to need."



Student Notebook

Figure 1-7. What ITIL is: The ITIL books describe best practices in IT management, with a special focus on service managementSM251.0

Notes:

The most widely used processes within the ITIL framework are those in Service Management.

IT Service Management is concerned with delivering and supporting IT services that are appropriate to the business requirements of the organization. ITIL provides a comprehensive, consistent, and coherent set of best practices for IT Service Management processes, promoting a quality approach to achieving business effectiveness and efficiency in the use of information systems. ITIL processes are intended to be implemented so that they underpin, but do not dictate, the business processes of an organization.

Being a framework, ITIL describes the contours of organizing Service Management. The models show the goals, general activities, inputs, and outputs of the various processes, which can be incorporated within IT organizations. ITIL does not cast in stone every action you should do on a day-to-day basis, because that is something which will differ from

8

IBM Global Services


What ITIL is

The ITIL books describe best practices in IT management, with a special focus on service management

Bu

sin

es

s

Tech

no

log

y

ITIL – Planning to Implement Service Management

The

Business

Perspective

Application Management

ICT

Infrastructure

Management

Service Management

Service Delivery

Service Support

Security

Management




Uempty
organization to organization. Instead, it focuses on best practice that can be utilized in different ways according to need.
Thanks to this framework of proven best practices, the IT Infrastructure Library can be used within organizations with existing methods and activities in Service Management. Using ITIL does not imply a completely new way of thinking and acting. It provides a framework in which to place existing methods and activities in a structured context. By emphasizing the relationships between the processes, any lack of communication or cooperation between various IT functions can be eliminated or minimized.



Student Notebook

Figure 1-8. Most people think of ITIL as service support, but the increasing popularity of ITIL should be leveraged against a broader spectrum of services SM251.0

Notes:

9

IBM Global Services


Most people think of ITIL as service support, but the increasing popularity of ITIL should be leveraged against a broader spectrum of services

Th

e b

usin

ess

Th

e te

ch

no

log

y

Planning to implement service management

Application management

The

business

perspective

ICT

Infrastructure

management

Service management

Service delivery

Service support

Security

management

Th

e b

usin

ess

Th

e te

ch

no

log

y

Planning to implement service management

Application management

The

business

perspective

ICT

Infrastructure

management

Service management

Service delivery

Service support

Security

management

• Not Published

(4/2004)

• Draft being

reviewed

(IBMers on

review team)

• Manage the Business Value

• Align Service Delivery with Business Strategy

• Drivers and Organizational Capability

• Application Lifecycle Management

• Organization Roles and Functions

• Control Methods and Techniques

• Design and Plan

• Deployment

• Operations

• Technical Support

• IT Infrastructure Security

Management

• Security setup from the IT

manager's point of view

• Service Level Management

• Availability Management

• Capacity Management

• Financial Management for IT Services

• IT Services Continuity Management

• Service Desk

• Configuration Management

• Incident Management

• Problem Management

• Change Management

• Release Management

• What is the vision?

• Where are we now?

• Where do we want to be?

• How do we check our milestones?

• How do we keep momentum?

Software Asset ManagementSoftware Asset Management

• Organization & Roles• Process Overview• Tools & Technology• Partners and SAM




Uempty

Figure 1-9. What ITIL is: Service management focuses on the tactical and operational processes of service support and service delivery and their relationships, including security management (separate ITIL book) SM251.0

Notes:

10

IBM Global Services


What ITIL is

Service management focuses on the tactical and operational processes of service support and service delivery and their relationships,including security management (separate ITIL book)

Capacity

Management

Availability

Management

Service Level

Management

Release

Management

Change

Management

Problem

Management

Incident

Management

Configuration

Management

Financial

Management

IT Service

Continuity

Service Support - Providestability and flexibility for IT

service provision

Service Delivery -

Provide quality, cost-

effective IT Services

Security

Management



Student Notebook

Figure 1-10. What ITIL is: ITIL processes in service support represent many of the reactive processes within IT operations (operational)SM251.0

Notes:

11

IBM Global Services


What ITIL is

ITIL processes in service support represent many of the reactiveprocesses within IT operations (operational)

Service DeskCentral point of contact between users and the IT service organization.

Incident ManagementRestore normal service operations as quickly as possible.

Problem ManagementPrevent and minimize the adverse effect on the business of errors in the IT Infrastructure.

Configuration ManagementProvide a logical model of the IT infrastructure by identifying, controlling, maintaining, and verifying the versions of all configuration items.

Change ManagementEnsure standardized methods and procedures are used for efficient, prompt, and authorized handling of all changes in the IT infrastructure.

Release ManagementEnsure that all technical and non-technical aspects of a release are dealt with in a coordinated approach.




Uempty

Figure 1-11. What ITIL is: Service Delivery focuses on what service the business requires in order to provide adequate support to the business users (tactical) SM251.0

Notes:

12

IBM Global Services


What ITIL is

Service Delivery focuses on what service the business requires in order to provide adequate support to the business users (tactical)

Service Level ManagementMaintain and improve IT service quality through a constant cycle of agreeing, monitoring, reporting, and reviewing IT service achievements.

Financial Management for IT ServicesProvide cost-effective stewardship of IT assets and resources used in providing IT services.

Capacity ManagementEnsure that capacity and performance aspects of the business requirements are provided in a timely and cost-effective manner.

Availability ManagementOptimize the capability of the IT infrastructure and supporting organization to deliver a cost-effective and sustained level of availability to satisfy business objectives.

IT Service Continuity ManagementEnsure that the required IT technical and service facilities can be recovered within the time scales required by Business Continuity Management.

Security ManagementManage a defined level of security on information and IT services.



Student Notebook

Figure 1-12. What ITIL is: Service support process (operational processes) relationships and their interaction with the CMDB SM251.0

Notes:

Explain the links between processes. Configuration Management is shown as the basic process.

13

IBM Global Services


Configuration management database

What ITIL isService support process (operational processes) relationships and their interaction with the CMDB

Management

tools

IncidentsIncidents Service

deskChanges

Release

Incidents

Queries

Enquiries

Communications

Updates

Workarounds

Service reports

Incident statistics

Audit reports

Problem statistics

Trend analysis

Problem reports

Problem review

Diagnostic aids

Audit reports

Change schedule

CAB minutes

Change statistics

Change reviews

Audit reports Release schedule

Release statistics

Release reviews

Secure library

Testing standards

Audit reports

Customer

Survey

reports

CMDB reports

CMDB statistics

Policy standards

Audit reports

The business, customers, and users

IncidentsProblems

Known errorsChanges Releases

CIs

Relationships

Problem

management

Release

management

Configuration

management

Change

management

Incident

management




Uempty

Figure 1-13. What ITIL is: Service delivery process (tactical processes) relationships SM251.0

Notes:

14

IBM Global Services


What ITIL isService delivery process (tactical processes) relationships

System

Management

tools

Queries

Enquiries

Communications

Updates

Reports

SLAs, SLRs, OLAs, UCs

Service reports

Service catalog

SIP

Exception reports

Audit reports

The business, customers, and users

Service level

management

Requirements

Targets

Achievements

Availability

management

Capacity

management

Financial

management for

IT services

IT service

continuity

management

IT continuity plans

BIA and risk analysis

Requirement definition

Control centers

DB contracts

Reports

Audit reports

Financial plan

Types and models

Costs and charges

Reports

Budgets and forecasts

Audit reports

Capacity plan

CDB

Targets/thresholds

Capacity reports

Schedules

Audit reports

Availability plan

AMDB

Design criteria

Targets/thresholds

Reports

Audit reports

Alerts and

Exceptions

Changes



Student Notebook

Figure 1-14. What ITIL is: Other ITIL books SM251.0

Notes:

These books are not in focus for the foundation.

15

IBM Global Services


What ITIL is

Other ITIL books

Planning to Implement Service Management - explains the steps necessary to identify

how an organization might expect to benefit from ITIL, and how to set about reaping those

benefits.

ICT Infrastructure Management - covering Network Service Management, Operations

Management, Management of Local Processors, Computer Installation, and Acceptance,

and for the first time, Systems Management.

Applications Management - embracing the Software Development Lifecycle, expanding

the issues touched on in Software Lifecycle Support and Testing of IT Services.

Applications Management also provides more detail on Business Change, with emphasis

being placed on clear requirement definition and implementation of solutions.

The Business Perspective - concerning the understanding and provision of IT service

provision. Issues covered include Business Continuity Management, Partnerships and

Outsourcing, Surviving Change, and Transformation of business practices through radical

change.




Uempty

Figure 1-15. What ITIL is: Customers across the globe are asking more and more about ITIL SM251.0

Notes:

ITIL is focused on improving service quality to the customer. Customers who adopt the ITIL framework can expect to see improved alignment of IT with the business, a long-term reduction in the cost of IT services, and better service quality and responsiveness. Customers should see a reduction in system outages as proactive planning and quality measures are implemented, and they should be able to implement IT infrastructure more quickly to support new business requirements. Customer satisfaction should increase because service providers will know and deliver what is expected of them, based on what the business requires. And support services should become more competitive.

Service providers will also benefit from the adoption of ITIL. Service providers should see improvements in service delivery because they will have a single definable, repeatable, scalable, and consistent set of IT processes. Roles and responsibilities will be properly aligned and understood. Communications between IT departments should improve because the linkages between processes will be documented and understood. Service providers should see better resource utilization — and resources will be allocated based on business demands — and staff will be more professional and motivated because skill requirements and capabilities, along with job expectations, are better understood.

16

IBM Global Services


What ITIL is

Customers across the globe are asking more and more about ITIL

Benefits of ITIL

More professional staff

Enhanced customer satisfaction as service providers know and

deliver what is expected of them

Better service quality and responsiveness

Properly aligned roles and responsibilities

ITIL incorporates a QM strategy

Long-term cost reduction for IT services

Improved alignment of IT with the business and improved service

delivery

ITIL brings a cross-organizational focus on business results and

customer satisfaction



Student Notebook

Figure 1-16. What ITIL is: ITIL implementation: Adopt and Adapt SM251.0

Notes:

17

IBM Global Services


What ITIL isITIL implementation: Adopt and Adapt

ITIL describes what needs to be done but not how it should be done.

ITIL does not define:

Every role, job, or organization design

Every tool, every tool requirement, every required customization

Every process, procedure, and task required to be implemented

ITIL does not claim to be a comprehensive description of everything within IT, but IT management “best practices” observed and accepted in the industry.

Adopt ITIL as a common language and reference point for IT Service Management best practices and key concepts.

Adapt ITIL best practices to achieve business objectives specific to each company.




Uempty
Unit 2. Process Implementation Strategy

This unit is an introduction to IT service management as a coordinated set of processes. We will start with defining the need for processes, then look at what processes are, how they evolve, and how ITIL and Service Management bring value to companies to develop their business.


After completing this unit, you should be able to think about how processes can help a company manage its assets better, with the ultimate objective of creating visible value for users and business customers.


© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-1

Student Notebook

Figure 2-1. Unit 02: Process Implementation Strategy SM251.0

Notes:

2

IBM Global Services


Unit 02Process Implementation Strategy

Content:

Understand processes and their benefits

Introduce new processes or improve existing processes

IT service management project

Success factors, problem areas, costs




Uempty

Figure 2-2. Process Implementation: What is a process? SM251.0

Notes:

Process control can similarly be defined as:

the process of planning and regulating, with the objective of performing the process in an effective and efficient way.

Processes, once defined, should be under control; once under control, they can be repeated and become manageable. Degrees of control over processes can be defined, and then metrics can be built in to manage the control process.

The output produced by a process has to conform to operational norms that are derived from business objectives. If products conform to the set norm, the process can be considered effective (because it can be repeated, measured, and managed). If the activities are carried out with minimum effort, the process can also be considered efficient. Process result metrics should be incorporated in regular management reports.

3

IBM Global Services


Process Implementation

What is a process?

ITIL focus on Processes

A process is a sequence of interrelated activities that collectively take an input, add

value to it, and produce an output which achieves a specific objective

CONTROL

ProcessInput Output

ENABLEPeopleToolsKnowledgeResources

PolicyBudgets

...

RequestsIncidentsAlertsRequirements...

Changed environmenta reporta resolved incident..



Student Notebook

Figure 2-3. Process Implementation: A process flows across the organizational hierarchies within a company and sometimes flows across company boundaries SM251.0

Notes:

4

IBM Global Services



A process flows across the organizational hierarchies within a company and sometimes flows across company boundaries




Uempty

Figure 2-4. Process Implementation: Why do we need processes? SM251.0

Notes:

5

IBM Global Services



Why do we need processes?

Process serves as a foundation for the definition of the remaining elements of the management system-organization and technology

Processes capture and document:-Ownership, responsibilities, measurements-Consistent, structured working practices-Policy decisions, scope, and objectives-Clear interfaces and two-way communication paths with other processes, people, and tools

Processes ensure a stable, controlled, repeatable service that can be objectively measured against contract deliverables and service levels

Processes enable:-Efficient and effective service to meet both client and provider needs-Cost and quality improvement

“Service-focused processes enable IT technology and organization to be

managed in ways which facilitate alignment with clients' business objectives.”

“Service-focused processes enable IT technology and organization to be

managed in ways which facilitate alignment with clients' business objectives.”



Student Notebook

Figure 2-5. Process Implementation: What are the benefits? (1) SM251.0

Notes:

6

IBM Global Services



What are the benefits? (1)

Gartner has reported that:-Around 70% of systems management technology implementations fail due to neglect of process and organization considerations

-Approximately 80% of unplanned downtime is caused by process andpeople issues, with the remainder caused by technology failures and disasters

-Up to 70% of ROI derives from process improvements rather than tools

The implementation and continual improvement of effective processes utilizing

best practices enable delivery of a service in which these errors are reduced

”Processes are critical to maintain effective business operations.””Processes are critical to maintain effective business operations.”




Uempty


Notes:

7

IBM Global Services




CustomerCommitments Profitability

EFFICIENCIES

A cross-organizational focus on commitment versus profitability



Student Notebook


Notes:

8

IBM Global Services




A cross-organizational focus on business results and customer satisfaction

• Measurable

• Auditable

• Service Level

Compliant

Delivery Costs Customer Satisfaction




Uempty

Figure 2-8. Process Implementation: Mission-critical changes or reorganizations within an IT corporation require new processes or needs to improve existing processes SM251.0

Notes:

9

IBM Global Services


Process ImplementationMission-critical changes or reorganizations within an IT corporation require new processes or needs to improve existing processes

Which problems do IT organizations face today?

Service costs not allocatable

Difficulties to justify investments

Service improvements not measurable

A few people with too many responsibilities

Reluctance to change organizational culture

Lack of relationship management

Which challenges do IT organizations face today?

Should quality of IT services be improved?

Is a merger with another organization planned?

Are any mission-critical business changes planned?

– Server consolidation

– Additional clients to manage

Is any OS migration planned?



Student Notebook

Figure 2-9. Process Implementation: Continuous processes improvement is also a trigger SM251.0

Notes:

10

IBM Global Services



Continuous processes improvement is also a trigger

Does the IT organization have the capability to provide the required service with

the required quality?

Are IT processes aligned with business processes?

How are main processes integrated with each other?

Are processes clearly defined, documented, and available for all concerned?

Are process inputs measurable and repeatable?

How efficiently is the existing IT organization providing services?

Method and tools used for process modeling and audit?

How are IT processes tool supported?

How difficult will it be to introduce or to change a process?




Uempty

Figure 2-10. Process Implementation: Why implement service management? SM251.0

Notes:

11

IBM Global Services



Why implement service management?

The specific goals of IT are to develop and maintain IT services that:

Develop and maintain good and responsive relationships with the business

Meet the existing IT requirements of the business

Are easily developed and enhanced to meet future business needs, within appropriate timescales and costs

Make effective and efficient use of all IT resources

Contribute to the improvement of the overall quality of IT service within the imposed cost constraints

One of the main objectives of ITIL is to assist IT service provider

organizations “to improve IT efficiency and effectiveness while

improving the overall quality of service to the business within

imposed cost constraints”.

One of the main objectives of ITIL is to assist IT service provider

organizations “to improve IT efficiency and effectiveness while

improving the overall quality of service to the business within

imposed cost constraints”.



Student Notebook

Figure 2-11. Process Implementation: Service and Process SM251.0

Notes:

12

IBM Global Services


Process ImplementationService and Process

Process 3Process 3

Understand

Customer

Requirements

Process 4Process 4

Realize

Solution

Process 5Process 5

Deploy

Solution

Offer

selection,

taking order

Preparing

order

Delivering

order,

monitoring

customer

Process 1Process 1

Manage

Facilities

Preparing

tables

Process 2Process 2

Handle

Customer

Interaction

Greeting and

seating

ServiceService

A delightful

dining

experience

Determine

the required

quality of

service

Implement

required

processes,

tools, and

organization

Providing

applications

and reporting

Building the

infrastructure

Contacting

potential

customerAvailability of

applications




Uempty

Figure 2-12. Process Implementation: Service, Process, Procedure, and work instructions SM251.0

Notes:

13

IBM Global Services


Process ImplementationService, Process, Procedure, and work instructions

A Service can be defined as:

A specific output that provides customer value. It is a measurable product which

is the basis for doing business with customer, and is delivered through a series

of processes, or activities, or both.

A Process can be defined as:

a connected series of actions, activities, changes, and so on, performed by

agents with the intent of satisfying a purpose or achieving a goal.

A Procedure is a description of logically related activities, and who carries them

out. A procedure may include stages from different processes. A procedure

defines who does what, and varies depending on the organization.

A set of work instructions defines how one or more activities in a procedure

should be carried out.



Student Notebook

Figure 2-13. Process Implementation: Project Management SM251.0

Notes:

14

IBM Global Services



Project Management

When implementing new processes in an organisation, there are benefits to

running the activity as a project.

One of the benefits of adopting a project approach to this activity is that it is

possible to undertake the necessary investigations and have designated

decision points where a decision can be made to continue with the project,

change direction, or stop.

A project can be defined as:

”A temporary organization that is needed to achieve a predefined

result at a predefined time using predefined resources.“

A project can be defined as:

”A temporary organization that is needed to achieve a predefined

result at a predefined time using predefined resources.“




Uempty

Figure 2-14. Process Implementation: Factors who will influence the success of an ITSM project SM251.0

Notes:

15

IBM Global Services



Factors who will influence the success of an ITSM project

1. Process

2. Infrastructure

3. Staff

4. Customers

5. Strategy

6. Culture &

Organization

1. Process

2. Infrastructure

3. Staff

4. Customers

5. Strategy

6. Culture &

Organization

6

2

4

3

1

5



Student Notebook

Figure 2-15. Process Implementation: People SM251.0

Notes:

16

IBM Global Services


Process Implementation People

implement the staff training plan and make this an ongoing activity, focusing on both social and technical skills

assign roles within the ITIL model to people, and make this part of their function description

delegate tasks and authorizations as low as possible in the organisation.

Authority matrix: The ARCI model

A – accountabilitycontrol the results of a process

R – responsibilityis responsible for the process and process activities

C – consultedprovide expertise, know-how to enable process

I – informedis informed about the process and the process quality




Uempty

Figure 2-16. Process Implementation: Each task within a process is executed by a role SM251.0

Notes:

17

IBM Global Services



Each task within a process is executed by a role

Typical roles within IT Service Management (ITSM)

Process owner

Process manager

Process team member (internal and external)



Student Notebook

Figure 2-17. Process Implementation: ITSM Project (1) SM251.0

Notes:

18

IBM Global Services



ITSM Project (1)

Before starting a project, an organization should have a vision about

what the results are intended to be.

By defining the means necessary to achieve the project result, it is

possible to isolate these assets (people, budget, and so on) from the

day-to-day activities. This increases the success rate of the project.




Uempty

Figure 2-18. Process Implementation: ITSM Project (2) SM251.0

Notes:

19

IBM Global Services



ITSM Project (2)

The following process model should be used by the organization as the

framework for the process improvement/introduction project.

Where do we

want to be?

How do we get

where we want

to be?

Where are we

now?

How do we

know we have

arrived?

Visions and

business

objectives

Assessments

Process change

Metrics



Student Notebook

Figure 2-19. Process Implementation: From the above model, 5 phases of a ITSM project are definable SM251.0

Notes:

20

IBM Global Services



From the above model, 5 phases of a ITSM project are definable

Assessment the current situation

Production of the project plan

Definition of processes

-Process model

-Procedures

-Authority matrix

-Management information

-Quality assurance methods

-Support tools

Specification

-Roles and

responsibilities-Management reports

-Procedures-Tool

Implementation/Improvement

Project Review

Org

an

iza

tion

Co

mm

un

icatio

n S

trate

gy




Uempty

Figure 2-20. Process Implementation: Ongoing quality improvement SM251.0

Notes:

For quality improvement, Deming proposed the Deming Cycle (or Circle). The four key stages are plan, do, check, and act, after which a phase of consolidation prevents the “circle” from “rolling down the hill” as illustrated in the figure. The consolidation phase enables the organization to take stock of what has been taking place and to ensure that improvements are embedded. Often, a series of improvements have been made to processes that require documentation (both to allow processes to be repeatable and to facilitate recognition of the achievement of some form of quality standard).

21

IBM Global Services



Ongoing quality improvement

Quality

improvement

Time Scale

Ma

turi

tyL

ev

el

PlanDo

Check Act

Consolidation of the level reached

(e.g ISO 9001, BSI)

Quality AssuranceP = Plan

D = Do

C = Check

A = Act

Continuous

step by step

The Deming Cycle

Clockwise direction

INITIAL 1

REPEATABLE 2

DEFINED 3

MANAGED 4

OPTIMIZED 5



Student Notebook

Figure 2-21. Process Implementation: Communication Plan SM251.0

Notes:

Managing change can only succeed with the correct use of communication. A Service Management project will involve a lot of people but, typically, the outcome will affect the working lives of many more. Implementing or improving Service Management within an organization requires a change of mindset by IT management and IT employees as well as IT customers and users. Communication around this transformation is essential to its success.

In order to ensure that all parties are aware of what is going on and can play a relevant part in the project, it is advisable to clarify how the project will communicate with all interested parties. A well-planned and executed communication plan will have a direct positive contribution to the success of the project.

A good communication plan should be built on a proper concept of what communication is. Communication is more than a one-way information stream. It requires continuous attention to the signals (positive and negative) of the various parties involved. Managing communications effectively involves the following nine steps:

22

IBM Global Services



Communication Plan

Managing change can only succeed with the correct use of communication.

In order to ensure that all parties are aware of what is going on and can play a relevant part

in the project, it is advisable to clarify how the project will communicate with all interested

parties.

Managing communications effectively involves the following nine steps:

Describe the communications process in the change process from the start

Analyze the communication structure and culture

Identify the important target groups

Assess the communication goals for each target group

Formulate a communication strategy for each target group

Choose the right communication media for each target group

Write a communication plan

Communicate

Measure and redirect if necessary.




Uempty
• Describing the communications process in the change process from the start
• Analyzing the communication structure and culture

• Identifying the important target groups

• Assessing the communication goals for each target group

• Formulating a communication strategy for each target group

• Choosing the right communication media for each target group

• Writing a communication plan

• Communicating

• Measuring and redirecting if necessary.

A communication plan describes how target groups, contents, and media are connected in a timeframe. Much like a project plan, a communication plan shows how actions, people, means, and budgets are to be allocated for the communication process.



Student Notebook

Figure 2-22. Process Implementation: Global Consideration SM251.0

Notes:

23

IBM Global Services



Global Consideration

Process

Product

People

High-level

process modelDetailed

process description

Process

implementation

Define tool

requirementsTool selection

Installation &

configuration

Awareness ITIL trainingProcess

workshops

Ass

ess

Pro

ject

pla

n

Sig

n Off

Sig

n Off

Rev

iew




Uempty

Figure 2-23. Process Implementation: Process Description SM251.0

Notes:

24

IBM Global Services



Process Description

To document processes, the following should be described:

A description of related activities with a defined goal

Which input for the process

Interfaces to other processes

Definition of process parameters (who, where, what, when)

The benefits of process description:

Process integrity

Consistent view

Comparable procedures

Easy check and review



Student Notebook

Figure 2-24. Process Implementation: High-Level Design of a Process SM251.0

Notes:

25

IBM Global Services



High-Level Design of a Process

Evaluation(Control points, parameters, attributes)

Activities Inputs Outputs

Process goals and

implementation strategies

Organization strategy

Organization targets




Uempty

Figure 2-25. Process Implementation: A Process Implementation considers both an initial process design and an improvement of the existing environment SM251.0

Notes:

26

IBM Global Services


Process Implementation A Process Implementation considers both an initial process design and an improvement of the existing environment

Inputs / Premises

– High-level process flow

– Procedures

– Roles and responsibilities

– Tool (installed and configured)

– Personal (skills and know-how)

– Management commitment

– Enabler team in relation to the ”authority matrix“

– Awareness und acceptance by customer/user

Develop a training plan

– Define target groups

– Define training content after

workshops

Develop a timetable

– Setup of workshops and training events

– Presentations

– Handouts and documents

– Marketing material

Plan of workshops and deployment

Specify time and goals of coaching

phase

Plan of the Initial Process Review and

Adjustment phase



Student Notebook

Figure 2-26. Process Implementation: A review is important for quality assurance SM251.0

Notes:

27

IBM Global Services


Process Implementation A review is important for quality assurance

Post-Project Review

Achievement of the project's objectives

Performance against plan (estimated time and costs versus actuals)

Effect on the original plan and business case over the time of the project

Statistics on issues raised and changes made

Total impact of changes approved

Statistics on the quality of the work carried out (in relation to stated

expectations)

Lessons learned

Auditing for compliance using defined quality parameters and metrics




Uempty

Figure 2-27. Process Implementation: A review is important for quality assurance SM251.0

Notes:

As the project draws to a close, it is important to analyze how the project was managed and to identify lessons that were learned along the way. This information can then be used to benefit the project team as well as the organization as a whole. An End Project Report typically covers:

• Achievement of the project's objectives

• Performance against plan (estimated time and costs versus actuals)

• Effect on the original plan and business case over the time of the project

• Statistics on issues raised and changes made

• Total impact of changes approved

• Statistics on the quality of the work carried out (in relation to stated expectations)

• Lessons learned

• A post-project review plan

28

IBM Global Services


Improve

Define

Control

Evaluate

ITIL Best Practices

Service Management



Student Notebook

Post-project review

The business case will have been built from the premise that the outcome of the project will deliver benefits to the business over a period of time. Thus, delivery of benefits needs to be assessed at a point after the project products have been put into use. The post-project review is used to assess whether the expected benefits have been realized, as well as to investigate whether problems have arisen from use of the products.

