ITIL : How to Develop Implement and Enforce ITIL V3 s best….

ITILITIL : How to Develop Implement and Enforce ITIL V3 s best….

How to Develop, Implement and Enforce ITIL V3’s best practices 1 Foreword___________________________ As an education and training organization within the IT Service Management (ITSM) industry, we have been impressed by the positive changes introduced by the refresh of ITIL® in July 2007.

The evolution of the core principles and practices provided by the framework provides the more holistic guidance needed for an industry that continues to mature and develop at a rapid pace.

We recognize however, that many organizations and individuals who had previously struggled with their adoption of the framework will continue to find challenges in ‘implementing’ ITIL® as part of their approach for governance of IT Service Management practices.

In light of this, one of our primary goals is to provide the quality education and support materials needed to enable the understanding and application of the ITIL® framework in a wide-range of contexts.

This comprehensive book is designed as an easy reference that will walk you through the 5 Lifecycle critical steps you need to take to create a successful portfolio of IT Services.

In addition you will learn how to manage and refine your service portfolio as your company’s business evolves.

We hope you find this book to be a useful tool in your educational library and wish you well in you IT Service Management career! The Art of Service © The Art of Service Pty Ltd 2008 ‘All of the information in this document is subject to copyright.

No part of this document may in any form or by any means (whether electronic or mechanical or otherwise) be copied, reproduced, stored in a retrieval system, transmitted or provided to any other person without the prior written permission of The Art of Service Pty Ltd, who owns the copyright.’ ITIL® is a Registered Community Trade Mark of OGC (Office of Government Commerce, London, UK), and is Registered in the U.S.


Standard elements for most definitions of ITSM include: • Description of the processes required to deliver and support IT Services for customers. • The purpose primarily being to deliver and support the technology or products needed by the business to meet key organizational objectives or goals. • Definition of roles and responsibilities for the people involved including IT staff, customers and other stakeholders involved. • The management of external suppliers (partners) involved in the delivery and support of the technology and products being delivered and supported by IT.

The combination of these elements provide the capabilities required for an IT organization to deliver and support quality IT Services that meet specific business needs and requirements.

The official ITIL® definition of IT Service Management is found within the Service Design book on page 11, describing ITSM as “A set of specialized organizational capabilities for providing value to customers in the form of services”. 1.1 The Four Perspectives (Attributes) of ITSM Figure 1.A – Four Perspectives (Attributes) of ITSM ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 7 There are four perspectives (“4P’s”) or attributes to explain the concept of ITSM. • Partners/Suppliers Perspective: Takes into account the importance of Partner and External Supplier relationships and how they contribute to Service Delivery. • People Perspective: Concerned with the “soft” side: IT staff, customers and other stakeholders.


Do staff have the correct skills and knowledge to perform their roles? • Products/Technology Perspective: Takes into account IT services, hardware & software, budgets, tools. • Process Perspective: Relates the end to end delivery of service based on process flows.

Quality IT Service Management ensures that all of these four perspectives are taken into account as part of the continual improvement of the IT organization. 1.2 Benefits of ITSM While the benefits of applying IT Service Management practices vary depending on the organization’s needs, some typical benefits include: • improved quality service provision • cost justifiable service quality • services that meet business, Customer and User demands • integrated centralized processes • everyone knows their role and knows their responsibilities in service provision • learning from previous experience • demonstrable performance indicators 1.3 Business and IT Alignment A central concept to keep in mind when discussing the benefits of IT Service Management is the goal of business and IT alignment.

When staff members of an IT organization have an internal focus on the technology being delivered and supported, they lose sight of the actual purpose and benefit that their efforts deliver to the business.

A way in which to communicate how IT supports the business is using the following Figure demonstrating business and IT alignment. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 8 Figure 1.B below divides an organization into a number of supporting layers that work towards meeting a number of organizational goals.

These layers are communicated by the following: 1.

Organization (What are the key goals for the organization?) 2.

CORE Business Processes (These business processes enable the objectives above to be met) 3.

IT Service Organization (What IT Services are required to enable the effective and efficient execution of the business processes above?) 4.

IT Service Management (The focus here is on the ITIL® processes required for quality delivery and support of the IT Services above) 5.

IT Technical Activities (The actual technical activities required as part of the execution of the ITIL® processes above.

These are technology specific and as such not the focus of ITIL® or this document.

Example to illustrate business and IT alignment: Business: A fashion store What are some of your organization’s objectives or strategic goals? We want to make a lot of money $$$! We want to have a good image and reputation.

What Business Processes aide in achieving those objectives? Retail, marketing, buying, procurement, HR etc.

What IT Services are these business processes dependent on? Web site, email, automatic procurement system for buying products, Point of Sale Services We have ITSM in order to make sure the IT Services are: What we need (Service Level Management, Capacity Management etc) Available when we need it (Availability MGT, Incident MGT etc.) Provisioned cost-effectively (Financial MGT, Service Level MGT) Figure 1.B – Business and IT Alignment If we don’t manage the IT Services appropriately we cannot rely on these services to be available when we need.

If this occurs we cannot adequately support our business processes effectively and efficiently.

And therefore we cannot meet or support our overall organization’s objectives!!! ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 9 1.4 What is ITIL®? ITIL® stands for the Information Technology Infrastructure Library.

ITIL® is the international de facto management framework describing “best practices” for IT Service Management.

The ITIL® framework evolved from the UK government’s efforts during the 1980s to document how successful organizations approached service management.

By the early 1990s they had produced a large collection of books documenting the “best practices” for IT Service Management.

This library was eventually entitled the IT Infrastructure Library.

The Office of Government Commerce in the UK continues to operate as the trademark owner of ITIL®.

ITL has gone through several evolutions and was most recently refreshed with the release of version 3 in 2007.

Through these evolutions the scope of practices documented has increased in order to stay current with the continued maturity of the IT industry and meet the needs and requirements of the ITSM professional community.

ITL is only one of many sources for best practices, including those documented by: • Public frameworks (ITIL®, COBIT, CMMI etc.) • Standards (ISO 20 000, BS 15 000) • Proprietary knowledge of organizations and individuals Generally best practices are those formalized as a result of being successful in wideindustry use. Five volumes make up the IT Infrastructure Library (Version 3). • Service Strategy • Service Design • Service Transition • Service Operation • Continual Service Improvement ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 10 2 Common Terminology_______________ Critical to our ability to participate with and apply the concepts from the ITIL® framework is the need to be able to speak a common language with other IT staff, customers, end-users and other involved stakeholders.

This next section documents the important common terminology that is used throughout the ITIL® framework.

Terminology IT Service Management: Capabilities: Explanations A set of specialized organizational capabilities for providing value to customers in the form of services.

The ability of an organization, person, process, application, CI or IT service to carry out an activity. • The functions and processes utilized to manage services. • Capabilities are intangible assets of an organization and cannot be purchased, but must be developed and matured over time. • The ITSM set of organizational capabilities aims to enable the effective and efficient delivery of services to customers.

A generic term that includes IT Infrastructure, people, money or anything else that might help to deliver an IT service.

Resources are also considered to be tangible assets of an organization.

A set of coordinated activities combining and implementing resources and capabilities in order to produce an outcome and provide value to customers or stakeholders. • Processes are strategic assets when they create competitive advantage and market differentiation. • Processes may define roles, responsibilities, tools, management controls, policies, standards, guidelines, activities and work instructions if they are needed. Resources: Process: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 11 Functions: A team or group of people and the tools they use to carry out one or more Processes or Activities.

Functions provide units of organization responsible for specific outcomes.

ITIL® Functions covered include: • Service Desk • Technical Management • Application Management • IT Operations Management A technique used to define roles and responsibilities of people or groups in relation to processes and activities.

R – Responsibility (actually does the work for that activity but reports to the function or position that has an “A” against it).

A – Accountability (is made accountable for ensuring that the action takes place, even if they might not do it themselves).

C – Consult (advice/ guidance / information can be gained from this function or position prior to the action taking place).

I – Inform (the function or position that is told about the event after it has happened). **Refer to Figure 2.A* A means of delivering value to Customers by facilitating outcomes customers want to achieve without the ownership of specific costs or risks The person responsible for ensuring that the process is fit for the desired purpose and is accountable for the outputs of that process.

Example: The owner for the Availability Management Process The person who is accountable for the delivery of a specific IT Service.

They are responsible for continual improvement and management of change affecting Services under their care.

Example: The owner of the Payroll Service The person responsible for the operational management of a process.

There may be several Managers for the one process.

They report to the Process Owner.

An internal service provider that is embedded within a business unit.


One IT organization within each of the business units.

The key factor is that the IT Services provide a source of competitive advantage in the market space the business exists in. RACI Model: Service: Process Owner: Service Owner: Process Manager: Internal Service Providers: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 12 Shared Service Providers: An internal service provider that provides shared IT service to more than 1 business unit e.g.: one IT organization to service all businesses in an umbrella organization.

IT Services typically don’t provide a source of competitive advantage, but instead support effective and efficient business processes.

Service provider that provides IT services to external customers.


Outsourcing External Service Providers: Business Case A decision support and planning tool that projects the likely consequences of a business action.

It provides justification for a significant item of expenditure.

Includes information about costs, benefits, options, issues, risks and possible problems. RACI Model Service Desk Logging Classification Investigation RACI RACI ACI Desktop RCI RCI Applications RCI Operations Manager CI CI CI Figure 2.A – The RACI Model: A RACI Model is used to define the roles and responsibilities of various Functions in relation to the activities of Incident Management.

General Rules: Only 1 “A” per Row (ensures accountability, more than one “A” would confuse this) At least 1 “R” per Row (shows that actions are taking place) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 13 ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 14 3 The Service Lifecycle________________ Figure 3.A – ITIL® Service Lifecycle Model (Acknowledgement – OGC) Lifecycle: The natural process of stages that an organism or inanimate object goes through as it matures.

For example, human stages are birth, infant, toddler, kid, pre-teen, teenager, young adult, adult and death.

The concept of the Service Lifecycle is fundamental to the refresh of ITIL® for Version 3.

Previously, much of the focus of ITIL® was on the processes required to design, deliver and support services for customers.

As a result of this previous focus on processes, Version 2 of the ITIL® Framework provided best practices for ITSM based around the how questions.

These included: • How should we design for availability, capacity and continuity of services? • How can we respond to and manage incidents, problems and known errors? As Version 3 now maintains a holistic view covering the entire lifecycle of a service, no longer does ITIL® just answer the how questions, but also why? ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 15 • • • Why does a customer need this service? Why should the customer purchase services from us? Why should we provide (x) levels of availability, capacity and continuity? By first asking these questions it enables a service provider to provide overall strategic objectives for the IT organization, which will then be used to direct how services are designed, transitioned, supported and improved in order to deliver maximum value to customers and stakeholders.

The ultimate success of service management is indicated by the strength of the relationship between customers and service providers.

The 5 phases of the Service Lifecycle provide the necessary guidance to achieve this success.

Together they provide a body of knowledge and set of good practices for successful service management.

This end-to-end view of how IT should be integrated with business strategy is at the heart of ITIL®’s five core volumes (books). 3.1 Mapping the Concepts of ITIL® to the Service Lifecycle There has been much debate as to exactly how many processes exist within Version 3 of ITIL®.

Questions asked include: • What exactly constitutes a process? • Shouldn’t some processes be defined as functions? • Why has x process been left out? In developing this material we have based our definitions of processes and functions and where they fit on the guidance provided by the ITIL® Foundation syllabus by EXIN International.

Figure 3.B demonstrates the processes and functions of ITIL® in relation to the 5 Service Lifecycle Phases.

It also demonstrates the increased scope now covered by ITIL® over the previous version. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 16 Service Desk Function Continual Service Improvement Service Transition IT Operations Mgt Function Supplier Mgt Application Mgt Function Technical Mgt Function Knowledge Mgt Service Validation & Testing Release & Deployment Mgt Service Asset & Configuration Mgt Change Mgt Event Mgt Request Fulfilment Mgt Access Mgt Problem Mgt Incident Mgt ITIL V2 ITIL V3 Functions Service Strategy Service Design Service Operation Information Security Mgt Service Catalogue Mgt Service Level Mgt Service Portfolio Mgt Demand Mgt Financial Mgt IT IT Service Continuity Mgt Availability Mgt Capacity Mgt Service Strategy Service Design Service Transition Service Operation Continual Service Improvement SLM Service Measurement & Reporting CSI Improvement Process Figure 3.B – The Major Concepts of ITIL® NOTES: • The Service Lifecycle phases (and ITIL® books) are shown through the arrows at the bottom. • The concepts in light shading are the V2 ITIL® concepts. • The concepts not shaded are the new ITIL® V3 concepts. • The concepts in dark shading are Functions. • Although Service Level Management officially sits in the Service Design book, it plays a very important role in the Continual Service Improvement phase, and therefore could also fit in the CSI book as a process. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 17 3.2 How does the Service Lifecycle work? Although there are 5 phases throughout the Lifecycle, they are not separate, nor are the phases necessarily carried out in a particular order.

The whole ethos of the Service Lifecycle approach is that each phase will affect the other, creating a continuous cycle.

For this to work successfully, the Continuous Service Improvement (CSI) phase is incorporated throughout all of the other phases.

Figure 3.C demonstrates some the key outputs from each of the Service Lifecycle Phases. •IT Budgets Service Strategy Service Design Service Transition Service Operation Continual Service Improvement •Patterns of Business Activity •Service Portfolio information •New and changed service assets •Service Catalogue, SLAs, OLAs, UCs •Testing and Validation Criteria •Known Errors from Development •Testing and validation results •Change Authorization •Incidents & Problems, Events, Service Requests •Request for Changes •Information collected from infrastructure monitoring Service and Process Improvements Figure 3.C – How does the Service Lifecycle Work? It is important to note that most of the processes defined do not get executed within only one lifecycle phase.

As an example we will look at the process of Availability Management and where some activities will get executed throughout Service Lifecycle.

Service Design Phase: Designs the infrastructure, processes and support mechanisms needed to meet the Availability requirements of the customer.

Service Transition Phase: Validates that the Service meets the functional and technical fitness criteria to justify release to the customer.

Service Operation Phase: Monitors the ongoing Availability being provided.

During this phase we also manage and resolve incidents that affect Service Availability. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 18 4 Service Strategy____________________ What is strategy? The term strategy was traditionally used in the military world, where strategy defined the distribution and application of military resources in order to meet the objectives of a plan.

Strategy in the context of Service Management is used by Service Providers to: • Attain Market focus – deciding where and how to compete • Distinguish capabilities – develop service assets that the business appreciates The processes found within the Service Strategy lifecycle phase are: • Financial Management for IT Services • Service Portfolio Management • Demand Management 4.1 Objectives The primary objectives of Service Strategy are to: • Design, develop and implement service management as a strategic asset and assisting growth of the organization. • Develop the IT organization’s capability to manage the costs and risks associated with their service portfolios. • Define the strategic objectives of the IT organization.

By achieving these objectives it will ensure that the IT organization has a clear understanding of how it can better support business growth, efficiency improvements or other strategies that wish to be realized.

KEY ROLE: To stop and think about WHY something has to be done, before thinking HOW. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 19 4.2 Major Concepts 4.2.1 Creating Service Value One of the major concepts developed within the Service Strategy phase is determining how to create Service value.

This ensures that before rushing out to determine how to design a Service, we stop and ask two important questions: • Why does the customer need this Service? • Why should the customer purchase it from us? To answer these questions we will look at the two factors that combine to create value in IT Services. Performance supported? Constraints removed? Fit for purpose? UTILITY Available enough? Capacity enough? Continuous enough? Secure enough? Figure 4.A – Creating Service Value Value WARRANTY Fit for use? Service Warranty + Service Utility = Service Value Service Utility defines the functionality of an IT Service from the customer’s perspective (i.e.: what the service does) Service Warranty for a service provides the customer a level of reassurance and guarantee to meet agreed requirements. (Example attributes: Availability, capacity, continuity, security etc) These two factors will be communicated via the Service Package produced by the IT organization for use by customers.

By doing this it clearly communicates the value offered so that customers can make an informed decision whether to acquire the Service for use. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 20 4.2.2 Service Packages and Service Level Packages To discuss Service Packages, Service Level Packages and how they are used to offer choice and value to customers, we’re going to use the example of the packages made available by typical Internet Service Providers (ISPs).

As customers, we have a wide range of choice when looking for an ISP to provide broadband internet.

So as a result ISPs do need to work hard to attract customers by communicating the value that they provide through their offerings.

They also need to offer a wide range of choice for customers, who have varying requirements and needs for their broadband internet service.

Service Packages: A Service Package contains Core Service Package (The basic critical services) Supporting Services Package (Provides differentiation or more effective use of Core Services) Service Level Packages (Defines level of utility and warranty provided by Service Package) — Availability Levels Continuity Capacity Levels Security Levels Features of service Support of service Service Level Packages are effective in developing service packages with levels of utility and warranty appropriate to the customer’s needs and in a cost-effective way. • Availability Levels • Continuity (e.g.

Disaster Recovery) • Capacity Levels (inc.

Performance) • Security Levels ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 21 So for our ISP example, we can define a Service Package in the following way: Figure 4.B – Service Package Example (ISP) Service Package: Broadband Super-User ($69.95 per month) Core Service Package: Internet Connection Email Addresses Supporting Services Package: • Static IP Address • Spam filtering • 100MB Web-Space • VOIP • • • • • • • Service Level Package: Download Speeds: 8000kbs – 24 000kbs (max) Download Quota: 30 GB (Shaped to 512kbs after) Backup dial-up account 98 % Availability Guarantee (otherwise rebate offered) 24 x 7 Service Desk for Support. Most of the components of Service Packages and Service Level Packages are reusable components of the IT organization (many of which are services).

Other components include software, hardware and other infrastructure elements.

By providing Service Level Packages in this way it reduces the cost and complexity of providing services while maintaining high levels of customer satisfaction.

In our example above, the ISP can easily create multiple Service Packages with varying levels of Utility and Warranty provided in order to offer a wide range of choice to customers, and to distinguish themselves from their competition.

The use of Service Packages and Service Level Packages enables Service Providers to avoid a one-size fits all approach to IT Services. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 22 4.3 Service Strategy Processes The processes included in the Service Strategy lifecycle phase are: • Financial Management for IT Services • Service Portfolio Management • Demand Management These three processes work together to enable an IT organization to maximize the value of services being provided to customers and to provide the quality information required to make investment decisions regarding IT. 4.3.1 Financial Management for IT Services GOAL: To provide cost effective stewardship of the IT assets and the financial resources used in providing IT services.

