®

ITIL 2011
Foundation course
Syed Afzal
Introduction
Name

Role and Responsibility

Your Objectives

Expectations from Trainer and Training

Approach
Pre Reading

Power-point presentation
- Discussion on ITIL

Discussions
- Interactions
- Brainstorming

Recap on ITIL

Certification
Agenda
Day -1 Day -2

• Introduction to SM Lifecycle • Service Operations

- Overview of ITIL - Overview on Operations
- Basic concepts - Processes
- Service Management - Functions
- Service
- Processes
- functions
- ITIL Service Lifecycle

• Service Strategy • Continual service Improvements

- Overview on Strategy - Overview on CSI
- Processes - Process

• Service Design • Recap on ITIL concepts

- Overview on Design - Recap and Post reading
- Processes - Mock Exam

• Service Transition • Certification

- Overview on Transition
- Processes
Overview on ITIL
• ITIL – Information Technology Infrastructure Library
- Is a collection of books which contain recommendations &
suggestions to improve provision of IT Services

History:
• ITIL Version 1 was Originally developed in 1980’s by UK treasury department
- Consists of 40 Books ( from 1980’s to 1996’s)
- Limited to UK Government
• ITIL Version 2 was introduced globally.
- Consists of 9 Books (from 1990’s to 2007)
- Consists of 10 Processes and 1 Function
• ITIL Version 3 or Lifecycle approach
- Consists of 5 Books (From 2007 to 2011)
- Consists of 26 Processes and 4 functions
• ITIL Version 3 -2011 was introduced with updates and minor inputs from globe

• Currently acceptable, proven and applicable to all the IT Services

• Focuses on Roles and responsibilities, Processes, Outcomes rather than

organization
• The names ITIL and IT Infrastructure Library are registered trademarks of the
United Kingdom's Office of Government Commerce (OGC) – now part of the
Cabinet Office. Following this move, the ownership is now listed as being with
HM Government rather than OGC.
Concepts
CCTA : The Central Computer and Telecommunications Agency (CCTA)
was a UK government agency providing computer and telecoms support
to Government departments.

OGC – Office of Government of Commerce – UK treasury department

ITSMF – Information technology Service Management Forum

- The driver behind all things ITIL taken over from OGC
- Global

Standard based on ITIL

- ISO 20000 -2011 = Specification
- ISO 20000 -2011 = Code of Practice

ISO standards are derived from ITIL

Since July 2013, ITIL has been owned by AXELOS Ltd, a joint venture
between Her Majesty (HM) Cabinet Office and Capita Plc. Axelos
licenses organizations to use the ITIL intellectual property, accredits
licensed Examination Institutes, and manages updates to the framework
Benefits of ITIL
• Alignment with Business needs

• Negotiated achievable service level

• Predictable, consistent processes

• Efficiency in service delivery

• Measurable, improvable services and processes

• A common language

• Framework(non prescriptive) not a Standard

• Proven Practices for over 33 years

• Competitive

• Vendor neutral
Basic Concepts – Sources of Best Practice
Qualification schema – Credit scheme
Format for ITIL Masters

Examination format for Intermediate

5
and MALC
- One and half hour or 90 minutes
- 8 Questions
- Gradient style, Multiple choice and
close book
- Scenario Based
- Pass score 28 out of 40(70%)Pass

Examination format for Foundations

- One hour or 60 minutes
- 40 Questions
- Multiple choice and close book
- Pass score 26 out of 40(65%)Pass
Basic Concepts
ITIL Core Publications consists of Five Books and Complimentary Guidance

Based on OGS's Official Accreditor - The APM Group Limited 2008

Balancing between Strategic Dynamics
Focus on the future Focus on the Present

Improvements in Improvements in
Operational Effectiveness Functionality

Immediate Value capture Value capture during

and Launch ongoing operations
Four Focus areas of Service Management

People

Processes
Products

Partners

4 P’s of Strategy

Perspective

Plans Patterns

Position
Relationship between Governance and ITSM

Corporate Governance
Ensures the provision strategy and business
Establishes IT policy, Standards and Principles,
plans. Establishes the Corporate policies and
Assures alignment of IT strategy to corporate
enables strategic direction, objectives, critical
business strategy
success factors and key result areas.

