ITIL v3

Ashish A RainaKapil Chawla

2ITIL V3 FOUNDATION

INTRODUCTION

• Name

• Product-line

• Role

• Why do you want to attend this training?

• Previous Experience with ITIL

• Hobbies / What do you enjoy most ?

3ITIL V3 FOUNDATION

PURPOSE

Purpose of this training is to

• Give the audience knowledge of ITIL v3

• Explain the updates from previous version

• Encourage for Certification

4ITIL V3 FOUNDATION

EVOLUTION OF ITIL

ITIL - Information Technology Infrastructure Library

History• Originally created in late 80s by the UK government• Now truly global and applicable to all IT Services • Focus on process and roles rather than organisation• Version 1 in 1991- focused on UK Government• Version 2 in 2000 - Industry wide and took into account changes in

technology• Version 3 in June 2007 – Life Cycle Approach

OGC• Office of Government Commerce – UK Treasury ministry

ITSMF• The driver behind all things ITIL taken over from OGC• Global

– USA, Canada, Mexico, Argentina, and Brazil - Americas– Australia, India, Singapore - Asia Pacific– Denmark, France, Germany, Netherlands, Sweden, UK - EMEA

5ITIL V3 FOUNDATION

Is a collection of books which contain recommendations & suggestions to improve provision of IT Services

Not a standard but a Best Practices Framework

Needs to be adopted and/or adapted

ITIL …

6ITIL V3 FOUNDATION

Standards based on ITIL

ITIL

BS 15000 ISO 20000

• BS15000 the first standard derived from ITILBS15000:2002 Part 1 – Specification (The standard)

BS15000:2002 Part 2 – Code of Practice (Implementation)

• CSC was the first major computer services company to get BS15000

• ISO 20000: ISO standard derived from ITIL

7ITIL V3 FOUNDATION

WHY REFRESH ITIL v2

Necessity to accommodate the inputs from the Globe

More practical & rational approach became necessary

Emphasized on Service Support and Delivery only

Less attention to Relationship Management with Partners

8ITIL V3 FOUNDATION

ITIL V3 VS. ITIL V2

ITIL v2 ITIL v3

More process Oriented Lifecycle Based Approach

Focus on Products, Process & People Focus on Partners apart from 3 Ps

Security Management a part of Availability

Security Management is a separate process

Emphasize on SD & SS Equal attention to all the processes

10 processes + 1 Function 20 processes + 4 Functions

IT & Business Alignment IT & Business Integration

9ITIL V3 FOUNDATION

ITIL v3 CONTENTS

Life Cycle Approach

• Total 5 books (5 Phases)

• All the core processes of v2 maintained

• Additional 10 processes & 3 functions included

• Other supporting document aids in various forms

10ITIL V3 FOUNDATION

SERVICE LIFE CYCLE APPROACH


FOCUS AREAS

Processes

People

Products

Partners


SUMMARY OF ITIL v3 PROCESSES & FUNCTIONS

1.SERVICE STRATEGYDemand ManagementService Portfolio ManagementFinancial Management

2.SERVICE DESIGNService Catalogue ManagementService Level Management Availability ManagementCapacity Management Supplier ManagementInformation Security ManagementService Continuity Management

5.CONTINUAL SERVICE IMPROVEMENT•7 Step Improvement Process–Service Reporting–Service Measurement

3.SERVICE TRANSITIONService Asset&Configuration Management Change ManagementRelease & Deployment ManagementKnowledge Management

4.SERVICE OPERATIONService Desk (FUNCTION)Incident ManagementEvent ManagementRequest FulfillmentAccess ManagementProblem Management Technical Management (FUNCTION)IT Operations Management (FUNCTION)Application Management (FUNCTION)

Service LifecycleApproach


ITIL® v3 Qualification Scheme

ITILFND09-1

ITIL v3 Foundation Certificate in IT Service Management (2 credits)

Lifecycle Stream (3 credits each) Capability Stream (4 credits each)

Se

rvic

e

Str

ate

gy

Se

rvic

e

De

sig

n

Se

rvic

e

Tra

ns

itio

n

Se

rvic

e

Op

era

tio

n

Co

nti

nu

al

Se

rvic

e

Imp

rove

me

nt

Pla

nn

ing

, P

rote

cti

on

&

Op

tim

iza

tio

n

Se

rvic

e

Off

eri

ng

s &

A

gre

em

en

ts

Re

lea

se,

C

on

tro

l an

d

Va

lida

tio

n

Op

era

tio

nal

S

up

po

rt a

nd

A

na

lys

is

Managing Across the Lifecycle (5 credits)

OR

ITIL® Expert (22+ credits total)

Advanced Level

© OGC’s Official Accreditor – The APM Group Limited 2007

Inte

rme

dia

te M

od

ule

s

New ITILv3 Education


BASIC CONCEPTS


BASIC CONCEPTS.…….

Service & Service Owner

Service Management

Process & Process Owner

Functions, Staff, Roles

Metrics, Interfaces

RACI

PDCA

Compliance & Governance

Concept of Caps


Service

• The means of delivering value to the customer by achieving the customer desired results while working within given constraints

Service Owner

• An individual or a team which is responsible towards customer for a given service

• Responsible for

– Initiation & Transition, Ongoing Maintenance & Support– Monitoring & Reporting, Identifying improvement areas in Service– Accountable for Service, Primary customer contact for the service

Service Management

• A set of specialized organizational capabilities which help us providing value to the customers in the form of services they enjoy AND/OR a set of Functions & Processes which manage the service


Process

• A set of activities which are carried out in a given manner to achieve the desired objective

• A process is

– Measurable– Yields desired result– Delivers result to customers– Responds to specific events or requirements

Process Owner

• An individual or a team responsible for

– Help Design & documentation of process– Ensuring it is being performed as per documentation– Ensure that yields the desired end results– Overall continual improvement of process – Defining & reviewing KPIs


Function

• A Group of people & their tools used to carry out one or more processes or activities

Staff

• The personnel who are assigned to carry out specified tasks or activities

Roles

• A set of authorities, responsibilities & activities assigned to individual or personnel


Metrics or KPIs

• A measurement unit which imparts an ability to “Judge” the performance of a service

Interfaces

• The overlaps or linkages between two or more processes

• Processes exchange data (input or output) via these linkages


RESPONSIBILITY ACCOUNTABILITY CONSULTED INFORMED MATRIX

Key: R = Responsible; performs the task A = Accountable; ultimately answerable for

completion of task (only 1 person per task) C = Consulted; provides information or

assistance I = Informed; kept apprised of the activity LOS Mgr PM SDM Client

1.1 Internal Kick off A

1.2 Offshore Resource requirement projection/Approval

A R I

1.3 Travel Plan A

1.4 Resource Readiness R A

1.5 Knowledge Transfer (KT) Transition C I C

1.6 Conduct Lesson learned C A C

1.7 Sign off R A R


Act Plan

Check Do

Continuous step by step improvement

Consolidated of the level reached(e.g. ISO 9001)

PLAN DO CHECK ACT (Deming’s Cycle for Improvement)


COMPLIANCE & GOVERNANCE

Compliance is a adherence to a Standard or Set of Guidelines or proper consistent practices

Corporate Governance means to promote corporate Fairness, Transparency & Accountability

IT Governance is an integral part of enterprise/corporate governance & it ensures that organization’s IT is in alignment with Strategies & Objectives


CONCEPT OF CAPS

To carry out multiple roles simultaneously or at different times as per situation or the work involved

• E.g. When a staff is logging the call he is wearing a cap of Service Desk

• When he/she is able to diagnose the root cause of the error he/she is wearing a cap of Incident & Problem management


ITIL Processes & Positions

Background workService Strategy

Client

Engagement

Demand ManagementService Portfolio ManagementFinancial Management2.SERVICE DESIGNService Catalogue ManagementAvailability ManagementCapacity Management Supplier ManagementInformation Security ManagementService Continuity Management

5.CONTINUAL SERVICE IMPROVEMENT•7 Step Improvement Process

3.SERVICE TRANSITIONService Asset &Configuration Management Change ManagementRelease & Deployment ManagementKnowledge Management


Service LevelManagement

1.SERVICE STRATEGY


1. SERVICE STRATEGY


ACTIVITIES OF SERVICE STRATEGY

Identify market & define your target area

• Decide what services you want to offer & who can be the potential customers

Develop your service offerings

• Build on/improve your services

Develop strategic assets

• Develop new services

Help clarify the relationships between different services, processes, strategies etc.