This enables an organization to account fully for the spend on IT Services and to attribute these costs to the services delivered to the organization’s customers. Business opportunities Business Financial Management IT IT capabilities The great connector between desires and abilities! Figure 4.C – Financial Management for IT Services Using Financial Management for IT (FMIT) to provide services with cost transparency (e.g.

Via service catalogue) clearly understood by the business and then rolled into the planning process for demand modeling and funding is a powerful benefit for the organization.

It enables the best balance to be struck between the opportunities available for the business against the capabilities levels of the IT organization. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 23 Activities There are: 1. 2. 3.

Are three fundamental activities for Financial Management for IT Services.

These Budgeting IT Accounting Charging. 1.

Budgeting: Predicting the expected future requirements for funds to deliver the agreed upon services and monitoring adherence to the defined budgets.

This ensures that the required resources to fund IT are made available and can improve the business case for IT projects and initiatives. 2.

IT Accounting: Enables the IT organization to account fully for the way its money is spent.

The definition of Cost Models can be used to identify costs by customer, by service, by activity or other logical groupings.

IT Accounting supports more accurate Budgeting and ensures that any Charging method utilized is simple, fair and realistic. 3.

Charging: (optional activity) Charging customers for their use of IT Services.

Charging can be implemented in a number of ways in order to encourage more efficient use of IT resources.

Notional charging is one option, in which the costs of providing Services to customers are communicated but no actual payment is required. Other Terminology (Not Examined at a Foundation Level) Terminology Cost Types: Cost Elements: Explanations These are higher level expenses identified such as hardware, software, people, accommodation, transfer and external costs.

The actual elements making up the cost types above.


For the hardware cost type it would include the elements such as CPUs, Servers, Desktops etc.

Cost elements identified to be clearly attributed to only a single customer or service.

Often known as overheads, these are costs that are shared across multiple customers or services, which have to be shared in a fair manner.

A cost unit is the identified unit of consumption that is accounted for a particular service or service asset. Direct Costs: Indirect Costs: Cost Units: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 24 FMIT assists in the task of Service Valuation, which is used to help the business and the IT Service Provider, agree on the value of the IT Service.

It determines the balance demonstrating the total cost of providing an IT Service against the total value offered to the business by the Service.

Service Value for services is created by the combination of Service Utility and Service Warranty. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 25 4.3.2 Service Portfolio Management GOAL: To assist the IT organization in managing investments in service management across the enterprise and maximizing them for value.

A Service Portfolio describes provider’s services in terms of business value.

They include the complete set of services managed by a Service Provider.

These portfolios are used to articulate business needs and the Service Provider’s response to those needs.

It is possible for a Service Provider to have multiple Service Portfolios depending on the customer groups that they support. • Includes the complete set of services managed by a service Provider. • Provides the information required to manage the entire lifecycle of all services. 3 Categories of services defined in Service Portfolio • Service Pipeline (proposed or in development) • Service Catalogue (Live or available for deployment) • Retired Services (Decommissioned services) Service Portfolio Requirements Description Value proposition Business cases Priorities Risks Offerings and packages Cost and pricing Service Pipeline Service Catalogue •Service Description •Functional Spec’s •Business English •Options •Gold, Silver, Bronze •customizations Availability times •(Price list) Retired Services Figure 4.D – A Service Portfolio Service Portfolios have a much larger scope than Service Catalogues, and is used to manage the lifecycle of all services in order to maximize the value of IT Service Management to the business. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 26 The Portfolio should have the right mix of services in the pipeline and catalogue to secure the financial viability of the service provider.

Just like a Financial Portfolio, we need to ensure the balance between risk and benefit provided by the Service Portfolio.

The Service Portfolio uses the above information to provide informed responses to the following strategic questions: 1.

Why should a customer buy these services? 2.

Why should they buy these services from us? 3.

What are the pricing or chargeback models? 4.

What are our strengths and weaknesses, priorities and risk? 5.

How are resources and capabilities to be allocated? Service Portfolio Management is a dynamic and ongoing process and includes the following methods: Define: Used to validate portfolio data.

It is the assessment of services investment in terms of potential benefits and the resources and capabilities required to provision and maintain them.

This also enables the Service Provider to define what it can not do (due to maturity levels, capabilities, risks etc).

Through this activity, the initial creation of the Service Portfolio begins.

Maximize portfolio value, align and prioritize and balance supply and demand.

This is where strategic intent is created.

Questions asked here include: • What are the long term goals of the service org? • What services are required to meet those goals? • What capabilities and resources are required to deliver and support those services? • How will we get there? Finalize proposed portfolio; authorize services and resources needed to deliver services.

Plans and tracks the progress of service investments across the portfolio and allocate the required resources.

Used to schedule and manage the design, transition, change and retirement of services. Analyze: Approve: Charter: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 27 Value Risk Figure 4.E – Balancing a Service Portfolio Understanding their options helps senior executives to make informed investment decisions in service initiatives with appropriate levels of risks and rewards.

These initiatives may cross business functions and may span short, medium and longer time frames.

Investment categories & Budget Allocations Service Investments are split among 3 strategic categories: Transform the Business (TTB) Venture Transform the Business (TTB): TTB investments are moves into new market spaces Grow the business (GTB): GTB investments are intended to grow the organization’s scope of services. — Run the Business (RTB) Core Run the business (RTB): RTB investments are centered maintaining service operations on ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 28 The outcomes for existing services fall into 6 categories: RENEW: REPLACE: RETAIN: These services meet functional fitness criteria, but fail technical fitness.

These services have unclear and overlapping business functionality.

Largely self contained, with well defined asset, process and system boundaries.

These services are aligned with and are relevant to the organization’s strategy Often services that meet the technical and functional criteria of the organization display fuzzy process or system boundaries.

In these cases, the service can often be refactored to include only the core functionality, with common services used to provide the remainder.

Retire services that do not meet minimum levels of technical and functional fitness. REFACTOR: RETIRE: RATIONALIZE: Used to address portfolios that offer services which in fact are composed of multiple releases of the same operating system, service or application etc. Service Retirement An often over looked investment, this is potentially one of the largest hidden costs in a service providers organization, particularly in a large organization with a long history.

Few providers have a clear plan for retiring increasingly redundant services.

This is often due to a number of reasons, including a lack of visibility of what services are actually offered, and the fear that retiring a service may impact other services being offered.

Refreshing the Portfolio As conditions and markets change, some services may no longer be required. • The CIO must monitor, measure, reassess and make changes as business needs change • By organizing an efficient portfolio with optimal levels of Return on Investment (ROI) and risk, the organization maximizes the value realization on its resources and capabilities. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 29 4.3.3 Demand Management GOAL: To assist the IT Service Provider in understanding and influencing Customer demand for Services and the provision of Capacity to meet these demands. Demand Management was previously an activity found within Capacity Management, and now within Version 3 of ITIL® it has been made a separate process found within the Service Strategy phase.

The reasoning behind this is that before we decide how to design for capacity, decisions must be made regarding why demand should be managed in a particular way.

Such questions asked here include: • Why does the business need this capacity? • Does the benefit of providing the required capacity outweigh the costs? • Why should the demand for services be managed to align with the IT strategic objectives? Demand Management is responsible for understanding and strategically responding to business demands for services by: • Analysing patterns of activity and user profiles. • Provisioning capacity in line with strategic objectives. Two ways to influence or manage demand: 1.

Physical/Technical constraints (E.g.

Restrict number of connections, users, running times) 2.

Financial constraints (E.g.

Using expensive charging for services near full capacity or over capacity quotas) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 30 Capacity Maximum safe capacity So rce the Art of Service Time Figure 4.F – Using Demand Management to Optimize IT Capacity Example responses: – Staggering work start times – Prioritizing reports and batch jobs – Running non-time-critical reports and batch jobs at night or outside typical work hours – Restricting any non-critical activities during peak periods. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 31 Analyzing Patterns of Business Activity (PBA) Business processes are the primary source of demand for services.

Patterns of business activity (PBA) influence the demand patterns seen by the service providers.

It is very important to study the customer’s business to identify, analyze and codify such patterns to provide sufficient basis for capacity management. • Analyzing and tracking the activity patterns of the business process make it possible to predict demand for services in the catalogue that support the process. • Every additional unit of demand generated by business activity is allocated to a unit of service capacity. • Activity-Based Demand Management can link the demand patterns to ensure that the customers business plans are synchronized with the service management plans of the service provider. Demand pattern Pattern of business activity (PBA) Business Process Service belt Service Process Capacity plan Delivery schedule Incentives and penalties to influence consumption Demand Management Figure 4.G – Patterns of Business Activity ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 32 Keep in mind that Demand Management plays an integral part in supporting the objectives of an organization and maximizing the value of the IT Service Provider.

This means that the way in which Demand Management is utilized will vary greatly between each organization.

Two examples showing these differences are: 1.

Health Organizations: When providing IT Services that support critical services being offered to the public, it would be unlikely that any demand management techniques would be utilized, as the impact of these restrictions could lead to tragic implications for patients being treated. 2.

Commercial Confectionery Organizations: Typically a confectionery company will have extremely busy periods around traditional holidays (E.G Christmas).

Demand Management techniques would be utilized to promote more cost-effective use of IT during the non-peak periods, however leading up to these holidays it would be unlikely for any restrictions to be used. 4.3.4 Implementation Strategic positions are converted into plans with goals and objectives for execution through the Service Lifecycle.

Figure A outlines the process whereby positions are driven by the need to service specific customers and market spaces and are influenced by strategic perspectives as a service provider.

Plans are the means of achieving those positions.

They include the Service Catalogue, Service Pipeline, Contract Portfolio, financial budgets, delivery schedules, and improvement programs.

Plans will ensure that each phase in the Service Lifecycle has the capabilities and resources necessary to reach strategic positions.

Clarity and context for the development of these is provided by the Service Lifecycle.

The intent of strategy into action through Service Design, Service Transition, Service Operation and Service Improvement is translated through plans.

Service Strategy provides input to each phase of the Service Lifecycle and continual Service Improvement provides the feedback and learning mechanism by which the execution of strategy is controlled. Figure A ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 33 Market space Customer Strategic perspective (Depending on Type I, II, III) Strategic positions Feedback Service management plans Feedback Patterns of execution through service life-cycle Top Down Within any given market space, Service Strategy defines the portfolio of services to be offered and the customers to be supported (see Figure B).

This in turn determines the Contract Portfolio that needs to be supported with design, transition and operation capabilities.

The systems, processes, knowledge, skills and experience required at each phase define the lifecycle capabilities.

Interactions between service management capabilities are clearly defined and managed for an integrated and systematic approach to service management.

The type of transition capabilities required is determined by Service Desk and Operation capabilities.

They also determine the portfolio of service design and the operating range of the service provider in terms of models and capacities.

Figure B ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 34 Service Strategy Service Portfolio Determine Customer Portfolio Contracts Portfolio Operational Capabilities — Higher levels of utility possible Transition capabilities Improvements In operations Increase in Improvements in ©The Art of Service 2008 Quality of design design Service Improvements needs How to Develop, Implement and Enforce ITIL V3’s best practices 35 New strategic positions are adopted based on patterns that emerge from executing the Service Lifecycle.

In order to form a closed-loop planning and control system for service strategies, bottom-up development of Service Strategy is combined with the traditional topdown approach (Figure D).

Such feedback and learning is critical to the success factor for service management to drive changes and innovation.

Figure D Measurement and Evaluation Strategy Implementation Service Design Requirements Service Design Service Strategy Service Transition Requirements Service Transition — •Service Portfolio •Service Catalogue Service Operation Requirements Service Operation Measurement and Evaluation ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 36 4.4 Service Strategy Summary The Service Strategy phase enables the organization to ensure that the organizational objectives for IT are defined and that Services and Service Portfolios are maximized for value.

Other benefits delivered include: • Enhanced ability to predict the resources required to fund IT. • Clearer visibility of the costs for providing IT Services. • Quality information to support investment decisions in IT. • Understanding of the use and demand for IT Services, with the ability to influence positive and cost-effective use of IT. IT Budgets: Strategic Objectives, Service Portfolios: Patterns of Business Activity (PBA) Service Design Service Validation Criteria, Cost Units, Priorities & Risks of IT Services, Requirements Portfolio Service Transition Service Strategy Service Models for support, Service Portfolios, Demand Management Strategies, IT Budgets Nominated budgets for delivering and supporting services Process metrics and KPIs, Service Portfolios Continual Service Improvement Service Operation Figure 4.H – Some outputs to other lifecycle phases. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 37 4.5 Service Strategy Service Scenario To assist with your learning and understanding of how the phases and processes work together, the following scenario will be used throughout this book.

This simplistic overview of a service gives examples of how the processes are utilized to create the service.

The business has requested that they would like to be able to use the internet for instant messaging with international offices.

They are also interested in VOIP and video conferencing. (We shall call this new service HYPE!) Overall Service Strategy • • It is important here to truly understand exactly what the business needs are, as well as their expectations for this service.

Value must be defined (utility + warranty = value): o Utility – features of HYPE – what type of support will the business require, what features will the business want/need, i.e.

Fit for purpose o Warranty – levels of service guarantee (continuity, availability, security, capacity) that the business requires needs to be clarified – set out in service level packages: Service Level Packages o Core service package – instant messaging o Supporting service package – added VOIP and/or Video conferencing, ability to attach files o Service Level packages – video quality, security of transmissions, access times, service support, user access • ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 38 Service Portfolio Management o You have already been trialing X brand instant messenger service among the IT staff , so it is in your pipeline o Can we produce it, or do we need to buy it? o Service Catalogue – nil o What gap I sit filling in the portfolio? o Are there redundant services to retire? FMIT • • • • • Cost to purchase/build service Cost of hardware (web cams, pc upgrades if necessary) Cost of increased internet access/bandwidth Charging for service???? Budget? Demand Management • • When would business most need service? (Mornings and afternoons, as they are most likely to interact with international counterparts – time zones), times of year? What measures can we take to manage demand? o Limit VOIP/video to certain groups/users o Charge business for use o Dedicated bandwidth across whole of service By determining the above before you start to design the service, you are in a better position to ensure that HYPE will meet the customer needs (closed loop system).

Remember, this is where value is agreed – and Service Operation is where value of HYPE is seen.

As we all know, the level of value will more than likely be in direct correlation to the $$ the business is prepared to pay, and this is why it is important to clarify this now, before we start designing. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 39 5 Service Design_____________________ Service Design’s ultimate concern is the design of new or modified services for introduction into a production (live) environment.

It is also concerned with the design of new and modified processes required to deliver and support these services.

Processes: • Service Level Management (Design) • Capacity Management • Availability Management • IT Service Continuity Management • Information Security Management • Supplier Management • Service Catalogue Management 5.1 Objectives There are three main objectives of the Service Design lifecycle phase: • To convert the strategic objectives defined during Service Strategy into Services and Service Portfolios. • To use a holistic approach for design to ensure integrated end-to-end business related functionality and quality. • To ensure consistent design standards and conventions are followed. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 40 5.2 Major Concepts An overall, integrated approach should be adopted for the design activities, covering five major aspects of Service Design 1.

Service Portfolio: Service Management systems and tools, especially the Service Portfolio for the management and control of services through their lifecycle. 2.

Service Solutions: including all of the functional requirements, resources and capabilities needed and agreed. 3.

Technology architectures: Technology architectures and management architectures and tools required to provide the service. 4.

Processes: Processes needed to design, transition, operate and improve the service. 5.

Measurement systems: Measurement systems, methods and metrics for the services, the architectures and their constituent components and the processes.

The key aspect in the design of new or changed services is to meet changing business needs.

Every time a new service solution is produced, it needs to be checked against each of the other aspects to ensure that it will integrate and interface with all of the other services in existence. Service Design Packages The information contained within a Service Design Package including all aspects of the service and its requirements is used to provide guidance and structure through all of the subsequent stages of its lifecycle.

A Service Design Package is produced for each new IT Service, major Change, or IT Service Retirement.

Service Design Packages • • • • • • Business Requirements Service Applicability Service Contacts Service Functional Requirements Service Level Requirements Service Design & Topology • • • • • • Organizational Readiness Assessment User Acceptance Test Criteria Service Program Service Transition Plan Service Operational Plan Service Acceptance Criteria ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 41 5.3 Service Design Processes The processes included with the Service Design lifecycle phase are: • Service Level Management (Design) • Capacity Management • Availability Management • IT Service Continuity Management • Information Security Management • Supplier Management • Service Catalogue Management It is important to note that many of the activities from these processes will occur in other lifecycle phases, especially Service Operation.

Additionally, Service Level Management also plays an important role in Continual Service Improvement. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 42 5.3.1 Service Level Management GOAL: To ensure that the levels of IT service delivery are achieved, both for existing services and new services in accordance with the agreed targets. Service Design Continual Service Improvement Monitor Delivery Determine Requirements Development Design & Plan Process — Report Improve Evaluate During the Service Design lifecycle phase, Service Level Management: • Designs and plans the SLM process and Service Level Agreement (SLA) Structure. • Determines the Service Level Requirements (SLR’s) • Negotiates and Agrees upon the relevant Service Level targets with customers to produce Service Level Agreements Negotiates and agrees upon the support elements required by the internal IT groups and External Suppliers to produce Operational Level Agreements (internal) and Underpinning Contracts (external). ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 43 Terminology Service Level Agreements (SLA’s): Service Catalogue: Explanation Written agreement between a service provider and Customers that document agreed Service Levels for a Service.

Written statement of available IT services, default levels, options, prices and which business processes or customers use them.

Contract with an external supplier that supports the IT organization in their delivery of services.

Internal agreement which supports the IT organization in their delivery of services.

Detailed recording of the Customer’s needs, forming the design criteria for a new or modified service. Underpinning Contract (UC’s): Operational Level Agreement (OLA’s) Service Level Requirements Customers Service Level Management Supplier Management OLA UC SLA — Internal suppliers Negotiating and Agreeing upon the SLAs and OLAs is the responsibility of Service Level Management.

Supplier Management is responsible for negotiation and agreeing upon Underpinning Contracts with external suppliers.

These two processes must communicate to ensure that the Underpinning Contracts do align with and support the SLAs in place.

What are the roles of OLAs and UCs? They are agreements with the internal IT departments and external suppliers on how they support the IT organization in meeting the Service Level Agreements with customers. External suppliers Figure 5.A – SLAs, OLAs and UCs ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 44 SLAs Service A Service B Service C Service D SLR’s SC IT Infrastructure OLAs Figure 5.B – How it all fits together UCs ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 45 The Service Catalogue Figure 5.C below demonstrates the Business Service Catalogue and Technical Service Catalogues and the different views they represent.

