Dso itil training notes pages


Published on

Published in: Business, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Dso itil training notes pages

  1. 1. 1
  2. 2. 2
  3. 3. EXIN – Examination Institute for Information ScienceISEB - Information Systems Examinations Board 3
  4. 4. OGC – Office of Government Commerce‟sCCTA – Central Computer and Telecommunications Agency 4
  5. 5. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 5
  6. 6. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 6
  7. 7. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 7
  8. 8. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 8
  9. 9. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 9
  10. 10. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 10
  11. 11. 11
  12. 12. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 12
  13. 13. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 13
  14. 14. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 16
  15. 15. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 17
  16. 16. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 18
  17. 17. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 19
  18. 18. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 20
  19. 19. IT Service Management enables the IT group to provide effective andefficient Information Systems to meet the requirements of the businessprocesses, irrespective of the way these services are delivered to theexternal customers. This in turn enables the organization to meet itsBusiness Objectives. ITSM may also be critical in providing the businesswith source of competitive advantage in the market place. 22
  20. 20. The implementation and management of Quality IT Services that meetthe needs of the business. IT Service Management is performed by ITService Providers through an appropriate mix of people, Process andInformationTechnology. 23
  21. 21. 24
  22. 22. ITIL has been a set of best practice guidance for IT Service Management. ITIL is ownedby the OGC and consists of a series of publications giving guidance on the provision ofquality IT Services, and on the Processes and facilities needed to support them.ITIL (as commonly called) has undergone some extensive changes. Notably, the namehas been change from ITIL to ITIL Service Management Practices.The name change is a reflection of ITIL‟s evolution, from an operationally focused setof processes to mature service management set of practice guidance. Just the newname itself implies a broader scope for ITIL and this is definitely the case for V3.ITIL V2 focused on processes and as a result, ITIL V2 was based around answering“How to” questions such as 1. How do we improve availability and capacity of IT services? 2. How can we respond to and manage incidents, problems and known errors?Now with the latest version, the focus more on the “why” questions as well asanswering the “How to” questions. 1. Why does the customer need this service? 2. Why does the customer need to purchase services from us? 25
  23. 23. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 26
  24. 24. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 27
  25. 25. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 28
  26. 26. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 29
  27. 27. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 30
  28. 28. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 31
  29. 29. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 32
  30. 30. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 33
  31. 31. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 34
  32. 32. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 35
  33. 33. 36
  34. 34. Strategic Asset:Strategic Assets are assets which shall be developed by the ServiceProvider to provide superior value to customers through services.Strategic Assets refer to factors such as performance, competencies andvalue that differentiate the Service Provider from the competitors.Examples of Strategic Assets would include People and IP (IntellectualProperty). 37
  35. 35. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 38
  36. 36. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 39
  37. 37. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 40
  38. 38. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 41
  39. 39. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 42
  40. 40. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 43
  41. 41. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 44
  42. 42. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 45
  43. 43. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 46
  44. 44. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 47
  45. 45. Strategic Assessment involves analyzing internal and external factors that influence effectivenessof the business strategy . Some of the internal and external factors that need to be consideredare: • Strengths and Weaknesses • Distinctive Competencies • Business Strategy • Critical Success Factors • Threats and OpportunitiesSetting Objectives: Objectives represent the results expected from pursuing strategies, whilestrategies represent the actions to be taken to accomplish objectives. Clear objectives provide forconsistent decision making, minimizing later conflicts. To arrive at its objectives, anorganization must understand what outcomes customers desire to achieve and determine howbest to satisfy the important outcomes currently underserved. Some of the objectives that needto be looked at are Customer tasks, Customer outcomes and Customer constraints. 48
  46. 46. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 49
  47. 47. Examples of Critical Success Factors:• CSF for effectiveness of Change Management would be “% percentage reduction of unsuccessful Changes”• CSF for Incident Management would be “ % reduction in the number of service level breaches in a year”.Critical success factors have the following general characteristics:1. They are defined in terms of capabilities and resources2. They are proven to be key determinants of success3. They are defined by market space levels, not peculiar4. to any one firm5. They are the basis for competition among rivals6. They change over time, so they are dynamic.7. They usually require significant investments and time to develop8. Their value is extracted by combination with other factors. 50
  48. 48. Services investments are split between three strategic categories: •Run the business (RTB) – RTB investments are centered on maintaining service operations •Grow the business (GTB) – GTB investments are intended to grow the organization‟s scope of services •Transform the business (TTB) – TTB investments are moves into new market spaces.The investment categories are further divided into budget allocations:  Venture – create services in a new market space.  Growth – create new services in existing market space.  Discretionary – provide enhancements to existing services.  Non-discretionary – maintain existing services  Core – maintain business critical services. 51
