EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
U2 chap2 itsm service design
1. Chapter 4
Service design processes
This chapter describes and explains the
fundamentals of the key processes supporting
service design. These processes are principally
responsible for providing key information for the
design of new or changed service solutions.
ITSM Mustufa Sir Unit 2 1
2. • Service catalogue management
• Service level management
• Availability management
• Capacity management
• IT service continuity management (ITSCM)
• Information security management
• Supplier management.
ITSM Mustufa Sir Unit 2 2
3. 4.2 Service catalogue management
• The service catalogue is one of the most valuable
elements of a comprehensive approach to service
provision and, as such, it should be given proper
care and attention.
• The service catalogue management process
provides the means of devoting that care and
attention in a consistent fashion, ensuring that
the organization accrues all of the potential
benefits of a service catalogue in the most
efficient manner possible.
ITSM Mustufa Sir Unit 2 3
4. 4.2.1 Purpose and objectives
• The purpose of the service catalogue
management process is to provide and
maintain a single source of consistent
information on all operational services and
those being prepared to be run operationally,
and to ensure that it is widely available to
those who are authorized to access it.
ITSM Mustufa Sir Unit 2 4
5. 4.2.2 Scope
The scope of the service catalogue management
process is to provide and maintain accurate
information on all services that are being
transitioned or have been transitioned to the
live environment.
ITSM Mustufa Sir Unit 2 5
6. 4.2.3 Value to the business
The service catalogue provides a central source
of information on the IT services delivered by
the service provider organization. This ensures
that all areas of the business can view an
accurate, consistent picture of the IT services
ITSM Mustufa Sir Unit 2 6
7. 4.2.4 Policies, principles and basic concepts
Over the years, the IT infrastructures of
organizations have grown and developed, and
there may not be a clear picture of all the services
currently being provided and the customers of each
service. In order to establish an accurate picture, it
is recommended that a service portfolio containing
a service catalogue is produced and maintained to
provide a central, accurate set of information on all
services and to develop a service-focused culture.
ITSM Mustufa Sir Unit 2 7
9. Customer-facing services IT services that are
seen by the customer.
Supporting services IT services that support or
‘underpin’ the customer-facing services.
ITSM Mustufa Sir Unit 2 9
10. Service catalogue structure
The structure and presentation of the service
catalogue should support the uses to which it will
be put, taking into consideration the different,
sometimes conflicting needs of different audiences.
Not every service is of interest to every person
or group. Not every piece of information about
a service is of interest to every person or group.
When service providers have many customers or
serve many businesses, there may be multiple
service catalogue views projected from the service
portfolio.
ITSM Mustufa Sir Unit 2 10
11. The business/customer service catalogue
view This contains details of all the IT services
delivered to the customers (customer-facing
services), together with relationships to the
business units and the business processes that
rely on the IT services.
The technical/supporting service catalogue
view This contains details of all the supporting
IT services, together with relationships to the
customer-facing services they underpin and the
components
ITSM Mustufa Sir Unit 2 11
14. 4.2.5 Process activities, methods and techniques
The key activities within the service catalogue
management process should include:
• ■■ Agreeing and documenting a service definition
and description for each service with all relevant
parties
• ■■ Interfacing with service portfolio management
to agree the contents of the service portfolio
and service catalogue
• ■■ Producing and maintaining an accurate service
catalogue and its contents, in conjunction with
the overall service portfolio
ITSM Mustufa Sir Unit 2 14
15. • 4.2.6 Triggers, inputs, outputs and interfaces
4.2.6.1 Triggers
The triggers for the service catalogue management process
are changes in the business requirements and services
4.2.6.2 Inputs
Business information from the organization’s
business and IT strategy, plans and financial
plans, and information on their current and
future requirements from the service portfolio
ITSM Mustufa Sir Unit 2 15
16. 4.2.6.3 Outputs
• ■■ The documentation and agreement of a
‘definition of the service’
• ■■ Updates to the service portfolio: should
contain the current status of all services and
requirements for services
4.2.6.4 Interfaces
Every service provider process uses the service
catalogue, so it could be said that the service
catalogue management process interfaces with
all processes
ITSM Mustufa Sir Unit 2 16
17. 4.2.7 Information management
The key information within the service catalogue
management process is that which is contained
within the service catalogue. The main input
for this information comes from the service
portfolio and the business via either the
business relationship management or SLM
processes.