Service Level Management supports Service Catalogue Management in the creation of a customer facing Business Service Catalogue, ensuring that all current (live) services are represented here. Business Service Catalogue Business Process 1 Business Process 2 Business Process 3 Service A — Software Apps Data Technical Service Catalogue Figure 5.C – The Service Catalogue Service Level Agreement Structures There are a number of ways in which Service Level Agreements can be structured.

The important factors to consider when choosing the SLA structure are: • Will the SLA allow flexibility in the levels of service to be delivered for various customers? • Will the SLA structure require a lot of duplication of effort? • Who will sign the SLAs? Three types of SLAs structures that are discussed within ITIL® are Service-based, Customer-based and Multi-level or Hierarchical SLAs. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 46 Multi-level SLAs Customer-based and Service-based SLAs Customer 1 Customer 2 Customer 3 Corporate Level Customer based Service based Customer 1 — Service B Service C Figure 5.D – SLA structures Many different factors will need to be considered when deciding which SLA structure is most appropriate for an organization to use.

Typical Multi-level SLA Structure components: 1.

Corporate level: All generic issues are covered, which are the same for the entire organization.

Example: The Corporate Security Baseline, e.g.

Passwords, ID cards etc. 2.

Customer level: Those issues specific to a customer can be dealt with.

Example: Security requirements of one or more departments within the organization are higher: E.g.

The financial department needs higher security measures. 3.

Service Level: All issues relevant to a specific service (in relation to customer) can be covered.

Example: The email services for a particular department needs encryption and secure backups.

Using a multi-level structure for a large organization reduces the duplication of effort while still providing customization for customers and services (inheritance).

The Contents of Service Level Agreements: • Introduction • Transaction response times • Service hours • Disaster Recovery • Availability targets • Reporting requirements • Reliability • Incentives and Penalties • Support arrangements See the Continual Service Improvement Chapter for the aspects of Service Level Management that focus on improving the level of quality being delivered for IT Services. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 47 5.3.2 Capacity Management GOAL: To ensure the current and future capacity and performance demands of the customer regarding IT service provision are delivered against justifiable costs.

Capacity Management is the process that manages: • the right capacity, • at the right location, • at the right moment, • for the right customer, • against the right costs Capacity Management provides the predictive and ongoing capacity indicators needed to align capacity to demand.

It is about finding the right balance between resources and capabilities, and demand. • Too many resources & capabilities = ? $$$$ Management (Ideal) Ï$$ X Incident Capacity • Too little resources & capabilities = ? performance Ï$ X Incident Time Figure 5.E – The Consequences of Reactive Behaviour This graph represents the consequences of reactive behaviour in managing capacity. • Diagonal solid line represents the typical capacity needs of an organization over time. • The dotted line represents the Ideal management of capacity to meet the organization’s needs. • The Horizontal lines depicts the reactive approach, whereby $$ are put into resolving capacity issues, only when it becomes an issue.

This goes well until the next major incident, and more reactive $$ are injected to try and “fix” the capacity issues, rather than addressing the issue in a proactive manner. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 48 Sub-Processes of Capacity Management: Business Capacity Management: • Manage Capacity to meet future business requirements for IT services • Plan and implement sufficient capacity in an appropriate timescale • Should be included in Change Management and Project management activities Service Capacity Management • Focus on managing ongoing service performance as detailed in SLA or SLR • Establish baselines and profiles of use of Services Component Capacity Management Identify and manage each of the components of the IT Infrastructure • E.g.

CPU, memory, disks, network bandwidth • Evaluates NEW technology • Load balances across resources All 3 components collate their data and report to Service Level Management and Financial Management for IT Services. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 49 Activities Business Capacity Management Service Capacity Management Component Capacity Management Performance Monitoring Demand Mgt. Application Sizing Storage of CM data Modelling Capacity Planning CD Reporting Figure 5.F – Activities of Capacity Management Capacity Management has 6 main activities: 1.

Performance Monitoring – Measuring, monitoring, and tuning the performance of IT Infrastructure components. 2.

Demand Management Short term reactive implementation of strategies considered in Service Strategy to manage current demand 3.

Application Sizing – Determining the hardware or network capacity to support new or modified applications and the predicted workload. 4.

Modelling – Used to forecast the behaviour of the infrastructure under certain conditions. 5.

Storage of Capacity Management Data 6.

Capacity Planning 7.

Reporting ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 50 Roles and Responsibilities for Capacity Management: Capacity Manager: Role To ensure adequate performance and capacity for all IT services.

Responsibilities: Capacity Plan (development and management) Oversee Performance and Capacity monitoring & alerting Report provision and advice Skills: Strategic business awareness, technical, analytical, consultancy Capacity Management is critical for ensuring effective and efficient capacity and performance IT Services and IT components in line with business requirements and overall IT strategic objectives.

It is essential that the Capacity Manager ensures that the process utilizes information from and provides information to all phases of the Service Lifecycle. INPUTS •Technology •SLA, SUBSUB-PROCESS Business Capacity Management •Trend, OUTPUTS — •Service •Revised •Financial •Budgets •Effectiveness •Audit reports Figure 5.G – Capacity Management relationships with the rest of ITIL® ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 51 5.3.3 Availability Management GOAL: To optimize the capability of the IT infrastructure and supporting the organization to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives. Other Availability objectives are: • Reduction in the frequency and duration of Availability related incidents. • Maintain a forward looking Availability plan. 30 min outage 60 min outage Figure 5.H – The Perception of Availability Question? Why could users be happy with a 60 minute outage and unhappy with 30 minute outage? A1: 30min outage during peak time, overtime being paid to staff, urgent report required.

A2: 60min outage on weekend, holiday, off peak, when service not required.

A3: 30min outage on critical IT Service, 60min outage on non-critical IT Service.

A4: 30mins unplanned outage, 60min planned outage (e.g.


For a consumer/user of an IT Service, its Availability and Reliability can directly influence both the perception and satisfaction of the overall IT Service provision. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 52 Proactive and Reactive Elements of Availability Management: Proactive activities: Involves the proactive planning, design and improvement of availability.

These activities are principally involved within design and planning roles. (Service Design Phase) Reactive activities: Involves the monitoring, measuring, analysis and management of all events, incidents and problems regarding availability. (Service Operation Phase) Terminology Availability: Explanation The ability of an IT Service or component to perform its required function at a stated instant or over a stated period of time.

Information Security Management determines requirements, Availability Management implements measures Freedom from operational failure.

The ability to withstand failure.

The ability of an IT component to be retained in or restored to, an operational state.

Based on skills, knowledge, technology, backups, availability of IT staff.

The contractual obligation / arrangements made with 3rd party external suppliers.

Measured by Availability, Reliability and Maintainability of IT Service and components under control of the external suppliers.

Managed by Supplier Management through Underpinning Contracts.

The business critical elements of the business process supported by an IT Service. Security: Reliability: Resilience: Maintainability: (internal) Serviceability: (external) Vital Business Function (VBF): ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 53 Activities Service Level Management Requirements Compile Plan Monitor Requirements Planning Design — Activities involved in Availability Management can form two continuous cycles of Planning and Improvement. Availability Management and Incident Management: An aim of Availability Management is to ensure the duration and impact from Incidents impacting IT Services are minimised, to enable business operations to resume as quickly as possible.

The expanded Incident lifecycle enables the total IT Service downtime for any given Incident to be broken down and mapped against the major stages that all Incidents go through. Time Between System Incidents Downtime, Time to restore Diagnosis time Incident Detection time Repair time Resolution time Restore Point Time Recovery time Incident Uptime, Time between failures Figure 5.J – The Expanded Incident Lifecycle ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 54 Lifecycle of an Incident. (Availability Management Metrics) Mean time between Failures (MTBF) or uptime – Average time between the recovery from one incident and the occurrence of the next incident, relates to the reliability of the service Mean time to Restore Service (MTRS) or downtime – Average time taken to restore a CI or IT service after a failure. – Measured from when CI or IT service fails until it is fully restored and delivering its normal functionality.

Mean time between System Incidents (MTBSI): – Average time between the occurrence of two consecutive incidents. – Sum of the MTRS and MTBF.

Relationships: – high ratio of MTBF/MTBSI indicates there are many minor faults – low ratio of MTBF/MTBSI indicates there are few major faults Detection Time: Time for the service provider to be informed of the fault. (Reported) Diagnosis Time: Time for the service provider to respond after diagnosis completed Repair Time: Time the service provider restores the components that caused the fault.

Calculated from diagnosis to recovery time Restoration Time: (MTRS) The agreed level of service is restored to the user.

Calculated from detection to restore point.

Restore Point: The point where the agreed level of service has been restored ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 55 Roles and Responsibilities Availability Manager: Role: To ensure adequate availability of all IT services.

Responsibilities: Availability Plan (development and management) Availability monitoring & alerting Report provision and advice Skills: Awareness of how IT supports the business, Technical, analytical, consultancy, Seeks continuous improvement NOTE: The Availability Manager does not seek to achieve 100% Availability, but instead seeks to deliver Availability that matches or exceeds (within reason) the business requirements. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 56 5.3.4 IT Service Continuity Management GOAL: To support the overall Business Continuity Management by ensuring that the required IT infrastructure and the IT service provision can be recovered within required and agreed business time scales. ** Often referred to as Disaster Recovery planning. ** Terminology Disaster: Explanation NOT part of daily operational activities and requires a separate system. (Not necessarily a flood, fire etc.

May be due to a blackout or power problem and the SLAs are in danger of being breached).

Strategies and actions to take place to continue Business Processes in the case of a disaster.

It is essential that the ITSCM strategy is integrated into and a subset of the BCM strategy.

Quantifies the impact loss of IT service would have on the business.

Evaluate Assets, threats and vulnerabilities.

The scope of IT Service Continuity Management considers all identified critical business processes and IT service(s) that underpin them.

This may include hardware, software, essential services and utilities, critical paper records, courier services, voice services & physical location areas e.g.

Offices, data centres etc. Business Continuity Management: (BCM) Business Impact Analysis: (BIA) Risk Assessment: Scope: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 57 Stage 1 Initiation Stage 2 Requirements & Strategy Define Scope of BCM Business Impact Analysis Risk Assessment Business Continuity Strategy Stage 3 Implementation Organization & Impl.

Planning Stand-by Arrangements & Risk Reduction Measures Recovery Plans & Procedures Perform Initial Testing Initial Testing Stage 4 Operational Management — Change Management Figure 5.K – Activities of IT Service Continuity Management Key Activities of IT Service Continuity Management: Performing a Business Impact Analysis (BIA) identifies: • Critical business processes & Vital Business Functions • Potential damage or loss caused by disruption • Possible escalations caused by damage or loss • Necessary resources required to enable continuity of critical business processes • Time constraints for minimum recovery of facilities and services • Time constraints for complete recovery of facilities and services Risk Assessment: • Gather information on assets (IT infrastructure components), • Threats from both Internal & external sources (the likelihood of occurring) • Vulnerabilities (the extent of impact or effect on organization) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 58 Developing Countermeasures (Recovery and Risk Reduction Measures): Terminology Counter Measures: Manual Workaround: Gradual recovery: Intermediate Recovery: Immediate Recovery: Reciprocal Arrangement: Explanation Measures to prevent or recover from disaster Using non-IT based solution to overcome IT service disruption Aka Cold standby (>72hrs to recover from a ‘Disaster’).

Aka Warm standby (24-72hrs to recover from a ‘Disaster’) Aka Hot standby (< 24hrs, usually implies 1-2 hrs to recover from a ‘Disaster) Agreement with another similar sized company to share disaster recovery obligations Operational Management: • Education & awareness • Training • Reviews • Ongoing testing o At least annually o Following major changes • Audits of recovery procedures, risk-reduction measures and for compliance to procedures. Roles and Responsibilities: Role Board Responsibilities and Skills Crisis Management Corporate/Business decisions External affairs Co-ordination Senior Management Direction and arbitration Resource authorization Invocation of continuity or recovery Management Team Leadership Site Management Liaison & Reporting Task execution Supervisors and Staff Team membership Team and Site liaison Typical responsibilities for ITSCM in planning and dealing with disaster are similar to how First Aid Officers and Fire Wardens act in planning and operational roles. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 59 Skill requirements for ITSCM Manager and staff: • Knowledge of the business (help set priorities) • Calm under pressure • Analytical (problem solving) • Leadership and Team players • Negotiation and Communication ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 60 5.3.5 Information Security Management GOAL: To align IT security with business security and ensure that information security is effectively managed in all service and IT Service Management activities.

Information Security Management ensures that the confidentiality, integrity and availability of an organization’s assets, information, data and IT services is maintained.

Information Security Management must consider the following four perspectives: • Organizational • Procedural • Physical • Technical Terminology Confidentiality: Explanation Protecting information against unauthorized access and use.

Examples: Passwords, swipe cards, firewalls Accuracy, completeness and timeliness of the information.

Examples: Rollback mechanisms, test procedures, audits.

The information should be accessible at any agreed time.

This depends on the continuity provided by the information processing systems.

Examples: UPS, resilient systems, Service desk hours The security level adopted by the IT organization for its own security and from the point of view of good ‘due diligence’.

Possible to have multiple baselines Examples: Security access based employee rank/title Any incident that may interfere with achieving the SLA security requirements; materialisation of a threat Examples: Security Breach or potential weakness Integrity: Availability: Security Baseline: Security Incident: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 61 Figure 5.L – Factors influencing Information Security Management Information Security Management (ISM) needs to be considered within the overall corporate governance framework.

This provides the strategic direction for security activities and ensures objectives are achieved.

It further ensures that the information security risks are appropriately managed and that the enterprise information resources are used responsibly.

The purpose of ISM is to provide a focus for all aspects of IT security and manage all IT activities. Activities Business & Customers Reports Service Level Management SLA — Evaluate Implement IT Service Provider Figure 5.M – Activities of Information Security Management ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 62 Control: The activity of Control has a central place in the above figure, as this is where Information Security is actually enforced in an organization.

The way in which this is done is shown below. Prevention Reduction Detection/ Repression Threat There are various security threats to our infrastructure and we want to prevent or reduce the damage of these as much as possible. In the case that they do pass our prevention mechanisms, we need to Incident — After this process we need to review how and why the breach occurred and how successful were we in responding to the breach. Roles and Responsibilities Information Security Manager Responsibilities: • Manage entire security process, • Consult with senior management Skills: • Strategic Sense of PR, tactical. Security Officer Responsibilities: • Day to day operational duties, • Advise staff on security policy & measures Skills: • Analytical, eye for detail, consultancy ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 63 Physical Perspectives Organizational Prevention Reduction Procedural Technical Measures Detection Repression Correction Evaluation Figure 5.N – Activities of Information Security Management The Information Security Measure Matrix is a useful tool in performing a gap analysis: • Ensures there is a balance in measures • Avoids a concentration of measures in either a certain perspective (e.g.

Technical) or of a certain measure (e.g.


Remember: ultimately it’s a cost-benefit analysis that determines how much you invest in security. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 64 5.3.6 Supplier Management GOAL: To manage suppliers and the services they supply, to provide seamless quality of IT service to the business and ensure that value for money is obtained. Terminology Supplier service improvement plans: (SSIP) Supplier Survey Reports: Explanation Used to record all improvement actions and plans agreed between suppliers and service providers. Feedback gathered from all individuals that deal directly with suppliers throughout their day to day role.

Results are collated and reviewed by Supplier Management, to ensure consistency in quality of service provided by suppliers in all areas.

Supplier & Contract Used as input for the Supplier & Contract review meetings to performance reports: manage the quality of the service provided by suppliers and partners.

This should include information on shared risk, when appropriate.

Types of Supplier Arrangements: Co-sourcing: An informal combination of insourcing and outsourcing, using a number of outsourcing organizations working together to cosource key elements within the lifecycle.

Partnership or multiFormal arrangements between two or more organizations to sourcing: work together to design, develop transition, maintain, operate, and/or support IT service(s).

The focus here tends to be on strategic partnerships that leverage critical expertise or market opportunities.

Business Process Formal arrangements where an external organization provides Outsourcing: and manages the other organization’s entire business process (es) or functions(s) in a low cost location.

Common examples are accounting, payroll and call centre operations. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 65 Knowledge Process Outsourcing: Application Service Provision: This is a new enhancement of Business Process Outsourcing, where external organizations provide domain based processes and business expertise rather than just process expertise and requires advanced analytical and specialized skills from the outsourcing organization.

Where external organizations provide shared computer based services to customer organizations over a network.

The complexities and costs of such shared software can be reduced and provided to organizations that could otherwise not justify the investment. Supplier and Contact Database (SCD): Supplier strategy & policy Evaluation of new suppliers & contracts — Establish new suppliers & contracts Supplier & contract management & performance Supplier & Contract Database Supplier SCD reports & information Contract renewal and/or termination Figure 5.O – The Supplier & Contract Database ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 66 All Supplier Management process activity should be driven by supplier strategy and policy.

In order to achieve consistency and effectiveness in the implementation of the policy, a Supplier and Contract Database (SCD) should be established.

Ideally the SCD should form an integrated element of a comprehensive CMS(Configuration Management System) or SKMS(Service Knowledge Management System), recording all supplier and contract details, together with the types of service, products etc provided by each supplier, and all the other information and relationships with other associated CIs(Configuration Items).

This will also so contribute to the information held in the Service Portfolio and Catalogue. Relationships with other Lifecycle Phases: The information within the SCD will provide a complete set of reference information for all Supplier Management procedures and activities needed across the Service Lifecycle.

Such activities include: Lifecycle Phase Service Design Service Design Service Operation Continual Service Improvement Activities • • • • • • • • Supplier categorization and maintenance of the SCD Evaluation and set-up of new suppliers and contracts Assessing the transition to new suppliers Establishing new suppliers Supplier and Contract Management and performance Contract renewal and termination Identifying improvement actions involving suppliers.

Collating measurements gather on supplier arrangements. This table shows that although Supplier Management is firmly placed within the Service Design Phase of the Lifecycle, many activities are carried out in the other Lifecycle Phases too. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 67 5.3.7 Service Catalogue Management GOAL: To ensure that a Service Catalogue is produced, maintained and contains accurate information on all operational services and those ready for deployment. The Service Catalogue has two aspects: Business Service Catalogue Technical Service Catalogue Business Service Catalogue: contains details of all the IT service delivered to the customer, together with relationships to the business units and the business process that rely on the IT services.