  49. 49. 52
  50. 50. 53
  51. 51. 54
  52. 52. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 55
  53. 53. Service Portfolio describes a Service provider‟sservices in terms of business value. It articulatesbusiness needs and the provider‟s response to thoseneeds. The portfolio also includes third-party services,which are an integral part of service offerings tocustomers. Some third-party services are visible to thecustomers while others are not.Service Portfolio Management is a dynamic method forgoverning investments in service management acrossthe enterprise and managing them for value. 56
  54. 54. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 57
  55. 55. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 58
  56. 56. Define: This phase will involve defining:•An inventory all services being provided & to be provided•Business cases for each one of these services•Validation of portfolio dataAnalyze:•Maximize portfolio value,•Align and prioritize which service should be invested in first.•Balance supply and demandApprove:•Finalize proposed portfolio•Authorize services and resourcesCharter:•Communicate decisions•Allocate resources and charter services. 59
  57. 57. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 60
  58. 58. 61
  59. 59. Based on changing conditions and market, customers can demand formore services or features based on their requirements. DemandManagement helps the Service Provider understand and influence thisdemand so that the right balance between the demand and capacitybeing provided is maintained.The fig above shows reiterates the principle of “Consumption producesdemand and production consumes demand”. 62
  60. 60. To be able to predict and cope up with the demand, it is very importantfor the service provider to study the customers‟ business, analyze andtrack the activity patterns of business process. This is known as Patternsof Business Activity (PBA) which is used in Activity based DemandManagement. The input to this method are the understanding ofBusiness processes since they are the primary source of demand forservices.For effective Activity based Demand Management, PBA should be usedwith the User Profile (UP) for more accurate trending based on whichdemands can be anticipated.Example: For the UP of a Senior Executive in a company, the applicablePBA shall be: Moderate travel-domestic and overseas; highly sensitiveinformation; zero latency on service requests; high need for technicalassistance; need to be highly available to the business.Whereas for the UP of a Office based staff, the applicable PBA would below travel (domestic); medium latency on service requests; low need fortechnical assistance; full-featured desktop needs; moderate customercontact; high volume of paperwork; need to be highly productive duringwork hours. 63
  61. 61. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 64
  62. 62. A Service Package includes detailed description of IT Services that isavailable to be delivered to Customers. The contents of this packageinclude:• Core Services (Basic critical services)• Supporting services (provides differentiation or enhancement to thecore services)• Service Level Package (to meet the needs of a PBA)Service Level Package: A defined level of Utility and Warranty for aparticular Service Package. Each SLP is designed to meet the needs of aparticular pattern of business activity. 65
  63. 63. 66
  64. 64. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 67
  65. 65. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 68
  66. 66. Budgeting:The process of predicting and controlling the spending of money withinthe enterprise consists of a periodic negotiation cycle to set budgets,usually annual, and the day-to-day monitoring of the current budgets.Accounting:The set of processes that enable the IT organization to fully account forthe way its money is spent, particularly the ability to identify costs bycustomer, by service or by activity. It usually involves ledgers and shouldbe overseen by someone trained in accountancyCharging:The set of processes required to bill a customer for the services suppliedto them. To achieve this requires good IT accounting, to a level of detaildetermined by the requirements of the analysis, billing and reportingprocesses. 69
  67. 67. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 70
  68. 68. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 71
  69. 69. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 72
  70. 70. Cost Model:It is a model that is used to arrive at the cost of providing services to thecustomer by the Service Provider. Cost Models are based on calculatingthe cost for each Customer or for each service. Cost models are veryimportant for organizations intending to implement a Charging systemsince this provides the foundation cost based on which Service Providerscan either recover the cost of services or become a profitableorganization. There are 2 types: • Cost by Customer • Cost by Service 73
  71. 71. 74
  72. 72. 75
  73. 73. Service Design is also responsible to:1. Produce and maintain IT plans, processes, policies, architectures, frameworks and documents for the design of quality IT solutions.2. Develop the skills and capability within IT by moving strategy and design activities into operational tasks, making effective and efficient use of all IT service resources3. Contribute to the improvement of the overall quality of IT service within the imposed design constraints, especially by reducing the need for reworking and enhancing services once they have been implemented in the live environment. 76
  74. 74. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 77
  75. 75. The design of the Service Solutions should include the following criteria:1. The facilities and functionality required, and information required for the monitoring of the performance of the service or process.2. The business processes supported, dependencies, priorities, criticality and impact of the service3. Business cycles and seasonal variations, and the related business transaction levels, service transaction levels, the numbers and types of users and anticipated future growth.4. Service Level Requirements and service level targets and the necessary service measuring, reporting and reviewing activities5. The timescales involved and the planned outcomes from the new service and the impact on any existing services6. The requirements for testing, including any User Acceptance Testing (UAT)The IT organizational readiness assessment should cover:1. The commercial impact on the organization from both a business and IT perspective2. Assessment and mitigation of the risks associated with the new or changed service3. Assessment of the business capability and maturity4. Assessment of the IT capability and maturity 78
