PDCA FOR ITIL Metrics, CSFs and workflows for implementing ITIL practices KIRAN KUMAR PABBATHI
PDCA FOR ITIL Metrics, CSFs and workflows for implementing ITIL practices
KIRAN KUMAR PABBATHI
Published by TSO (The Stationery Off ice) and available from: Online www.tsoshop.co.uk Mail, Telephone, Fax & E-mail TSO PO Box 29, Norwich, NR3 1GN Telephone orders/General enquiries: 0870 600 5522 Fax orders: 0870 600 5533 E-mail:
[email protected] Textphone: 0870 240 3701 TSO@Blackwell and other Accredited Agents
Author: Kiran Kumar Pabbathi © Inform-IT, Knowledge Center for Service Management Copyright in the typographical arrangement and design is vested in The Stationery Office Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the permission of the publisher. Applications for reproduction should be made in writing to The Stationer y Office Limited, St Crispins, Duke Street, Norwich NR3 1PD. The information contained in this publication is believed to be correct at the time of manufacture. Whilst care has been taken to ensure that the information is accurate, the publisher can accept no responsibility for any errors or omissions or for changes to the details given. ITIL® is a Registered Trademark of the Cabinet Office. A CIP catalogue record for this book is available from the British Library. A Library of Congress CIP catalogue record has been applied for. First published 2013. ISBN 9780117082076. Printed in the United Kingdom for The Stationery Office. P002570908
07/13
Contents Preface
11
Acknowledgements
12
About the author
13
Why this book?
14
How to read this book
15
Frequently asked questions
17
1
Introduct ion to ITSM
19
1.1
Basic terminology
20
1.2
What are IT services?
21
1.3
Importance of best practices
21
1.4
ITIL lifecycle stages
21
1.5
Processes in ITIL
22
1.6
Functions in ITIL
22
1.7
Why do we need processes?
22
1.8
Can ITIL processes help in managing business services?
23
2
3
Strategy management for IT services
31
2.1
32
Basic terminology
2.2 Overview of strategy management for IT services
32
2.3 Implementing strategy management for IT services
33
2.4 Measures
36
2.5 Strategy management for IT services workflow
36
Demand management
39
3.1
40
Basic terminology
3.2 Overview of demand management
40
3.3 Implementing demand management
41
3
4
5
6
7
8
4
3.4 Measures
43
3.5
43
Demand management workflow
Financial management for IT services
45
4.1
46
Basic terminology
4.2 Overview of financial management for IT services 4.3 Implementing financial management for IT services
46 47
4.4 Measures
50
4.5 Workflow for financial management for IT services
50
Service portfolio management
53
5.1
54
Basic terminology
5.2 Overview of service portfolio management
54
5.3 Implementing service portfolio management
55
5.4 Measures 5.5 Service portfolio management workflow
57 58
Business relationship management
61
6.1
62
Basic terminology
6.2 Overview of business relationship management
62
6.3 Implementing business relationship management
63
6.4 Measures
65
6.5 Business relationship management workflow
66
Service level management (SLM)
69
7.1
Basic terminology
70
7.2
Overview of SLM
71
7.3
Implementing SLM
71
7.4
Measures
74
7.5
SLM workflow
75
Design coordination
79
8.1
80
Basic terminology
8.2 Overview of design coordination
80
8.3 Implementing design coordination
80
PDCA for ITIL
9
10
11
12
13
8.4 Measures
82
8.5 Design coordination workflow
83
Information security management
85
9.1
86
Basic terminology
9.2 Overview of information security management 9.3 Implementing information security management
86 87
9.4 Measures
89
9.5 Information security management workflow
90
Availability management
93
10.1 Basic terminology
94
10.2 Overview of availability management
94
10.3 Implementing availability management
95
10.4 Measures 10.5 Availability management workflow
98 99
Capacity management
101
11.1 Basic terminology
102
11.2 Overview of capacity management
102
11.3 Implementing capacity management
103
11.4 Measures
106
11.5 Capacity management workflow
107
Ser vice catalogue management (SCM)
109
12.1 Basic terminology
110
12.2 Overview of SCM
110
12.3 Implementing SCM
111
12.4 Measures
113
12.5 SCM workflow
114
Supplier management
117
13.1 Basic terminology
118
13.2 Overview of supplier management
118
13.3 Implementing supplier management
119
Contents
5
14
15
16
17
18
6
13.4 Measures
121
13.5 Supplier management workflow
122
IT service continuity manageme nt (ITS CM)
125
14.1 Basic terminology
126
14.2 Overview of ITSCM 14.3 Implementing ITSCM
126 127
14.4 Measures
129
14.5 ITSCM workflow
130
Transition planning and support
135
15.1 Basic terminology
136
15.2 Overview of transition planning and support
136
15.3 Implementing transition planning and support
136
15.4 Measures 15.5 Transition planning and support workflow
138 139
Change management
141
16.1 Basic terminology
142
16.2 Overview of change management
142
16.3 Implementing change management
143
16.4 Measures
146
16.5 Change management workflow
146
Change evaluation
151
17.1 Basic terminology
152
17.2 Overview of change evaluation
152
17.3 Implementing change evaluation
152
17.4 Measures
154
17.5 Change evaluation workflow
155
Release and deployment management
157
18.1 Basic terminology
158
18.2 Overview of release and deployment management
158
18.3 Implementing release and deployment management
159
PDCA for ITIL
19
20
21
22
23
18.4 Measures
162
18.5 Release and deployment management workflow
162
Service validation and testing
165
19.1 Basic terminology
166
19.2 Overview of service validation and testing 19.3 Implementing service validation and testing
166 167
19.4 Measures
169
19.5 Service validation and testing workflow
169
Service asset and configuration management (SACM)
173
20.1 Basic terminology
174
20.2 Overview of SACM
174
20.3 Implementing SACM
175
20.4 Measures 20.5 Service asset and configuration management workflow
177 178
Knowledge management
181
21.1 Basic terminology
182
21.2 Overview of knowledge management
182
21.3 Implementing knowledge management
183
21.4 Measures
186
21.5 Knowledge management workflow
186
Access management
193
22.1 Basic terminology
194
22.2 Overview of access management
194
22.3 Implementing access management
195