This is the customer view of the Service Catalogue.

Technical Service Catalogue: contains details of all the IT service delivered to the customer, together with relationships to the supporting services, shared services, components and Configuration Items necessary to support the provision of the service to the business.

This should underpin the Business Service Catalogue and not form part of the customer view. 5.3.8 Implementation This section considers the task of implementing the Service Design processes and covers issues such as: • • • Where do we start? How do we improve? How do we know we are making progress? The activities of implementing and improving Service Design need to be focused on the needs and requirements of the customer and the business.

These activities should be prioritized by: • Business needs and business impacts • Risks to the services and processes. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 68 The activities will be dictated by the requirements documented in the Service Level Requirements and the Service Level Agreements.

Business Impact Analysis The BIA is an ongoing source of valuable input when trying to establish business needs, impacts and risks.

It is an essential tool used by the overall Business Continuity process and will dictate the strategy for risk reduction and disaster recovery.

The BIA will show which parts of the organization will be effected by a major incident and what effect that will have on the company as a whole.

This in turn identifies the most critical business functions on which the company’s survival depends.

In addition, data from the BIA can provide valuable input in to a number of other areas as well and enables a greater understanding of the service that would have otherwise been available.

The BIA can be divided in to two areas: • Business Management; which has to investigate the impact of the loss of a business process or a business function.

This would also include the knowledge of manual workarounds and the associated costs. • Service Management; it is essential to break down the effects of service loss to the business.

This element of the BIA shows the impact of service disruption to the business.

The services can be managed and influenced by Service Management.

Other aspects also covered in ‘Business BIA’ can not be influenced by Service Management.

As part of the design phase of a new or changed service, a BIA should be conducted to help define the business continuity strategy and to enable a greater understanding about the function and importance of the service.

This will enable the organization to define: • Which are the critical services, what constitutes a major incident on these services, and the subsequent impact and disruption caused to the business – important in deciding when and how to implement changes • Acceptable levels and times of service outage levels – also important in the consideration of change and implementation schedules • Critical business and service periods – important periods to avoid • Cost of loss of service – important for Financial Management • Potential security implications of a loss of service – important consideration in the management of risk.

Service Level Requirements (SLR’s) SLR’s for all services will be identified and the ability to deliver against these requirements assessed and finally agreed in a formal Service Level Agreement.

For new services, the requirements must be identified at the beginning of the development process, not after completion.

Building a service with the SLR’s leading the way is an essential factor from a Service Design perspective.

Risks to the Service and Processes ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 69 When implementing the Service Design phase and ITSM processes, business as usual practices must not be adversely affected.

This aspect must be considered during the production and selection of the preferred solution to ensure that disruption to operational services is minimized.

The assessment of risk should then be considered in detail during the Service Transition phase activities as part of the implementation process.

Implementing Service Design The process, policy and architecture for the design of services outlined in this publication will need to be documented and utilized to ensure the appropriate innovative IT services can be designed and implemented to meet current and future agreed business requirements.

The question often asked is ‘which process do I implement first?’ The most correct answer is all of them, as the true value of implementing all of the Service Management processes is far greater than the sum of the individual processes.

All of the processes are interrelated, and in some cases are totally dependent on others.

What is ultimately required is a single, integrated set of processes, providing management control of a set of IT services throughout their entire lifecycle.

However, in reality it is unlikely that organizations can do everything at once.

In this situation it is recommended that the areas of greatest need are addressed first.

A detailed assessment needs to be undertaken to ascertain the strengths and weaknesses of IT service provision.

This should be undertaken by performing customer satisfaction surveys, talking to customers, talking to IT staff and analyzing the processes in action.

From this assessment, short to medium and long term strategies can be developed.

It may be that ‘quick wins’ need to be implemented in the short term to improve the current situation, but these improved processes may have to be discarded or amended as part of the medium to long term strategies.

I ‘quick wins’ are implemented, it is important that they are not done at the expense of the long-term objectives, so these must be considered at all times.

However, every organization will have to start somewhere, and the starting point will be wherever the organization is now in terms of IT Service Management maturity.

Implementation priorities should be set against the goals of a Service Improvement Plan (SIP).

Throughout the implementation process, key players must be involved in the decision making process.

There can be a tendency, when analyzing the areas of greatest need, to go straight for tools to improve the situation.

Workshops or focus groups will be beneficial in understanding the requirements and the most suitable process for implementation that will include people, processes, products and partners.

Step one is to establish a formal process, method of implementation and improvement of Service Design, with the appropriate governance in place.

This formal process should be based around the six stage process of the Continual Service Improvement cycle (found in section 8.2). ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 70 It is important that when implementing or improving processes a structured Project Management method is used.

The improvement process can be summarized as understanding the vision by ascertaining the high-level business objectives.

The ‘vision-setting’ should set and align business and IT strategies and assess the current situation to identify strengths that can be built on weaknesses that need to be addressed.

The following are key elements for successful alignment of IT with business objectives: • Vision and leadership is setting and maintaining strategic direction, clear goals, and measurement of goal realization in terms of strategic direction • Acceptance of innovation and new ways of working • Thorough understanding of the business, its stakeholders and its environment • IT staff understanding the needs of the business • The business understanding the potential • Informational and communication available and accessible to everyone who needs it • Separately allocated time to familiarize with the material • Continuous tracking of technologies to identify opportunities for the business.

The implementation/improvement cycle is useful in checking the alignment between the business and IT (see section 8.2).

Measurement of Service Design The success of the Service Design phase and the success of the improvement to the processes around Service Design must be measured; the data must be analyzed and reported on.

Where the design or process does not meet the requirements of the business as a whole, changes to the process may be required and the results of the changes must also be measured.

Continuous measurement, analysis and reporting are mandatory requirements for both the Service Design process and the ITSM processes.

There are measurement methods available that enable the analysis of service improvement.

The Balanced Scorecard is a method developed by Robert Kaplan and David Norton as a concept for measuring company activities in terms or its vision and strategies.

It gives a comprehensive view of the performance of the business.

The system forces managers to focus on the important performance metrics that drive success.

It balances a financial perspective with customer, internal process and learning and growth perspectives.

More information can be found on the Balanced Scorecard at Six Sigma is a methodology developed by Bill Smith at Motorola Inc.

In 1986, and was originally designed to manage process variations that cause defects, ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 71 defined as unacceptable deviation from the mean or target, and to systematically work towards managing variation to eliminate those defects.

Six Sigma has now grown beyond defect control and is often used to measure improvement in IT process execution.

More information can be found on Six Sigma at Six Sigma (DMADV) is an improvement system used to develop new processes at Six Sigma quality levels and is defined as: Define – formally define the goals of the design activity that are consistent with customer demands and organization strategy.

Measure – identify Critical Success Factors, capabilities, process capability and risk assessment Analyze – develop and design alternatives, create high level design and evaluate capability to select the best design Design – develop detailed design, optimize design and plan for design verification Verify – set up pilot runs, implement production process and hand over to process owners.

This process is an improvement system for existing processes falling below specification and looking for incremental improvement.

Prerequisites for Success There are several prerequisites needed for the Service Design phase and the successful introduction of new or revised processes.

Often these prerequisites for success are elements of one process required by another.

For example, fully completed and up-to-date Business Service Catalogue and Technical Service Catalogue are required before Service Level Management can design the SLA and supporting agreement structure, and before SLM can set up and agree the SLA’s.

Problem Management will depend on a mature Incident Management process.

The prerequisites for success can be much wider than just ITSM process interdependencies.

For example, the design of availability and capacity for a new service can not be achieved without details of the business plan for the utilization of the new service.

The design of service will be impossible without the Service Portfolio and Service Transition pack.

There are more examples of these prerequisites for success that need to be considered and planned before high process maturity levels can be achieved.

Low maturity in one process will mean that high levels of maturity will not be achievable in other processes. 5.4 Service Design Summary Good Service Design means it is possible to deliver quality, cost effective services and to ensure that the business requirements are being met.

It also delivers: • Improved Quality of Service • Improved Consistency of Service ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 72 • • • Improved Service Alignments Standards and Conventions to be followed More Effective Service Performance Service Assets, Service Components for budgeting and IT Accounting, Service Level Requirements Service Acceptance Criteria, Test Plans, Service Transition Plans, Service Design Packages, Configuration Item information, SLAs, OLAs, UCs Service Strategy Service Transition Service Design Support Procedures, User Documentation, Service Catalogues, SLAs, OLAs, UCs, Security & Access Policies Nominated budgets for delivering and supporting services Process metrics and KPIs, Service Portfolios Continual Service Improvement Service Operation Figure 5.M – Some outputs to other lifecycle phases. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 73 5.5 Service Design Scenario Service Level Management • • SLR – detailed requirements that constitute the design criteria to be met.


Secure, clear uninterrupted voice, real time video etc SLA structure – decided to go with multi level (based on decision of service level package used, as well as offering greater security and accessibility to various departments/users.) Capacity Management • Application Sizing – assessing what minimum pc requirements needed to support new HYPE software, as well as type of webcam to best provide service, network bandwidth Modeling – how many users can videoconference before quality of service is affected – throughput/bandwidth targets? How may this service impact on other services? Demand Management – designing to ensure ability to limit bandwidth/video access during peak times for certain users/groups • • Availability Management — • Information Security Management • Confidentiality – user passwords design (e.g.

HYPE service is not controlled locally – all information is stored on vendor’s servers.

If all users use same password as network login, resulting in a clear pattern, then it would be possible for security to be threatened if “someone” hacked into vendor server) Integrity – will logs of all conversations/messages/video kept ad stored? Availability – having those logs available to those who require it, when they require it • • ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 74 Service Catalogue Management • • Business Service Catalogue – will describe HYPE service as business understands it, including levels of service Technical Services Catalogue – will clearly list technical and supporting service information, e.g.

ISP bandwidth, server requirements etc… ITSCM • • The business has decided that this is a BCP, so standby arrangements are negotiated with business ($$) Decided that the telephone line and/or email will be possible recovery measures until service is restored – included in ITSCM plan Supplier Management Negotiate UCs with software vendor, ISP, WAN Monitor external supplier service – discussions with Availability Mgt, Service Desk etc The Service Design processes will ensure that HYPE meets the customer needs and can continue to be supported during the Service Operation phase. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 75 6 Service Transition__________________ The Service Transition lifecycle phase focuses on the vulnerable transition between the Design phase and the Operation phase of a service.

It is particularly critical as functional and technical errors not found during this phase will result in significantly higher impact levels to the business and/or IT infrastructure and will usually cost much more to fix once the Service is in operation.

Processes: • Knowledge Management • Service Asset & Configuration Management • Change Management • Release & Deployment Management • Validation and Testing 6.1 Objectives The development and improvement of capabilities for transitioning new and changed services into operation.

Other objectives include: • To ensure that new and changed services meet customer requirements and do not adversely impact the IT infrastructure or business processes. • To reduce the variation between estimated and actual costs, timeframes, risks and impact scales. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 76 6.2 Major Concepts Components, Tools and Databases The execution of any IT Service Management process usually requires access to, or storage of, relevant sets of data and information.

As the Service Transition phase incorporates the processes of Knowledge Management and Service Asset & Configuration Management, which are heavily focussed on the management of data, information and knowledge, the components, tools and databases needed to do this are discussed during this chapter. SKMS (Service Knowledge Management System) CMS (Configuration Management System) Decisions CMDB (Configuration Management Database) KEDB (Known Error Database) Figure 6.A – Components making up the Service Knowledge Management System SKMS: Service Knowledge Management System (SKMS): The complete set of tools and databases that are used to manage knowledge and information.

The SKMS includes the Configuration Management System as well as other tools and databases.

The SKMS stores, manages, updates and presents all information that an IT service provider needs to manage the full lifecycle of its services.

The main purpose of the SKMS is to provide quality information so that informed decisions can be made by the IT service provider. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 77 CMS: Configuration Management System: A set of tools and databases that are used to manage an IT service provider’s configuration data.

The CMS also includes information about incidents, problems, known errors, changes and releases; and may contain data about employees, suppliers’ locations, business units, customers and users.

The CMS is maintained by Service Asset & Configuration Management and is used by all IT Service Management processes.

Two major components are the: • • CMDB: Configuration Management Database KEDB: Known Error Database.

This database is created by Problem Management and used by Incident and Problem Management. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 78 6.3 Service Transition Processes 6.3.1 Knowledge Management GOAL: To enable organizations to improve the quality of management decision making by ensuring that reliable and secure information and data is available throughout the service lifecycle.

The primary purpose is to improve efficiency by reducing the need to rediscover knowledge.

This requires accessible, quality and relevant data and information to be available to staff.

Benefits that a successful Knowledge Management System would deliver to the business and IT organization: • We can stop having to continually reinvent the wheel • More efficient use of resources (including people) • Enables the organization to continually mature and develop.

Challenges you would see in implementing and operating a Knowledge Management System: • Getting staff to use the systems. • Having the extra time required to record relevant information and knowledge after actions are made. • Managing information and knowledge that is no longer correct or relevant for the organization. • Designing a system that can scale well as an organization grows. One of the more difficult components of Knowledge Management is ensuring that we do more than simply capture discrete facts about various elements of the organization and IT infrastructure.

What this requires is an understanding of the different components and processes required to develop and mature knowledge and wisdom. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 79 Context Wisdom Why? Knowledge How? Information Who, what, when, where? Data Understanding Figure 6.B – Moving from data to wisdom Data: Data is a set of discrete facts.

Most organizations capture significant amounts of data every day.

Information: Information comes from providing context to data.

This usually requires capturing various sources of data and applying some meaning or relevance to the set of facts.

Knowledge: Knowledge is composed of the experiences, ideas, insights and judgments from individuals.

This usually requires the analysis of information, and is applied in such a way to facilitate decision making.

Wisdom: Gives the ultimate discernment of the material and having the application and contextual awareness to provide a strong common sense judgment.

The use of wisdom ultimately enables an organization to direct its strategy and growth in competitive market spaces.

We can use tools and databases to capture Data, Information and Knowledge, but Wisdom cannot be captured this way, as Wisdom is a concept relating to abilities to use knowledge to make correct judgments and decisions. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 80 6.3.2 Service Asset and Configuration Management GOAL: To support the agreed IT service provision by managing, storing and providing information about Configuration Items (CI’s) and Service Assets throughout their life cycle.

This process manages the service assets and Configuration Items in order to support the other Service Management processes.

Terminology Configuration Item (CI): Explanations ANY component that supports an IT service (except people).

Example: IT components or associated items such as Request for Changes, Incident Records, Service Level Agreements.

Specific information about CI’s.

Example: Size of RAM, hard drive, bandwidth Recording and reporting of CI’s at the level that the business requires without being overly complex.

It’s a trade-off balancing the value that the information will provide versus the effort and cost to manage the information over time.

Reporting of all current and historical data about each CI throughout its lifecycle.

Example: Status = Under Development, being tested, live, withdrawn etc Configuration established at a specific point in time.

Captures both the structure and details of a configuration.

Used as a reference point for later comparison (e.g.

After major changes, disaster recovery etc) Attribute: CI Level: Status Accounting: Configuration Baseline: The Configuration Management Database (CDMB): The CMDB is a set of one or more connected databases and information sources that provide a logical model of the IT infrastructure.

It captures Configuration Items (CIs) and the relationships that exist between them.

Figure 6.B demonstrates the elements of a CMDB. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 81 Relationships Configuration Items CI’s Include Software & Documentation!! CI Attributes • Hard disk space • Serial number • Owner • Location • Ram Scope CI Level Figure 6.B – The Configuration Management Database (CMDB) — Verification & Audit Reporting Figure 6.C – Configuration Management Activities Notice how MANAGEMENT & PLANNING are the central activities.

Good, sound Service Asset & Configuration Management requires thorough planning for the operation of the process to work. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 82 Planning: • Defining the strategy, policy, scope, objectives, processes and procedures. • Roles and responsibilities of involved staff and stakeholders. • Location of storage areas and libraries used to hold hardware, software and documentation. • CMDB Design. • CI naming conventions. • Housekeeping including license management and archiving of CI’s.

Identification: The selection, identification, labelling and registration of CIs.

It is the activity that determine what CIs will be recorded, what their attributes are, and what relationships exist with other CIs.

Identification can take place for: • Hardware and Software – include OS • Business systems – custom built • Packages – off the shelf • Physical databases • Feeds between databases and links • Configuration baselines • Software releases • Documentation Control: Ensures that only authorized and identifiable CIs are recorded from receipt to disposal in order to protect the integrity of the CMDB.

Control occurs anytime the CMDB is altered, including: • Registration of all new CIs and versions • Update of CI records and licence control • Updates in connection with RFCs and Change Management • Update the CMDB after periodic checking of physical items Status Accounting: The reporting of all current and historical data concerned with each CI throughout its lifecycle.

Provides information on: • Configuration baselines • Latest software item versions • The person responsible for status change • CI change/incident/problem history ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 83 Verification and Audit: Reviews and audits verify the existence of CIs, checking that they are correctly recorded in the CMDB and that there is conformity between the documented baselines and the actual environment to which they refer.

Configuration Audits should occur at the following times: • Before and after major changes to the IT infrastructure • Following recovery from disaster • In response to the detection of an unauthorized CI • At regular intervals The benefits of the CMDB (not necessarily one physical database): • One tool and not several tools -> reduce costs • Consistent and visible information about the IT infrastructure available to all staff. • One team and not several support teams -> reduce costs, improve consistency in CI management • On stop shop for Configuration queries • The data about CIs and methods of controlling CIs is consolidated -> reduces auditing effort. • Opens opportunities for consolidation in CIs to support services. Roles and Responsibilities Service Asset Management: The management of service assets across the whole lifecycle including: • Full lifecycle management of IT and service assets from acquisitions to disposal • Maintenance of the asset inventory.

Configuration Management: • To provide a logical model of the services, assets and infrastructure by recording the relationships between service assets and configuration items. • To ensure control procedures are complied with to protect the integrity of Configurations. • To support the information needs of other ITIL® processes. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 84 The actual roles related to Service Asset and Configuration Management includes: • Service Asset Manager • Configuration Manager • Configuration Analyst • Configuration Administrator/Librarian • CMS/Tools Administrator • Change Manager (all Changes to CIs must be authorized by Change Management) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 85 6.3.3 Change Management GOAL: To ensure that standardized methods and procedures are used for controlled, efficient and prompt handling of all Changes, in order to minimize the impact of Changerelated Incidents upon service quality, and consequently to improve the day-to-day operations of the organization. “Remember: Not every change is an improvement, but every improvement is a change!” Change Management acts as the greatest contributor to the CMDB, as Changes to CMDB must be assessed and authorized by Change Management first.