ITSM Mustufa Sir Unit 2 17
18. 4.3 Service level management
SLM is a vital process for every IT service provider
organization in that it is responsible for agreeing
and documenting service level targets and
responsibilities within SLAs and service level
requirements (SLRs) for every service and related
activity within IT.
ITSM Mustufa Sir Unit 2 18
19. 4.3.1 Purpose and objectives
The purpose of the SLM process is to ensure that
all current and planned IT services are delivered
to agreed achievable targets.
ITSM Mustufa Sir Unit 2 19
20. 4.3.2 Scope
SLM should provide a point of regular contact
and communication to the customers and business
managers of an organization in relation to service
levels.
ITSM Mustufa Sir Unit 2 20
21. 4.3.3 Value to the business
SLM provides a consistent interface to the business
for all service-level-related issues. It provides the
business with the agreed service targets and the
required management information to ensure
that those targets have been met.
ITSM Mustufa Sir Unit 2 21
22. 4.3.4 Policies, principles and basic concepts
4.3.4.1 Policies
The service provider should establish clear policies for the
conduct of the SLM process.
4.3.4.2 Contracts and agreements
When an IT service provider engages a third-party supplier
to provide goods and/or services that are needed for the
provision of service to the IT customer(s), it is important
that both parties have clear and unambiguous expectations
of how the supplier will meet the IT service provider’s
requirements.
ITSM Mustufa Sir Unit 2 22
23. 4.3.5 Process activities, methods and
techniques
Determining, negotiating, documenting and
agreeing requirements for new or changed
services in SLRs, and managing and reviewing
them through the service lifecycle into SLAs for
operational services
Developing, maintaining and operating SLM
procedures, including procedures for logging,
actioning and resolving all complaints, and for
logging and distributing compliments
ITSM Mustufa Sir Unit 2 23
24. 4.3.6 Triggers, inputs, outputs and interfaces
SLM is a process that has many highly active
connections throughout the organization and its
processes.
ITSM Mustufa Sir Unit 2 24
25. 4.3.6.1 Triggers
Changes in the service portfolio, such as new
or changed business requirements or new or
changed services
4.3.6.2 Inputs
Business information: from the organization’s
business strategy, plans and financial plans,
and information
ITSM Mustufa Sir Unit 2 25
26. 4.3.6.3 Outputs
Service reports: providing details of the service
levels achieved in relation to the targets
contained within SLAs. These reports should
contain details of all aspects of the service and
its delivery, including current and historical
performance, breaches and weaknesses,
major events, changes planned, current and
predicted workloads, customer feedback, and
improvement plans and activities
ITSM Mustufa Sir Unit 2 26
27. 4.3.6.4 Interfaces
• Business relationship management
• Service catalogue management
• Incident management
• Supplier management
• Availability, capacity, IT service continuity
• and information security management
ITSM Mustufa Sir Unit 2 27
28. 4.3.7 Information management
SLM provides key information on all operational
services, their expected targets and the service
achievements and breaches for all operational
services.
ITSM Mustufa Sir Unit 2 28
29. 4.4 Availability management
Availability is one of the most critical parts of
the warranty of a service. If a service does not
deliver the levels of availability required, then
the business will not experience the value that
has been promised.
ITSM Mustufa Sir Unit 2 29
30. 4.4.1 Purpose and objectives
The purpose of the availability management
process is to ensure that the level of availability
delivered in all IT services meets the agreed
availability needs and/or service level targets in
a cost-effective and timely manner.
