Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AGILE CHM J-Marselje v5.2

663 views

Published on

  • Be the first to comment

AGILE CHM J-Marselje v5.2

  1. 1. Agile Change Management Johan Marselje Global ITSM Process Expert for Change Management Amsterdam – 2 July 2015 www.ing.com ITSM at ING Take your #talent to the next level
  2. 2. Topics • Intro • History and forming of ING best practices • Understanding the Risk & Compliancy demands • Combining both worlds into a single flow • Wrap up 1
  3. 3. Introduction Johan Marselje Global ITSM Process Expert for Change Management • Medical/Scientific photographer, software specialist printing industry, IT trainer, ITSM specialist • 2009 joined ING Central Process Authority as ITIL process & metrics expert, developer & trainer, HPSC & HPSM specialist and ServiceNow engineer • 2014 joined ING GS as ITSM expert for Change Management As ITSM Expert primarily responsible for ING world-wide process development, optimization and support Four kids, two cats, four guitars and a double (contra) bass 2
  4. 4. Three flows to get to one Agile Change flow Understanding Risk & Compliancy demands Combining both worlds into a single flow History, The forming of ING best practices 3
  5. 5. The need for an Agile Change Process… While ING moves towards an Agile organization… We (ITIL experts) struggle to come up with a proper solution • Can we simplify the Change Process and Governance ? • What’s the minimum Change registration, while remaining compliant ? • Can Agile/Scrum cooperate with ITIL Change activities / deliverables ? 4
  6. 6. History, the forming of ING best practices Can we simplify the Change Process and Governance ? ITSM at ING Take your #talent to the next level
  7. 7. Change Process  domain (Silo) oriented Before 2009 every single ING domain used its own tool for registration of ITIL process related information. • No alignment between different domains, parties and/or processes • No single process “language” or understanding • No overall governance • Etc… 6
  8. 8. Change Process  Belgium & Netherlands 2009 – A single ITSM tool was introduced at ING NL & BE, for ITIL process related activity registration On top of the ITSM tool a dedicated vendor Best Practice fixed layer Delivered us: • One governance model • One process model and set of Standards, Rules & Guidelines (SRGs) • One Change Calendar & Process Reporting environment It also delivered us… 7
  9. 9. …a very time consuming way of working The full Best Practice Change Process however, has a lot of decision moments: from Change Acceptance via the Project CAB, Technical CAB to the final decision of the Deployment CAB 8
  10. 10. More rules, more complexity, more control? The original development process was managed by the CMMi control framework on top of Prince2 In order to create more control, ING combined CMMi with ITIL 9 TCAB* Build & Test DCAB*PCAB* InitiationStart up Execution Project closure Requirements Scope High level design Timelines Design Build Test Implement Scope Risk & Impact Plan Release to Production Closure CMMi ITIL RfC SO/SA PID Acceptance Criteria & Tollgate 1 Acceptance Criteria & Tollgate 2 Acceptance Criteria & Tollgate 3 Project Board Business Domain ITSM Control Board UAT Tollgate3 Project Board Project Board Tollgate2 Tollgate1
  11. 11. Complex…? The complexity of the Best Practice Change Process model in ITSM tool, combined with a highly complex IT infrastructure… …results in typical effects: • Deployment risk assessment challenges (complexity…) • Perception of a certain level of bureaucracy. Long time lines to realize changes due to the many and different CAB groups • Potential risk of insufficient registration of the change 10
  12. 12. Understanding the Risk & Compliancy demands What’s the minimum Change registration, while remaining compliant? ITSM at ING Take your #talent to the next level
  13. 13. Then ING decided to move to Agility… …a number of challenges arose: • “We don’t need the ITIL processes any more…” • “We can use any tool that fits our needs…” • “We don’t need to plan or document what we do…” 12 How do we meet compliancy demands ?
  14. 14. While trying to LEAN the Change Process… After 3 really interesting POC experiments we came up with a very LEAN Change Process flow, to enable “Implementation Control” To realize such a process flow, a number of assumptions, technical measure and specific solutions are necessary 13 But somehow this was leaving me worried…