Each of the benefits mentioned in the business case should be assessed to see how well, if at all, it has been achieved. Other issues to consider are whether there were additional benefits, or unexpected problems. Both of these can be used to improve future business cases.

If necessary, follow-up actions may be identified to improve the situation that then exists.

Auditing for compliance using quality parameters

Process quality parameters can be seen as the “operational thermometer” of the IT organization. Using them, you can determine whether the IT organization is effective and efficient. Quality parameters need to be quantified for your own circumstances. However, this task will be easier once you have determined the required service levels and internal service requirements. There are two types of quality parameters: process-specific and generic.

Generic quality parameters for IT Service Management:

Generic quality parameters that need to be considered include:

• Customer satisfaction

• Staff satisfaction

• Efficiency

• Effectiveness

Appropriate information should be collected to rate the organization’s performance relative to these parameters. The nature of the information required will vary depending on how you decide to judge each aspect, but what information is required should be clearly thought through from the start of the project so that measurement is possible during the post-project review.

Process-specific parameters

Process-specific metrics for each process are discussed in each of the process-specific chapters of this book.




Uempty

Figure 2-28. Process Implementation: Critical success factors SM251.0

Notes:

29

IBM Global Services


Process Implementation Critical success factors

Successful Service Management processes should:

Be of sound design, adapted to the culture of the organization in question,

but rigorous in their expectation of discipline in the manner of their following

Provide a good understanding of the customer requirements, concerns, and

business activities, and deliver business-driven rather than technology-

driven services

Enhance customer satisfaction

Improve value for money, resource utilization, and service quality

Deliver an infrastructure for the controlled operation of ongoing services by

formalized and disciplined processes

Equip staff with goals and an understanding of customers' needs



Student Notebook

Figure 2-29. Process Implementation: Possible problems SM251.0

Notes:

30

IBM Global Services


Process Implementation Possible problems

Problems with Service Management processes that may be encountered include:

Excessively bureaucratic processes, with a high percentage of the total

support headcount dedicated to administering Service Management

Inconsistent staff performance for the same process (often accompanied by

noticeable lack of commitment to the process from the responsible staff)

Lack of understanding on what each process should deliver

No real benefits, service-cost reductions, or quality improvements arising

from the implementation of Service Management processes

Unrealistic expectations, so that service targets are rarely hit

No discernible improvement




Uempty

Figure 2-30. Process Implementation: Project costs SM251.0

Notes:

When building the business case for a project, it is essential to be clear about what the project costs are, and what the ongoing running costs of the Service Management processes will be. Project costs are one-off costs, while the running costs form a commitment for the organization that may involve long-term contracts with suppliers.

The costs of implementing IT Infrastructure Library processes clearly vary according to the scale of operations. The costs associated with the implementation and running of the processes are roughly categorized as follows:

• Project management costs

• Project delivery costs (consultancy fees, project team for implementation, process owner)

• Equipment and software

• Training costs (including awareness, training in specific tools, and training in business awareness)

• Documentation costs

31

IBM Global Services


Process Implementation Project costs

The costs associated with the implementation and running of the processes are

roughly categorized as follows:

Project management costs

Project delivery costs (consultancy fees, project team for implementation,

process owner)

Equipment and software

Training costs (including awareness, training in specific tools, and training in

business awareness)

Documentation costs

Ongoing staff and accommodation costs (for running the processes,

including subsequent training needs).



Student Notebook

• Ongoing staff and accommodation costs (for running the processes, including subsequent training needs)

The costs of failing to provide effective processes can be considerable.




Uempty
Unit 3. Service Desk (SPOC)

This unit is an introduction to the Service Desk, the single point of contact between the users and the IT Services organization.


After completing this unit, you should be able to think about the responsibilities and obligations of the service desk, and understand the benefits of the ITIL framework.


© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-1

Student Notebook

Figure 3-1. Unit 03: Service Desk (SPOC) SM251.0

Notes:

2

IBM Global Services


Unit 03Service Desk (SPOC)

Content:

Service Desk – objective and overview

Responsibilities and obligations

Important aspects

– User interaction

– Service Desk technologies

– Operational standards

– Implementation considerations

Costs, benefits, risks

Best practices

Summary




Uempty

Figure 3-2. Service Desk: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Service DeskIntegration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms



Student Notebook

Figure 3-3. Service Desk: The Service Desk is the Single Point of Contact [SPOC] between the users and the IT Services OrganizationSM251.0

Notes:

4

IBM Global Services


Service DeskThe Service Desk is the Single Point of Contact [SPOC] between the users and the IT Services Organization

ITIL defines customers and users

Customers

People (generally senior managers) who commission, pay for, and own

the IT services, sometimes referred to as "the business"

Users

People who use the services on a day-to-day basis

Users

Customers

IT Service Organization

Service Desk

....ChangeProblemIncident




Uempty

Figure 3-4. Service Desk: Mission Statement SM251.0

Notes:

5

IBM Global Services


Service Desk

Mission Statement

The Service Desk is the focal point for all service

requests from the business users to the IT organization

To record and manage the life cycle of incidents, with an

emphasis in rapid restoration of service with minimal

business impact, a Service Desk or Service Desk

organization is recommended. Help Desk, Service Line, and

First-Level Support are used as synonyms for Service Desk.

For the users, the Service Desk is there to:

provide a central communication interface

recover interrupted service as soon as possible

Service Desk asSingle Point of Contact

Requests

Incidents

Requests

Incidents



Student Notebook

Figure 3-5. Service Desk: The Service Desk is traditionally seen as a group of specialists who have the required knowledge to process any kind of request or incident SM251.0

Notes:

6

IBM Global Services


Service Desk

The Service Desk is traditionally seen as a group of specialists who have the required knowledge to process any kind of request or incident

The Function Service Desk can reach a high efficiency using the following

measures:

Definition of the “service” mentality in the Service Desk documentation. The

task of the Service Desk does not only consist of “resolving an incident”, but

mainly in the “immediate recovery of the user’s service”.

Definition of clear processes to support the activities of Service Desk

members (Incident Management process).

Definition of close relationships between Service Desk and other important

ITSM processes, such as Problem Management.

The importance of the Service Desk is seen particularly in its special role as

interface between IT and the user; thus the Service Desk represents the IT

organization from the user’s point of view.




Uempty

Figure 3-6. Service Desk: The Importance of the Service Desk SM251.0

Notes:

7

IBM Global Services


Service Desk

The Importance of the Service Desk

The Service Desk

.... directly performs customer-oriented service.

.... interacts with the users.

.... is a decisive factor of the acceptance of IT.

.... strives to provide a faster and more direct incident recovery.

.... coordinates second- and third-level support.

.... recognizes the current needs of the user.

.... performs organized support, instead of disorganized support performed in a rush.

.... is able to organize support with high availability economically.

.... centrally evaluates incident reports.

.... proves the effectiveness of changes and improvements performed.

.... recognizes problems early.

.... reduces customer requests on a long-term basis.

.... supplies information about IT productivity.



Student Notebook

Figure 3-7. Service Desk: Communication SM251.0

Notes:

8

IBM Global Services


Service Desk

Communication

Communication is key for quality of service.

The Service Desk informs about:

current status of services

usability

planned changes

Service quality supports customer relations.

Because of the importance of communication with users, IT services demands a position which fulfils this task with.....

.... dedication

.... and especially competency..

The Service Desk is a function of

Service Management and not a

process within Service Management.

This function is held by an internal

organization unit.

SPOC – Single Point of Contact.

All requests, information, wishes,

claims, complaints, requirements, and

so on, are transferred via the Service

Desk to the relevant departments, and

information is passed from there via

the Service Desk to the customer.

Communication is one of the success factors for IT services management.




Uempty

Figure 3-8. Service Desk: Service Desk Responsibility SM251.0

Notes:

9

IBM Global Services


Service Desk

Service Desk Responsibility

The Service Desk is responsible for:

Servicing the user contact point

Controlling incident recovery

Supporting the running of the business

Providing management information

SPOC

Incident Mgmt

1st Level Support

Reporting



Student Notebook

Figure 3-9. Service Desk: Service Desk Activities SM251.0

Notes:

10

IBM Global Services


Service Desk

Service Desk Activities

Call handling

Recording and tracking service requests, including incidents, until closure

and verification with the user

Requesting incident classification and initial support, including forwarding to

second level, within Service Level Agreements (SLA)

Keeping customer informed on request status and priority

Initiating escalation procedures in relation to the SLA

Coordinating incident handling until resolution with 2nd- and 3rd-line support

Helping to identify problems by recording all incidents

Providing management information and recommendations for service

improvement

Communicating planned changes to users




Uempty

Figure 3-10. Service Desk: Processes within the Service Desk SM251.0

Notes:

11

IBM Global Services


Service Desk

Processes within the Service Desk

useruser useruser

creation of ticket advise, information if required, delivery of information materialrequestrequestinformed

user

informeduser

initiation of follow-up actionscomplaint

entryhandling satisfied

user

satisfieduser

recover satisfactioncomplaintcomplaint

registration, analysis

customerinformation

direct solution

tracking and escalation

2nd level satisfieduser

satisfieduser

transfer callbackdocumen-

tationincidentincident

entryentitlement

checkchange user with

change

user with change

initiation of measuresadmin request

admin request



Student Notebook

Figure 3-11. Service Desk: Inputs and Outputs SM251.0

Notes:

12

IBM Global Services


Service Desk

Inputs and Outputs

Management

information and monitoring

Request via

e-mail/voice/

video

Telephone

requestsRequests via

Internet/

browser

Fax

requestsHardware/

application

events

External

service

support

Product

support

Sales &

Marketing

Contract

support

Internal

service

support

Service DeskEscalations




Uempty

Figure 3-12. Service Desk: There are 3 Service Desk Types (1): the Local Service Desk SM251.0

Notes:

These three slides describe the key factors of each service desk type.

13

IBM Global Services


Service Desk

There are 3 Service Desk Types (1):the Local Service Desk

Establishment of identical

processes and procedures in

all locations

Transfer of local skills to

other Service Desks

Assurance of compatibility of

hardware, software, and

network

Usage of identical escalation

processes and identical

codes for impact, severities,

priorities, and status in all

locations

User 1 User 2 User 3

Desktop

Support

Network

Support

Application

SupportSystem &

Operation

Support

Vendor

Support

Local

Service DeskFirst-Level-Support

There is no “universal” type of Service Desk. Choosing which one to adopt depends on a number of factors:



Student Notebook

Figure 3-13. Service Desk: There are 3 Service Desk Types (2): Central Service Desk SM251.0

Notes:

14

IBM Global Services


Service Desk

There are 3 Service Desk Types (2): Central Service Desk

Reduced

operational

costs

Consolidated

management

overview

Improved usage

of available

resources

Customer

location 1

Customer

location 2

Customer

location 3

Desktop

support

Network

support

Application

support

System &

operation

support

Other

manufacturer

support

Central

Service DeskFirst-level support

Second-level support




Uempty

Figure 3-14. Service Desk: There are 3 Service Desk Types (3): Virtual Service Desk SM251.0

Notes:

15

IBM Global Services


Service Desk

There are 3 Service Desk Types (3):Virtual Service Desk

“Follow the sun”

Common, agreed-on

language should be

used for data entry

Depends on the

technology in use

(not every tool is

able to build a VSD)

Seattle Service Desk

Amsterdam

Service-Desk

Sydney

Service Desk

location 1 location ‘n’

Service

Management

database

remote user

local user

other manufacturer/

supplier

service desks

Virtual

Service Desk



Student Notebook

Figure 3-15. Service Desk: User empowerment (self-help) enhances customer satisfaction while lowering support cost SM251.0

Notes:

16

IBM Global Services


Service Desk

User empowerment (self-help) enhances customer satisfaction while lowering support cost

User value:

Empowers them with ability to resolve problems at their own pace

Benefit from the ability to get assistance in context

Spend less time on call resolution

Avoids costly and inconvenient re-imaging solutions

Consistent 7x24 support experience

Support Center Value:

Self-support tools and self-healing tools eliminate calls to the call center

Arms the agent with information about the user prior to initiating contact

Remote control and chat improve agent productivity

Increases customer satisfaction

Reduces dependency on desk-side support

Allows support professionals to focus on the incidents that do require

assistance




Uempty

Figure 3-16. Service Desk: A crucial success factor is standardized working methods SM251.0

Notes:

17

IBM Global Services


Service Desk

A crucial success factor is standardized working methods

In order to ensure efficiency, person-independent quality, integrity of data, and

traceability, a highly standardized working method is necessary.

Therefore, actions are mainly performed:

supported by tools

with electronic forms

on standard solution and configuration databases

For help, one can refer to a support manual, which contains all procedures and

necessary information.



Student Notebook

Figure 3-17. Service Desk: Setting up a Service Desk SM251.0

Notes:

18

IBM Global Services


Service Desk

Setting up a Service Desk

For the conceptual design of a Service Desk, you will have to consider the following points:

Number of expected calls

Structure of the Service Desk: central or local

Tools (hardware, software, and telephone systems)

The way business operates, and working procedures of the users

Service Desk processes

Workload distribution between first-, second-, and third-level support

Know-how of Service Desk team

For setting up a Service Desk, the following points have to be considered:

Business goals that users aim for

Support by management

Involvement of users to find a common understanding

Involvement of members of staff

Explain to those involved the benefits and their responsibilities

In project management quick wins, several phases with defined milestones

Marketing of new services




Uempty

Figure 3-18. Service Desk: Benefits and Costs SM251.0

Notes:

19

IBM Global Services


Service Desk

Benefits and Costs

Benefits:

Complete incident control

Effective support of the specialist department

Higher user productivity

Improved relationship between IT and users

Significant management information

Costs:

Costs vary depending on type and volume of Service Desk tasks

Include purchase price for hardware, software, employees, and

premises; and current costs for employees, premises and

telephony



Student Notebook

Figure 3-19. Service Desk: Risks SM251.0

Notes:

20

IBM Global Services


Service Desk

Risks

Without Service Desk:

Users don’t know whom to contact in

case of an incident

Incidents are not registered and get

forgotten

Incident escalation cannot be

addressed properly

IT specialists are interrupted by user

calls

Higher effort for resolving problems

No conclusive management

information

With Service Desk:

The Service Desk could become a

bottleneck when there are more

incidents or users than expected

User still contact the specialists if they

had been doing this in the past

Tensions between Service Desk and

other IT service fields are likely,

especially if the Service Desk does

not escalate in compliance with

regulations or even report directly to IT

management




Uempty

Figure 3-20. Service Desk: Best Practices SM251.0

Notes:

21

IBM Global Services


Service Desk

Best Practices

Standardized documentation of caller data

Automatic ID allocation of the request; sending of return receipt and feedback form

Selective administration of user data in the Configuration Management Data Base

Usage of CTI and ACD technologies (voice calls, routing, and so on)

Utilization of system monitoring for early detection of service impairment

Staff from second-level support are temporarily deployed in Service Desk

Large Service Desks are structured in teams with special know-how and are

supported by skill routing

Working with super users

CTI = Computer Telephony Integration

ACD: Automatic Call Distribution



Student Notebook

Figure 3-21. Service Desk: Summary SM251.0

Notes:

22

IBM Global Services


Service Desk

Summary

Service Desk is a function, not a process within Service Management

Service Desk is the focal point for all service requests from business users directed

to the IT organization (including third-party providers), and manages them within

Service Level Agreements

Service Desk responsibilities include:

– Single Point of Contact (SPOC)

– Incident Management

– First-level support

– Reporting

Service Desk is the window on the level of service offered by the IT organization to

the business

Keeps users up-to-date with the status of their service request

Provides management information on relevant topics regarding the service

Three Service Desk types: Local, Central, and Virtual Service Desk




Uempty
Unit 4. Incident Management

This unit is an introduction to Incident Management, and its relationship with the Service Desk.


After completing this unit, you should be able to think about the responsibilities and obligations of this service, and understand the benefits of the ITIL framework.


© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-1

Student Notebook

Figure 4-1. Unit 04: Incident Management SM251.0

Notes:

2

IBM Global Services


Unit 04Incident Management

Content:

Incident Management – objective and overview

Some definitions


Important aspects:

– Incident lifecycle

– Incident recording

– Incident priority

– Escalation

Benefits and risks

Best practices

Summary




Uempty

Figure 4-2. Incident Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Incident ManagementIntegration into the IPW Model




Student Notebook

Figure 4-3. Incident Management: Mission statement SM251.0

Notes:

4

IBM Global Services


Incident ManagementMission statement

The primary goal of incident management is to restore normal service operation, within Service Level Agreement limits, as quickly as possible, after an incident has occurred to that service, and minimize the adverse impact on business operations.

Practice shows that handling both of failures in the infrastructure and of service requests is similar, and both are therefore included in the definition and scope of the process for Incident Management.

The Service Desk is responsible for monitoring the resolution process of all registered incidents; indeed the Service Desk is the owner of all incidents. The process is mostly reactive. To react efficiently and effectively therefore demands a formal method of working that can be supported by software tools.

Goals of Incident Management:Restore the service as quickly as possible.

Minimum disruption to users’ work

Management of an incident during its entire lifecycle

Support of operational activities




Uempty

Figure 4-4. Incident Management: Definition: Incident, Problem and “Known Error” SM251.0

Notes:

5

IBM Global Services


Incident ManagementDefinition: Incident, Problem and “Known Error”

Incident

An event, not part of the standard operation of a service, which causes, or may

cause, an interruption or reduction in the quality of that service

Problem (Unknown Error)

The unknown cause of one or more incidents

(which are not resolved in any case when finalizing the incident)

Normally a problem record is raised only if investigation is warranted.

“Known Error”

A problem which is successfully diagnosed and for which a workaround has been

identified



Student Notebook

Figure 4-5. Incident Management: Tasks SM251.0

Notes:

Help desk and incident control: Even if the incident is transferred to second- or third-level support, the service desk is responsible for the management of the incident, giving feedback to the user, and so on.

6

IBM Global Services


Incident ManagementTasks

Incident

Management

Incident Incident

ManagementManagement

User InterfaceUser Interface

Problem ManagementProblem Management

Management Management

InformationInformation

Support of Support of

operational operational

processesprocesses

Incident ControlIncident Control




Uempty

Figure 4-6. Incident Management: Activity incident handling SM251.0

Notes:

Incident management activities:

• Incident handling

• To restore normal working conditions as quickly as possible

• Incident monitoring

• Registration of incidents

7

IBM Global Services


Incident ManagementActivity incident handling

Identification and

registration of incidents

Service

Request?

Service Request

Procedure

Incident closure

Yes

First classification

and support

No

Troubleshooting

and recovery

Analysis and diagnosis

Inc

ide

nt

ow

ners

hip

, m

on

ito

rin

g,

tra

ck

ing

,

an

d c

om

mu

nic

ati

on

Progress control

Reporting

Quality assurance

Responsibility



Student Notebook

Figure 4-7. Incident Management: The status of an incident reflects its current position in its lifecycle SM251.0

Notes:

The status of an Incident reflects the current position in its lifecycle, sometimes known as its workflow position. Everyone should be aware of each status and its meaning. Some examples of status categories might include:

• New

• Accepted

• Scheduled

• Assigned/dispatched to specialist

• Work in progress (WIP)

• On hold

• Resolved

• Closed

8

IBM Global Services


Incident ManagementThe status of an incident reflects its current position in its lifecycle

Incident detection

and recording

Service

Request?

Service Request

Procedure

Incident closure

Yes

Classification

and initial support

No

Resolution

and recovery

Investigation and

diagnosis

new

accepted

planned

assigned

in process

on hold

solved

closed




Uempty
Throughout an Incident lifecycle, it is important that the incident record be maintained. This allows any member of the service team to provide a customer with an up-to-date progress report. Examples of update activities include:
• Update history details

• Modify status (such as “new” to “work-in-progress” or “on hold”)

• Modify business impact or priority

• Enter time spent and costs

• Monitor escalation status

An originally reported customer description may change as the incident progresses. It is, however, important to retain the description of the original symptoms, both for analysis and so that you can refer to the complaint in the same terms used in the initial report. For example, the customer may have reported a printer not working, which is found to be have been caused by a network failure. When responding to the customer, it is better initially to explain that the printer incident has been resolved rather than to talk about resolution of network problems.



Student Notebook

Figure 4-8. Relationship with other IT services SM251.0

Notes:

9

IBM Global Services


Classification and initial supportClassification and initial support

Incident detection and recordingIncident detection and recording

Report of an incident

Investigation and diagnosisInvestigation and diagnosis

Incident closureIncident closure

Process for Service Request

Ow

ne

rsh

ip,

tra

ck

ing

,

eva

lua

tio

n,

info

rma

tio

n

Ow

ne

rsh

ip,

tra

ck

ing

,

eva

lua

tio

n,

info

rma

tio

n

Service

Request?

CMDBCMDB

Service Desk Data center

operation

Data center

operation Net operationNet operation

OrganizationOrganization

Other sourcesOther sources

Change

Management

Problem

errors

DB

Problem

errors

DB

Problem

Management

Resolution and recoveryResolution and recovery




Uempty

Figure 4-9. Incident Management: Use of standard registration, documentation, and methods is basis of success SM251.0

Notes:

10

IBM Global Services


Incident ManagementUse of standard registration, documentation, and methods is basis of success

Data about an incident

Reporter of the incident

Name, user ID

Phone number

Department

Department number

Affected person

Incident ID

Date, time

Status

Effect, severity,

priority

Service Level

Affected system

Inventory number, CI ID

Class/ type/ model

Symptom description

Category

Free text description

Problem editor

Transfer to

Performed actions

Solution

Date, time

Category

History

Identification &


Service

Request?

Service Request

Procedure

Incident Closure

Yes


and support

No

Troubleshooting and recovery




Student Notebook

Figure 4-10. Incident Management: Classification: Find service affected, match against SLA, and assign priority SM251.0

Notes:

One of the important aspects of managing an incident is to define its priority: how important it is, and its impact on the business. The responsibility for its definition lies with Service Level Management within the parameters set in the Service Level Agreement (SLA). The priority with which incidents need to be resolved, and therefore the amount of effort to be put into the resolution of, and recovery from, incidents, will depend upon:

• Impact on the business

• Urgency to the business

• Size, scope, and complexity of the incident

• Resource availability, for coping in the meantime, and for correcting the fault.

Impact is a measure of the business criticality of an incident or problem, often equal to the extent to which an incident leads to degradation of agreed service levels. Impact is often measured by the number of people or systems affected. Criteria for assigning impact should be set up in consultation with the business managers and formalized in SLAs.

11

IBM Global Services


Incident ManagementClassification: Find service affected,match against SLA, and assign priority

Classification:

Impact

– Reflects business criticality of the incident

– Reflects extent to which an incident leads to degradation of SLA, such as number of users that suffer

Urgency

– Reflects required speed of solving an incident

Workload

– Reflects expected effort to solve the incident

Priority

– Reflects order in which to solve the incidents

Priority = Impact x Urgency

Identification &


Service

Request?

Service Request

Procedure

Incident Closure

Yes


and support

No

Troubleshooting and recovery





Uempty

Figure 4-11. Incident Management: Priority order for handling incidents is primarily defined by impact and urgency SM251.0

Notes:

12

IBM Global Services


Incident ManagementPriority order for handling incidents is primarily defined by impact and urgency

A simple priority matrix example

Priority 4Limited damage,

does not need

to be recovered

immediately

Priority 3Significant damage,

does not need

to be recovered

immediately

Priority 1Significant

damage, must be

recovered

immediately

Priority 2Limited

damage, should

be recovered

immediately

Impact

Urg

en

cy



Student Notebook

Figure 4-12. Incident Management: Each priority is related to a certain recovery time… SM251.0

Notes:

13

IBM Global Services


Incident ManagementEach priority is related to a certain recovery time…

Priority 1: Significant damage, must be

recovered immediately

Priority 2: Limited damage, should be

recovered immediately

Priority 3: Significant damage, does not

need to be recovered immediately

Priority 4: Limited damage, does not need

to be recovered immediately

1 hour

4 hours

2 hours

8 hours




Uempty

Figure 4-13. Incident Management: … This results in an appropriate escalation SM251.0

Notes:

Escalation is the mechanism that assists timely resolution of an incident. It can take place during every activity in the resolution process.

There are two levels of escalation possible:

• Hierarchical (vertical escalation): for example, asking management for more human resources, equipment, or both (exception)

• Functional (horizontal escalation): for example, ask a specialist (second-line support)

Transferring an incident from first-line to second-line support groups or further is called functional escalation, and primarily takes place because of a lack of knowledge or expertise. Preferably, functional escalation also takes place when agreed time intervals elapse. The automatic functional escalation based on time intervals should be planned carefully and should not exceed the (SLA) agreed resolution times.