BASIC CONCEPTS OF SERVICE STRATEGY

Utility – It is derived from the attributes of service which have a positive effect on the performance

• What does the service do?

• Functional requirements

• Features, inputs, outputs

• Fit for purpose

Warranty – It is derived from positive effect being available when needed, in sufficient capacity & magnitude & dependably in terms of Continuity & Security

• How well service does it

• Fit for use


Types of Service Providers

Internal

• Each BU has it’s own service providers (e.g. HR, Finance etc.)

Shared

• Each BU uses services from single SSU (Shared Services Unit)

External

• BUs take services from different, authorized external vendors

NOTE – In today’s world, most of the organizations prefer to use mixture of all types


DELIVERY MODELS

Delivery model is a graphical representation of components that help organizations deliver services to customers

• Insourcing: Using internal providers only

• Outsourcing: Using external vendors

• Co-sourcing: Combination of In-sourcing & outsourcing

• Multi-sourcing: using 2 or more vendors to work together & are interdependent on each other’s work

• BPO: Appointing external vendors to manage Business Function

• ASP: Application Service Provider to provide shared services (e.g. networks)

• KPO: Appointing external vendors to manage domain based processes/expertise


SERVICE STRATEGY

1.Demand Management

2.Service Portfolio Management

3.Financial Management


SERVICE STRATEGY 1 OF 3

DEMAND MANAGEMENT


ONE LINER

Demand Management = Know your customer’s requirements


OBJECTIVES

To understand customer’s current requirements

Trend of requirements over a period/business cycle

Match the customer’s expectations with organization's capabilities of providing services

Ensure Warranty & Utility are in alignment with customer’s needs


KEY CONCEPTS

Core service vs. Supporting Service

Pattern of Business Activity (PBA), User profile

Service Package (SP) vs. Service Level Package (SLP)

Business Relationship Management


Core Service vs. Supporting Service

Core Service is the service which actually brings ‘value’ to the customer.

• It’s a service which is KEY from organization's perspective as well

• E.g. for a Banking customer, the core services provided will be all financial services

Supporting Service ‘supports’ or enhances the core services

• It’s like an added feature which may not be desired but important to have

• Many times it becomes necessity

• E.g. supporting services in above case could be providing a helpdesk which helps/troubleshoots any issues/queries faced by users when they access the website


Pattern of Business Activity (PBA) & User Profile

Represents change in pattern of customers demands as explained by organization

Important to track as it helps organization identify improvements in existing services or identify future opportunities

Also important to study customer’s business & changing business needs

User Profile

• Demand patterns shown by users

• Users means people or even processes/functions etc.

• Is usually associated with/is subset of PBA


SP vs. SLP

Service Package is a bundle of core services and/or supporting services which is offered to customer

SP Includes Service Level Package

SLP has a defined level of Utility & Warranty for a given SP

• E.g. Buying 100 servers is a SP deal but some of them could be under Gold/Silver SLP


Business Relationship Management

Customer centric activities

Constant communication with customer

Helps to know the improvements & future scope for business

Usually the First Point of contact for the customer especially for a first time/new business


METRICS

Accurate understanding of customer’s business needs

Loss of Business to competitors especially for a new services

Improved Customer Relationships


ROLES & RESPONSIBILITIES

Business Relationship Manager

• Documenting the customer’s business needs, PBAs, User Profile etc.

• Ensure SLP matches customer’s needs

• Discussions with internal teams for setting up new SLPs or establishing the existing once

• Analyze potential SLP improvements ,

• Look for future business opportunities with customer

He may have a team working with multiple customers



SERVICE PORTFOLIO MANAGEMENT


ONE LINER

SPM = How to bundle/package the services


OBJECTIVES

Plan for services you can offer

Record of all the services including current, expired & in Pipeline

Provide information/guidance to Service Design


KEY CONCEPTS

Service Portfolio, It’s Components & structure

Business Service, Business Service Management

Business Service vs. IT Service


Service Portfolio

It describes how the service are bundled & packaged

Takes care of Marketing components such as

• What is the REASON customer will buy these services?

• What is the REASON customer will buy these services from US?

• SWOT analysis for our Organization’s service capabilities

• What could be our pricing models

• How best to allocate resources & capabilities


Service Portfolio Structure

Existing Services

Services inpipeline

New Services

Stopped services

Service Catalog

Requirements Gathering, Analysis, Approval, Charter,Developed, Release, Operational

Retired Services


ACTIVITIES

DAAC (Based on DMAIC cycle)

• Define

– Take Service Strategy as input, Define Inventories, Business Case, Validation of Data

• Analyze

– Decide Value Proposition, Prioritization, Balance of Demand & Supply

• Approve

– Authorize / Finalize the Portfolio, Services, Resources

• Charter

– Communicate information / decisions, Resource allocation, Chartering of services

• Continually Update/ Improve the portfolio – begins next DAAC


METRICS

How Accurate & Up-to-Date Portfolio is

Is the information contained is relevant from Market perspective

Is it in alignment with customer needs



Product manager• Create Business case

• Evaluate Marketing Opportunities

• Deploy new services/retire the old ones

• Manage a set of related services

Business Relationship Manager• First Point of Contact

• Document Customer needs



FINANCIAL MANAGEMENT


ONE LINER

Financial Management = Getting the Deal ($$$) right


OBJECTIVES

To serve as strategic tool to align IT services with Financial Decisions

To balance the Cost & Price as appropriate

Accounting for IT Services

Facilitate Accurate Budgeting

Finalize Financial Policies (e.g. Charging)

Financial Review & Control


COST VS PRICE

Cost = Actual Expenditure of providing IT Services

Price = The amount at which one Sells IT Services

Hence Price – Cost = Profit


KEY CONCEPTS

Service Valuation (Previously known as Charging)

Service Investment Analysis (Previously known as Budgeting)

Accounting

Cost Units , Costs Types

Business Case

Business Impact Analysis


SERVICE VALUATION (CHARGING)

A mechanism which helps organization to recover at least the expenditure incurred on providing IT services with additional monitorial profits as applicable

Types

• Cost Recovery (Actual)

• Cost Plus Fixed Fee

• Cost Plus % of Costs

• Cost Plus Incentives

• Notional Charging

• Fixed Price

• Time & Material


SERVICE INVESTMENT ANALYSIS

Was termed as Budgeting in v2

It is a Time phased allocation of Funds

It helps Track & Control the expenditure pattern

Also guide how to utilize the funds


ACCOUNTING

A mechanism to track WHAT has been spent & WHERE it has been spent

Maintain accounts of all incoming and outgoing monetary fund

Accounting involves maintaining detailed ledgers of the daily expenditure incurred during the implementation of an IT service.

Helps an IT organization track costs for each customer, service, or activity


COST UNITS & COST CATAGORIES / TYPES

Cost unit is the identified unit of consumption that can be accounted for a particular service or service asset

Cost Categories• Hardware, Software, Travel, Internal, External etc.

Cost Types• Direct & Indirect

• Fixed & Variable

• Capital & Operational


BUSINESS CASE

A decision support/planning system or tool /document

It helps analyze the consequences of some decisions

Usually it is in the form of report & may contain

• Background/History

• Facts & Figures, Validity period of the document

• Risks & Mitigation plans

• Recommendations

• E.g. of Business case is a Study Report for “Why should we buy 34 Mbps Link?”


BUSINESS IMPACT ANALYSIS

It identifies organizations’ most critical business services & links them to the financial values or risks

Helps to prioritize the critical services

Analyzes facets of service such as Impact of outages, Financial penalties, Customer Relationship etc.


ACTIVITIES

To design mechanisms for service valuation, Investment Analysis & Accounting

To align IT Business with Finance Policies

Ensure the accuracy in implementing financial controls

Bill Payments & Collections

Updating the Finance Policies as per Organizational needs


METRICS

Accuracy in Budgeting, Forecasting & Controls

Quick & Effective financial decision making

Proper IT Accounting

Ensure Timely Bill Payments & Collections

Overall performance of Finance Dept.



