ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

  • 1,049 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,049
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
121
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1
  • 2. What is ITIL?  The IT Infrastructure Library  A set of books comprising an IT service management Best Practices framework  An industry of products, services, and organizations  Unique: consistent, comprehensive, non- proprietary  Created by and for the British government, later expanded for use in all organizations  Gives a detailed description of important IT practices, with comprehensive checklists, tasks, procedures and responsibilities. And can be tailored to any IT organization. 2
  • 3. ITIL Objectives  Create a set of comprehensive, consistent and coherent codes of Best Practice for quality IT service management, promoting business effectiveness in the use of IT  Encourage the private sector to develop services and products (training, consultancy and tools) that support ITIL®  Provide an approach based on the best examples taken from practice 3
  • 4. ITIL defined !  Codes of practice for Quality management of IT Services and Infrastructure  ITIL® has its own definition for key terms  Quality means “matched to business needs and user requirements as these evolve" 4
  • 5. Why use ITIL®? IT service providers use ITIL® concepts and practices to:  Increase satisfaction of customers / users with IT services  Enhance communication with customers  Achieve higher reliability in mission-critical systems and infrastructure  Improve the cost/benefit of services  Create a “common sense” among staff 5
  • 6. ITIL is easy 6
  • 7. ITIL, not just tools & processes People Culture, Attitudes Beliefs & Skills Strategy Steering Direction Integration Service Support & Infrastructure Service (Technology & Delivery Tools) Process Products 7
  • 8. Who Made & Maintains ITIL®? The Office of Government Commerce created ITIL® in the late 1980’s; still own it today. The National Exam Institute for Informatics (Netherlands). Current ITIL ® examination caretakers. Contracted in 1995 by the OGC to maintain and develop ITIL®. In 2004, the OGC transferred the responsibility of managing EXIN to the itSMF. 8
  • 9. Certifying Bodies The Information Systems Examination Board (UK). Part of the British Computer Society. The National Exam Institute for Informatics (Netherlands). Contracted since 1995 to maintain ITIL‘s examination and certification process. Loyalist College in Canada Loyalist and Prometric (Sylvan) in the USA 9
  • 10. ITIL® Certification & Training EXIN and ISEB provide certification testing at Foundation, Practitioner, and Manager levels Training is typically 2-3 days for Foundation, 2-3 days for Practitioner, 10 days for Manager Basic understanding of all eleven ITIL® service Foundation management modules Deep understanding of one of the ITIL® service Practitioner management modules Service Deeper understanding of all eleven ITIL® service Manager management modules 10
  • 11. ITIL - 7 Core volumes 11
  • 12. ITIL - 7 Core volumes  The Business Perspective  Covers a range of issues concerned with understanding and improving IT service provision, as an integral part of an overall business requirement for high quality IS management.  Planning to Implement Service Management  Discusses the key issues of planning and implementing IT service management.  It explains the steps required for implementation and improvement of IT service delivery. 12
  • 13. ITIL - 7 Core volumes  Information & Communications Technology (ICT) Infrastructure Management  Covers all aspects of ICT infrastructure from the identification of business requirements through the tendering process, to the testing, installation, deployment, and ongoing support and maintenance of the ICT components and IT services.  Network Service Management  Operations Management  Management of Local Processors  Computer Installation and Acceptance  Systems Management.  Applications Management  Discusses software development using a life cycle approach and expands on the issues of business change with emphasis on clear requirements definition and implementation of solutions to meet business needs. 13
  • 14. ITIL - 7 Core volumes  Security Management  Details the process of planning and managing a defined level of security on information and ICT services, including all aspects associated with the reaction to security incidents.  Service Support  Is concerned with ensuring that the Customer has access to the appropriate services to support the business functions.  Service Delivery  Looks at what service the business requires of the provider in order to provide adequate support to the business Users. 14
  • 15. Service Support 15
  • 16. Service Delivery 16
  • 17. Service Desk Service Level Management Availability Financial Management Service Management Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 17
  • 18. Service Desk Goals  To support business activities and drive service improvement  To be primary point of contact  To manage the Incident lifecycle  To manage service requests  To maintain ownership of a User Incident through to completion 18