Hierarchical escalation can take place at any moment during the resolution process when it is likely that the resolution of an incident will not be in time or satisfactory. In case of a lack of knowledge or expertise, hierarchical escalation is generally performed manually (by the

14

IBM Global Services


Incident Management… This results in an appropriate escalation

Information / Support

(Escalation)

Transfer or integration of further knowledge carriers

Managing

Board

Incident Mgt.Hierarchical

Escalation

Functional

Escalation

Functional versus hierarchical escalation



Student Notebook

Service Desk or other support staff). Automatic hierarchical escalation can be considered after a certain critical time interval, when it is likely that a timely resolution will fail. Preferably, this takes place long enough before the (SLA) agreed resolution time is exceeded so that corrective actions by authorized line management can be carried out, for example hiring third-party specialists.




Uempty

Figure 4-14. Incident Management: Escalation SM251.0

Notes:

15

IBM Global Services


Incident ManagementEscalation

Objective of an escalation or escalation procedure is the avoidance or minimizing of material or immaterial damage. The definition of an escalation comprises:

escalation trigger

escalation measures

escalation levels

The combination of the three keys results in an

escalation matrix with escalation paths

The escalation procedures should be clearly agreed between all involved parties. Escalation can usefully improve service provision only if it is accepted by all parties.

Escalation should not be misused as a proof of guilt.



Student Notebook

Figure 4-15. Incident Management: Escalation – Trigger and Measures SM251.0

Notes:

16

IBM Global Services


Incident ManagementEscalation – Trigger and Measures

Escalation triggerThe escalation trigger indicates at which opportunity, state, or incident the procedure of processing a problem will be intensified, increased, or changed in order to recover the service.

after exceeding the reaction time

one hour before the expiration of the recovery time

when exceeding the recovery time

after the third transfer

VIP

Escalation measuresOnce an escalation has been released, incident processing is intensified, increased, or changed in order to recover the service. This results in raising of three general possible measures:

Organisational measurements, such as calling in third level or the vendor;

Information, such as to the higher hierarchical level;

Increased assignment of resources: budget, staff, material




Uempty

Figure 4-16. Incident Management: Escalation – Escalation Levels SM251.0

Notes:

17

IBM Global Services


Incident ManagementEscalation – Escalation Levels

Escalation Levels

Escalation levels ensure that for repeated occurrences of an escalation trigger,

the according measures are intensified, increased, or changed.

Reasons for increasing the escalation level can be the following:

threatening exceeding or already expired reaction time;

threatening exceeding or already expired recovery time;

very high priority of the disrupted service



Student Notebook

Figure 4-17. Incident Management: Escalation – Example of an Escalation Matrix SM251.0

Notes:

18

IBM Global Services


Incident ManagementEscalation – Example of an Escalation Matrix

5

4

3

2

1

Priority

measures

to informnot urgent

and not

important

measures

to informnot urgent

and important

measures

to informurgent and

not important

measures

to informurgent and

important

measures

to informvery urgent

and very

important

Measures

43210

Escalation steps




Uempty

Figure 4-18. Incident Management: Input and Output SM251.0

Notes:

19

IBM Global Services


Incident ManagementInput and Output

Input

Incident reports from Service Desk

and Monitoring

Information about users, system

configuration, service levels

Information about solutions, tested

workarounds

Information about changes

performed

Output

Requests for change to Change

Management

Information about incidents or

problems to Problem Management

Solved and closed incidents

Information to the user

Reports to management



Student Notebook

Figure 4-19. Incident Management: Benefits SM251.0

Notes:

20

IBM Global Services


Incident ManagementBenefits

Reduced business impact of incidents by timely resolution

Proactive identification of possible enhancements

Management information related to business-focused SLA

Improved monitoring

Improved management information related to aspects of service

Better staff utilization: no more interruption-based handling of incidents

Elimination of lost incidents and service requests

Better CMDB information

Better user/customer satisfaction




Uempty

Figure 4-20. Incident Management: Risks SM251.0

Notes:

21

IBM Global Services


Incident ManagementRisks

Potential problem areas:

No management/staff commitment, hence no resources

Lack of clarity of business needs

Badly-defined service goals

Working practices not reviewed or changed

No service levels defined with customer

Lack of knowledge on resolving incidents

The quality of the Configuration Database

No integration with other processes

Resistance to using process



Student Notebook

Figure 4-21. Incident Management: Best Practices SM251.0

Notes:

The integration with Service Level management means that the service desk is aware of the availability and constraints within the provision of services.Some service desks may have just a "dispatching" role concerning incoming calls, and other individuals may then have to handle the incoming incidents from a technical point of view. It would be preferable, however, to have broad-skilled service desk operators who do handle the incidents themselves, rather than just registering calls and routing them.Interpersonal skills are essential for service desk personnel, as every contact with the customer is an opportunity to improve the customer’s perception of the IT function.Consider how many of your technical staff are currently skilled and trained to manage the customer interface for your department or organization.Support departments often mistake “quick fixes” for good service. In some cases, this is, of course, true. The customer wants a fix or response, but knows that this is not always practical. It is important to engender in customers and users the confidence that, once an incident has been reported, it will be professionally managed. If that confidence is not present, they may revert to calling their favorite support specialist and bypass the service desk. In some cases, they might stop calling on IT altogether.

22

IBM Global Services


Incident ManagementBest Practices

Integration with Service Level Management

Qualified processing of requests instead of simple transfer

More important than just a cost reduction is the increase of the company’s

efficiency

Separation of incident and problem management




Uempty

Figure 4-22. Incident Management: Summary SM251.0

Notes:

23

IBM Global Services


Incident ManagementSummary

The goal of incident management is to restore normal service operation, within Service

Level Agreement limits, as quickly as possible, after an incident has occurred to that

service, and to minimize the adverse impact on business operations.

Incident Management process

– Incident detection and recording

– Classification and initial support

– Investigation and diagnosis

– Resolution and recovery

– Incident closure

Prioritization primarily determined by impact on business and urgency with which a

resolution or workaround is needed; correct prioritization enables optimum staffing and

use of other resources to customer satisfaction.

Escalation (functional and hierarchical)



Student Notebook




Uempty
Unit 5. Problem Management

This unit is an introduction to Problem Management, and its relationship within IT Services.


After completing this unit, you should be able to think about the mission of this service, and understand its benefits within the ITIL framework.


© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-1

Student Notebook

Figure 5-1. Unit 05: Problem Management SM251.0

Notes:

2

IBM Global Services


Unit 05Problem Management

Content:

Problem Management – objective and overview

Some definitions


Important aspects

– Incidents, problems, and changes

– Proactive/reactive problem management

Benefits, costs, risks

Best practices

Summary




Uempty

Figure 5-2. Problem Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Problem ManagementIntegration into the IPW Model




Student Notebook

Figure 5-3. Problem Management: Mission statement SM251.0

Notes:

4

IBM Global Services


Problem ManagementMission statement

The goal of Problem Management is to minimize the adverse impact of Incidents and problems on the business that are caused by errors within the IT Infrastructure, and to prevent recurrence of incidents related to these errors.

In order to achieve this goal, Problem Management seeks:

To find the root cause of problems and to initiate corrective action

Permanently reduce number and severity of incidents and problems by identifying improvements in the infrastructure

2 aspects:

Reactive: identify and solve problems in response to one or more incidents

Proactive: analyze trends of incidents, and identify and solve problems before they occur




Uempty

Figure 5-4. Problem Management: Some definitions: Problem, Known Error, and RFC SM251.0

Notes:

A problem is a condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant.

A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a workaround.

Structural analysis of the IT infrastructure, reports generated from support software, and user-group meetings can also result in the identification of problems and known errors. This is proactive Problem Management.

Problem control focuses on transforming problems into known errors. Error control focuses on resolving known errors structurally through the Change Management process.

5

IBM Global Services


Problem ManagementSome definitions: Problem, Known Error, and RFC

Problem

The unknown cause of one (significant) incident or multiple incidents exhibiting

common symptoms (which are not resolved in any case when finalizing the

incident)

Normally a problem record is raised only if investigation is warranted.

Known Error

A problem that is successfully diagnosed and for which a workaround has been

identified

Request for Change (RFC)

Request for Change to any component of an IT infrastructure or to any aspect of

an IT service



Student Notebook

Figure 5-5. Problem Management: Tasks SM251.0

Notes:

The Problem Management process is intended to reduce both the number and severity of incidents and problems on the business. Therefore, part of Problem Management's responsibility is to ensure that previous information is documented in such a way that it is readily available to first-line and other second-line staff. This is not simply a matter of producing documentation. What is required includes:

• The information to be indexed so that it is easily referenced by simple and detectable triggers from new incidents

• Regular inspection to ensure the continued relevance of documentation in the light of changing:

- Technology

- Available external solutions

- Business practices and requirements

- In-house skills

6

IBM Global Services


Problem ManagementTasks

Problem

Management

Problem Problem


Problem Problem

ControlControl

Error ControlError Control Management Management

InformationInformation

Incident ControlIncident Control

RFCsChange

Management

Incident

Management




Uempty
- Frequency and impact of recurring incidents
- Interpretation of internal best practice

• That the process should be subject to a detailed review

• Staff using the information to be trained to understand the depth and power of the information available, how to access and interpret it, and their role in providing feedback on its relevance and ease of use

• A suitable repository for the information, typically based on an integrated Service Management tool which can capture it at logging or first-analysis stage of the incident handling process.



Student Notebook

Figure 5-6. Problem Management: Scope SM251.0

Notes:

7

IBM Global Services


Problem ManagementScope

Problem control, error control, and proactive Problem Management are all

within the scope of the Problem Management process

Problem Control:

Handle problems in an effective way. Identify root cause (CI at fault), and provide

the Service Desk with information and workaround. Similar to incident control, but

more carefully managed to avoid reoccurrence.

Error Control:

Progresses from known errors until elimination by implementation of a change.

Proactive Problem Management:

Analysis of trends from incident records provides view on potential problems

before they occur




Uempty

Figure 5-7. Problem Management: Activity: Problem Control SM251.0

Notes:

8

IBM Global Services


Problem ManagementActivity: Problem Control

Problem Control is concerned with:

Problem identification and recording: if

incidents cannot be matched against known

errors and problems, or are recurring. Also

when major Incident occurs.

Problem classification: determine effort

required to detect and recover failing CI.

Impact on service levels assessed. CMDB

helps! Determine: category, impact, urgency,

priority.

Problem investigation and diagnosis:

leading to a known error (which includes a

workaround for the associated incident). Find

underlying cause. Procedural errors do not

become known errors. These problems are

closed with appropriate categorization code.

Identification and

Registration

Classification

Assign Resources

Investigation and

Diagnosis

Definition

Known Error

Progress Control

Reporting

Quality Control

Responsibility



Student Notebook

Figure 5-8. Problem Management: Activity: Error Control SM251.0

Notes:

Error identification and recording: faulty CI is detected, and known error status is assigned.

Error assessment: initial assessment of means required to solve the problem and raising of an RFC. The actual work done is under control of Change Management. Also the decision can be that some errors are not solved because, for example, it is too expensive.

Recording error resolution: solution for each known error should be in the PM system, made available for incident matching.

Error Closure: After successful implementation of the change, the error is closed, together with all associated incident records. Potentially, interim status given.

Monitoring problem and error resolution progress: Change Management is responsible for implementing RFCs, but error control is responsible for monitoring progress in resolving known errors and the continuing impact of the problem. Hence close interaction between both (PM might raise CAB). Monitoring against SLA should happen.

9

IBM Global Services


Problem ManagementActivity: Error Control

Error identification and recording: faulty CI is detected, and known error status is assigned.

Error assessment: initial assessment of means required to solve the problem and raising of an RFC.

Recording error resolution: solution for each known error should be in the PM system, made available for incident matching

Error closure: After successful implementation of the change, the error is closed together with all associated Incident records.

Monitoring problem and error resolution progress: Change management is responsible for implementing RFCs, but error control is responsible for monitoring progress in resolving known errors.

Error Identification &

Recording

Error Assessment

Record Error Solution

Close Error and

Associated Problems

Progress Control

Reporting

Quality Control

Responsibility

Change successful

RFC

Error control covers the processes involved in successful correction of known errors.

The objective is to change IT components to remove known errors affecting the IT

infrastructure, and thus to prevent any recurrence of incidents.




Uempty

Figure 5-9. Problem Management: Activity: Proactive Problem Management SM251.0

Notes:

10

IBM Global Services


Problem ManagementActivity: Proactive Problem Management

Trend analysis: identify “fragile” components and their

reason. Requires availability of sufficient historical data.

Targeting support action: towards problem areas

requiring most support time, or causing most impact to

the business (volume of incidents, number of users

impacted, cost to the business).

Providing information to organization: Providing insight

in effort and resources spent by organization in

diagnosing and resolving problems and known errors to

management. Also information on workarounds,

permanent fixes, and status information should be given

to Service Desk.

Proactive problem management activities are concerned with identifying and

resolving problems and known errors before Incidents occur, thus minimizing

the adverse impact on the service and business-related costs.



Student Notebook

Figure 5-10. Problem Management: Reporting SM251.0

Notes:

11

IBM Global Services


Problem ManagementReporting

Reporting on problem management serves an internal purpose as well as an external purposeItems that can be reported to IT management:

Time spent on research and diagnosis

Brief description of actions taken

Planning unresolved problems with regard to use of people, use of tools, and costs

Problems categorized into: status, service, impact, category, user group

Turnaround time of closed problems

Elapsed time and expected resolution period for unresolved problems

Temporary corrective actions

Items that are important for Service Level Management

Number of problems categorized into: user group, category, impact, service

Turnaround time of closed problems

Expected solution period for unresolved problems

Items that are important for Service Desk

Status of problems

Information on bypasses




Uempty

Figure 5-11. Problem Management: Reactive - Proactive SM251.0

Notes:

Problem Management should focus on proactive function.

When Problem Management is introduced in an organization, its main focus is reactive. But this process should ideally mature from reactive to proactive, otherwise improvement is necessary.

12

IBM Global Services


Problem ManagementReactive - Proactive

Reactive Proactive

2nd / 3rd level support for incidents

Problem identification and problem diagnosis

Identify trends

Initiate changes in order to avoid:

- the occurrence of incidents

- the reoccurrence of incidents

Monitoring of change management

Avoid problems in other

systems and applications



Student Notebook

Figure 5-12. The Complete Picture SM251.0

Notes:

13

IBM Global Services


Tra

ck

ing

Tra

ck

ing

Tra

ck

ing

Tra

ck

ing

ClassificationClassification

RecordingRecording

RegistrationRegistration

DiagnosisDiagnosis

ResolutionResolution

Incident closureIncident closure

Process for Service Requests

Service

Request?

SupportSupport

ClassificationClassification

RecordingRecording

IdentificationIdentification

DiagnosisDiagnosis

Problem ResolutionProblem Resolution

Tra

ck

ing

Tra

ck

ing

AssessmentAssessment

RecordingRecording

identificationidentification

DiagnosisDiagnosis

SolutionSolution

Error / problem

Incident closure

Error / problem

Incident closure

Error?Assign

RFC?

Change

Management

Change

Management

Problem?

The Complete Picture

Incident Mgmt Problem Control Error Control Change Mgmt

Change

Evaluation (PIR)

Change

Evaluation (PIR)




Uempty

Figure 5-13. Problem Management: Benefits SM251.0

Notes:

• Improved IT service quality. Problem Management helps generate a cycle of rapidly increasing IT service quality. High-quality reliable service is good for the business users of IT, and good for the productivity and morale of the IT service providers.

• Incident volume reduction. Problem Management is instrumental in reducing the number of incidents that interrupt the conduct of business.

• Permanent solutions. There will be a gradual reduction in the number and impact of problems and known errors as those that are resolved stay resolved.

• Improved organizational learning. The Problem Management process is based on the concept of learning from past experience. The process provides the historical data to identify trends, and the means of preventing failures and of reducing the impact of failures, resulting in improved user productivity.

• Better first-time fix rate at the Service Desk. Problem Management enables a better first-time fix rate of incidents at the Service Desk, achieved via the capture, retention, and availability of incident resolution and workaround data within a knowledge database available to the Service Desk at call logging.

14

IBM Global Services


Problem ManagementBenefits

The benefits of taking a formal approach to problem management include

the following:

Improved IT service quality: removal of structural errors improves quality of

service

Incident volume reduction: Structural errors generating Incidents are

removed

Permanent solutions: Problems resolved stay resolved

Improved knowledge on organization: Problem Management learns from

past experience, using historical data to identify trends

Higher first call resolution rate at Service Desk: Problem management

creates incident workaround data for rapid incident closure



Student Notebook

Figure 5-14. Problem Management: Risks SM251.0

Notes:

15

IBM Global Services


Problem ManagementRisks


Simultaneous assignment of support agents to incident and problem

management

Less common tools of the individual departments

Insufficient communication between system development and problem

management in regard to known errors

Lack of discipline in the support team

Note: While Incident Management focuses on quick resolution of incidents,

Problem Management analyzes the root cause of incidents.




Uempty

Figure 5-15. Problem Management: Best Practices SM251.0

Notes:

16

IBM Global Services


Problem ManagementBest Practices

Make a clear separation between incidents and

problems (clear fields of responsibility with their

own measurement criteria and KPIs)

Focus on minimizing or avoidance of incidents

In addition to the production environment, the

development environment should also be involved

in the process.

Incident Management

(fighting fires)

Problem Management(find root cause)



Student Notebook

Figure 5-16. Problem Management: Summary SM251.0

Notes:

17

IBM Global Services


Problem ManagementSummary

The goal of problem management is to minimize the impact of incidents and problems

on the business that are caused by errors within the IT infrastructure and to prevent

recurrence of incidents related to these errors.

Stabilize IT services, through:

– minimizing the impact of incidents (quick fix)

– tracing (and removing) errors in the IT infrastructure to obtain the highest possible

stability of IT services, both reactively and proactively

– Better use of resources

Problem management activities

– Problem control

– Error control

– Proactive problem management

Problem: the root cause is known

Known error: root cause is known, a workaround is provided, but the definitive fix is not

provided

Proactive - Reactive




Uempty
Unit 6. Change Management

This unit is an introduction to Change Management, and its relationship within IT Services.




© Copyright IBM Corp. 2004 Unit 6. Change Management 6-1

Student Notebook

Figure 6-1. Unit 06: Change Management SM251.0

Notes:

2

IBM Global Services


Unit 06Change Management

Content:

Change Management – objective and overview

Some definitions


Important aspects:

– RFC content

– Categorization and prioritization of changes

– Change Advisory Board (CAB)

– Interface to other processes

Benefits and risks

Best practices

Summary




Uempty

Figure 6-2. Change Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Change ManagementIntegration into the IPW Model




Student Notebook

Figure 6-3. Change Management: Mission Statement SM251.0

Notes:

Changes arise as a result of problems, but many changes can come from proactively seeking business benefits such as reducing costs or improving services. The goal of the Change Management process is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes, in order to minimize the impact of change-related incidents upon service quality, and consequently to improve the day-to-day operations of the organization.

To make an appropriate response to a change request entails a considered approach to assessment of risk and business continuity, change impact, resource requirements, and change approval. This considered approach is essential to maintain a proper balance between the need for change against the impact of the change.

It is particularly important that Change Management processes have high visibility and open channels of communication in order to promote smooth transitions when changes take place.

4

IBM Global Services


Change ManagementMission Statement

Change Management ensures that standardized methods and procedures are used for efficient and prompt handling of all changes, to minimize the impact of change-related incidents on service quality, and to improve the day-to-day operations of the organization.

Goal of Change Management:

Efficient and cost-saving

implementation of

authorized changes

with minimum risk

for existing and new IT infrastructure

Efficient and cost-saving

implementation of

authorizedauthorized changes

with minimum minimum risk

for existing and new IT infrastructure




Uempty

Figure 6-4. Change Management: Some definitions SM251.0

Notes:

A problem is a condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant.

A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a workaround.

Structural analysis of the IT infrastructure, reports generated from support software, and user-group meetings can also result in the identification of problems and known errors. This is proactive Problem Management.

Problem control focuses on transforming problems into known errors. Error control focuses on resolving known errors structurally through the Change Management process.

When major problems arise, there may not be time to convene the full Change Advisory Board (CAB), and it is therefore necessary to identify a smaller organization with authority to make emergency decisions. Such a body is known as the CAB Emergency Committee

5

IBM Global Services


Change ManagementSome definitions

Change:

Process of moving from one defined state to another

Request for Change (RFC)

Request for Change to any component of an IT infrastructure or to any aspect of

an IT service

Change Advisory Board (CAB):

Body which approves changes and assists Change Management in assessment

and prioritization of changes

CAB/EC:

CAB Emergency Committee. Convened for urgent changes, or when emergency

decisions have to be made.

Post Implementation Review (PIR):

Assessment of implemented changes after a predefined period of time.



Student Notebook

(CAB/EC). Change procedures should specify how the composition of the CAB and CAB/EC will be determined in each instance, based on the criteria listed above and any other criteria that may be appropriate to the business. This is intended to ensure that the composition of the CAB will be flexible, in order to represent business interests properly when major changes are proposed. It will also ensure that the composition of the CAB/EC will provide the ability, both from a business perspective and from a technical standpoint, to make appropriate decisions in any conceivable eventuality.




Uempty

Figure 6-5. Change Management: Why Change Management is so important SM251.0

Notes:

6

IBM Global Services


Change ManagementWhy Change Management is so important

IT becomes an increasingly critical factor for business. Business demands

continuous change as new technologies are adopted. Users demand

increasing services in order to be able to fulfil their tasks. All these factors

require an IT environment in which management and control of changes are

very precisely managed.

Experience shows that a high percentage of problems with regard to IT

service quality can be traced back to a change of a system. Such problems

cause enormous costs and are becoming less acceptable.

This module describes the best practices for change management; they

impact the implementation of many other ITSM best practices. Finally, each

development - either relating to capacity management or a service desk -

corresponds with changes which again stand for a risk. That is why a very

strict procedure for effective change management makes sense.



Student Notebook

Figure 6-6. Change Management: Tasks SM251.0

Notes:

Most activities of change management involve control and decide (approval or rejection). Changes must be carefully managed throughout their entire lifecycle from initiation and recording, through filtering, assessment, categorization, authorization, scheduling, building, testing, implementation, and eventually their review and closure. One of the key deliverables of the process is the Forward Schedule of Change (FSC), a central programme of change agreed by all areas, based on business impact and urgency.

7

IBM Global Services


Change ManagementTasks

Change

Management

Change

Management

Review of all

implemented

changesMonitoring of change

realization, testing,

and implementation

Authorize and

plan changes

Management of RFCs

(change requests)




Uempty

Figure 6-7. Change Management: The Process SM251.0

Notes:

Implementation and management activities within change management.

8

IBM Global Services


Change ManagementThe Process

Implementation Management

RFCRFC Preparation

Implementation

Realization

Test

CABCAB

Classification

Prioritization

Approval

Planning

Authorization

Evaluation/PIR

Backout

Rejection

Rejection



Student Notebook

Figure 6-8. The Process Steps SM251.0

Notes:

9

IBM Global Services


Service PlanningService Planning

Release ManagerRelease Manager

RFCRFC

Processing/Classification -Registration-

Scheduling and Planning

Control and Approval

TestTest

Building

Control and

Authorization

Implementation

PIR

Proof of Success

Changes

Realization ofSimple Changes

Rejected

Decline

/ Reject

Review End

Acceptance andDocumentation




Uempty

Figure 6-9. Change Management: Content of a Request for Change (RFC) SM251.0

Notes:

Requests for Change (RFCs) are triggered for a wide variety of reasons, from a wide variety of sources. The reasons include:

• Required resolution of an incident or problem report

• User or customer dissatisfaction expressed via customer liaison or Service Level Management

• The proposed introduction or removal of a new CI

• Qproposed upgrade to some component of the infrastructure

• Changed business requirements or direction

• New or changed legislation

• Location change

• Product or service changes from vendors or contractors.

10

IBM Global Services


Change ManagementContent of a Request for Change (RFC)

RFCRFC

What? Why?

When?

HardwareSoftware

Documentation

Environment

SLA

and so on

CIsCIs

Impact on

Business

Services

Category

Priority

Resource

Cost

Estimation

Purpose

and so on

Change

Advisory Board

(CAB)

Sponsor and

Change

Requester



Student Notebook

RFCs can be concerned with any part of the infrastructure or with any service or activity. Here are some examples:

• Hardware

• Software

• Documentation

• Telecommunications facilities

• Engineering cover

• Training courses

• IT infrastructure management procedures

• Tactical plans

• Environmental infrastructure

RFCs can, of course, be in paper form, or — as is increasingly the case — be held electronically, perhaps on the company intranet.

The following items should be included in an RFC form, whether paper or electronic:

• RFC number (plus cross-reference to problem report number, where necessary)

• Description and identity of item(s) to be changed (including CI identification(s) if Configuration Management system is in use)

• Reason for change

• Effect of not implementing the change

• Version of item to be changed

• Name, location, and telephone number of person proposing the change

• Date that the change was proposed

• Change priority

• Impact and resource assessment (which may be on separate forms where convenient)

• CAB recommendations where appropriate (which may be held separately, with impact and resource assessments, where convenient)

• Authorization signature (could be electronic)

• Authorization date and time

• Scheduled implementation (release identification, date and time, or both)

• Location of release or implementation plan




Uempty

Figure 6-10. Change Management: Categorization: Minor – Significant – Major SM251.0

Notes:

The issue of risk to the business of any change should also be considered prior to the approval of any change. Change Management should examine each RFC and decide how to proceed based on the (predefined) category into which the RFC falls. The categorization process examines the impact of the approved change on the organization in terms of the resources needed to effect the change. Note that the structure and complexity of these categories will very much depend on the needs of the business, including the range of priority ratings identified

11

IBM Global Services


Change ManagementCategorization: Minor – Significant – Major

Category of changes is based on impact to environment (risk to the business).

Category 1 (Minor Changes):

Minor impact only, and few “build” or additional “runtime” resources required. The

Change Manager should have delegated authority to authorize and schedule such

changes.

