ITILv3 Foundation Manual

8/3/2019 ITILv3 Foundation Manual

1/159


2/159


3/159


4/159


5/159


6/159


7/159


8/159


9/159


10/159 1


11/159


12/159 1


13/159

Good Practice refers to practices which have been adopted and proven towork. Best practice is an ideal wed like to attain but good practice is that

which works best. ITIL is one source of Good Practice.

Adopting good practice can help a service provider to create an effectiveservice management practice. Good practice is simply doing things that havebeen shown to work and to be effective. Good practice can come from manydifferent sources, including public frameworks (such as ITIL, COBIT andCMMI), standards (such as ISO/IEC 20000 and ISO 9000), and proprietaryknowledge of people and organizations.

1


14/159 1


15/159 1


16/159

Service: A Service is defined in ITIL as A means of delivering value toCustomers by facilitating Outcomes Customers want to achieve without theownership of specific Costs and Risks. For example, A customer wants fast,

accurate, secure, cost effective messaging from an email service. Withouthaving to worry about costs and risks essentially means they leave that to theservice provider who will ensure it is being backed up, secured, etc.

Service Management is defined as Service Management is a set of

specialized organizational capabilities for providing value to customers in theform of services. These specialized organizational capabilities include all of

the processes, methods, functions, roles and activities that a Service Provideruses to enable them to deliver services to their customers.

Service management is concerned with more than just delivering services.Each service, process or infrastructure component has a lifecycle, and servicemanagement considers the entire lifecycle from strategy through design andtransition to operation and continual improvement.

1


17/159

UTILITY is derived from the attributes of the service.

(In other words, the service does what the customer wants it to, making iteasier for users to do their jobs).

WARRANTY is derived from the service being available when needed insufficient capacity.

UTILITY is what the customer gets & WARRANTY is how it is delivered.

1


18/159 1


19/159 1


20/159

Measurable

The performance of the process is incredibly important. Managers will want tomeasure the cost & quality. People involved operationally with the process are

concerned with how long it takes and how easy it is.

Specific Results

The result of the process must be individually identifiable and countable.

Customers

Customers / stakeholders may be internal or external to the organisation butthe process must meet their expectations.

Responds to a Specific Event

While a process may be ongoing or iterative, it should be traceable to aspecific trigger.


21/159

The Service Desk is a function. A specialised group of people who log callsand communicate with Usersamongst other activities. They are oftenresponsible for specific outcomes, like closing calls.

2


22/159

A key characteristic of a process is that all related activities need not necessarily belimited to one specific organisational unit.

Since processes and their component activities run through an entire organisation,

individual activities should be mapped to defined roles. The roles and activities canthen be coordinated by process managers.

Once detailed procedures and work instructions have been developed, anorganisation must map the defined roles and the activities of the process to itsexisting staff.

To assist with this task, an authority matrix is often used within organisationsindicating roles & responsibilities in relation to processes and activities. The RACIModel is such a matrix.

Only one person is accountable for an activity, although several people may beresponsible for executing parts of the activity.

In this model, responsible means end-to-end responsibility for the process.Responsibility should remain with the same person for all activities of a process.

The authority matrix clarifies to all involved which activities they are expected to fulfil,as well as identifying any gaps in process delivery and responsibilities. It is especiallyhelpful in clarifying the staffing model necessary for improvement.

2


23/159 2


24/159

These roles are referenced again in the CSI section of the course though ofcourse all processes should have an owner.


25/159 2


26/159 2


27/159 2


28/159 2


29/159 2


30/159

Who ?

(other IT teams, Users, Internal Customers, etc.)

What ?

(shift handover, performance reports, changes, etc.)

How ?

(e-mail, phone, pager, fax, text message, etc.)

3


31/159 3


32/159

Event Management & Monitoring are closely related, but slightly different innature.

Event Management is focused on generating & detecting meaningfulnotifications about the status of the IT Infrastructure and Services.

Whilst Monitoring detects & tracks such notifications, its scope is somewhatbroader.

For example, monitoring tools will check the status of a device to ensure that itis operating within acceptable limits, even if that device is not generatingEvents.

Event Management works with occurrences that are specifically generated tobe monitored.