Finance Manager / Dept./ Controller• To Lay Financial Policies & document

• To ensure that the policies are adhered to

• Implement proper financial controls

• Look for Continual Improvement

Note – Every individual manager has some financial responsibility within his area of control


2. SERVICE DESIGN


ACTIVITIES

Design services to meet Business Objectives

• Design Secure & Resilient IT Infrastructure

• Identify, remove the risks from the services before they go live

• Create & maintain IT plans, policies, technical & process framework (Design tool ensures standards are adhered to)

• Design measurement methods & metrics for assessing effectiveness of processes

• Design Effective & efficient processes for design, transition & operation phases

• Scope includes new services & improvements as may be needed over a service lifecycle


SERVICE DESIGN

1. Service Catalog Management

2. Service Level Management

3. Availability Management

4. Capacity Management

5. Supplier Management

6.Information Security Management

7. Service Continuity Management


SERVICE DESIGN 1 OF 7

SERVICE CATALOG MANAGEMENT


ONE LINER

Service Catalogue Management = Services Ready to Use


OBJECTIVES

Create & Manage Service Catalog

Keep Service Catalog Up to Date with latest information

Continual Improvement in Management of Service Catalog


KEY CONCEPTS

What is Service Catalog?

Service Catalog vs. Service Portfolio

Types of Service Catalog


What is Service Catalog?

• A single source of information for all the service offerings

• Includes Operational & in Transition Services

• E.g. Menu Card in a Hotel

Service Catalog vs. Service Portfolio

• Service catalog is a part of Service Portfolio

• Service Portfolio depicts the services in their Business Value Terms i.e. Why customer would buy it from us

• Service Catalog depicts what service would you like to offer to customer (which will be based on customer needs)

• Service Portfolio is not usually available to be viewed by Customer or public whereas Service Catalog may be


Types of Service Catalog

Business Service Catalog

• Used by Relationship Manager to win a business

• Consists list of all IT services which are important for Customer’s Business Process

• Visible to customer (or even to common public)

Technical Service Catalog

• Used by Relationship Manager to know the capabilities & limits of Business Service Catalog

• Contains all the Backup/Supporting services for services shown in BSC

• Usually Not visible to Customer


METRICS

Accuracy of Information within Service Catalog

Number of corrections made

Customer Feedback

Number of successful/lost proposals



Service Catalog Manager

• Establish & maintain Service Catalog

• Ensure all the information is accurate & up-to-date

• Oversee all the other aspects of service catalog. E.g. Information contains all applicable operational & in Transit services etc.

• Work on Continual Improvement of Service Catalog



SERVICE LEVEL MANAGEMENT


ONE LINER

Service Level Management = Negotiate & Agree Service Levels with client


OBJECTIVES

To Negotiate, Agree & Document the Service Levels

To balance the customer expectations & organization’s capabilities

To measure, report & continually maintain/improve service level

To manage the performance as per agreed service levels

To manage the customer relationship


KEY CONCEPTS

Service Level Requirements (SLR)

Service Level Agreements (SLA)

Operational Level Agreements (OLA)

Underpinning Contracts (UC)

Service Improvement Plan (SIP)

• A formal project undertaken within an organization to identify and introduce Measurable improvements within a specified work area or , work process


Service Scope and description

Service hours

Measures of availability and reliability

Support details – who to contact, when and how

Respond and fix times

Deliverables and time scales

Change approval and implementation

Reference to IT Service Continuity Plan

Signatories

Responsibilities of both parties

Review process

Glossary of terms

ELEMENTS OF SLA


SLA,OLA,UC

Organization Management

Customer

Org’s Internal Teams

Vendors

SLA

OLA

UC


METRICS

Clearly Defined SLAs, OLAs and UCs

Performance against agreed SLAs

Shortfalls in SLA and consequent SIPs

Number & severity of service breaches

Improvement in customer satisfaction



Service Level Manager

• Process Owner

• Review & Reporting

• Maintaining an effective Service Level Management process by defining SLAs, OLAs and UCs

• Updating the existing SLAs, SIPs, OLAs and UCs

• Reviewing and improving the performance of the IT organization to meet agreed service levels



AVAILABILITY MANAGEMENT


ONE LINER

Availability Management = Ensure it is up when it should be


OBJECTIVES

To ensure agreed Availability Level is met or exceeded

The Availability Management process plays an important role in ensuring that a defined level of IT services is continuously accessible to customers, in a cost-effective manner

Continually Optimize & Improve the availability by preparing Availability Plan


Availability

Reliability

Maintainability

Serviceability

Vital Business Function (VBF)

High Availability

Fault Tolerance

KEY CONCEPTS


The ability of a service, component or configuration item to perform it’s agreed & expected function when required

Usually expressed as Percentage

Availability= (AST-DT) X 100

-----------------

AST

AST = Agreed Service Time

DT = Downtime

AVAILABILITY


Reliability• Implies how long the specified service is available for the required period

without any interruptions or failures

Serviceability• Ability of the 3rd party supplier to provide the expected service to service

provider

Maintainability (or Recoverability)• How easy it is to maintain or recover a service, component or configuration

item

• NOTE – Availability can be Proactive (recommended) or Reactive.


Availability Metrics

MTRS- Mean Time to Restore Service (Down Time) =

Relates to Maintainability (Also has an element of Serviceability)

Detection

Diagnosis Recover

Restoration

IncidentOccurred

MTBF- Mean Time Between Failures(Uptime)= Availability

MTBSI – Mean Time Between system Incidents = RELIABILITY

Time

IncidentOccurred

Repair


Vital Business Function (VBF)

• A critical function or business process

High Availability

• Minimizing the impact of component failure

Fault Tolerance

• Ability of a service to continue to be available even after component(s) failure


METRICS

Uptime per service or group of Users

Downtime duration

Downtime frequency

Number of failures beyond ‘X’ time



Availability Manager

• Process Owner

• Ensure the agreed levels of service availability

• Create & manage Availability Plan

• Continual improvement in process/results



CAPACITY MANAGEMENT


ONE LINER

Capacity Management = Ensure IT is sized in optimum & cost effective manner


OBJECTIVES

Provide the required IT Infrastructure in a cost effective manner while also meeting it’s requirements

Ensure optimum utilization of IT infrastructure

Work on current & future needs

Produce & regularly upgrade Capacity Plan


KEY CONCEPTS

Business , Service & Component Capacity Management

Capacity Management Information System

Capacity Plan

Performance Management, Modeling, Application Sizing


Business Capacity Management

• Trend, forecast model and developing the Capacity Plan to understand future business needs

• Modeling to estimate the best alternative for Capacity deployment

Service Capacity Management

• Understand the functioning of the IT services, resource usage and variations to ensure that appropriate service agreements can be designed

• Report on Service profile of use of services, manage demand for service

Component Capacity Management

• Using and monitoring of all components of the IT infrastructure

• Optimize use of the current IT resource components such as bandwidth, network capacity etc.


Capacity Plan

• Time (or trigger) phased plan to maintain/increase the utilization of IT Infrastructure by maintaining or adding IT infrastructure components

Capacity Management Information System (CMIS)

• A system which holds the data needed & maintained by all the capacity sub processes/activities


Performance Management– Monitoring– Tuning

Modeling– Mathematical models for determining the benefits and

costs of varying capacity– Simulation and Analytical techniques

Application Sizing– For determining the hardware capacity required to

support new/modified applications


METRICS

Performance trends after estimates

Reduction in rushed purchases

Reduction in expensive overcapacity

Reduction in number of incidents due to performance plans



Capacity Manager

• Monitors the Process

• Capacity Plan Creation

• Update the Capacity Management Database

Supported by

Technical & Application Management

• To provide capacity requirements via capacity incidents & problems

• Other day to day capacity management activities



SUPPLIER MANAGEMENT


ONE LINER

Supplier Management = Manage Supplier Relationship &

Performance


OBJECTIVES

Manage supplier relationship & performance

Ensure the Right & Relevant contracts with supplier

Manage the contracts throughout their lifecycle

Create & maintain Supplier Policy, List & Contracts Database


Supplier Selection

Request Supplier Responses

Requirement of 3rd party supplier

Select Suppliers

Analyze Supplier Capabilities

Contract with Supplier (UC)

Supplier providesServices

Manage Suppliers SCD

Update supplier’s

records


Supplier – Contracts Database (SCD)

Supplier ContractsDatabase

Organization’s SupplierPolicy & Strategy

Contracts categorizationAccording to Types of services,Owner, expiry date, value etc.