ITSM Mustufa Sir Unit 2 30
31. 4.4.2 Scope
The scope of the availability management
process covers the design, implementation,
measurement, management and improvement
of IT service and component availability.
ITSM Mustufa Sir Unit 2 31
32. 4.4.3 Value to the business
The availability management process ensures
that the availability of systems and services
matches the evolving agreed needs of the
business.
ITSM Mustufa Sir Unit 2 32
33. 4.4.4 Policies, principles and basic concepts
The availability management process is continually
trying to ensure that all operational services meet
their agreed availability targets, and that new or
changed services are designed appropriately to
meet their intended targets, without compromising
the performance of existing services.
ITSM Mustufa Sir Unit 2 33
38. 4.4.5 Process activities, methods and
techniques
Availability management should perform the
reactive and proactive activities
ITSM Mustufa Sir Unit 2 38
39. 4.4.5.1 Reactive activities
The reactive aspect of availability management
involves work to ensure that current operational
services and components deliver the agreed
levels of availability and to respond
appropriately when they do not.
ITSM Mustufa Sir Unit 2 39
40. 4.4.5.2 Proactive activities
The proactive activities of availability management
involve the work necessary to ensure that new
or changed services can and will deliver the
agreed levels of availability and that appropriate
measurements are in place to support this work.
ITSM Mustufa Sir Unit 2 40
41. 4.4.6 Triggers, inputs, outputs and interfaces
4.4.6.1 Triggers
Many events may trigger availability management
activity. These include:
■■ New or changed business needs or new or
changed services
■■ New or changed targets within agreements,
such as SLRs, SLAs, OLAs or contracts
ITSM Mustufa Sir Unit 2 41
42. 4.4.6.2 Inputs
■■ Business information From the organization’s
business strategy, plans and financial plans,
and information on their current and future
requirements, including the availability
requirements for new or enhanced IT services
ITSM Mustufa Sir Unit 2 42
43. 4.4.6.3 Outputs
■■ The availability plan for the proactive
improvement of IT services and technology
■■ Availability and recovery design criteria and
proposed service targets for new or changed
services
ITSM Mustufa Sir Unit 2 43
44. 4.4.6.4 Interfaces
■■ SLM.
■■ Incident and problem management
■■ Capacity management
■■ Change management
■■ IT service continuity management (ITSCM)
■■ Information security management (ISM)
■■ Access management
ITSM Mustufa Sir Unit 2 44
45. 4.5 Capacity management
Capacity management is a process that extends
across the service lifecycle. A key success factor
in managing capacity is ensuring it is considered
during the design stage. It is for this reason that
the capacity management process is included
here.
ITSM Mustufa Sir Unit 2 45
46. 4.5.1 Purpose and objectives
The purpose of the capacity management process
is to ensure that the capacity of IT services and
the IT infrastructure meets the agreed capacityand
performance-related requirements in a
cost-effective and timely manner.
ITSM Mustufa Sir Unit 2 46
47. 4.5.2 Scope
The capacity management process should be the
focal point for all IT performance and capacity
issues. Capacity management considers all
resources required to deliver the IT service, and
plans for short-, medium- and long-term business
requirements.
ITSM Mustufa Sir Unit 2 47
48. 4.5.3 Value to the business
■■ Improving the performance and availability of IT
services the business needs by helping to reduce
capacity- and performance-related incidents and
problems
ITSM Mustufa Sir Unit 2 48
49. 4.5.4 Policies, principles and basic concepts
Capacity management ensures that the capacity
and performance of the IT services and systems
match the evolving agreed demands of the
business in the most cost-effective and timely
manner.