IT Governance
Establishes, enables and executes the IT
Corporate Compliance strategy. Establishes Operations to assure
high-quality, compliant IT service
provisioning. Ensures effective key result
Assures adherence to Legal, Industrial and regulatory Areas.
requirements.

IT Compliance IT Service Management

Assures the design and
operability of IT
policies , processes
and key controls

1
3
Vision to Measurement

Vision

Mission

Goals

Objectives

CSF

CSF – Critical Success factors

KPI
KPI – Key Performance Indicators

Metrics

Measurements
Qualitative KPI Quantitative KPI

CSF: Improving IT service quality
CSF: Reducing IT costs

KPI: 10% increase in customer
KPI: 10% reduction in the costs of handling
satisfaction rating for handling printer incidents.
incidents over the next six months.
Metrics required:

Metrics required Original cost of handling printer incidents
Original customer satisfaction Final cost of handling printer incidents
score for handling incidents Cost of the improvement effort
Ending customer satisfaction
Measurements:
score for handling incidents. Time spent on the incident by first-level

Measurements operative and their average salary
Incident-handling survey score Time spent on the incident by second-
Number of survey scores level operative and their average salary
Time spent on problem management
activities by second-level operative and
their average salary
Time spent on the training first-level
operative on the workaround
Cost of a service call to third-party vendor
Time and material from third-party vendor
Business Case
 A decision support and planning tool that projects the likely
consequences of a business action
 Justification for a significant item of expenditure.
 Includes Information about costs, benefits, options, issues, risks and
possible problems
Uses qualitative and quantitative terms
A. Introduction Presents the business objectives addressed by the service.

B. Methods and Defines the boundaries of the business case, such as time period,
assumptions and which organizational context is being used to define costs and
benefits.

C. Business impacts The financial and non-financial results anticipated for the service or
service management initiative. Please bear in mind that many non-
financial results can also be expressed in financial terms. For
example, an increase in staff morale can result in lower staff
turnover, and therefore less expenditure on hiring and training.

D. Risks and The probability that alternative results will emerge.

contingencies

E. Recommendations Specific actions recommended.

Basic Concepts
Service

A service is a means of delivering value to customers by facilitating

outcomes customers want to achieve without the ownership of specific
costs and risks.

Service Management

A set of specialized organizational capabilities for providing value to

customers in the form of services.

An IT service is made up of a combination of

• Information technology Capabilities Resources

• People
• Processes Management Financial Capital
Organization Infrastructure
Process Applications
Knowledge Information
People People
 Basic Concepts – Process and Function
Process – A set of activities designed to accomplish a specific objective. A process takes defined
inputs and turns them into defined outputs. A process may include roles, responsibilities, tools and
management controls required to deliver the outputs

Process Characteristics:
• It is measurable

• It delivers specific result

• Primary result are delivered to customers or stakeholders

• It responds to specific events (triggers)

Function – Function is a team or group of people and the tools or other resources they
use to carry out one or more processes or activities.

Function Characteristics:
• Self contained Units, structuring of organization, Provide Stability to organization.

• Functions usually carryout a specialized task.

• Different functions coordinate within themselves via processes.

Need processes for effective cross functional co-ordination.

• Own Body of Knowledge.

Basic Concepts - Roles
Service Owner (vs. Service Manager):
Role which is accountable for the delivery of a specific IT Service.
Activities
Initiation & Transition, Ongoing Maintenance & Support
Monitoring & Reporting, Identifying improvement areas in Service
Accountable for Service, Primary customer contact for the service

Process Owner:
The person who is held accountable for ensuring that a
process is fit for purpose. The Process Owner’s responsibilities include
sponsorship, design and continual improvement of the process and its
metrics

Process Manager:
A role Accountable for the operational management of a process. The
process manager’s responsibilities include planning and coordination of
all activities required to carry out, monitoring and report on the process.

Process Practitioner:
A process Practitioner is responsible for Carrying out one or more
process activities.
Basic Concepts – Assets
Management

Capabilities
Create Value
Organization

Processes

Demand Knowledge

Service Consumes
Supply People

Resources
Information

Applications

Create Value
Infrastructure

Financial Capital
Basic Concepts – Utility and Warranty
Utility –Functionality offered by a Product or Service to meet a particular need. Utility is often
summarized as "what it does".
Fit for purpose

Warranty –A promise or guarantee that a product or Service will meet its agreed Requirements.
The requirements could be availability, capacity, continuity and security.
Fit for use

Performance Supported ?
Fit for Purpose ?