Fresh/Renewed Contracts

Existing Contracts

Records of Past/Expired Contracts

Contracts Modification/Termination

Supplier’s performanceAgainst contract terms


METRICS

Accuracy of information in SCD

Relevance of contracts in terms of SLM

Performance of suppliers



Supplier Manager

• Process owner

• Deliver expected supplier performance

• Create, establish & maintain SCD

• Manage the contracts in conjunction with SLM



INFORMATION SECURITY MANAGEMENT


ONE LINER

ISM = Protect your Data & Information


OBJECTIVES

To prevent Unauthorized Access (& allow Authorized Access)

To provide effective security measures at Strategic, Tactical & Operational organizational Levels

To enable organization to do a business “Safely”

To comply with Security Requirements as per SLA


KEY CONCEPTS

Confidentiality, Integrity, Availability, Non-Repudiation

Information Security Policy

Security Analysis & Controls


Confidentiality

• Information is accessible to only those who are authorized to view it

Integrity

• Information, especially while being communicated, is protected against unauthorized modification

Availability

• Information is invulnerable to attacks or is recoverable in secured way i.e. it is available (only to authorized) when it should be

Non-Repudiation

• Sender of information can not deny that information has NOT been sent by him


Information Security Policy

• A policy of an organization which ensures the compliance to Information Security Objectives & Guidelines

Security Analysis & Controls

• To Analyze the threats to organization’s data/Information & to eliminate/minimize the same

• To provide security controls (checkpoints) at various levels so that reduce the impact of security breaches


METRICS

Effectiveness of Security Measures / Controls

Number of Security Breaches , Attacks

Business Losses incurred due to security malpractices

Adherence /Compliance to Security Standards

Security Audits reports



Security Manager

• Process Owner, Planning for Security

• Design & Monitor Security Policy / Analysis / Controls

• Oversee entire security aspect of the organization

• Overall Improvement

Security Officer

• Mediator between Security manager & Customer / Users

• Assist Implementation of security policies/measures etc.



SERVICE CONTINUITY MANAGEMENT


ONE LINER

Service Continuity Management = Recover from disaster as per agreed & applicable SLA


OBJECTIVES

To create & manage IT service continuity & recovery plans

To reduce potential disaster occurrence

To negotiate & manage necessary contracts with 3rd parties

Balance SLAs & Cost factors while planning for service continuity


KEY CONCEPTS

Business Continuity Strategy

Life Cycle Approach to ITSCM

Assessment of Changes for impact on ITSCM

Dormant Contracts

Negotiated/Compromised SLAs

Regular Testing – Ongoing as a part of Lifecycle approach


LIFE CYCLE APPROACH TO ITSCM

Initiate ITSCM

Gather requirements

• Plan for implementation

Implementation

• ORR (Operation Readiness Review)

• Mock Testing

• Go Live /Sign Off for ITSCM Structure

Ongoing regular testing & updates to ITSCM structure


POSSIBLE RECOVERY OPTIONS

Do nothing

Manual Workarounds

Reciprocal arrangements (Less Frequently used)

Immediate recovery – hot standby (24 hours)

• Mirrored business systems on an alternate site

Intermediate recovery – warm standby (24-72 hrs)

• Similar to immediate but critical systems need to be recovered and run

Gradual recovery – cold standby (72 hrs)

• Empty facility with utilities

Fortress Approach

Dormant contracts

Insurance


Business Continuity Strategy

• Aims at reducing risks by developing recovery plan(s) to restore business activities if they are interrupted by a disaster

Assessment of Changes for impact on ITSCM

• To study & mitigate the impact of any changes in IT Infrastructure on ITSCM

Dormant Contracts

• Contracts with 3rd parties which become active only when triggered by a disaster

Negotiated/Compromised SLAs

• To negotiate appropriate SLAs with customer which will be applicable only during disaster


METRICS

Number of shortcomings

Cost to company due to loss if no recovery Plan

Cost in Time, resources and money to restore IT Services



ITSCM Manager

• Owns entire ITSCM process

• To manage & upgrade ITSCM Plans


3. SERVICE TRANSITION


ACTIVITIES

Plan & Implementation of all the releases / Services (Applies to new & existing services)

• Ensure that the changes as proposed in Service Design are realized

• Authorize, Package, Build, Test & Deploy the releases into production

• Transition of services to & from other Organizations

• Decommission or Termination of services


Service Transition V- Model

Define CustomerBusiness Requirements

Define ServiceRequirements

Design ServiceSolution

Design ServiceRelease

Develop ServiceSolution

Service ComponentBuild & Test

(Internal & ExternalSuppliers)

Validate ServicePackages, Offerings

& Contracts

Service Acceptance Test

Service OperationalReadiness Test

Service ReleasePackage Test

Component & Assembly

Test

Release Test Criteria/Plan

Service Operation Criteria/Plan

Service Acceptance Criteria/Plan

Service Review Criteria/Plan


SERVICE TRANSITION

1. Service Asset &Configuration Management

2. Change Management

3. Release & Deployment Management

4. Knowledge Management


SERVICE TRANSITION 1 OF 4

SERVICE ASSET & CONFIGURATION

MANAGEMENT


ONE LINER

SACM = Know what you have


OBJECTIVES

Identify, Record & Provide accurate information of the Configuration Items (CI = IT components)

Provide the Logical Model for IT infrastructure correlating the IT services & their components

Protect Integrity of the CIs

Create & maintain Configuration Management System

Manage Service Assets (Service CIs)

Perform regular audits / status accounting activities for all the CIs


LOGICAL MODEL

Data CenterNetwork

SAPServices

IT InfraServices

SAP Service 1

SAP Service 2

ApplicationInfrastructure

InfraService 1

InfraService 2

ApplicationInfrastructure

Remote Connectivity

Messaging

Web Services

Customers – RBS, Bank of America, Citi Bank


KEY CONCEPTS

Configuration Items, Baseline, Variant

Types of CIs

Configuration Management System


Configuration Item

• A uniquely identifiable entity/item which needs to be controlled

Baseline

• Snapshot of a CI or a group of CIs at a given time or stage

Variant

• A baseline with minor differences

Configuration Management System

• It is a system which controls & maintains the record if all CIs in a structured manner in 1 or more databases known as CMDB

• Stores Attributes of CIs, Relationship between CIs

• Consists of Multiple layers like Integration Presentation etc.


CONFIGURATION MANAGEMENT SYSTEM

CMDB1Services

CMDB2H/W

CMDB3Policies

Data/Source information gathering

Knowledge & Logic processing

Presentation Layer /User Interface

NOTE – CMDB can be any Database, or even Excel File


TYPES OF CIs

Service Lifecycle CIs

• Business Case, Service Portfolio, Service Design Package

Service CIs

• Service Capability /Resource Assets, Service Model

Organization CIs

• Organization Policies, documentations

• -----------------------------------------------------------------------------------

Internal CIs

• Internal to individual projects which are required to maintain IT

External CIs

• Customer Agreements & Requirements


ACTIVITIES

Planning

Identification

Status Accounting

Control

Verification and Reporting


Defining the strategy, policy and objectives for the process

Analyzing the information, Identifying the tools and resources available for the process

Creating interfaces with other ITIL processes, projects and third party suppliers

Configuration Management Plan including Policy and Strategy could be one output.

Planning


To identify the associated IT services and components, which need to be controlled by the Configuration Management process.

Define the Scope of the process• IT Services, Hardware, Software and Documentation, Specific Areas

Specify the Level of Detail for information recording• Identify the Relationships of the CIs• Determine the depth of information to be recorded• Naming Conventions, Attributes covered

Identification


The next activity after Identification is Status Accounting of the IT component

through its life cycle. A status code is assigned to each of the statuses for easy

identification.

Typical Statuses• New CIs

– In Order, Tested, Accepted• Existing CIs

– Received, RFC open for the CI new version requested, Down, Phased Out, Undergoing maintenance

• All CIs– In Stock, Order received, Under test, Released for Installation,

Live, Spare

Status Accounting


Configuration Management controls all the IT components received by

the organization.

Control

• Who can Access, who can modify

Control


Audit and Verification

Does the CMDB reflect reality?

• The activities includes verifying and auditing the details in the CMDB.

• For example, audit tools can be used to automatically analyze workstations and report on the current situation and status of the IT infrastructure.

Accuracy is improved by

• Active rather than passive CMDB

• Automatic updating

• Integration with other processes

• Automatic checks


Assess the efficiency and effectiveness

• Through Regular MIS reports

• Scheduled reviews of the expected growth in demand of Configuration management activities

Reporting


METRICS

Number of occasions on which a – "Configuration" was found to be unauthorized– Number of refused RFCs as a result of incomplete data in the

CMDB– Number of changes to the CMDB because of identified errors

in the CMDB– Unauthorized IT components detected in use



Service Asset Manager

Configuration Manager

These are responsible for their own processes

• Implementing policy

• Agree scope, processes & procedures

• Define necessary controls

• Oversee collection & management of data

• Audits

• Produce management reports



CHANGE MANAGEMENT


ONE LINER

Change Management = Minimize the Impact of Change


OBJECTIVES

Study the adverse Impact of change & minimize it

Create & maintain a Change Management process

Prevent Unauthorized changes

Prepare Change (& Back out) Plans via FSC & provide PSA

Post Implementation Reviews of Changes

Maintain a record of all changes

Note - Change Management does NOT implement change


KEY CONCEPTS

Scope of Change Management

Change Types , RFC, Change Classification & Prioritization, Change Models

CAB, ECAB, FSC, PSA, Back out Plans


Scope of Change Management

Scope of Change Management process is restricted to

• IMAC of IT Infrastructure Components including documentation

• Strategic, Tactical & Operational changes

Out of Scope

• Business Strategy & Processes

• Implementation of changes

• Any other task documented as out of scope


Change Types

Standard Changes

• Routine Changes that follow an established procedure & do not disrupt It services

• E.g. updating the Anti-Virus software is a standard Change

Emergency Changes

• Crucial to an organization and have to be implemented immediately.