  76. 76. Designing Support Systems:The most effective way of managing all aspects of services through theirlifecycle is by using appropriate management systems and tools tosupport and automate efficient processes. The Service Portfolio is themost criticalmanagement system used to support all processes and describes aprovider‟s services in terms of business value.Role of Service Portfolio: Updating the Service Portfolio is an importantactivity in Service Design since it is that area of the organization wherethe Service solutions that have been designed in the earlier stage willneed to be projected. Also since Service Portfolio is the main source ofinformation on the requirements and services, it needs to be verycarefully designed to meet all the needs of all its users. The design ofthe Service Portfolio needs to be considered in the same way as thedesign of any other IT service to ensure that it meets all of these needs.Ideally, the Service Portfolio should be a part of a comprehensive ServiceKnowledge Management System (SKMS). Further information is providedon SKMS has been provided in the Service Transition slides. 79
  77. 77. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 80
  78. 78. Once a strategic decision to charter a service is made, this is the stage in the Service Lifecycle when ServiceDesign begins architecting the service, which will eventually become part of the Service Catalogue. TheService Portfolio should contain information relating to every service and its current status within theorganization. The options of status within the Service Portfolio should include:1. Requirements: a set of outline requirements have been received from the business or IT for a new or changed service2. Defined: the set of requirements for the new service are being assessed, defined and documented and the SLR is being produced3. Analyzed: the set of requirements for the new service are being analyzed and prioritized4. Approved: the set of requirements for the new service have been finalized and authorized5. Chartered: the new service requirements are being communicated and resources and budgets allocated6. Designed: the new service and its constituent components are being designed – and procured, if required7. Developed: the service and its constituent components are being developed or harvested, if applicable8. Built: the service and its constituent components are being built9. Test: the service and its constituent components are being tested10. Released: the service and its constituent components are being released11. Operational: the service and its constituent components are operational within the live environment12. Retired: the service and its constituent components have been retired. 81
  79. 79. The architectural design activities within an IT organization are concerned withproviding the overall strategic „blueprints‟ for the development and deployment of anIT infrastructure – a set of applications and data that satisfy the current and futureneeds of the business.Architecture: The fundamental organization of a system, embodied in its components,their relationships to each other and to the environment, and the principles guiding itsdesign and evolution.System: a collection of components organized to accomplish a specific function or setof functionsArchitectural Design: The development and maintenance of IT policies, strategies,architectures, designs, documents, plans and processes for the deployment andsubsequent operation and improvement of appropriate IT services and solutionsthroughout an organization.During architectural design, the following points need to be kept in mind:1. The IT infrastructures, environments, data, applications and external services serve the needs of the business, its products and services.2. The right balance is struck between innovation, risk and cost whilst seeking a competitive edge3. There is compliance with relevant architectural frameworks, strategies, policies, regulations and standards4. A coordinated interface is provided between IT designers and planners, strategists, business designers and planners. 82
  80. 80. The Enterprise Architecture should be an integrated element of the BusinessArchitecture and should include the following major areas:1. Service Architecture: which translates applications, infrastructure, organization and support activities into a set of services.2. Application Architecture: which provides a blueprint for the development and deployment of individual applications, maps business and functional requirements on to applications, and shows the interrelationships between applications.3. Data/Information Architecture: which describes the logical and physical data assets of the enterprise and the data management resources.4. IT Infrastructure Architecture: which describes the structure, functionality and geographical distribution of the hardware, software and communications components that underpin and support the overall architecture, together with the technical standards applying to them.5. Environmental Architecture: which describes all aspects, types and levels of environment controls and their management. 83
  81. 81. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 84
  82. 82. As well as ensuring that all areas of the IT are integrated, it is vital thatthe management architecture is developed from the business and serviceperspective. Therefore, the key elements to agree and define beforedeveloping the management architecture are:1. Management of the business processes: What are the business processes and how do they relate to network and IT services and components?2. Management of service quality: What is service quality? How and where will it be measured?These are the key elements that need to be determined by SLM and ITManagement. They provide crucial input to the development ofbusiness-focused management architectures. 85
  83. 83. Notes:_______________________________________________________________________________________________________________________________________________________________________________________________________________ 86
  84. 84. Service Design should assist each process owner with the design ofprocesses, to ensure use of standard terms and templates, areconsistent and integrated with each other. 1. Each process should be documented, owned by a process owner. 2. Each process must have defined objectives, inputs, outputs, activities, roles, process measurements (metrics), reports and process improvement 3. Process analysis, results and metrics should be incorporated in regular management reports and process improvements 4. The goal is to design processes and support these with tools that can provide integration between organizations. 5. The objective should not be to design “perfect processes”, but to design practical and appropriate processes with “in-built” improvement mechanisms.By defining what the organization‟s activities are, which inputs arenecessary and which outputs will result from process, it is possibleto work in a more efficient and effective manner. 87
