ITIL And Other Frameworks, Practices And Standards PDF

Summary

This document provides complementary guidance on ITIL and other frameworks, practices, and standards for managing IT. It covers different frameworks like COBIT, ISO/IEC 20000, and CMMI, and touches upon risk management. The document also highlights the use of software asset management (SAM) and Six Sigma methodologies.

Full Transcript

28/8/07 14:01 Page 145 | 145 Complementary guidance ITIL AND OTHER FRAMEWORKS, PRACTICES AND STANDARDS industry has developed a number of frameworks, d and standards to manage a growing number of Organizations can face uncertainty in tanding which framework, method or standard of e they need in order to excel at managing IT s. Some frameworks were developed to address tory and legal compliance, others to streamline or ineer practices and most have origins in financial anufacturing industries. d many of these frameworks have a solid harmony n co-exist within an organization to meet a range ice management needs. ing are some of the more commonly known works and standards that have synergy with ITIL. COBIT ® stands for Control OBjectives for Information and Technology. Originally created in 1995 as an IS ramework, COBIT has matured to become an overall agement framework. COBIT processes and les are often used by IT and SOX auditors. COBIT is ned by the IT Governance Institute. ISO/IEC 20000 C 20000:2005 promotes the adoption of an ated process approach to effectively deliver ed services to meet business and customer ements. For an organization to function effectively ISO 20000 is based on the ITIL service management processes. 9.1.3 ISO/IEC 15504 Also known as SPICE – Software Process Improvement and Capability dEtermination – it provides a framework for the assessment of process capability. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. It is also intended for use by assessors in the performance of process assessment, and by organizations involved in the development of process reference models, process assessment models or process assessment processes. 9.1.4 ISO/IEC 19770:2006 Developed to enable an organization to prove that it is performing software asset management (SAM) to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. It is intended to align closely to, and to support, ISO/IEC 20000. Good practice in SAM should result in several benefits, and certifiable good practice should allow management and other organizations to place reliance on the adequacy of these processes. The expected benefits should be achieved with a high degree of confidence. 9.1.5 Management of Risk Management of Risk (M_o_R®) provides an alternative 28/8/07 14:01 Page 146 Complementary guidance e or negative, which may have an impact on the ement of your organization’s business objectives. R provides a framework that is tried, tested and ve to help you eliminate or manage the risks ed in reaching your goals. M_o_R adopts a atic application of principles, approach and ses to the task of identifying, assessing and then ng and implementing risk responses. Project management K® (Project Management Body of Knowledge) is and authored by the Project Management Institute oject Management Body of Knowledge is the sum of edge within the profession of project management. h other professions such as law, medicine and nting, the body of knowledge rests with the oners and academics who apply and advance it. mplete Project Management Body of Knowledge es proven traditional practices that are widely d, as well as innovative practices that are emerging profession, including published and unpublished al. As a result, the Project Management Body of edge is constantly evolving. (Introduction to PMBOK, E2™ (PRoject IN Controlled Environments, v2) is a red project management method owned by the Structured project management means managing oject in a logical, organized way, following defined A structured project management method is the n description of this logical, organized approach. 9.1.7 CMMI CMMi (Capability Maturity Model Integrated) was created by SEI (Software Engineering Institute) at Carnegie Mellon University in 1991. In the beginning CMM was a model for demonstrating the maturity of software development processes in the belief that more mature development processes led to better software. The basic Software CMM model has grown and been revised. CMM is now the de facto standard for measuring the maturity of any process. Organizations can be assessed against the CMM model using SCAMPI (Standard CMMI Appraisal Method for Process Improvement). 9.1.8 Six Sigma The fundamental objective of the Six Sigma methodology is the implementation of a measurement-based strategy that focuses on process improvement and variation reduction through the application of Six Sigma improvement projects. This is accomplished through the use of two Six Sigma sub-methodologies: DMAIC and DMADV. The Six Sigma DMAIC process (define, measure, analyse, improve, control) is an improvement system for existing processes falling below specification and looking for incremental improvement. The Six Sigma DMADV process (define, measure, analyse, design, verify) is an improvement system used to develop new processes or products at Six Sigma quality levels. It can also be employed if a current process requires more than just incremental improvement. 