  • 19. Service Desk Objectives  To provide a single point of contact for Customers  To be a Customer interface for IT  To improve incident response performance  Improving service levels  To facilitate the restoration of normal operational service, quickly as possible, with minimal business impact on the Customer within agreed service levels and business priorities 19
  • 20. Incident Management Service Level Management Availability Financial Management Service Management Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Management Service Support Configuration Problem Management Management 20
  • 21. Incident Management Goals  Restore normal service operation as quickly as possible within Service Level Agreements (SLA) limits  Minimize the adverse impact on business operations  Ensuring that the best possible levels of service quality and availability are maintained  Maintain and apply a consistent approach to managing Incidents 21
  • 22. Incident Management Objectives  Return to the normal service level  as defined in the Service Level Agreement  as soon as possible  with the smallest possible impact on the business activities  Keep effective records of incidents to:  measure and improve the process  Provide appropriate information to other services management processes  Report on incident progress 22
  • 23. Problem Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 23
  • 24. Problem Management Goals  Stabilize IT services through:  Minimizing the consequences of incidents by identifying trusted quick fixes  Identifying and removing the root causes of potential incidents  Identifying and managing Known Errors  To improve the quality of services delivered to customers by reducing the number of preventable service disruptions 24
  • 25. Problem Management Objectives  To reduce both the number and severity of Incidents and What’s causing Problems on the business that these Incidents? are caused by errors within the IT Infrastructure. 25
  • 26. Incident Management Cycle Known Error from Problems Release Management Incident Control Error Control Problem Control Known Change Incident Problem Event Error Request Progression Change Service Desk Problem Management Management Resolution Resolution Resolution 26
  • 27. Change Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 27
  • 28. Change Management Goals  Ensure that standardized methods and procedures are used for efficient and prompt handling of all Changes  Minimize the impact of Change- related incidents upon service quality  Improve the day-to-day operations of the organization  Maintain a balance between the need for change against the impact of change 28
  • 29. Change Management Objectives  Standard methods and procedures are used  Changes be dealt with quickly, with “Change is good, donkey!!” the lowest impact on service quality  All changes are traceable 29
  • 30. Release Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 30
  • 31. Release Management Goals  Plan and oversee the successful rollout of software and related hardware  Ensure that hardware and software being changed is traceable, secure and that only correct, authorised and tested versions are installed  Communicate and manage expectations of the customer during the planning and rollout of new releases  Agree on the exact content and rollout plan for the release, through liaison with Change Management  Implement new software releases or hardware into the operational environment using the controlling processes of Configuration Management (CIs) and Change Management 31
  • 32. Release Management Objectives  Safeguard all software, hardware & related items  Ensure that only tested / correct versions of authorized software and hardware are in use  Right software / hardware, right time, right place  Redundant hardware, software identified for Request For Change Protect the live environment & its services ! 32
  • 33. Configuration Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 33
  • 34. Configuration Management Goals  To enable control of the infrastructure and services by monitoring, maintaining and verifying information on:  All resources needed to deliver services  Configuration Item status and history  Configuration Item relationships  Provide accurate information on the IT infrastructure for all the other Service Management processes & IT Management  To assist with impact assessment of proposed changes  Verify the configuration records against the infrastructure and correct any exceptions 34
  • 35. Configuration Management Objectives  Keeping reliable records of details Do I get stored in of IT Assets and services provided the CMDB? by the organization  All Resources needed to deliver Services  Configuration Items (CI) Status and History  Configuration Item Relationships  Providing accurate information and documentation to support the other Service Management processes 35