To work effectively, Change Management needs to remain impartial to the needs of any one particular IT group or customer, in order to make effective decisions that best support the overall organizational objectives. Terminology Change: Explanations ANY alteration in the state of a Configuration Item.

This includes the addition, modification or removal of approved, supported or baselined hardware, network, software, application, environment, system, desktop build or associated documentation.

Defines how various categories of changes are assessed & authorized, with different mechanisms and activities used to process and deliver changes based on the change type.

A change that follows all of the steps of the change process.

It is assessed by either a Change Manager or Change Advisory Board. Change Models: NORMAL Change: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 86 STANDARD Change: EMERGENCY Change: Request for Change: (RFC) Forward Schedule of Changes (FSC): Projected Service Outage (PSO): Change Advisory Board: (CAB) Emergency CAB: (ECAB) A pre-approved Change that is low risk, relatively common and follows a procedure or work instruction.


Password reset or provision of standard equipment to a new employee.

RFCs are not required to implement a Standard Change, and they are logged and tracked using a different mechanism, such as a service request.

A change that must be introduced as soon as possible.


To resolve a major incident or implement a security patch.

The change management process will normally have a specific procedure for handling Emergency Changes.

Standard form to capture and process ALL Changes to any CI Schedule of Approved Changes and proposed implementation dates.

The Service Desk should communicate this to the users.

Details of Changes to agreed SLAs and service availability because of the Forward Schedule of Change in addition to planned downtime from other causes such as planned maintenance and data backups.

A group that provides expert advice to the Change Manager.

Involves representatives from various IT and business areas as well as other involved stakeholders including external suppliers.

Chaired by the Change Manager Subgroup of CAB to provide expert advice on urgent Change matters. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 87 Activities: Create RFC Record the RFC Update change and configuration information in CMS Initiator Change proposal (optional) requested Review RFC Change Management — Evaluation report * Includes build and test the Figure 6.C– The Activities of Change Management Important Steps: 1.

The RFC is logged: 2.

An initial review is performed (filter RFCs) 3.

The RFCs are assessed – may require involvement of CAB or ECAB. 4.

This is authorized by the Change Manager 5.

Work orders are issued for the build of the Change (carried out by other groups) 6.

Change Management coordinates the work performed. 7.

The Change is reviewed. 8.

The Change is closed. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 88 Where can RFCs be initiated? Anywhere (Other ITIL® processes, customers, end-users etc.) Who does the actual build/test/implement? • Technical areas • Project Teams • Release and Deployment Management Assessing and Evaluating Changes To ensure that the Change Management process does not become a bottleneck, it is important to define what Change Models will be used to ensure effective and efficient control and implementation of RFCs.

Impact: • Standard Escalation Level: Executed using a pre-defined form/template Normal Changes • Minor • Significant • Major Urgency: • Normal • Emergency Change Manager (CM) Change Advisory Board (CAB) IT Management Board Change Manager or CAB Emergency CAB Committee (ECAB) The 7Rs of Change Management: When assessing Changes, it is important to have answers to the following seven questions: • Who RAISED the change? • What is the REASON for the change? • What is the RETURN required from the change? • What are the RISKS involved in the change? • What RESOURCES are required to deliver the change? • Who is RESPONSIBLE for the build, test and implementation of the change? • What is the RELATIONSHIP between this change and other changes? ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 89 These questions must be answered for all changes.

Without this information the impact assessment cannot be completed, and the balance of risk and benefit to the live service will not be understood.

This could result in the change not delivering all the possible or expected business benefits or even of it having a detrimental, unexpected effect on the live service. Authorization of Changes: While the responsibility for authorization for Changes lies with the Change Manager, they in turn will ensure they have the approval of three main areas. • Financial Approval – What’s it going to cost? And what’s the cost of not doing it? • Business Approval – What are the consequences to the business? And not doing it? • Technology Approval – What are the consequences to the infrastructure? And not doing it? Key Points: • Consider the implications of performing the Change, as well as the impacts of NOT implementing the Change. • Importance of empowering Change Manager as their primary role is to protect the integrity of the IT infrastructure. Relationship with Project Management: Figure 6.D Relationship with Project Management ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 90 How • • • does Change Management work with Project Management? Change Management authorizes, controls, coordinates Does not plan, build, test or implement.

Change Management is concerned with Remediation Planning to ensure that each RFC has a fallback / rollback plan. Roles and Responsibilities Change Manager • Administration of all RFCs. • Prepare RFCs for CAB meetings, FSC for Service Desk. • Authorize (or reject) changes.

CAB • Advises Change Manager on authorization issues for RFCs with significant or major impact.

Release and Deployment Manager • Manages the release of changes. • Advises the Change Manager (as part of CAB) on release issues.

Technical specialists • Build and test the actual change. Key Performance Indicators (KPIs) of Change Management It is important that a balanced view of metrics is used when assessing the effectiveness and efficiency of the Change Management process.

These metrics include: • Number of RFCs (Accepted/Rejected) • Number and % of successful Changes • Emergency Changes • Number of Changes awaiting implementation • Number of implemented Changes • Change backlogs and bottle-necks • Business impact of changes • Frequency of Change to CIs ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 91 Challenges affecting Change Management • • • • • Change in culture – 1 central process comes into place that influences everyone’s activities Bypassing – projects ducking the Change Management planning Optimal link with Configuration Management – to execute a controlled change all data MUST be reliable Commitment of the supplier(s) to the process Commitment of management. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 92 6.3.4 Release and Deployment Management GOAL: To deploy releases into production and establish effective use of the service in order to deliver value to the customer and be able to handover to Service Operation. Terminology Release: Release Unit: Explanations A collection of authorized Changes to an IT Service.

A Release Unit describes the portion of a service of IT infrastructure that is normally released together according to the organization’s release policy.

The unit may vary depending on type(s) or item(s) of service asset or service component such as hardware or software.

The secure library in which the definitive authorized versions of all media CIs are stored and protected.

The DML should include definitive copies of purchased software (along with license documents or information) as well as software developed on site.

Physical storage of all spare IT components and assemblies maintained at the same level as within the live environment.

New IT assemblies are stored here until ready for use, and additional components can be used when needed for additional systems or in the recovery from Incidents. • Details recorded in the CMDB, controlled by Release and Deployment Management. Definitive Media Library (DML): (previously known as the DSL) Definitive Spares (DS): (previously known as DHS) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 93 Figure 6.E – The Definitive Media Library and Definitive Spares Remember – the elements found within the DML and DS are referenced by the CMDB as CIs.

Release and Deployment Management also works closely with Change Management and the Service Desk to inform users of scheduled changes/deployments.

Tools used to do this can include: • email notification • sms notification, • verbal communication. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 94 Options for Releases Big Bang: The new or changed service is deployed to all user areas in one operation.

This will often be used when introducing an application change and consistency of service across the organization is considered important.

The negative aspect of the Big Bang approach is that it increases the risk and impact of a failed Release.

Phased Approach: The service is deployed to a part of the user base initially, and then this operation is repeated for subsequent parts of the user base via a scheduled rollout plan.

This will be the case in many scenarios such as in retail organizations for new services being introduced into the stores’ environment in manageable phases.

The Push Approach: Is used where the service component is deployed from the centre and pushed out to the target locations.

In terms of service deployment, delivering updated service components to all users, either in big bang or phased form is using the push approach, since the new or changed service is delivered into the users’ environment at a time not of their choosing.

The Pull Approach: Used for software releases where the software is made available in a central location but users are free to pull the software down to their own location at a time of their choosing or when a workstation restarts.

Automated: The use of technology to automate Releases.

This helps to ensure repeatability and consistency.

The time required to provide a well-designed and efficient automated mechanism may not always be available or viable.

Manual: Using manual activities to distribute a Release.

It is important to monitor and measure the impact of many repeated manual activities as they are likely to be inefficient and error prone. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 95 Activities Release policy & planning Design & develop or order & purchase Build & configure release Release testing & acceptance Deployment planning Communication, preparation & training Logistics, Delivery & installation Key Points: The Release Policy is the overarching strategy for Releases and was derived from the Service Design phase of the Service Lifecycle.

The Release Plan is the operational implementation for each release.

The Rollout Plan is the documented approach for distributing a single Release. Release Planning: • Defining the Release contents • Defining the Release Schedule • Defining the resources, roles & responsibilities required for the Release.

Design & Test: (Coordinates with other Service Design and Service Transition Processes): • Produce Release assembly & build instructions • Create Installation scripts • Run Test plans • Develop Back-out procedures • Produce tested installation procedures Rollout Planning: • Defining timetable for distribution • Identification of affected CIs • Defining communication plans • Defining training plans • Communication & training for: o Users o Support staff (including the Service Desk) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 96 Logistics, Distribution & Installation: • Implement the release strategy • CMDB updated where necessary after installation • Service Desk is updated about any issues to manage the transition. Figure 6.E – Transitioning New and Changed Services into Operation Note how Change, Release & Deployment, Service Validation & Testing and Service Asset & Configuration Management work together for the transition of new or modified Services. Roles and Responsibilities Release & Deployment Manager • Drive effectiveness & efficiency of process • Manage release management team • Liaise with Change & Configuration Management, IT platform managers, Application Developers etc.

Skills: technical & coordination skills, project manager.

Release & Deployment Management Team • Manage the DML & DS • Design, build, test & deploy releases. • Manage software management/distribution tools. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 97 6.3.5 Service Validation and Testing GOAL: To ensure that new or changed IT Services match the design specification and will meet the needs of the business.

The underlying concept to which Service Validation contributes is quality assurance – establishing that the service design and release will deliver a new or changed service or service offering that is fit for the purpose and fit for use.

Testing is a vital area within Service Management and has often been the unseen underlying cause of what was taken to be inefficient Service Management processes.

If services are not tested sufficiently then their introduction into the operational environment will bring rise in: • • • • • Incidents – failures in service elements and mismatches between what was wanted and what was delivered impact on business support Service Desk calls for assistance – services that are not functioning as intended are inherently less intuitive causing higher support requirements Problems and errors – that are harder to diagnose in the live environment.

Costs, since errors are more expensive to fix in production than if found in testing.

Services that are not used effectively by the users to deliver the desired value. The Service Validation and Testing process closely collaborates with other Service Transition processes as well as others from across the Service Lifecycle. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 98 Validate Service Packages, Offerings and contracts 1b Service Acceptance Test 2b Service Operational Readiness Test 3b Service Release Package Test 4b Level 1 Define Customer/Business Requirements 1a Define Service Requirements 2a SLR Draft SLA Service Review Criteria/Plan Contract, Service Package, SLP, SPI Level 2 Service Acceptance Criteria/Plan Level 3 — Internal and external suppliers Figure 6.F – The Service V Model The Service V Model is a concept of establishing acceptance requirements against various levels of requirements that apply in order to justify release to the customer for trial and assessment.

The left hand side represents the specification of the service requirements down to the detailed Service Design.

The right hand side focuses on the validation and test activities that are performed against the specifications defined on the left hand side, and there is direct involvement by the equivalent party on the right hand side.

It shows that service validation and acceptance test planning should start with the definition of service requirements.

E.G customers who sign off the agreed service requirements will also sign off the service Acceptance Criteria and test plan if successful. 6.3.6 Implementation ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 99 Implementing Service Transition in an organization when this has not existed before is only likely if a new service provider is being established.

Therefore, the task for most service provider organizations will be one of service improvement, a matter of assessing their current approach to the Service Transition processes and establishing the most effective and efficient improvements to make, prioritized according to the business benefit that can be achieved.

Implementing new or improved Service Transition processes will be a significant organizational change and an introduction of improved services delivered by the service provider.

From that context, much of the guidance in this publication on delivering new or changed services is directly applicable to introducing Service Transition itself.

In doing so, is in itself, a Service Transition exercise, since it is changing the services delivered by the service provider. Stages of Introducing Service Transition These stages will match those of other services, requiring a justification for the introduction, designing of the Service Transition components and then their introduction to the organization (transitioning) before they can run in normal mode. Justifying Service Transition Service Transition is a key contributor to the service provider’s ability to deliver quality services to the business.

It is the delivery mechanism between the work of design, and the day-to-day care delivered by operations.

However, Service Transition processes are not always visible to customers, and this can make financial justification difficult.

When setting up Service Transition, attention needs to be paid to ways of quantifying and measuring the benefits, typically as a balance between impact to the business (negative and positive) and cost) in terms of money/staff resources) and in terms of what would be prevented by applying resource to any specific transition, such as delivering staff resources or delaying implementation.

Gathering of evidence on the cost of current inadequate Service Transition is a valid and useful exercise, addressing issues such as: • Cost of failed changes • Extra cost of actual transition compared with budgeted costs • Errors found in live running that could have been detected during test transition.

Designing Service Transition Useful factors to consider when designing Service Transition are: Applicable standards and policies ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 100 Consider how agreed policies, standards and legislation will constrain the design of Service Transition.

Considerations might include requirements for independence and visible accountability.

Relationships Other internal support services: there are many situations when Service Transition must work together with other areas that are transitioning other elements of a business change, such as HR, facilities management, production control, education and training.

The processes will be designed to facilitate these relationships.

The aim should be to ensure that ownership for each component of the overall service package is defined and subsequently management responsibility is clear.

Program and project management Major transition may be managed as programs or projects, and Service Transition will deliver their role within the appropriate umbrella.

To ensure appropriate transition is delivered, staff will be involved in agreeing key program and project milestones and timelines and Service Transition should be set up to adopt this role.

To be effective, Service Transition needs to take a broader view across projects, combining transitions and releases to make the best use of available resources.

Internal development teams and external suppliers Communication channels will need to deal with defects, risks and issues discovered during the transition process.

Channels to both internal teams and external suppliers will need to be identified and maintained.

Customers/user Communication with customers and users is important to ensure that the transitioned service will remain focused on current business requirements.

The requirements at actual transition may evolve from the needs identified at design stage and communication channels with the customer will be the source of identifying those changes.

Effective communication will benefit from an agreed strategic stakeholder contact map.

In many circumstances this communication will be routed through service or account management or Service Level Management, but these channels need to be identified and designed into the Service Transition processes also.

Other stakeholders Other stakeholders will need to interface with Service Transition and these should be identified for all foreseeable circumstances, including in disaster recovery scenarios, and so liaison with ITSCM should be created for.

Other possible considerations might include: • IT, e.g.

Networks, IT security, data management • Outside of IT but within the organization, e.g.

Facilities management, HR physical security ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 101 • Outside of the organization, e.g.

Landlords, police and regulatory bodies. Budget and resources Funding approach A mechanism for controlling the funding of the transition infrastructure needs to be established, this will need to include: • Testing environments • SCM and Service Knowledge Management Systems The costing of transition objectives needs to be an essential inclusion of design.

Often the transition options will be costed and a business risk-based decision reached.

Resources Similar to the issues and options identified in the funding area, supply and control of other resources will need to be addressed within the Service Transition such as: • Staff • Central Infrastructure Test environment management is a major item of expenditure and a significant resource element in many organizations.

Under funding/resourcing can cause very expensive errors and problems in supporting live services, and have severe detrimental effects on an organization’s overall business capability. Risk & Value As with all transitions, decisions around transitioning the transition service should not be made without adequate understanding of the expected risks and benefits.

Risks may include: • Alienation of support staff • Excessive costs to the business • Unacceptable delays to business benefits.

The risks and beneficial values require a baseline of the current situation, if the changes are to be measureable.

Measures of the added value from Service Transition might include: • Customer and user satisfaction • Reduced incident and failure rates for transitioned services • Reduced cost of transitioning. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 102 6.4 Service Transition Summary Effective Service Transition can significantly improve a Service provider’s ability to effectively handle high volumes of change and releases across its Customer base.

Other benefits delivered include: • Increased success rate of Changes and Releases • More accurate estimations of Service Levels and Warranties • Less variation of costs against those estimated in budgets • Less variation from resources plans. FSC, Testing and Validation Results, PIR Testing and Validation Results, Changes to IT infrastructure & services, Guidance for SLAs, OLAs, and UCs, Configuration Item information (CMDB) Service Design Service Strategy Service Transition Initial End User Support, Known Errors from Development, Release Packages, Change Authorization, CMDB Service Operation Testing and validation results, process metrics for improvements, IT infrastructure audits Continual Service Improvement Figure 6.G – Some outputs to other lifecycle phases. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 103 6.5 Service Transition Scenario Knowledge Management • • • If your SKMS is established, you would be able to identify if you have the skills required to support videoconferencing, for example.

The SKMS will also help to determine the team required to build, test and deploy HYPE.

User and support documentation Service Asset and Configuration Management • HYPE software is registered as CI and relationships between it and the other CIs are known if…when… an incident occurs.

This will assist to speed up resolution times.

Decision made as to whether webcams are CIs themselves or an attribute of the pc/laptop it is attached to • Change Management • Ensure that the introduction of this new service minimizes impact on other services.

E.g. – through testing, it is found that the RAM required slows down the pc, affecting other business critical apps.

Change Mgt will assist with decision making to determine best path of action (through CAB). Release and Deployment Management • • • • Builds and tests HYPE – decision here to limit video resolution to minimize bandwidth.

Stores original authorized software in DML Ensures that design aspects are adhered to when building (e.g. – ensuring that the password policies are adhered to, Organizes training on using HYPE – (inservices Service Desk 1st ) Service Validation and Testing • • • • Tests HYPE based on customer criteria – (set out in Service Design) looks at access, impact on live environment As stated previously, found RAM issues and referred back to Change via RFC Quality of components ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 104 7 SERVICE OPERATION_______________ From a customer viewpoint, Service Operation (SO) is where actual value is seen.

This is because it is the execution of strategies, designs and plans and improvements from the Service Lifecycle phases.

Functions Service Desk Technical Management Application Management IT Operations Management Processes Incident Management Problem Management Event Management Request Fulfillment Access Management The Service Operation phase is also concerned with the operational activities that need to be performed for the processes found in the other lifecycle phases. 7.1 Objectives To enable effectiveness and efficiency in delivery and support of IT services.

Other objectives include: • Delivering cost-effective stability in the IT infrastructure • Providing effective and efficient mechanisms to deal with Service Requests, Events, Incidents and Problems. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 105 7.2 Major Concepts Achieving the Balance Service Operation is more than just a repetitive execution of a standard set of procedures or activities.

SO works in an ever changing environment.