28/8/07 14:01 Page 147 28/8/07 14:01 Page 148 28/8/07 14:01 Page 149 | 149 The ITIL Service Management Model gh the previous chapters we have learned the basics ITIL Service Lifecycle. This chapter helps to bring a perspective to what we have learned. The basic pt of using Service Management Models to ment and manage services inherently offers ous perspectives. Depending on your organizational t, your interpretation of these will have adaptive es. L Service Management Model has numerous levels nularity. For the purposes of learning the basics, this n will take you through the basic constructs and nts, and offer a look at how the Service ement Model is applied to designing a service. The rvice Lifecycle relies on processes to execute the es involved in service management. ements within the Service Management Model will depth, adaptation and interpretation among s service organizations depending on circumstance, and structure. The Service Management Model is ed to be adaptive and organizations can customize sign and use of ITIL model elements to meet their e needs. On its own, without any adaptation, the e Management Model is entirely complete and , but many organizations find that they can enhance ervice capabilities by incorporating their own best es into a hybrid structure. Care should be taken, er, when adapting the Service Management Model customize it to the point that service management ologies in the consumer market are no longer able port your requirements. er important concept within the Service as Availability and Capacity Management do not fit squarely into a process profile, but are critical elements of service management that function across the lifecycle and must be managed in a formal way. 10.1 MODEL ELEMENT TYPES The ITIL Service Management Model is comprised of two element types: Service Lifecycle governance elements and Service Lifecycle operational elements (Figure 10.1). Figure 10.1 Service Management Model element types egy trat Ser S vice vice Ser t l a n tinu eme Con prov ycle s Im ifec ment L ele vice Ser ance n ver Go ign Des e ion vic nsit Ser a r T n atio vice per Ser O vice Ser le s cyc t Life emen e l c i e v Ser tional era Op 28/8/07 14:01 Page 150 The ITIL Service Management Model 10.2 Service Lifecycle governance and operational elements Service Lifecycle Governance Processes ntinual Service Improvement Processes Service Strategy Processes Service Lifecycle Operational Processes Service Design Processes Service Transition Processes Service Operation Processes Demand Management Strategy Generation Service Portfolio Management IT Financial Management Service Catalogue Management Service Measurement Service Level Management Capacity Management Availability Management Service Continuity Management Information Security Management Supplier Management Transition Planning and Support Service Reporting Change Management Service Asset and Configuration Management Release and Deployment Management Service Validation and Testing Evaluation Knowledge Management Event Management Service Improvement ges of the lifecycle. They reside predominantly in e Strategy and Continual Service Improvement. ecycle structure of ITIL leverages process and activity nts throughout various stages of the lifecycle and 10.2 illustrates the reach of each of the governance perational elements across the lifecycle. ustrations that follow are an excerpt of the full ITIL ated Service Management Model which is available ITIL Live™ web portal (www.itil-live-portal.com). cular scenario has been chosen to illustrate the flow tegration of the Service Management Model and Incident Management Request Fulfilment Problem Management Access Management Operation Management Provider. In this scenario the Service Provider could be Type I, II or III (refer to section 4.3 for a description of Service Provider types). Not all of the Service Management Model elements are shown in their entirety in this scenario, but can be referenced from the web portal in their entire depth and application. The use of this scenario is intended to help you gain an understanding of the basic practice and process elements used across the ITIL Service Lifecycle. The specific sub-process activities and work instructions are not shown here, but again, can be obtained from the 28/8/07 14:01 Page 151 The ITIL Service Management Model | BASIC ELEMENTS ervice Provider, the interactions you will have in the pment and delivery of services to the business will d on the type of Service Provider you are. I 10.3 Typical Type I Service Provider interactions ementor Customer Service Provider Substitutor Supplier c Value Network ussed in earlier sections of this publication, a Type I e Provider (Figure 10.3) is most often the point of or the business customer and all IT service needs anaged by the Service Provider using a value rk of partnerships. 