  • 36. CGI Integrated IT Service Management Incident Problem Change Configuration Availability Capacity Management Management Management Management Management Management -Standard/Basic change (pre-approved): Identifies, records, controls IMAC, - Urgent change, Planned change and reports on IT components. SLA Management Configuration Management Database (CMDB) IT Service Complete record of all CI’s associated with the IT infrastructure: versions, location, documentation, Continuity components, services and the relationships between them Management Release Management Operational Related Capacity Service Related Related State Changes - Current Availability Relationship - Current Incidents Problems - Historical - Historical IT Financial Configuration items Management DSL Depreciation Definitive HW, SW, Network, Documents, people, organization TCO Software Service catalogue Lease mgmt Relationships : Peer-to-peer, parent-child, free-form relations Product catalogue Library Vendor mgmt DHL: SW licence mgmt Definitive Invoice Reconciliation Asset Financial & Contract Contract Lease Warranty mgmt Hardware Cost Capitalization Contract mgmt Chargeback Info. Warranty License library Total Cost of Service chargebacks Vendor Information Ownership Locations Stockrooms Inventory HW-SW Asset status Physical Attributes Containment Hierarchy ERP System mgmt Financial Remote access Procurement Auto-discovery tool Auto-recovery tool CI relationships include the usage, the ownership, the service HR relationships, etc. Monitoring Metering (HW-SW usage) 36
  • 37. Service Level Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 37
  • 38. Service Level Management Goals  Maintain and improve IT Service quality  Constant cycle of agreeing, monitoring and reporting upon IT service achievements  Instigation of actions to eradicate poor service - in line with business or cost justification.  Better relationship between IT and its Customers 38
  • 39. Service Level Management Objectives  Ensures that the IT services required by the customer are continuously maintained and improved  Achieved by agreeing, monitoring and reporting the performance of the IT organization 39
  • 40. Availability Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 40
  • 41. Availability Management Goals  To understand the availability requirements of the business and to plan, measure, monitor and continuously strive to improve the availability of the IT infrastructure, services and supporting organization to ensure these requirements are met consistently  To enable the business to satisfy its business objectives by:  Optimizing the capability of the IT infrastructure, services and supporting organization  Delivering a cost-effective and sustained level of availability 41
  • 42. Availability Management Objectives  Ensure IT services are designed to deliver the levels of availability required by the business  Provide a range of IT availability reporting to ensure that agreed levels of availability, reliability and maintainability are measured and monitored on an ongoing basis  Optimize the availability of the IT infrastructure to deliver cost effective improvements that deliver tangible benefits to the business & user  Achieve over a period of time a reduction in the frequency and duration of incidents that impact IT availability 42
  • 43. Capacity Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 43
  • 44. Capacity Management Goals  To determine the right, cost justifiable, capacity of IT resources  To understand the business requirements, current operations and IT infrastructure to ensure that the current and future capacity and performance aspects of the business are provided cost-effectively  To understand the potential for improved service design and delivery 44
  • 45. Capacity Management Objectives  Consistently provide the required IT resources:  At the right time  At the right cost  Aligned with the current and future business requirements  Need to understand the expected business developments affecting customers and anticipate technical developments  Important role in determining returns on investment and cost justification 45
  • 46. Financial Management for IT Services Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 46
  • 47. Financial Management Goals  To provide cost-effective stewardship of any of the organization’s IT asset or resources used to deliver IT services  To be able to account fully for IT service expenditures  To attribute these costs to the services delivered to Customers and determine whether value for money is being obtained  To assist management decisions on IT investment by providing detailed business cases for changes to IT services 47
  • 48. Financial Management Objectives  Assist the internal IT organization with the cost-effective management of IT resources required for the provision of IT services  Break down the IT service costs, and associate them with IT services  Support management decisions with respect to IT investments  Encourage the cost aware use of IT facilities 48
  • 49. IT Service Continuity Management Service Level Management Availability Financial Management Management Service Delivery IT Service Continuity Capacity Management Management Service Desk Change Management Incident Release Management Service Management Support Configuration Problem Management Management 49
  • 50. IT Service Continuity Management Goals  To support overall Business Continuity Management  To improve the chance of business survival by:  Reducing the service vulnerability and risk to the business  Reducing the impact of a disaster or major failure  Maintaining a pre-determined level of service in the event of a disaster  To preserve high customer and user confidence 50