22.4 Measures
197
22.5 Access management workflow
197
Event management
201
23.1 Basic terminology
202
23.2 Overview of event management
203
23.3 Implementing event management
203
Contents
7
24
25
26
27
28
8
23.4 Measures
205
23.5 Event management workflow
206
Request fulfilment
209
24.1 Basic terminology
210
24.2 Overview of request fulfilment 24.3 Implementing request fulfilment
210 211
24.4 Measures
213
24.5 Request fulfilment workflow
213
Incident management
217
25.1 Basic terminology
218
25.2 Overview of incident management
218
25.3 Implementing incident management
219
25.4 Measures 25.5 Incident management workflow
221 222
Problem management
227
26.1 Basic terminology
228
26.2 Overview of problem management
228
26.3 Implementing problem management
229
26.4 Measures
232
26.5 Problem management workflow
232
Service desk
237
27.1 Basic terminology
238
27.2 Overview of service desk
238
27.3 Implementing service desk
240
27.4 Measures
242
27.5 Service desk workflow
243
Application management
245
28.1 Basic terminology
246
28.2 Overview of application management
246
28.3 Implementing application management
247
PDCA for ITIL
29
30
31
28.4 Measures
249
28.5 Application management workflow
250
Technical management
253
29.1 Basic terminology
254
29.2 Overview of technical management 29.3 Implementing technical management
254 255
29.4 Measures
257
29.5 Technical management workflow
257
IT operations management
259
30.1 Basic terminology
260
30.2 Overview of IT operations management
260
30.3 Implementing IT operations management
261
30.4 Measures 30.5 Operations control workflow
264 265
30.6 Facilities management workflow
266
Seven step improvement process
269
31.1 Basic terminology
270
31.2 Overview of seven step improvement process
270
31.3 Implementing seven step improvement process
271
31.4 Measures
274
31.5 CSI methods
274
Acronyms
279
Index
285
Contents
9
Preface Numerous organizations spend their energy and funding on implementing ITIL practices. Most of them spend their time reinventing a wheel that was already created many times before in previous ITIL expeditions. If you’re facing this challenge, you’ll be interested in avoiding excessive cost. Although plenty of external guidance is available in the form of ITIL consultancies, you’ll need to have a decent idea of what to expect in the course of your own ITIL expedition before you go for it. This book focuses on that specific target. Drawing on the experience of many ITIL practice implementations, it shows you in a very logical and practical way what to expect when you introduce ITIL to your organization, or when you increase the number of ITIL practices in your organization. The book supports this by offering, in the style of a cookbook, a step-by-step guide to the implementation of individual ITIL practices, offering practical descriptions, terminology, objectives, workflows, CSFs, KPIs and other measures, in a Plan-DoCheck-Act approach. Using the cookbook analogy, it provides you with as many recipes as you are likely to need for composing your own menu. The book’s systematic approach means that once you get to grips with implementing one practice, you will be able to apply your newly developed skills to the next one, following the fundamental guidance of ITIL: adapt and adopt. Your growing understanding of how ITIL works will greatly reduce your external costs, improve the skills of your own staff, and move your organization to higher maturity levels. You should use this guidance as a great resource for setting up and improving your own practice.
11
Acknowledgements I would like to express my sincere thanks to my lord Shri Krishna, who has blessed me with intellect, provided me with knowledgeable friends and colleagues, and has enabled me to gain strong IT experience in some of the world’s best conglomerates. Without his benevolence, I wouldn’t have been able to write this book. I am very grateful to my spiritual alma mater ISKCON (International Society For Krishna Consciousness), His Divine Grace A.C. Bhaktivedanta Swami Srila Prabhupada (Founder and Acharya of ISKCON) and His Grace Kalakanta Prabhu, who was my first spiritual guide. I would also like to thank my manager and CEO Simon (Xiaogang, Wei) who helped me to achieve most of my certifications, and all my colleagues who have been a source of encouragement. My special thanks go to Jan van Bon for recognizing my manuscript as a potential publication and helping me to edit it. Finally I would like to express my thanks and indebtedness to Inform-IT and TSO for having the confidence to publish my first book – my first milestone in authoring.
12
PDCA for ITIL
About the author Kiran Kumar Pabbathi has worked for various companies in the IT industry which gave him detailed insight into ITSM and ITIL best practice. Currently, Kiran works as an IT process manager in Shanghai Bizenit Information Technology, China. Kiran was privileged to work in different roles taking care of service desk operations, request fulfilment, incident management, SharePoint Administration, project management, and ITIL Consulting. Kiran is a certified professional in ITIL v3 Expert, PRINCE2 ® (Foundation and Practitioner), Six Sigma Green Belt, ISO/IEC20K – Foundation, TMAP – Foundation (Test Management Professional), MCP in SharePoint 2003 Customizations, and MCTS in MS Project 2007.
13
Why this book? This book answers many of the questions that arise in the minds of all ITIL practitioners, whether beginners, intermediary or experts in the ITSM domain. It provides clear direction on how to implement ITIL processes, based on the questions raised by students and customers on ITIL training courses and workshops. It deals with questions such as: How does ITIL help organizations? Where and how should I start? Which process should I start with first? What are the prerequisites? As manager of IT services in my organization, do I need to implement all of the processes? Is there a step-by-step approach for developing an ITIL process? What are the inputs, throughputs, outputs and outcomes delivered by the processes? This book addresses all these questions and provides an easy-to-understand approach on ITIL best practice.