151 28/8/07 14:01 Page 152 The ITIL Service Management Model II 10.4 Type II Service Provider interactions mplementor Business Services Business Services Business Customers Business Services Business Unit A Company Business Services Business Unit B IT Services Supplier Services Business Unit C IT Services Shared Service Provider (Type II) Business Services IT Services Supplier Services Substitutor Supplier Services Supplier Service Provider Type II Value Network II Service Provider (Figure 10.4) will often be part of ed Service Management Model and will provide s to a number of business customers and manage eractions with the business customers and an al value network. III Service Provider (Figure 10.5) is most often an zation external to the business and interacts with ue network on behalf of the business customer. Regardless of the Service Provider type, each will require the use of a range of Service Management Model process and practice elements to manage services effectively and measure the value provided to the business customer. Figure 10.6 outlines the main process elements across the Service Lifecycle model. They are depicted with a logical flow pattern; however, they are not always executed in a linear fashion and so this should be taken into account. 28/8/07 14:01 Page 153 The ITIL Service Management Model | 153 III 10.5 Type III Service Provider interactions Business Services Business Customers Business Services Business Services Complementor Supplier Services External Service Provider (Type III) Supplier Services Substitutor Company Supplier Services Supplier Service Provider Type III Value Network f the start and termination nodes depicts an input ggers the process or an output that triggers another s. example, Figure 10.6 illustrates that the trigger for rvice Strategy processes is a desired business y. The termination of the Service Strategy processes chartering of a service and the supply of a Service Package, which then triggers the Service Design ses, and so on. each process element, a number of main practice nts accompany each process and are carried out the lifecycle. Figure 10.7 illustrates these. Each of the elements shown is comprised of a variety of activities. These are not described here in detail but provided to illustrate the main practice activities an organization would expect to execute during the Service Lifecycle. Details about each of these can be found in the ITIL Service Management core lifecycle publications and on the ITIL Live™ web portal (www.itil-live-portal.com). 28/8/07 14:01 Page 154 The ITIL Service Management Model 10.6 Basic Service Management Model process elements ITIL Service Lifecycle – Main Process Elements Service Strategy Service Design Service Transition Service Operation Continual Service Improvement Business Strategy Service Level Package Service Design Package Early Life Support Service Reporting Strategy Generation Service Catalogue Management Transition Planning & Support Event Management Service Measurement Financial Management Capacity Management Change Management Request Fulfilment Service Analysis Demand Management Availability Management Service Asset & Configuration Management Incident Management Service Reporting Service Portfolio Management Service Level Management Validation & Testing Management Problem Management Service Improvement Information Security Management Release & Deployment Management Technology Management Feedback throughout the lifecycle Supplier Management Evaluation Management Access Management IT Service Continuity Management Service Knowledge Management Operations Management Service Design Package Service Released Service Performance Reporting Charter Service 28/8/07 14:01 Page 155 The ITIL Service Management Model | 155 10.7 ITIL Service Lifecycle main practice elements Service Lifecycle – Main Practice Elements Required business outcome identified Define the market Define service structures Develop Cost Model Develop the Service Portfolio Develop Strategic Assets Charter Service Service Level Package Design technology architecture Design management systems & tools Design measurement systems, methods & metrics Design Processes Design Solutions Create Service Design Package Service Design Package Develop Transition & Support Plan Coordinate Organization and Service Change Plan, Build, Test and Validate Service Release Conduct Service Testing and Pilots Transfer, Deploy or Retire Service Provide Early Life Support Deployed Service Monitor & Control Services Manage Customer requests and communication Manage Events, Incidents problems Generate metrics on Service performance Participate in strategy, design and transition Provide Service Performance Reports Service Reports Analyze and trends service reports Provide multiview assessments & performance results Conduct Service performance baselines Define service benchmarks Liaise with Strategy, Design, Operation & Transition Create Service Improvement Programme CREATING A SERVICE xt series of workflow diagrams will take you h the practices, processes and activities of creating ce. As in the earlier diagrams, these are only ed at the top level of workflow, but they will e a solid understanding of the elements required. STRATEGY GENERATION a business identifies a needed outcome, Service gy must define a number of supporting elements to publication). This is achieved through a strategic assessment, establishing objectives and a resulting service strategy. In our chosen scenario – creating a service – not all of these must be executed each and every time. Assuming we have a Service Portfolio in place, the creation of a service must be subject to an evaluation of the existing services and provider capabilities to determine the best course of action. Figure 10.9 illustrates the breadth of a Service Portfolio and the elements that need to be assessed to decide on the course of action. 