ITSM Gap Analysis for XYZ

ITSM Gap Analysis at XYZ Telecom An Insight

31st of March 2011 till 30th of April, 2011

1

Contents PREAMBLE ASSESSMENT OBJECTIVE ASSESSMENT SUMMARY ASSESSMENT PARTICIPANTS APPROACH ASSUMPTIONS IDENTIFIED STRENGTHS OF XYZ TELECOM IT KEY FINDINGS STATUS OF ITSM IN XYZ TELECOM OVERALL PROCESS ALIGNMENT LEVELS PROCESS AREA WISE GAPS RECOMMENDATIONS ROADMAP THE PDCA MODEL REFERENCES

2

XYZ Telecom Confidential

Preamble Background

• The IT at XYZ Telecom offers IT Services, namely The IT Service Desk, IT Infrastructure management, and Application management to their customers (various departments within XYZ Telecom) from the facility at Academic City Dubai, UAE.

Approach

• Being a quality conscious organization, XYZ Telecom IT thrives to ensure that the IT Services delivered by them are aligned to best practices and global standards in IT Service management.

Deliverables

• This report contains the structured representation of the findings from this assessment and the recommendation on the way forward.

3

XYZ Telecom Confidential

Assessment Objective The objective of this gap analysis is to assess the current the practices within XYZ Telecom IT Department with respect to: •

Specified and implied needs of XYZ IT department

•

Global best practices in IT Service Management

The Assessment mainly takes the ITIL framework as the basis for the assessment, so that this forms the foundation for XYZ Telecom IT for working towards certifying the IT Service Management practices as per the international standard.

4

XYZ Telecom Confidential

Assessment Summary Assessment Duration:

• The assessment was conducted over a period of 30 calendar days starting

Assessment Location:

• All assessment related activities were carried out from the XYZ Telecom IT

from 31st of March 2011 till 30th of April, 2011.

facility at Academic city Dubai, UAE

• All observations made during the assessment were documented,

Assessment Validation:

reviewed and agreed with the project manager of XYZ Telecom IT to ensure there is no mismatch of what the consultant understood from the information gathered.

Assessment Method:

• Interviews with relevant stakeholders in XYZ Telecom • Review of the Self Assessment questionnaire filled out by the XYZ staff • Review of process/procedure documents and plans showing the intent • Review of records and other evidences 5

XYZ Telecom Confidential

Assessment - Participants Assessment Participants: Following are the participants from XYZ Telecom IT who were involved in the assessment Jassim Juma– Operations Section Head Osman Farah – Application Section Representative Fouad Saleh – Project Manager

Ayman Al Sayed – Project team member Yasser Ramadan – Representation from Systems Md Aziz – Representation from Network Muneer Ahmed – Representation from Vendor

Tamer Elahi – Representation from DBA

6

XYZ Telecom Confidential

Approach

7

XYZ Telecom Confidential

Assumptions 

The assessment is based on the information made available

to the consultant through interviews and review of documents and records. A full fledged audit of the operations was not the intention of the exercise. 

It is assumed that all information provided by the various

participants in the assessment exercise are authentic and complete. 

It is also assumed that XYZ Telecom is going apply for

ISO/IEC 20000 certification at a later stage

8

XYZ Telecom Confidential

Identified Strengths of XYZ Telecom IT 

Help Desk has been established as a SPOC (single point of contact) for XYZ

Telecom IT users 

The benefits and the need for process improvement has been identified by

XYZ Telecom IT 

Sr. Management at XYZ Telecom IT is committed on improving it service

delivery 

Very low staff attrition rate, hence minimal changes in project core members



Comparatively well carried out Incident, Supplier and Financial Management



Tools, resources and funds allocated/planned for improving Service

Management

9

XYZ Telecom Confidential

Key Findings 

Service Desk is established as SPOC (single point of contact) for all the users,

however this gets bypassed at times



Very limited awareness on IT Service management best practices among XYZ

Telecom staff 

Polices related to IT are not defined, documented and communicated

 Document control procedures are currently unavailable 

Minutes of any meetings in IT are not consistently recorded and

followed up 

Documented evidence of IT planning is not available, but planning is

done annually

10

XYZ Telecom Confidential

Status of the ITSM Processes Status of the ITSM Processes in XYZ Telecom : Process Existing But Insufficient Documentation

Non- Existent Processes

Information Security Management

Configuration Management

Release Management

Problem Management

Change Management

Availability and Continuity Management

Supplier Management

Capacity Management

Budgeting and Accounting

Service Level Management Business Relationship Management

Incident Management

Service Reporting

11

XYZ Telecom Confidential

Overall Process Alignment Levels – illustrative The method of calculation of each level is given

Process Area

below:

Level 1

Compliance Level Level 2

Level 3

Incident Management Problem Management

 Each process area has specific number of

Change Management

questions. Based on the information given during

Configuration Management

the assessment and after reviewing certain

Release Management Business relationship Management

evidences, alignment levels are determined.