Category 2 (Significant Changes):

Significant impact, significant build or runtime resources required, or both.

The Change Advisory Board should be convened in order to authorize and schedule

such changes.

Category 3 (Major Changes):

Major impact, very large amount of build or runtime resources required, or both; or

impact likely upon other parts of the organization.

The RFC should be referred to the organization's top Management Board or other

appropriate body for discussion and a policy decision.



Student Notebook

Figure 6-11. Change Management: Prioritization SM251.0

Notes:

Every RFC should be allocated a priority that is based on the impact of the problem and the urgency for the remedy. This priority rating is used to decide which changes should be discussed and assessed first, either by Change Management or by the CAB if necessary. Change Management should be responsible for assigning this priority. The priority of RFCs ideally should be decided in collaboration with the initiator and, if necessary, with the CAB; but it should not be left to the initiator alone, as a higher priority than is really justified may result. Risk assessment is of crucial importance at this stage. The CAB will need information on business consequences in order to assess effectively the risk of implementing or denying the change.

12

IBM Global Services


Change ManagementPrioritization

Every RFC should be allocated a priority that is based on the impact of the problem and the urgency of the remedy.

Immediate:Causing loss of service or severe usability problems to a larger number of users, a mission-critical system, or some equally serious problem. Immediate action required.

High:Severely affecting some users, or impacting a large number of users. To be given highest priority for change building, testing, and implementation resources.

Medium:No severe impact, but rectification cannot be deferred until the next scheduled release or upgrade. To be allocated medium priority for resources.

Low:A change is justified and necessary, but can wait until the next scheduled release or upgrade. Resources to be allocated accordingly.




Uempty

Figure 6-12. Change Management: Composition of the Change Advisory Board (CAB) should reflect user, customer, and service provider view SM251.0

Notes:

The Change Advisory Board (CAB) is a decision authority, which is made up for the most part of people from other functions within the organization. Note also that it is Configuration Management who are responsible for ensuring that information regarding the possible implications of a proposed change is made available, and that these possible impacts are detected and presented appropriately. There will also be a need to have managers from different areas of the organization within the CAB. The Change Manager is the executive authority within the CAB. CAB is an ITIL term.

There will be occasions when a proposed infrastructure change will potentially have a wider impact upon other parts of the organization (such as application development projects or business operations), or vice versa. To mitigate possible negative impacts from either direction, it is imperative that the infrastructure and other Change Management systems be appropriately interfaced.

13

IBM Global Services


CAB/ECCAB/EC

Change ManagementComposition of the Change Advisory Board (CAB) should reflect user, customer, and service provider view

CABCAB

Manager

Finance Dept

Problem

Manager

Release Manager

Services Staff

Application

Manager

Service Level

Manager

Change

Manager

(Executive)

Experts,

Technical

Consultants

CAB/EC = Emergency Committee



Student Notebook

Figure 6-13. Change Management: Optimization can be reached through correlation of RFCs on related CIs SM251.0

Notes:

Configuration Management enables visualization of related CIs. Thus it is possible to globally estimate the impact of an RFC in the whole IT environment. It would be useful to consider the impact of an RFC on related CIs; this will give the support team a better view of the realistic impact on the business, and will reduce bureaucratic expenditure.

14

IBM Global Services


Change ManagementOptimization can be reached through correlation of RFCs on related CIs

Realistic impact of changes and reduction of bureaucratic expenditure

Original request for

change

Original request for

change

Summarized request for changeSummarized request for change

Software CI to be

changed

Correlating

operating CI

Correlating

hardware CI

Correlating

education CI

Configuration Management




Uempty

Figure 6-14. Change Management: Interfaces to other SM processes (1) SM251.0

Notes:

15

IBM Global Services


Change ManagementInterfaces to other SM processes (1)

Generate new servicesInform customers

Distribution

Identify affected CIs

Determine effects of

planned changes

Initiate change

Capacity ManagementCapacity Management

Security ManagementSecurity Management

Problem ManagementProblem Management

Service DeskService Desk

Account Management

(for customers)

Account Management

(for customers)

Security ManagementSecurity Management

Availability and IT Services

Continuity Management

Availability and IT Services

Continuity Management

Capacity ManagementCapacity Management

Service Level ManagementService Level Management

Service Build and TestService Build and Test

Service DeskService Desk

Co

nfi

gu

rati

on

Man

ag

em

en

t D

ata

Base

Co

nfi

gu

rati

on

Man

ag

em

en

t D

ata

Base

Service DesignService Design

Financial Mgmt IT ServicesFinancial Mgmt IT Services

Configuration ManagementConfiguration Management

Release ManagementRelease Management Update CMDB

Configuration ManagementConfiguration Management

Change

Management

ProcessTransfer

RFCReports

Status Change Report

......



Student Notebook

Figure 6-15. Change Management: Interfaces to other SM processes (2) SM251.0

Notes:

16

IBM Global Services


Change ManagementInterfaces to other SM processes (2)

Configuration

Management

Configuration

ManagementCapacity

Management

Capacity

Management

Configuration ManagementConfiguration Management Change

Management

Change

ManagementRelease

Management

Release

Management

Check distribution

of new software

or, if required, the

hardware change

Determine

impact

Determine

impact on

business and

IT performance

Approve

change

Configuration

Management

Configuration

Management

Determine

affected areas

Documentation

update CMDB




Uempty

Figure 6-16. Change Management: Benefits SM251.0

Notes:

17

IBM Global Services


Change ManagementBenefits

Better alignment of IT services to business requirements

Increased visibility and better communication of changes

Improved risk assessment

Reduced adverse impact of changes on service quality and SLA

Fewer backed out failed changes

Better problem and availability management due to management information on accumulated changes

Better productivity of users (fewer disruptions, better service quality)

Better productivity of IT staff, as duties are better planned, and fewer wrong changes

Ability to absorb larger volume of changes

Better perception of IT by the business

Reduction in number of changes with adverse impact because of poor CM

Reduction in number of incidents because of changes

Low number of urgent changes



Student Notebook

Figure 6-17. Change Management: Risks SM251.0

Notes:

18

IBM Global Services


Change ManagementRisks


Tracking of the change lifecycle easily leads to overload for a paper-based system

Employees try to bypass change management

Untested backup procedures – failing blackout procedures

Integration of external suppliers

Cultural conflicts – lacking acceptance of the change management process

Frequent refusal due to lack of strategic expedience

Possible stagnancy due to continuous analyses




Uempty

Figure 6-18. Change Management: Best Practices SM251.0

Notes:

19

IBM Global Services


Change ManagementBest Practices

Concurrent integration with configuration and release management

Include the development environment in the change management process

separately from the production environment

Assign process responsibility, if possible, independently from the organisation’s

hierarchy

Conceive separate procedure for urgent changes and standard changes instead of

using the normal change management process



Student Notebook

Figure 6-19. Change Management: Summary SM251.0

Notes:

20

IBM Global Services


Change ManagementSummary

The goal of the change management process is to ensure that standardized

methods and procedures are used for efficient and prompt handling of all changes,

in order to minimize the impact of change-related incidents upon service quality,

and consequently to improve the day-to-day operations of the organization.

Implement only authorized changes; minimize risk and costs.

Request for Change (RFC) applies to all components of the IT infrastructure

Tasks

– Requests for change management, authorize and plan changes, monitor realization, test and implementation, support the ongoing needs of business

CAB and Emergency Committee

Severity/Priority: urgent, high, medium, low

Effect - Category: none to significant effect

Back-out procedure

Process is always closed with change review




Uempty
Unit 7. Configuration Management

This unit is an introduction to Configuration Management, and its relationship with IT Services.




© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-1

Student Notebook

Figure 7-1. Unit 07: Configuration Management SM251.0

Notes:

2

IBM Global Services


Unit 07Configuration Management

Content:

Configuration Management – objective and overview

Some definitions


Important aspects:

– Configuration Management Database (CMDB)

– Interfaces to other SM processes

– Variant and baseline

– License management


Best practices

Summary




Uempty

Figure 7-2. Configuration Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Configuration ManagementIntegration into the IPW Model




Student Notebook

Figure 7-3. Configuration Management: Mission Statement SM251.0

Notes:

Configuration Management is concerned with selecting and identifying the configuration structures for all the infrastructure's CIs, including their “owner”, their interrelationships, and configuration documentation. It includes allocating identifiers and version numbers for CIs, labelling each item, and entering it on the Configuration Management Database (CMDB). CI and CMDB are both ITIL terms.

4

IBM Global Services


Configuration ManagementMission Statement

Configuration Management provides a logical model for the infrastructure or a service by identifying, controlling, maintaining, and verifying the versions of Configuration Items (CIs) in existence.

Configuration Management covers the identification, recording, and reporting of IT components, including their versions, constituent components, and relationships. Items that should be under the control of Configuration Management include hardware, software, and associated documentation.

The goal of Configuration Management is to provide IT infrastructure control through the identification, registration, monitoring, and management of:

All the Configuration Items of the IT infrastructure in scope

All configurations, versions, and their documentation

All changes, errors, service level agreements, and history of the components in general

Relationships between the different components

Exceptions between configuration records and the real infrastructure




Uempty

Figure 7-4. Configuration Management: Tasks SM251.0

Notes:

CM is responsible for records and data associated with a CI, including incidents, known errors, and problems, and corporate data about employees, suppliers, locations, business units, and procedures.

5

IBM Global Services


Configuration ManagementTasks

Specification of versions, configuration status accounting of all current and historical data concerned with each CI throughout its lifecycle

Documentation of the relationship between all CIs

Tracing records about any CI

Ensuring that only authorised changes on a Configuration Item have been implemented

Reviews and audits that verify the physical existence of CIs and check that only authorised and identifiable CIs are accepted and correctly recorded in the Configuration Management system.

CMDB

IT

Infrastructure

IT

Infrastructure

Control

Status proof

Verification

and audit

Planning

Identification

& naming

Configuration Management is responsible for:



Student Notebook

Figure 7-5. Configuration Management: Definition: Configuration Item SM251.0

Notes:

CIs may be hardware, software, or documentation. Examples include services, servers, environments, equipment, network components, desktops, mobile units, applications, licences, telecommunication services, and facilities. Configuration identification includes allocating identifiers for CIs, including individual versions of the CI and their configuration documents. Other records and data associated with a CI include incidents, known errors, and problems, and corporate data about employees, suppliers, locations, business units, and procedures.

Examples of CIs:

• Personal computers • Network components • Service Level Agreements • Manuals • Applications

What do you think is part of your IT infrastructure?

6

IBM Global Services


Configuration ManagementDefinition: Configuration Item

Configuration Items:

Are required to provide services

Should be clearly identifiable

Are submitted for changes

Have to be administered

Configuration Items have:

A category

Relationships

An attribute

A status CI

CI

CI

CICI

All components that are part of the IT infrastructure are called Configuration Items

(CIs).




Uempty

Figure 7-6. Configuration Management: Definition: Configuration Item – Scope and Level of Detail SM251.0

Notes:

All configuration items that are under control of the IT organization are registered in the Configuration Management Database (CMDB). CIs have relationships to each other. Every extra detail will bring more work to keep it up to date.

The scope of the Configuration Management database is defined by the area of responsibility of the IT organization.

The level of detail is defined by the need for information of the IT management processes, the control of the information, and the costs and benefits of a CMDB.

The attributes of CIs also depend on the need for information, the control of the information, and the costs and benefits.

The distinction between Configuration Management and Asset Management is the recognition of relationships between CIs.

7

IBM Global Services


Configuration ManagementDefinition: Configuration Item – Scope and Level of Detail

ServiceService

HardwareHardware

SoftwareSoftware Documen-

tation

Documen-

tation EnvironmentEnvironment

L

e

v

e

l

o

f

d

e

t

a

i

l

L

e

v

e

l

o

f

d

e

t

a

i

l

Network

printer

Local

printer

PC

HD KeyboardSLA

USV

Software

bundle

DBMS W.P. e-mail

scopescope

CPU



Student Notebook

Examples of these relationships:

• Hierarchically subjected to (parent-child relation)

• Is part of (a processor is part of a PC)

• Interfaced with (a system is connected to a printer)

• Uses (a program uses a subroutine)

• Is a copy of (program is a copy of ....)

• Is related to (attribute) (serial number, location, status)




Uempty

Figure 7-7. Configuration Management: Tasks SM251.0

Notes:

Configuration identification is the selection, identification, and labelling of the configuration structures and CIs, including their respective “owner” and the relationships between them. CIs may be hardware, software, or documentation. Examples include services, servers, environments, equipment, network components, desktops, mobile units, applications, licences, telecommunication services, and facilities. Configuration identification includes allocating identifiers for CIs, including individual versions of the CI and their configuration documents.

Configuration control is concerned with ensuring that only authorized and identifiable CIs are recorded from receipt to disposal. It ensures that no CI is added, modified, replaced, or removed without appropriate controlling documentation, such as an approved change request.

Configuration status accounting is the reporting of all current and historical data concerned with each CI throughout its lifecycle. It enables tracking of changes to CIs and their records, for example tracking the status as a CI changes from one state to another, such as “development”, “test”, “live”, or “withdrawn”.

8

IBM Global Services


Configuration ManagementTasks

Configuration

Management

Configuration

Management

Verification and

AuditStatus

Accounting

Configuration

Control

Configuration

identification



Student Notebook

The first audit must be conducted after the implementation of configuration management. Furthermore, at regular intervals, verification must take place, in other words the registered data within the CMDB will be verified with the actual data.




Uempty

Figure 7-8. Configuration Management: Configuration Management Database (CMDB) – Structure Overview SM251.0

Notes:

Many organizations are already using some elements of Configuration Management, often using spreadsheets, local databases, or paper-based systems. In today's large and complex IT infrastructures, Configuration Management requires the use of support tools, which includes a Configuration Management Database (CMDB). Physical and electronic libraries are needed along with the CMDB to hold definitive copies of software and documentation. The CMDB is likely to be based upon database technology that provides flexible and powerful interrogation facilities.

The CMDB should hold the relationships between all system components, including incidents, problems, known errors, changes, and releases. The CMDB also contains information about incidents, known errors, and problems, and corporate data about employees, suppliers, locations, and business units.

9

IBM Global Services


Configuration ManagementConfiguration Management Database (CMDB) – Structure Overview

IT InfrastructureIT Infrastructure

HardwareHardware

SoftwareSoftware

NetworkNetwork

DocumentationDocumentation

Suite 1Suite 1

Suite 2Suite 2

Program 1- 1Program 1- 1



Module 1- 2- 1Module 1- 2- 1

Module 1- 2- 2Module 1- 2- 2

CI Categories

Superordinated CI

(Parent)

Subordinated CI

(Children)



Student Notebook

Figure 7-9. Configuration Management: CMDB – Status of CI SM251.0

Notes:

Status is a mandatory attribute of a CI. Also, status accounting is an activity within Configuration Management. It covers the reporting of all current and historical data concerned with each CI throughout its lifecycle. This enables changes to CIs and their records to be traceable, for example tracking the status of a CI as it changes from one state to another, for instance “under development”, “being tested”, “live”, or “withdrawn”.

10

IBM Global Services


Configuration ManagementCMDB – Status of CI

Lifecycle of a CI

plan

ned

orde

red

in d

evel

opm

ent

In te

st

in s

tock

Live

(in

prod

uctio

n)

in m

aint

enan

cewith

draw

n

CMDB scope




Uempty

Figure 7-10. Configuration Management: Interfaces with all other processes SM251.0

Notes:

Configuration Management provides information to other processes of Services Management.

The Configuration Management process interfaces with all other processes:

• Service Desk / Incident Management • Problem Management • Change Management • Release Management • Service Level Management • Availability Management • Capacity Management • IT Service Continuity Management • Financial Management for IT Services • Security Management

Providing accurate information on CIs and their documentation. This information supports all other Service Management processes, such as Release Management, Change

11

IBM Global Services


Configuration ManagementInterfaces with all other processes

Start

Closure

Incident

Problem

Known error

RFC

Approved change

Changed, tested,

implemented

Configuration

Management

Data Base

(CMDB)

Pr o

bl e

m fin

din

g a

nd

so

lutio

n p

r ocess

Finance

Architectures

Strategic processes

Other modules

Service Level

Management

IT Continuity

Management



Student Notebook

Management, Incident Management, Problem Management, Capacity Management, and Contingency Planning. For example, if a new product is available that requires a minimum configuration, Configuration Management can provide information for upgrade planning and replacements.

Controlling valuable CIs. For example, if a computer were stolen then it would have to be replaced. Configuration Management helps IT management to know what its assets are supposed to be, who is responsible for their safekeeping, and whether the actual inventory matches the official one.

Facilitating adherence to legal obligations. Configuration Management maintains an inventory of all items of software within an IT infrastructure. CIs that come to light, via configuration audits or calls to the Service Desk, that are not on this list are not authorized, and may well have not been paid for. Illegal copies can easily be identified, for erasure or destruction.

Helping with financial and expenditure planning. Configuration Management provides a complete list of CIs. It is easy to produce from this list expected maintenance costs and licence fees; maintenance contracts; licence renewal dates; CI life expiry dates; and CI replacement costs (provided that this information is stored). By providing this information, Configuration Management contributes to IT directorates' financial planning.

Making software changes visible. Such changes can be used to trigger investigations by IT management into possible changes that may be needed for data protection, licence management, and regulatory compliance.

Contributing to contingency planning. The CMDB and secure libraries facilitate the restoration of IT service in the event of a disaster, by identifying the required CIs and their location (provided, of course, that they are themselves properly backed up).

Supporting and improving Release Management. Configuration Management information supports the rollout across distributed locations by providing information on the versions of CIs and changes incorporated into a release.

Improving security by controlling the versions of CIs in use. This makes it more difficult for these CIs to be changed accidentally, maliciously, or for erroneous versions to be added.

Enabling the organization to reduce the use of unauthorized software. Unauthorized software, and non-standard and variant builds, all increase complexity and support costs, and so any reduction in their occurrence should bring benefits to the organization.

Allowing the organization to perform impact analysis and schedule changes safely, efficiently, and effectively. This reduces the risk of changes affecting the live environment.

Providing Problem Management with data on trends. Such data will relate to trends in problems affecting particular CI types, such as from particular suppliers or development groups, for use in improving the IT services. This information on problem trends supports the proactive prevention of problems.




Uempty

Figure 7-11. Configuration Management: Relationship with Release and Change Management SM251.0

Notes:

Configuration Management has a strong relationship with Change and Release Management. Therefore, these processes are often planned alongside Configuration Management.

12

IBM Global Services


Configuration ManagementRelationship with Release and Change Management

Configuration

Management

Configuration

ManagementChange

Management

Change

ManagementRelease

Management

Release

Management Co

nfig

ura

tion

Ma

na

ge

me

nt D

ata

ba

se

De

finitiv

e S

oftw

are

Lib

rary

Register RFC and

assign ID

Impact analysis

Approve change

Implementation

(includes pre-release

testing for software)

Post-implementation

review

Distribution of

software and

hardware

documentation

Update

documentation

Update

documentation

Reporting of

affected CIs, areas,

and people

Documentation and

configuration audit

Close RFC

Store changed CIs

according to quality

required

Closure

Example: release of new software



Student Notebook

Figure 7-12. Configuration Management: CIs and their relations to other processes SM251.0

Notes:

13

IBM Global Services


Configuration ManagementCIs and their relations to other processes

CICI

Incident RecordIncident Record

Problem RecordProblem Record

Service / SLAService / SLA

Known Error RecordKnown Error Record

Change RecordChange Record




Uempty

Figure 7-13. Configuration Management: Variant and Baseline SM251.0

Notes:

General guidance is: if a CI can be regarded as slightly different from another related CI, and problems affecting one are likely to affect the other, or changes made to the one will probably have to be made to the other, then use of a variant should be considered; otherwise, a different CI should be used.

14

IBM Global Services


Configuration ManagementVariant and Baseline

Variant

Configuration items with same base functionality, but with minor differences (for

example, a printer with additional RAM is a variant of a printer).

Baseline (basis of comparison)

A configuration baseline is the configuration of a product or system established at a

specific point in time, which captures both the structure and details of a configuration. It

serves as a reference for further activities. An application or software baseline provides

the ability to change or to rebuild a specific version at a later date.

A configuration baseline is also a snapshot, or a position, that is recorded. Although the

position may be updated later, the configuration baseline remains fixed as the original

state and is thus available to be compared with the current position. A configuration

baseline is used to assemble all relevant components in readiness for a change or

release, and to provide the basis for a configuration audit and regression, for example

after a change.

The Configuration Management system should be able to save, protect, and report on a

configuration baseline, its contents, and documentation.



Student Notebook

Figure 7-14. Configuration Management: Licence Management SM251.0

Notes:

Licence Management is part of Configuration Management.

Company directors, senior managers, and others are liable to face imprisonment and fines if illegal software is found to be in use within their enterprise. Configuration Management enables an enterprise to monitor and control software licences, from purchase to disposal. Software licence structures, and corporate and multi-licensing schemes, need to be understood and communicated to service-provider staff and Customers.

Responsibility for controlling and auditing software licences should be unambiguous and should involve purchasing and Asset or Configuration Management. This may be difficult when Users find it so easy to purchase and download software from the Internet, but this can be resolved by links to disciplinary procedures detailed within the organization’s Security Policy.

15

IBM Global Services


Configuration ManagementLicence Management

Responsibility for controlling and auditing software licences should be

unambiguous and involves purchasing and Asset or Configuration Management.

Company directors, senior managers, and others, are liable to face

imprisonment and fines if illegal software is found to be in use within their

enterprise.

Purchase of unnecessary licences wastes resources.

Configuration Management enables an enterprise to monitor and control

software licences, from purchase to disposal.




Uempty

Figure 7-15. Configuration Management: Benefits SM251.0

Notes:

16

IBM Global Services


Configuration ManagementBenefits

Improved Asset Management

Helps to minimize risks of changes

Provides accurate information on CIs and their documentation

Improves security by controlling the versions of CIs in use

Facilitates adherence to legal obligations

Helps in financial and expenditure planning

Supports Release Management and Service Level Management



Student Notebook

Figure 7-16. Configuration Management: Costs SM251.0

Notes:

17

IBM Global Services


Configuration ManagementCosts

Costs are outweighed by benefits, because Configuration Management allows

handling of a large volume of changes, thus keeping quality. Configuration

Management control reduces risks of viruses, wrong software, fraud, theft, and so

on.

Staff costs for developing and running procedures

Hardware and software configuration identification

Hardware and software for the CMDB & DSL

Customization of Configuration Management tool

Integration with other Service Management tools

Training and education




Uempty

Figure 7-17. Configuration Management: Risks SM251.0

Notes:

CIs are defined at the wrong level with too much detail (so that staff become involved in unnecessary work) or too little detail (so that there is inadequate control).

Implementation is attempted without adequate analysis and design. The end result is, consequently, not what is required.

Tactical schedules are over-ambitious. Configuration Management may be perceived as a bottleneck if adequate time is not built into schedules to allow staff to carry out their duties. When changes and releases are being scheduled, past experience of the time taken to complete Configuration Management activities should be taken into account. IT management needs to be proactive in providing automated facilities for activities on the critical path and to make it clear that time should be allowed for Configuration Management.

Commitment is lacking. Without a firm commitment to the processes from managers, it is difficult to introduce the controls that some staff would prefer to avoid. Examples of poor Change Management and Configuration Management can often convince managers of the need for better control.

18

IBM Global Services


Configuration ManagementRisks


CIs with too much or too little detail

Interfaces to other systems in which CI information is stored

Keep the information in the CMDB accurate

Roles and responsibilities

Lack of configuration control

Overambitious schedules and unrealistic expectations

No commitment from management



Student Notebook

The process is perceived to be too bureaucratic or rigorous. Consequently, individuals and groups use this as an excuse for not following the process.

The process is routinely circumvented. Some people will try to circumvent Configuration Management in the interests of speed or with malicious intent. Attempts should be made to overcome this problem by making such people aware of the benefits of Configuration Management.

Processes are inefficient and error-prone. This is often the case where manual processes are in use. In almost all cases it is advisable to choose an automated solution from the outset.

Expectations of what the tool can do are unrealistic. Staff and managers may expect a Configuration Management tool to deliver a total solution and end up blaming the tool for processes or people that appear insufficient for the task.

The chosen tool may lack flexibility. Problems can occur when the Configuration Management tool does not allow for new requirements or does not support all CI categories.

Configuration Management has been implemented in isolation. If Configuration Management is implemented without Change Management or Release Management, it is much less effective and the intended benefits may not be realized.

Expectations of what the Configuration Management process can do are unrealistic. Asset and Configuration Management cannot and should not be expected to make up for poor project management or poor acceptance testing. Poorly controlled installations and test environments will affect the quality of releases and result in additional incidents, problems, and changes, which will in turn require additional resources.

Proper configuration control is not in place. For example, Configuration Management may be difficult where Users have the ability to purchase, download, and install software from the Internet.




Uempty

Figure 7-18. Configuration Management: Best Practices SM251.0

Notes:

19

IBM Global Services


Configuration ManagementBest Practices

Early establishment of configuration management

Show the extraordinary significance of the database thus created

Enforce the compliance of change management processes

Meticulous selection and design of support tools

Inventory should be tool supported and automated

"You can only control what you know or what is documented."



Student Notebook

Figure 7-19. Configuration Management: Summary SM251.0

Notes:

20

IBM Global Services


Configuration ManagementSummary

Configuration Management provides a logical model of the infrastructure or a

service by identifying, controlling, maintaining, and verifying the versions of

Configuration Items (CIs) in existence.

Activities: planning, identification and registration, status accounting, control,

verification and audit, reporting, role for the evaluation of change effects.

Configuration Items: categories, attribute, relationships, status, unique

reference number

Configuration Management Database (CMDB)

Scope and level of detail of CMDB (value of information)

Variant and Baselines

Licence Management

Configuration Management process supports all other service management

processes




Uempty
Unit 8. Release Management

This unit is an introduction to Release Management, and its relationship within IT Services.