14
PDCA for ITIL
How to read this book Although ITIL has become the leading guidance for IT service management worldwide, many countries and individual organizations are still taking their first steps on the ITIL 1 journey. This book will help you to understand the key concepts of ITSM and ITIL , and will also show you how to implement ITIL processes in your organization. It doesn’t provide detailed instructions, but describes the most important steps you should take during implementation. The book takes the approach of the Plan-Do-Check-Act cycle, which builds on good practice and adds value for IT managers and process managers. The intended audience for this book is the IT stakeholder, responsible for the planning, design, implementation and improvement of IT operations and services. Students and IT staff who perform different tasks in the IT industry will also find this book useful. In PDCA for ITIL, each process is structured in five sections, each section representing important aspects of the process: basic terminology, overview of the process, implementing the process, measures, and process workflow. Descriptions for each section are as follows: 1. Basic terminology – Description of the definitions used in the process. 2. Overview – The main structure, the objectives, and the business needs of the process. 3. Process implementation – This section describes the prerequisites, and then the step-by-step implementation of the process through the Plan, Do, Check, Act stages: – The Plan phase details the important activities that have to be performed before making any investment in development and implementation. Hence the process manager will need to present the business case, the goals of the process, the project plan, and the organization structure to gain the confidence and approval from higher level management (HLM). – The Do phase details the important activities that will initiate the design, development and implementation of the process. Here process managers and service owners will become actively involved in executing the process and its activities. – The Check phase details the important activities that will monitor, verify and validate the process implementation and daily IT operations. – The Act phase details the important activities that will feedback to the process owner, recommending different ways to improve the process and IT operations. 1 ITIL: the IT Infrastructure Library
15
4. 5.
Measures – This section describes the metrics, critical success factors (CSF) and best practices. Process workflow – This section describes the process workflow, which will be easy to understand and useful in designing ITSM tools.
16
PDCA for ITIL
Frequently asked questions If I want to implement ITIL in an organization, which process should I start with first? ITIL defines a set of best practices and it is up to you to select the process that you want to improve with respect to the issues in your organization. If your organization’s service desk is inefficient, under-utilized and not providing good customer satisfaction, then you could refer to the service desk function and utilize ITIL best practice to improve this function in your organization. If your organization is not able to meet the service level agreements (SLAs) and service level targets (SLTs), despite utilizing its great technical resources, you could refer to the service level management process (SLM) to redefine feasible SLAs and SLTs.
Which ITIL version should I refer to? The latest version of ITIL is the only version that you should refer to. ITIL was last updated in 2011. ITIL follows a lifecycle-based approach, which is convenient and easy to understand for the IT stakeholders. This lifecycle is categorized into five stages: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. ITIL contains 28 processes and four functions placed in the above five stages.
How can I win the confidence of my CTO/CEO that ITIL processes would help IT in my organization? You could prepare a project charter outlining the business case, goal statement, project plan, project scope, and roles and responsibilities, and explain the benefits. The approach is explained in this book.
What kind of VOI, ROI and benefits can I see after ITIL implementation? After the implementation of an ITIL process, you could expect to see maturity, improvement and clarity in every artefact of the IT operations as follows: You would have clear documented policies and procedures to perform various IT tasks. There would be clear demarcation of roles and responsibilities, based on a RACI matrix. You would not have to waste time reinventing the wheel again and again.
How do I implement an ITIL process? The book provides detailed insight.
17
How much does it cost to implement an ITIL process? There is no protocol or magical calculator that can estimate the costs; it depends on the organization and how effective it wants the process to be and its function to be developed.
Should I follow everything that is mentioned in ITIL best practice? ITIL is a collection of best practices for ITSM; hence you can customize it as and how you want as per your company’s feasibility, cost allocation, resource allocation etc.
Can a company or product be ITIL-compliant or certified? Companies cannot be ITIL-certified or ITIL-compliant. Your company can follow ITIL best practices but there is no authority that can certify that your company or product is ITIL-compliant. If you are keen to win the confidence of your customers you can opt for ISO/IEC20000 certification. Products can be ITIL-compliant: software tool vendors can obtain endorsement of their tools for “ITIL Process Compliance” under the official Cabinet Office ITIL Software scheme (see: http://www.itil-officialsite.com/SoftwareScheme/ ITILSoftwareScheme.aspx).
18
PDCA for ITIL
1
Introduction to ITSM
1.1
Basic terminology
Best practices: practices that are well recognized and that have proved the ability for demonstrating success in respective areas. E.g.: PMBOK for project management, ITIL for IT service management, MOF for IT service management, COBIT for IT governance, etc. Capability: the ability of an organization, person, process, application, IT service or other configuration item (CI) to carry out an activity. Capabilities are intangible assets of an organization. Critical success factor (CSF): the vital elements necessary for the success of a business. Functions: specific units of an organization (consisting of a group of people who have specific skills and responsibilities), performing specific and routine activities. Infrastructure : the combination of hardware, software, and people-ware in an organization. Information technology service management (ITSM): management of IT services to meet the organization’s business goals. It can also be defined as “A set of organizational capabilities and resources that work together in providing value to customers in form of services”. Key performance indicator (KPI): vital metrics necessary for an organization to meet its business goals, which reflect the CSFs of an organization. Metric: measurements that quantitatively evaluate the performance of IT operations. Policy: management directives that significantly influence the processes and procedures.
Process: a set or sequence of activities that results in achieving an output or business goal. Resources: a generic term that includes IT infrastructure, people, money or anything else that might help to deliver an IT service. Resources are considered to be assets of an organization. Service: provision of value to customers without any ownership of risks and internal costs associated in developing a service. Standard: rules and conventions that help to implement policies and enforce required conventions.
20
PDCA for ITIL
1.2 What are IT services? IT services can be represented in numerous forms, for example: internet that is available through an internet service provider end-user equipment with basic office functions financial information systems that are supported by applications, end-user equipment, network, etc. These services have to be well managed with defined roles and responsibilities, by following specific quality standards and processes, so the business can run without any breakdowns.
