ITIL Slides
Short Description
seed...
Description
10-02-2015
ITIL ® 2011 – FOUNDATION COURSE NIRAJ BHATT
Corporate Trainer, Professional Speaker & Management Consultant
Participant’s Introduction Name Professional Experience Current Role What you know about ITIL
1
10-02-2015
Course Overview Introduction Service Management – Common Terminologies Service Strategy Service Design Service Transition Service Operation Continual Service Improvement Technology and Architecture
INTRODUCTION
ITIL ® 2011
Foundation Course
2
10-02-2015
History 1980: Industries stared using IT as Services
1980: CCTA in UK to study best practices 1989: First Version V1 – 61 books 1999: Second Version V2 – 7 books - Focus on Service Support and Service Delivery 2001: CCTA merged with OGC 2007: Third Version V3 – Major Structural changes 2011: Forth version ITIL©2011 with additional processes
What is ITIL? ITIL is a framework - of best practice techniques - to facilitate the delivery of high-quality IT Services
ITIL outlines - An exhaustive set of Management Procedures - to support organizations in achieving both - Value and Quality in IT Operations
ITIL provides a systematic approach - To the provisioning and management of IT Services - From inception to design, transition, operation & CI
3
10-02-2015
ITIL Philosophy Capture industry best practice
Organization should adopt and adapt No standards! - Set of guidelines used by organizations worldwide - Scalable to any size of organization and platform independent - No organization has to go for certification for ITIL - ISO/IEC 20000 provides a formal and universal standards for organization seeking to have their service management capabilities audited and certified - ITIL offers a body of knowledge useful to achieve the standard
Why ITIL? Organizations’ dependency on IT service is increasing Higher visibility of failure More exacting users requirements Increased complexity of the infrastructure Changing for IT services Competition for Customers
4
10-02-2015
ITIL Objectives Reduce Cost
Improve Availability Tune Capacity Increase Throughput Optimize resource Utilization Improve Scalability
Alignment of Business & IT Organization Objective - Revenue generation $$$, Brand & Reputation, New Markets
Core Business Processes - Retail, Advertisement & MKT, Procurement, Online Stores
IT Service Organization - Website, Email, Online Store, HW, SW, ERP etc.
IT Service Management - Ensures that IT Service Provisions are as per what is needed, available when needed and are with right cost and time
5
10-02-2015
IT Service Management (ITSM) What? - The effective and efficient, process driven management of quality IT Services
What is the value add? - ITSM is business aligned and has a holistic Service Lifecycle approach
Service Management is a set of specialized organizational capabilities for providing values in the form of services
Attributes of Service Management
6
10-02-2015
ITIL V3/2011 Core
COMMON TERMINOLOGIES
ITIL ® 2011
Foundation Course
7
10-02-2015
Fundamental Understanding IT Service Management
IT Infrastructure Capabilities Processes Functions Best Practices Good Practices Role & RACI Model
IT Infrastructure Hardware Components - Desktops, Servers, Networks, I/O Devices etc.
Software Components - OS, DB, Mail, App’s, Tools etc.
Service Level Agreements Technical / User Documents Reports - Availability, Capacity, Performance etc.
Staff - Roles, Responsibilities, Skills etc.
8
10-02-2015
Service Management Overview Service Management is a set of specialized organizational capabilities which take the form of: - Processes - Function - Roles
The core of service management is the act of transforming resources into valuable services, providing value to its customers in the form of services These organizational capabilities are functions and processes for managing services throughout lifecycle
Processes Process is a structured set of activities designed to accomplish a specific objective Takes one or more inputs and tern them into defined outputs It includes all of the - Roles & responsibilities - Tools - Management Control
that are required to deliver the outputs reliably
9
10-02-2015
Processes Process are closed-loop systems - Provide change and transformation towards a goal - Use feedback for self-reinforcing and self-corrective action Processes become strategic assets when they create competitive advantage and market differentiation
Process Characteristics Measurable - Process is performance driven and measurable on the aspect of cost effectiveness, cycle time and productivity
Specific Results - Delivers specific, individually identifiable & countable result
Customer - Delivers its primary result to a customer/stakeholder
Respond to specific events - It should be traceable to a specific trigger
10
10-02-2015
Process Elements
Measurements IF YOU CAN’S MEASURE IT, YOU CAN’T MANAGE IT To manage and control the process to get desire outcome they need to be monitored and measured Care must be taken on what to measure and how Measurement will impact behavior – so if you measure wrong parameter or record correct parameter wrong, it would result into wrong behavior Only the metrics that encourage movement towards business objective should be used
11
10-02-2015
Metrics Types Progress - Milestones and deliverables in the capability of the process
Compliance - Compliance of the process to governance requirements, regulatory requirements and compliance of people to the use of the process
Effectiveness - The accuracy and correctness of the process and its ability to deliver the ‘right-result’
Efficiency - Productivity, speed, throughput & resource utilization
The Process Model A process model enables understanding and helps to articulate the distinctive features of a process Process control can be defined as the activity of planning and regulating a process, with the objective of performing a process in an effective, efficient and consistent manner Processes should be defined, documented and controlled. After they are under control, they can be repeated and they become manageable
Degree of control over processes can be defined. Then process measurement and metrics can be built in to the process to control and improve the process
12
10-02-2015
Process – Example Goal - Bake a Cake
Input - Ingredients like Milk, Sugar, Chocolate, Eggs, Flour etc.
Activity or Interrelated Activities - Mixing ingredients, pre-heat the oven, back, decorate
Measurement - How much, how long, what temperature etc.
Guidelines / Norms - Recipe Guidelines
Output !!! CAKE !!!