© Copyright IBM Corp. 2004 Unit 8. Release Management 8-1

Student Notebook

Figure 8-1. Unit 08: Release Management SM251.0

Notes:

2

IBM Global Services


Unit 08Release Management

Content:

Release Management – objective and overview


Some definitions

Important aspects:

– Definitive software library/definitive hardware store

– Software release


Best practices

Summary




Uempty

Figure 8-2. Release Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Release ManagementIntegration into the IPW Model




Student Notebook

Figure 8-3. Release Management: Mission Statement SM251.0

Notes:

Software Control & Distribution (SC&D) is more than just application software. Software items are operating systems software, middleware configurations, and application software. In addition to startup scripts and configuration scripts, firmware is also included under software items.

4

IBM Global Services


Release ManagementMission Statement

Release Management takes a holistic view of a change to an IT service, and should ensure that all aspects of a release, both technical and non-technical, are considered together.

Release Management should be used for:

Large or critical hardware rollouts, especially when there is a dependency on a

related software change in the business systems, in other words not every single

PC that needs to be installed

Major software rollouts, especially initial instances of new applications along with

accompanying software distribution and support procedures for subsequent use if

required

Bundling or batching related sets of changes into manageable-sized units

Release Management undertakes the planning, design, building, configuration, and testing of hardware and software to create a set of release components for a live environment. Activities also cover the planning, preparation, and scheduling of a release to many customers and locations.




Uempty

Figure 8-4. Release Management: Goal SM251.0

Notes:

5

IBM Global Services


Release ManagementGoal

Plan and oversee successful rollout of software and hardware releases

Design and implement efficient procedures for distribution and installation of

changes to IT systems

Ensure changes in hardware and software are traceable, authorized, tested, and

correct

Communicate and manage expectations to the customer during planning and

rollout of releases

Agree content and rollout plan for the release, through Change Management

Implement software and hardware releases in operational environment using

controls from Configuration Management and Change Management

Ensure that all master copies of all software are secured in the DSL and that the

CMDB is updated



Student Notebook

Figure 8-5. Release Management: Why Release Management SM251.0

Notes:

6

IBM Global Services


Release ManagementWhy Release Management

Software is increasingly considered as an important capital value with even a strategic importance. The control of software is therefore mandatory. Some of the most important aspects are:

Preventive measures (for example, to avoid pirate copies)

Consistency (for example, compatibility of client programmes with server programmes)

Licences (for example, software should not be used by more than the agreed number of users simultaneously)

Release management is responsible for the storage of authorized software (self-developed, purchased or licensed applications, or utility software), the release of software in a production environment, the distribution of software to remote locations, as well as the implementation of software to make it operational.




Uempty

Figure 8-6. Release Management: Tasks SM251.0

Notes:

The Release Management process takes a holistic view of changes to IT services, considering all aspects of a release, both technical and non-technical. Release Management is responsible for all legal and contractual obligations for all hardware and software in use within the organization. In order to achieve this and to protect the IT assets, Release Management establishes secure environments, both for hardware in the Definitive Hardware Store (DHS), and for software in the Definitive Software Library (DSL).

7

IBM Global Services


Release ManagementTasks

Release

Management

Release

Management

Definition of release

guidelines

Monitoring of the

release creation

Management of

the releases

Distribution of

software, hardware,

and linked CIs

Control of the

Definitive Software

Library (DSL) and

DHS

Performing software

and hardware audits

(using CMDB)



Student Notebook

Figure 8-7. Release Management: Definitions SM251.0

Notes:

8

IBM Global Services


Release ManagementDefinitions

Release: a collection of authorized changes to an IT service. Often divided into:

Major software releases and hardware upgrades

Minor software releases and hardware upgrades

Emergency software and hardware fixes

Release Unit: portion of IT infrastructure that is normally released together.

Full Release: all components of the Release Unit are built, tested, and implemented

together. Reduced likelihood of untested errors; longer time to implement.

Delta Release: includes only those CIs in the Release Unit that have actually changed

since the last release.

Package Release: grouping of Full and Delta Release to reduce the frequency of

releases. Reduces probability of outdated or incompatible software in use.

Definitive Software Library (DSL): Secure compound containing all definitive

authorized versions of all SW CIs (master copies). Also for master copies of

documentation.

Definitive Hardware Store: secure area containing definitive hardware spares.

CMDB: contains definitions of planned releases, and CIs impacted by planned and past

releases.




Uempty

Figure 8-8. Release Management: Major Activities of Release Management SM251.0

Notes:

The main components to be controlled are:

• Application programs developed in-house

• Externally developed software (including standard off-the-shelf software as well as customer-written software)

• Utility software

• Supplier-provided systems software

• Hardware, and hardware specifications

• Assembly instructions and documentation, including user manuals.

All deliverables need to be managed effectively, from development or purchasing, through customization and configuration, through testing and implementation, to operation in the live environment.

This figure outlines the major activities in Release Management and their position in the lifecycle of a change. Configuration Management records should be updated during build

9

IBM Global Services


Release ManagementMajor Activities of Release Management

Development EnvironmentDevelopment Environment Controlled Test EnvironmentControlled Test Environment Live

Environment

Live

Environment

Rele

ase P

olicy

Rele

ase P

olicy

Rele

as

e P

lan

nin

gR

ele

as

e P

lan

nin

g

De

sig

n,

De

velo

pm

en

t,

Pro

cu

rem

en

t

De

sig

n,

De

velo

pm

en

t,

Pro

cu

rem

en

t

Bu

ild

& C

on

fig

ure

Bu

ild

& C

on

fig

ure

Fit

-fo

r-P

urp

ose

Te

sti

ng

Fit

-fo

r-P

urp

ose

Te

sti

ng

Rele

as

e A

cc

ep

tan

ce

Rele

as

e A

cc

ep

tan

ce

Ro

ll-O

ut

Pla

nn

ing

Ro

ll-O

ut

Pla

nn

ing

Co

mm

un

ica

tio

n,

Pre

para

tio

n,

Tra

inin

g

Co

mm

un

ica

tio

n,

Pre

para

tio

n,

Tra

inin

g

Dis

trib

uti

on

&

Ins

tall

ati

on

Dis

trib

uti

on

&

Ins

tall

ati

on

CMDB with Definitive Software Library (DSL)CMDB with Definitive Software Library (DSL)



Student Notebook

and release to ensure that there are trusted releases that can be reverted to in case of problems. A release should be under Change Management, and the content and timing of a release should be authorized in advance via the Change Management process.




Uempty

Figure 8-9. Interactions SM251.0

Notes:

Some subprocesses of release management.

10

IBM Global Services


Service

Provider

Service

ProviderUserUser

System support

Application support

Update of the CMDB

System reload

Software roll-out

Individual software installation

Transmission of error protocols

Transmission of error protocolsHardware inventoryHardware inventory CMDBCMDBDocumentation of the

software configuration

Documentation of the software configurationConfigurationConfiguration

Softwareinstallation

Softwareinstallation

Softwaremanagement

Softwaremanagement

Installation monitoring

Installation monitoring ConfigurationConfiguration Function testingFunction testingSoftware

transmission

Software transmission

Application support

Application supportApplicationsApplications Configuration checkConfiguration checkGuidance to usersGuidance to usersRemote operation of the

application

Remote operation of the application

Updates and patches

Updates and patches

System support

System support

System technology

System technology

Installation of updates

Installation of updates

Update / configuration of PC and ISDN technology

Update / configuration of PC and ISDN technology

System support

System supportBase systemBase system Reinstallation of the base systemReinstallation of the base system User-specific configurationUser-specific configuration

Directed information flow

Directed information flow

Time

Individualprograms

Individualprograms

Individualprograms

Individualprograms

Installation and configuration of individual programmes

Installation and configuration of individual programmes Installation of updatesInstallation of updates



Student Notebook

Figure 8-10. Release Management: DSL and DHS SM251.0

Notes:

The Definitive Software Library (DSL) is the term used to describe a secure compound in which the definitive authorized versions of all software CIs are stored and protected. This one storage area may, in reality, consist of one or more software libraries or file-storage areas that should be separate from development, test, or live file-store areas. It contains the master copies of all controlled software in an organization. The DSL should include definitive copies of purchased software (along with licence documents or information), as well as software developed on-site. Master copies of controlled documentation for a system will also be stored in the DSL in electronic form.

DHS - An area should be set aside for the secure storage of definitive hardware spares. These are spare components and assemblies that are maintained at the same level as the comparative systems within the live environment. Details of these components and their respective builds and contents should be comprehensively recorded in the CMDB. These can then be used in a controlled manner when needed for additional systems or in the recovery from major incidents. Once their (temporary) use has ended, they should be returned to the DHS or replacements obtained.

11

IBM Global Services


Release ManagementDSL and DHS

DSL = Definitive Software Librarycontains the master copies of all controlled software in an organization

DHS = Definitive Hardware Storesecure storage of definitive hardware spares

These are spare components and assemblies that are maintained at the same level as the comparative systems within the live environment.

Details of these components and their respective builds and contents are comprehensively recorded in the CMDB.

Logical

Storage

Physical

Distribution

Physical

Storage

Release issue

Quality Control

(Viruses / Licence /

Test /

Completeness)

Software and

linked

Configuration

Items

DSL




Uempty

Figure 8-11. Release Management: Software Release SM251.0

Notes:

Please note the following for the slide:

Full Release

The major advantage of full releases is that all components of the release unit are built, tested, distributed, and implemented together. There is no danger that obsolete versions of CIs that are incorrectly assumed to be unchanged will be used within the release. There is less temptation to short-circuit testing of supposedly unchanged CIs and of the interfaces from changed CIs to unchanged ones.

Any problems are therefore more likely to be detected and rectified before entry into the live environment. The disadvantage is that the amount of time, effort, and computing resources needed to build, test, distribute, and implement the release will increase. Although in some circumstances the testing of a delta release (see below) may need to be as extensive as that for an equivalent full release, the amount of building effort required to test a delta release is normally less than for a full release.

12

IBM Global Services


Release ManagementSoftware Release

Release UnitDetermines the content of the software package

Release Types

Full Release (All software CIs from the release are built, tested, and implemented together.)

Delta Release (includes only those CIs within the Release unit that have actually changed or are new since the last full or delta release.)

Package Release (individual releases (full units, delta releases, or both) are grouped together to form Package Releases.)

Emergency Fix

Mainframes

Software

Management

System

Network

Computer

Planning

Software

Distribution

Software

Distribution

Laptops

PCs

Client/Server

CDs

Internet



Student Notebook

Regression testing as part of the process of implementing a full release allows a large number of components to be retested to ensure that there is no degradation in system function or behavior.

An example of a full release could consist of the complete release of a new version of client desktop software, or client desktop hardware, or both.

Delta Release

A delta, or partial, release is one that includes only those CIs within the release unit that have actually changed or are new since the last full or delta release. For example, if the release unit is the program, a delta release contains only those modules that have changed, or are new, since the last full release of the program or the last delta release of the modules.

There may be occasions when release of a full unit cannot be justified. In such cases, a delta release may be more appropriate. A decision should be made on whether delta releases are allowed, and under what circumstances. There is no single “correct” choice. It is recommended that delta releases be allowed, with the decision being taken on a case by case basis.

In each case, the Change Advisory Board (CAB) should make a recommendation, based upon all the relevant facts, on whether the release unit stipulated in the release policy is appropriate, or whether a delta release is preferable. In making its recommendation, the CAB should take into account:

• The size of a delta release in comparison with a full release, and hence the resources and effort required

• The urgency of the need for the facilities to be provided by the release to the users

• The number of CIs (below the release unit level) that have changed since the last full release; a very large number may enforce a full release

• The possible risk to the business if compatibility errors are found in the release (for example, would it be preferable to wait for a full release than to risk interface problems arising with a delta release?)

• The resources available for building, testing, distributing, and implementing the delta release (for example, if implementation is to be via non-technical staff, is it easier to implement a complete new release than a delta release?)

• The completeness of impact analysis information to make an informed and objective decision.

Package Release

To provide longer periods of stability for the live environment by reducing the frequency of releases, it is recommended that, where appropriate and where the resulting larger amount of change can be confidently handled without problems, individual releases (full units, delta releases, or both) are grouped together to form “package releases”. For example, changes to one system or suite will often require changes to be made to others. If all these




Uempty
changes have to be made at the same time, they should be included in the same package release.
A package can, for example, contain an initial version of a new TP service, several new versions of batch programs, a number of new and initial versions of individual modules, together with the release of a complete new desktop system (both hardware and software). Both full and delta releases may be included.

The use of package releases can reduce the likelihood of old or incompatible software being wrongly kept in use. It can encourage organizations to ensure that all changes that should be made concurrently, in different suites and systems, are actually made concurrently. It can also encourage organizations to test the interworking of these suites and systems fully.

Care should be taken, however, not to exceed, in any particular package release, the amount of change that can be handled comfortably. When making a decision on what to include in the package, care should be taken to ensure that the full impact of all individual parts on each other part is understood and has been properly assessed.



Student Notebook

Figure 8-12. Release Management: Benefits SM251.0

Notes:

13

IBM Global Services


Release ManagementBenefits

Greater success rate in hardware and software release, hence improved QOS delivered to the business

Consistency in the release processes of hardware and software environments

Less disruption of service to business by synchronizing releases having impact on different components

Assurance that hardware and software in use is of known quality, because releases are built properly (quality control, testing, under Change Management)

More stable environment, as changes are bundled into releases, hence fewer implementations required

Better expectation level because of release schedule

Audit trail of changes

Control and safeguarding of hardware and software assets

Higher rate of changes can be absorbed without affecting IT QOS by using a release comprising multiple changes

Lower probability of illegal copies in environment

Easier detection of wrong versions and unauthorized copies

Reduced time to release and fewer delays




Uempty

Figure 8-13. Release Management: Costs SM251.0

Notes:

This slide discusses the costs of building the DSL and the DHS. For secure release distribution, a secure network is needed. The staff who support the process and the tailoring of the process will generate expense.

14

IBM Global Services


Release ManagementCosts

Resources

– Software: supported software tools, database

– Security for DSL

– Hardware and equipment, especially data storage

– Spare components (DHS)

– Network resources (remote control)

Staff:

– Salary, training

– Tests

Tailoring of the process



Student Notebook

Figure 8-14. Release Management: Risks SM251.0

Notes:

15

IBM Global Services


Release ManagementRisks


Establishment of version and release guidelines with external suppliers

Bypass defined procedures

Creation of the definitive software library

DSL integration using automatic software distribution

Ensure that version numbering guidelines comply with releases

Staff resistance to procedures because of lack of knowledge of benefits.

Education is required.




Uempty

Figure 8-15. Release Management: Best Practices SM251.0

Notes:

16

IBM Global Services


Release ManagementBest Practices

Physical storage of all operational software in the definitive software library

(DSL)

Distribution of each software item from the DSL. Use of the DSL as source

for distribution.

Integration of Release Management (operational), Change Management

(control), and Configuration Management (control and administration)

Control of each software item using release, version, and package

guidelines

Release Management process also for additionally purchased software (not

only for self-developed software)



Student Notebook

Figure 8-16. Release Management: Summary SM251.0

Notes:

17

IBM Global Services


Release ManagementSummary

Release Management undertakes the planning, design, building, configuration,

and testing of hardware and software to create a set of release components for a

live environment. The focus is to protect the live environment and services

through the implementation of formal procedures and release checks.

A Release is a collection of authorized changes to an IT service.

Responsibilities: control of the DSL, definition, building and management of

software releases, distribution of software CIs, software audits

Release types: Full, Package, Delta Release, and Emergency Fix

DSL and DHS

Process relationship

– Release Management (Operational)

– Change Management (Control).

– Configuration Management (Control and Administration).




Uempty
Unit 9. Service Level Management

This unit is an introduction to Service Level Management, and its relationship within IT Services.




© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-1

Student Notebook

Figure 9-1. Unit 09: Service Level Management SM251.0

Notes:

2

IBM Global Services


Unit 09Service Level Management

Content:

Service Level Management – objective and overview


Some definitions

Important aspects:

– Service Level Agreement (SLA)

– Service spec sheet

Benefits, risks, costs

Best practices

Summary




Uempty

Figure 9-2. Service Level Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Service Level ManagementIntegration into the IPW Model




Student Notebook

Figure 9-3. Service Level Management: Mission Statement SM251.0

Notes:

Service Level Management is the name given to the processes of planning, coordinating, drafting, agreeing, monitoring, and reporting on SLAs, and the ongoing review of service achievements to ensure that the required and cost-justifiable service quality is maintained and gradually improved. SLAs provide the basis for managing the relationship between the provider and the customer.

What is an SLA?

A written agreement between an IT service provider and the IT customer(s), defining the key service targets and responsibilities of both parties. The emphasis must be on agreement, and SLAs should not be used as a way of holding one side or the other to ransom. A true partnership should be developed between the IT provider and the customer, so that a mutually beneficial agreement is reached, otherwise the SLA could quickly fall into disrepute and a culture of blame prevent any true service quality improvements from taking place.

4

IBM Global Services


Service Level ManagementMission Statement

The goal for Service Level Management is to maintain and improve IT service quality, through a constant cycle of agreeing, monitoring, and reporting upon IT service achievements and instigation of actions to eradicate poor service, in line with business or cost justification. Through these methods, a better relationship between IT Services and its customers can be developed.

Service Level Management (SLM) is essential in any organization so that the level of IT service needed to support the business can be determined, and monitoring can be initiated to identify whether the required service levels are being achieved - and if not, why not.Service Level Agreements (SLA), which are managed through the SLM Process, provide specific targets against which the performance of the IT organization can be judged.

The following belong to the scope of Service Level Management::

Service relationship customer - supplier

Improved specification and knowledge of service demands

Higher flexibility and reaction readiness of the service provider

Balanced relation between customer demands and service costs

Measurable service level

Objective conflict solution

Quality improvement (continuous review)




Uempty

Figure 9-4. Service Level Management: Why Service Level Management SM251.0

Notes:

5

IBM Global Services


Service Level ManagementWhy Service Level Management

Service Level Management (SLM) is responsible for the qualitative and quantitative management of the services provided by the IT organization to its customers. An essential element in the service management level process is the service level agreement (SLA), a "contract" between the IT organization and its customers, that specifies the services to be delivered. Qualitative as well as quantitative details such as performance and availability of those services are specified within the SLA.

A Service Level Agreement (SLA) is important for the judgement and execution of most activities in the IT organization. SLAs provide the basis for managing the relationship between the provider and the customer.

Due to organizational and cultural effects, the SLM process is one of the most important but also the most complex. It formalizes the relationship between the customer organization and the IT organization. The SLA can also serve as a catalyst to demonstrate the necessity of further important ITSM processes and their contributions to the fulfilment of the SLA.



Student Notebook

Figure 9-5. Service Level Management: SLM – Balance service capabilities and service requirements SM251.0

Notes:

6

IBM Global Services


Service Level ManagementSLM – Balance service capabilities and service requirements

Knowledge of business requirement

Knowledge of the service catalog

Knowledge of business requirement

Knowledge of the service catalog

Demand for IT services

Offer

IT services

Requirement Capabilities

Service Provider Primary Issues:

•Efficiency

•Effectiveness

Customer Primary Issues:

•Cost, Convenience

•Satisfaction




Uempty

Figure 9-6. Service Level Management: Definitions SM251.0

Notes:

7

IBM Global Services


Service Level ManagementDefinitions

Service Level Agreement (SLA): agreement between IT service provider and the IT

customer(s), detailing key service targets and responsibilities of both parties.

Operational Level Agreement (OLA): agreement between IT service provider and

other internal service providers on which the service depends.

Underpinning Contract (UC): contract with external IT service providers (for hardware

or software).

Service Catalog (SC): list of all IT services provided which can come into scope for

SLAs. Also lists users of the service and their maintainers.

Service Level Requirement (SLR): list of all customer requirements for the service.

Service Improvement Program (SIP): Management can instigate a SIP to identify and

implement whatever actions are necessary to overcome any difficulties and restore

service quality.



Student Notebook

Figure 9-7. Service Level Management: Tasks SM251.0

Notes:

The tasks which belong to SLM activities include those shown on the slide.

8

IBM Global Services


Service Level ManagementTasks

Service Level

Management

Service Level

Management

Service

catalog

Customer

relationship

care

Monitoring,

review, and

evaluationService

improvement

program

Operational

level agreements

and contracts (UC)

Service level

agreement

Demand of

service level

Service specification

sheet (service

specification)




Uempty

Figure 9-8. Service Level Management: Service Level Management Activities SM251.0

Notes:

The main activities within the SLM process are shown on the slide.

9

IBM Global Services


Service Level ManagementService Level Management Activities

Identify existing service levels

and new requirements

Agree on SLAs

and maintain

Service Catalog

Monitor and

evaluate

service levels

versus SLAs

Report to the

customer and

IT organization

Define offerings with OLAs and Underpinning

Contracts

Review and

adjust service

provision, SLA



Student Notebook

Figure 9-9. Service Level Management: Manage relationship with customers and suppliers (internal and external) SM251.0

Notes:

To define the service which a IT organization should provide, an SLA is a mandatory contract. To ensure delivery of service, the IT organization needs an underpinning contract with its suppliers.

10

IBM Global Services


Service Level ManagementManage relationship with customers and suppliers (internal and external)

Business Context IT Provider Internal IT Provider

Serv

ice L

evel

Man

ag

em

en

t IT Organizations

Network

Operating ...

HW

OLA

UC

IT customer

SLA

SLA

External Provider

Service

Portfolio

Service Level Agreement

(SLA)A written agreement between an IT Service Provider and the IT Customer(s).

An SLA should have a commercial and a legal part.

Operational Level Agreement

(OLA)A contract or agreement with an internal supplier covering delivery of services.

An OLA has no legal part.

Underpinning Contract (UC)A contract with an external supplier covering delivery of services

A UC should have a commercial and a legal part.

A UC is a SLA with the external supplier or provider‘s point of view




Uempty

Figure 9-10. Service Level Management: Different points of view: Communication SM251.0

Notes:

11

IBM Global Services


Service Level ManagementDifferent points of view: Communication

The communication between all individuals concerned is a

key factor for effective and efficient SLAs!

Negotiation of

service level

agreements

Legal:

Contract law, handling,

disputes, penalties

SLA

Commercial:

Accounting, charging

Technical:

Tools, methods,

metrics collection procedures

Customer’s point of view:

Reaction time, service time,

...

Staff point of view:

Operational specification,

education, administration



Student Notebook

Figure 9-11. Service Level Management: Content of a Service Level Agreement (SLA) SM251.0

Notes:

Not a fixed rule: some of the content items are mandatory, and others are not.

12

IBM Global Services


Service Level ManagementContent of a Service Level Agreement (SLA)

Service Level

Agreement

Service Level

Agreement

Name, date,

parties,

signatures

Management

reporting, review

methods

Service

specification

sheet

Quality

objectives, care

and support

Concerned parties,

roles and

responsibilities

General information:

contact persons,

escalation, penalties,

definitions

SLA release

management and

service change

procedures

Version numbers,

dates, contents,

signatures




Uempty

Figure 9-12. Service Level Management: Service Level Agreement (SLA) – Basic Structure SM251.0

Notes:

13

IBM Global Services


Service Level ManagementService Level Agreement (SLA) – Basic Structure

• Costs accounting and charging

• Bonus/Malus Regulation

• Validity

• Name of the client or customer

• Business field, products

• Type of service or product

Definition and scope of business

Customer requirements

Process steps description for the product handling

• Agreed quality standards

Availability

“Deadlines” for same-day handling

Quality degrees

Emergency regulation (reference to emergency concepts)

Incidents

Claims and escalation procedures

• Action plans

Reports

Periodic checks

Q circle

• Prerequisites that have to be fulfilled by the customer or client

... + signatures of the

contract partners

Recourse claims for

non-compliance of SLAs

-> liability regulation



Student Notebook

Figure 9-13. Service Level Management: Service Level Agreement (SLA) – Legal Contents SM251.0

Notes:

14

IBM Global Services


Service Level ManagementService Level Agreement (SLA) – Legal Contents

§ Preamble § Costs and performance clearing

§ Change Management § Performance control, measuring method

§ Scope § Reporting

§ General conditions § Failure of provision

§ Cooperation duties of the customer § Penalties

§ Consulting § Warranty, liability, damages

§ Education § Duration of contract

§ Performance description § Extraordinary termination

§ Backup and data protection § Conversion

§ Limitations, restrictions, exclusions § Claim to working results

§ Priorities § Venue

§ Escalations § Writing

§ Other obligations § Final provision

§ Secrecy




Uempty

Figure 9-14. Service Level Management: Elements of a Service Spec Sheet SM251.0

Notes:

The specification sheet specifies in detail what the customer wants (external), and what consequences this has for the service provider (internal), such as required resources and skills.

15

IBM Global Services


Service Level ManagementElements of a Service Spec Sheet

Name, date,

parties

Procedures for

changes, delivery,

recovery action

Security, backup

and recovery,

contingency,

security

Service levels,

availability,

performance

Supplied

products and

accessories

Service time

and location, terms

of delivery and

financial terms

Service description,

date, duration,

signatures

Service

specification

sheet

Service

specification

sheet



Student Notebook

Figure 9-15. Service Level Management: Benefits SM251.0

Notes:

16

IBM Global Services


Service Level ManagementBenefits

Improvement in IT service quality and reduction of service outages can lead to

significant financial savings

Satisfied customers and better customer relationship

Clearer view between both parties on roles and responsibilities

Specific targets that have to be achieved and that can be measured and reported

Focusing of IT effort on what the business thinks is key

IT and customers have consistent expectations on the level of service required

Identification of weak areas that can be remedied subsequently

SLM underpins supplier management and vice-versa

IT services are designed to meet Service Level Requirements

SLAs can be the basis for charging, and are the demonstration of what customers

receive for their money.