Monitoring tracks these occurrences, but it will also actively seek outconditions that do not generate Events

3


33/159 3


34/159 3


35/159

An Incident Model is a standardised way of dealing with incidents that havehappened before.

3


36/159

The term Service Request is used as a generic description for many varyingtypes of demands that are placed upon the IT Department by the Users.

Many of these are actually small changes low risk, frequently occurring andlow cost (such as a request to reset a password or install additional software).

Their scale and frequency and low risk nature means that they are betterhandled by a separate process, rather than being allowed to congest andobstruct the normal Incident & Change Management processes.

3


37/159 3


38/159 3


39/159 3


40/159

Access Management provides the rights for Users to access Services,executing policies defined in Availability & Security Management.

Access to the level and extent of a Services functionality or data that a Useris entitled to

Identity of Users that distinguishes them as an individual, which verifies theirstatus within the Organisation

Rights (also called privileges) of the actual settings through which a User isprovided access to a Service or group of Services (read, write, execute,

change & delete)

Directory Services of a specific type of tool that is used to manage Access &Rights

4


41/159 4


42/159 4


43/159

The KEY aspect of a Local Service Desk is that the users/customers and theService Desk are in one location. Typically support groups will also be co-located but this is not always the case. This co-location can be seen as both abenefit and a problem.

4


44/159 4


45/159

Understanding of the concepts of role, aim & overlap is important for theFoundation Examination.

Technical Management supports the Organisations Business Processesthrough:

well designed & highly resilient technological topology

the use of technical skill to optimise technology

swift diagnosis & resolution of technical failures

4


46/159

Understanding of the concepts of role, objectives & overlaps is important forthe Foundation Examination.

IT Operations Management divides into two main areas IT Operations

Control & Facilities Management.

IT Operations Control oversees the execution and monitoring of theoperational activities and events in the IT Infrastructure typically with theassistance of an Operations Bridge or Network Operations Centre.

They are tasked with performing the activities of console management, jobscheduling, backup & restore, print & output management and ongoingmaintenance activities on behalf of technical/application teams.

Facilities Management manage the physical IT environment, such as a datacentre or computer room & recovery sites together with all power and coolingequipment. In some cases the management of a data centre is outsourced, insuch cases FM refers to the management of the outsourcing contract.

IT Operations Management is responsible for executing the activities andperformance standards defined during Service Design and tested duringService Transition.

4


47/159

Understanding of the concepts of role, objectives & overlaps is important forthe Foundation Examination.

Application Management plays a role in all applications, whether purchased ordeveloped in-house. One of the key decisions that they contribute to is thedecision of

Application Management operates in two ways:

- acting as a custodian of technical knowledge and expertise related tomanaging applications

and

- providing the resource to support the IT Service Management

Lifecycle

This ensures that the organisation has access to the right type and level ofhuman resources to manage applications and thus to meet Businessobjectives.

This starts in Service Strategy, is expanded in Service Design, tested inService Transition and refined in Continual Service Improvement.

4


48/159 4


49/159 4


50/159


51/159


52/159 5


53/159 5


54/159 5


55/159 5


56/159 5


57/159 5


58/159 5


59/159 5


60/159 6


61/159

Consistent, ongoing improvement sits at the core of CSI thinking but how dowe achieve this ?

The Deming Cycle is critical at the implementation of Service improvementsdrawing on all four stages (Plan, Do, Check & Act).

With ongoing improvements, CSI utilises the Check & Act stages to monitor,measure, review and implement initiatives.

The cycle is underpinned by a process-led approach to management wheredefined processes are in place, the activities are measured for compliance to

expected values and outputs are audited to validate and improve the process.

6


62/159

What is the Vision ?

- identifying the Whats In It For Me (WIIFM) and selling the improvement to thestakeholders and establishing the mutually agreed desire & intent (including when &where to start)

Where are we now ?

- establishing a baseline across the 4 Ps (People, Process, Partners, Product) andbenchmarking against standards (such as ISO20000)

Where do we want to be ?

- undertaking the Gap Assessment, developing the Business Case and setting theshort, medium, long term goals & objectives

How do we get there ?