Constraints removed ?

Utility
Value

Available enough ?

Capacity enough ?

Continuous enough ? Fit for Use ?

Secure Enough ?

Warranty
Basic Concepts - Risk
Risk is defined as uncertainty of outcome, whether positive opportunity
or negative threat.
Basic Concepts - RACI
A set of authorities, responsibilities & activities assigned to individual or
personnel. It is used to Define Roles and Responsibilities for an activity/Task
RACI is an acronym for the four main roles of:
Responsible – the person or people responsible for getting the job done
Accountable – only one person can be accountable for each task
Consulted – the people who are consulted and whose opinions are sought
Informed – the people who are kept up-to-date on progress.

Rules:
1) One single Accountable Role for the activity
2) One Accountable and Responsible role for the activity
Activities Service Process Security IT Chief Process
owner Owner Manager Head Architect Manager
Create a framework for defining IT services C C C A/R C I

Build an IT service catalogue C A/R I C I I

Define SLA for critical IT services A R C R C I

Monitor and report SL performance I A/R I I I R

Review SLAs, OLAs and UCs A R C R I R

Review and Update IT service catalogue C A/R I C I C

Create service improvement Plan I A/R I C C R

Basic Concepts
Good communication is important across all phases of the service lifecycle but
particularly so in Service Operation.

Good communication is needed between all IT Service Management staff and

with users/ customers / partners..

Issues can often be mitigated or avoided through good communication .

All communication should have:

• Intended purpose and/ or resultant action

• Clear audience, who should be involved in deciding the need/format

Examples of Communications in Service Operations

• Routine operational communication

• Communication between shifts
• Performance reporting
• Communication related to emergencies
• Training on new or customized processes and service designs
Basic Concepts
Output: The Result of the activity performed by Humans or Machines.

Outcome: Result of carrying an activity by following a process or delivering an

IT service
• The result refers to intended and actual
• An outcome-based definition of service moves IT organizations beyond
business–IT alignment towards business–IT integration
• Customers seek outcomes but do not wish to have accountability or
ownership of all the associated costs and risks

Models: An model is predefined steps to handle a particular Request.

The model should include:

• The steps that should be taken to handle the incident

• The order in which these steps should be taken in.
• Responsibilities; who should do what
Eg: Incident Model, Change Model, Problem Model, Request Model, etcN.
Technology and Architecture
Service Automation

Automation is considered to improve the utility and warranty of services

Advantages of Service Automation are
The capacity of automated resources can be more easily adjusted
Automated resources can handle capacity with fewer restrictions
Automated systems present a good basis for measuring and improving
service processes
Many optimization problems such as scheduling, routing and allocation of
resources require computing power that is beyond the capacity of human
agents.
Automation is a means for capturing the knowledge required for a service
process

Benefits:

• Design and modeling

• Service catalogue
• Pattern recognition and analysis
• Classification, prioritization and routing
• Detection and monitoring
• Optimization
 ITIL V3 – 2011 (26 Process and 4 Functions)
1.SERVICE STRATEGY
Strategy Generation
Demand Management 2.SERVICE DESIGN
Service Portfolio Management Design Planning and Support
Business Relationship Management Service Catalogue Management
Financial Management Service Level Management
Availability Management
Capacity Management
Supplier Management
5.CONTINUAL SERVICE Information Security Management
IMPROVEMENT Service Lifecycle Service Continuity Management
7 Step Improvement Process Approach

4.SERVICE OPERATION
3.SERVICE TRANSITION
Service Desk (FUNCTION)
Transition Planning and Support
Incident Management
Service Asset &Configuration Management
Event Management
Change Management
Request Fulfillment
Release & Deployment Management
Access Management
Service Validation and Testing
Problem Management
Performance and Evaluation
Technical Management (FUNCTION)
Knowledge Management
IT Operations Management (FUNCTION)
Application Management (FUNCTION)
Service
Strategy
Service Strategy - Business Value
• To link activities performed by the service provider to outcomes

• To have a clear understanding of what types and levels of service will make
its customers successful

• To respond quickly and effectively to changes in the business environment.

• To achieve positive return on its investment in services.

• To Facilitate functional and transparent communication between the

customer and the service provider.