1.3 Importance of best practices Outcomes and results can be achieved in numerous ways with a variety of approaches and different strategies, each with their specific time schedules, cost structure, and resource consumption. Best practices guide us in doing things effectively, in the most appropriate way with low risks, economic costs, and optimum resources. At the same time it also ensures to attain the objective or outcome with the desired quality. Some of the best practices for ITSM are ITIL and MOF2: ITIL is a set of best practices for ITSM that helps in managing the IT services in an organization with the help of processes and functions. MOF is another best practice for ITSM, developed by Microsoft. MOF best practice is explained with the help of processes, functions and activities describing the management of services.
1.4 ITIL lifecycle stages ITIL’s life cycle is divided into 5 stages: 1. Service Strategy 2. Service Design 3. Service Transition 4. Service Operation 5. Continual Service Improvement. 2 Microsoft Operations Framework
Introduction to ITSM
21
1.5 Processes in ITIL Processes defined in ITIL are categorized into these 5 stages: 1. Service Strategy – strategy management for IT services, financial management for IT services, demand management, service portfolio management, business relationship management. 2. Service Design – design coordination, availability management, SLM, service continuity management, service catalogue management, supplier management, information security management, capacity management. 3. Service Transition – transition planning and support, change management, change evaluation, release and deployment management, service validation and testing, service and asset configuration management, and knowledge management. 4. Service Operations – access management, event management, request fulfilment, incident management, and problem management. 5. – seven step improvement process. Continual Service Improvement
1.6 Functions in ITIL Functions are units of an organization (groups of a people who have specific skills and responsibilities) that perform very specific activities. Functions defined in ITIL are: service desk applications management technical management IT operations management.
1.7 Why do we need processes? We need processes: to enable repeatability (avoiding reinventing the wheel) to measure and evaluate the effectiveness of operations to provide clarity in roles and responsibilities (enabling accountability) to maintain the knowledge uniform among all human resources, and to avoid dependence on individuals.
22
PDCA for ITIL
1.8 Can ITIL processes help in managing business services? Answer Yes, ITIL can also guide business. This can be explained more in detail through the concept called business service management (BSM).
Scenario A software development company wants to implement ITIL best practices to manage its services.
Understanding We should understand that developing tools or applications and providing the support is an IT service here. To provide the mentioned IT service, the organization will use ITIL best practices that provide a sequenced approach for maintaining and managing the organization’s services.
Implementation Phase 1 The organization will first have to understand the customer’s demand, define the organization’s strategies, so they can build software applications with the technology that is feasible for the customers’ requirements. The organization recruits people with necessary skill sets and experience, who can define the strategy for the software development business (or checks if there are any human resources in the organization who have the skill set or who have experience in developing Service Strategy for software development business). Because each organization is different in size, the concept of roles is useful. Roles are specific sets of tasks and responsibilities for specific goals. Individual people can be appointed to various roles. One individual can have more than one role. This way, the guidance can be applied in any size of organization including a one-person company. If an organization is big enough, it can have an individual or even a team for each role.
Introduction to ITSM
23
The organization appoints an individual to the Service Strategy manager role, to carry out different activities. The Service Strategy manager would be accountable for all the strategy related activities with the help of processes like: strategy management for IT services, financial management for IT services, demand management, service portfolio management, and business relationship management. The strategy management for IT services process works: on understanding its internal customers, external customers, and mixed customers (internal customers + external customers) on developing what kind of services are required and what kind of services should be offered to its customers on developing strategic assets on proposing a draft of the services that will be offered to its customers. The financial management process works: on estimating the costs, budgeting (fixed costs, operational costs, variable costs, direct and indirect costs etc.) for developing software development services on defining the accounting procedure for IT services on the charging procedure from internal customers, external customers, etc. The demand management process works: on checking the demands of customers for the proposed services (what is the front end technology in demand, what is the database that is preferred by the customers, middleware, web servers using patterns of business activity (PBA), and user profiles (UPs)) on estimating the demand and supply needed (how many human resources should be recruited for development, testing, business analysis, deployment, how many desktops, laptops, servers are needed, how much place is needed for the staff, etc.) on analyzing the live services that are in good demand, and reactively communicating the needs and shortcomings to other processes. The service portfolio management process works: on defining the draft of services, which can be offered to customers on analyzing the services that should be offered on approving the proposed services that can provide value to the organization on chartering the final services (this will be the final list of current services, future services, and retired services that are offered by the company). The business relationship management process works: on tracking and resolving various concerns and complaints of the customers on managing and developing good relationship with different stakeholders paying special attention to customers.
24
PDCA for ITIL
With all these tasks, the Service Strategy manager has done his job in estimating, understanding and developing the strategic plans, using as many resources as necessary and available.
Phase 2 The organization checks for human resources, who have skills and experience in Service Design activities, so the strategic plans are activated and converted in appropriate designs and architectures, etc. The organization appoints an individual to the Service Design manager role, who would be accountable for all the Service Design activities with the help of processes like: SLM, information security management, availability management, capacity management, service catalogue management, supplier management, and service continuity management. The SLM process works: on defining SLAs with the external customers and operational level agreements (OLAs) with internal business units, underpinning contracts (UCs) with third party suppliers on time duration for the project, scope of the project, service acceptance criteria (SAC), number of defects that can be accepted, etc. The availability management process works: on defining availability plans, and understanding requirements in terms of availability on defining the availability of the services (24*7 or only working days, holidays, and timings) on setting up the reliable infrastructure assets. The capacity management process works: on defining capacity plans and capacity requirements. on providing appropriate capacity in terms of network, hardware, and software. The service catalogue management process works: on maintaining a list of current products or services that are offered by organization to its customers. The supplier management process works: on selecting suppliers to buy necessary assets required for the delivery of IT services (Avaya phones, bridges, routers, dashboards) from suppliers at economic costs with good quality on maintaining good relationship with suppliers consistently as required.
Introduction to ITSM
25
The information security management process works: on defining security policies, standards to bring awareness for the IT staff. These policies will be implemented by access management to safeguard the customer’s assets, information and also the organization’s assets. The service continuity management process works: on defining IT service continuity plans to continue the IT services in case of natural disasters, accidents, and other threats. With all the above process activities, the Service Design manager completes all the Service Design tasks, using as many resources as necessary and available.
