Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Introduction to service management and FitSM
1. EOSC-hub receives funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 777536.
eosc-hub.eu
@EOSC_eu
Introduction to service management and FitSM
Dissemination level: Public
Disclosing Party: WP1
Recipient Party: PMB
2. • Shift in expected results
FP7 -> H2020 = Publications -> Services
Focus on Sustainability!
Major cultural shift
• Increased customer expectations
Commoditization of digital services
XaaS (Anything as a Service) now commonplace
• Skills, experience and knowledge gap
Limited to no formal training in how to professionally plan, deliver, operate and control
IT services
We are now
service
providers?
IT Service Management… in Research
2
3. 3
• Service is…
– … a means of delivering value to customers …
– … by supporting them in achieving their goals
– … and can be provided (sold) on its own
• What is value from a customer perspective?
Utility Warranty Value
What is the key purpose of the
service?
Which additional factors will impact
the customers’ service quality /
performance perception?
Service and value
4. (FitSM-0) Service Management System: Overall management system that controls and
supports management of services within an organisation or federation
Interconnected policies, processes, procedures, roles, agreements, plans, related resources and
other elements needed and used to effectively manage the delivery of services to customers.
4
Service management system
People
•Responsibilities
•Skills
•Awareness
Processes
•Defined activities
•Effectiveness and
repeatability
Technology
•Support people in
their roles
•Increase process
effectiveness and
efficiency
Typical tools for
service management:
• Workflow support
tool
• (Trouble) ticket
tool
• Wiki
• Excel sheets
• Word templates
• …
Typical service
management processes:
• Service portfolio
management
• Service level
management
• Incident management
• Change management
• Capacity management
• Information security
management
• …
5. • It puts in place standard processes, procedures and agreements for managing
the infrastructure efficiently and effectively.
• Repeatability of desired outputs.
• It increased clarity on expectations between partners and also customers
• Understanding organization (federation) structure and responsibilities.
• It made decision-making clearer between organisations and individual teams.
• Reduce organization fragmentation and bringing people together.
• Customer focus, alignment of IT and their customers
• Improved reputation.
SMS: What benefits does it bring?
5
6. • Standards family for lightweight IT service management
• Suitable for IT service providers of any type and scale
• Main design principle: Keep it simple!
• All FitSM parts are freely released under Creative Commons licenses
• FitSM is operated and managed by ITEMO (non-profit)
• Certification provided by ICO-Cert and APMG International
What is FitSM
www.fitsm.eu
The development of FitSM was originally funded by the European Commission
through an EC-FP7 project "FedSM“
FitSM_Standard
6
7. ‘Full’ commercial ITSM
No/little formal ITSM
ISO/IEC 20000
FitSM Solution
• Less unfamiliar
• More achievable
• More suitable
• Path to ‘full’ ITSM
• Freely available
7
Third way of ITSM
8. • Traditional IT service management (ITSM) practices …
- assume single central control over all service management processes by one
organisation acting as the service provider
- hardly address collaborative approaches to service delivery.
• As a result:
- Applying ITSM in federated environments may be more difficult, and not all
concepts / ideas will work
• Important in a federated environment:
- Understanding the roles of the federation members (including the roles or
“business models” of the federators involved)
8
Challenges in federated IT service provisioning
9. 9
Related standards and frameworks
ITIL
COBIT
ISO 9000
CMMI
Software engineering
maturity model
IT service management
standard / framework
Quality management
standard
adoption of concepts
Legend
ISO/IEC 27000 ISO/IEC 20000
FitSM
ISO 15504
Information security
management standard
11. 7-Step Approach
1. Define the rationale and scope for implementing service management and
get top management commitment and support
2. Identify/assign roles and responsibilities for planning/implementation
3. Ensure training and awareness
4. Perform an initial organisation maturity assessment
5. Define a service management plan with overall goals and milestones
6. Start defining polices, activities and procedures for each process
7. Re-assess progress through formal reviews or audits (e.g. annually)
Implementing FitSM
11
12. 12
Service management system (SMS)
Policy
1. Abc def ghijk.
2. Abc def ghijk.
3. Abc def ghijk.
4. Abc def ghijk.
Proce-
dures
Process: Inputs
Outputs
Governance level
Top management
Process owners
Control level
Process managers
Process teams
Operational level
Departments
Functions
Persons
Activities and roles
e.g. Incident handling
policy, change policy,
security policy
e.g. incident management,
change management, security
management, …
e.g. procedures for
classifying and prioritizing
incidents
Person (in a role)
applies
13. FitSM-1
Requirements
FitSM-2
Objectives and activities
FitSM-3
Role model
FitSM-5
Selected
implementation guides
FitSM-0
Overview & vocabulary
FitSM-4
Selected templates and
samples
FitSM-6
Maturity and capability
assessment scheme
Implementation Aids
Core Standard
NormativeInformational
FitSM parts
13
15. •Manage the service portfolio; alignment of new or changed services with organisation strategy
Service portfolio management
• Maintain a service catalogue; define, agree and monitor relevant agreements (SLA, OLA, UA)
Service level management
• Specify all service reports and ensure its production according to specifications in a timely manner to support decision-making
Service reporting management
• Identify, record and analyse customer opportunities; manage service orders and maintain a good relationship with customers
Customer relationship management
• Establish and maintain a healthy relations with suppliers supporting the services; ensure the required capacity and monitor performance
Supplier relationship management
•Manage information security to ensure confidentiality, integrity and accessibility of relevant information assets
Information security management
Startegic processes
15
16. • Ensures sufficient capacities to meet agreed service levels and monitor performance requirements for services
Capacity management
• Ensure sufficient service availability to meet agreed requirements and adequate service continuity in case of exceptional situations
Service availability & continuity management
• Restore normal / agreed service operation in case of an incident; respond to user service requests
Incident & service request management
• Investigate the root causes of (recurring) incidents in order to avoid future recurrence of incidents
Problem management
• Provide and maintain an information about logical model of service components and its configuration
Configuration management
• Ensure changes are planned, approved, implemented and reviewed in a controlled manner
Change management
• Manage releases, so that changes can be tested and deployed to the live environment
Release & deployment management
•Identify, prioritize, plan, implement and review all improvements
Continual service improvement
Operational processes
16
18. Incident & Service Request Management (ISRM)
Objective
To restore normal / agreed service operation within the agreed
time after the occurrence of an incident, and to respond to user
service requests
19. PR9 Incident & Service Request Management
REQUIREMENTS
PR9.1 All incidents and service requests shall be registered, classified and prioritized in a consistent manner.
PR9.2 Prioritization of incidents and service requests shall take into account service targets from SLAs.
PR9.3 Escalation of incidents and service requests shall be carried out in a consistent manner.
PR9.4 Closure of incidents and service requests shall be carried out in a consistent manner.
PR9.5 Personnel involved in the incident and service request management process shall have access to relevant information
including known errors, workarounds, configuration and release information.
PR9.6 Users shall be kept informed of the progress of incidents and service requests they have reported.
PR9.7 There shall be a definition of major incidents and a consistent approach to managing them.
19
ISRM: Requirements according to FitSM-1
20. 20
ISRM: Workflow (incident management)
Classify
Record
Analyze
Prioritize
Resolve / Restore service
Close
Incident
Escalation
required?
No
Yes
Escalate
System Theory
What is an example of a type of system?
Engine? And its parts
Go bigger, what else? Traffic system, process and procedures for with a governing body
What do you understand by “escalation”?
Is there more than one type of escalation? Yes: functional; hierarchy
Where can we find information about known errors? KEDB