  85. 85. In order to manage and control the design processes, they have to bemonitored and measured. This is true for all aspects of the designprocesses.Metrics and measurements affect and influence the behavior of people.Therefore, only measurements that encourage progression towardsbusiness objectives or desired behavioral change should be selected. 88
  86. 86. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 89
  87. 87. Post the design of Service Solution, Service Portfolio, Architectures,Process and Measurement designs, the organization will now have tolook at utilizing these designs into effective models which can be used inOperations. Some of the delivery models or sourcing options have beenmentioned above 90
  88. 88. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 91
  89. 89. The Service Design stage of the lifecycle starts with a set of new or changed businessrequirements and ends with the development of a service solution designed to meet thedocumented needs of the business. This developed solution, together with its Service DesignPackage (SDP) is then passed to Service Transition to evaluate, build, test and deploy the new orchanged service. 92
  90. 90. 93
  91. 91. 94
  92. 92. 95
  93. 93. The scope of the Service Catalogue Management process is to provideand maintain accurate information on all services that are beingtransitioned or have been transitioned to the live environment. TheService Catalogue Management activities should include: 1. Definition of the service 2. Production and maintenance of an accurate Service Catalogue 3. Interfaces, dependencies and consistency between the Service Catalogue and Service Portfolio 4. Interfaces and dependencies between all services and supporting services within the Service Catalogue and the CMS 5. Interfaces and dependencies between all services, and supporting components and Configuration Items (CIs) within the Service Catalogue and the CMS. 96
  94. 94. The Service Catalogue has two aspects:The Business Service Catalogue: containing details of all the IT servicesdelivered to the customer, together with relationships to the businessunits and the business process that rely on the IT services. This is thecustomer view of the Service Catalogue.The Technical Service Catalogue: containing details of all the IT servicesdelivered to the customer, together with relationships to the supportingservices, shared services, components and CIs necessary to support theprovision of the service to the business. This should underpin theBusiness Service Catalogue and not form part of the customer view. 97
  95. 95. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 98
  96. 96. 99
  97. 97. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 100
  98. 98. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 101
  99. 99. Some additional terms:Service Level Requirement (SLR): A Customer Requirement for an aspect of an ITService. SLRs are based on Business Objectives and are used to negotiate agreed Service LevelTargets.Service Level Target: A commitment that is documented in a Service LevelAgreement. Service Level Targets are based on Service LevelRequirements, and are needed to ensure that the IT Service design is Fitfor Purpose. Service Level Targets should be SMART, and are usuallybased on KPIs.SMART: An acronym for helping to remember that targets in ServiceLevel Agreements and Project Plans should be Specific, Measurable,Achievable, Relevant and Timely. 102
  100. 100. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 103
  101. 101. Service based SLA: This is an agreement where an SLA covers one service, forall the customers of that service. For example, an SLA may be established foran organization‟s e-mail service – covering all the customers of that service.Customer based SLA: This is an agreement with an individual customer group,covering all the services they use. For example, agreements may be reachedwith an organization‟s finance department covering, say, the finance system,the accounting system, the payroll system, the billing system, the procurementsystem, and any other IT systems that they use.Multi-level SLA: This will be a combination of the Customer based and Servicebased SLAs between the Service Provider and the Customer (s). For example, athree-layer structure as follows: 1. Customer Level: covering all SLM issues relevant to the particular Customer group, regardless of the service being used. 2. Service Level: covering all SLM issues relevant to the specific service, in relation to this specific Customer group (one for each service covered by the SLA). 3. Corporate Level: covering all the generic SLM issues appropriate to every Customer throughout the organization. These issues are likely to be less volatile and so updates are less frequently required. 104
  102. 102. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 105
  103. 103. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 106
  104. 104. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 107
  105. 105. 108
  106. 106. Capacity Management is a process that extends across the ServiceLifecycle. A key success factor in managing capacity is ensuring it isconsidered during the design stage. It is for this reason that the CapacityManagement process is included in the Service Design cycle. CapacityManagement is supported initially in Service Strategy where thedecisions and analysis of business requirements and customer outcomesinfluence the development of patterns of business activity (PBA), servicelevels and service level packages (SLPs). This provides the predictive andongoing capacity indicators needed to align capacity to demand.Scope: The Capacity Management process should be the focal point forall IT performance and capacity issues. Technology managementfunctions such as Network Support, Server Support or OperationManagement may carry out the bulk of the day-to-day operationalduties, but will provide performance information to the CapacityManagement process. The process should encompass all areas oftechnology, both hardware and software, for all IT technologycomponents and environments. 109