• To organize itself so that it can provide services in an efficient and effective

manner
Service Strategy - Purpose, Objectives and Scope
Purpose:

To define the perspective, position, plans and patterns that a service

provider needs to be able to execute to meet an organization’s business
Outcomes

Objectives:
• An understanding of what strategy is
• A clear identification of the definition of services and the customers
• The ability to define how value is created and delivered
• A means to identify opportunities
• A clear service provision model
• The means to understand the organizational capability
• Documentation and coordination of how service assets
• Processes that define the strategy of the organization

Scope:

• Defining a strategy whereby a service provider will deliver services to meet a

customer’s business outcomes
• Defining a strategy for how to manage those services
Service Strategy - Processes

1. Strategy Generation/Management

2. Financial Management

3. Service Portfolio Management

4. Business Relationship Management

5. Demand Management
SS – Strategy Management
One Liner:

Strategic Activities include Objective setting and long term

Planning to achieve the overall Vision.

Objectives:

• Identify what services to offer

• Who the services should be offered to
• Create value for customers
• Differentiate yourself
• Position your self in the market.
• Create service assets and service management capabilities
• Through proper financial management control value creation
• Allocation of resources across the portfolio of services
• Provide Quality services (define service quality and different paths for
improving it)
 SS – Strategy Management
Activities:

• Identify market & define your target area

• Decide what services you want to offer & who can be the potential
customers

• Develop your service offerings

• Build on/improve your services

• Develop strategic assets

• Develop new services

• Prepare for Execution

Types of Service Providers:

Type I Type II Type III

Internal Service Provider Shared Service Provider External Service Provider
An internal service provider that is An internal service provider that provides Service provider that provides
embedded within a business unit e.g. shared IT service to more than one business IT services to external
one IT organization within each of the unit e.g. one IT organization to service all customers i.e. outsourcing
business units. The key factor is that businesses in an umbrella organization. IT
the IT Services provide a source of Services typically don’t provide a source of
competitive advantage in the Market competitive advantage, but instead support
space the business exists in. effective and efficient business processes.
SS – Strategy Management
Delivery Models:

Delivery model is a graphical representation of components that help

organizations deliver services to customers

• Insourcing: Using internal providers only

• Outsourcing: Using external vendors

• Cosourcing: Combination of insourcing & outsourcing

• Partnership or Multisourcing: A formal agreement between 2 or more

organization to work together. AND/OR using 2 or more vendors to
work together & usually interdependent on each other’s work

• BPO: Appointing external vendors to manage Business Function

• ASP: Application Service Provider to provide shared services (e.g.

networks)

• KPO: Appointing external vendors to manage domain based

processes/expertise
SS – Financial Management
One Liner:

To secure the appropriate level of funding to design, develop

and deliver services that meet the strategy of the organization

Objectives:

• To ensure that the service provider has the right mix of services to balance
the investment in IT with the ability to meet business outcomes

• Evaluating the financial impact of new or changed strategies

• Securing funding to manage the provision of services.

• Managing and reporting expenditure on service provision

• Executing the financial policies and practices

• Accounting for money spent on the creation, delivery and support

• Forecasting the financial requirements for the organization

SS - Financial Management: Activities
Activities
Predicting the expected future requirements for
Budgeting/Service
Investment analysis funds to deliver the agreed upon services and
monitoring adherence to the defined budgets.

Accounting Enables the IT organization to account fully for the

way its money is spent.

Chargeback/ Charging customers for their use of IT Services.

Service Fixed Price, Cost Plus Fixed Fee, Cost Plus % of Costs,
Valuation Notional Charging, Time & Material, Cost Plus Incentives

Working with the process of Demand Management

Demand to anticipate usage of services by the business and
Modeling the associated financial implications of future
service demand.
SS - Financial Management
COST UNITS , COST ELEMENTS , COST TYPES & COST CLASSIFICATION