Capacity management is essentially a
balancing act:
■■ Balancing costs against resources needed
■■ Balancing supply against demand
ITSM Mustufa Sir Unit 2 49
50. 4.5.5 Process activities, methods and
techniques
■■ Pre-empting performance issues by taking the
necessary actions before they occur
■■ Producing trends of the current component
utilization and estimating the future
requirements, using trends and thresholds for
planning upgrades and enhancements
ITSM Mustufa Sir Unit 2 50
51. 4.5.6 Triggers, inputs, outputs and
interfaces
4.5.6.1 Triggers
■■ New and changed services requiring additional
capacity
■■ Service breaches, capacity or performance
events and alerts, including threshold events
ITSM Mustufa Sir Unit 2 51
52. 4.5.6.2 Inputs
• Business information
• Service and IT information
• Component performance and capacity
information
• Service performance issue information
• Service information
• Financial information
• Change information
ITSM Mustufa Sir Unit 2 52
53. 4.5.6.3 Outputs
• Capacity plan
• Service performance information and reports
• Workload analysis and reports
• Ad hoc capacity and performance reports
• Thresholds, alerts and events
• Improvement actions
ITSM Mustufa Sir Unit 2 53
54. 4.5.6.4 Interfaces
■■ Availability management
■■ Service level management
■■ ITSCM
■■ Incident and problem management
■■ Demand management
ITSM Mustufa Sir Unit 2 54
55. 4.5.7 Information management
The aim of the CMIS is to provide the relevant
capacity and performance information to produce
reports and support the capacity management
process.
ITSM Mustufa Sir Unit 2 55
56. 4.6 IT service continuity
management
As technology is a core component of most
business processes, continued or high availability
of IT is critical to the survival of the business
as a whole. This is achieved by introducing
risk reduction measures and recovery options.
ITSM Mustufa Sir Unit 2 56
57. 4.6.1 Purpose and objectives
The purpose of the IT service continuity
management process is to support the overall
business continuity management (BCM) process by
ensuring that, by managing the risks that could
seriously affect IT services, the IT service provider
can always provide minimum agreed business
continuity-related service levels.
ITSM Mustufa Sir Unit 2 57
58. 4.6.2 Scope
ITSCM focuses on those events that the business
considers significant enough to be treated
as a ‘disaster’. Less significant events will be
dealt with as part of the incident management
process. What constitutes a disaster will vary
from organization to organization.
ITSM Mustufa Sir Unit 2 58
59. 4.6.3 Value to the business
ITSCM provides an invaluable role in supporting
the BCM process. In many organizations, ITSCM is
used to raise awareness of continuity requirements
and is often used to justify and implement a BCM
process and business continuity plans.
ITSM Mustufa Sir Unit 2 59
60. 4.6.4 Policies, principles and basic concepts
A lifecycle approach should be adopted to the
setting up and operation of an ITSCM process.
Figure 4.21 shows the lifecycle of ITSCM, from
initiation through to continual assurance that the
protection provided by the plan is current and
reflects all changes to services and service levels.
ITSM Mustufa Sir Unit 2 60
62. 4.6.5 Process activities, methods and techniques
4.6.5.1 Stage 1 – Initiation
Policy setting
This should be established and communicated
as soon as possible so that all members of the
organization involved in, or affected by, business
continuity issues are aware of their responsibilities
to comply with and support ITSCM.
ITSM Mustufa Sir Unit 2 62
63. Define scope and specify terms of reference
This includes defining the scope and responsibilities
of all staff in the organization. It covers such tasks
as undertaking a risk assessment and business
impact analysis and determination of the command
and control structure required to support a
business interruption.
ITSM Mustufa Sir Unit 2 63
64. Initiate a project
The initiation of formal IT service continuity
management is best organized into a project.
The project can be used to bring ITSCM to the
‘ongoing operation’ stage.
ITSM Mustufa Sir Unit 2 64
65. 4.6.5.2 Stage 2 – Requirements and strategy
If the requirements analysis is incorrect, or key
information has been missed, this could have
serious consequences on the effectiveness of
ITSCM mechanisms.