  107. 107. Supply vs. Demand:Capacity Management must make sure that the ITinfrastructure (processing power, disk storage,printing, etc.) available for use meets the currentdemands of business and can address the futureneeds of the businessIT Capacity vs. Cost:Capacity Management should ensure that thecapacity (of the IT Infrastructure –processingpower, disk storage, printing, etc.) can be costjustified in terms of the stated business need andalso provides the most efficient use of theresources available. 110
  108. 108. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 111
  109. 109. 1. Monitoring & Reviewing patterns of business activity and service level plans through performance, utilization and throughput of IT services and the supporting infrastructur e components2. Reports generation on service and component capacity and performance3. Tuning activities to make the most efficient use of existing IT resources4. Demand Management - Understanding and influencing customer demands (see DM for more details)5. Generating a Capacity Plan to ensure optimum capacity for providing current and future services.6. The proactive improvement of service or component performance wherever it is cost- justifiable Capacity Plan: It has details of the current levels of resource utilization and service performance, and forecasts the future requirements 112
  110. 110. CMIS (Capacity Management Information System): The functionality ofthe CMIS is the same as that of CDB (Capacity Database ) in V2. Itcontains information that is critical to ensure the capacity of servicesand components. The data contained would include: • Business Data – Used to forecast and validate future performance and capacity based on business drivers. • Service Data – gathered from resources and provides data on performance and capacity of Services. • Component Data – Performance and capacity data of IT infrastructure components. This also includes threshold information of components. • Financial Data – for doing cost benefit analysis of upgrade proposals, RFCs and capacity planning. • Utilization Data – Utilization of components by time periods. 113
  111. 111. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 114
  112. 112. Business Capacity Management: This sub-process translates businessneeds and plans into requirements for service and IT infrastructure,ensuring that the future business requirements for IT services arequantified, designed, planned and implemented in a timely fashion.Service Capacity Management: The focus of this sub-process is themanagement, control and prediction of the end-to-end performance andcapacity of the live, operational IT services usage. It ensures that theperformance of all services, as detailed in service targets within SLAs andSLRs, is monitored and measured, and that the collected data isrecorded, analyzed and reported.Note: By monitoring performance and comparison with targets, ServiceCapacity Management can advise Service Level Management of servicebreaches.Component Capacity Management (Resource Capacity Mgmt in ITIL V2):The focus in this sub-process is the management, control and predictionof the performance, utilization and capacity of individual IT technologycomponents. It ensures that all components within the IT infrastructuresupporting services are monitored and measured, and that the collecteddata is recorded, analyzed and reported. 115
  113. 113. Performance Monitoring: Monitoring the performance of infrastructurecomponents involved in providing the service to be able to determine thecapacity levels required for future services to be commissioned. Ex: CPUUsage, Network Link usage, etc. Performance Monitoring shall also includesetting up of Thresholds for components i.e. the level of performancebelow which if the component is working, it shall be consideredunacceptable and trigger corrective measures.Demand Management: Being able to understand influence the customerdemands.Application Sizing: Used to estimate the resource requirements tosupport a proposed change to an existing service or the implementationof a new service, to ensure that it meets its required service levels.Modeling: Used to forecast the behavior of infrastructure components.Ex: Trend analysis, Estimation, Simulation, Analytic modeling (technique) 116
  114. 114. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 117
  115. 115. 118
  116. 116. The purpose of Availability Management is to provide a point of focusand management for all availability-related issues, relating to bothservices and resources, ensuring that availability targets in all areas aremeasured and achieved. 119
  117. 117. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 120
  118. 118. 121
  119. 119. 122
  120. 120. • Service Availability: involves all aspects of service availability and unavailability and the impact of component availability, or the potential impact of component unavailability on service availability• Component Availability: involves all aspects of component availability and unavailability.• Resilience: The ability of a Configuration Item or IT Service to resist Failure or to Recover quickly following a Failure.• Reliability: A measure of how long a Configuration Item or IT Service can perform its agreed Function without interruption. Usually measured as MTBF or MTBSI. The term Reliability can also be used to state how likely it is that a Process, Function, etc. will deliver its required outputs.• Maintainability: A measure of how quickly and effectively a Configuration Item or IT Service can be restored to normal working after a failure by the Service Provider (internal teams). Maintainability is often measured and reported as MTRS.• Serviceability: The ability of a Third-Party Supplier to meet the terms of its contract. This Contract will include agreed levels of Reliability, Maintainability or Availability for a Configuration Item.• Vital Business Functions (VBF): A Function of a Business Process that is critical to the success of the Business. This is utilized to provide measurement and reporting that demonstrate the consequences (contribution and impact) of IT Availability (or unavailability )on the business functions that are key to the business operations. Ex: For the of running an ATM, the business process enabling the withdrawal of cash would be VBF where as even if other frills such as deposits, statement generation are not available, it would not affect the business critically. 123
  121. 121. 124
  122. 122. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 125
  123. 123. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 126
  124. 124. 127
  125. 125. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 128
  126. 126. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 129