Uempty

Figure 9-16. Service Level Management: Risks SM251.0

Notes:

17

IBM Global Services


Service Level ManagementRisks


Monitoring actual achievements and having the same perception as the customer.

This impacts the following:

– Committing only to achievable targets

– Verifying targets prior to agreement

– SLAs based on desires rather than achievable targets

Inadequate resources and time – SLA management done in the margin of …

Too low seniority for SLA manager

SLAs not supported by adequate UCs and OLAs

Unclear definition of responsibilities of each party, making some things fall between

the “cracks”

IT-based rather than business-aligned

Business not knowing its requirements

Not focused SLAs

SLAs being considered as overhead rather than chargeable service



Student Notebook

Figure 9-17. Service Level Management: Costs SM251.0

Notes:

18

IBM Global Services


Service Level Management

Costs

The costs for SLM should be viewed as investment and added value.

Staff: salaries, training, consultancy – initial and ongoing

Support tools and hardware

Marketing costs




Uempty

Figure 9-18. Service Level Management: Best Practices SM251.0

Notes:

19

IBM Global Services


Service Level ManagementBest Practices

Show the winning of business oriented to SLA

Clearly differentiate Service Level Management (Process) from Service

Level Agreements (Contract)

Charging on SLA basis and not globally

Clear definition in a clear language of SLA for all parties

SLA Definition only as an activity of the Service Level Management process

Each SLA should be supported by its own OLAs and UCs



Student Notebook

Figure 9-19. Service Level Management: Summary SM251.0

Notes:

20

IBM Global Services


Service Level ManagementSummary

The goal of SLM: to maintain and gradually improve business-aligned IT

service quality, though a constant cycle of agreeing, monitoring, reporting, and

reviewing IT service achievements, and through instigating actions to eradicate

unacceptable levels of service

Important reasons for implementing Service Level Management: alignment of

expectations, which is a major prerequisite for running the service organization as

a business; improvement of service quality (customer-oriented) through

measurable service levels

Responsibilities: care of customer relations; planning and maintenance of the

service catalog; drafting of SLRs; negotiation, preparation, and monitoring of

higher service overall contracts, SLAs, OLAs and UCs, as well as plans for

improving service and quality

SLA: Service Level Agreement (duration, service description, transfer rate,

availability, reaction times, signature)

The quality of IT services supports the company’s success!




Uempty
Unit 10. Availability Management

This unit is an introduction to Availability Management, and its relationship within IT Services.




© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-1

Student Notebook

Figure 10-1. Module 10: Availability Management SM251.0

Notes:

2

IBM Global Services


Module 10Availability Management

Content:

Availability Management – objective and overview


Some definitions

Important aspects:

– Uptime, downtime, and availability

– Availability measurement

– Availability reporting

Benefits and risks

Best practices

Summary




Uempty

Figure 10-2. Availability Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Availability ManagementIntegration into the IPW Model

Implementing your Service Desk infrastructure

IPW Model is a trade mark of Quint Wellington and KPN Telecoms



Student Notebook

Figure 10-3. Availability Management: Mission Statement SM251.0

Notes:

4

IBM Global Services


Availability ManagementMission Statement

Availability management ensures that IT delivers the right levels of availability required by the business to satisfy its business objectives and to deliver the quality of service demanded by its customers.

Availability Management should ensure that the required level of availability is provided. The measurement and monitoring of IT availability is a key activity to ensure that availability levels are being met consistently. Availability Management should look continuously to optimize the availability of the IT Infrastructure, services, and supporting organisation, in order to provide cost-effective availability improvements that can deliver proven business enhancements to customers.

Goal of Availability Management:

Forecast, planning, and management of services availability, to ensure that:

– All services are based on appropriate and latest CIs

– For CIs not supported internally, appropriate agreements exist with third-party suppliers

– Changes are suggested in order to avoid future service downtime

Ensures that SLA-agreed availability is met




Uempty

Figure 10-4. Availability Management: Definitions (1) SM251.0

Notes:

Availability Management

• Availability is the ability of an IT service or component to perform at a stated instant, or over a stated period of time.

• Reliability is the level of freedom from operational failure of the IT service or component.

• Maintainability is the ability to retain in, or restore a service or component to, an operational state.

• Security focuses on the Confidentiality, Integrity, and Availability (CIA) of data.

• Serviceability on its own cannot be measured as a specific metric. It is a measure of the three Availability, Reliability, and Maintainability capabilities of the IT service and components that must be done.

5

IBM Global Services


Availability ManagementDefinitions (1)

Availability: measured by Mean Time Between Failures (MTBF).

Ability of an IT service or component to perform its required function at a

stated instant, or over a stated period of time

Underpinned by reliability, maintainability, serviceability, and resilience of the

IT infrastructure

Reliability: measured by Mean Time Between System Incidents (MTBSI)

Ability to work without operational failure

Depends on the probability of failure of each component, the resilience built

into the IT infrastructure, and the preventive maintenance applied to prevent a

failure from occurring

Maintainability: measured by the Mean Time To Repair (MTTR)

Ability to be retained or restored to an operational state

Depends on anticipation, detection, diagnosis, resolution, recovery from

failures, and restoration of data and IT service



Student Notebook

Figure 10-5. Availability Management: Definitions (2) SM251.0

Notes:

6

IBM Global Services


Availability ManagementDefinitions (2)

Serviceability: cannot be measured as a specific metric

Ability to maintain the availability, reliability, and maintainability provided by

the contractual agreements with the IT service providers

Resilience: or Fault Tolerance

Ability of an IT service to remain operational in spite of malfunction by one or

more subcomponents




Uempty

Figure 10-6. Availability Management: Tasks SM251.0

Notes:

7

IBM Global Services


Availability ManagementTasks

Identification

Availability

Requirements

Monitoring,

Review, and

Assessment

Availability

Improvement

Availability

plan

Availability

planning

Availability

Management

Availability

Management



Student Notebook

Figure 10-7. Availability Management: Inputs and Outputs SM251.0

Notes:

8

IBM Global Services


Availability ManagementInputs and Outputs

Inputs:

Availability, reliability, and maintainability

requirements of the business for new or

enhanced IT services.

Business Impact Assessment (BIA)

for each vital business function

underpinned by the IT infrastructure.

Information on IT service and

component failures coming from

incidents and problems.

Configuration and monitoring data

SLA achievements

Outputs:

Availability and recovery design criteria for new or enhanced IT services

Availability techniques that will be deployed to provide additional infrastructure resilience

Availability reporting to reflect the business, IT support, and user perspectives

Monitoring requirement for IT components that allow the detection of deviations in availability

Availability Plan for the proactive improvement of IT infrastructure availability

Availability

Management




Uempty

Figure 10-8. Availability Management: Uptime, Downtime, and Availability SM251.0

Notes:

A guiding principle of Availability Management is to recognize that it is still possible to gain customer satisfaction even when things go wrong. One approach to help achieve this requires Availability Management to ensure that the duration of any incident is minimized to enable normal business operations to resume as quickly as possible.

Availability Management should work closely with Incident Management and Problem Management in the analysis of unavailability incidents.

A good technique to help with the technical analysis of incidents affecting the availability of components and IT services is to take an incident “lifecycle” view.

Every incident passes through several major stages. The time elapsed in these stages may vary considerably. For Availability Management purposes, the standard incident “lifecycle”, as described within Incident Management, has been expanded to provide additional help and guidance, particularly in the area of “designing for recovery”.

9

IBM Global Services


Availability ManagementUptime, Downtime, and Availability

MTTR - Mean Time to Repair DOWNTIME Maintainability

MTBF - Mean Time Between Failure UPTIME Availability (Serviceability)

MTBSI - Mean Time Between System Incident Average Reliability Reliability

Incident

Repair

Diagnosis Recovery

Recovery

Incident

Time

Recognition

MTTR

MTBF

MTBSI



Student Notebook

MTBF (Mean Time Between Failures) is the average elapsed time from the time an IT service or supporting component is fully restored until the next occurrence of a failure to the same service or component

MTBSI (Mean Time Between System Incidents) is the average elapsed time between the occurrence of one failure and the next failure

MTTR (Mean Time To Repair) is the average elapsed time from the occurrence of an incident to resolution of the incident.




Uempty

Figure 10-9. Availability Management: Availability Measurements (1) SM251.0

Notes:

This slide shows some of the simple mathematics required to enable component and total Infrastructure Availability to be calculated. This information is needed to help formulate availability targets for IT components and IT services. Additionally, these output calculations can be input to any availability modeling tools that are available.

The examples provided in this section are fairly straightforward, with the calculations presented being sufficient to provide adequate estimates of availability. Where more detailed estimates of availability are required, it may be necessary to research more complex mathematical calculations. The statistical analysis of incident data and the forecasting of availability are a rich study field in many industries outside IT, such as electronics and aviation.

10

IBM Global Services


Availability ManagementAvailability Measurements (1)

When is a service not available?

”A service is not available to a customer if the locally required functions cannot

be used, although the agreed conditions for the provision of the service are

fulfilled."

A simple calculation of availability in %:

Agreed service time - Downtime

But what does 98% availability mean?

100X

Agreed service time 1



Student Notebook

Figure 10-10. Availability Management: Availability Measurement (2) SM251.0

Notes:

The availability percentage for each IT component within the total IT infrastructure may be different, and as such it is necessary to provide a calculation that reflects the total infrastructure availability.

The levels of resilience provided positively influence the availability percentage for the total infrastructure.

This slide shows the serial and parallel configuration calculation of availability.

11

IBM Global Services


Availability ManagementAvailability Measurement (2)

Serial Parallel

Disk A Disk B

Disk A

Disk BAvailability = 90% Availability = 90%

Availability only then, if both are in operation

=> A x B =

0.9 * 0.9 = 0.81 or 81%

Availability = 90%

Availability = 1 – not available

1 – both are not available =

1 – (A not available) x (B not available) =

1 – 0.1 * 0.1 = 0.99 or 99%

Availability = 90%




Uempty

Figure 10-11. Availability Management: Availability Measurement Example (3) SM251.0

Notes:

12

IBM Global Services


Availability ManagementAvailability Measurement Example (3)

Example of availability in a parallel or a serial architecture



Student Notebook

Figure 10-12. Availability Management: Risk Management is also an aspect of availability SM251.0

Notes:

The identification of risks and the provision of justified countermeasures to reduce or eliminate the threats posed by such risks can play an important role in achieving the required levels of availability for a new or enhanced IT service.

Risk Analysis should be undertaken during the design phase for the IT infrastructure and service to identify:

• Risks that may incur non-availability for the IT components within the IT infrastructure and service design

• Risks that may incur confidentiality, integrity exposures, or both within the IT infrastructure and service design

Risk Analysis involves the identification and assessment of the level (measure) of the risks calculated from the assessed values of assets and the assessed levels of threats to, and vulnerabilities of, those assets.

13

IBM Global Services


Availability ManagementRisk Management is also an aspect of availability

Assets Weaknesses

RisksRisks

Threats

Risk analysis

Risk management

Countermeasures Planning forpossible downtimes

Managementof downtimes




Uempty
Risk Management involves the identification, selection, and adoption of countermeasures justified by the identified risks to assets in terms of their potential impact upon services if failure occurs, and the reduction of those risks to an acceptable level.
This approach, when applied via a formal method, ensures that coverage is complete together with sufficient confidence that:

• All possible risks and countermeasures have been identified

• All vulnerabilities have been identified and their levels accurately assessed

• All threats have been identified and their levels accurately assessed

• All results are consistent across the broad spectrum of the IT infrastructure reviewed

• All expenditure on selected countermeasures can be justified.



Student Notebook

Figure 10-13. Availability Management: Availability Reporting SM251.0

Notes:

The IT support organization has for many years measured and reported on its perspective of availability. Traditionally, these measures have concentrated on component availability, and have been somewhat divorced from the business and user views.

Typically, these traditional measures are based on a combination of an availability percentage (%), time lost, and the frequency of failure. Some examples of these traditional measures are as follows:

% Available - The truly “traditional” measure which represents qvailability as a percentage and, as such, is much more useful as a component availability measure than as a service availability measure. It is typically used to track and report achievement against a service level target. It tends to emphasize the “big number”, such that if the service level target was 98.5% and the achievement was 98.3%, then it does not seem that bad. This can encourage a complacent behavior within the IT support organization.

% Unavailable - The inverse of the above. This representation, however, has the benefit of focusing on non-availability. Based on the above example, if the target for non-availability was 1.5% and the achievement was 1.7%, then this is a much larger relative difference.

14

IBM Global Services


Availability ManagementAvailability Reporting

Classical reporting measures

% available

% unavailable

Duration of unavailability in hours

Frequency of failure

Impact of failure

Problems with classical measures:

– Fails to reflect IT availability as experienced by the business and users

– Conceal “hot spots”. Generally good availability for the IT organization

– Does not support continuous improvement

Future measured variables (CCTA acceptance):

Impact by user minutes lost (user productivity)

Impact by business transaction




Uempty
This method of reporting is more likely to create awareness of the shortfall in delivering the level of availability required.
Duration - Achieved by converting the percentage unavailable into hours and minutes. This provides a more “human” measure that people can relate to. If the weekly downtime target is 2 hours but one week the actual was 4 hours, this would represent a trend leading to an additional 4 days of non-availability to the business over a full year. This type of measure and reporting is more likely to encourage focus on service improvement.

Frequency of failure - Used to record the number of interruptions to the IT service. It helps provide a good indication of reliability from a user perspective. It is best used in combination with Duration to take a balanced view of the level of service interruptions and the duration of time lost to the business.

Impact of failure - This is the true measure of service unavailability. It depends upon mature incident recording, where the inability of users to perform their business tasks is the most important piece of information captured. All other measures suffer from a potential to mask the real effects of service failure.

The business may have, for many years, accepted as a fait accompli that the IT availability that they experience is represented in this way. However, this is no longer being viewed as acceptable, and the business is keen to better represent availability in measure(s) that demonstrate the positive and negative consequences of IT availability on their business and users.

The traditional IT approach to measurement and reporting provides an indicator of IT availability and component reliability which is important for the internal IT support organization. However, to the business and users, these measures fail to reflect availability from their perspective and are rarely understood. This often fuels mistrust between the business and IT where, despite periods of instability, the “%” target has been met even though significant business disruption has occurred and customer complaints have been received.

Furthermore, this method of measurement and reporting can often hide the benefits delivered to the business from IT improvements. The traditional IT availability measures can simply mask real IT “added value” to the business operation.

While the traditional IT availability measurement and reporting methods can be considered appropriate for internal IT reporting, the disadvantages of this approach are that they:

• Fail to reflect IT availability as experienced by the business and the users • Can conceal service “hot spots”, whereby regular reporting shows the SLA as being

“met”, but the business, the users, or both, are becoming increasingly dissatisfied with the IT service

• Do not easily support continuous improvement opportunities to drive improvements that can benefit the business and the users

• Can mask IT “added value”, where tangible benefits to the business and users have been delivered, but the method of measurement and reporting does not make this visible.



Student Notebook

Figure 10-14. Availability Management: Benefits SM251.0

Notes:

15

IBM Global Services


Availability ManagementBenefits

IT services with an availability requirement are designed, implemented, and

managed to consistently meet that target

Improvement of capability of the IT infrastructure to attain the required levels of

availability to support the critical business processes

Improvement of customer satisfaction and recognition that availability is the

prime IT deliverable

Reduction in frequency and duration of incidents that impact IT availability

Single point for availability is established within the IT organization (process

owner)

Levels of IT availability provided are cost-justified and support SLAs fully

Shortcomings in provision of availability are recognized and coped with in a

formal way

Mindset moves from error correction to service enhancement: from reactive to

proactive attitude




Uempty

Figure 10-15. Availability Management: Risks SM251.0

Notes:

16

IBM Global Services


Availability ManagementRisks


Costs of availability management are seen as overhead and are too high

It is difficult to quantify the availability demands of the user and to determine

their costs

Lack of available resources with the required skills

Gathering of availability data requires many tools to underpin and support the

process

Vendor dependency

Broad knowledge of IT infrastructure



Student Notebook

Figure 10-16. Availability Management: Best Practices SM251.0

Notes:

17

IBM Global Services


Availability ManagementBest Practices

Separation of design and measurement

Usage in connection with capacity, financial management for IT services,

and IT service continuity management

Determination of metrics using this process




Uempty

Figure 10-17. Availability Management: Summary SM251.0

Notes:

18

IBM Global Services


Availability ManagementSummary

The goal of the Availability Management process is to optimize the capability of

the IT infrastructure, services, and supporting organization to deliver a cost-

effective and sustained level of availability that enables the business to satisfy

its business objectives.

Aspects: Availability, Maintainability, Reliability, Serviceability

Risk Management

Measures of Availability:

– MTBSI (Mean Time Between System Incidents)

– MTTR (Mean Time To Repair )

– MTBF (Mean Time Between Failures)

– Calculation of Availability



Student Notebook



Student Notebook

Figure 11-1. Unit 11: Capacity Management SM251.0

Notes:

2

IBM Global Services


Unit 11Capacity Management

Content:

Capacity Management – objectives and overview


Important aspects

– Capacity planning

– Capacity Database (CDB)


Best practices

Summary




Uempty

Figure 11-2. Capacity Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Capacity ManagementIntegration into the IPW Model




Student Notebook

Figure 11-3. Capacity Management: Mission Statement SM251.0

Notes:

4

IBM Global Services


Capacity ManagementMission Statement

Capacity Management is responsible for ensuring that the capacity of the IT infrastructure matches the evolving demands of the business in the most cost-effective and timely manner.

Capacity Management needs to understand the business requirements (the required provision of IT services), the organization's operation (the current provision of IT services), and the IT infrastructure (the means of provision of IT services), and to ensure that all the current and future capacity and performance aspects of the business requirements are provided cost-effectively.

However, Capacity Management is also about understanding the potential for service provision. New technology needs to be understood and, if appropriate, used to deliver the services required by the business. Capacity Management needs to recognize that the rate of technological change will probably increase and that new technology should be harnessed to ensure that the IT services continue to satisfy changing business expectations. One of the result of the activities of Capacity Management is a documented capacity plan.

The goal of Capacity Management:

Ensure

required, acceptable,

cost-effective capacity

of IT resources, in order that the service levels which are

agreed with the company are fulfilled in a timely manner.

Ensure

required, acceptable,required, acceptable,

costcost--effective capacityeffective capacity

of IT resources, in order that the service levels which are

agreed with the company are fulfilled in a timelytimely manner.




Uempty

Figure 11-4. Capacity Management: Why Capacity Management? SM251.0

Notes:

5

IBM Global Services


Capacity ManagementWhy Capacity Management?

There are a number of reasons why an organization should implement Capacity Management.

Capacity Management provides the required information about:

– Which components need to be upgraded (such as main memory, faster hard disk, larger bandwidth)

– When to perform upgrades – not too early, otherwise expensive overcapacities cannot be used; and not too late, in order to avoid bottlenecks, bad performance, and consequently, customer dissatisfaction

– How much the upgrade will be – planning elements and predictions will influence budget planning

Capacity management is based on:

– Business requirements

– Existing structures of the company

– Existing IT infrastructure

The customer does not require capacity; the customer requires services

The expenditure for IT capacities needs to be continuously justifiable

It provides information on current and planned resource utilization of individual components, allowing decisions on which components to upgrade, when to do so, and how much it will cost.



Student Notebook

Figure 11-5. Capacity Management: Capacity Management has three sub-processes SM251.0

Notes:

Capacity Management consists of a number of sub-processes, within which there are various activities. The sub-processes of Capacity Management are:

Business Capacity Management: This sub-process is responsible for ensuring that the future business requirements for IT services are considered, planned, and implemented in a timely fashion. This can be achieved by using the existing data on the current resource utilization by the various services to trend, forecast, or model the future requirements. These future requirements come from business plans outlining new services, improvements and growth in existing services, development plans, and so on.

Service Capacity Management: The focus of this sub-process is the management of the performance of the live, operational IT services used by the customers. It is responsible for ensuring that the performance of all services, as detailed in the targets in the SLAs and SLRs, is monitored and measured, and that the collected data is recorded, analyzed, and reported. As necessary, action is taken to ensure that the performance of the services meets the business requirements. This is performed by staff with knowledge of all the

6

IBM Global Services


Capacity ManagementCapacity Management has three sub-processes

Iterative activities

(Performance Mgmt)Capacity

Database

Capacity Plan

Demand Management

Business

Capacity

Management

Service

Capacity

Management

Resource

Capacity

Management




Uempty
areas of technology used in the delivery of end-to-end service, and often involves seeking advice from the specialists involved in Resource Capacity Management.
Resource Capacity Management: The focus in this sub-process is the management of the individual components of the IT infrastructure. It is responsible for ensuring that all components within the IT infrastructure that have finite resource are monitored and measured, and that the collected data is recorded, analyzed, and reported. As necessary, action must be taken to manage the available resource to ensure that the IT services that it supports meet the business requirements. In carrying out this work, the Capacity Management process is assisted by individuals with specialist knowledge in the particular areas of technology.



Student Notebook

Figure 11-6. Capacity Management: Tasks SM251.0

Notes:

Ongoing: iterative activities, Demand Management, storage of data in the Capacity Database (CDB)

Ad hoc: Modeling and application sizing

Regularly: Production of capacity plan

Iterative activities:

Monitoring in order to ensure optimum use of hardware and software such that agreed service levels can be achieved. Metrics are:

• CPU, memory, file store utilization

• Transactions: per second, response time

• Batch duration profiles

7

IBM Global Services


Capacity ManagementTasks

Demand

Management

Business

Capacity

Management

Service

Capacity

Management

Analyze

Iterative

Activities

Resource

Capacity

ManagementCapacity

Database

(CDB)

Capacity

Management

Capacity

Management

Tuning

Implementation

Monitoring

Application

Sizing




Uempty
Distinguish between availability data and performance data. Thresholds should be set based on analysis of previously recorded data. They should be set below targets in SLAs to allow for corrective action before an SLA is breached.
Analysis of the collected data to identify trends from which normal utilization and service levels can be established. Report on exception conditions compared with baseline. Predict future resource usage. Analysis should happen on short-term, medium-term, and long-term.

Tuning of configurations to improve performance through:

• Balancing workloads or disk traffic

• Change locking strategy (database, page, table, record, row)

• Efficient use of memory

Implementation of tuning activities in the live environment should happen through Change Management to limit impact on the customers of the service.

Capacity Database

It is a cornerstone of a successful Capacity Management system. It is the basis of performance and capacity reports to be delivered to management and technical personnel.

All sub-processes use it.

For more details, see notes on page 11-14.

Demand Management

• Influence demand for, and use of, resources

• Carried out as short-term solution to a capacity problem (like the breakdown of a redundant component that was also in use, hence halving capacity)

• Carried out as longer-term solution if difficult to justify expensive upgrade

• Exercised through:

- Physical constraints or limiting usage

- Financial constraints or charging

• Can be carried out by any of the three sub-processes.



Student Notebook

Figure 11-7. Capacity Management: Input & Output SM251.0

Notes:

8

IBM Global Services


Capacity ManagementInput & Output

SUB-PROCESS

Business Capacity Management

Trend, forecast, model, prototype,

size, and documentation

of future business requirements

Service Capacity Management

Monitor, analyze, tune, and report

on service performance; establish

baselines and profiles of use of

services

Manage demand for service

Resource Capacity Management

Monitor, analyze, and report on

utilization of components,

Establish baselines and profiles on

use of components

TechnologiesSLAs, SLRs, and

service portfolioBusiness plans and

strategiesMaintenance windowsEmployment and

development plans and programmes

Planning of future changes

Incidents and problems

Service reviewsSLA violationFinancial plansBudgets

Capacity plansCDBMinimum requirements

and profilesThreshold values and

signalsCapacity reports

(regular, ad hoc, and in special cases)

SLA and SLR recommendations

Costs and recommendations for further calculations

Proactive changes and service improvements

Revised maintenance windows

Effectiveness reviewAudit reports

INPUT OUTPUT




Uempty

Figure 11-8. Capacity Management: Iterative Activities SM251.0

Notes:

Monitors should be established on all the components and for each of the services. The data should be analyzed, using, wherever possible, expert systems to compare usage levels against thresholds. The results of the analysis should be included in reports, and recommendations made as appropriate. Some form of control mechanism may then be put in place to act on the recommendations. This may take the form of balancing services, changing concurrency levels, and adding or removing resource. The cycle then begins again, monitoring any changes made to ensure that they have had a beneficial effect, and collecting the data for the next day, week, or month.

9

IBM Global Services


Capacity ManagementIterative Activities

A number of the activities of Capacity Management need to be carried out iteratively, and form a natural cycle:

Set up and maintain the Capacity Database

Reporting

– Analyzes and reports

– Production of the capacity plan

Demand Management and Monitoring

– Ensure that the future business requirements for IT services are considered

– Report on performance against targets contained in SLA

– Monitoring of resources

– Forecast future capacity requirements

Document costs associated with options

Assess new technology and its relevance

Tuning

Implementation

Monitoring

Analysis

SLM Exception

Reports

Capacity

Management

Database

(CDB)

Resource Utilization

Exception Reports

SLM Thresholds

Resource

Utilization

Thresholds



Student Notebook

Figure 11-9. Capacity Management: Capacity Plan SM251.0

Notes:

Capacity Plan

Contains:

Introduction

Explains background to this issue of the capacity plan:

• Current levels of capacity of the organization

• Problems and pain points identified due to over- or under-capacity.

• Changes since last issue of capacity plan

Scope of plan is given (ideally all IT resources).