  • 51. IT Service Continuity Management Objectives  Support the overall Business Continuity Management by ensuring that the required IT infrastructure and IT services can be restored within specified time limits after a disaster. 51
  • 52. COBIT & How does it map to ITIL 52
  • 53. Control Objectives for Information and Related Technology (COBIT)  Sponsor: Information Systems Audit and Control Association and the IT Governance Institute  What it is: An audit-oriented set of guidelines for IT processes, practices and controls. Geared to risk reduction, focusing on integrity, reliability and security. Addresses four domains: planning and organization, acquisition and implementation, delivery and support, and monitoring. Has six maturity levels, similar to CMM's.  Strengths: Good checklists for IT. Enables IT to address risks not explicitly addressed by other frameworks and to pass audits. Can work well with other frameworks, especially ITIL.  Limitations: Says what to do but not how to do it. Doesn't deal directly with software development or IT services. Doesn't provide road map for continuous process improvement. 53
  • 54. COBIT & ITIL Mappings PLANNING & ORGANISATION COBIT ITIL 1. Define a Strategic Information Technology Plan Planning & control for IT Services 2. Define the Information Architecture Security Management 3. Determine the Technology Direction Determine the Technology Direction 4. Define the IT Organization and Relationships IT Services Organization 5. Manage the Investment in Information Financial Management Technology 6. Communicate Management Aims and Direction   7. Manage Human Resources   8. Ensure Compliance with External Requirements   9. Assess Risks   10. Manage Projects   11. Manage Quality Quality Management for IT Services (CCTA Quality Management Library) 54
  • 55. COBIT & ITIL Mappings ACQUISITION & IMPLEMENTATION COBIT ITIL 1. Identify Solutions Service Level Management; Change Management; Security Management; Release Management 2. Acquire and Maintain Application Change Management, Availability Software Management 3. Acquire and Maintain Technology Problem Management; Security Architecture Management; Change Management 4. Develop and Maintain Information   Technology Procedures 5. Install and Accredit Systems Capacity Management; Change Management; Security Management 55
  • 56. COBIT & ITIL Mappings DELIVERY & SUPPORT COBIT ITIL 1. Define Service Levels Service Level Management 2. Manage Third-Party Services Service Level Management 3. Manage Performance and Capacity Capacity Management 4. Ensure Continuous Service Availability Management, Contingency Planning 5. Ensure Systems Security Security Management 6. Identify and Allocate Costs Financial Management 7. Educate and Train Users Customer Liaison 8. Assisting and Advising Information Incident Management (Service Desk) Technology Customers 9. Manage the Configuration Configuration Management 10. Manage Problems and Incident Problem Management 11. Manage Data Capacity Management, Release Management, Availability Management; Contingency Planning 12. Manage Facilities   13. Manage Operations   56
  • 57. COBIT & ITIL Mappings MONITORING COBIT ITIL 1. Monitor the Process   2. Obtain Independent   Assurance 3. Obtain Independent   Assurance 4. Provide for Independent   Audit 57
  • 58. ISO17799 & How does it map to ITIL 58
  • 59. ISO17799  Sponsor: British Standards Institution  What it is: ISO/IEC 17799:2000 provides information to responsible parties for implementing information security within an organisation. It can be seen as a basis for developing security standards and management practices within an organisation to improve reliability on information security in inter-organisational relationships. 59
  • 60. ISO17799 & ITIL Mappings ISO17799 ITIL System Access Control Security Management Computer & Operations Management ICT Infrastructure Management System Development and Application Management Maintenance Physical and Environmental Security Security Management Compliance Security Management Personnel Security Security Management Security Organization Security Management Asset Classification and Control Configuration Management Business Continuity Management IT Service Continuity Management (BCM) 60
  • 61. itSMF 61
  • 62. IT Service Management Forum  The IT Service Management Forum. The independent forum for ITIL® users, formed in 1991.  Promotes exchange of information and experience to assist IT organizations in managing the delivery of IT services.  Chapters in the UK, Netherlands, Belgium, Germany/Austria/Switzerland, Canada, South Africa, the USA and Australia.  A major influencer and contributor to Industry Best Practice and Standards worldwide. 62
  • 63. CGI 63
  • 64. About CGI  CGI is the 8th largest independent IT services firm in the world  We combine industry expertise, end-to-end services and global delivery capabilities to deliver cost-effective solutions that help clients win and grow 64
  • 65. CGI Contact  Steve Worth  Senior Consultant  ITSM / ITIL Centre of Excellence  CGI  Email - steve.worth@cgi.com 65
  • 66. Thank You! 66