  127. 127. 1. Disaster: NOT part of daily operational activities and requires a separate system. (Not necessarily Flood, Fire and other natural disasters, but can also mean Power blackout or terror attack due to which the SLAs are in danger of breach).2. BCM : The Business Process responsible for managing Risks that could seriously affect the Business. BCM safeguards the interests of key stakeholders, reputation, brand and value-creating activities. The BCM Process involves reducing Risks to an acceptable level and planning for the recovery of Business Processes should a disruption to the Business occur. BCM sets the Objectives, Scope and Requirements for IT Service Continuity Management.3. BIA: BIA is the Activity in Business Continuity Management that identifies Vital Business Functions and their dependencies. These dependencies may include Suppliers, people, other Business Processes, IT Services, etc. BIA defines the recovery requirements for IT Services. These requirements include Recovery Time Objectives, Recovery Point Objectives and minimum Service Level Targets for each IT Service.4. Risk Assessment: The initial steps of Risk Management. Analyzing the value of Assets, and evaluating how Vulnerable each Asset is to those Threats. Risk Assessment can be quantitative (based on numerical data) or qualitative. 130
  128. 128. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 131
  129. 129. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 132
  130. 130. Manual Workarounds – Using a non-IT based recovery option to preventor recover from disaster.Reciprocal Arrangement - A Recovery Option in which an agreement ismade between two Organizations to share resources in an emergency.For example, Computer Room space or use of a mainframe.Gradual Recovery - A Recovery Option that is also known as ColdStandby. Provision is made to Recover the IT Service in a period of timegreater than 72 hours.Intermediate Recovery - A Recovery Option that is also known as WarmStandby. Provision is made to Recover the IT Service in a period of timebetween 24 and 72 hours.Immediate Recovery - A Recovery Option that is also known as HotStandby. Provision is made to Recover the IT Service with no loss ofService or within 24 hrs (usually within 2 hrs). Immediate Recoverytypically uses Mirroring, Load Balancing and Split Site technologies. 133
  131. 131. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 134
  132. 132. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 135
  133. 133. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 136
  134. 134. 137
  135. 135. Information Security Management usually forms part of an Organizational approach to SecurityManagement that has a wider scope than the IT Service Provider, and includes handling of paper,building access, phone calls, etc., for the entire Organization. 138
  136. 136. Confidentiality - A security principle that requires that data should only beaccessed by authorized people.Integrity - A security principle that ensures data and Configuration Items aremodified only by authorized personnel. Also refers to Accuracy, completeness,and timeliness of the informationAvailability – The information should be accessible for authorized users at theagreed time. This depends on the continuity provided by the informationprocessing systems.Security Baseline – The security level adopted by the IT organization for its ownsecurity and from the point of view of good „due diligence‟. Possible to havemultiple baselines.Security Incident – Any incident that may interfere with achieving the SLAsecurity requirements, materialization of a threat. 139
  137. 137. Information Security Management (ISM) needs to be considered withinthe overall corporate governance framework. This provides the strategicdirection for security activities and ensures objectives are achieved. Itfurther, ensures that the information security risks are appropriatelymanaged and that the enterprise information resources are usedresponsibly.The purpose of ISM is to provide a focus for all aspects of IT security andmanage all IT activities. 140
  138. 138. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 141
  139. 139. Plan: Defines and plans the security policy in conjunction with the Service LevelManagement & Availability Management processes. Assists with defining the security section of the SLA.Implement: Implements all the security measures specified in the Plan.Control: Relates directly to the organization and management of the process.Defines the sub-processes, security functions, and roles or responsibilities.Evaluate: Assist the performance of the process and the measurement,guidelines, policies, security controls.3 types of Audits: Self-Assessment, Internal Audits, External Audits.Maintenance: Ensure security matters are reviewed and maintained as changesoccur.Includes the security of the security section of the SLA and maintenance of thedetailed security plans (Operational Level Agreements).Reporting: List of security incidents, new security measures implemented,security measures that have become redundant, reports on the implementationof security, etc. 142
  140. 140. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 143
  141. 141. 144
  142. 142. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 145
  143. 143. Underpinning Contract (UC) - A Contract between an IT Service Providerand a Third Party. The Third Party provides goods or Services thatsupport delivery of an IT Service to a Customer. The UnderpinningContract defines targets and responsibilities that are required to meetagreed Service Level Targets in an SLA. 146
  144. 144. SCD - A database or structured Document used to manage Supplier Contractsthroughout their Lifecycle. The SCD contains key Attributes of all Contractswith Suppliers, and should be part of the Service Knowledge ManagementSystem.SSIP – used to record all improvement actions and plans agreed betweensuppliers and service providersSupplier Survey Reports – Feedback gathered from all individuals that dealdirectly with suppliers throughout their day to day role. Results are collatedand reviewed by Supplier Management, to ensure consistency in quality ofservice provided by suppliers in all areas.Shared Risk & Reward – an arrangement between supplier and service provideron sharing the risks and rewards of providing the services.Supplier & Contract performance reports – reports that are generated by serviceprovider on the performance of suppliers which are the primary input to theSupplier & Contract review meetings. Used to gage the quality of serviceprovided by the suppliers and partners. 147
  145. 145. The Supplier Management process attempts to ensure that suppliersmeet the terms, conditions and targets of their contracts andagreements, whilst trying to increase the value for money obtained fromsuppliers and the services they provide. All Supplier Managementprocess activity should be driven by a supplier strategy and policy fromService Strategy. In order to achieve consistency and effectiveness in theimplementation of the policy, a Supplier and Contracts Database (SCD)should be established together with clearly defined roles andresponsibilities.Ideally the SCD should form an integrated element of a comprehensiveCMS or SKMS, recording all supplier and contract details, together withdetails of the type of service(s) or product(s) provided by each supplier,and all other information and relationships with other associated CIs. 148