• Emergency Changes are disruptive and prone to failure

• E.g. the some ports in critical switch has gone down. Therefore, a new switch needs to be installed


Request for Change (RFCs)

• Incidents, upgrades to the infrastructure, or changes in the business requirements generate the need for a Request for Change (RFC)

Change Classification & Prioritization

• To classify & plan changes in the order of their impact & urgency

Change Models

• Predefined way or procedure for handling known type or complexity

• Automated as far as possible

• Allow for scalability to create a new model


Forward Schedule of Changes (FSC)

• Contains details of all approved changes and their implementation dates for an agreed period

• Detailed short term schedules and less detailed for longer term planning

Projected Service Availability (PSA)

• To determine the best time for a change implementation

• Both the FSC and PSA are agreed with the customers

Back Out Plan

• It is executed if the Change can not happen as per plan

• Usually but not necessarily the typical back out plan is to bring the systems back to original state it was in before the change started


Change Advisory Board (CAB)• CAB approves Changes after assessing and prioritizing the RFCs.

• CAB members should have sound technical knowledge and good business perspective.

• Change Manager is the only permanent member on the CAB & ECAB

CAB/Emergency Committee• To review urgent changes

• Few members required (typically Senior Managers from concerned dept)

• Availability after shift hours


Change Management Process Flow

Request ForChange (RFC)

ChangeManager

Line ManagerApproval

CABMeeting

Post ChangeReviewFSC/PSA

Implement Change

Update CMDB &Change Records

Failure

Back out Plan

Success

Problem Management Customer

or other teams

SCM, Capacity, BRM,ISM,SLM, R&D, Customer etc.

Consult

Invitations as applicable

CustomerSign Off


ACTIVITIES

Record RFC

Review RFC

Assess & Evaluate Change – 7 Rs of Change

Authorize Change

Issue Change Plan (to R& D Team)

Support/Coordinate Change Implementation

Post Change Review


7 Rs of Change

Who RAISED it

What is REASON for change

What is the RETURN expected from change

What could be the RISKS involved in change

Which RESOURCES are needed to implement change

Who (which R&D Team) is RESPONSIBLE for build, test & implement change

Is there (or what) any RELATIONSHIP between this change & other changes

Back to previous slide


METRICS

Number of Rejected RFCs

Number of Incidents occurring due to implemented Changes

Number of successful changes

Number of unsuccessful changes

Number of backed out changes

Average Time needed to implement a Change

Number of incidents resolved by implementation of a Change



Change Manager

• Chairperson of the CAB

• Filtering and accepting RFCs

• Primary Responsibility of planning and coordinating implementation of changes

• Obtaining authorization for change

• Reviewing Implemented Changes

• Convening emergency CAB meetings

• Generating Change Management reports

• May have Change coordinators to support

CAB Member

• Belongs to the CAB and participates in all CAB meetings

• Helps in reviewing all RFCs to estimate impact

• Participates in Scheduling Changes



RELEASE & DEPLOYMENT MANAGEMENT


ONE LINER

R & D Management = Bring in the change Carefully


OBJECTIVES

Implementing the authorized changes as per Change plan

Plan, Design, Build, Test & Install Hardware & Software components

Skills & Knowledge Transfer to enable

• Customers & users the optimum use of service

• Operations & support staff to run & support the service


KEY CONCEPTS

Release

Release Units

Release Identification

Types of Release

Release Methods


Release

A collection of authorized Changes to an IT Service

A Release is defined by the RFCs that it implements

A Release could consist of a number of Problem fixes and enhancements to a service.


A Release unit describes the portion of the IT infrastructure that should be released together.

Depending on the type or item of software and hardware, the size of the unit can vary. An example of hardware Release Unit can be changes to the complete PC or Processor. An example of a s/w release unit could be changes made to a system, suite, program or module.

Including too many changes in one release can be too complex for safe implementation while too many releases affect user dependency on the stability of the service.

Release Units


The status of a Release alters according to its current environment. Release identification means determining the status of a Release in different environments. The environments in which a Release can be categorized are:

– Development– Test– Live– Archive

Release Identification


Depending on the number of changes that should be included in one Release, a Release can be of the following type:

• Delta Release Just a few changes normally a quick fix

• Full Release When a program is released in its entirety, including the parts that

were not changed. A number of similar Changes can be implemented together in this

Release More preparation and resources are required for a Full Release

• Package Release You use a Package Release when you Release a group of

software. Each of the software in the package depends on the other software in the group for its performance.

For example, scheduled upgrades to third-party software, such as Systems software and Office applications are appropriate for Package Releases.

Release Types


Release / Deployment Methods

Big Bang vs. Phased Approach

• In Big Bang approach the new or changed component is deployed to all user areas in one go

• Phased approach involves deployment of components to part of user area & then deploying in other areas in phased manner

• Alternatively, the release itself is carried out in phased manner

Push vs. Pull (usually for software)

• Push is used when a component is deployed from a centre & pushed to it’s target locations

• Pull is used when a software is stored in centre & users are requested to pull it based on their requirements

Automated vs. Manual


ACTIVITIES

Release Planning

Release DesignBuilding & Configuring

ReleaseTesting &

Acceptance

Roll OutPlanning

Communication,Preparation &

Training

Release Distribution,

Implementation

Definitive Software LibraryDefinitive Hardware Store

Configuration Management Database


METRICS

• Number of Incidents by Back Out

• Number of accurate and timely release at remote sites

• Number of unused software that have unnecessary costs, eg. Licence fees

• Number of times unauthorised software is used

• Number of times CMDB status is updated/not updated



The Release & Deployment Manager coordinates the implementation of the process with other teams.

• Prepares Release Plan

• Authorises the Release Build and Configuration

• Communicates Release to other groups

• Coordinated final Implementation of Release

• Member of the CAB

The Test Manager ensures that the release is tested and signed off by proper authorities.

• Successful testing of the release before sign-off

• Ensure Testing environment is same as Live environment

• Preparing roll-out Plan with Release Manager



KNOWLEDGE MANAGEMENT


ONE LINER

Knowledge Management = Gather, Analyze, Store & Share the knowledge


OBJECTIVES

Improve the efficiency by reducing the need to Re-discover the knowledge

Create, Maintain & update Service Knowledge Management System

Make sure that a Right & Relevant information at Right time is available for organization’s requirements (e.g. Customer details, contract/SLA data)


KEY CONCEPTS

D-I-K-W Structure

DML

DML & CMDB

SKMS


Data - Information – Knowledge - Wisdom

Data

• A set of discrete facts about the events

• Usually large amount of data is/can be collected

Information

• The data is arranged/sorted in appropriate context & manner so that it’s easy to locate/work on

• Answers questions like Who, what, when, where?


Knowledge

• Created based on the information/data or own expertise

• Answers How?