Supplier relationship Management

 If the alignment level of a process area is less

Service Level Management

than 50% then it is considered to be at Level-1. If

Service Reporting Information Security Management

it is equal to or more than 50% and below 90%,

Budgeting and Accounting for IT

then the alignment it is considered to be at Level-

Capacity Management

2. If it is 90% or above then the alignment level is

Availability and Continuity Management

considered to be as Level-3

Level 1

Major Deviation from the standard requirement

Level 2

Some controls in place

Level 3

Minimum Deviation from the standard requirement

12

XYZ Telecom Confidential

Process Area Wise Gaps - illustrative . Process Area: Incident Management Alignment Percentage: 66.67% (Level-2) Crucial Gaps observed: • Unique identifier and periodic updates not given to users on reported incidents • Consistent procedure to handle major incidents not available

• Helpdesk is bypassed for Application related calls • Current escalation mechanism in place to resolve incidents is not formal • Incidents not prioritized against business impact and urgency • Check on user satisfaction and recording of solutions not done, at incident closure

13

XYZ Telecom Confidential

Process Area Wise Gaps - illustrative Specific Requirements of the framework and alignment details: Incident Management ITSM Best Practices

Alignment Status

1

All incidents shall be recorded

PARTIALLY ALIGNED

2

Procedures shall be adopted to manage the impact of service incidents

PARTIALLY ALIGNED

3

Procedures shall define the recording, prioritization, business impact, classification, updating, escalation, resolution and formal closure of all incidents

PARTIALLY ALIGNED

4

The customer shall be kept informed of the progress of their reported incidents or service request and alerted in advance if their service levels cannot be met and an action agreed

PARTIALLY ALIGNED

5

All staff involved in incident management shall have access to relevant information such as known errors, problem resolutions and the configuration management database

NOT ALIGNED

6

Major incidents shall be classified and managed according to a defined process

NOT ALIGNED

14

XYZ Telecom Confidential

Recommendations Immediate Actions Recommended  Form a steering committee for progress reviews and escalation management of the improvement initiative  Document all Services and its details with default levels in a Service Catalogue  Identify ‘service owners’ for each service from XYZ Telecom IT

 Identify and document services required by XYZ Telecom IT from other departments  Plan and implement availability, capacity and security monitoring tools  Identify appropriate individuals for process ownership and management  Document, review and agree on all process documentation needed by the framework  Identify all the risks related to the implementation of the Service Management System  Develop mitigation plans for risks that have high Risk Priority Number

15

XYZ Telecom Confidential

Recommendations Recommended Steering Committee Composition and Responsibilities Project Sponsor – IT director

Steering committee composition

Section Heads – Application and Operations Project Manager – XYZ Telecom Project Manager – Consultants Customer representative(s)  Drive adherence of set policies and processes through formal communications to all staff

High-level responsibilities of steering committee

 Assist in driving activities outside IT department, required by the

standard  Resolve resource and fund issues that cannot be managed by project manager  Conduct Service Management Review

16

XYZ Telecom Confidential

Recommendations Recommended Responsibilities of the Management Representative :  Creation, implementation and maintenance of the Service Management Policy

and Service management system for XYZ Telecom IT  Create and implement document control policy, procedures and maintain master list of documents and document storage  Ensure availability of appropriate budgets and funds for service management and improvement  Definition of Roles and Responsibilities for Process Owners and Process Managers for the processes as per the framework  Creation of internal audit procedure, planning, execute audits, create internal audit reports and follow-up till closure 17

XYZ Telecom Confidential

Recommendations Recommended Process Ownership and Management Groupings Different roles with specific responsibilities to manage different process areas would be required to ensure effective implementation of the Service Management system. It may not be possible or not required to have different individuals for managing each process areas. Following are the recommended combination that could be :

Change Management

Service Level Management

Service Desk Incident Management

Business relationship

Problem Management

Service Reporting

Information Security Management

Availability Management Capacity Management Continuity Management

18

Release Management Configuration Management

Supplier Management Financial Management

XYZ Telecom Confidential

Roadmap

Road Map For ITSM Implementation 19

XYZ Telecom Confidential

The PDCA Model

20

XYZ Telecom Confidential

References



XYZ Telecom IT department policies, processes and procedures – Evidences



ITIL best practices framework documentation

21

XYZ Telecom Confidential