  146. 146. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 149
  147. 147. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 150
  148. 148. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 151
  149. 149. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 152
  150. 150. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 153
  151. 151. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 154
  152. 152. 155
  153. 153. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 156
  154. 154. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 157
  155. 155. 158
  156. 156. 159
  157. 157. 160
  158. 158. The main objective of Change Management is to:1. Manage the process of Authorizing, Requesting, Implementing and Assessing the changes2. Coordinating the effort involved in building, testing and implementing changes3. Minimizing the risk & disruption caused by changes4. Make sure that no unauthorized changes are implemented5. Ensuring that changes are properly researched & inputs are provided by parties while assessing the changes 161
  159. 159. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 162
  160. 160. Members of CAB minimum required1. Change Manager2. Finance Manager3. IT Manager / CIO4. 1 or 2 Senior Members of Management5. Additionally, depending on the RFC, Problem Manager, Incident Manager, Capacity Manager, Availability Manager, Support Teams, Suppliers, etc can be members. 163
  161. 161. Change Management must be a formal, centralized process. It isresponsible for managing the changes to the above mentioned elements. 164
  162. 162. Normal Change: A change that follows all of the steps of the changeprocess. It is assessed either by a Change Manager or a Change AdvisoryBoard.Standard Change - A pre-approved Change that is low risk, relatively common and followsa Procedure or Work Instruction. For example, password reset or provision of standardequipment to a new employee.Emergency Change: A change that is carried out due to VERY URGENTbusiness requirements which is ratified and documented later. Ex: toresolve a Major Incident or implement a Security patch.ECAB – Emergency CAB - A sub-set of the Change Advisory Board thatmakes decisions about high-impact EmergencyChanges. Membership of the ECAB may be decided at the time a meetingis called, and depends on the nature of the Emergency Change.Change Models - A repeatable way of dealing with a particular Categoryof Change. A Change Model defines specific pre-defined steps that willbe followed for a change of a particular Category.ITEC – IT Executive Committee: Senior Management of an organization. 165
  163. 163. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 166
  164. 164. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 167
  165. 165. Priority should depend on business impact 168
  166. 166. Formal authorization is obtained for each change from a changeauthority that may be a role, person or a group ofpeople. The levels of authorization for a particular type of change shouldbe judged by the type, size or risk of thechange, e.g. changes in a large enterprise that affect several distributedsites may need to be authorized by ahigher-level change authority such as a global CAB or the Board ofDirectors.If change assessment at levels 2, 3, or 4 detects higher levels of risk, theauthorization request is escalated to theappropriate higher level for the assessed level of risk. The use ofdelegated authority from higher levels to locallevels must be accompanied by trust in the judgment, access to theappropriate information and supported bymanagement. The level at which change is authorized should rest whereaccountability for accepting risk andremediation exist. 169
  167. 167. The Change Advisory Board (CAB) is a body that exists to support the authorization ofchanges and to assist ChangeManagement in the assessment and prioritization of changes. As and when a CAB isconvened, members should be chosen who are capable of ensuring that all changeswithin the scope of the CAB are adequately assessed from both a business and atechnical viewpoint. The CAB may be asked to consider and recommend the adoptionor rejection of changes appropriate for higher level authorization and thenrecommendations will be submitted to the appropriate change authority.To achieve this, the CAB needs to include people with a clear understanding across thewhole range of stakeholderneeds. The change manager will normally chair the CAB, and potential membersinclude: 1. Customer(s) 2. User manager(s) 3. User group representative(s) 4. Applications developers/maintainers 5. Specialists/technical consultants 6. Services and operations staff, e.g. service desk, test management, ITSCM, security, capacity 7. Facilities/office services staff (where changes may affect moves/accommodation and vice versa) 8. Contractor‟s or third parties‟ representatives, e.g. in outsourcing situations 9. Other parties as applicable to specific circumstances 170
  168. 168. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 171
  169. 169. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 172
  170. 170. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 173
  171. 171. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 174
  172. 172. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 175
  173. 173. 176
  174. 174. The purpose of SACM is to:1. Identify, control, record, report, audit and verify service assets and configuration items, including versions, baselines, constituent components, their attributes, and relationships.2. Account for, manage and protect the integrity of service assets and configuration items (and, where appropriate, those of its customers) through the service lifecycle by ensuring that only authorized components are used and only authorized changes are made3. Protect the integrity of service assets and configuration items (and, where appropriate, those of its customers) through the service lifecycle4. Ensure the integrity of the assets and configurations required to control the services and IT infrastructure by establishing and maintaining an accurate and complete Configuration Management System. 177
  175. 175. Configuration Management delivers a model of the services, assets andthe infrastructure by recording the relationships between configurationitems as shown in the figure. This enables other processes to accessvaluable information. 178