• Is dynamic & context based

• Helps in decision making

Wisdom

• Gives detailed understanding

• Arriving at the judgment

• Helps finalize future decisions/actions


Definitive Media Library

Store Master copies of all the S/W assets

• In house, external, Trail, Commercial Of The Shelf

• Licenses, Scripts & codes

Is controlled by Service Asset & Configuration Management process

Serves as the only source for build & distribution for Release & Deployment process


DML & CMDB

CMDB stores the information about all the CIs (H/W & S/W)

DML stores the actual CIs (S/W only)

Both are controlled by SACM process

Both form part of SKMS


Service Knowledge Management System

Services H/W Policies

Presentation Layer /User Interface

SCDCDBDML

CMS

Service Knowledge Base

Knowledge & Logic Processing


4. SERVICE OPERATION


ACTIVITIES

Keeping services into Operations

• Ongoing day to day activities

• Ensure that services are delivered at agreed levels (SLA)

• Continual Improvement in meeting the SLAs & management of operations

Involves Management of

• Services

• Service Management Processes

• People

• Technology


Achieving balance between Conflicting Motives

IT Services vs. Technology (External Business View vs. Internal IT view)

Stability vs. Responsiveness

Quality of Service vs. Cost of Service

Reactive vs. proactive


SERVICE OPERATION

Service Desk (FUNCTION)

Event Management

Incident Management

Request Fulfillment

Access Management

Problem Management

Technical Management (FUNCTION)

IT Operations Management (FUNCTION)

Application Management (FUNCTION)


SERVICE OPERATION 1 OF 9

SERVICE DESK

(FUNCTION)


ONE LINER

Service Desk = Single & the First Point Of Contact


OBJECTIVES OF SERVICE DESK

To serve as FIRST Point of Contact (FPOC)

Play a vital role in achieving Customer Satisfaction

First Level Fix (FLF) & First Level Diagnosis (FLD)

To coordinate the activities between End User & IT Service Provision Teams

To OWN the Logged Request & ensure the Closure.

Escalate as appropriate

To support other IT Provision Activities on need basis


KEY CONCEPTS OF SERVICE DESK

Logging the call with service desk

Types/Models/Structures of Service Desk

Skills required for Service Desk Personnel


LOGGING THE CALL WITH SERVICE DESK

Who – End users, All other relevant teams, Events, Service Desk Team itself

• NOTE: Not every call logged is an incident

Why – As a part of responsibility, as a proactive measure

How – Telephone, Emails, Alerts, Web Console etc.

What is an Incident?

• An occurrence of event(s) which disrupts or can potentially disrupt the normal service operation

What is problem?

• Unknown underlying cause of one or more incidents


TYPES / MODELS / STRUCTURES OF SERVICE DESK

Central Service Desk

Local or Distributed Local Service Desk

Virtual Service Desk

Follow the Sun Model

Specialized Service Desk


CENTRAL SERVICE DESK

Single Service Desk at a possible central location

Can be a group of service desks Integrated at a single location

Advantage

• Cost cutting

• Centralized control

Disadvantage

• Some Local presence may still be required for Physical support


Centralized Service Desk

ABC Ltd.Delhi

ABC Ltd.Hyderabad

ABC Ltd.Bangalore

ABC Ltd.Pune

Helpdesk

011-232425 Helpdesk011-

232425Helpdesk011-232425


LOCAL OR DISTRIBUTED SERVICE DESK

The desk is co-located within or physically close to user premises

Advantage

• Useful in case of multilingual / multi location organizations

• Faster response wherever Physical presence is necessary

Disadvantage

• May prove Expensive

• Difficult to manage multiple desks


Local or Distributed Service Desk

ABC Ltd.Delhi

ABC Ltd.Hyderabad

ABC Ltd.

Bangalore

ABC Ltd.Pune

SD

SD

SD

SD


VIRTUAL SERVICE DESK

By using the extensive technology, an appearance of a single / centralized desk

Primarily used in Off-shoring kind of services

Advantage

• Maximum use of technology so minimum personnel involvement

• Less number of requests go Unregistered

Disadvantage

• Expensive to use

• Physical support may not be possible


Virtual Service Desk

ABC Ltd.Delhi

ABC Ltd.Hyderabad

ABC Ltd.Bangalore

ABC Ltd.Pune

SDLondon

SDSydneySD

Beijing

SDNew York

NetworkCloud

1800XX

1st Caller

Answer to1st Caller

1800XX

3rd Caller

Answer to3rd Caller 1800XX

2nd Caller

Answer to2nd Caller

1800XX4th Caller


FOLLOW THE SUN MODEL

24 Hrs of Desk

Team which is in Day time picks up the call

Advantage

• Best for 24 Hrs kind of support

• Less desk staff attrition due to working time

Disadvantage

• Expensive due to use of technology

• Multiple control points so difficult to manage


Follow the SUN

Indian Standard Time

RespondingSD Region

10 AM 3 PM 8 PM 1 AM5 AM

AUS

USAEST

UK

IND

USAPAC


SPECIALIZED SERVICE DESK

Expert Staff specialized in their respective fields

Advantage

• Faster & accurate resolution of request

Disadvantage

• Difficult to get skilled staff


Specialized Service Desk

Service DeskMenus

Usercalls

DBA

NetworkAdmin

WindowsTeam

Email Team


NOTE

In practical world, most of the organizations use a mixture of service desk types/models/structures.


SKILLS REQUIRED

Communication

Interpersonal Skills

Business / IT Understanding

Professionalism

Customer Focus

Subject Knowledge (for a Specialist Service Desk)


ACTIVITIES OF SERVICE DESK

Receive & Log the calls from End Users, events etc.

Provide Preliminary level of diagnosis as applicable

Categorize the incident as possible

Assign to relevant Incident Team

Follow up with Incident Team

Update status regularly & communicate to user as applicable

Keep an eye on agreed SLAs

Escalate as & when appropriate

Confirm with user before closing the incident

Provide Service Desk Metrics Reports to Service Desk Manager


METRICS FOR SERVICE DESK

Average call resolution/duration

% of calls picked up in 3 rings, % Unattended

Accuracy of updating ticket status

Number of SLA breaches

Timely Escalations

Customer Satisfaction


ROLES & RESPONSIBILITIES IN SERVICE DESK

Service Desk Staff

• To Perform all the activities of Service Desk as applicable

Service Desk Manager

• To Oversee the functioning of Service Desk

• To build Service Desk Team for new services

• To Monitor the performance of Service Desk on regular basis

• To identify & work on the Continual Improvement of Service Desk



EVENT MANAGEMENT


ONE LINER

Event Management = Detect Events & decide appropriate Actions


OBJECTIVES

Detect Events, Make Sense/Analyze them & Decide the appropriate action

Monitor, Record & filter the relevant events

Trend Analysis as a Proactive Measure/Study purpose

Contributes to maintain SLAs.


KEY CONCEPTS

Event, Event Management, Alerts

Type of Events


Event

• A notification or alert created by IT Service, CI or Monitoring Tool

Event Management

• A process of managing the events throughout their lifecycle

• Typically done by IT Operation Staff

Alerts

• An occurrence of something which triggers event or a call for action or a human intervention


Information

• An event which is only meant to provide information

• E.g. Backup job completed

• Usage – To check status of activity, device – To get statistics

• Informational events are usually recorded for a pre-determined period

Types of Events


Type of Events….contd

Warning

• Event meant as a proactive measure to indicate that service or device is reaching a threshold

• E.g. Network traffic reaching a congestion point

•

Exception

• Event which indicates that a service or a device is behaving abnormally (against a defined behavior)

• E.g. Hdd1 in RAID has failed


ACTIVITIES

Recording, Filtering Events

• All Events usually get recorded in a log file

• Events are filtered according to their types either automatically or manually

Prioritization of Events

• Events are prioritized based on their importance & their types

• Based on SLAs, some events can always get high priority

Exceptions Management

• Exception is usually converted into Incident or problem or RFC

• Exception does NOT necessarily represents Incident/problem


METRICS

Effectiveness of Event Management

• How best are the events designed

• Are they in alignment with SLAs?

• Are they monitored, recorded, filtered correctly?

• How well the events data is maintained

• How many incidents are logged proactively based on Warnings/Exception



Usually NOT a dedicated role such as Event Manager

Event Management is conducted by staff in

• Service Desk– Less Involvement. – Typically involved for logging incidents based on Exceptions

• Technical & Application Management– Both Application & Technical Management value add to event

management during Service Design, Service Transition & Service Operation

• IT Operations Management– Usually clubbed with Technical or Application management– Typically do Monitoring & First-Lie responses



INCIDENT MANAGEMENT


ONE LINER

Incident management = Restore Service ASAP


OBJECTIVES

To restore NORMAL service operation as quickly as possible

• NORMAL means as agreed in SLA

To log & Track incidents wherever applicable (e.g. Proactive measure)

To deal with all incidents consistently

To assist Problem Management team as required

To assist Service Desk/ Release Team for any RFCs


KEY CONCEPTS

Incident

• An occurrence of event(s) which disrupts or can potentially disrupt the normal service operation

Problem

• Set of incidents with similar underlying “unknown” cause(s)

• (A root cause of one or more incidents)

Priority

Escalation Mechanism

Incident Lifecycle


Impact

• Evidence of effect upon business activities

Urgency

• Evidence of effect upon business deadlines

Priority = Impact X Urgency


Functional Escalation

Through various functions or support group levels

Hierarchical Escalation

Through organizational hierarchy

Escalation Mechanisms


INCIDENT LIFE CYCLE


Incident Detection & Recording

Classification & Initial Support

Investigation & Diagnostics

Resolution & Recovery

Incident Closure

Request Fulfillment ProcedureIs it a

Request?Ownership,Monitoring,Tracking &

Communication

YES

NO


Time You Receive a Call

Incident details from Service Desk or event management systems are the inputs for Incident Management. Resultant actions are to:

• Record basic details of the Incident.