This forms a conflict between maintaining the status quo and adapting to changes in the business and technological environments.

One of Service Operation’s key roles is to deal with this conflict and to achieve a balance between conflicting sets of priorities.

Error! Achieving the Balance Internal IT View: Focuses on the way in which IT components and systems are managed to deliver the services.

An organization here is out of balance and VS is in danger of not meeting business requirements.

Stability: No matter how good the functionality is of an IT service or how well it has been designed, it will be worth far less if the service components are not available or if they perform inconsistently.

Service Operation has to ensure that the IT VS infrastructure is stable and available as required.

However an extreme focus on stability means that IT is in danger of ignoring changing business requirements External Business View: Focuses on the way in which services are experienced by its users and customers.

An organization has business focus, but tends to under-deliver on promises to the business.

Responsiveness: Service Operation must recognize that the business and IT requirements change.

When there is an extreme focus on responsiveness IT may tend to overspend on change and also decrease the stability of the infrastructure. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 106 Cost of Service: An organization with an extreme focus on cost is out of balance and is in danger of losing service quality because of heavy cost cutting.

The loss of service quality leads to a loss of customers, which in turn leads to VS further cost cutting as the negative cycle continues. Quality of Service: An organization with an extreme focus on quality has happy customers but may tend to overspend to deliver higher levels of service than are strictly necessary, resulting in higher costs and effort required.

The goal should be to consistently to deliver the agreed level of IT service to its customer and users, while at the same time keeping costs and resource utilization at an optimal level.

Proactive: An extremely proactive organization tends to fix services that are not broken, or introduce services that are not yet needed, resulting in higher levels of change, costs and effort.

This also comes at a cost of stability to the infrastructure and quality of service already being delivered. Reactive: An organization that is extremely reactive is not able to effectively support the business strategy.

Unfortunately a lot of organizations focus on reactive management as the sole means to ensure services are highly consistent and stable, actively discouraging proactive behavior VS from staff.

The worst aspect of this approach is that discouraging effort investment in proactive Service Management can ultimately increase the effort and cost of reactive activities and further risk stability and consistency in services. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 107 7.3 Service Operation Functions “Know your role, do your job” Team motto describing the goal for every player, coach and general staff member of the Kansas City Chiefs. Functions refer to the people and automated measures that execute a defined process, an activity or combination of both.

The functions within Service Operation are needed to manage the ‘steady state’ operation IT environment.

Just like in sports where each player will have a specific role to play in the overall team strategy, IT Functions define the different roles and responsibilities required for the overall Service Delivery and Support of IT Services. Figure 7.A – The ITIL® Functions from Service Operation NOTE: These are logical functions and do not necessarily have to be performed by equivalent organizational structure.

This means that Technical and Application Management can be organized in any combination and into any number of departments.

The lower groupings (e.g.

Mainframe, Server) are examples of activities performed by Technical Management and are not a suggested organizational structure. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 108 7.3.1 The Service Desk GOAL: To support the agreed IT service provision by ensuring the accessibility and availability of the IT organization and by performing various supporting activities.

Terminology Service Desk Types: Explanation • Relates to the skill level and first-time resolution rate for service calls. • Handling/logging of large volumes of calls.

Low first-time resolution rate for calls and requests.

Manage and co-ordinate incidents.

Medium first-time resolution rate for calls and requests.

A wide variety of services offered.

High first-time resolution rate for calls and requests.

Relates to the physical organization of the service desk. Call Centre: Help Desk: • Service Desk: • — Virtual • Follow-the-Sun • ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 109 User Group SD Analyst SD Analyst SD Analyst User Group User Group SD Analyst Virtual Service Desk SD Analyst SD Analyst Support Group Support Group Support Group Figure 7.B – A Virtual Service Desk structure Skills Due to the role played by the Service Desk, staff members need to have (or have the ability to develop): • Communication Skills • Technical Skills • Business Understanding The most important of these three are communication skills as the primary role of the Service Desk is to provide a Single Point of Contact between the end-users and the IT organization.

Because of this, they will need to be able to deal effectively with a widerange of people and situations. Self-Help Many organizations find it beneficial to offer “Self Help” capabilities to their users.

The technology should therefore support this capability with some form of web front-end allowing web pages to be defined offering a menu-driven range of self help and service requests – with a direct interface into the back-end process-handling software.

This reduces the amount of calls into the Service Desk and is often used as a source for improvements to efficiency.

An example of this is the ability for a customer to track online the status of their parcels when shipped through a major courier company. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 110 Aside from this, the Service Desk will use many different tools, systems and other technology components in order to provide effective and efficient support to end-user calls and requests.

To enable this, typical technology components utilized include: • Computerized service desk systems • Voice services (adv.

Menu systems, voicemail, SMS) • Web and email (access, notification, updates) • Systems that contain linkages to SLAs, CMDB • Access to availability monitoring tools • Self help for customers using technology.

Key Performance Indicators for the Service Desk: It is important to use a balanced range of metrics for measuring the effectiveness and efficiency of the Service Desk.

Typical metrics include: • Number of calls to Service Desk • Number of calls to other support staff (look to decrease escalations over time) • Call resolution time • Customer satisfaction (surveys) • Use of self help (where exists) Figure 7.C – The Service Desk managing all end-user communication ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 111 7.3.2 Technical Management Goal: To help plan, implement and maintain a stable technical infrastructure to support the organization’s business processes through: • Well designed and highly resilient, cost effective topology • The use of adequate technical skills to maintain the technical infrastructure in optimum condition • Swift use of technical skills to speedily diagnose and resolve any technical failures that do occur.

One or more technical support teams or departments will be needed to provide Technical Management and support for the IT Infrastructure.

In all but the smallest organizations where a single combined team or department may suffice, separate teams or departments will be needed for each type of infrastructure being used.

In many organizations the Technical Management (TM) departments are also responsible for the daily operation of a subset of the IT Infrastructure.

In many organizations, the actual role played by IT Operations Management is carried out by either Technical or Application Management.

Roles and Responsibilities: • Custodian of technical knowledge and expertise related to managing the IT Infrastructure.

Provides detailed technical skills and resources needed to support the ongoing operation of the IT Infrastructure. • Plays an important role in providing the actual resources to support the IT Service Management lifecycle.

Ensures resources are effectively trained and deployed to design, build, transition, operate and improve the technology to deliver and support IT Services. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 112 + Specialist Technical Architects & Designers = Specialist Maintenance & Support Staff (Primarily involved in Service Operation) Technical Management Figure 7.D – Staff making up the Technical Management Function It is important that the Technical Management function is made up of both the support staff as well as those involved in the design of the service.

This is because quality support needs the input of the design team, and quality design needs input from those who will be supporting the service. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 113 7.3.3 IT Operations Management Goal: To perform the daily operational activities needed to manage the IT Infrastructure.

This is done according to the performance standards defined during Service Design.

In many senses, the function performs many of the logistical activities required for the effective and efficient delivery and support of services (e.g.

Event Management).

In some organizations this is a single, centralized department.

While in others some activities and staff are centralized and some are provided by distributed and specialized departments.

In many cases, the role of IT Operations Management is actually performed by the Technical and Application Management functions where required. Roles and Responsibilities: • Maintenance of the ‘status quo’ to achieve stability of the organization’s day to day processes and activities. • Regular scrutiny and improvements to achieve improved service at reduced costs, whilst maintaining stability. • Swift application of operational skills to diagnose and resolve any IT operations failures that occur.

IT Operations Management has two unique functions, which are usually organized into two groups: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 114 IT Operations Control: generally staffed by shifts of operators and ensures that routine operational tasks are carried out.

Also provides centralized monitoring and control activities, usually using an Operations Bridge or Network Operations Centre.

Event Management is a process carried out by IT Operations Control.

Facilities Management: management of the physical IT environment, usually data centers or computer rooms.

In some organizations many physical components have been outsourced and Facilities Management may include the management of the outsourcing contracts. IT Operations Control Event Mgmt Console Mgmt Job Scheduling Backup & Restore Print & Output Facilities Management Data Centers Recovery Sites Consolidation Contracts ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 115 7.3.4 Application Management Goal: To help design, implement and maintain stable applications to support the organization’s business processes.

Application Management is usually divided into departments based on the application portfolio of the organization allowing easier specialization and more focused support.

Roles and Responsibilities: • Managing Applications throughout their lifecycle. • Supports and maintains operational applications, and plays an important role in design, testing and improvement of applications that form part of IT Services. • Support the organization’s business processes by helping to identify functional and manageability requirements for application software. • Assist in the design and/or deployment of those applications. • Provide ongoing support and improvement of those applications. • Identify skills required to support the applications Application Management Financial Management HR Apps Business Apps ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 116 7.4 Service Operation Processes The goal of Service Operation as previously mentioned is to enable effectiveness and efficiency in delivery and support of IT services.

The processes that support this goal are: • Event Management • Incident Management • Problem Management • Request Fulfillment • Access Management Service Desk Technical Support Groups Event Management Incident Management Problem Management Request Fulfillment Access Management Figure 7.E – Where the Service Operation Processes get carried out The figure above demonstrates how much responsibility the Service Desk and the Technical Support Groups (Technical, IT Operations and Application Management functions) have in the Service Operation Processes.

Incident Management, Request Fulfillment and Access Management are primarily carried out by the Service Desk, with Event Management and Problem Management as primarily ‘back-of-house’ processes. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 117 7.4.1 Event Management Goal: To enable stability in IT Services Delivery and Support by monitoring all events that occur throughout the IT infrastructure to allow for normal service operation and to detect and escalate exceptions.

Event Management also: • Provides the entry point for the execution of many Service Operation processes and activities (e.g.

Incident Management) • Provides a way of comparing actual performance and behaviour against design standards and Service Level Agreements. • Provides a basis for Service Assurance and Reporting and Service Improvement in the Continual Service Improvement phase. An event can be defined as a change of state that has significance for the management of a Configuration Item (including IT Services).

This can be detected by technical staff or be automated alerts or notifications created by CI monitoring tools. Alert: A warning that a threshold has been reached or something has been changed. (An event has occurred) Trigger: An indication that some action or response to an Event may be needed. There are many different types of events, for example: • Events that signify regular operation: successfully) Events that signify an exception: (e.g.

A scheduled backup occurred • • (e.g.

A scheduled backup failed) Events that signify unusual but not exceptional operation.

These are an indication that the situation may require closer monitoring. (e.g.

No backup initiated within last 72 hours) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 118 Activities Event Occurs Event Detection Alert Event Filtering Significance of events Event Correlation Trigger Response Selection — Review Actions Close Event Figure 7.F – Activities of Event Management NOTE: In most organization’s IT infrastructure there would be a significant amount of events occurring every day, which may impact on the way in which events are correlated and provide triggers indicating a response is needed. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 119 7.4.2 Incident Management Goal: To restore normal service operation as quickly as possible and minimize the adverse impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained.

What is the difference between Incident Management and Problem Management? Incident Management is not concerned with the root cause, only addresses the symptoms as quickly as possible. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 120 Major Concepts: Escalation: Hierarchical Combination Functional Escalation is the human element of Incident Prioritization.

It helps us identify incidents that may need to be moved up or down the priority list due to changing factors or priorities.

Escalations can also be combined. Figure 7.G – Escalation Graph — 4 5 IMPACT + URGENCY = PRIORITY • Impact: Degree to which the user/business is affected • Urgency: Degree to which resolution can be delayed Figure 7.H – Priority Grid ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 121 Activities: Ownership, Monitoring, Tracking and Communication Incident identification/ Logging Categorization & Initial Support, Prioritization Investigation & Diagnosis Resolution & Recovery Incident Closure Minimum Service Desk Responsibility Figure 7.I – Activities of Incident Management Ownership, Monitoring, Tracking & Communication • Service Desk OWNS/accountable for ALL Incidents • Monitor progress, escalation of Incidents • Advise user and IT management Incident identification and Logging • Update/confirm Incident and user details Categorization, Initial Support, Prioritization (Most critical activity) • Categorize so the exact type of call is recorded e.g.

Incident (E.g.

Desktop, Network, Email) • Assess urgency and impact to assign priority • Match against existing Problems/Known Errors • Match multiple Incidents and create new Problem record. • Prioritization: taking into account the impact and urgency (how quickly to incident needs a resolution).

Investigation and Diagnosis • Assess the Incident details and provide workaround (if available) • Escalate to support areas (Functional) or IT management (Hierarchical) Resolution and Recovery • Resolve the Incident or raise a RFC Incident Closure • Update details of actions taken and classification of Incident. • Confirm closure with User ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 122 Major Incidents The highest category or impact defined for an incident.

A major incident results in significant disruption to the business.

A separate procedure, with shorter timescales and greater urgency, must be used for ‘major’ incidents.

A definition of what constitutes a major incident must be agreed and ideally mapped on to the overall incident prioritization system – such that they will be dealt with through the major incident process.

This often leads directly into Problem Management, to ensure that the root-cause of the Incident is removed and the incident never occurs again. Roles and Responsibilities Incident Manager: • Drive effectiveness & efficiency of process • Manage incident management team • Ensure SLA targets for Incident resolution are met.

Skills: analytical, technical, business understanding, communication, calm under pressure.

Service Desk: • Log/record Incidents • Incident classification and categorization • Provide initial support • Match to existing Incident or Problem records • Manage communication with end-users 1st, 2nd, 3rd line support groups (including Management): • Incident classification • Investigation and resolution of Incidents Technical and Application ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 123 Key Performance Indicators for Incident Management Just like any other ITIL® process, a balanced range of metrics must be used to demonstrate effectiveness and efficiency of the Incident Management process, including: • Total number of incidents • Percentage of Incidents handled within agreed response time (Incident responsetime targets may be specified in SLAs, for example, by impact code) • Average cost per Incident • Percentage of Incidents closed by the Service Desk without reference to other levels of support • Number and percentage of Incidents resolved remotely, without the need for a visit. Challenges affecting Incident Management: • • • • • Are all calls registered? Under a unique number? Which priority codes do we use and how is the priority determined? Organization of the 1st line Organization of the 2nd line What % “closed on first call” is possible through Incident Management? ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 124 7.4.3 Problem Management Goal: To minimize the adverse impact of Incidents and Problems on the business that are caused by errors within the IT infrastructure, and to prevent the recurrence of Incidents related to these errors. Defined as two major processes: Reactive Problem Management Proactive Problem Management ** ** (initiated in Service Operation but generally driven as part of Continual Service Improvement) Terminology Problem: Explanations Unknown underlying cause of one or more Incidents (The investigation) Known underlying cause.

Successful diagnosis of the root cause of a Problem, and workaround or permanent solution has been identified Known Error Database, where Known Errors and their documented workarounds are maintained.

This database is owned by Problem Management.

The documented technique in which to provide the user with the required functionality, by either alternate means or by carrying out some action required to restore service. Known Error: KEDB: Workaround: ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 125 Relationship with other Processes: Incident Management Problem Management Change Management Incident Incident Incident Incident Incident Fighting symptoms Problem Known Error Known Error found RFC — Implementing the change As shown above, the way in which Problems identified and corrected occur in multiple ways.

For most organizations, the primary benefit of Problem Management is demonstrated in the “Many to One” relationship between Incidents and Problems.

This enables an IT Service Provider to resolve many Incidents in an efficient manner by correcting the underlying root-cause.

Why do some Problems not get diagnosed? • Because the root cause is not always found.

Why do some Known Errors not get fixed? • Because we may decide that the costs exceed the benefits of fixing the error or • Because it may be fixed in an upcoming patch from a Supplier, e.g.

Windows patch or update. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 126 Two Sub-Processes of Problem Management Reactive Problem Management Reporting Proactive Problem Management Figure 7.J – The two sub-processes of Problem Management The activities of Problem Management are carried out within the Proactive and Reactive Problem Management.

The main goal of Proactive Problem Management is to identify errors that might otherwise be missed.

Proactive Problem Management analyses Incident Records, and uses data collected by other IT Service Management processes and external sources to identify trends or significant problems. Reactive Problem Management Figure 7.K – The activities of Reactive Problem Management The activities of Reactive Problem Management are similar to those of Incident Management for the logging, categorization and classification for Problems.

The subsequent activities are different as this is where the actual root-cause analysis is performed and the Known Error corrected. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 127 Major Problem Review After every major problem, while memories are still fresh a review should be conducted to learn any lessons for the future.

Specifically the review should examine: • Those things that were done correctly • Those things that were done wrong • What could be done better in the future? • How to prevent recurrence • Whether there has been any third-party responsibility and whether follow-up actions are needed.

Such reviews can be used as part of training and awareness activities for staff – any lessons learned should be documented in appropriate procedures, working instructions, diagnostic scripts or Known Error Records. Proactive Problem Management The two main activities of Proactive Problem Management are: • Performing a Trend Analysis o Review reports from other processes (e.g.

Incident, Availability Management) o Identify recurring Problems or training opportunities. • Targeting Preventative Action o Perform a cost – benefit analysis of all costs associated with prevention o Target specific areas taking up the most support attention Roles and Responsibilities Problem Manager • Drive effectiveness & efficiency of process • Manage the Problem Management team • Liaise with customers, IT executive, IT platform managers Skills: • Business knowledge, • Lateral thinker, coordination skills.

Problem Management Team (including Application and Technical Management functions) • Reactive & proactive problem management • Provide management reports • Assist Incident Management Skills: • Analytical, technical, business knowledge ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 128 7.4.4 Request Fulfillment Goal: To provide an effective and efficient channel for users to make requests, gain information and obtain standard Services.

A Service Request is: • A request for information or advice • A request for a standard change • A request for access to an IT Service Standard Change: E.g.

User asking for a password reset or for the provision of standard IT services.

These are usually handled by the Service Desk and do get implemented via the normal steps of Change Management.

Roles and Responsibilities: Request Fulfilment is primarily carried out by the Service Desk Function, but is also assisted by other teams within the IT organization.

Just like Change Management, to assist with Request Fulfilment many organizations will wish to create pre-defined Request Models.

These would typically include some form of pre-approval by Change Management. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 129 7.4.5 Access Management Goal: To grant authorized users the right to use a Service while preventing access to nonauthorized users in order to protect the confidentiality, integrity and availability (CIA) of information and infrastructure. Relationship with other Processes Access Management is the execution of policies and actions defined in Information Security and Availability Management. Requesting Access Verification Providing Rights Monitoring Identity Status Logging & Tracking access Removing or Restricting rights Figure 7.L – Access Management Activities Figure 7.L demonstrates the lifecycle for managing access to services, information and facilities. 7.4.6 Implementation This section focuses on generic implementation guidance for Service Operation as a whole.