ITSM Mustufa Sir Unit 2 65
66. 4.6.5.3 Stage 3 – Implementation
Once the strategy has been approved, the detailed
IT service continuity plans need to be produced
in line with the business continuity plans and the
measures to implement the strategy need to be put
in place.
ITSM Mustufa Sir Unit 2 66
67. 4.6.5.4 Stage 4 – Ongoing operation
This stage consists of the activities necessary to
firmly establish the ITSCM capabilities and maintain
them in an accurate and reliable state as time goes
on.
Education, awareness and training
Review and audit
Testing
Change management
ITSM Mustufa Sir Unit 2 67
68. 4.6.5.5 Invocation
Invocation is the ultimate test of the business
continuity and ITSCM plans. If all the preparatory
work has been successfully completed, and
plans developed and tested, then an invocation
of the business continuity plans should be a
straightforward process, but if the plans have
not been tested, failures can be expected.
ITSM Mustufa Sir Unit 2 68
69. 4.6.6 Triggers, inputs, outputs and interfaces
4.6.6.1 Triggers
Many events may trigger ITSCM activity,
including:
■■ New or changed business needs, or new or
changed services
■■ New or changed targets within agreements,
such as SLRs, SLAs, contracts.
ITSM Mustufa Sir Unit 2 69
70. 4.6.6.2 Inputs
There are many sources of input required by the
ITSCM process:
■■ Business information: from the organization’s
business strategy, plans and financial plans,
and information on their current and future
requirements
■■ IT information: from the IT strategy and plans
and current budgets
ITSM Mustufa Sir Unit 2 70
71. 4.6.6.3 Outputs
The outputs from the ITSCM process include:
■■ A revised ITSCM policy and strategy
■■ A set of ITSCM plans, including all crisis
management plans, emergency response plans
and disaster recovery plans, together with a set
of supporting plans and contracts with recovery
service providers
ITSM Mustufa Sir Unit 2 71
72. 4.6.6.4 Interfaces
Integration and interfaces exist from ITSCM to
all other processes.
• Change management
• Incident and problem management
• Availability management
• Service level management
• Capacity management
ITSM Mustufa Sir Unit 2 72
73. 4.6.7 Information management
ITSCM needs to record all of the information
necessary to maintain a comprehensive set of
ITSCM plans.
ITSM Mustufa Sir Unit 2 73
74. 4.7 Information security management
Information security is a management process
within the corporate governance framework,
which provides the strategic direction for security
activities and ensures objectives are achieved. It
further ensures that the information security risks
are appropriately managed and that enterprise
information resources are used responsibly.
ITSM Mustufa Sir Unit 2 74
75. 4.7.1 Purpose and objectives
The purpose of the information security
management process is to align IT security
with business security and ensure that the
confidentiality, integrity and availability of the
organization’s assets, information, data and IT
services always matches the agreed needs of the
business.
ITSM Mustufa Sir Unit 2 75
76. 4.7.2 Scope
The information security management process
should be the focal point for all IT security issues,
and must ensure that an information security
policy is produced, maintained and enforced that
covers the use and misuse of all IT systems and
services.
ITSM Mustufa Sir Unit 2 76
77. 4.7.3 Value to the business
Information security management ensures that
an information security policy is maintained and
enforced that fulfils the needs of the business
security policy and the requirements of
corporate governance.
ITSM Mustufa Sir Unit 2 77
78. 4.7.4 Policies, principles and basic concepts
■■ An overall information security policy
■■ Use and misuse of IT assets policy
■■ An access control policy
■■ A password control policy
■■ An email policy
■■ An internet policy
■■ An anti-virus policy
■■ An information classification policy
■■ A document classification policy
■■ A remote access policy
ITSM Mustufa Sir Unit 2 78
79. 4.7.5 Process activities, methods and techniques
The information security management process
ensures that the security aspects with regard to
services and all service management activities are
appropriately managed and controlled in line with
business needs and risks.