• Alert specialist support group(s) as necessary.

• Start procedures for handling the service request.

Incident Detection and Recording


Classification is the process of identifying the reason for the Incident and

hence the corresponding resolution action.

The classification is used to:

Specify the service with which the Incident is related.

Associate with an SLA where appropriate.

Select/define the best specialist or group to handle the Incident.

Identify the priority based upon the business impact.

Define what questions should be asked or information checked.

Determine a primary reporting matrix for management information.

Identify a relationship to match against Known Errors or solutions.

Classification-Prioritization & Initial Support


Inputs:

Updated Incident details.

Configuration details from the CMDB.

Actions:

Assessment of the Incident details.

Collection and analysis of all related information.

Resolution (including any Work-around) or a route to n-line support.

Outputs:

Incident details yet further updated, and a specification of the selection or required Work-around.

Investigation and Diagnosis


Inputs:


Any response on an RFC to effect resolution for the Incident(s).

Any derived Work-around or solution.

Actions:

Resolve the Incident using the solution/Work-around or, alternatively, to raise an RFC (including a check for resolution).

Take recovery actions.

Outputs:

RFC for Incident resolution.

Resolved Incident, including recovery details.


Resolution and Recovery


Inputs:


Resolved Incident.

Actions:

The confirmation of the resolution with the Customer or originator.

‘Close' category of Incident.

Outputs:

Updated Incident detail.

Closed Incident record.

Incident Closure


MAJOR INCIDENTS

These are incidents which have a short timescale target & higher urgency

Major Incident is NOT a Problem


METRICS

Number/Percentage of proactively recorded Incidents

Average time to resolve Incidents

Number of Incidents/workstation within SLAs

Percentage of Incidents resolved at First Line, Second Line Support

Total no. of Remote resolution of Incidents


INTERFACES

Incident Management

Problem Management Change Management

Capacity Management

Availability Management

SD & otherFunctions

Other processes e.g. Demand

R & D Management

SACM


Incident Manager : who is the overall in-charge of the Incident Management process and is responsible for:

• Creating Process Reports

• Organising Management Information

• Recommending measures

• Usually this role is assigned to Service Desk Manager

Support Groups

• Level 1 to Level n

• Tech Specialist Group

Super Users

• They act as a link between IT & Service Desk

• Manage expectations of users in terms of SLAs & Service Desk

• Training & Encouraging users for minor incident resolutions

• Involvement in new releases/roll outs




PROBLEM MANAGEMENT


ONE LINER

Problem Management = identify Root Cause of the incident(s)


OBJECTIVES

To ensure that problems are identified and resolved

To eliminate recurring incidents

To minimize the impact of the incidents or problems that can not be prevented


KEY CONCEPTS

Problem

• A root cause of one or more incidents

Problem Model

• A model/ set of guidelines to deal with the problems which can not be prevented

Workaround

• A temporary solution / Quick Fix which enables to user to continue using the service even though the root cause is not identified/removed

• Usually Problem Team suggests workaround & Incident team implements it


KEY CONCEPTS…CONTD

Known Error

• A Problem for which the root cause is identified and a temporary Work-around has been made available

• A Known Error is resolved by eliminating the root cause permanently (E.g. via RFC)

Known Error Database

• The purpose of this database is to maintain a record of all the previous incidents, problems & known errors


Reactive Problem Management :

• The Reactive Problem Management activities help in identifying the root causes of the Incidents.

• Then, these help in suggesting permanent solutions so that these Incidents do not recur.

Proactive Problem Management :

• The Proactive Problem Management activities aim at preventing Incidents before they occur. This activity helps identify weaknesses in the IT infrastructure and suggests methods to eliminate these

PROBLEM MANAGEMENT TYPES


Pain Value Analysis

Ishikawa Diagrams

Kepner and Tregoe Analysis

Major Problem Reviews

Problem Management Techniques


METRICS

Number of Incidents reduced by resolving Problems

Time needed to resolve Problems

% of Problems re-occurred

Well maintained KEDB


Problem Manager :who is the overall in-charge of the Problem Management process and is responsible for:

• Developing and maintaining the process

• Assessing effectiveness of the process

• Managing the Problem Support staff

• Providing MIS to management

• Allocating resources to the Support activities

Support Groups : Are the Support Group Personnel who help the Problem Manager in Reactive and Proactive Problem Management through

• Identifying and recording problems

• Advising Incident Management team about workaround and fixes

• Identifying trends and potential sources of problems

• Submitting RFCs to prevent the occurrence

• Prevent the replication of problems to multiple systems




REQUEST FULFILLMENT


ONE LINER

Request Fulfillment = Provide a quick response to standard service requests


OBJECTIVES

To communicate (or make available) the information regarding existing Standard services & the procedures

To provide channel & mechanism for users to avail these standard services

• Users need to raise a Service Request for the same

To provide the standard services to users

• May need to work in background as well for e.g. procurement of h/w (like mouse) for standard services

To assist for general queries, updates on standard services

NOTE - Request Fulfillment derives guidance from Change Management


KEY CONCEPTS

Service Requests & Standard Service

Components of Standard Services

Request Model


Service Request

• A request from users for Standard service

Standard Service

• Typically involves a routine type of change

• Although may be managed by Service Desk, it is NOT treated as Incident

• E.g. Change of Mouse, Resetting password

Components of Standard Service

• Pre-defined process

• Some changes can be pre-approved (or Auto Approved) e.g. Requesting stationary

• Some changes may require additional or special approvals


Request Model involves a process-flow for Request Management

Make Self-Help available

Typical process flow would be

• User initiates request

• Request is accepted (or rejected as per process) by Service Desk

• Necessary Approvals (if not pre-approved) are sought by SD

• SD may also order the components (h/w or s/w) if out of stock

• When approvals and components are ready, SD delivers the service to user

• Service request is closed by SD


METRICS

User Satisfaction Survey feedback

Number of Requests fulfilled



Usually NOT a dedicated role such as Request Manager

Request Fulfillment is managed by staff in

• Service Desk, Incident team or other team as designated by organization

• Typical responsibilities as per Request Process Flow

• Mostly Service Desk Manager is accountable



ACCESS MANAGEMENT


ONE LINER

Access Management = Manage the Access to Services


OBJECTIVES

Granting authorized users the access to their Required services

Ensure that the access provided is of Right level

Revoke the access after getting the necessary & relevant approvals

(Indirectly) prevent non-authorized access from non-authorized users

NOTE – Access management derives guidance from Information Security Management


KEY CONCEPTS

Access

• Level & Extent of functionality that users can enjoy

Identity

• Unique Information about the user which confirms his status within the organization

Rights

• Actual settings which ensure that users get the required access

Service & Service Groups

• Set of services to which users can get the access in one go

Directory Services

• A specific type of tool to help manage the Access or Rights


ACTIVITIES

Request Access

• Users can request access via, RFC or Service Request via Request Fulfillment or Helpdesk Menu

Verify User Identity

• Access Management Team ensures that users are who they say are & they have legitimate requirement for service

Provide Rights

• Access team provides the rights to users as per Policies of the organization


Monitor Identity Status

• Monitor users identity status, their change of roles, expiry of valid account etc.

Log & Track the Access

• Ensure the Accesses are logged & data is maintained as per organizations policies

Revoke or Restrict Access

• Revoke/Restrict or modify the rights as per user status & as directed by policies


METRICS

Meeting Access SLAs

Accurate levels of Access Management

Any other metrics as asked by Information Security management



Usually NOT a dedicated staff

Typically carried out by Service Desk staff

May also be managed by

• IT Operations Management Staff

• Technical Management Staff

• Applications Management Staff



IT OPERATIONS MANAGEMENT

(FUNCTION)


ONE LINER

IT Operations Management = Support day-to-day basic level operational activities


OBJECTIVES

Ensure the Infrastructure Stability by performing basic level jobs

Support day to day operational activities

Identify the opportunities to improve overall operational performance & saving costs

Initial level diagnosis (& resolution) of operational incidents


ACTIVITIES

Basic level activities such as

• Backup & Restore jobs, Tape Management

• On call (telephone) or Remote Control (Vnc, netmeeting) resolution

• Outlook configuration

• Facilities Management (e.g. Printer management)

• Basic H/W & S/W installations/configurations



IT Operation Manager

• Leadership/Management activities

• Management Reports

Shift Leader

• Overall in-charge of shift activities

• Roaster plans, reports, updates etc.