Managing Change in Service Operation ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 130 The purpose of Service Operation is to achieve stability.

Service Operation staff must ensure that changes are absorbed without adverse impact upon the stability of the IT services.

Change Triggers There are many things that can trigger a change in the Service Operation environment.

They include: • • • • • • New or upgraded hardware or network components New or upgraded applications software New or upgraded system software (operating system, utilities, middleware etc.

Including patches and bug fixes) Legislative, conformance or governance changes Obsolescence – some components may become obsolete and require replacement or cease to be supported by the supplier/maintainer Business imperative – you have to be flexible to work in ITSM, particularly during Service Operation, and there will be many occasions when the business needs IT changes to meet dynamic business requirements Enhancements to processes, procedures and/or underpinning tools to improve IT delivery or reduce financial costs Changes of management or personnel (ranging from loss or transfer of individuals right through to major take-over’s or acquisitions) Change of service levels or in service provision – outsourcing, insourcing, partnerships, etc. • • • Change Assessment In order to ensure that operational issues are taken into account, Service Operation staff must be involved in the assessment of all changes.

This involvement should commence as soon as possible to ensure that they have influence over fundamental decisions.

The Change Manager must inform all affected parties of the change being assessed in order for input to be prepared and available prior to Change Advisory Board meetings.

It is important that Service Operation staff are involved in the latter stages of the process, as they may be involved in the implementation and wish to ensure that careful scheduling takes place to avoid potential contentions or particularly sensitive periods.

Measurement of Successful Change The ultimate measure of the success of changes made to Service Operation is that customers and users do not experience any variation or outage of service.

The effects of change should be invisible where possible, aside from any enhanced functionality, quality or financial savings resulting from the change. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 131 Service Operation and Project Management Service Operation is often viewed as ‘business as usual’ and focused on executing defined procedures in a standard way.

Because of this, there is a tendency not to use Project Management processes when they would be appropriate.

For example, major infrastructure upgrades, or the deployment of new or changed procedures, are significant tasks that should utilize formal Project Management to improve control and manage costs/resources.

Using Project Management to manage these types of activity would have the following benefits: • • • • • The project benefits are clearly stated and agreed There is more visibility of what is being done and how it is being managed, which makes it easier for other IT groups and the business to quantify the contributions made by operational teams This in turn makes it easier to obtain funding for projects that have traditionally been difficult to cost justify Greater consistency and improved quality Achievement of objectives results in higher credibility for operational groups. Assessing and Managing Risk in Service Operation There are a number of occasions where it is imperative that risk assessment to Service Operation is undertaken and acted upon quickly.

Assessing the risk of potential changes or Known Errors is the most obvious area.

Service Operation staff may also need to be involved in assessing the risk and impact of: • • • • • • Failures, or potential failures – either reported by Event Management or Incident/Problem Management, or warnings raised by manufacturers, suppliers or contractors New projects that will ultimately results in delivery into the live environment Environmental risk (encompassing IT Service Continuity-type risks to the physical environment and locale as well as political, commercial or industrial-relations related risks) Suppliers, particularly where new suppliers are involved or where key service components are under the control of third parties Security risks – both theoretical or actual arising from security related incidents or events New customers/services to be supported. Operational Staff in Service Design and Transition ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 132 All IT groups will be involved during Service Design and Service Transition to ensure that new components or service are designed, tested and implemented to provide the correct levels of functionality, usability, availability, capacity, etc.

During the early stages of Service Design and Service Transition, Service Operation staff must be involved to ensure that when new services reach the live environment, they are fit for purpose and are ‘supportable’ in the future.

In this context, ‘supportable’ means: • • • • • Capable of being supported from a technical and operational viewpoint from within existing, or pre-agreed additional resources and skills levels Without adverse impact on other existing technical or operational working practices, processes or schedules Without any unexpected operational costs or ongoing or escalating support expenditure Without any unexpected contractual or legal complications No complex support paths between multiple support departments of third-party organizations. Note: Change is not just about technology.

It also requires training, awareness, cultural change, motivational issues and more.

Planning and Implementing Service Management Technologies In order to plan for in readiness for, and during deployment and implementation of, ITSM support tools, organizations need to consider the following factors.

Licences The overall cost of ITSM tools is usually determined by the number and type of user licences required.

Often sold in modular format, the exact functionality of each module needs to be well understood.

Initial sizing must be conducted to determine the number and type of users that will need to access each module.

Licences are often available in the following types: Dedicated Licences Staff that require frequent and prolonged use of the module will use dedicated licences.

For example, Service Desk staff will need a dedicated licence to use an Incident Management module.

Shared Licences ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 133 For staff that make fairly regular use of the module, but not on a day-to-day basis, a shared licence will usually suffice.

For example, third-line support staff may need regular access to an Incident Management module, but only when an incident record is being updated.

It is important to estimate the ratio of required licences depending on the number of potential users, the length of periods of use and the expected frequency between usages.

The cost of a shared licence is usually more expensive than that of a dedicated licence.

However, due to the nature of a shared licence, fewer are required and therefore the cost will be less.

Web Licences Web licences allow some form of ‘light interface’ via web access to the tool capabilities.

They are usually suitable for staff requiring remote access, occasional access or usage of just a small subset of functionality.

For example, engineering staff may wish to log details of actions taken on incidents.

The cost of a web licence is usually a lot less than other licences, as the ratio of use is often much lower.

It is important to note that some staff may require access to multiple licences.

For example, support staff may require a dedicated or shared licence during the day, but may require a web licence for out of hours support.

Service on Demand There is a trend within the IT industry for suppliers to offer IT applications ‘on demand’, where access is given to the application for a period of demand and then severed when it is no longer required.

This may be useful either for smaller organizations or if the tools in question are very specialized and used infrequently.

Alternately, the use of a tool can be offered as part of a specific consultancy assignment.

For example, a specialist Capacity management consultancy may offer a regular but relatively infrequent Capacity Planning consultancy package and provide use of the tools for the duration of the assignment.

Licence fees are likely to be included as part of, or as an addendum to, the consultancy fee.

A further variation is where software is licensed and charged on an agent/activity basis.

An example of this is interrogation/monitoring and/or simulation software.

For example, agent software that can simulate predefined customer paths through an organization’s website to assess and report upon performance and availability.

This type of software is typically charged based on the number of agents, their location and/or the amount of activity generated. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 134 Full investigations of the licensing structure must be investigated and well understood before the tools are deployed.

Deployment Before many ITSM tools can be used, particularly Discovery and Event Monitoring tools, they require some client/agent software deploying to all target locations.

This needs careful planning and execution, and should be handled through formal Release and Deployment Management.

Careful scheduling and testing is needed even where network deployment is possible.

Records must be maintained throughout the rollout so that support staff have knowledge of who has been upgraded and who has not.

Interim Change Management may be necessary and the CMS should be updated as the rollout progresses.

The reboot of the devices for the client software to be recognized is often necessary and needs to be arranged in advance.

Long delays can occur if staff do not generally switch off their desktops overnights.

Further arrangements may also be necessary for staff to log on and receive new software.

Capacity Checks In order to ensure that all of the target locations have sufficient storage and processing capacity to host and run the new software, Capacity Management may be needed in advance.

Those that cannot will need upgrading or renewal and lead times for this must be included in the plans.

The capacity of the network should also be checked to establish whether it can handle the transmission of management information, log files and the distribution of clients and possibly software and configuration files.

Timing of Technology Department Care is needed in order to ensure that tools are deployed at the appropriate time in relation to the organization’s level of ITSM sophistication and knowledge.

It may be seen as an immediate panacea if tools are deployed too soon and any necessary action to change processes, working practices or attitudes may be hindered or overlooked.

The organization must first examine the processes that the tool is seeking to address and also ensure that staff are ‘brought in’ to the new processes and way of working and have adopted a ‘service culture’.

However, tools are tangible and can, and often do, make things a reality for many people.

Technical staff can immediately see how the new processes can work and the benefits they may provide.

Without adequate tooling, some processes simply cannot be done.

There must be a careful balance to ensure that tools are introduced when they are needed and not before. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 135 Care is also needed to ensure that training in any tools is provided at the correct point.

If the training is too early, knowledge will be diminished or be lost.

However, staff will need to be formally trained and fully familiarized with the operations of the tools well in advance of live deployment.

Additional training should be planned as needed once the tools go live.

Type of Introduction A decision is needed on what type of introduction is needed – whether to go for a ‘Big Bang’ introduction or some sort of phased approach.

A phased approach is more likely to be necessary as most organizations will not start from a ‘green field’ situation and will have live services to keep running during the introduction.

In most cases, a new tool will be replacing an older, less sophisticated tool.

Therefore the changeover between the two must be considered.

This often involves deciding what data needs to be carried forward from the old to the new tool and may require significant reformatting to achieve the required results.

Ideally this transfer should be done electronically.

However, a small amount of re-keying of live data may be inevitable and should be factored into the plans.

Older tools generally rely on more manual entry and maintenance of data.

For this reason, an audit should be performed to verify data quality when electronic data migration is being used.

Where data transfer is complicated or time consuming to achieve, an alternative might be to allow a period of parallel running.

This involves the old tool being available for an initial period alongside the new one.

It is advised that the old tool be made ‘read-only’ in order to ensure that no mistakes can be made logging new data into the old tool. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 136 7.5 Service Operation Summary From a customer viewpoint, Service Operation is where actual value is seen.

This is because it is the execution of strategies, designs and plans and improvements from the Service Lifecycle phases.

Key benefits delivered as a result of Service Operation are: • Effectiveness and efficiency in IT Service delivery and support • Increased return on investment Other benefits can be defined as: 1.

Long term: Over a period of time the Service Operation processes, functions performance and output are evaluated.

These reports will be analyzed and decisions made about whether the improvement is needed, and how best to implement it through Service Design and Transition.


Deployment of new tools, changes to process designs, reconfiguration of the infrastructure. 2. Short term: improvement of working practices within the Service Operations processes, functions and technology itself.

Generally they involve smaller improvements that do not mean changes to the fundamental nature of a process or technology.


Tuning, training, personnel redeployment etc. Infrastructure utilization and performance reporting, reporting information for IT Accounting and Charging Service Strategy Support considerations for Service Design, Availability, Capacity & Information Security historical data, supplier reports.

Service Design Service Operation Request for Changes, Event, Incident and Problem data, Known Errors, input to Knowledge Bases, CMDB updates Service Transition Service Operation reporting, user satisfaction survey feedback, Service Level breaches, process metrics Continual Service Improvement Figure 7.M – Some outputs to other lifecycle phases. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 137 7.6 Service Operation Scenario Functions Service Desk • • Service desk has been trained in HYPE and can support users.

Has access to known errors and workarounds to resolve incidents Technical Management • • Designed, built, tested and rolled HYPE out into live environment Supports HYPE service Application Management • • Made modifications to HYPE application to ensure effectively interfaced with XY app.

Provided training on HYPE to users and Service Desk IT Operations Management • creates backups of logs, monitors component events — Request Fulfillment Management • users use this process to request copy of logs Access Management • password reset of HYPE account – provide authorized users access Incident Management and Problem Management will not be discussed in this example. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 138 8 Continual Service Improvement_______ Processes: • Service Level Management* • Service Measurement & Reporting • CSI Improvement Process *Although Service Level Management primarily fits within the Service Design Phase, it plays a very large part in CSI, and therefore is discussed in this section. 8.1 Objectives To ensure continual improvements to IT Service Management Processes and IT Services.

Continual Service Improvement is the phase that binds all the other elements of the Service Lifecycle together and ensures that both the service and the IT Service Provider continually improves and matures. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 139 8.2 Major Concepts The Continual Service Improvement Model The CSI Model provides the basis by which improvements are made to both services and the capabilities of an IT Service Provider.

They are questions asked in order to ensure all the required elements are identified to achieve continual improvement. What is the vision? Business vision, goals and objectives Baseline assessments Where are we now? How do we keep the momentum going? Where do we want to be? Measurable targets How do we get there? Service & process improvement Measurement & metrics Did we get there? Figure 8.A – Continual Service Improvement Model. The Continual Service Improvement Model summarizes the constant cycle for improvement.

The questions require close interactions with all the other ITIL® processes in order to achieve Continual Service Improvement. Relationships within the Service Lifecycle: • • • • • • What is the Vision? Service Strategy, Service Portfolio Where are we now? Baselines taken using Service Portfolios, Service Level Management, and Financial Management for IT etc.

Where do we want to be? Service Portfolio, Service Measurement and Reporting.

How do we get there? CSI and all ITIL® processes! Did we get there? Service Measurement and Reporting How do we keep the momentum going? Continual Service Improvement. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 140 8.3 Continual Service Improvement Processes 8.3.1 Service Level Management GOAL: To ensure that that the levels of IT service delivery are achieved, both for existing services and new services in accordance with the agreed targets.

Service Level Management is a critical element of Continual Service Improvement.

Why embark on any service improvement initiative if the customers and the business are satisfied with the levels of service received? Because business requirements change! Activities Service Design Continual Service Improvement Monitor Delivery — Improve Evaluate Figure 8.B – The Activities of Service Level Management Service Level Management (SLM) is a process that is found within two Service Lifecycle phases.

Within Service Design, Service Level Management is concerned with: • Design and plan the process • Determining Service Level Requirements (SLR’s) • Negotiating and Agreeing upon SLAs, OLAs and UCs. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 141 Within Continual Service Improvement, Service Level Management is concerned with improving services and processes through constant: • Monitoring (executed within Service Operation) • Reporting • Evaluating • Improving The major focus of Service Level Management within Continual Service Improvement is identifying potential service improvements. Service Improvement Plans Service Improvement Plans are formal plans to implement improvements to a process or service.

They are used to ensure that improvement actions are identified and carried out on a regular basis.

The identified improvements may come from: • breaches of Service Level Agreements • identification of user training and documentation issues • weak system testing • identified weak areas within internal and external support groups. Roles and Responsibilities Service Level Manager: • Must be senior enough to represent organization; with authority to do what is necessary • Manages Service Catalogue, SLAs, UCs, OLAs • Identifies and manages improvements to services and processes • Analyses and reports on SL Achievements Skills: • Relationship Management • Patience, tolerance and resilience • Understanding of the Customer’s business and how IT contributes to the delivery of that product or service ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 142 Challenges Affecting Service Level Management: • • • • • • • • Monitoring of pre-SLA achievements Targets that are achievable SLAs based on desire and not achievable targets Insufficient focus, resources and time Inadequate seniority of SLM staff Underpinning contracts ignored SLAs too long, not customer focused Improvement actions not adhered to Key Performance Indicators of Service Level Management Statistics: • Number/Percentage of services covered by SLAs • Number/Percentage SLAs supported by UCs & OLAs • Number/Percentage of service targets being met Yes/Why Questions: • Are service level achievements improving? • Are customer perception statistics improving? • Are IT costs for service provisions decreasing for services with stable (acceptable but not improving) Service Level Achievements? Implementing effective and efficient Service Level Management should produce a “Yes” answer to each of the above questions.

If the answer is no: If the answer is “No” to any of these questions, the very next question that should be asked is “Why?” From this we can investigate where the process is deficient and begin a plan for improvement.

Communicating this to the business also gives them a better understanding of the complexity of providing the services and more importantly allows the business to be actively involved with assessing the costs, risks and plausibility of what will be needed in order to bridge the gap. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 143 8.3.2 Service Measurement and Reporting GOAL: To coordinate the design of metrics, data collection and reporting activities from the other processes and functions.

There are four main reasons to monitor and measure: • • • • Validate: Direct: Justify: Intervene: Are we supporting the strategy and vision? Based on factual data, people can be guided to change behaviour Do we have the right targets and metrics? Take corrective actions such as identifying improvement opportunities Measurement of all the process metrics takes place throughout all the Lifecycle phases.

CSI uses the results of these measurements to identify and establish improvements via reports. Types of Metrics: There are 3 types of metrics that an organization will need to collect to support CSI activities as well as other process activities: • Technology Metrics: often associated with component and application-based metrics such as performance, availability etc Process Metrics: Captured in the form of KPIs and activity metrics for the service management processes.

They help to determine the overall health of a process. 4 key questions KPIs can help answer are centered around quality, performance, value and compliance.

CSI uses these metrics to identify improvement opportunities for each process.

Service Metrics: The results of the end-to-end service.

Component metrics are used to calculate the service metrics. • • ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 144 Baselines: A benchmark used as a reference point for later comparison.

It is important that baselines as documents are recognized and accepted throughout the organization.

Baseline must be established at each level: strategic goals, and objectives, tactical process maturity and operational metrics and KPIs.

Examples 1.

A Service Level Achievement Baseline can be used a starting point to measure the effect of a Service Improvement Plan. 2.

A performance Baseline can be used to measure changes in performance over the lifetime of an IT service. 3.

A Configuration Management baseline can be used to enable the IT infrastructure to be restored to a known configuration if a change or release fails. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 145 8.3.3 CSI (7 Step) Improvement Process GOAL: To coordinate a structured approach for improvements to IT services and ITSM processes The Deming Cycle: A foundation for continual improvement: Design Plan Do Pilot Act Check Results Rollout urance Quality Ass Source: Deming Improvement Figure 8.C – The Deming Cycle Continuous improvement is a part of every process in ITIL®.

The CSI Improvement Process is based on the Deming Cycle of Continual Improvement (Plan, Do, Check, Act) Implementing ITIL®/ITSM is an ongoing activity, where you improve quality through incremental steps.

These four steps are carried out in the exact order, as many times as necessary in order to achieve the improvement desired.

Some of the items that occur during each of the 4 phases: • Plan: Scope, requirements, objectives, Roles and Responsibilities • Do: Funds, Policies, reports, managing, changing • Check: Monitor against plans, survey, report • Act: Policy on improvement, assess, implement (if appropriate) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 146 Notes on William Edwards Deming: An American statistician best known for his work in Japan in the post-WWII period.

There, from 1950 onward he taught top management how to improve design (and thus service), product quality, testing and sales (the last through global markets).

Deming made a significant contribution to Japan’s later renown for innovative high-quality products and its economic power. Identify • Tactical Goals • Operational Goals • Vision • Strategy 1.

Define what you should measure • — Figure 8.D – The CSI (7 Step) Improvement Process The Deming Cycle is transformed into more detailed steps and actions to be taken for the improvement of IT services and IT Service Management processes.