28/8/07 14:01 Page 156 The ITIL Service Management Model 10.8 Forming and formulating a Service Strategy Measurement and evaluation Strategic assessment Strategy generation, evaluation and selection Determine perspective Analyse external factors Vision Form a position Policies Establish objectives Craft a plan Plans Analyse internal factors Adopt patterns of action Service Strategy Continual Service Improvement Service Portfolio Service Design requirements Service Transition requirements Service Operation requirements Actions Measurement and evaluation 28/8/07 14:01 Page 157 The ITIL Service Management Model | 10.9 The Service Portfolio Service Portfolio Service Catalogue Service Pipeline Continual Service Improvement Third-party catalogue Market spaces Service design Service concepts Service transition Service operation Retired services Customers Resources engaged Return on assets earned from Service operation Common pool of resources Area of circle is proportional to resources currently engaged in the lifecycle phase (Service Portfolio and Financial Management) Resources released 157 28/8/07 14:01 Page 158 The ITIL Service Management Model DECIDING THE COURSE OF ACTION TO CREATE A NEW SERVICE 1 Stage 1 – Service Strategy elements re 10.10, Service Strategy evaluates the Service io to determine if existing capabilities are in place ate the service and deliver the desired business mes. Note that other parts of the ITIL Service le are involved during the assessment. For example e Design will evaluate the existing Service Catalogue ermine if live services can be tagged to deliver the ed business outcomes. Service Transition becomes ed when the new service is designed either from g capabilities in the Service Portfolio or Catalogue, ed to them, and moves to the transition stage of rvice Lifecycle. If during this assessment the business decides that the options available cannot be committed to at the time, Continual Service Improvement will review this periodically to determine if a future time is appropriate to charter and create the service or if there are external catalysts that might make it feasible to proceed at a particular point in time as part of a service improvement programme. 10.5.2 Stage 2 – Design the solution In this stage, all parts of the Service Lifecycle are involved (Figure 10.11). Each provides input as part of the requirements-gathering stage to ensure that a full servicefocused view is understood and leveraged when designing the service. Examples of the benefits in involving all parts of the Service Provider network are: 10.10 Stage 1 – Service Strategy elements ce Strategy – Define Market Yes Identify business outcome Match outcome to services in Service Portfolio pipeline A good match? A good match? Charter Service New service Justified? Yes Tag service with outcome Negotiate Service Level Agreement Customer will commit? Yes No No Match outcome to services in Service Catalogue Yes Tag service portfolio with service concept outcome Add to Contract Portfolio Design Service Solution Prepare for Transition No 28/8/07 14:01 Page 159 The ITIL Service Management Model | 159 10.11 Stage 2 – Design service solution ce Design – Design Service Solution Service Level Package No Requirements signed off? Yes Buy Buy Conduct Stakeholder Interviews Complete Requirements template Obtain signoff Finalize requirements catalogue Build or buy? Issue RFI or RFT Create Service Design Package Build Provide input to requirements Evaluate and procure service Build Service Design Package Provide input to requirements Provide input to requirements lity to re-use existing technology and resources in operation and support of the new services derstanding the impact across the Service Provider work of introducing a new service uring that the new Service Design is consistent with capabilities planned and future investment strategy the organization. portant to note that the Service Design stage of the e will also consider design activities that ensure bility, Capacity, Security, Service Continuity etc. This e during the solution design as part of the five A full description of these elements and the guidance on executing them can be found in the Service Design core publication. 