- identifying how are the changes going to be achieved, defining the scope and Termsof Reference (TOR) for the project along with project plan (including the critical path,milestones, specific deliverables)

How do we know we have arrived ?

- using metrics and conducting a Post Implementation Review (PIR)

How do we stay there ?

- applying the CSI principles through on-going review & audit

6


63/159

There are four reasons to monitor & measure:

to validate previous decisions

to set direction for activities in order to meet set

targets to justify the requirement for a course of actionusing appropriate evidence

to identify the suitable point of intervention alongwith the required changes & corrective actions

When measuring we should take baselines

Baselines act as an initial data point to determine if a Serviceor process actually needs to be improved. For this reason it isessential to collect data at the outset, even if the integrity ofthe data is in question. They should be documented,recognised & accepted throughout the Organisation.

6


64/159

An Organisation will need to collect to metrics regarding Technology, Process &Service in order to support CSI activities.

There are three types of metrics that an organisation will need to collect to support

CSI activities:

Technology Metrics such as the performance and availability of components andapplications etc.

Process Metricscaptured in the form of Critical Success Factors (CSFs) andtheir related Key Performance Indicators (KPIs)

Service Metrics the results of the end-to-end Service (usually based oncomponent metrics)

Knowledge Management (KM) uses the KPI metrics to track trends, productivity,

resources and much more.

KPIs provide answers to the questions around quality, performance, value &compliance.

CSI uses these metrics as input in identifying improvement opportunities for eachprocess.

To be effective, metrics & measurement should encompass the whole organisation(the strategic as well as tactical level).

6


65/159

The role of a process owner and process manager may be separate orcombined. The process manager will often be in charge of actually running theprocess on a day to day basis. The process owner does NOT do this job.

6


66/159 6


67/159


68/159


69/159


70/159


71/159 7


72/159 7


73/159 7


74/159 7


75/159

This achieved using three KEY types of Service Provider which representan organisation supplying services to one or more Customers.

There are three types of Service Provider:

Internal - embedded within a Business function, provides specialised ITServices (a team managed by and developing applications for just onebusiness function)

Shared Service Unit (SSU) - provides Services to Business Units asCustomers (a Service Desk supporting the whole organisation)

External - 3rdParty Supplier providing IT Services (an outsourcer)

7


76/159

The Service Portfolio covers all services - whether in development, live orretired.

The Service Catalogue deals with live and retired services and the ServicePipeline deals with services in development.

7


77/159

The Business Service Catalogue: containing details of all the IT servicesdelivered to the customer, together with relationships to the business units andthe business process that rely on the IT services. This is the customer view ofthe Service Catalogue.

The Technical Service Catalogue: containing details of all the IT servicesdelivered to the customer, together with relationships to the supportingservices, shared services, components and CIs necessary to support theprovision of the service to the business. This should underpin the BusinessService Catalogue and not form part of the customer view.

7


78/159 7


79/159 7


80/159 8


81/159 8


82/159 8


83/159 8


84/159 8


85/159

A User Profile is a pattern of User demand for IT Services. Each User Profileincludes one or more Patterns of Business Activity. In other words, if you canpredict how users will use services, you an predict the associatedinfrastructure needs.

8


86/159 8


87/159 8


88/159 8


89/159 8


90/159 9


91/159 9


92/159


93/159


94/159


95/159


96/159 9


97/159 9


98/159 9


99/159 9


100/159 10


101/159 10


102/159 10


103/159

Many designs, plans and projects fail through a lack of preparation andmanagement. The implementation of ITIL Service Management as a practiceis about preparing and planning the effective and efficient use of the 4Ps.

The 4Ps represents the infrastructure required to deliver services to the

Business.

10


104/159

Designing the service solutions includes understanding and agreeing the Business

functional requirements including the capabilities needed and all the resourcesrequired. Every time a new service solution is produced it needs to be checked toensure that it will integrate and interface with all of the other services in existence.

Service Management systems & tools like the Service Portfolio are essential for themanagement and control of services through their lifecycle.

The design of the technology & management architectures represents thedevelopment and maintenance of IT policies, strategies, architectures, designs,documents, plan and processes for the deployment and subsequent operation andimprovement of IT services and solutions.