Functions Functions are units of organizations - Specialized to perform certain type of work - Responsible for specific outcomes
Functions are: - Self contained entries - Provide structure to the organization - Define roles and associate responsibility - Leads to specialization and optimization
13
10-02-2015
Best Practice Best Practice is a set of guidelines based on the best experiences of the most qualified and experienced professionals in the particular field Best Practice is based on: - More than one person - More than one organization - More than one technology - More than one event
Why Best Practice It provides a starting point It presents guidelines, not regulations It promotes internal direction It is generic It builds a basis for professionalism
14
10-02-2015
Good Practices Good practices: Practices that are widely used in industry by companies getting good results Reason to adopt good practices: - Dynamic environments - Performance Pressure
Benefits: They help organizations benchmark themselves against peers in the same and global markets to close gaps in capabilities Sources: Public frameworks, standards, proprietary knowledge of individuals and organizations, community practices etc.
Service Service is: - A means of delivering value to customer by - Facilitating outcomes customers want to achieve - Without the ownership of specific costs and risks
Service can be made up of hardware, software and communication components, but is perceived as a selfcontained, coherent activity
15
10-02-2015
Service & Customer Satisfaction Product: - The satisfaction comes after usage
Service: - The satisfaction happens while it is being consumed
Process Owner Vs. Service Owner Process Owner: - A process owner is responsible for ensuring that the process is fit for the desired purpose and is - Accountable for the output of that process
Service Owner: - A service owner is accountable for the delivery of specific IT Service and - Responsible for continual improvement and management of change effecting services under their care
16
10-02-2015
Service Owner Acts as a primary customer contact for all service related enquiries and issues Ensure that ongoing service delivery meet agreed customer requirements Identify opportunities for service improvement and take actions Liaise with required process owners throughout the service management life cycle Accountable for the delivery of the service
Process Owner Defines the process strategy Assist in the process design Ensures that the process document is available and updated Define policies and standards to be employed through out the process Audit the process to ensure compliance to policy and standard Review the process strategy and change it if required Provide process resource
17
10-02-2015
Role A set of responsibilities, activities and authorities granted to a person or team One person or team may have multiple roles
RACI Model Responsible (the “Doer”) - The individual(s) who actually completes the task
Accountable (the “Manager”) - The individual who is ultimately responsible - Only 1 person can be accountable for each task - Yes or No authority and veto power
Consulted (the “Gyannis”) - The individual(s) to be consulted prior to final decision or action - Involvement through input of knowledge
Informed (the “Keep in loop” types) - The individual(s) who needs to be informed after decision or action is taken
18
10-02-2015
SERVICE STRATEGY
ITIL ® 2011
Foundation Course
Service Strategy 1. Service Portfolio Mgt 2. Finance Management 3. Demand Management
19
10-02-2015
What is Strategic? How services provide differentiated Value
Being lower-cost provider is not sufficient You also should give strategic advantage
Goals and Objectives of SS Goal is to help service providers to: - Operate and grow successfully in the long-term - Provide the ability to think and act in a strategic manner
Objectives are: - To provide direction for - Growth - Prioritizing investments and - Defining outcomes
- Against which the effectiveness of service management may be measured - To influence organizational attitudes and culture towards the creation of value for customers through services - To ensure effective communication, coordination and control among various parts of a service organization
20
10-02-2015
Business Values of SS Sets clear direction for everyone for quicker decision making thereby improving business efficiency Helps service organization to prioritize investments to get planned returns Helps building strategic assets which add value to business Guides entire SD, ST & SO in a coherent manner for effective service operations
Service Provider and Types Service Provider: - An organization supplying services to one or more Internal or External Customers
Types of business models or service providers - Type I – Internal Service Provider - Type II – Shared Services Unit - Type III – External Service Provider
21
10-02-2015
Different sourcing approaches In sourcing: Utilizing internal resources
Co-sourcing: Often a combination of in & out sourcing Partnership: Strategic partnership Outsourcing: Utilizing external organization resources - Business Process Outsourcing (BPO): Entire business process or function is outsourced - Application Service Provision (ASP): Application on demand - Knowledge Process Outsourcing (KPO): Domain-based processes and business expertise
Business Case Business case is a decision support and planning tool that projects the likely consequences of business action. A financial analysis is frequently at the central of a good business case
22
10-02-2015
Business Case
Risk
23
10-02-2015
Risk Risk is defined as uncertainty of outcome, whether positive opportunity or negative threat Managing to risk requires the identification and control of the exposure to risk, which may have an impact on the achievement of an organization’s business objectives.
Service Strategy - Overview What services should be offered and to whom? How the internal and external market places for these services should be developed What you do and how you do, will it differentiate you from the existing and potential competition in these market places? How the customer(s) and stakeholders will perceive the measure value, and how this value will be created?
24
10-02-2015
Service Strategy - Overview How customer will make service sourcing decisions with respect to use of different types of service providers How visibility and control over value creation will be achieved through financial management? How the robust business case will be created to secure strategic investment in service assets and service management capabilities How the allocation of available resources will be tuned to optimal effect? How service performance will be measured?