10.5.3 Stage 3 – Transition the service For a service being built, once the Service Design Package (SDP) has been created during the Service Design stage, the service can be planned, built, tested and deployed. During the Service Transition stage the elements executed draw from key Service Transition processes:  Transition Planning and Support 28/8/07 14:01 Page 160 The ITIL Service Management Model 10.12 Stage 3 – Transition the service ce Transition – Transition Service Revise Service Design Package Create Service Design Package No Service Design Package Review & Acceptance of inputs Design Service Acceptance Criteria Conduct Service Acceptance test Create service release test criteria & plan Acceptable? No Service release package test Yes Raise RFC & record configuration baselines Assess, evaluate & authorize change Coordinate Change implementation Build and Test the solution Conduct service pilot Passed tests? Deploy Service Yes Early life support ocess workflows for these can be found both in the e Transition core publication and the ITIL Live web (www.itil-live-portal.com). 10.14 shows an example of the Change ement process as it would be executed in this o. It would be included as part of the elements in Figure 10.13, which are an extract from the ion the service’ workflow in Figure 10.12. Now that the scenario has reached the stage of going into live operation, there are many interactions and information flows that are being passed through the various stages of the ITIL Service Lifecycle. Figure 10.15 depicts some of those interactions from a view during the transition stage of the lifecycle. Note the assortment of data and information passing between stages by this point in the creation of the service. 28/8/07 14:01 Page 161 The ITIL Service Management Model | 10.13 Change Management elements e RFC & ecord guration selines Assess, evaluate & authorize change Coordinate Change implementation 10.14 Normal Change Management process Create RFC Change proposal (optional) Record the RFC Initiator requested Review RFC ready for evaluation Assess and evaluate change ready for decision Authorize Change proposal Work orders Authorize Change Change Authority authorized Plan updates Change Management scheduled Coordinate change implementation* Change Management implemented Work orders Update change and configuration information in CMS Change Management 161 28/8/07 14:01 Page 162 The ITIL Service Management Model 10.15 Information flows at the Service Transition stage mer Service Notification Service Design Package ice Design rocesses e Provider Transition Plan Transition Planning and Support Strategy Data Service Transition Reports Service Release Package Release and Deployment Management Activities within Transition Phase Service Release Package Service Change Request Transition Improvement Plan Service Test Report Service Validation and Testing Service Strategy Activities within Transition Phase Change Management Activities within Transition Phase Service Lifecycle Governance Processes Change Request Change Evaluation Evaluation Activities within Transition Phase Service Operation Processes Updated Service Asset Data Release Data Service Asset and Configuration Management Activities within Transition Phase Release Data Release Data Design Data Information Meta-data Knowledge Management Activities within Transition Phase Service Design Activities within Transition Phase 4 Stage 4 – Operate the service scenario we have now deployed the new service ave accepted it into live operation. But the work Operation Data Service Operation Activities within Transition Phase predicted results and meeting the business outcomes we started with. Beyond early life support, the service becomes ‘business as 28/8/07 14:01 Page 163 The ITIL Service Management Model | 163 10.16 Stage 4 – Operate the service ce Operation – Operate Service Change Management Early Life Support of live service Monitor & Control service Event Management Incident Management Problem Management Access Management IT Operations & Administration Business Interface to Service Management Customer Self Service Service Desk Request Fulfilment orkflow in Figure 10.16 depicts the high-level es within Service Operation. The details of each s element and activity can be found in the Service ion core publication and the ITIL Live™ web portal itil-live-portal.com). early life support Service Transition and Service ion work together. As is often the case, a number of with a new service may be uncovered. Depending Operational Change Management Proactive Problem Analysis Corrective Action & Service Improvement provided with feedback on the performance of the new service, any issues that are revealed, how the business customer is adapting to use of the new service, etc. It is at this stage that the measurement systems and metrics created at the design stage begin to be generated and accumulated for service reporting. It is also at this stage that the quality and value of the new service are realized since the business is now fully engaged in its use. 28/8/07 14:01 Page 164 The ITIL Service Management Model 10.17 The Event Management process Event Event Notification Generated Event Detected Event Filtered Informational Significance? Exception Warning Event Correlation Trigger Event Logged Auto Response Alert Incident Incident/ Problem/ Change? Change Problem Human Intervention Incident Management Review Actions No Effective? Yes Close Event Problem Management Change Management 28/8/07 14:01 Page 165 The ITIL Service Management Model | 10.18 The Incident Management process flow From Event Mgmt From Web Interface User Phone Call Email Technical Staff Incident Identification Incident Logging Incident Categorization Service Request? Yes To Request Fulfilment No Incident Prioritization Major Incident Procedure Yes Major Incident? No Initial Diagnosis Yes Management Escalation Yes Hierarchic Escalation Needed? No Functional Escalation Needed? No Investigation & Diagnosis Resolution and Recovery Yes Functional Escalation 2/3 Level 165 28/8/07 14:01 Page 166 The ITIL Service Management Model w service is now in full operation and much more ation is being exchanged within the ITIL Service le. An example of this is provided in Figure 10.19. Whatever the reason behind the need for change, the Continual Service Improvement stage offers the means to cast an eye over the performance, utility and warrant of the new service on an ongoing basis. 