Like the Deming Cycle, these steps need to be taken in sequential order, as many times as necessary to drive the improvement desired. 8.3.4 Methods & Techniques An effective choice of methods and techniques for the analysis, presentation and use of the measurement information is highly dependent on the particular circumstances in which these tasks are performed and can generally not be documented in advance.

A goal oriented attitude and professional expertise and education of the individuals are required.

Effort Cost ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 147 CSI improvement activities can require a considerable amount of effort and money for larger-scale improvement projects versus minimal time and effort for some more incremental improvements.

It is up to the business and IT to decide if the costs and effort is worth it.

Costs associated with implementing and operating a measurement framework would include: • Labour costs • Tooling costs • Training costs • Expertise costs When deciding whether the measurement framework is worth the effort, consider the budget for: Implementation of the measurement framework, initially and if it changes – in practice these types of costs can be reliably estimated and controlled by using a project-oriented approach.

Operation – the level of costs associated with the operation of the measurement framework is largely fixed as a result of the way it is designed and equipped.

Maintenance – The level of these types of costs depends mainly on the expected rate at which the measurement framework will require adaption to changing circumstances and on the quality of its implementation.

Implementation review and evaluation Implementation review and evaluation is key to determining the effectiveness of a CSI improvement program.

Some common areas for review include: • Did we correctly assess the current situation and define the problem statement? • Did we commit to the right goals? • Did we make the right decisions when developing the strategy for improving IT services? • Did we implement the strategy correctly? • Have we improved the IT service provision? • What lessons did we learn, where are we now? Review and evaluation of a CSI initiative fall within two main categories: • Issues closely tied to the original problem situation with respect to the IT service provision to the business and ensuring business aims and the improvement strategy for the improvement • Issues in relation to the planning, implementation and proceedings of the IT improvement program itself and associated projects such as measurements, problems, actions and changes. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 148 Assessments Formal mechanisms for comparing the operational process environment to the performance standards for the purpose of measuring improved process capability and/or identify potential shortcomings that could be addressed.

The benefit of assessments is that they provide the opportunity to sample specific elements of a process which impacts the efficiency and effectiveness of the process.

Assessments can be conducted at any time.

A way to think about assessment timing is in line with the improvement lifecycle: Plan – Assess the targeted processes at the interception of process introduction to form the basis for a process improvement project. • Plan – A check during process implementation or improvement activities serves as validation that process project objectives are being met and provide tangible evidence that benefits are being achieved from the investment of time, talent and resources to process initiatives. • Do/Check – During conclusion of the process project, it is important to validate the maturation of the process though the efforts of the project team.

In addition, scheduling periodic reassessments can support the overall organization integration and quality efforts.

Assessment scope • The assessment’s scope is one of they key decisions.

Scope should be based on the assessments’ objective and the expected future use of process assessments and assessment reports.

There are 3 potential scope levels: Process only –assessment only of process attributes based on general principles and guidelines of the process framework which defines the subject process.

People, process and technology – extends the process assessment to include the assessment of skills, roles and talents of the mangers and practitioners of the process as well as the ability of the process enabling technology deployed to support the objectives and transaction state of the process.

Full assessment – Extends to include an assessment of the culture of acceptance within the organization, the ability of the organization to articulate a process strategy, the definition of a vision for the process environment as an ‘end state’, the structure and function of the process organization, the ability of process governance to assure the process objectives and goals are met, the effectiveness of process reporting/metrics and the capacity and capability of decision-making practices to improve process over time.

All these factors are compared to the maturity attributes of the selected maturity model. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 149 Advantages and disadvantages of assessment: Advantages: • Provide objective perspective • Compare to standard maturity model and process framework • Accurate determination of process gaps • Recommend actions and plan solutions • Repeatable process Disadvantages: • Only provides a snapshot • Does not reflect current business or cultural dynamics and process operational issues • If the assessment process is outsourced can be vendor or framework dependent • If this is the case, it is difficult to compare to industry standards • Subject to the opinion of assessors ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 150 Value of processes vs.

Maturity of processes Additional Considerations •Added business value •Ability to implement •Quick gains •Costs •Resources •Competing projects •Culture •Etc. High Value Area where the business runs high risks RISK!! CAP AM Value of IT processes to the business SLM ‘Largely Overdoing IT’ in relation to the low value of IT to the business — 5 High Maturity of IT processes This diagram shows the value process in comparison to its maturity.

For service management process improvement projects one of the many questions asked should be around how mature we need our process to be.

The answer refers back to the business.

In this example the organization has completed an assessment and found 3 processes (Service Level Management, Capacity Management and Availability Management) are not very mature.

This organization is changing their strategy concerning how they sell and deliver their products and services to a web-based strategy.

Because of the vital parts both Capacity and Availability Management will play the organization has to implement an improvement plan for increasing the maturity.

Without these initiatives the organization is leaving itself open to risk.

Having a low SLM process maturity also will create some issues for CSI activities.

The maturity of a process should ideally fall in the ‘safe’ areas. Gap Analysis ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 151 External & internal What do we want? communications, influences & drivers GAP 1 GAP 3 What do we need? Past experiences GAP 2 GAP 16 What will we get? Expected Service GAP 5 CUSTOMER PROVIDER GAP 4 Communications to customers GAP 15 What did we get? Perceived Service GAP 14 Service Operations GAP 9 GAP 6 GAP 8 Service Design GAP 7 Service Strategy GAP 11 Service Transition GAP 12 GAP 13 GAP 10 The Gap analysis process involves determining, documenting and approving the variance between business requirements and current capabilities.

Gap analysis naturally flows from benchmarking or other assessments such as service or process maturity assessments’.

Once the general expectation of performance is understood then it is possible to compare that expectation with the level of performance at which the company currently functions.

This comparison becomes the gap analysis and can be conducted from different perspectives such as: • Organization • Business Direction • Business Process • Information Technology.

Gap analysis provides a foundation for how much effort in terms of time, money and human resources, is required to have a particular goal achieved.

Challenges Each organization will have its own challenges, as with initiating any type of change one of the major challenges will be managing the behavioural changes that are required. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 152 In addition, CSI will require adequate tools for managing the data, resources will need to be allocated and understand their roles and responsibilities as well as having the correct skills to execute the CSI activities.

Some common challenges that may be encountered are: • Lack of management commitment • Inadequate resources, budget and time • Lack of mature processes • Lack of information, monitoring and measurement • Lack of Knowledge Management • Resistance to planning and a reluctance to be proved wrong • Lack of corporate objectives, strategies, policies and business direction • Lack of IT objectives, strategies and policies • Lack of knowledge and appreciation of business impacts and priorities • Diverse and disparate technologies and applications • Resistance to change and cultural change • Poor relationships, cooperation and communication between business and IT • Lack of tools, standards and skills • Tools to complex and costly to implement and maintain • Over commitment of resources with n associated inability to deliver • Poor supplier management/poor supplier performance.

Critical Success Factor’s • Appointment of a CSI Manager • Adoption of CSI within the organization • Management commitment • Defining clear criteria for prioritizing improvement projects • Adoption of the service lifecycle approach • Sufficient and ongoing funding for CSI activities • Resource allocation • Technology to support the CSI activities • Adoption of processes Risks • • • • • • • • • • • Being over ambitious and unrealistic Not discussing improvement opportunities with the business Not focusing on improving both services and service management processes Not prioritizing improvement projects Implementing CSI with little or no technology Implementing a CSI initiative with no resources Implementing CSI without knowledge transfer and training Not performing all steps of the 7 Step Improvement Process Lack of management taking action Lack of communication/ awareness campaign Removing testing (or only partially testing) before implementation Summary ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 153 Implementing CSI is a challenge; it requires a change in management and staff attitudes and values to ensure that all parties recognize CSI needs to be proactive and not reactive.

It is critical to identifying risks and challenges before implementing CSI.

Knowing the CSF’s before undertaking the implementation of CSI helps to manage the risks and challenges.

One step at a time….. 8.3.5 Implementation Critical consideration for implementing CSI Before implementing CSI it is important to have identified and filled the critical roles that are required within this phase, such as CSI Manager, Service Owner and Reporting Analyst.

A Service Level Manager is also needed to be the liaison between IT and the business.

Where to start? One approach is to start looking at the handoff of output from the different lifecycle domains.

The Service Design phase needs to monitor and report on their activities and by using trend analysis, identify relevant improvement opportunities.

This needs to be done during every phase of the service lifecycle, especially during Service Design, Transition and Operation.

The Continual Service Improvement phase is engaged in this activity.

Communication strategy and plan Timely and effective communication forms an important part of any service improvement project.

In an effort to transform an organization from performing CSI activities on an ad hoc basis to a more formal and ongoing CSI activities, it is crucial that staff, users and stakeholders are kept up to date of all changes to the processes, activities, roles and responsibilities.

The goal of the communications plan is to build and maintain awareness, understanding, enthusiasm and support among key influential stakeholders for the CSI program.

When developing a communication plan, it is important to note that effective communication is not just based on a one-way flow of information, and it is more than just meetings.

A communications plan must incorporate the ability to deal with responses and feedback from the targeted audiences.

The plan should include a role to: • Design and deliver communications to the different CSI roles, stakeholders such as other ITSM process roles and identified target audiences • Identify forums for customer and user feedback • Receive and deliver responses and feedback to the project manager and/or process team members. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 154 Key activities for the communication plan include: • Identifying stakeholders and target audiences • Developing communication strategies and tactics • Identifying communication methods and techniques • Developing the communications plan • Identifying the project milestones and related communications requirements.

When developing the communication plan it is important to take into consideration the culture around communication within the business.

In some organizations there are strict guidelines on who can communicate with the business.

Often times this is through the Service Level Management and Business Relationship Management processes.

No matter what the method, communicating with the business should be the key communication activity.

CSI & Organizational Change P e r f o r m a n c e optimum performance avoidance external blame shock self blame Time acceptance Many organizational change programs fail to achieve the desired results.

People generally do not like change, so it is essential that benefits are explained to all parties to obtain and retain support as the change occurs.

Communication is key to ensuring a smooth transition from old working practices to new ones.

Those responsible for managing and steering the CSI program should consciously address these softer issues.

Using an approach such as John P.

Kotter’s Eight Steps to Transforming your Organization, together with formalized project management skills and practices, will significantly increase the chance of success.

Kotter, Professor of Leadership at Harvard Business School, investigated more than 100 businesses that were involved with or had attempted a complete change program.

From this research he identified the ‘Eight ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 155 main reasons why transformation efforts fail’ these reasons apply equally to ITSM implementation programs. 1.

Create a sense of urgency Half of all transformations fail to realize their goals due to the lack of adequate attention to this step.

Not enough people buy into the fact that change is a must.

It is essential that all parties understand the repercussions of not making the change as this will help to gain commitment and provide input to a business justification for investing in CSI. 2.

Forming a guiding coalition Experience shows a need for assembling a group with sufficient power to lead the change effort and work together as a team.

Power means more than simply formal authority but also experience, respect, trust and credibility.

This team is the guiding coalition for the CSI phase. 3.

Creating a vision This guiding coalition should be responsible for ensuring that a vision is produced describing the aim and purpose of CSI.

A good vision statement can service four essential purposes: • Clarify the direction of the program • Motivate people to take action in the right direction • Coordinate the actions of many different people • Outline the aims of senior management. 4.

Communicating the vision Although the vision provides a powerful tool in helping guide and coordinate change, the real power is unleashed when the vision is effectively communicated to the stakeholders.

Every stakeholder should understand the vision. 5.

Empowering other to act on the vision Establishing urgency, creating a guiding coalition, creating and communicating a vision are all aimed at creating and communicating a vision are all aimed at creating energy, enthusiasm, buy-in and commitment to enable successful change.

In the empowering phase, two important aspects need to be stressed: enabling and removing barriers. 6.

Planning for and creating short-term wins Implementing service management improvements can be a lengthy program of change.

It is important that during the program, short term wins are realized and are communicated.

Short-term wins help to keep a change effort on track and help keep the energy and commitment levels high.

Real transformation takes time.

Without short-term wins, too many people give up or join the ranks of those opposed to change. 7.

Consolidating improvements and producing more change The success of short-term wins keeps the momentum going and creates more change.

In CSI it is important to recognize short to medium and long term wins.

Changes ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 156 should sink deeply into the new culture or the new approaches will be fragile and subject to regression: • • • Short-term wins – have the characteristics of convincing, motivating and showing immediate benefits and gains Medium-term wins – have the characteristics of confidence and capability, and having a set of working processes in place.

Long-term wins – have the characteristics of self learning and expertise, and fully integrated processes that have self-learning and improvement built into them. 8.

Institutionalizing the change Change needs to be institutionalized within the organization.

Many changes fail because they are not consolidated into everyday practices.

Institutionalizing change means showing how new working practices have produced real gain and benefits, and ensuring that the improvements are embedded in all organizational practices.

Often the CSI team is disbanded before the working practices are institutionalized; there is danger that people may revert to old working practices, but this can not be allowed to happen.

CSI must be a way of life not e reaction to a failure of some description. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 157 8.4 Continual Service Improvement Summary There is great value to the business when service improvement takes a holistic approach throughout the entire lifecycle.

Continual Service Improvement enables this holistic approach to be taken.

Some key benefits of the Continual Service Improvement phase: • Increased growth • Competitive Advantage • Increased Return On Investment • Increased Value On Investment ROI: Return on investment – Difference between the benefit (saving) achieved and the amount expended to achieve that benefit, expressed as percentage.

Logically we would like to spend a little to save a lot.

VOI: Value on investment – Extra value created by establishment of benefits that include non-monetary or long term outcomes.

ROI is a subcomponent of VOI. Service and Process Improvements, Guidance for Investments into IT and refreshed Service Portfolios Service and Process Improvements, guidance for KPIs, metrics and reporting, refined SLRs, SLAs, OLAs & UCs. Service Strategy Service Design Continual Service Improvement Request for Changes, Service and Process Improvements, guidance and refinements for testing & validation. Service Transition Process and Function organization improvements, refined SLAs & OLAs, guidance for metrics and reporting Service Operation Figure 8.E – Some outputs to other lifecycle phases. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 158 8.5 Continual Service Improvement Scenario Service Level Management SLM will be constantly reviewing the SLA and achievements to see if targets are being met.

For example – it was found that the availability of the service dropped to 80%.

This combined with the increase in the use of the HYPE service; it was decided to implement a Service Improvement Plan (SIP) to identify how this service can be improved. Service Measurement and Reporting To do this effectively, it was necessary to take metrics and data and analyze against targets. CSI Process The CSI improvement model was used as a roadmap for this SIP.

As the business needs changed, so to has their perceived value of HYPE.

HYPE had become an integral part of the business communication plan.

As a result, new business plans/goals were established and new targets set, with an action plan for improvement… at a cost of course.

This will identify: • Technology improvements • Process improvements • Document improvements • Training etc And so it continues! ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 159 9 Glossary_________________________ Alert: A warning that a threshold has been reached, something has changed, or a failure has occurred.

Asset: Any resource or capability.

Application Sizing: Determines the hardware or network capacity to support new or modified applications and the predicted workload.

Baselines: A benchmark used as a reference point for later comparison.

CMDB: Configuration Management Database CMS: Configuration Management System Configuration Item (CI): Any component that needs to be managed in order to deliver an IT Service.

DML: Definitive Media Library Function: A team or group of people and the tools they use to carry out one or more processes or activities.

Incident: An unplanned interruption to, or reduction in the quality of, an IT service Known Error: A problem that has a documented Root Cause and a Workaround KEDB: Known Error Database Maintainability: A measure of how quickly and effectively a CI or IT service can be restored to normal after a failure.

Modelling: A technique used to predict the future behaviour of a system, process, CI etc MTBF: Mean Time Between Failures (Uptime) MTBSI: Mean Time Between Service Incidents MTRS: Mean Time to Restore Service (Downtime) ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 160 OLA: Operational Level Agreement Process: A structured set of activities designed to accomplish a specific objective.

Process Owner: Role responsible for ensuring that a process is fit for purpose.

Remediation: Recovery to a known state after a failed Change or Release RFC: Request for Change Service: A means of delivering value to Customers by facilitating Outcomes Customers want to achieve without the ownership of specific Costs and risks Service Owner: Role that is accountable for the delivery of a specific IT service SCD: Supplier and Contracts Database Service Assets: Any capability or resource of a service provider Serviceability: Measures Availability, Reliability, Maintainability of IT services/CI’s under control of external suppliers.

SIP: Service Improvement Plan SKMS: Service Knowledge Management System SLA: Service Level Agreement SLM: Service Level Manager SLR: Service Level Requirements SSIP: Supplier Service Improvement Plan Status Accounting: Reporting of all current and historical data about each CI throughout its lifecycle.

Trigger An indication that some action or response to an event may be needed.

Tuning: Used to identify areas of the IT infrastructure that could be better utilized. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 161 UC: Underpinning Contract Utility: Functionality offered by a product or service to meet a particular need.

Often summarized as ‘what it does’.

VBF: Vital Business Function Warranty: A promise or guarantee that a product or service will meet its agreed requirements. ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 162 10 Certification______________________ 10.1 ITIL® Certification Pathways Below illustrates the possible pathways that available to you.

Currently it is intended that the highest certification is the ITIL® V3 Expert, considered to be equal to that of Diploma Status. Figure 12.A – ITIL® Certification Pathway For more information on certification and available programs please visit our website ©The Art of Service 2008 How to Develop, Implement and Enforce ITIL V3’s best practices 163 10.2 ISO/IEC 20000 Pathways ISO/IEC 20000 Standard is becoming a basic requirement for IT Service providers and is fast becoming the most recognized symbol of quality regarding IT Service Management processes.

Once you have acquired your ITIL® Foundation Certification, you are eligible to pursue the ISO/IEC 20000 certification pathways.

ISO/IEC 20000 programs aim to assist IT professionals master and understand the standard itself and issues relating to earning actual standards compliance. Figure 12.B – ISO/IEC 20000 Certification Pathway For more information on certification and available programs please visit our website ©The Art of Service 2008

Read more about ITIL : How to Develop Implement and Enforce ITIL V3 s best….:

Accredited ITIL Foundation, Intermediate and Expert Certifications

Accredited ITIL Foundation, Intermediate and Expert Certifications, Learn more about ITIL HERE:

ITIL and ITIL : How to Develop Implement and Enforce ITIL V3 s best….
ITIL - ITIL : How to Develop Implement and Enforce ITIL V3 s best….
ITIL and ITIL : How to Develop Implement and Enforce ITIL V3 s best….
ITIL - ITIL : How to Develop Implement and Enforce ITIL V3 s best….

Recommended For You

Leave a Reply