Incident Management

Demystifying ITIL
Greg Charles, Ph.D.
Area Principal Consultant, CA

June 2006
Pacific Northwest Digital Government Summit
Today’ s Objective
To provide a basic understanding (theory and concepts) of ITIL’ s Service Management Framework (Service Support and Service Delivery components)
Ever-Increasing Complexity
Approaches Currently In Use
Business As Usual – Firefighting

Legislation – Forced

Best Practice Focused
The Legislation Minefield
Privacy & Security
Personal Information Protection Electronic Document Act (PIPEDA)
US Patriot Act \ Homeland Security (Critical Infrastructure)
Personal Health Information Protection Act (PHIPA)
Health Insurance Portability and Accountability Act (HIPAA)
SEC Rules 17a-3 & 17a-4 re: Securities Transaction Retention
Gramm-Leach Bliley Act (GLBA) privacy of financial information
Children’ s Online Privacy Protection Act
Clinger-Cohen Act (US Gov.)
Federal Information Security Mgmt. Act (FISMA)
Freedom of Information & Protection of Privacy (FOIPOP) BC Gov
FDA Regulated IT Systems
Freedom Of Information Act
Americans with Disabilities Act, Sec. 508 (website accessibility)

Finance
Sarbanes Oxley (US)
FFIEC US Banking Standards
Basel II (World Bank)
Turnbull Report (UK)
Canadian Bill 198 (MI 52-109 & 52-111)

Washington State Laws relating to IT
Policy 403-R1, 400-P1, 401-S1, 402-G1; Executive Order 00-03; RCW 9A.52.110,120,130; RCW 9A.48.070, 080, 090; RCW 9A.105.041 and many more

Other International IT Models
Corporate Governance for ICT DR 04198 (Australia)
Intragob Quality Effort (Mexico)
Medical Information System Development (Medis-DC) (Japan)
Authority for IT in the Public Administration (AIPA) (Italy)
Principles of accurate data processing supported accounting systems (GDPdu & GoBS) (Germany)
European Privacy Directive (Safe Harbor Framework)

Best Practices
¢What is not defined cannot be controlled
¢What is not controlled cannot be measured
¢What is not measured cannot be improved
Define — Improve
Measure — Control And Stabilize
What Is ITIL?
ITIL is a seven book series that guides business users through the planning, delivery and management of quality IT services

ITIL Simplified
ITIL Service Support Model
Service Desk
To provide a strategic central point of contact for customers and an operational single point of contact for managing incidents to resolution

In addition, the Service Desk handles Service Requests

Incident Management
To restore normal service operation as quickly as possible and minimize the adverse impact on business operations
Problem Management
To minimize the adverse impact of incidents and problems on the business that are caused by errors in the IT Infrastructure and to prevent recurrence of incidents related to these errors

Change Management
To ensure that standardized methods and procedures are used for efficient and prompt handling of all changes to minimize the impact of change-related incidents and improve day-to-day operations
Release Management
Configuration Management
To identify, record and report on all IT components that are under the control and scope of Configuration Management

ITIL Service Delivery Model
Service Level Management
To maintain and improve IT service quality through a constant cycle of agreeing, monitoring and reporting to meet the customers’ business objectives
Availability Management
To optimize the capability of the IT infrastructure, services and supporting organization to deliver a cost effective and sustained level of availability enabling the business to meet their objectives
Capacity Management
To ensure that all the current and future capacity and performance aspects of the business requirements are provided cost effectively
Financial Management
To provide cost-effective stewardship of the IT assets and resources used in providing IT services

To ensure that the required IT technical and services facilities can be recovered within required, and agreed timescales

IT Service Continuity Planning is a systematic approach to create a plan and/or procedures to prevent, cope with and recover from the loss of critical services for extended periods

What Is ITIL All About?
Aligning IT services with business requirements
A set of best practices, not a methodology
Providing guidance, not a step-by-step, how-to manual; the implementation of ITIL processes will vary from organization to organization
Providing optimal service provision at a justifiable cost
A non-proprietary, vendor-neutral, technology-agnostic set of best practices.
IT Governance Model
CobIT (Control Objectives for IT)
CobIT is an open standard control framework for IT Governance with a focus on IT Standards and Audit
Based on over 40 International standards and is supported by a network of 150 IT Governance Chapters operating in over 100 countries
CobIT describes standards, controls and maturity guidelines for four domains, and 34 control processes
The CobiT Cube

COSO Components
COSO, CobiT & SOX Components
Putting COSO, CobiT, and ITIL together
COSO defines the high level policies of a well governed organization
CobiT defines the control structures for evaluating the IT organization conforms to COSO policies.
ITIL defines the best practices that will satisfy the CobiT controls.
How to Make ITIL a Reality?
Making IT Easier
Next Steps – Focus on Customer Needs

Tools to Aid Success
Meeting Customer Needs -Best Practices
Questions?