ITSM Mustufa Sir Unit 2 79
80. 4.7.6 Triggers, inputs, outputs and interfaces
4.7.6.1 Triggers
Information security management activity can
be triggered by many events, including:
■■ New or changed corporate governance
guidelines
■■ New or changed business security policy
ITSM Mustufa Sir Unit 2 80
81. 4.7.6.2 Inputs
Information security management will need to
obtain input from many areas, including:
■■ Business information From the organization’s
business strategy, plans and financial plans,
and information on its current and future
requirements
■■ Governance and security From corporate
governance and business security policies and
guidelines, security plans, risk assessment and
responses
ITSM Mustufa Sir Unit 2 81
82. 4.7.6.4 Interfaces
The effective and efficient implementation of an
information security policy within a organization
will, to a large extent, be dependent on good
service management processes.
ITSM Mustufa Sir Unit 2 82
83. 4.7.7 Information management
All the information required by information
security management should be contained within
the SMIS. This should include all security controls,
risks, breaches, processes and reports necessary
to support and maintain the information security
policy and the SMIS.
ITSM Mustufa Sir Unit 2 83
84. 4.8 Supplier management
• The supplier management process ensures
that suppliers and the services they provide
are managed to support IT service targets and
business expectations.
ITSM Mustufa Sir Unit 2 84
85. 4.8.1 Purpose and objectives
The purpose of the supplier management process
is to obtain value for money from suppliers
and to provide seamless quality of IT service to
the business by ensuring that all contracts and
agreements with suppliers support the needs
of the business and that all suppliers meet their
contractual commitments.
ITSM Mustufa Sir Unit 2 85
86. 4.8.2 Scope
The supplier management process should
include the management of all suppliers and
contracts needed to support the provision of IT
services to the business.
ITSM Mustufa Sir Unit 2 86
87. 4.8.3 Value to the business
The main objectives of the supplier
management
process are to provide value for money from
suppliers and contracts and to ensure that all
targets in underpinning supplier contracts and
agreements are aligned to business needs and
agreed targets within SLAs.
ITSM Mustufa Sir Unit 2 87
88. 4.8.4 Policies, principles and basic concepts
The supplier management process attempts to
ensure that suppliers meet the terms, conditions
and targets of their contracts, while trying to
increase the value for money obtained from
suppliers and the services they provide.
ITSM Mustufa Sir Unit 2 88
89. 4.8.5 Process activities, methods and techniques
When dealing with external suppliers, it is strongly
recommended that a formal contract with clearly
defined, agreed and documented responsibilities
and targets is established and managed through
the stages of its lifecycle, from the identification of
the business need to the operation and cessation
of the contract.
ITSM Mustufa Sir Unit 2 89
90. 4.8.6 Triggers, inputs, outputs and
interfaces
4.8.6.1 Triggers
There are many events that could trigger supplier
management activity. These include:
■■ New or changed corporate governance
guidelines
■■ New or changed business and IT strategies,
policies or plans
ITSM Mustufa Sir Unit 2 90
91. 4.8.6.2 Inputs
Inputs comprise:
■■ Business information From the organization’s
business strategy, plans and financial plans,
and information on its current and future
requirements
■■ Supplier and contracts strategy This covers
the sourcing policy of the service provider and
the types of supplier and contract used. It is
produced by the service strategy processes
ITSM Mustufa Sir Unit 2 91
92. 4.8.6.3 Outputs
The outputs of supplier management are used
within all other parts of the process, by many
other processes and by other parts of the
organization.
ITSM Mustufa Sir Unit 2 92
93. 4.8.7 Information management
All the information required by supplier
management should be contained within the
SCMIS. This should include all information
relating to suppliers and contracts, as well as
all the information relating to the operation of
the supporting services provided by suppliers.
Information relating to these supporting services
should also be contained within the service
portfolio, together with the relationships to all
other services and components.
ITSM Mustufa Sir Unit 2 93