Phase 3 The organization checks for human resources, who have skills and experience in managing the transition of IT services. The organization appoints an individual to the role of service transition manager, who is accountable for all transition related activities with the help of processes like transition planning and support, change management, release and deployment management, service and asset configuration management, knowledge management, change evaluation, and service validation and testing. The transition planning and support process works: on planning transition activities like: – developing plans for introducing a new service/products in an organization – coordinating the resources to ensure the transition or introduction of a new service. The change management process works: on defining procedures for handling different types of changes on ensuring only valid and approved changes are implemented in the organization on ensuring that the changes bring positive effects in organization on ensuring that there is no disruption of services, while changes are implemented. The change evaluation process works: on evaluating the complete service transition activities, from the change initiation to the release deployment. The release and deployment management process works: on ensuring the new changes are implemented and deployed well in the organization. The service validation and testing process works: on ensuring new releases are validated and tested in terms of functionality and usability.
26
PDCA for ITIL
The service and asset configuration management process works: on ensuring that all of the service assets and CIs in the organization are stored, tracked, and controlled in the configuration management database (CMDB, providing relationships between CIs) and the configuration management system (CMS). The knowledge management process works: on developing best practices, knowledge for different projects, products and other services (transforming data to information, information to knowledge, and knowledge to wisdom) on ensuring that the knowledge is accessible for authorized users. With all the above activities, the service transition manager establishes all the necessary for smooth transition of services from Service Design to service transition, using as many resources as necessary and available. Service transition ensures that new assets and CIs are well planned, released, tested and evaluated.
Phase 4 The organization checks for human resources, who have skills and experience in managing the organization’s day to day operations. The organization appoints an individual to the role of service operation manager, who is accountable for all the operational activities with the help of processes and functions. Processes in service operations are request fulfilment, event management, incident management, problem management, and access management. The access management process works: on providing appropriate access privileges to the authorized users. – For example: access management ensures that all the employees are provided with necessary access to the knowledge base websites, respective tools and applications, and information systems. The event management process works: on analyzing all the events logged and on the events so that they don’t get converted into incidents. – For example: before a network outage happens, there will be some kind of events generated in the infrastructure tools. The event management process keeps a meticulous watch on events and prevents incidents from having too much impact. The request fulfilment process works: on taking requests from users, and to fulfill the requests.
Introduction to ITSM
27
The incident management process works: on restoring the breakdown of services as soon as possible – For example: if there is a breakdown of a server, the incident management process tries to fix the issue as soon as possible and restore the server. The problem management process works: on finding the root causes of the incidents and provide a permanent fix. – For example: there is a serious network/server outage and the incident management process resolved the incident. Now, to prevent the same incident from happening again, the problem management process tries to understand the root cause of the network outage. It will check with corresponding processes and functions and investigates the devices, topology, software etc. to find a permanent fix.
Functions in service operations are service desk, applications management, technical management, IT operations management. The service desk function works: as a single point of contact for customers, users and stakeholders on different kinds of issues as a point of contact for any kind of help or information regarding the organization and its assets. The applications management function works: on ensuring that necessary applications and tools are installed, maintained and managed well in the organization. The technical management function works: on ensuring that all the technical knowledge is provided to employees of the organization on ensuring all the technological constraints and conditions are taken into consideration. The IT operations management function works: on ensuring all the operational activities are performed regularly, like network management, database administration, desktop management, etc. on ensuring all the facilities are managed well for the organization premises. With all these above activities, the service operation manager ensures smooth and effective operations of IT services, using as many resources as necessar y and available.
28
PDCA for ITIL
Phase 5 The organization finally checks for human resources, who have skills and experience in identifying improvements and managing these for all the different stages: Service Strategy, Service Design, Service Transition, and Service Operation. Continual Service Improvement provides feedback for doing things in a better way, providing value, saving time, in consideration with cost. The organization appoints an individual to the role of CSI manager, who is accountable for all the improvement activities with the help of processes and functions. The Continual Service Improvement phase has only one process: the seven step improvement process. The seven step improvement process works: on improving the IT service operations. With all the above 5 phases, an IT service organization can manage and execute its services with the help of ITIL best practices.
Introduction to ITSM
29
SERVICE STRATEGY Service Strategy defines the strategy for an IT organization that helps to achieve its business goals. This stage analyzes the demand for services, customer’s requirements, risks, costs, value creation and defines the service offerings. Processes involved in Service Strategy are: strategy management for IT services demand management financial management for IT services service port folio management business relationship management.
30
PDCA for ITIL
2
Strategy management for IT services
2.1
Basic terminology
Access based positioning: A positioning strategy where service providers make themselves feasible to their customers, who have very distinguished needs and conditions which could be in terms of location, scale or structures. Need based positioning: A positioning strategy where service providers deliver most or all the needs of customer or customers. Here the service provider’s priority is the customer and his needs, so the service provider tries to fulfill most of the needs of customers. Strategy: The objectives and direction that lays the foundation for the organization to run its business and operations. Type I ser vice provider: Internal service providers that are a part of same business and that provide specific/explicit services to the business unit. Type II ser vice provider: The shared service units that exist in the same organization, but provide services for many business units. Type III ser vice provider: The external service providers who support the organization in its different businesses. Variety based positioning: A positioning strategy where service providers deliver a variety of services to their customers. Here service providers have their strength and experience in delivering a specific variety of services (could be technologies or products) and they focus on providing only that variety of services.
2.2 Overview of strategy management for IT services Strategy management for IT services defines a standardized process for building strategic assets with vision, strategic goals, innovation, value creation, and resilient attitude for adapting new changes. Its main focus is to define the market, propose the service offerings, develop the service offerings as strategic assets, execute the developed offerings, also measure and evaluate the strategies. Strategy management for IT services is the most critical process for long term sustainability of the organization’s offerings.