Methods used (how and when information obtained from sub-processes):

• Business forecasts from business plans

• Workload forecasts from users

• Service level forecasts from modeling

10

IBM Global Services


Capacity ManagementCapacity Plan

The Capacity Plan should be published annually in line with the budgetary cycle. Ideally, it

should be updated quarterly, and consists of the following parts:

Introduction

– Scope of planning– Methods

Assumptions and prerequisites

Management summary

Business evaluations and scenarios

Service summary

Resource summary

Options for service improvement

Cost model

Recommendations

• Business benefit to expect• Potential impact (of not) carrying out recommendations; risks involved– Required resources– Costs: unique and ongoing




Uempty
Management summary
Highlight main issues, options, recommendations and costs.

Business scenarios

Put the plan in the context of the current and future business environment. Mention all known business forecasts so that readers can determine what is inside and outside the scope of the plan.

Service summary

For each current and recent service provision, provide a service profile, including throughput rates and resulting resource utilization. Trends should be presented.

Service forecasts should be detailed because of new and demised services.

Resource summary

Current and recent resource usage should be documented, reporting on trends.

Resource forecasts coming from service forecasts.

Options for service improvement

Outlines possible options for improving effectiveness and efficiency of service delivery; upgrading network, consolidating applications, rewriting custom built applications, and so on.

Cost model

Costs associated with options should be documented.

Current and forecasted cost of providing IT services (data generally coming from IT financial management).

Recommendations

Summary of recommendations made in previous plan and status.

Any new recommendations should be made.

Recommendations should be quantified in terms of:

• Business benefit to expect

• Potential impact in (not) carrying out recommendations

• Risks involved

• Resources required

• Setup cost and ongoing cost



Student Notebook

Figure 11-10. Capacity Management: Capacity Database SM251.0

Notes:

Capacity Database

It is a cornerstone of a successful Capacity Management system. It is the basis of performance and capacity reports to be delivered to management and technical personnel.

All sub-processes use it.

It contains business data:

• Number of accounts

• Number of branches

• Number of calls into call centers

• Number of PCs

• Anticipated workloads

It contains service data:

• Transaction response times

11

IBM Global Services


Capacity ManagementCapacity Database

Capacity Database (CDB)

Data in the CDB is stored and used by all the sub-processes of Capacity

Management because it is a repository that holds a number of different types of

data: business, service, technical, financial, and utilization data.

The CDB is unlikely to be a single database, and probably exists in several

physical locations.

The information in the CDB is used to form the basis of performance and Capacity

Management reports that are to be delivered to management and technical

personnel.

The data is also utilized to generate future capacity forecasts, and to allow

Capacity Management to plan for future capacity requirements.




Uempty
• Times for batch jobs to be processed
• SLM thresholds

It contains technical data:

• Limitations of resources (80% CPU, 30% Ethernet)

It contains financial data:

• Financial plans

• IT budgets

• External suppliers

• CMDB

It contains utilization data of resources:

• Data of current utilization of components

• Lower granularity data on older utilization data of components

Can exist in several physical locations.

Outputs are:

• Service- and component-based reports

• Exception reporting on capacity and performance for component or service. Special interest in reporting on items that affect SLAs.

• Capacity forecasts to predict future growth.



Student Notebook

Figure 11-11. Capacity Management: Benefits and Costs SM251.0

Notes:

12

IBM Global Services


Capacity ManagementBenefits and Costs

Benefits

Reduced risk of performance problems and failure

Cost savings

Both achievable through:

– Planned buying

– Deferring expenditure until really needed (but in a controlled way)

– Matching capacity to business need

Ensures that systems have sufficient capacity to run the applications required by the business for the foreseeable future

Provides information on current and planned resource utilization of individual components allowing decisions on which components to upgrade, when to do so, and how much it will cost.

Costs

Setting up Capacity Management:

– Procurement of required hardware and software, such as monitoring tools

– Project management

– Staff costs

– Accommodation

Daily management of Capacity Management:

– Annual maintenance and upgrades

– Ongoing staff costs

– Recurring accommodation costs (leasing, rental, energy)

“Planned buying is cheaper than panic buying.”“Planned buying is cheaper than panic buying.”




Uempty

Figure 11-12. Capacity Management: Risks SM251.0

Notes:

Possible problems:

Over-expectation

Customer expectations often exceed technical capability. Therefore it is essential that customer expectations for new applications be managed from the outset. Capacity Management needs to discuss with customers the technical feasibility and, more importantly, the cost implications, of meeting over-ambitious requirements. The opportunity to achieve this is provided as part of the application sizing activity, where requirements and expectations should be discussed and agreed between all parties.

The improvements that can be made through regular tuning may not be significant. However, if a service or application has been badly designed or implemented, a large performance gain may be possible.

Also Demand Management is often constrained by the requirement for constant online access to corporate information. It is not always easy or possible to reschedule the use of

13

IBM Global Services


Capacity ManagementRisks


Customer expectations exceed technical capability

Unrealistic product information from vendor

Wrong estimation of future workload by the customer

Precise predictions become more difficult with shorter business planning

cycles

Considering all service areas (software, PC, server, LAN, WAN, TK, and so

on) within the scope of capacity management



Student Notebook

services to quieter off-peak periods. For example, it would be difficult for an Internet site selling flowers to influence the demand for flowers on or around St Valentine's Day!

Vendor influence

Where budget and sales target deadlines coincide, it is not uncommon to be offered what seems to be the deal of a lifetime, such as “purchase sufficient capacity for today and tomorrow at yesterday’s prices”. On face value, cost efficiencies can be realized; however, before purchasing, remember:

• The pace of change is rapid: today's special offer is often tomorrow's end-of-line product

• Technological advancement: tomorrow's technology will perform faster and have more built-in capacity than today's technology

• The overall reducing cost of technology: today's performance and capacity will always be cheaper tomorrow and considerably cheaper in six months’ time.

Manufacturers’ quoted performance figures are often not achievable within a production environment. Care should be taken when negotiating with vendors for additional performance. Where possible, performance figures should be verified before purchase through reference site visits and by simulation testing where appropriate.

Lack of information

Time-to-market pressures are placing ever-increasing demands, and as a result business planning cycles are shorter. This is not an excuse, but a statement of fact about the environment within which Capacity Management must function. Traditionally, it has always been difficult to obtain accurate business forecasts, in order to predict increases and decreases in demand for IT capacity.

However, even the best business planning function cannot always accurately predict demand. There have been numerous recent examples of unprecedented and unpredicted consumer demand for either the latest product or the latest information. Internet sites that are suddenly popular are good examples of consumer demand far outstripping supply and causing failed or drastically delayed delivery of information or products. The Internet is a prime example where consumers literally “at the click of a button” are lost forever as they go elsewhere to receive a service, never again to return to a temporarily unavailable or slow site.

It is not possible to provide consistently high-quality service levels, cost-effectively, without timely, accurate business planning information being made available. However, Capacity Management can work effectively, even with crude business estimates. Also, it helps if the Capacity Management process understands the business and can talk to the customer in their language. The business is much more likely to know how many chocolate bars it is going to sell than the amount of CPU seconds it uses in the process. The Capacity Management process always improves over time.




Uempty
Capacity Management in a distributed environment
Capacity Management is often considered only as a requirement within the host environment; the network and client environments are not always included as part of the Capacity Management process.

Anecdote

A group of network managers were asked, “When is the first time you get involved in capacity planning for new applications to be utilized across the network?” Unfortunately, the most common answer was, “Usually during the first week of live running, when users complain about poor performance”. Another common answer was “During customer acceptance testing, when the application is being tested by users just before transition to live running”.

However, when also asked, “If you had been involved from the outset, when the new application was just a customer requirement, could you have provided accurate figures on spare network capacity within the target environment?”, only a handful were confident in their ability to do so.

Result

There are a number of results and lessons to be learned from the above:

• The network is not within the scope of Capacity Management, but it should be.

• Huge potential exists for new applications to perform poorly or fail totally.

• Customer perception is that IT fails to deliver (again).

• Potential financial costs are incurred by the business due to application failure.

• Unpredicted and unbudgeted IT costs are incurred to resolve the performance problems, which usually require to be addressed urgently and thus cost even more.

Level of monitoring to be implemented

Tools available today provide extremely comprehensive monitoring capabilities. It is possible to monitor most aspects of most components in the IT infrastructure. However, careful consideration should be given to the level of monitoring to be undertaken, and the decision should be based upon:

• Business impact of component failure: can monitoring be justified on the basis of potential impact of failure?

• Utilization volatility: is utilization subject to a steady growth or decline over time, or do highly volatile changes in utilization occur?

• Ability to monitor components: can monitoring and reporting be automated?

• Cost of component monitoring and reporting: are costs greater than the potential use that can be made of the data collected?



Student Notebook

Figure 11-13. Capacity Management: Best Practices SM251.0

Notes:

14

IBM Global Services


Capacity ManagementBest Practices

The Capacity Management process should be reviewed for effectiveness and

efficiency at regular intervals to ensure that:

– It is producing the required output at the required times for the appropriate

audience

– Its activities are cost-effective

Critical Success Factors

Success in Capacity Management is dependent on a number of factors:

– Accurate business forecasts

– Knowledge of IT strategy and plans, and that the plans are accurate

– An understanding of current and future technologies

– An ability to demonstrate cost-effectiveness

– Interaction with other effective Service Management processes

– An ability to plan and implement the appropriate IT capacity to match business

needs




Uempty

Figure 11-14. Capacity Management: Summary SM251.0

Notes:

15

IBM Global Services


Capacity ManagementSummary

The goal of Capacity Management is to ensure that all the current and

future capacity and performance aspects of the business requirements

are provided in a timely and cost-effective manner.

Responsibilities: Business Capacity Management, Service Capacity

Management, Resource Capacity Management

Demand Management

Capacity Plan and Capacity Database (CDB)

“Good Capacity Management ensures NO SURPRISES!”“Good Capacity Management ensures NO SURPRISES!”



Student Notebook




Uempty
Unit 12. Financial Management for IT Services

This unit is an introduction to Capacity Management, and its relationship within IT Services.




© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-1

Student Notebook

Figure 12-1. Unit 12: Financial Management SM251.0

Notes:

2

IBM Global Services


Unit 12Financial Management

Content:

Financial Management – objectives and overview


Important aspects

– Costs types

– IT accounting

– Interfaces to other service management processes

Benefits and risks

Best practices

Summary




Uempty

Figure 12-2. Financial Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


Financial Management Integration into the IPW Model




Student Notebook

Figure 12-3. Financial Management: Mission Statement SM251.0

Notes:

4

IBM Global Services


Financial ManagementMission Statement

Financial Management ensures that the IT organization is able to account fully on the money spent on IT services, to attribute these costs to IT services delivered to customers, and to assist management decisions on IT investment by providing detailed business cases for changes to IT services.

The goal of IT Financial Management is also:

For internally (in-house) oriented IT service providers

– Monitoring of the usage of IT components and resources for supplying IT services with regard to cost efficiency

For externally oriented IT service providers

– Recording of costs incurred, and details of how these relate to services performed for the customer

– Support management decisions about IT investment by means of detailed business cases.




Uempty

Figure 12-4. Financial Management: Why Financial Management for IT Services (1) SM251.0

Notes:

5

IBM Global Services


Financial ManagementWhy Financial Management for IT Services (1)

Because you can provide the best service and nevertheless can gobankrupt

Because there are minimal legal requirements for financial reporting

Because service providers should be business-oriented

Because of increasing economic pressure



Student Notebook

Figure 12-5. Financial Management: Why Financial Management for IT Services (2) SM251.0

Notes:

6

IBM Global Services


Financial ManagementWhy Financial Management for IT Services (2)

IT Financial Management...

Supports the development of a solid investment strategy

Enables definitions of performance objectives

Enables the measurement of services performed

Makes it easier to prioritize resource deployment, and with it, optimized resource planning

Ensures solid, financially justified administration of the assets used in the organization

Supports management in their daily decision-making in order to plan risk reduction

Creates organizational prerequisites for performing cost-objective accounting

Cost-objective accounting enables...

Flexible determination of services which are to be defined. It is the basis for the business design of IT services.

Determination of real IT service costs, enabling transparent, well-measured, content-related pricing

Reporting for planning and controlling

Reporting for financial accounting




Uempty

Figure 12-6. Financial Management: Tasks SM251.0

Notes:

7

IBM Global Services


Financial ManagementTasks

IT Financial

Management

IT Financial IT Financial


IT AccountingIT Accounting ChargingChargingBudgetingBudgeting

Ensures that business provides sufficient funds to run the IT services

it requires

Provides management information on the cost of providing IT services supporting

business needs

Provides sound business method of

balancing shape and quantity of IT

services with needs and resources of the

customers



Student Notebook

Figure 12-7. Financial Management: Process SM251.0

Notes:

This slide looks at methods for an IT organization to predict and calculate the costs of service, and discusses ways of estimating the proportion of costs that can be attributed to each customer where an IT service is shared. This simple diagram is used as a basis for the whole item.

In summary:

Budgeting enables an organization to:

• Predict the money required to run IT services for a given period

• Ensure that actual spend can be compared with predicted spend at any point

• Reduce the risk of overspending

• Ensure that revenues are available to cover predicted spend (where charging is in place)

IT accounting enables an organization to:

• Account for the money spent in providing IT services

8

IBM Global Services


Financial ManagementProcess

Business IT

requirements

Business IT

requirements

Financial targets Costing

models

Charging

policies

Feedback of proposed charges to

businesses

Cost analysis

(accounting)

Cost analysis

(accounting) ChargingCharging

ChargingCharging

IT operational

plan (including

budgets)

IT operational

plan (including

budgets)

external

internal




Uempty
• Calculate the cost of providing IT services to both internal and external customers
• Perform cost-benefit or Return-on-Investment analyses

• Identify the cost of changes

Charging enables an organization to:

• Recover the costs of the IT services from the customers of the service

• Operate the IT organization as a business unit if required

• Influence user and customer behavior



Student Notebook

Figure 12-8. Financial Management: Process – Budgeting and Accounting Activities (mandatory) SM251.0

Notes:

The aim of budgeting is that the actual costs match the budget (predicted costs). This budget is usually set by negotiations with the customers who are providing the funds (although this sometimes happens at an unrefined level, where the business leaders agree proportions of their revenue to be used to fund IT, based upon what IT have told them their costs are). Good budgeting is essential to ensure that the money does not run out before the period ends. Where shortfalls are likely to occur, the organization needs early warning and accurate information to enable good decisions to best manage the situation.

Current leading practice is to use IT accounting to aid investment and renewal decisions, and to identify inefficiencies or poor value, but to charge a fixed amount for an agreed capacity (determined by the level of service agreed in the Service Level Agreements or SLAs). In this case, IT Finance Management works with Service Level Management (they may even be the same person) to ensure that the overall costs of running the agreed services should not exceed the predicted costs. Charging is then often a matter of billing for agreed periods at an agreed rate, for example 1/12 of each customer's IT budget each calendar month. Additional charges are made for work above the agreed service levels (such as office moves, major roll-out, unplanned hardware upgrade).

9

IBM Global Services


Financial ManagementProcess – Budgeting and Accounting Activities (mandatory)

To understand whether an IT organization is doing the best that it can and to demonstrate this to its customers, it has to both understand the true cost of providing a service and manage those costs professionally. To do this, it is usual to implement IT accounting and budgeting processes, and often to implement charging processes as well.

Budgeting is the process of predicting and controlling the spending of money within the organization, and consists of a periodic negotiation cycle to set budgets (usually annual) and the day-to-day monitoring of the current budgets. Budgeting enables an organization to:

Predict the money required to run IT services for a given period

Ensure that actual spending can be compared with predicted spending at any point

Reduce the risk of overspending

Ensure that revenues are available to cover predicted spending (where charging is in place)

Accounting is the set of activities that enable the IT organization to account fully for the way its money is spent. IT accounting enables an organization to:

Account for the money spent in providing IT services

Calculate the cost of providing IT services to both internal and external customers

Perform cost-benefit or return-on-Investment analyses

Identify the cost of changes




Uempty

Figure 12-9. Financial Management: Process – Charging (optional) SM251.0

Notes:

10

IBM Global Services


Financial ManagementProcess – Charging (optional)

Charging has motivational aspects, considering the effects upon both the

provider and the customer of the service. The objective is to optimize the

behavior of both parties in achieving the organization's aims.

Charging enables an organization to:

Recover the costs of the IT services from the customers of the service

Operate the IT organization as a business unit if required

Achieve transparency for customers

Influence user and customer behavior

Achieve profit

– Use market strength (invisible hand)

– Deliver effective services in agreed quality and quantity



Student Notebook

Figure 12-10. Financial Management: Cost Types SM251.0

Notes:

External service and transfer costs need further explanation. It is now common to buy in services from external parties (external services) that are a mixture of cost types, for example an outsourced service for providing an organization’s application development, or the provision of a data center. It may be difficult to break down this cost (into each of the first four categories), as it is likely to contain elements that are indivisible or that the supplier will not wish to detail. It is easier and more usual to categorize this as an external service cost.

Transfer costs are those that represent goods and services that are sold from one part of an organization to another (often within a multinational or other large organization that has a sophisticated internal accounting system). Transfer costs may be for:

• Hardware (an IT organization buying PCs on behalf of a business customer) • Software (the corporate finance department producing control mechanisms for IT to

manage their costs) • People (the HR overhead levied by the corporate HR department) • Accommodation (a charge made by the Facilities Management department)

11

IBM Global Services


Financial ManagementCost Types

For producing a cost model, the suggested cost types are:

Hardware costs (CPU, disk storage, LANs, peripherals….)

Software costs (OS, applications, database, systems management….)

People costs (payroll costs, company cars, relocation costs, expenses, overtime,

consultancy)

Accommodation costs (offices, storage, secure areas, utilities)

External service costs (security, outsourced services,…)

Transfer costs (goods and services that are sold from one part of an organization

to another)

• All costs for services can be grouped into the cost types listed.

• Other types are possible; this is not a fixed rule.

• Important: all major cost elements in the current or proposed IT

budget are identified and then attributed to the customers who

“cause” them.

• All costs for services can be grouped into the cost types listed.

• Other types are possible; this is not a fixed rule.

• Important: all major cost elements in the current or proposed IT

budget are identified and then attributed to the customers who

“cause” them.




Uempty
Transfer costs should be visible in the cost model, because people may forget that internal goods and services represent a cost to the organization and are part of the cost of providing service. Hence, a false figure may be reached when assessing costs if a service is dependent upon activity from another part of the organization but this cost is excluded from calculations. Some organizations will insist on these transfer costs being accounted for in each part of the organization, while others might only use them when modeling costs, and no money will actually pass across the organization. In this publication, it is assumed that it is not necessary to separately identify transfer costs in the cost model examples.


Student Notebook

Figure 12-11. Financial Management: Cost Classification SM251.0

Notes:

The cost-by-customer cost model requires that all major cost elements in the current or proposed IT budget be identified and then attributed to the customers who “cause” them. To do this, the costs first have to be identified as either direct or indirect:

Direct costs are those clearly attributable to a single customer, such as manufacturing systems used only by the Manufacturing division.

Indirect costs (sometimes called overheads) are those incurred on behalf of all, or a number of, customers, such as the network or the technical support department, which has to be apportioned to all, or a number of, customers in a fair manner.

Any indirect costs (sometimes called unabsorbed overheads) which cannot be apportioned to a set of customers have then to be recovered from all customers in as fair a way as possible, usually by uplifting the costs calculated so far by a set amount. This ensures that the sum of all of the costs attributed to each customer still equals the total costs incurred by the IT organization; this is referred to as the “balance check”. This “balance check” can be applied to costs divided in other ways, such as by service or location; the sum of the parts should always equal the whole.

12

IBM Global Services


Financial ManagementCost Classification

Variable Costsare those that vary with some factor, such as usage or time.

Fixed CostsCosts that do not vary even when resource usage varies. Examples of this would be a maintenance contract for a server or a corporate software licence (within agreed user limits).

Indirect Costs (sometimes called overheads) are those incurred on behalf of all, or a number of, customers, such as the network or technical support department, which have to be apportioned to all, or a number of, customers in a fair manner.

Direct Coststhose clearly attributable to a single customer, such as manufacturing systems used only by the Manufacturing division.

Operational Costsare those resulting from the day-to-day running of the IT Services organization, such as staff costs, hardware maintenance and electricity, and relate to repeating payments whose effects can be measured within a short timeframe, usually less than the 12-month financial year.

Capital Costsare the purchase or major enhancement of fixed assets, for example computer equipment, building, and plant, often also referred to as “one-off” costs.




Uempty
If the cost model is being produced for the first time, the categories and cost elements for it need to be developed first, to a level of detail that meets the needs of IT accounting and of any charging to be performed. Hence an understanding of charging policies is necessary when the cost model is drawn up.
If costs are mainly direct, perhaps because each customer has independent hardware and software, the method of recording and of apportioning costs can be very simple. For example, if Finance are the only customers of the general ledgers and the system on which they run, all costs directly associated with the general ledgers, including purchase, maintenance, and support, can be attributed to the Finance department's code in the ledgers (often called a cost center or a charge code).

However, if resources are shared, for instance a mainframe is running applications for more than one customer, the hardware costs may have to be classified as indirect and apportioned to each customer, say by CPU seconds, disk storage, print volumes, and so on, from workload predictions. To do this requires a model that allows these costs to be spread across a number of customers.

For finance purposes, costs are classified into either capital or operational when the financial ledgers are reported (the “books”). This is because capital expenditure is assumed to increase the total value of the company, while operational expenditure does not, although in practice the value of capital expenditure decreases over time (depreciates).

This distinction affects IT accounting, because the cost model needs a method of calculating the annual cost of using a capital item (such as a mainframe) to deliver an IT service. The annual costs must make allowance for the decreasing value of capital items (assets), and make for timely renewal of capital items, such as buildings, servers, and applications. Usually, this is taken as the annual depreciation, from a method set by the Finance department (within the boundaries of the country's laws).

Capital costs are typically those applying to the physical (substantial) assets of the organization. Traditionally this was the accommodation and machinery necessary to produce the organization’s product. Capital costs are the purchase or major enhancement of fixed assets; for example, computer equipment, building, and plant are often also referred to as “one-off” costs. It is important to remember that it is not usually the actual cost of items purchased during the year that is included in the calculation of the cost of the services, but the annualized depreciation for the year.

Operational costs are those resulting from the day-to-day running of the IT services organization, such as staff costs, hardware maintenance, and electricity, and relate to repeating payments whose effects can be measured within a short timeframe, usually less than the 12-month financial year.

Fixed or Variable

Costs that do not vary even when resource usage varies are referred to as fixed costs. Examples of this would be a maintenance contract for a server, or a corporate software license (within agreed user limits).



Student Notebook

Variable costs are those that vary with some factor, such as usage or time. They are likely to be used for cost elements which cannot be easily predicted, and for which it is to the benefit of both supplier and customer to determine the costs exactly, perhaps for variable charges to be applied. Examples of charges that might vary, because the underlying cost varies, are out-of-hours cover, major equipment relocation, and the production of additional quarterly reports.

A cost element such as file store may be considered to be variable. If a customer requires an additional 10 GB, it may be possible to calculate that the cost of this is £1000, and hence that the cost per GB is £100. The danger of this approach is that there are often sharp changes in costs because they cannot be continuously scaled: the next disk drive may require another cabinet, or an additional process run on the server may cause queuing problems resulting in all jobs taking longer to run.

It is sometimes necessary to view a cost as having a fixed element and a variable element, for example, using file store at all requires disk controllers and bandwidth, causing a fixed cost. The variable cost of additional disk drives can then be calculated and added to the fixed portion. This level of detail is not usually needed in calculating the cost of a service, but can be useful when evaluating competing technologies or services.




Uempty

Figure 12-12. Financial Management: Costs types – Example: Printing a report SM251.0

Notes:

13

IBM Global Services


Financial ManagementCosts types – Example: Printing a report

Printing out a report:

Fixed direct costs

– Depreciation of the printer

Fixed indirect costs

– IT Management team, support team

Variable direct costs

– Paper consumed for printing

Variable indirect costs

– Printing another report on the same printer

– Ink cartridge



Student Notebook

Figure 12-13. Financial Management: Example of IT Accounting SM251.0

Notes:

14

IBM Global Services


Financial ManagementExample of IT Accounting

HardwareHardware

Cost centre accounting

Co

st

ce

nte

rs

Cost centers

CalculationCalculationCost objective calculation

Product (groups)

= accumulated

profit

Overhead costs extra charge

Direct costs

(individual costs)

Overhead costs

Cost category calculationCost category calculation

Revenue

- Individual costs

- Overhead costs

SoftwareSoftware

PersonnelPersonnel

FacilityFacility

External servicesExternal services

TransferTransfer

Indirect costs

(overhead costs)




Uempty

Figure 12-14. Financial Management: Links to other processes SM251.0

Notes:

Financial Management for IT Services interacts with most IT service processes and has particular dependencies upon and responsibilities to:

• Service Level Management - The SLA specifies customer expectations and IT Services’ obligations. The cost of meeting the customer's requirements may have a major impact on the shape and scope of the services that are eventually agreed. IT Finance Management liaises with Service Level Management about the costs of meeting current and new business demands, the charging policies for the organization, their effects on customers, and how the policies are likely to influence customer and user behavior. The more that the SLA allows individual customers to request variations to service levels, the greater is the scope for (and potential benefits of) charging for IT services, but also the greater the overheads of budgeting, IT accounting, and charging.

• Capacity Management - Cost information can be used to estimate the costs of the desired capacity and availability of the system. In planning the capacity, it may be necessary to discuss the costs with individual customers or the organization as a whole.

15

IBM Global Services


Financial ManagementLinks to other processes

Service Level Management: Cost of meeting customer SLA requirements impacts shape and scope of services that are agreed. IT Finance manager cooperates with Service Level manager about the costs meeting business demands and charging policies influencing customer behavior. The more variations to service levels, the larger the scope of charging, but the larger the overheads of budgeting, IT accounting, and charging.