The Key Principle = Value
25
10-02-2015
Service Assets used for value creation
Key Processes in SS Strategic Management of IT Services Service Portfolio Management Demand Management Business Relationship Management
26
10-02-2015
Strategy Management of IT Services Objective: - To access the service provider’s offerings, capabilities, competitors and well as current and potential market places in order to develop a strategy to serve customers - Once the strategy has been defined, Strategy Management for IT Services is also responsible for ensuring the implementation of the strategy
Service Portfolio The Service Portfolio is the complete set of services that is managed by a Service Provider Manages the entire Lifecycle of all services and includes three categories: - Service Pipeline (Proposed on in development) - Service Catalog (Live or available for development) - Retired Services
Acts as the basis of a decision framework because it allows the management to compare and contrast various ideas so that the most viable and valuable can be further developed as a service
27
10-02-2015
Service Portfolio Designed in SD but owned and managed in SS
Focuses on: - Why should the customer buy these services - Why should they buy these services from you - What are the pricing and chargeback models - What are my strength, weaknesses, priorities and risks - How should my resources and capabilities are allocated
Service Portfolio
28
10-02-2015
SPM – Goals Goal - To manage Service Portfolio by considering services in terms of the business value they provide
Objective: - Define: Inventory services, ensure business case and validate portfolio data - Analyze: maximize portfolio value, align and prioritize and balance supply vs. demand - Approve: finalize process portfolio,
SPM – Objective Define: - Ensure Business Case & Validate Portfolio Data
Analyze: - Maximize Portfolio Value - Align & prioritize and balance supply vs. demand
Approve: - Finalize process portfolio - Authorize services & resources
Charter: - Communicate decision - Allocate resources and charter services
29
10-02-2015
Demand Management – Goal Goal - Understand and influence Customer demand for Services and provide capacity to meet these demands
Please note: - At a Strategic level Demand Management can involve analysis of Patterns of Business Activity and User Profiles - At a Tactical level it can involve use of Differential Charging to encourage Customers to use IT services at less busy times - It is very closely linked to capacity management
Demand Management – Concept Consumption produce demands and production consumes demand in highly synchronized pattern. Unlike products, services can not be produced in advance and stocked ready for consumption
30
10-02-2015
Service Strategy Processes - DM Business Processes are the primary source of demand for services. Patterns of business activity influences the demand pattern seen by service providers Where there is capacity plan in place, this increase in demand will have been foreseen, and so created for when planning the services Different users and business units will have different requirements on the services. Part of the role of Demand Management is to understand these patterns and profiles Once these patterns have been understood, different Service Level Packages (SLPs) can be compiled to meet the different needs of each users
Understanding SLP
31
10-02-2015
Finance Management Important Concepts: - Budgeting – Total budget after planning - Accounting – Actual expense tracking and its accounting - Reporting – Providing reports and P&L to top authorities - Charging
Business Relationship Management Goal - Establish a strong business relationship with the customer by understanding the customers business and their customer’s outcomes
Objective - The process is responsible for maintaining a positive relationship with the customer, identify customer needs, ensure that the service provider is able to meet these needs with an appropriate catalogue of services
32
10-02-2015
SS – Key Roles and Responsibility Business Relationship Manager (BRM) - Establish a strong business relationship with the customer by understanding the customers business and their customer’s outcomes. BRM works closely with the Product Managers to negotiate productive capacity on behalf of customers
Product Manager (PM) - Takes responsibility for developing and managing services across the life-cycle, and have responsibilities for productive capacity, service pipeline and the services, solutions and packages that are presented in the service catalogues
SS – Key Roles and Responsibility Chief Sourcing Officer (CSO) - Is a champion of the sourcing strategy within the organization, responsible for leading and directing the sourcing office and development of the sourcing strategy in close conjunction with the CIO
33
10-02-2015
SS – Roles Director of Service Management
Contract Manager Product Manager Process Owner Business Representative
SERVICE DESIGN
ITIL ® 2011
Foundation Course
34
10-02-2015
Service Design 1. 2. 3. 4. 5. 6. 7.
Service Catalogue Mgt Service Level Mgt Capacity Mgt Availability Mgt Service Continuity Mgt Information Security Mgt Supplier Mgt
Service Design Objective: - Design services to satisfy business objectives, based on the quality, compliance, risk and security requirements - Delivering more effective and efficient IT Services - Coordinating all design activities for IT services to ensure consistency and business focus
35
10-02-2015
The 4Ps of Design People: - People, skills and competencies involved in provisioning of IT services
Product / Technology: - The technology and management system used in the delivery of IT services
Processes: - The processes, roles and activities involved in the provision of IT services
Partner / Supplier: - The vendors, manufacturers and suppliers used to assist and support IT service provision
Five major areas of Service Design Design of: - New or changed service – A Solution - Service Management systems and tools, especially the Service Portfolio, including the Service Catalogue - Technology Architecture - The Processes required – How do you operate & improve? - Measurement methods and metrics
36
10-02-2015
Service Design Package Service Design Package (SDP) is a document defining all aspects of an IT service and its requirement through each stage of its lifecycle SDP is produced for each new IT Service, Major change or IT Service Requirement
Service Level Management – Goals The goal is to ensure: - An agreed level of IT service is provided for all current IT Services - Future services are delivered to agreed achievable targets - Proactive measures are taken to seek and implement improvements to the level of service delivered
37
10-02-2015
Service Level Management – Basic Concepts SLA – Service Level Agreement
OLA – Operational Level Agreement UC – Underpinning Contract SLR – Service Level Requirements SLAM Chart – SLA Monitoring Chart - RAG / Red Amber Green Chart
Service Level Agreement An agreement between an IT Service Provider and a Customer The SLA describes the IT service, documents Service Level Targets, and specifies the responsibilities of the IT Service Providers and the Customer Single SLA can cover multiple services or multiple customers
38
10-02-2015