32
PDCA for ITIL
Objectives Analyze and understand the IT requirements. Develop strategic assets that will create value for customers and the service provider, through a closed loop system. Measure and evaluate the defined services as strategic assets.
Business needs Provides guidance in designing and deciding the necessary artifacts for IT service management as a strategic asset. Improves service quality by strategic planning. Creates value and enables to create distinguished services for the organization. Enables in making effective decisions for investment.
2.3 Implementing strategy management for IT services Prerequisites Business goals, market analysis, competitor products/services.
Plan Prepare the project charter, consisting of a business case, goal statement, project plan, project scope, and roles and responsibilities. describe the benefits and opportunities of strategy Business case – should management for IT services considering the following areas: – Business needs of strategy management for IT services. – What are the short term benefits and long term benefits of this project? – What impacts will this new initiative have on other business units and employees? Pros and cons. – What are the risks and issues involved, what are the dependencies? – Monitoring and evaluation mechanism. – Cost and benefit analysis. Goal statement – should be closely associated with the prepared business case. Goals should be SMART and mention: – Define the CSFs. – Define the KPIs.
Strategy management for IT services
33
What is the time estimated to see the results? Project plan – should show the timeline, milestones for various activities to establish strategy management process in place and run the process. Project interfaces – should define the boundaries, scope, relationships of the strategy management. Roles and responsibilities – should identify the required roles and hire the human resources. Primary roles needed for strategy management for IT services can be defined as: – IT steering group – strategy manager. Define a RACI model for clarity in roles and responsibilities. –
Do Develop the statement of work (SOW) for strategy management for IT services, defining the: – scope of services, that has to be considered by strategy management services that are out of scope hardware, software, people-ware and tools required – appropriate people for the defined the roles and responsibilities – risks and dependencies – issues and other conditions – costs involved. Define the strategy as perspective, position, plan and pattern. – Perspective is defined by goals, through the following activities: • definition of CSFs • definition of KPIs. – Position is defined by the distinctiveness of servic es for customers. It is defined by: – –
variety based positioning need based positioning • access based positioning. Plan is defined by the procedures of doing actions/milestones/activities, it is the estimation of time duration and number of resources required for: • strategy assessment • development of the offerings • execution of the strategy • measurement and evaluation. Pattern is defined by the series of consistent decisions and actions embedded in doing the business. It involves defining policies, processes, adopting best practices, etc. • •
–
–
34
PDCA for ITIL
Perform assessments on the internal artifacts and external artifacts. – Internal artifacts are the service provider’s business goals, strategy, service provider’s strengths, weakness, opportunities, threats, and CSFs. – External artifacts are customers, customer services, needs of the customers, opportunities of the customers, and competitor’s services. Develop a strategy for service offerings, with the provision of: – quality – cost feasibility – timely delivery – objectives and CSFs – prioritization of investments. Select and implement the appropriate tool for recording all the activities performed by the process. Execution of strategies developed.
Check Evaluate the services proposed, by methods like: – Brainstorming – A method to generate ideas (potential solutions) on a specific issue and then determine ideas. – Nominal group technique – An approach to generate additional ideas, surveys the ideas of a small group, and prioritizes brainstormed ideas. – Delphi technique – A method of relying on a panel of experts to anonymously select their responses using a secret ballot process. – Multi-voting – A mechanism to narrow down the list of ideas and select the correct subset for further investigation. Ensure there is innovation and value creation in the services offered. Ensure the organizational strategies sync with the regulations, compliances, government, and environment laws. Review and update the strategic plans and objectives as per changing business plans and requirements. Ensure internal function objectives are linked with organization objectives and strategic plans.
Act Perform a GAP analysis for the customer’s needs and requirements. Analyze the major reasons, why a customer is seeking another service provider. Identify the opportunities to explore new service offerings. Identify areas of improvement for the current services. Develop plans to mitigate significant risks.
Strategy management for IT services
35
2.4 Measures Metrics number of new proposals, plans defined number of new services proposed number of failed services (that have not been approved by strategy manager/IT steering group) total time taken for proposing a new service in service portfolio number of new customers developed number of lost customers.
CSFs awareness on the organizational strategies evaluation of the new strategies defined shared vision and active stakeholders’ involvement effective risk and impact assessment methodologies effective business and market analysis knowledge documentation of suggestions to other processes and lessons log is captured.
2.5 Strategy management for IT services workflow Analyze and assess Define Execute
Analyze and assess An understanding is developed about the service provider’s current situation. Assessments and analysis is made on current services, market spaces, risks associated, customer’s history, customer needs, customer feedbacks and recommendations, competitors, and competitors’ services. Assessments are made in form of: interviews, questionnaire, direct observation, simulations, etc.
36
PDCA for ITIL
Define Definition of strategy can be done by adopting Porter’s five force analysis, value chain analysis, and SWOT analysis in consideration with perspective, position, plan and patterns. It defines strategic values like quality standards, cost justifiable approach, effective utilization of resources, and timely delivery of services. It defines service management as a closed-loop control system that can adapt to the changes, feedbacks provided. Definition of strategy can be evaluated through some methods like brainstorming, nominal group technique, Delphi technique, multi-voting etc.
Execute This is the process of implementing the mission, objectives, goals, and CSFs for a service provider and its services. It actually involves implementation of the strategies developed and evaluating them with assessments.