Only measurements that encourage progression towards meeting business objectivesor desired behavioural change should be selected but if you cant measure it, then

you cant manage it.

Services and the processes behind them should be fit for purpose so our metrics

must be created to measure the quality of the solutions against the Business

requirements in terms of Progress, Effectiveness, Efficiency & Compliance.

10


105/159 10


106/159 10


107/159 10


108/159

The generic process shows data entering the process (INPUTS), movingthrough the process (PROCESSING), and exiting the process (OUPUTS), theoutcome being subject to measurement & review.

This very basic description underpins any process description. A process isalways organised around a set of objectives.

The main output from the process should be driven by the objectives andshould always include process measurements (metrics), reports & processimprovement.

For Example:

The objectives of a Change Management process may be to make a changewhich solves a problem, within time & cost constraints.

Each process should be owned by a process owner who should beresponsible for the process and its improvement and for ensuring that aprocess meets its objectives. The objectives of any IT process should bedefined in measurable terms and should be expressed in terms of businessbenefits.

10


109/159 10


110/159 11


111/159

The key objective of the Service Catalogue Management process is To ensurethat a Service Catalogue is produced and maintained, containing accurateinformation on all operational services and those being prepared to be runoperationally.

1


112/159 11


113/159 11


114/159 11


115/159 11


116/159 11


117/159 11


118/159 11


119/159

Business Capacity Management

This sub-process translates business needs and plans into requirements forservice and IT infrastructure, ensuring that the future business requirements

for IT services are quantified, designed, planned and implemented in a timelyfashion.

Service Capacity Management

The focus of this sub-process is the management, control and prediction of theend-to-end performance and capacity of the live, operational IT services usageand workloads. It ensures that the performance of all services, as detailed inservice targets within SLA's and SLR's, is monitored and measured, and thatthe collected data is recorded, analysed and reported.

Component Capacity Management

The main objective of Component Capacity Management (CCM) is to identifyand understand the performance, capacity and utilisation of each of theindividual components within the technology used to support the IT services.This ensures the optimum use of the current hardware and software resourcesin order to achieve and maintain the agreed Service Levels.

11


120/159 12


121/159 12


122/159 12


123/159

Availability: Often measured and reported as a percentage:

(Agreed Service Time (AST) downtime)

Availability (%) = ---------------------- X 100 %Agreed Service Time (AST)

Note:

Downtime should only be included in the above calculation when it occurs within theAgreed Service Time (AST). However, total downtime should also be recorded andreported.

Reliability:

the reliability of the service can be improved by increasing the reliability of individualcomponents or by increasing the resilience of the service to individual componentfailure (i.e. increasing the component redundancy, e.g. by using load-balancingtechniques). It is often measured and reported as Mean Time Between ServiceIncidents (MTBSI) or Mean Time Between Failures (MTBF)

Maintainability:

a measure of how quickly and effectively a service, component or CI can be restoredto normal working after a failure. It is measured and reported as Mean Time toRestore Service (MTRS)

12


124/159 12


125/159 12


126/159 12


127/159 12


128/159 12


129/159

Produce a clear Statement of Requirements (SoR) that identifies the BusinessRequirements together with the mandatory facilities and those features that itwould be nice to have.

Also identify the site policies & standards to which the product must conform.

Such standards may include it running under particular system software or onspecific hardware.

12


130/159 13


131/159 1


132/159 1


133/159 13


134/159 13


135/159 13


136/159 13


137/159 13


138/159 13


139/159 13


140/159 14


141/159 14


142/159

Configuration Baseline is defined as A Baseline of a Configuration that has been

formally agreed and is managed through the Change Management process. A

Configuration Baseline is used as a basis for future Builds, Releases and Changes.

14


143/159

Often, data and information is collected with no clear understanding of how it will beused and this can be costly.

Efficiency and effectiveness are delivered by establishing the requirements forinformation. In order to make effective use of data, in terms of delivering the requiredknowledge, a relevant architecture matched to the organisational situation and theknowledge requirements is essential.