5 Stage 5 – Continual Service Improvement Figure 10.20 illustrates some of the main elements and processes involved in service improvement. new designed service will undergo improvements me. There are many reasons for this. Business mes change as business needs evolve. New ologies become available that are sought after to ve services. Competitive forces demand rapid e capability for both business outcomes and Service ers. The Continual Service Improvement core publication documents the full process elements. With a new service, the activities revolve around ensuring that business value and expected outcomes are being achieved, and identifying where there are opportunities to improve further. Continual Service Improvement feeds back to every stage in the Service Lifecycle. 10.19 Information flow in the Service Operation stage mer IT Services Demand Service Transition Processes e Provider Request Fulfilment Incident Management Incidents Charge Request Incidents Charge Request Access Request Service Release Package Problem Management Activities within Operation Phase Incidents Access Management Event Management Service Transition Activities within Operation Phase Service Operation Improvement Plan Charge Request Events Operation Data IT Services Service Reports Service Lifecycle Governance Processes Operation Management Activities within Operational Phase Supplier Services Demand Operation Data Service Design Operation Data Service Strategy Activities within Service Reports Service Operation Reports 28/8/07 14:01 Page 167 The ITIL Service Management Model | 167 10.20 Stage 5 – Continual Service Improvement nual Service Improvement – Review Service Performance Feedback on improvement opportunities Feedback on improvement opportunities Feedback on improvement opportunities Feedback on improvement opportunities Service Reports Analyze and trends service reports Provide multiview assessments & performance results Conduct Service performance baselines 10.21 shows the information flow within the s elements of Continual Service Improvement. five stages form part of a larger, integrated Service ement Model and show how they would be applied creation of a new service. Organizations should of the broader picture of the ebb, flow and tions within the Service Lifecycle. 10.22 shows the high-level integrated flow en lifecycle stages. hink of the main elements involved in the creation Define service benchmarks Liaise with Strategy, Design, Operation & Transition Create Service Improvement Programme Readers are encouraged to learn more about the integrated ITIL Service Management Model by exploring the core ITIL Service Management publications and visiting the ITIL Live™ web portal (www.itil-live-portal.com). 28/8/07 14:01 Page 168 The ITIL Service Management Model 10.21 Information flow within Continual Service Improvement Service Strategy Processes Service Improvement Plan IT Strategy Service Management Service Analysis Service Improvement Supplier Service Improvement Plan Service Improvement Plans Service Provider Service Reports Internal Service Reports Service Reporting Supplier Service Reports Supplier Service Lifecycle Operational Processes 28/8/07 14:01 Page 169 The ITIL Service Management Model | 10.22 Integrated lifecycle elements flow Opportunities & Constraints Cost Models Return on Investment Return on Value IT Financial Management Service Strategy Define the Market Strategy Demand Management Generation Supplier Management Service Design Package Negotiate and Agree Service Level Management Requirements Reliabilty Balanced Design Measurement Systems Capacity Availability Quality Assurance Conformance Service Acceptance Validation & Testing Planning & Support Service Develop Offerings Portfolio Management Service Catalogue Management Design Solution Architecture Compliance Security Continuity Utility and Warranty Change Management Request Fulfilment Service Asset & Configuration Management Resolve & Restore Incident Management Knowledge Release & Deployment Management Verify Monitor & Action Service Design Decision Capability Evaluation Service Transition Optimize Risk Service Level Package Early Life Support Event Management Service Performance Reports Stability Optimization Monitor Control Loops Performance Problem Operational Change Baseline & Metrics Data Analysis 7 Step Improvement Quality for Cost Feedback Technology Access Corrective Action Service Operation 169