Strategy management for IT services
37
Acronyms
ABA
abandonment rate
AHT
average handling time
AM
asset management
AM
availability management
ASA
average speed to answer
ASP
application service provider
AMIS
availability management information system
BCM
business continuity management
BCP
business continuity plan
BIA
business impact analysis
BRM
business relationship manager
BRS
business requirement specifications
BSM
business service management
CAB
change advisory board
CAPEX
capital expenditure
CFIA
component failure impact analysis
CI
configuration item
CMDB
configuration management database
CMIS
capacity management information system
CMS CSAT
configuration management system customer satisfaction rating
CSF
critical success factor
CSI
continual service improvement
DCAB
deployment CAB
DIKW
data, information, knowledge, wisdom
DML
definitive media library
DSL
definitive software library
DHL
definitive hardware library
DRP
disaster recovery plan
280
PDCA for ITIL
ECAB
emergency CAB
ELS
early life support
ERT
emergency response function
FCR
first-call resolution
FMEA
failure modes and effects analysis
FSC
forward schedule of changes
FTA
fault tree analysis
GTB
grow the business
HLD
high level document
HLM
higher level management
IMIS
incident management information system
ISG
IT steering group
ISMS
information security management system
ITSCM
IT service continuity management
ITSM
IT service management
ITT
invitation to tender
KEDB
known error database
KPI
key performance indicator
LLD
low level document
MOF MTBF
Microsoft Operations Framework mean time between failures
MTBSI
mean time between system incidents
MTO
maximum tolerable outage
MTRS
mean time to restore service
MTTR
mean time to repair
OGC
Office of Government Commerce
OLA
operational level agreement
OPEX
operational expenditure
PBA
pattern of business activity
Acronyms
281
PIR
post implementation review
PMO
project management office
POR
post outage review
PSO
projected service outage
RCA
root cause analysis
RCB
registered certification body
RFA
request for approval
RFC
request for change
RFI
request for information
ROI
return on Investment
RTO
recovery time objective
RPO
recovery point objective
SD
Service Design
SO
Service Operation
SS
Service Strategy
ST
Service Transition
SAC
service acceptance criteria
SACM
service asset and configuration management
SCD
supplier and contract database
SCM SCM
service capacity management service catalogue management
SDP
service design package
SFA
service failure analysis
SIA
service investment analysis
SIP
service improvement plan
SKMS
service knowledge management system
SLA
service level agreement
SLM
service level management
SLP
service level package
282
PDCA for ITIL
SLR
service level requirement
SLT
service level target
SME
subject matter expert
SOP
standard operating procedures
SPM
service portfolio management
SPOC
single point of contact
SPOF
single point of failure
SQP
service quality program
SRS
software requirement specifications
TCAB
technical CAB
TRT
target recovery time
TTB
transform the business
UC
underpinning contracts
UP
user profile
VBF
vital business function
VIP
very important person
VVIP
very very important person
VOI
value on investment
VPN
virtual private network
VCD 5S
variable cost dynamics sort stabilize shine standardize sustain
Acronyms
283
Index
A access 194 access based positioning 32, 34 access management 194 access manager 195 access request 198 accounting 46, 51 active monitoring 202 application management’s 246 application sizing 102 architectural requirements. 250 assessment 270 asset 46, 174 asset management 174 audit 270 authentication 86, 194 authorization 194 availability 86, 94 availability analyst 96 availability management 94 availability manager 96 availability monitoring 99 availability test analyst 96 B back-out plan 142 backup analyst 128 benchmarking 277 best practice 20, 21 brainstorming 37 budgeting 46, 51 build 158 build analyst 160 business capacity analyst 104 business capacity management 102 business case 33 business continuity management (BCM) 126 business impact analysis (BIA) 48, 126 business relationship management 62 business relationship manager 64 business requirements 250
286
PDCA for ITIL
business requirement specifications 250 business service catalogue 110
C capability 20 capacity 102 capacity analyst 104 capacity forecasting 102 capacity management 102 capacity management information system (CMIS) 102 capacity manager 104 capacity plan 102 centralized service desk 238 change 142 change advisory board (CAB) 142 change analyst 144 change closure 149 change deployment 149 change evaluation 152 change evaluation report 152, 155 change implementer 144 change management 142 change management operations 145 change manager 144, 153 change schedule 142 charging 46, 52 closed-loop control system 37 closure 215, 225 component capacity analyst. 104 component capacity management 102 component failure impact analysis (CFIA) 94 confidentiality 86 configuration analyst 176 configuration baseline 174 configuration control 179 configuration identification 179 configuration item (CI) 174 configuration management 174 configuration management database (CMDB) 174 configuration management system (CMS) 174 console management 260
Index
287
continual service improvement (CSI) 270 continuity 126 contract development 66 critical event 207 critical success factor (CSF) 20 CSI manager 272 CSI methods 274 CSI register 270 customer based SLA 73 customer-based SLA 70 customer portfolio 62 customer survey questionnaire 62 customer survey response 62
D data 182 deep-dive RCA 234 definitive media library (DML) 174 definitive spare 174 Delphi technique 37 demand analysis 43 demand analyst 42 demand management 40 demand management tool 42 demand manager 42 demand modelling 44 demand monitoring 107 deployment 163, 246 deployment analyst 160 deployment CAB (DCAB) 144 de-provisioning 194, 199 design 246 design coordination 80 design coordination process owner 81 development 246 deviation 152 diagnosis 223 differential charging 46 duplicate event detection 202
288
PDCA for ITIL
E early life support (ELS) 164 editorial review 91, 188 ELS analyst 160 emergency action plan 260 emergency CAB (ECAB) 144 emergency change 147 emergency release 158 environmental analyst 262 escalation 224 evaluation 166 event 202 event analyst 204 event closure 207 event filtering and correlation 202 event management 203 event manager 204 event notification 206 event record 202 event solving group 204 exception 206 external audit 46 external service provider 32 F facilities administrator 262 facilities analyst 262 facilities head 262 facilities management 260 fault tree analysis (FTA) 94 financial analyst 48 financial audit 52 financial management 46 financial manager 48 five force analysis 37 fixed charging 46 forward for schedule changes 148 forward schedule of changes (FSC) 142 function 20 functional requirements 250
Index
289