Operational Level Agreement An agreement between an IT Service Provider and another part of the same Organization An OLA supports the IT Service Provider’s delivery of IT Services to Customer OLA defines the goods or services to be provided along with the responsibilities of both parties Examples - Service Provider, Procurement Dept. to obtain HW on time - Service Desk, Support Team for incident resolution on time
Underpinning Contract Contract between an IT Service Provider and a Third Party Provider The Third Party Providers gives goods or services that support delivery of an IT service to a Customer Define targets and responsibilities that are required to meet agreed Service Level Targets committed in SLA
Enforceable at LAW
39
10-02-2015
Service Level Management – Objective The objectives are: - Define, document, agree, monitor, measure, report and review the level of IT services provided - Provide and improve the relationship and communication with the business and customers - Ensure that specific and measurable targets are developed for all IT services - Monitor and improve customer satisfaction with the quality of service delivered - Ensure that IT and the customers have a clear and unambiguous expectation of the level of service to be delivered - Ensure that proactive measures to improve the levels of service delivered are implemented wherever it is cost-justifiable to do so
Service Level Management – Definitions Service Catalogue (SC) - List of all IT services provided which can come into scope for SLAs. Also lists users of the service and their maintainers
Service Level Requirement (SLR) - List of all customer requirements for the service
Service Improvement Program (SIP) - Management can instigate a SIP to identify and implement what ever actions are necessary to overcome any difficulties and restore service quality
40
10-02-2015
SLA – Framework Service-based SLA - This is where an SLA covers one service, for all customers of that service - Example: An SLA may be established for an organization’s Premium Internet Service covering all the customers of that service - This is more common where common levels of service are provided across all areas of the business, such as e-mail or telephony, the service-based SLA can be an efficient approach to use
SLA – Framework Customer-based SLA - This is an agreement with an individual customer group, covering all the services they use - Example: Agreement with the finance department to maintain the finance system, the accounting system, they payroll system, the procurement system or any other IT systems that they use - Customer always prefer such type of agreements, as all of their requirements are covered in a single document - Single Document which simplifies the issue
41
10-02-2015
SLA – Framework Multi-level SLAs - SLA at the multiple layers of the organization - Corporate Level – Covering all the generic SLM issues appropriate to every customer throughout the organization. These issues are likely to be less volatile, so updates are less frequently required - Customer Level – covering all SLM issues relevant to the particular customer group or business unit, regardless of the service being used - Service Level – covering all SLM issues relevant to specific service, in relation to a specific customer group
SLAM Chart / RAG Chart
42
10-02-2015
SLAM Chart / RAG Chart
Service Level Management – KPIs Percentage reduction in ‘SLA targets missed’ Percentage reduction in ‘SLA targets threatened’ Percentage increase in customer perception and satisfaction of SLA achievements, via service reviews and Customer Satisfaction Survey responses Percentage reduction in SLA breaches caused because of third-party support contracts (unpinning contracts) & internal Operational Level Agreements (OLA)
43
10-02-2015
Service Level Management – Challenges Identifying suitable customer representatives with whom to negotiate A lack of accurate input, involvement and commitment from the business and customers The tools and resources required to agree, document, monitor, report and review agreements and service levels The process becomes a bureaucratic, administrative process rather than an active and proactive process delivering measurable benefit to the business
Activities Determine, document and agree requirements for new services and produce the SLRs Monitor Service Performance against SLA Collate, Measure and Improve Customer Satisfaction Provide Service Reports Conduct Service Reviews and Instigate improvements within an overall SIP Review and revise SLA’s, underpinning agreements
service
scope
and
44
10-02-2015
Service Catalog Management The Goal is to ensure: - That a Service Catalogue is produced and maintained - It contains accurate information on all operational and planned services
The Objectives are: - Manage the information contained within the Service Catalogue - Ensure accuracy in current details, status, interfaces and dependencies for all services in scope (Scope: All services that are being transitioned or have been transitioned)
Catalog Manager’s Activities Ensuring that all operational services and all services being prepared for operational running are recorded within the Service Catalogue Ensuring that all the information within the Service Catalogue is accurate and up-to-date Ensuring that all the information within the Service catalogue is consistent with the information within the Service Portfolio Ensuring that the information within the Service Catalogue is adequately protected and backed up
45
10-02-2015
Service Catalog – Business & Technical
Service Catalog Business Service Catalogue: - Details of all the IT services from customers perspective - Relationships to the BU and Business Processes - Customer’s view of the Service Catalogue
Technical Service Catalogue: - Details of all the IT services from IT perspective - Relationships to the supporting services
46
10-02-2015
Capacity Management – Goal & Scope Goal is to ensure that: - Cost-justifiable IT Capacity is matched to the current and future agreed needs of the business in a timely manner
Scope: - IT Services - IT Components - Resources
Capacity Management – Objectives Produce and maintain an appropriate and up-to-date Capacity Plan, which reflects the current and future needs of the business Provide advice and guidance to all other areas of the business and IT on all capacity and performance related issues
Ensure that service performance achievements meet or exceed all of their agreed performance targets, by managing the performance and capacity of both services and resources
47
10-02-2015
Capacity Management – Objectives Assist with the diagnosis and resolution of performance and capacity related incidents and problems Assess the impact of all changes to the Capacity Plan and the performance and capacity of all services and resources Ensure that proactive measures to improve the performance of services are implemented wherever it is cost-justifiable to do so
Capacity Management – Concept Balancing costs against resources need Balancing supply against demand Sub-processes - Business Capacity Management - Service Capacity Management - Component Capacity Management
Modeling
Demand Management Application Sizing
48
10-02-2015
Business Capacity Management Translates business needs an plans into - Requirement of IT Service - IT Infrastructure
And ensure that future business requirements - Quantified - Designed, Planned and Implemented in timely manner