  15. 15. …how to prove compliancy? Moving towards “Implementation Control”, it became unclear how we would be able to manage the compliancy How, from process perspective, do we have to deal with the existing controls and required evidence for our regulators? Can we challenge the validity of a number of existing compliancy requirements for the “new” process? Or can we solve this via another way? 14
  16. 16. Compliance model used by regulators AFM, DNB, ECB all use the same reference model: COBIT* The use of controls is enforced to all financial institutions to prove compliancy 15 * Control Objectives for Information and related Technology (COBIT) by ISACA.
  17. 17. COBIT has recognized change risks A lot of actions need to be realised when making a change in functionality in production… …which fitted perfectly into the original Best Practice Change flow… 16
  18. 18. ING has defined Change risk controls The COBIT risks and SOx requirements are “translated” into and Key controls to enable us, while changing, to prove that we are in control… …But where and how do these controls fit in? Do we need to change our way of Agile/Scrum working? 17 OCD Ctrl41 FC02 - Registration of assets in Central Repository 1. Common info 2. CI Type details / attributes 3. Relations (e.g. Stack, Value Chain/Business Process 4. Adherence to the process and Data Quality 5. The Asset Owner defined and accepted the role 6. The custodian has accepted the role And Asset Owner or Custodian approved the content as shown OCD Ctrl CM01.2 Non Functional requirements OCD Ctrl CM01.3 Change Implementation OCD Ctrl FC02.1 CMDB Check OCD Ctrl CM01.1 Change Validation
  19. 19. At ING we traded CMMi/Prince2 for Agile/Scrum Of course, in a Agile/Scrum environment we are still obliged to the COBIT compliancy rules And…, can we prove that we actually are in control…? And can we do that without losing Agility? 18
  20. 20. Agile Change Management Combining both worlds into a single flow Can Agile/Scrum cooperate with ITIL Change activities / deliverables ? ITSM at ING Take your #talent to the next level
  21. 21. The original ITIL v3 Change Management Process… 20 ITIL Change Management Process COBIT has adopted ITIL as formal and standardized ITSM Process Framework, and therefore we have to comply to ITIL for Change Management The ITIL Change Management Process defines typical steps including typical activities in the Change flow that remain the same for all changes… …how can we combine ITIL with Agile/Scrum ?
  22. 22. Yes… ITIL can be combined with Agile/Scrum 21 Scrum Product backlog management
  23. 23. A change flow to Build & Test a user story 22 Scrum Sprint backlog management
  24. 24. Can we prove we are fully compliant? 23 Yes, we can be compliant to COBIT and thus to regulatory demands
  25. 25. Managing the COBIT controls The existing COBIT controls can be plotted to the Agile/Scrum “Change Process” Scrum activities and materials become a natural part of the total Change flow, enabling us to prove we actually are in control 24 However, while merging the ITIL Change Process flow with the Agile/Scrum activities, we uncovered a potential compliancy weak spot…
  26. 26. …we introduced the deployment procedure The ITIL Change deployment procedure fits perfectly to our needs: A compact & LEAN Change flow, serving all necessary compliancy steps Adding the Change deployment procedure to the Agile/Scrum method, completes regulatory required control evidence 25
  27. 27. Finally Agile/Scrum & Change deployment combined Typical ITIL activities can be mapped to original Agile/Scrum activities and roles… Allowing the teams to use their own Scrum tools for working through their backlog… while using the ITSM tool for deployment of changes to the production environment Enabling us to prove compliancy 26
  28. 28. Wrap up ITSM at ING Take your #talent to the next level
  29. 29. Complex…? Perception of a certain level of bureaucracy (complexity…) Long time lines to realize changes due to the many/different CAB groups Potential risk of insufficient registration of the change 28
  30. 30. Wrap up 29 As ING moves towards an Agile organization… we (ITIL experts) came up with an ING solution !  We were able to simplify the Change Process and Governance  We defined the minimum Change registration, while remaining compliant  Agile/Scrum and ITIL Change Management can be fully integrated
  31. 31. Questions? ITSM at ING Take your #talent to the next level
  32. 32. Thank you! ITSM at ING Take your #talent to the next level

×