G goal statement 33 H high level document (HLD) 250 I identity 194 identity management 194 incident 218 incident management 218 incident model 218 incident record 218 incident registration and categorization 223 incident ticket 233 information 182 informational event 202, 206 information security 86 information security management 86 information security plan 90 information technology service manageme nt (ITSM) 20 infrastructure 20 initial RCA 234 integrity 86 interaction 238 internal audit 46 IT operations management 260 IT service continuity management (ITSCM) 126 IT steering group 34, 56 IT user account management 194 J job scheduling 260 K key performance indicator (KPI) 20 knowledge 182 knowledge author 184 knowledge base 182 knowledge editorial reviewer 184 knowledge management 182
290
PDCA for ITIL
knowledge manager 184 knowledge publisher 184 knowledge technical reviewer 184 known error 228 known error database (KEDB) 228 known error record 228
L local service desk 238 low level document (LLD) 250 M maintainability 94 maintenance advisor 262 major event 207 major incident 218, 225 major incident criterion 225 major release 158 maximum tolerable outage (MTO) 126 medical advisor. 262 metric 20 minor event 207 minor releases 158 modeling 102 multi-level SLA 70, 73 multi-voting 37 N need based positioning 32, 34 nominal group technique 37 normal change 146 notification 202 notional charging 46
O operational demand analysis 43 operations control 260 operations level agreement (OLA) 70 operations manager 262 P passive monitoring 202
Index
291
pattern 34 patterns of business activity (PBA) 40 perspective 34 plan 34 policy 20 position 34 post implementation review (PIR) 100 proactive monitoring 77 proactive problem management 228 problem 228 problem closure 235 problem management 228 problem model 228 problem record 228 problem registration and categorization 233 problem ticket 233 process 20 process benchmarking 270 process evaluation 270 project plan 33 provisioning 194
R reactive monitoring 77 reactive problem management 228 recovery plan 126 relationship management 67 release 158 release and deployment management 158 release approach 158 release package 158, 163 release planning 163 release request 163 release types 158 release unit 158 release window 158 reliability 94 remediation plan 142 request approver 211 request for approval (RFA) 210 request for change (RFC) 142, 210
292
PDCA for ITIL
request for information (RFI) 210 request for knowledge 186 request fulfilment 210 request fulfilment manager 211 request model 210 requirement 66, 246 resolution 224 resource 20 restoration plan 126 retired services 54 rights management 194 risk and performance evaluation manager 153
S SAC council 176 SAC manager 176 safety advisor 262 secure library 174 secure store 174 security 94 security advisor 262 security analysts 88 security manager 88 service 20 serviceability 94 service acceptance criteria (SAC) 70 service asset and configuration management (SACM) 174 service based SLA 73 service-based SLA 71 service capacity analyst 104 service catalogue 54, 110 service catalogue management (SCM) 110 service catalogue manager 111 service continuity manager 128 service continuity plans 131 service design manager 81 service design package (SDP) 80, 84 service desk 238, 239 service failure analysis (SFA) 94 service improvement program (SIP) 70 service investment analysis (SIA) 48
Index
293
service invoice 46 service knowledge management system (SKMS) 182 service level agreement (SLA) 70 service level analyst 72 service level management (SLM) 71 service level manager 72 service level package 70 service level package (SLP) 70 service level report 70 service level requirement (SLR) 70 service level target (SLT) 70 service measurement 275 service package 40, 70 service pipeline 54 service portfolio 54 service portfolio management 54 service portfolio manager 56 service quality program (SQP) 70 service reporting 270, 276 service reporting analyst 72 service request 210, 214 service review 270 service testing 171 service validation and testing 166 service validation and testing process owner 167 seven step improvement process 270 shared service unit 32 single point of failure (SPOF) 94 snapshot 174 software requirement specifications 250 standard 20 standard change 146 statement of work (SOW) 34 status accounting 174 status accounting and reporting 179 steady state 265 strategic demand analysis 43 strategy 32 strategy management for IT services 32 strategy manager 34 supplier and contract database (SCD) 118
294
PDCA for ITIL
supplier management 118 supplier manager 119 supplier monitoring 123 SWOT analysis 37
T target recovery time (TRT) 126 technical CAB (TCAB) 144 technical management function 254 technical review 91, 188 technical service catalogue 110 test 166 test analyst 160 test architect 167 test environment validation 170 threat 86 throttling 202 transition 136 transition planning and support 136 tuning 102 type III service provider 32 type II service provider 32 type I service provider 32 U underpinning contract (UC) 71 use cases 250 user profile (UP) 40 user requirements 250 V validation 166 validation and testing manager 167 value chain analysis 37 variable cost dynamics (VCD) 46 variety based positioning 32, 34 verification 166 virtual service desk 238 vital business function (VBF ) 94 vulnerability 86
Index
295
W warning 202, 206 wisdom 182 workplace emergency 260
296
PDCA for ITIL
PDCA FOR ITIL METRICS, CSFS AND WORKFLOWS FOR IMPLEMENTING ITIL PRACTICES Numerous organizations spend their energy and funding on implementing ITIL practices. Most of them spend their time reinventing a wheel that was already created many times before in previous ITIL expeditions. If you’re facing this challenge, you’ll be interested in avoiding excessive cost. Although plenty of external guidance is available in the form of ITIL consultancies, you’ll need to have a decent idea of what to expect in the course of your own ITIL expedition before you go for it. This book focuses on that specific target. Drawing on the experience of many ITIL practice implementations, it shows you in a very logical and practical way what to expect when you introduce ITIL to your organization, or when you increase the number of ITI L practices in your organization. The book supports this by offering, in the style of a cookbook, a step-by-step guide to the implementation of individual ITIL practices, offering practical descriptions, terminology, objectives, workflows, CSFs, KPIs and other measures, in a Plan-DoCheck-Act approach. Using the cookbook analogy, it provides you with as many recipes as you are likely to need for composing your own menu. The book’s systematic approach means that once you get to grips with implementing one practice, you will be able to apply your newly developed skills to the next one, following the fundamental guidance of ITIL: adapt and adopt. Your growing understanding of how ITIL works will greatly reduce your external costs, improve the skills of your own staff, and move your organization to higher maturity levels. You should use this guidance as a great resource for setting up and improving your own practice.
Publishedby:
www.tso.co.uk
Producedby:
www.inform-it.org
ISBN 978 -0- 11-7082 07-6
9 780 117 082 076