Service Capacity Management Focuses on - Management, control and the prediction of the end-to-end performance and capacity of the live, operational IT services usage and workload
And ensure that performance of all services - is monitored and measures as defined in SLAs and SLRs - Data is collected, recorded, analyzed and reported
49
10-02-2015
Component Capacity Management Focuses on - Management, control and the prediction of the performance, utilization and capacity of individual IT Technology Component
And ensure that all components with finite resources - Are monitored and measured - Data is collected, recorded, analyzed and reported
Capacity Management - Responsibilities For IT Services and IT Components - Ensuring adequate IT capacity to meet required levels of services - Identifying capacity requirements of business - Understanding current usage profile and the maximum capacity - Sizing all proposed new services and systems to ascertain capacity requirements
50
10-02-2015
Capacity Management Process
What is Availability Availability of Configuration Item or IT Service to perform its agreed function when required Note: - Availability is determined by Reliability, Resilience, Maintainability, Serviceability, Performance and Security - Availability is usually calculated as a percentage. This calculation is often based on Agreed Service Time and Downtime - It is good practice to calculate availability using measurements of the Business output of the IT Service
51
10-02-2015
Some Definitions Reliability: - A measure of how long a service, component or CI can perform its agreed function without interruption
Resilience: - Refers to the ability of an IT service or component to remain functional when one or more components are failed
Maintainability: - A measure of how quickly and effectively a service, a component or a CI can be restored to normal working after a failure
Serviceability: - The ability of a third party supplier to meet the terms of their contracts
Availability Management – Objectives Produce and maintain Availability Plan reflecting current and future needs Provide advice and guidance on all availability-related issues Ensure availability achievement meets agreed targets Assist with the diagnosis and resolution of availability related incidents and problems
Assess impact of changes on Availability Plan Ensure proactive and cost-effective measures to improve the availability
52
10-02-2015
Availability Management – Activities Ensuring that all existing services deliver the levels of availability agreed with the business in SLAs Ensuring that all new services are designed to deliver the levels of availability required by the business and validation of the final design to meet the minimum levels of availability as agreed by the business for IT services Assisting with the investigation and diagnosis of all incidents and problems that causes availability issues or unavailability of service or component Participating in IT infrastructure design, including specifying the availability requirements for hardware and software
IT Service Continuity Management Goal is to: - Support the overall Business Continuity Management plan
Scope: - Services, computer systems, networks, applications, data repositories, telecommunication, environment, technical support and Service Desk - Also includes Resources (People)
53
10-02-2015
ITSCM – Objectives Objectives are ensuring that: - Required IT technical and service facilities can be resumed - Within required and agreed business timescales - Following a major disruption
Business Impact Analysis The purpose is: - To quantify the impact loss of IT service would have on the business.
54
10-02-2015
ITSCM - Responsibilities Performing Business Impact Analysis for all existing and new services Implementing and maintaining the ITSCM process, in accordance with the overall requirements of the organization’s Business Continuity Management process and Representing the IT services function within the Business Continuity Management process Ensuring ITSCM plans, risks and activities are capable of meeting the agreed targets under all circumstances Performing risk assessment and risk management to avert disasters where practical
ITSCM - Lifecycle
55
10-02-2015
Information Security Management Goal of ISM is to: - Align IT security with business security and - Ensure that information security is effectively managed in all service and Service Management activities
Scope: - Should cover use and misuse of all IT systems and services for all IT security issues
Information Security Management The Objective of information security is to: - Protect the interests of those relying on - Information, systems and communications
From harm resulting from failures of - Availability - Confidentiality & - Integrity
56
10-02-2015
ISM – Concepts – Security Policy The overall Information Security Policy Use and misuse of IT assets policy An access control policy A password control policy An e-mail / internet / anti-virus policy An information classification policy A remote access policy Supplier access of IT services & component An asset disposal policy
ISM – Responsibilities Developing and maintaining the Information Security Policy and a supporting set of specific policies Ensuring appropriate authorization, commitment and endorsement from senior IT and business management Communicating and publicizing the Information Security Policy to all appropriate parties Ensuring that the Information Security Policy is enforced and adhered to Identifying and classifying IT and information assets (Configuration Items) and the level of control and protection required
57
10-02-2015
ISM – Key Activities Production, review and revision of an overall Information Security Policy and a set of supporting policies Communication, implementation and enforcement of the security policies Assessment and classification of all information assets and documentation Implementation, review, revision and improvement of a set of security controls and risk assessment and responses
ISM – Key Activities Monitoring and management of all security breaches and major security incidents Analysis, reporting and reduction of the volumes and impact of security breaches and incidents Schedule and completion of security reviews, audits and penetration tests
58
10-02-2015
Supplier A Third Party responsible for supplying goods or services that are required to deliver IT Services Examples: - Commodity hardware and software vendors - Network and telecom providers - Outsourcing Organizations
Signing a contract is must. These contracts are known as Underpinning Contracts (UC)
Supplier Management – Goal and Scope Goal: - To manage suppliers and the services they supply, to provide seamless quality of IT service to the business, ensuring value for money is obtained
Scope: - Should include the management of all suppliers and contracts needed to support the provision of IT services to the business
59
10-02-2015
Supplier Management – Concepts,Terms Supplier and Contract Database (SCD): - Holds the information needed by all sub-processes within Supplier Management
Contract: - Legally binding agreement between two parties
Supplier Categorization: - The amount of time and effort spent managing the supplier and the relationship can then be appropriate to its categorization
Supplier & Contract Database
60
10-02-2015
SERVICE TRANSITION
ITIL ® 2011
Foundation Course
Service Transition 1. 2. 3. 4. 5. 6. 7.