Analysts

• Senior staff with more important workload assigned

Operators

• All basic level jobs/ activities



TECHNICAL MANAGEMENT

(FUNCTION)


ONE LINER

Technical Management = Maintain Technical Knowledge & Expertise


OBJECTIVES

Design of efficient, resilient & cost-effective IT Infrastructure for the organization

Maintain Technical Knowledge & Expertise as required to manage this IT Infrastructure

Ensure availability of actual technical resources when required especially during failure

Other activities/roles within other ITIL processes or as directed by organization

Provide technical resources for complete lifecycle i.e. design, build , test, transition , implement & improve


KEY CONCEPTS

Technical Management Alignment

• Alignment as per Technical lines for e.g. Mainframes, Networks etc.

Activities

• Manage lifecycle of Organization's IT Infrastructure

• Maintain Knowledgebase

• Constantly update Technical expertise



Technical Managers/ Leads / Analysts / Operators / Specialists

• Leadership/management activities

• Arranging Trainings, other activities to update the technical knowledge

• Reporting to senior management

• Ensure policies/processes are in place for maintaining the technical data/knowledge



APPLICATION MANAGEMENT

(FUNCTION)


ONE LINER

Application Management = Managing Applications throughout their Lifecycle


OBJECTIVES

Identify the requirement of Applications

Design efficient, resilient & cost effective applications for managing IT Infrastructure

Ensure availability, security of the applications

Maintain the operational applications & their day-to-day activities

Provide support during Application Failures

Improve the functionality of applications as per organization’s needs


ACTIVITIES

Manage applications throughout their lifecycle

Assist Design, Build, Test & implement applications

Maintain knowledge & expertise for Managing the applications

Make Application resources available

May be involved in Development project but it’s not their primary responsibility



Application Managers / Team Leaders

• Leadership & management activities

• Reporting to Senior Management

• Trainings & other activities to improve expertise & knowledgebase

Application Analysts / Architect

• Work with first level users to capture & manage their requirements

• Created & maintain standards for Application sizing, performance modeling etc.

• Coordinate with Technical Management team as applicable


5. CONTINUAL SERVICE IMPROVEMENT


ACTIVITIES … (Scope includes ALL Service Lifecycle Phases)

Continually align IT services to changing business needs by identifying & implementing improvements

Continual Improvement of process efficiency & effectiveness along with Cost Effectiveness

Maintain/Improve overall health of ITSM services in the organization

Alignment of Service Portfolio with Business needs

Maturity of processes, Customer Satisfaction Surveys, Internal & external Services reviews, Audits


KEY CONCEPTS

CSI Model

Service Measurement

VDJI Structure

Types of Metrics

7 Step Improvement Process


Continual Service Improvement Model

What is the Vision?

Where are we now?

Where do we wantTo be?

How do we get there?

Did we get there?

How to keepMomentum

Going?


Service Measurement

Ability to capture the performance of an End to End service against Targets/Standards

Also helps in prediction of future performance

Produces management reports for comparison / Trend


Why do we measure?

Organization’s Measurement

Framework

Strategic Vision

To Validate

ChangesCorrective

Actions

To

Inte

rven

e

Factual Evidence

To Justify

TargetsMetrics

To Direct


Types of Metrics

Technology based Metrics

• Typically used for applications, components etc.

• E.g. Performance, Downtime

Process based Metrics

• Focused on Customer, Processes

• E.g. KPI, CSF

Service based Metrics

• End to End services

• Focused on Supplier

• E.g. Gold/bronze package service



Service Manager

• Oversee the development, implementation, Evaluation & Ongoing management of all new & existing products & services

• Develops Business Case, Product Line strategy & Architecture

• New Service Deployment & lifecycle Schedules

• Perform Service Cost Management

• Instill a Market Focus


7 STEP IMPROVEMENT PROCESS


7 Step Improvement Process

1.Define What You should

measure

2.Define What You can measure

3.Gather the Data

4.Process theData

5.Analyze theData

6.Present & usethe Information

7.Implement correctiveActions

Goals


Prerequisite for 7 Step Improvement Process

Identify & understand your organization’s

• Strategy

• Vision

• Goals

Distinguish between short term & long term activities

Proceed to 7 Step process


1. Define What you Should measure

Inputs

• Vision & Mission

• SLR, SLAs

• Service Catalog

• Legislative, Governance requirements

• Business expectations

Output

• List of what you should measure

1.Define What You should

measure


2. Define what you can measure

Inputs

• List of what you should measure

• Existing/new Processes/Procedures/Work Instructions

• Existing/proposed Tools, their expertise, manuals

• Past experiences, reports

Output

• List of what you can measure

2.Define What You can measure


3. Gather the Data

Inputs

• List of what you can measure

• Answers to Who, how, when

• Check the accuracy of data

• Data collection requirements, procedures

Outputs

• Collection of Data

• Updated Capacity, Availability plans

• Tools to be used

• Monitoring procedures

3.Gather the Data


4. Process the Data

Inputs

• Data from previous step

• Data processing requirements, tools, formats, frequency

Output

• Updated Capacity, Availability plans

• Sorted, well arranged Data

• Reports, facts & figures

4.Process theData


5. Analyze the Data

Inputs

• Outputs from previous step

• Data comparison with expectation

• Questions like, is this performance good, bad, with target etc.

Output

• Analyzed Data

• Reports which help in drawing conclusions, decision making

5.Analyze theData


6. Present & Use the Information

Inputs

• Outputs from previous step

• Past presentations

Output

• Presentation of information, conclusions & recommendations to Business, Senior management & Internal IT

6.Present & usethe Information


7. Implement Corrective Actions

Inputs

• Decisions by Business, Senior Management, Internal IT

• Necessary Authority, Approvals & responsibilities

Output

• Implemented Corrective actions

• Improved results

7.Implement correctiveActions



CSI Manager

• Drive, Communicate & Coordinate CSI Vision & Initiatives in organization throughout service lifecycle

• Oversee & be Accountable for the success of all Improvement initiatives

• Constantly work with Process/Service owners to identify Scope of Improvement

• Build effective relationships with the Business & IT managers

• Ensure Monitoring is in place to gather Data


SUMMARY OF ITIL v3 PROCESSES & FUNCTIONS

1.SERVICE STRATEGYDemand ManagementService Portfolio ManagementFinancial Management

2.SERVICE DESIGNService Catalogue ManagementService Level Management Availability ManagementCapacity Management Supplier ManagementInformation Security ManagementService Continuity Management

5.CONTINUAL SERVICE IMPROVEMENT•7 Step Improvement Process–Service Reporting–Service Measurement

3.SERVICE TRANSITIONService Asset&Configuration Management Change ManagementRelease & Deployment ManagementKnowledge Management


Service LifecycleApproach


REFERENCES

http://www.itil.org

http://www.itil-officialsite.com/home/home.asp

http://www.ilxgroup.com/itil-v3-presentation.htm

http://h10076.www1.hp.com/education/itil-version3.htm

http://www.apmgroup.co.uk/QualificationsAssessments/ITServiceManagement.asp

http://h10076.www1.hp.com/education/itil_v3_faqv4.pdf

Some more Links - C:\Documents and

Settings\nrane\Desktop\ Microsoft Office Word 97 - 2003 Document


ITIL Foundation Certification Examination–

WHY SHOULD YOU DO IT?

• It is an emerging necessity

• Customers are demanding it

• It gives CSC a competitive advantage

• It Value-Adds to Individual Career Development


Managed by APMG from April 08

Multiple Choice Examination (1hr)

65% required to pass (26 from 40)

Pre-requisite for the Practitioner and Manager’s Certificates

ITIL FOUNDATION CERTIFICATION


EXAM FOCUS AREAS

Typically Possible number of questions per processService Strategy: 3 – 5

Service Design: 10 – 12

Service Transition: 10 – 12

Service Operation: 10 – 15

Continual Service Improvement: 3-5


EXAM FOCUS AREAS…CONTD

Possible questions could also include

• Basic Concepts

• Names, Objectives, Roles of processes & their single liners

• Interfaces between processes

• The Lifecycle stage process falls into (especially new processes)


THANK YOU

ITIL v3

Documents

Transcript of ITIL v3