The webinar covers: • Process Identification, Planning, Implementing and Monitoring • Preparation of the Documents • ISO 9001 Requirements • Consultant Personality Presenter: This webinar was presented by Bogdan Dragomir, a security professional with over 24 years of experience in the IT field over 5 years as a Regional Security Manager with Savvis Communications being trusted adviser for many companies in South and Central US and coordinating penetration testing across US and UK and Six Sigma Lean Professional & Six Sigma Black Belt. Link of the recorded session published on YouTube: https://youtu.be/CbgNPnMKFv0

1. Combining ITIL, SixSigma
and ToC in streamlining IT
Bogdan Dragomir

2. Bogdan Dragomir
Job Positions
Bogdan Dragomir is a security professional with over 24 years of experience in the IT field over 5 years as a
Regional Security Manager with Savvis Communications currently partner and COO at Vernance LLC responsible
for overseeing GRC and management training and consulting practice
657-200-5506
bdragomir@vernance.com
www.vernance.com
https://www.linkedin.com/in/bogdandrago

3. Information Technology Infrastructure
Library (ITIL)
• ITIL defines a framework to deliver and support IT services.
• Multiple components of the framework; each component has a
well defined set of recommended practices and procedures
• Can be adopted individually or as a whole.
• Covered processes include
• Design coordination
• Service catalogue management
• Service-level management
• Availability management
• Capacity management
• IT service continuity management
• Security management
• Supplier management

4. Information Technology
Infrastructure Library (Continued)
• ITIL Goals types and objectives:
• Strategy - Achieve organizational objectives and meet
customer needs
• Design - Define a plan for delivering the business objectives
• Transition - Improved capability for introducing new services
• Operations - Ensure services management in supported
environments.
• Improvement - Ensure dynamic services and adaptability to
large-scale improvements

5. SixSigma
• Born for and mainly used in manufacturing sector
• Based on empirical and statistical methods and data based
tools.
• Works primarily at the level of a local systems chain link and
considers its interaction with the immediate supplier and
customer processes.
• Aims to identify and remove defects causes and minimize
deliverable (product or business process) quality variations.
• Uses two methodologies DMAIC and DMADV
• Target 3.4 DPMO

7. Theory of Constraints
• A more flexible approach
• Logic based/uses logic-based tools
• Recognizes variation as an inherent business necessity.
• Focuses on building processes adaptable enough to deal
with current variations
• Uses a five steps process improvement
• identify constraint,
• Exploit constraint,
• subordinate everything else to the constraint,
• elevate the constraint
• Repeat

8. IT services Criteria
• Agility
• measure the ability of a IT Services chain to respond to
marketplace CHANGES to gain or maintain competitive
advantage
• Adaptability
• measure the maximum quantity of production CHANGE the
organization can achieve and sustain in a fix amount of time.
• Responsiveness
• measure the time to fulfill demand.
• Flexibility
• measure the number of days it takes to respond to a demand
CHANGE,

9. 6δ vs ToC Differences
6δ ToC
Hard Data based Logic based tools
Quality tools for problem solving
(Causal loop Diagrams; Control Charts;
Cause and Effect; etc)
Unique approach to problem solving
considering problem’s reality context (The
more complex a situation, the more
inherent simplicity there is in it. )
Targets minimizing variation Targets to minimize effects of the variation

10. “Quality is more important than
quantity. One home run is much
better than two doubles.” – Steve
Jobs

11. Six Sigma & Toc to achieve performant
ITIL compatible processes
• Target performant ITIL process
• Main phases DMAIC – to define and minimize the
variation related to IT services
• Main approach ToC - to determine the bottleneck (the
unique constraint that determine the variation (above),
to eliminate the bottleneck and ensure optimization
sustainability, to determine next constraint in need of
optimization

12. DMAIC
Define
• Understand the expectations of the customer using voice of the
customer techniques,
• Using ToC identify the process (not the constraint) that need to
be improved.
• Ensure synergy between ITIL and SixSigma goals and alignment to
business strategy.

13. DMAIC
Measure
• Asses the “as is” process state;
• define defects in the context of IT Services (i.e.
<unacceptable_deviation> from expected results);
• define CtQ parameters.
• Determine objectives in the business context.

14. DMAIC
Analyze
• Analyze the data gathered during the previous phase;
• determine all trivial “variation” source(s),
• use ToC to determine the main constraint (vital variable)
based on the documented UDE.
• “An UDE should be serious, be a condition not a lack of an activity, not
blame anyone, happen frequently, have a serious negative outcome,
not incorporate the solution within the statement.” - TOCICO3
Thinking Process Committee, Nov 2007
• One would use this phase to run multiple scenario
simulations and prioritize constraints as per their placement
in the critical chain.

15. DMAIC
Improve
This is the phase where applying ToC will swift SixSigma and
increase its focus tremendously.
Since we moved the SixSigma approach using ToC approach in
the previous phase, during the Improve phase we will use ToC
to Exploit, Subordinate and Elevate the main constraint (main-
constraint was determined in the Analyze phase) to ensure
increased overall performance.
Note: Exploiting the constraint should be done by maximizing its
efficiency up to the point where the constraint is moving to the
next node.

16. DMAIC
Control
• Ensure that the process around optimized main-constraint
can perform sustainable
• implement controls to prevent the process from reverting
back to its prior state.
• Document lesson learn and use them in the next (D)MAIC
iteration targeting the new constraint.
Note: During the next iteration you could use a shortened
version of D-Phase focusing on checking if the previous
determinations are still valid and relevant.

17. Conclusion
• Each school of thought has its own benefits and
strengths.
• Results depend on user expertise
• There is no best or better
• Have different approach
• Have the same ultimate target (Solve a problem)

18. Quality in a product or service is not what the supplier
puts in. It is what the customer gets out and is willing to
pay for. A product is not quality because it is hard to make
and costs a lot of money, as manufacturers typically
believe. This is incompetence. Customers pay only for
what is of use to them and gives them value. Nothing else
constitutes quality.”
~Peter Drucker.

19. ?
QUESTIONS
657-200-5506
bdragomir@vernance.com
www.vernance.com
https://www.linkedin.com/in/bogdandrago
THANK YOU