Change Management Service Asset & Configuration Mgt Release and Deployment Mgt Transition Planning and Support Service Validation and Testing Evaluation Knowledge Management
61
10-02-2015
Service Transition The ultimate goal of the Service Transition Lifecycle is to assist organizations seeking to plan and manage service changes and deploy service releases into the production environment successfully
Goals of Service Transition Set customer expectations on how the performance and use of the new or changed service Enable the business change project or customer Reduce variations in the predicted and actual performance Ensure that the service can be used in accordance with the requirements and constraints specified within the service requirements
62
10-02-2015
Scope of Service Transition Managing the complexity associated with changes to services and Service Management processes Allowing for innovation while minimizing the unintended consequences of change The introduction of new services Changes to existing services, e.g. expansion, reduction, change of supplier, acquisition or disposal of section of user base or suppliers, change of requirement or skills availability Decommissioning and discontinuation of services, applications or other service components Transfer of services
Principles of Service Transition Define and implement a formal policy for Changes through Service Transition Maximize re-use of established processes and systems Align Service Transition plans with the business needs Establish and maintain relationships with stakeholders with effective controls
Provide systems for knowledge transfer and decision support Plan release and deployment packages
63
10-02-2015
Principles of Service Transition Anticipate and manage course corrections
Proactively manage resources across Service Transition Ensure early involvement in the service lifecycle Assure the quality of the new or changed service Proactively improve quality during Service Transition
Service Transition Processes Transition Planning and Support Change Management Service, Asset and Configuration Management Release and Deployment Management Service Validation and Testing Evaluation Knowledge Management
64
10-02-2015
Service Transition Processes Transition Planning and Support
Change Management Service, Asset and Configuration Management Release and Deployment Management Service Validation and Testing Evaluation Knowledge Management
Transition Planning and Support Goal: - Plan and coordinate the resources to ensure that the requirements of Service Strategy encoded in Service Design and effectively realized in Service Operation - Identify, manage and control the risks of failure and disruption across transition activities
65
10-02-2015
Transition Planning and Support Concepts: - Service Design Package is created in collaboration with customers, external and internal suppliers and other relevant stakeholders - This SDP is designed and developed in the Service Design Phase and passed on to Service Transition Phase so it can be passed on to Business / Service Operation
Service Transition Activities Transition Strategy Prepare for Service Transition Planning an Individual Service Transition Integrated Planning Adopting Program and Best Project Management Practice Review of Plans
66
10-02-2015
Service Change The addition, modification or removal of authorized, planned or supported service or service component and its associated documentation The Service Portfolio provides a clear definition of all current, planned and retired services Understanding the Service Portfolio helps all parties involved in the Service Transition to understand the potential impact of the new or changed service on current services and other new or changed services
Change Management – Purpose, Goal Goals are to: - Respond to the customer’s changing business requirements while maximizing value and reducing incidents, disruption and re-work - Respond to the business and IT requests for change that will align the services with the business needs
Purpose: - Standardized methods and procedures are used for efficient and prompt handling of all changes - All changes to service assets and configuration items are recorded in the Configuration Management System - Overall business risk is optimized
67
10-02-2015
Change Management – Objectives Objective of ChM Process is: - To ensure that changes are recorded and then evaluated, authorized, prioritized, planned, tested, implemented, documented and reviewed in a controlled manner
Change authority: - Formal authorization is obtained for each Change from a Change authority that may be a role, person, or group of people
Request for Change (RFC) RFC is: - A formal communication seeking an alteration to one or more configuration items (CI)
CI is: - Any component that is managed through formal control of Change Management
Change request can take several forms
Different types of change may require different types of change request
68
10-02-2015
Change Types Change Types are: Standard and Emergency
Standard Change - A change to a service or infrastructure for which the approach is pre-authorized by Change Management that has an accepted and established procedure to provide a specific change requirement - Example: upgrade of a PC to use pre-budgeted S/W or Desktop move for a single user
Change Types Emergency Change - A change that must be introduced ASAP - Emergency change is the highest priority change that can be defined in an organization - Emergency change needs to be evaluated, assessed and either approved or rejected in short space of time
69
10-02-2015
7R’s of Change Management Impact Assessment - Who RAISED the change? - What is the REASON for the change? - What is the RETURN required from the change? - What are the RISKS involved in the change? - What RESOURCES are required to deliver the change? - Who is RESPONSIBLE for the build, test and implementation of the change? - What is the RELATIONSHIP between this change and other changes?