Capacity/Availability Management: Cost information can be used to estimate cost of desired capacity or availability.

Configuration Management: Financial management requires asset and cost information which can be provided through the CMDB.

Change Management: Influence of changes on cost.



Student Notebook

Data that is collected so that costs can be determined may also be relevant to capacity assessments, such as staff effort, machine usage.

• Configuration Management -Financial Management requires asset and cost information that may be managed by large organization-wide systems. Configuration Management is responsible for managing the data relating to assets (configuration items) and their attributes (such as cost).




Uempty

Figure 12-15. Financial Management: Benefits SM251.0

Notes:

16

IBM Global Services


Financial ManagementBenefits

IT accounting supports the IT Service Manager

Statements about profitability of the individual IT services

Essential decisions about IT services and the required investments

Data for justifying IT expenditures

Essential planning and budgeting

Overview of costs, created by service failures, as a basis for expenditure

justification in strategy planning

Users can track costs of the services they have used



Student Notebook

Figure 12-16. Financial Management: Risks SM251.0

Notes:

There are a number of possible problems in implementing IT accounting and charging:

• IT accounting and charging are often new disciplines in IT Services, and there is limited understanding of leading practice in cost modelling and charging mechanisms, which could lead to over-complex or ineffective systems.

• IT accounting relies on planning information provided by other processes both within and outside IT Services Management which may not be routinely available, delaying the project.

• Staff combining accountancy and IT experience are rare, so many activities may need to be shared with staff from outside IT Services who may not have this as their priority.

• The IS strategies and objectives of an organization may not be well formulated and documented, and prediction of capacity requirement may not be accurate.

• Senior business managers may not recognize the benefits of IT accounting and charging, and may resent the administrative overheads and the limitations on workload.

17

IBM Global Services


Financial ManagementRisks


New discipline, so limited understanding of leading practice in cost modeling and

charging mechanisms, leading to overly complex or ineffective systems

IT accounting relies on planning information provided by other functions within and

outside IT services management, and is sometimes difficult to obtain

Combination of IT skills and accountancy skills is rare

IS strategy and objectives are not clear, hence prediction of capacity requirement is

not accurate

Senior management may not realize benefits of IT accounting and charging

Resentment of administrative overhead and workload

Complex IT accounting and charging makes cost larger than value of information

provided

Monitoring tools providing resource usage are inaccurate or not cost-efficient




Uempty
• The IT organization may not be able to respond to changes in users' demands once costs become an influence.
• The IT accounting and charging processes are so elaborate that the cost of the system exceeds the value of the information produced.

• The monitoring tools providing resource usage information are inaccurate or irrelevant, or cost too much to develop and maintain..



Student Notebook

Figure 12-17. Financial Management: Best Practices SM251.0

Notes:

18

IBM Global Services


Financial ManagementBest Practices

Clear differentiation between accounting and charging

Connection with Availability Management, Capacity Management,

Configuration Management, and Change Management

Customer-specific charging

Financing, benchmarks, and investments are very important




Uempty

Figure 12-18. Financial Management: Summary SM251.0

Notes:

19

IBM Global Services


Financial ManagementSummary

The goal of Financial Management is to provide cost-effective stewardship

of the IT assets and resources used in providing IT services

Responsibilities: Budgeting, accounting, charging

Cost classification (capital/operational, direct/indirect, fixed/variable)



Student Notebook




Uempty
Unit 13. IT Service Continuity Management (ITSCM)

This unit is an introduction to Continuity Management, and its relationship within IT Services.




© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-1

Student Notebook

Figure 13-1. Unit 13: IT Service Continuity Management (ITSCM) SM251.0

Notes:

2

IBM Global Services


Unit 13IT Service Continuity Management (ITSCM)

Content:

IT Service Continuity Management – objectives and overview


Some definitions

Important aspects

– Business impact

– Risk analysis

– Service recovery

– Continuity plan

– Continuity plan testing and review


Summary




Uempty

Figure 13-2. ITSCM Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


ITSCM Management Integration into the IPW Model




Student Notebook

Figure 13-3. ITSCM: Mission Statement SM251.0

Notes:

4

IBM Global Services


ITSCMMission Statement

The mission for IT Service Continuity Management (ITSCM) is to support the overall Business Continuity Management process by managing risks to ensure that IT services (including computer systems, networks, applications, telecommunications, technical support, and service desks) can be recovered within required, agreed-to business timescales.

ITIL Discipline Contingency Planning (disaster planning) was renamed to IT Service Continuity Management

(ITSCM), and is now part of Business Continuity Management.. The dependencies between business

processes and technology are now so intertwined that Contingency Planning (or Business Continuity

Management, as it is now sometimes termed) incorporates both a business element (Business Continuity

Planning) and a technology element (IT Service Continuity Management Planning).

Goal of ITSCM:

The goal for ITSCM is to support the overall Business Continuity Management process by ensuring that the required IT technical and services facilities, including:

– computer systems

– networks

– applications

– telecommunications

– technical support and Service Desk

can be recovered within required, and agreed, business timescales.




Uempty

Figure 13-4. ITSCM: Why ITSCM SM251.0

Notes:

5

IBM Global Services


ITSCMWhy ITSCM

In today's highly competitive and service-oriented business environment,

organizations are judged on their ability to continue to operate and provide a

service at all times. ITSCM focus is to:

- Increase dependence on IT services and business protection

- Reduce cost and time effort for recovery

- Ensure survival

Continuity planning is therefore essential. ITSCM ensures that a business is

capable of recovering substantial services and their access in the event of a

disaster.

Many businesses do not survive the first year after an IT disaster!



Student Notebook

Figure 13-5. ITSCM: Definitions: Business Continuity Management (BCS) and ITSCM SM251.0

Notes:

6

IBM Global Services


ITSCMDefinitions: Business Continuity Management (BCS) and ITSCM

Business Continuity Management (BCM) is concerned with managing

risks to ensure that an organization can continue operating to at least a

predetermined minimum level. The BCM process involves:

– Reducing the risk to an acceptable level

– Planning for recovery of business processes should a disruption to the

business occur

IT Service Continuity Management (ITSCM) is a part of the overall BCM

process and is dependent on information derived from it. It focuses on the

continuity of IT services to the business. Before it is implemented, the

minimum business requirements must be determined.




Uempty

Figure 13-6. ITSCM: Tasks SM251.0

Notes:

7

IBM Global Services


ITSCMTasks

ITSCMITSCM

Risk analysis

and risk

management

Making, testing,

improving, and

maintaining a

continuity plan

Taking

requirements

from BCM



Student Notebook

Figure 13-7. ITSCM: Continuity Management Process SM251.0

Notes:

It is not possible to develop an effective ITSCM plan in isolation; it must fully support the requirements of the business. This section considers the four stages of the Business Continuity lifecycle, with particular emphasis on the IT aspects. A full understanding of the Business Continuity process can be obtained through the OGC ITIL publications, An Introduction to Business Continuity Management and A Guide to Business Continuity Management.

8

IBM Global Services


ITSCMContinuity Management Process

Initiate BCM

Business Impact Analysis

Risk Assessment

Business Continuity Strategy

Implement Standby

Arrangements

Develop Recovery Rules

Implement Risk Reduction Measures

Develop Procedures

Initial Testing

Phase 1: Initiation

Phase 2: Requirements and Strategy

Phase 3: ImplementationOrganizational and

Implementation Planning

Education and AwarenessReview and Audit

TestingChange Management

TrainingAssurance

Phase 4: Operational Management




Uempty

Figure 13-8. ITSCM: Risk of events that can cause disaster SM251.0

Notes:

9

IBM Global Services


ITSCMRisk of events that can cause disaster

Event Percent

Theft 36%

Virus 20%

Hacking 16%

Hardware / Communication 11%

Environment 7%

Software 4%

Fire / Flood / Force Majeure 3%

Other 3%

Event Percent

Theft 36%

Virus 20%

Hacking 16%

Hardware / Communication 11%

Environment 7%

Software 4%

Fire / Flood / Force Majeure 3%

Other 3%

Gartner Study 2001



Student Notebook

Figure 13-9. ITSCM: Some events that have caused problems SM251.0

Notes:

10

IBM Global Services


ITSCMSome events that have caused problems

Below is a brief list of high-profile events that have caused significant problems to

organizations over the years:

Technical failure: London Stock Exchange (2000)

Poison gas: Tokyo Underground System, Japan (March 1995)

Power Loss: Auckland, New Zealand (December 1997)

• in 2003 alone: US/Canada, Italy, Sweden/Denmark

Earthquake: Kobe, Japan (January, 1995), Los Angeles, USA (January 1994)

Bombing :

– World Trade Center, New York, USA (February 1993)

– Oklahoma City, Oklahoma, USA (April 1995)

– Docklands, London, England (February 1996)

– Bishopsgate, London, England (April 1993)

– Manchester, England (June 1996)

– World Trade Center, New York, USA (September 2001)

Flood: Bangladesh (July 1996), Pakistan (August 1996), Germany/Poland (2002)

Web site denial of service attacks, such as Yahoo (2000), Microsoft (2003), SCO (2004)

Below is a brief list of high-profile events that have caused significant problems to

organizations over the years:

Technical failure: London Stock Exchange (2000)

Poison gas: Tokyo Underground System, Japan (March 1995)

Power Loss: Auckland, New Zealand (December 1997)

• in 2003 alone: US/Canada, Italy, Sweden/Denmark

Earthquake: Kobe, Japan (January, 1995), Los Angeles, USA (January 1994)

Bombing :

– World Trade Center, New York, USA (February 1993)

– Oklahoma City, Oklahoma, USA (April 1995)

– Docklands, London, England (February 1996)

– Bishopsgate, London, England (April 1993)

– Manchester, England (June 1996)

– World Trade Center, New York, USA (September 2001)

Flood: Bangladesh (July 1996), Pakistan (August 1996), Germany/Poland (2002)

Web site denial of service attacks, such as Yahoo (2000), Microsoft (2003), SCO (2004)




Uempty

Figure 13-10. ITSCM: Risk Analysis as part of BCM Requirements definition SM251.0

Notes:

The second driver in determining ITSCM requirements is the likelihood that a disaster or other serious service disruption will actually occur. This is an assessment of the level of threat and the extent to which an organization is vulnerable to that threat.

The top section of the figure refers to the risk analysis: if an organization’s assets are highly valued, and there is a high threat to those assets, and the vulnerability of those assets to those threats is high, there would be a high risk. The bottom section of the figure shows risk management, where countermeasures (proactive), damage reduction (operation), and disaster management are applied to manage the business risks by protecting the assets.

11

IBM Global Services


ITSCMRisk Analysis as part of BCM Requirements definition

Assets Weaknesses

RisksRisks

Threats

Risk analysis

Risk management

Countermeasures Damage ReductionDisaster

Management



Student Notebook

Figure 13-11. ITSCM: The continuity strategy involves the selection of recovery options SM251.0

Notes:

Strategy: Recovery options

To be considered for:

• People and accommodation: alternative premises, location, and mobility of staff

• IT systems and networks: recovery of hardware, software, networks, and data used. Relies on effective backups and good availability management

• Critical services: such as power, telecommunications, water

• Critical assets: such as paper records and reference material

It should take short-term and long-term recovery into account.

Options are:

• Do nothing: not a very good idea

• Manual workarounds: can be an effective interim measure but mostly not to be used for more complex business processes

12

IBM Global Services


ITSCMThe continuity strategy involves the selection of recovery options

Manual workaround

– Can be an effective interim measure but mostly not to be used for more complex

business processes

Takeover by another organization with similar equipment (reciprocal)

– Arrangement with a another organization using similar technology

Gradual recovery (cold standby)

– Recovery of service about 72 hours

– Provision of empty accommodation is foreseen – New Installation

Intermediate recovery (warm standby)

– Recovery of service about 24 hours

– Disaster Recovery center for data recovery only

Immediate recovery (hot standby)

– For immediate restoration of service (seconds)

Using internal, external, fixed, portable, mobile centers




Uempty
• Reciprocal arrangements with another organization using similar technology is a good solution in a batch processing environment, but doesn't work in a distributed environment
• Gradual recovery or cold-standby is good for an organization that can wait up to 72 hours for recovery of full IT services. Provision of empty accommodation is foreseen but everything else has to be installed (computer equipment and restoration of data).

• Intermediate recovery or warm-standby for recovering IT services within 24 hours. Typically this is through an equipped disaster recovery center where only data needs to be recovered. Disadvantages are the distance and sharing with other customers.

• Immediate recovery or hot-standby is for immediate restoration of services, and is mostly an extension of intermediate recovery, where exclusive access to systems is provided. Also a mirroring service can be established with regular data transfers. Times of recovery vary from a second to between 2 and 4 hours.



Student Notebook

Figure 13-12. ITSCM: Continuity Plan Invocation SM251.0

Notes:

13

IBM Global Services


ITSCMContinuity Plan Invocation

The invocation is the ultimate test of BCM and ITSCM plans.

The following should be known in case of emergency:

- Where the plans are located

- The most important actions and points of decision

- Contact information of the crisis management team

The plan should contain the following details:

- Where are the backup media?

- Where are the essential documentations, procedures, PC images, and so on?

- How should the technical staff be mobilized, and which staff?

- Contacting and alerting external suppliers (hardware; software if required).




Uempty

Figure 13-13. ITSCM: Test and Review SM251.0

Notes:

14

IBM Global Services


ITSCMTest and Review

Testing of the continuity plan:

Should be conducted every 6 to 12 months and after every case of disaster

Should be conducted under realistic conditions

Review of and changes to the continuity plan:

Changes of the ITSCM plan due to change in the IT infrastructure

– Custom / Services / SLRs / Risks

– Dependencies / Assets / CIs / Personal

– Contracts / SLAs / Countermeasures / …

ALL critical and major changes should be approved by the Change Advisory

Board (CAB)



Student Notebook

Figure 13-14. ITSCM: Benefits and Costs SM251.0

Notes:

The advantages of ITSCM include:

• Potential lower insurance premiums: The IT organization can help the organization demonstrate to underwriters or insurers that they are proactively managing down their business risks. Therefore, the risk to the insurance organization is lower and the premiums due should reflect this. Alternatively, the organization may feel comfortable in reducing cover or self-insuring in certain areas as a result of limiting potential losses.

• Regulatory requirements: In some industries a recovery capability is becoming a mandatory requirement (for example, regulators stipulate that financial organizations have sufficient continuity and security controls to meet the business requirements). Failure to demonstrate tested business and ITSCM facilities could result in heavy fines or the loss of trading licenses. Within the service community, there is an obligation to provide continuous services, such as hospitals, emergency services, and prisons.

• Business relationship: The requirement to work closely with the business to develop and maintain a continuity capability fosters a much closer working relationship between

15

IBM Global Services


ITSCMBenefits and Costs

Benefits

Potential lower insurance premiums

Business relationship with the rest of

the enterprise is fostered because IT

organization is forced to get a better

understanding of the business

Positive marketing of contingency

capabilities. Effective ITSCM allows

organization to provide high service

levels and thus win business

Organizational credibility is increased

towards customers, business partners,

and stakeholders

Competitive advantage over

organizations without it

Costs

Cost of organization

Cost of implementation

Cost of HW to recover critical IT

services

Contracts for offsite storage, recovery

centers, recovery systems

Cost of implementation of

backup/recovery strategy taking

ITSCM into account

Cost of testing recovery plans

Cost of maintaining recovery plans




Uempty
IT and the business areas. This can assist in creating a better understanding of the business requirements and the capability of IT to support those requirements.
• Positive marketing of contingency capabilities: Being able to demonstrate effective ITSCM capabilities enables an organization to provide high service levels to clients and customers and thus win business.

• Organizational credibility: There is a responsibility on the directors of organizations to protect the shareholders' interest and those of their clients. Contingency facilities increase an organization’s credibility and reputation with customers, business partners, stakeholders, and industry peers. For example, the growth of call centers in many organizations has meant that the need to maintain customer communications at all times is vital to the ability to retain customer confidence and loyalty.

• Competitive advantage: Service organizations are increasingly being asked by business partners, customers, and stakeholders to demonstrate their contingency facilities, and may not be invited to tender for business unless they can demonstrate appropriate recovery capabilities. In many cases this is a good incentive for customers to continue a business relationship, and becomes a part of the competitive advantage used to win or retain customers.



Student Notebook

Figure 13-15. ITSCM: Risks SM251.0

Notes:

16

IBM Global Services


ITSCMRisks


No senior management commitment during implementation or ongoing phase

No personal resource for creating ITSCM plans

Testing of continuity plans only realistic in the live environment




Uempty

Figure 13-16. ITSCM: Summary SM251.0

Notes:

17

IBM Global Services


ITSCMSummary

The mission of ITSCM is to support the Business Continuity Management process

by ensuring that the required IT technical and services facilities can be recovered

within required and agreed timescales

The dependencies between business processes and technology are now so

intertwined that Contingency Planning (or Business Continuity Management, as it

is now sometimes termed) incorporates both a business element (Business

Continuity Management) and a technology element (IT Service Continuity

Management).

Activities: risk analysis, continuity plan, review and test



Student Notebook




Uempty
Unit 14. Security Management

This unit is an introduction to Security Management, and how it relates with all other IT Services.




© Copyright IBM Corp. 2004 Unit 14. Security Management 14-1

Student Notebook

Figure 14-1. Unit 14: Security Management SM251.0

Notes:

2

IBM Global Services


Unit 14Security Management

Content:

Security Management – objectives and overview

Definition: CIA, security incident


Important aspects

– Security measures

Benefits and costs

Summary




Uempty

Figure 14-2. ITSCM Management: Integration into the IPW Model SM251.0

Notes:

3

IBM Global Services


ITSCM Management Integration into the IPW Model




Student Notebook

Figure 14-3. Security Management: Mission Statement SM251.0

Notes:

IT Security Management is the process of managing a defined level of security for information, IT services, and infrastructure. IT Security Management enables and ensures that:

• Security controls are implemented and maintained to address changing circumstances, such as changed business and IT service requirements, IT architecture elements, threats, and so on

• Security incidents are managed

• Audit results show the adequacy of security controls and measures taken

• Reports are produced to show the status of information security.

IT Security Management needs to be part of every IT manager's job description. Management is responsible for taking appropriate steps to reduce to acceptable levels the chances of a security incident occurring. This is the process of risk assessment and management.

4

IBM Global Services


Security ManagementMission Statement

Security Management is the process of managing a defined level of security on information and IT services, including managing the responses to security incidents.

The goal of Security Management is to counter risks of threats to one of the most important assets for business: the information.

Information is threatened in many ways:

Confidentiality

Integrity / Accuracy

Availability / Accessibility

C – Confidentiality

I – Integrity

A – Availability

C – Confidentiality

I – Integrity

A – Availability




Uempty

Figure 14-4. Security Management: Definitions: CIA SM251.0

Notes:

5

IBM Global Services


Security Management

Definitions: CIA

Security Management should protect the value of the information.

Confidentiality

Protecting sensitive information from unauthorized disclosure or intelligible

interception

Integrity

Safeguarding the accuracy and completeness of information and software

Availability

Ensuring that information and vital IT services are available and accessible when

required



Student Notebook

Figure 14-5. Security Management: Why Security Management? SM251.0

Notes:

6

IBM Global Services


Security Management

Why Security Management?

Information is the most important production factor of the world

Threat to information = threat to the organization‘s productivity

Security Management gets increasingly important, because...

– Public networks (Internet) are increasingly used

– Internal networks are opened to customers and business partners

– Internet usability is increasingly extended (e-commerce, online banking)

– Processes are controlled via networks




Uempty

Figure 14-6. Security Management: Information Security Incident SM251.0

Notes:

7

IBM Global Services


Security ManagementInformation Security Incident

Information Security Incidents are incidents at which

the confidentiality

the integrity

or the availability

of the information is threatened.

Information security incidents

can accidentally occur,

or can be intentionally caused.



Student Notebook

Figure 14-7. Security Management: Security Measures SM251.0

Notes:

Corporate executive management is accountable to stakeholders and shareholders for security, and is responsible for defining the corporate security policy. IT Security Management is governed by that policy. The existence of the policy registers and reinforces the corporate decision to invest in the security of information and information processing. It provides management with guidelines and direction regarding the relative importance of various aspects of the organization, and of what is allowable and what is not, in the use of ICT systems and data.

8

IBM Global Services


Security ManagementSecurity Measures

Security measures make it possible to reduce or eliminate

the risks associated with information. Security measures

only add value when used harmoniously.

Security organization

With clear responsibilities and tasks

Policies, codes of conduct, or both

Physical security measures

Physical separation of the computer room

Technical security measures

Security in a computer system or network

Procedural security measures

How the staff are required to act in particular cases

Work instructions

The security organization has to

establish and maintain a proper

balance between the level of security

and the ability to use the service.

The security organization has to

establish and maintain a proper

balance between the level of security

and the ability to use the service.




Uempty

Figure 14-8. Security Management: Process SM251.0

Notes:

This slide illustrates the information security process as seen by the business. It covers all stages, from policy setting and initial risk assessment, through planning, implementation and operation, to evaluation and audit. The level of security required are defined after the customer or the business security requirements.

The slide provides an overview of the ITIL IT Security Management Process. The process shows the complete route, from the collection of a customer's requirements, through planning, implementation, evaluation and maintenance – under a framework of control – with regular status reporting to the customer closing the loop.

9

IBM Global Services


Security ManagementProcess

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA



Student Notebook

Figure 14-9. Security Management: Process- Input from Customer SM251.0

Notes:

10

IBM Global Services


Defines its

security

requirements

based on its

business

requirements

Security ManagementProcess- Input from Customer

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA




Uempty

Figure 14-10. Security Management: Process – Control SM251.0

Notes:

Processes, functions, roles, and allocation of responsibilities have to be defined within the sub-processes.

• The organization structure between these

• The reporting structure or line of command

• The way the security plans are established

• The process through which these are implemented

• The way in which the implementation is evaluated

• The process through which the results of these evaluations are used for the maintenance of security plans and the implementation thereof

• The reporting structure to the customer

11

IBM Global Services


Security ManagementProcess – Control

• Define processes,

functions, roles,

responsibilities

• Organization

structure between

sub-processes

• Reporting

structure/line of

command

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA



Student Notebook

Figure 14-11. Security Management: Process – SLA SM251.0

Notes:

12

IBM Global Services


Report

The section

security in SLA

is negotiated

between

customer and

service provider

Security ManagementProcess – SLA

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA




Uempty

Figure 14-12. Security Management: Process – Plan SM251.0

Notes:

The Plan activity includes the way the security section of the SLA is established as well as the underpinning contracts.

The generic security requirements in the SLA are refined in Operational Level Agreements (OLAs). These define support requirements internally.

The Plan activities may also use policy statements for the IT service providers to which they have to comply.

13

IBM Global Services


• SLA

• Underpinning

contracts

• OLA

• Policy statement

Security ManagementProcess – Plan

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA



Student Notebook

Figure 14-13. Security Management: Process – Implement SM251.0

Notes:

14

IBM Global Services


• Maintaining

awareness

- Security works only if

discipline and

motivation

• Security incident

handling

responsiveness


registration

- measurement

- classification

- and reporting

Security ManagementProcess – Implement

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA




Uempty

Figure 14-14. Security Management: Process – Evaluate SM251.0

Notes:

Three types of evaluation:

• Internal audits

• External audits

• Self-assessments

Evaluation results are used to determine or refine measures taken.

Evaluation also assesses standards and policies.

• Can result in RFCs

• Blindly trusting security measures installed long ago will create an atmosphere of phantom security.

15

IBM Global Services


Security ManagementProcess – Evaluate

Avoid the

atmosphere of

phantom security

• Internal audits

• External audits

• Self-assessments


evaluation

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA



Student Notebook

Figure 14-15. Security Management: Process – Maintain SM251.0

Notes:

It is important to keep security measures up to date, as the threats on the infrastructure, organization, and processes are changing constantly.

Maintenance is based on:

• The results of the periodic reviews

• Insight into the changing risk picture

• Changes in the input material (including SLAs)

16

IBM Global Services


Security ManagementProcess – Maintain

• Collect experiences,

lessons learned

• Improvements will

be considered for

the next round of

- planning

- implementation

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA




Uempty

Figure 14-16. Security Management: Process – Report SM251.0

Notes:

One of the major reasons why information security has been neglected for so long is the absence of historical records.

Generally no one has any idea of what kind of security incidents have troubled the organization in the past.

• Ignorance

• Not exposing the dirty linen

Management needs to be aware of the efficiency of the resources spent on security measures and the effectiveness of the measures.

17

IBM Global Services


• Show conformity

with SLA

• Management

without

information is

impossible

Security ManagementProcess – Report

Customer

PlanMaintain

EvaluateImplement

Control

Report SLA



Student Notebook

Figure 14-17. Security Management: Level of measures SM251.0

Notes:

18

IBM Global Services


Security ManagementLevel of measures

Recovery

Damage

How could the security incident happen?

How can it be avoided in the future?

Security

Incident

Prevent

Reduction

Detection

Repression

Correction

Evaluation

Threat




Uempty

Figure 14-18. Security Management: Benefits and Costs SM251.0

Notes:

19

IBM Global Services


Security ManagementBenefits and Costs

Benefits

Can only be qualified with difficulty

The costs are nevertheless clear if

security is not sufficient

Costs

Provision of information and training

(depends on staff mentality)

Staff, hardware, software



Student Notebook

Figure 14-19. Security Management: Summary SM251.0

Notes:

20

IBM Global Services


Security ManagementSummary

Security Management is responsible for managing and improving a

defined level of security on information and IT services.

Information Security Incidents are incidents at which

– the confidentiality

– the integrity

– or the availability

of the information is threatened.

Activities: plan, implement, evaluate, maintain



V3.1.0.1

backpg
Back page

��®

ITIL Study Guide

Documents

Transcript of ITIL Study Guide