In 1996, ISACA and ITGI introduced CobiT (Control Objectives for Information and related Technologies as another framework for managing information technology. The latest version, CobiT 4.1 consists of 34 high level processes with 320 control objectives. The framework is made up of four domains:
Planning and Organization
- Acquisition and Implementation
- Delivery and Support
- Monitoring and Evaluation.
The domains cover the many aspects of IT Service Management. Plan and Organize focuses on determining how information technology can be used to achieve the goals and objectives of the company. Identifying the requirements for IT and implementing the technology to meet those requirements is the function of the domain Acquisition and Implementation. The delivery of IT services is handles through the processes and objectives of Delivery and Evaluation while the assurance methods are the concern of Monitoring and Evaluation.
The CobiT 4.1 framework goes further than most IT Service Management frameworks by identifying how people, applications, information, and infrastructure can be used to support delivery of IT services according to Information Criteria. The criteria consist of seven main objectives: effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability. The intention of these objectives are to provide paradigms to view the tools and technologies required to fulfill IT Services.
Most service technicians in a IT environment are focused on meeting the daily demands of the business that they may forget the importance of the service level. A product of Service Level Management, the service level is an agreed minimum performance level for a particular process. For customers of It services, the service level provides them an understanding of the service they will be leaving. A service is contrived from two requirements: what the customer needs and what the provider can give.
How does the customer determine what they need? Five areas of concern can provide the answer to determine the appropriate service level: availability, scalability, security, customer service, and cost.
The more a customer depends on their IT infrastructure, the greater need for the infrastructure to be available. Also important to the discussion is the times which the customer uses their IT. A business located in a single timezone and set business hours may require a greater service level during a set period while having a lesser service level in the off times.
A number of IT services are impacted by their ability to scale for the customer. The components are typically those that are more likely to change over time or spike at times due to new product releases or workforce initiatives. If a customer expects to have many new products in a contract period, they may desire a greater ability to scale the environment. The same concern may exist if the number of products will drastically change.
Security comes in many forms. Protection of information and network are usually the basic concerns of a customer, but also under consideration are the regulatory needs for the business, such as retention periods of financial documents. Any issue that threatens the ability to conduct business in an appropriate manner requires protection. The range of issues include virus to natural disaster.
The interactions between the customer base and the service organization will typically filter through the service desk, though the fulfillment of customer service is not restricted to the efforts of the service desk. Some industries require special attention in customer service, such as government contractors dealing with confidential information. In these cases, the service provider may have to expand their services from basic service offerings.
The last concern is cost and, for most contracts, the most important component for determining a service level. The adage, you get what you pay for definitely applies here; for expectations are that the greater the requirement from the customer, the more the service will cost. As a result, it is to the customer’s advantage to determine exactly what they need. Many service providers have criteria for determining the need because delivering to the need is to the advantage of them as well.
For the service providers, remember that a service level provides great insight into a customer’s relationship to the IT environment.