Change Management Process
70
10-02-2015
Change Manager - Role Role of Change Manager: - Receive, record, prioritize, categorize the RFC - Evaluate RFC - Select CAB members and coordinate CAB/ECAB meeting - Assess authorize and schedule changes - Review changes to have met their objectives - Analyze the change trends
Change Management Process - Board Change Advisory Board (CAB) - CAB is a body that exists to advise the change manager - About the decisions on change and - To assists change management in the assessment and prioritization of changes - It should comprise of Change Manager, User Manager, Developers, Technical Consultants, Third Party Representative - Change Manager normally chairs the CAB activity - E-CAB: A subset of a CAB members designed to be convened in for decision making in case if urgent / emergency changes
71
10-02-2015
Change Management – KPIs Top five indicators - Unauthorized changes (Above zero is unacceptable) - Unplanned outage - A Change Success Rate - Number of Emergency Changes - Project Implemented on Time / Delayed by how much
Change Management – Benefits Prioritizing and responding to change requests Reducing failed changes to service disruption Delivering change promptly Tracking changes through the Service Life Cycle, contributing to better estimation of the quality, time and cost of change Reducing disruption due to high levels of unplanned or emergency changes Reduce the Mean Time to Restore Service (MTRS) through quicker and more successful implementation of corrective changes
72
10-02-2015
Service Asset & Configuration Mgmt. - Goal The goals are to: - Support the business and customer’s control objectives and requirements - Support Service Management processes by providing accurate configuration information to enable people to make decisions - Minimize the number of quality and compliance issues - Optimize the service assets, IT configurations, capabilities and resources
SACM – Objective & Scope Objective: - To define and control the components of services and infrastructure and maintain accurate configuration information on the historical, planned and current state of the services and infrastructure
Scope: - It covers service assets across the whole service lifecycle - It provides a complete inventory of assets and who is responsible for their control
73
10-02-2015
Configuration Item (CI) A configuration item (CI) is an asset, service component or other item that is, or will be under the control of Service Asset & Configuration Management Examples: - Entire / Partial IT Service - Hardware / Software - Documentation / Technical / SLA - People / Staff - Accommodation
Configuration Management System A set of tools and databases that are used to manage an IT Service Provider’s Configuration data The CMS also includes information about Incidents, Problems, Known Errors, Change and Releases; and may contain data about Employees, Suppliers, Locations, Business Units, Customers and Users The CMS includes tools for collecting, storing, managing, updating, and presenting data about all Configuration Items and their Relationships The CMS is maintained by Configuration Management and is used by all IT Service Management Processes
74
10-02-2015
Definitive Media Library (DML) One or more location in which the definitive and approved versions of all software Configuration Items are securely stored The DML may also contain associated CIs such as licenses and documentation The DML is a single logical storage area even if there are multiple locations All software in the DML is under the control of Change and Release Management and is recorded in the Configuration Management System Only software from the DML is acceptable for use in a Release
ChM and SACM Roles Service Asset Manager Configuration Manager Configuration Analyst Configuration Administrator / Librarian CMS / Tools Administrator Change Manager CAB and ECAB
75
10-02-2015
Release & Deployment Management - Goal Release and Deployment Management aims to
build, test and deliver the capability to provide the services specified by Service Design and that will accomplish the stakeholders’ requirements and deliver the intended objectives
Release & Deployment Management - Goal The goal of Release and Deployment Management is to Deploy releases into production and Establish effective use of the service in order to Deliver value to the customer and Be able to handover to service operation
76
10-02-2015
Release Unit Components of an IT Service that are normally released together A Release Unit typically includes sufficient Components to perform a useful function Example unit 1: Release Unit could be Desktop PC, including Hardware, Software, Licenses, Documentation Example unit 2: Release Unit could be a complete Payroll Application, including IT Operation Procedure and User Manual
RDM – Objectives To ensure clear and comprehensive plans are in place To build, install and deploy release package To ensure the new or changed services are capable of delivering the agreed requirements w.r.t. utilities, warranties and service levels To minimize the unpredicted impact and operations
To ensure customer, user and SM staff are satisfied with the output like user documentation and training
77
10-02-2015
RDM – Scope The scope of RDM includes
The processes, systems and functions to package, build, test and deploy a release into production and establish the service specified in the Service Design package before final handover to service operation
RDM – Approaches Big Bang Vs Phased Push and Pull Automation Vs. Manual Release and Deployment Model define: - Release structure – release package and the target environments - The exit and entry criteria - The roles and responsibilities for each configuration item at each release level
78
10-02-2015
V Model
Early Life Support (ELS)
79
10-02-2015
Knowledge Management Goal: - To enable organization to improve the quality of management decisions by ensuring that reliable and secure information and data is available through the Service Lifecycle
Service Knowledge Mgmt. System A set of tools and databases that are used to manage knowledge and information The SKMS includes the Configuration Management System as well as other tools and databases The SKMS stores, manages, updates and presents all information that an IT Service Provider needs to manage the full Lifecycle of IT Services
80
10-02-2015
DIKW Structure Knowledge Management is typically displayed within the Data – Information – Knowledge – Wisdom structure: - Data is a set of discrete facts about events - Information comes from providing context to data by asking question on the data - Knowledge is composed of the concepts, tacit experiences, ideas, insights, values and judgments of individuals - Wisdom gives an ultimate discernment of the material and guides a person in the application of knowledge
SERVICE OPERATION
ITIL ® 2011
Foundation Course
81
10-02-2015
Service Operation 1. 2. 3. 4. 5.