  176. 176. Configuration ManagementThe Process responsible for maintaining information aboutConfiguration Items required to deliver an IT Service, including theirRelationships. This information is managed throughout the Lifecycle ofthe CI.Configuration Management is part of an overall Service Asset andConfiguration Management Process.Configuration BaselineA configuration baseline is the configuration of a service, product orinfrastructure that has been formally reviewed and agreed on, thatthereafter serves as the basis for further activities and that can bechanged only through formal change procedures. It captures thestructure, contents and details of a configuration and represents a set ofconfiguration items that are related to each other.SnapshotA snapshot of the current state of a configuration item or anenvironment, e.g. from a discovery tool. This snapshotis recorded in the CMS and remains as a fixed historical record.Sometimes this is referred to a footprint. 179
  177. 177. CMS - A set of tools and databases that are used to manage an IT ServiceProvider‟s Configuration data. The CMS also includes information aboutIncidents, Problems, Known Errors, Changes and Releases; and may containdata about employees, Suppliers, locations, Business Units, Customers andUsers. The CMS includes tools for collecting, storing, managing, updating, andpresenting data about all Configuration Items and their Relationships. The CMSis maintained by Configuration Management and is used by all IT ServiceManagement Processes. The CMS holds all the information for CIs within the designatedscope. Some of these items will have related specifications or files that containthe contents of the item. The CMS is also used a for wide range of purposes,for example asset data held in the CMS may be made available to externalfinancial Asset Management systems to perform specific Asset Managementprocesses reporting outside of Configuration Management.CMDB (Configuration Management Database) - A database used to storeConfiguration Records throughout their Lifecycle. The ConfigurationManagement System maintains one or more CMDBs, and each CMDB storesAttributes of CIs, and Relationships with other CIs.Configuration Record - A Record containing the details of a Configuration Item.Each Configuration Record documents the Lifecycle of a single CI.Configuration Records are stored in a Configuration Management Database. 180
  178. 178. Management & Planning: This activity involves planning and defining thepurpose, scope, objectives, policies and procedures, organizational andtechnical context, for Configuration Management.Configuration Identification: Selecting and identifying the configurationstructures for all the infrastructures CIs, including their owner, theirinterrelationships and configuration documentation. E.g. allocatingidentifiers and version numbers for CIs, labeling each item, and enteringit in the configuration management database.Configuration Control. Ensuring that only authorized and identifiable CIsare accepted and recorded, from receipt to disposal. It ensures that no CIis added, modified, replaced or removed without appropriate controllingdocumentation, e.g. an approved change request, and an updatedspecification.Configuration Status accounting. The reporting of all current andhistorical data concerned with each CI throughout its life cycle. Thisenables Changes to CIs and their records to be traceable, e.g. trackingthe status of a CI as it changes from one state to another for instanceunder development, being tested, live, or withdrawn.Verification and audit. A series of reviews and audits that verify thephysical existence of CIs and check that they are correctly recorded inthe Configuration Management system. 181
  179. 179. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 182
  180. 180. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 183
  181. 181. 184
  182. 182. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 185
  183. 183. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 186
  184. 184. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 187
  185. 185. 188
  186. 186. Objectives:1. There are clear and comprehensive release and deployment plans that enable the customer and business change projects to align their activities with these plans2. A release package can be built, installed, tested and deployed efficiently and on schedule.3. A new or changed service and its enabling systems, technology and organization are capable of delivering the agreed service requirements4. There is minimal unpredicted impact on the production services, operations and support organization5. Customers, users and Service Management staff are satisfied with the Service Transition practicesThe term „Release‟ is used to describe a collection of authorized Changes to an IT service. The Release will typically include1) The number of Problem fixes and enhancements to the service.2) The new or changed software required and any new or changed hardware needed to implement the approved Changes. 189
  187. 187. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 190
  188. 188. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 191
  189. 189. Release Management : is concerned with changes to defined IT Services .These can be implemented by rolling out a combination of newapplications software together with upgraded or new hardware, orsimply changes to the service hours or support arrangements.The input to Release Management comes from Change Management. 192
  190. 190. Release Policy also contains Guidance as to how and where Releaseshould be documented for future reference .For ex: Which tool to use and how.Expected Deliverables of Release are Installation instructions, ReleaseNotes etc. 193
  191. 191. Note:1) Release planning outputs include the plan for a particular Release, andhigh-level test plans and acceptance criteria for the Release.2) The outputs of Release planning are normally documented in theChange Management plan for a particular project.3) Release Management should work with Change Management to agreethe exact content of each ReleaseCAB – Change Advisory Board. 194
  192. 192. DSL : Definitive Software Library 195
  193. 193. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 196
  194. 194. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 197
  195. 195. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 198
  196. 196. Notes:____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 199
  197. 197. This library may in reality consist of one or more software libraries orfile-storage areas, separate from development, test or live file-storeareas. The DML will also include a physical store to hold master copies,e.g. a fireproof safe. Only authorized media should be accepted into theDML, strictly controlled by SACM. The DML is a foundation for Releaseand Deployment Management 200