The CMS typically contains configuration data and information that combines into anintegrated set of views for different stakeholders through the Service Lifecycle. Ittherefore needs to be based upon appropriate web, reporting and databasetechnologies that provide flexible and powerful visualisation and mapping tools,interrogation and reporting facilities.

Automated processes to load and update the Configuration Management databaseshould be developed where possible so as to reduce errors and optimise costs.

Discovery tools, inventory and audit tools, enterprise systems and networkmanagement tools can be interfaced to the CMS. These tools can be used initially topopulate a CMDB and subsequently to compare the actual Live configuration with

the information and records stored in the CMS.

14


144/159

High-level activities for SACM are shown in the diagram.

Typical roles to achieve effective and efficient SACM include:

Service Asset Manager to design & maintain the Asset ManagementSystems and to implement Service Asset Management Policy & Standards

Service Knowledge Manager to design & maintains the KnowledgeManagement Strategy, Process & Procedures

Configuration Manager to design & maintains the Configuration ManagementSystem, to agree the scope of the process, identify naming conventions, etc.

Configuration Analyst to create processes & procedures and provide training

Configuration Librarianto control receipt, identification & storage of CI andmaster copies of software

CMS Tools Administrator to amend the database to suit BusinessRequirements and undertake regular housekeeping

14


145/159

Service Change is defined as The addition, modification or removal of anythingthat could have an effect on IT Services. The Scope should include all IT Services,

Configuration Items, Processes, Documentation, etc.

14


146/159

Where do changes come from? There are a number of possible areas...newservice and amendments from the Service Portfolio, Service Desk, ServiceLevel Management and the users. System enhancements from serviceprovider staff can be added to many break/ fix types changes coming fromareas such as Problem Management, Incident Management.

14


147/159 14


148/159

The above questions must be answered for all changes.

Without this information, the impact assessment cannot be completed, and thebalance of risk and benefit to the live service will not be understood.

Responsibility for evaluating major Change should be also be defined.

Final responsibility for the IT service including Changes to it will rest withthe Service Manager and the Service Owner who control the funding availableand will have been involved in the change process through direct or delegatedmembership of the Change Advisory Board (CAB).

The latest versions of these documents will be available to stakeholders withinthe organisation, preferably contained within a commonly available Internet orintranet server. This can usefully be reinforced with a proactive awareness

programme where specific impact can be detected.

14


149/159

The Change Advisory Board (CAB) is defined as A group of people thatadvises the Change Manager in the Assessment, prioritisation and schedulingof Changes. This board is usually made up of representatives from all areaswithin the IT Service Provider, the Business, and Third Parties such asSuppliers.

The Emergency Change Advisory Board (ECAB) is defined as A sub-set ofthe Change Advisory Board who make decisions about high impactEmergency Changes. Membership of the ECAB may be decided at the time ameeting is called, and depends on the nature of the Emergency Change.

Remediation is defined as Recovery to a known state after a failed Change or

Release. This gives rise to the term Remediation Planning. This ensuresthat contingency exists in case of a failed change. This might be as simple asreverting to a previous software version or to a known state after a majorinfrastructure change where reversion may not be possible.

14


150/159 15


151/159

The Definitive Media Library (DML) is the secure library in which the definitiveauthorised versions of all media CIs are stored and protected.

It may consist of one or more software libraries or file-storage areas, separate fromdevelopment, test or live file-store areas and contains the master copies of allcontrolled software in an Organisation.

The DML should include definitive copies of purchased software (along with licencedocuments or information), as well as software developed on site.

Master copies of controlled documentation for a system are also stored in the DML inelectronic form.The DML will also include a physical store to hold master copies (e.g. a fireproofsafe).

Only authorised media should be accepted into the DML, strictly controlled bySA&CM.

Definitive SparesThese spare components & assemblies are maintained at the same level as thecomparative systems within the Live environment.

Details of these components, their locations and their respective builds and contentsshould be comprehensively recorded in the CMS.

These can then be used in a controlled manner when needed for additional systemsor in the recovery from Incidents

15


152/159


153/159

Handover to operations and early life support

15


154/159 15


155/159 15


156/159 1


157/159 15


158/159 1


159/159

ITILv3 Foundation Manual

Documents

Transcript of ITILv3 Foundation Manual