Event Management Incident Management Request Fulfillment Problem Management Access Management
Goals of Service Operations Coordinate and carry out the IT operational activities Work on processes required to deliver and manage services at agreed levels Manage the technology that is used to deliver and support services
82
10-02-2015
Service Operations Business Value: - Balance between cost Vs. quality - Clearer and improved communication - IT operational health management
Balances in Service Operations IT Services versus Technology components Stability versus Responsiveness Quality of Services versus Cost of Service Reactive versus Proactive
83
10-02-2015
Service Operations Processes Event Management
Incident Management Request Management Problem Management Access Management
Event Management - Scope, Goals & Obj. Provide basis for operational monitoring and control by detecting events, make sense of them and determine the appropriate control action Provides the entry point for the execution of Service Operation processes and activities Provides a way of comparing actual performance and behavior against design standards and SLAs
Provide a basis for Service Assurance and Reporting; and Service Improvement
84
10-02-2015
Event Management – Basic Concepts An event can be defined as any detectable or discernible occurrence - That has significance for the management of the IT Infrastructure or the delivery of IT service
Please Note: - Events are typically notifications created by an IT service, CI or monitoring tool - Events that signify regular operation - Event that signify an exception - Event that signify unusual, but not exceptional operation
Alert A warning that a threshold has been reached, something has changed, or a Failure has occurred Alters are often created and managed by System Management tools and are managed by the Event Management Processes
85
10-02-2015
Incident An unplanned interruption to an IT Service or a reduction in the Quality of an IT Service Failure of a Configuration Item that has not yet impacted service is also an Incident Example: Failure of one disk from a mirror set
Incident Management – Scope & Obj. Objective: - Restore normal service operation as quickly as possible and minimize the adverse impact on business operations, thus ensuring that the best possible levels of Service quality and availability are maintained
Scope: - Any event which disrupts, or which could disrupt a service
86
10-02-2015
Incident Management – Concepts Incident Model: - Steps taken to handle the incident - The chronological order in which the steps should be taken - Responsibilities, who should do what - Timescale and Threshold for completion of the actions - Escalation Procedures, who should be contacted and when - Any necessary evidence preservation activities (this is relevant for security and capacity related incidents)
Incident Management – Concepts Major Incidents: - A separate procedure - With shorter timescale and greater urgency - Agreed and mapped to Incident Prioritization Process
87
10-02-2015
Impact, Urgency and Priority
Urgency
Impact High
Medium
Low
High
critical -1 < 1 hour
high -2 < 8 hours
medium -3 < 24 hours
Medium
high -2 < 8 hours
medium -3 < 24 hours
low -4 < 48 hours
Low
medium -3 < 24 hours
low -4 < 48 hours
Planning/ planned
Priority = Impact X Urgency
Incident Management – Process From Web Interface
From Event Mgmt
Incident Identification
User Phone call
To Request Fulfillment
Y
Service Request
Email – Technical Staff
N
Incident logging
Incident Prioritization
Incident Categorization
Major Incident
Y
Major Incident Procedure
N Initial Diagnosis
Hierarchical Escalation Needed ? Y Management Escalation
Functional Escalation Needed ? N
Y
Functional Escalation to next level
Investigation & Diagnosis
Resolution & Recovery
Incident Closure
88
10-02-2015
Incident Management – Challenges The ability to detect incidents as early as possible
Convincing all users that all incidents must be logged Availability of information of problems and known errors Integration into the CMS Integration into the SLM process
Incident Management – KPI Breakdown of incidents at each stage Size of current incident backlog Number and percentage of Major Incidents Mean elapsed time to achieve incident resolution or circumvention, broken down by impact code Percentage of incidents handled within agreed response time
89
10-02-2015
Service Request A request from a user for information, or advice, or for a Standard Change or for Access to an IT Service For example to reset a password, or to provide standard IT service to a new user Service Request are usually handled by a Service Desk, and do not require a RFC to be submitted
Request Fulfillment To provide a channel for users to request and receive standard services for which a pre-defined approval and qualification process exists To provide information to users and customers about the availability of services and the procedure for obtaining them To source and deliver the components of requested standard services (e.g. licenses and software media) To assist with general information, complaints or comments
90
10-02-2015
Request Fulfillment – Basic Concepts Service Requests will usually be satisfied by implementing a Standard Change (frequent changes, low risk, low cost) The ownership of Service Requests resides with the Service Desk, which monitors, escalates, dispatches and often fulfils the user requests Pre-defined Request Models which typically include some form of pre-approval by Change Management
Problem Unknown underlying cause of one or more Incidents The cause is not usually known at the time of a Problem Record is created, and the Problem Management Process is responsible for further investigation
91
10-02-2015
Workaround Reducing or eliminating the Impact of an Incident or Problem for which a full Resolution is not yet available For example by restarting a failed Configuration Item Workarounds for Problems are documented in Known Error Records Workarounds for Incidents that do not have associated Problem Records are documented in the Incident Record
Problem Management – Goal Goal is: - To prevent problems and resulting incidents from happening, to eliminate recurring incidents and to minimize the impact of incidents that can not be prevented
92
10-02-2015
Problem Management – Goal Goal is: - To prevent problems and resulting incidents from happening - To eliminate recurring incidents and - To minimize the impact of incidents that can’t be prevented
Problem Management – Activities Proactive Problem Management: - Initiated in Service Operation, but - Generally driven as a part of Continual Service Improvement
Reactive Problem Management: - Generally executed as a part of Service Operation
93
10-02-2015
CONTINUAL SERVICE IMPROVEMENTS
ITIL ® 2011
Foundation Course
Continual Service Improvement Primary purpose is to align and realign IT services to the changing business needs by identifying necessary improvements Objectives - Review, analyze and make recommendations on improvement opportunities
94
10-02-2015
CSI and Service Lifecycle
CSI Model
95
10-02-2015
CSI Register Used to record all improvement opportunities
Categorized into - Large/Medium/Small, Quick/Medium Term/Long Term
Potential Benefits Prioritization
The 7-Step Improvement Process
96
10-02-2015
MAJOR FUNCTIONS
ITIL ® 2011
Foundation Course
Major Service Management Functions TMF – Technical Management Function - Custodian of technical knowledge and expertise related to managing the IT
AMF – Application Management Function - Custodian of technical knowledge and expertise related to managing the Applications - Can overlap with Application Development
ITOMF – IT Operations Management Function - Responsible for the daily operational activities needed to manage the IT infrastructures - Can overlap with TMF, AMF
97
10-02-2015
Major Service Management Functions SDF – Service Desk Function - SPOC –Single Point of Contact - Focuses on service restoration
Local Service Desk
98
10-02-2015
Centralized Service Desk
Virtual Service Desk
99
10-02-2015
THANK YOU & HAVE A WONDERFUL IT CAREER AHEAD
ITIL ® 2011
Foundation Course
100
View more...
Comments