Cost Unit:
The lowest level of category to which Costs are assigned, Cost Units are
usually things that can be easily counted (e.g. staff numbers, software
licenses) or things easily measured (e.g. CPU usage, Electricity
consumed). Cost Units are included within Cost Elements.
Cost element:
The middle level of category to which Costs are assigned in Budgeting and
Accounting. The highest level category is Cost Type. For example a Cost
Type of “people” could have cost elements of payroll, staff benefits,
expenses, training, overtime etc. Cost Elements can be further broken
down to give Cost Units. For example the Cost Element “expenses” could
include Cost Units of Hotels, Transport, Meals etc.
Cost Type:
The highest level of category to which Costs are assigned in Budgeting
and Accounting. For example hardware, software, people,
accommodation, external and Transfer.
Cost classification -
• Direct & Indirect
• Fixed & Variable
• Capital & Operational
SS - Financial Management
Cost Classification
Classifications Explanations Examples of Cost Elements
direct costs A direct cost is a cost that is incurred for a new server to support the new service,
and can be traced in full to a product, additional support staff
service, cost center, or department.
indirect costs Indirect costs, also referred to as a prorated software license fee shared by
overheads, are shared costs incurred by a many different users
number of customers. Indirect costs are
divided in an equitable manner; for
example, either by usage or by the
number of users.
fixed costs Fixed costs are costs that do not vary a long-term maintenance contract, office
even when resource usage varies. and building leases
variable costs Variable costs are those costs that vary contractor hours, utility expenses, file
with some factor, such as usage or time. storage
operational costs Operational costs are those costs administration expenses, software license
resulting from the day-to-day running of fees, staff costs
the IT services department and relating to
repeating payments whose effects can be
measured within a short time frame.
capital costs Capital costs are physical assets that add hardware, software, equipment, buildings,
to the long-term net worth of an plants
organization. These costs increase the
value of the organization but the value
depreciates over time. Capital costs may
also be referred to as one-off costs.
SS – Service Portfolio Management
One Liner:

The Process Responsible for Managing the Portfolio of Services

Objectives:

• To ensure that the service provider has the right mix of services to balance
the investment in IT with the ability to meet business outcomes
• It tracks the investment in services throughout their lifecycle and works with
other service management processes to ensure that the appropriate returns
are being achieved
• It ensures that services are clearly defined and linked to the achievement of
business outcomes, thus ensuring that all design, transition and operation
activities are aligned to the value of the services
• Provide a process and mechanisms to enable an organization
• Maintain the definitive portfolio of services provided
• Provide a mechanism for the organization
• Control which services are offered, under what conditions and at
what level of investment
SS – Service Portfolio Management
The complete set of Services that are managed by a Service Provider. The
Service Portfolio is used to manage the entire Lifecycle of all Services, and
includes three Categories: Service Pipeline (proposed or in Development);
Service Catalogue (Live or available for Deployment); and Retired Services.
(refer next slide for diagram).

Service Portfolio Management enables:

Each Customer to understand
 What services are available
 What charges are associated with each service
 Why they should use these services
 Why they should take these services from that specific service provider

The Service Provider to understand:

 What strengths, weaknesses and gaps exist in their Service Portfolio
 What their investment priorities and risks are
 How their service assets (resources and capabilities) should be allocated to address these
priorities and risks.
 What is the REASON customer will buy these services?
 What is the REASON customer will buy these services from US?
 SWOT analysis for our Organization’s service capabilities
 What could be our pricing models
 How best to allocate resources & capabilities
Service Portfolio Structure
SS – Business Relationship Management
One Liner:

Single Point of Contact for the Customers

Objectives:
• To establish and maintain a business relationship between the service
provider and the customer

• To identify customer needs and ensure that the service provider is able to
meet these needs as business needs change over time and between
circumstances

• Ensure high levels of customer satisfaction

• Establish and articulate business requirements

• Work with customers

• Mediate in cases

• Establish formal complaints and escalation processes

SS – Business Relationship Management
Business relationship management Service level management

Purpose To establish and maintain a business To negotiate service level

relationship between the service provider agreements (warranty terms) with
and the customer based on customers and ensure that all
understanding the customer and their service management processes,
business needs. operational level agreements and
To identify customer needs (utility and underpinning contracts are
warranty) and ensure that the service appropriate for the agreed service
provider is able to meet these needs. level targets.

Focus Strategic and tactical – the focus is on Tactical and operational – the focus
the overall relationship between the is on reaching agreement on the
service provider and their customer, and level of service that will be delivered
which services the service provider will for new and existing services, and
deliver to meet customer needs. whether the service provider was
able to meet those agreements.

Primary Customer satisfaction, also an Achieving agreed levels of service

measure improvement in the customer’s intention (which leads to customer
to better use and pay for the service. satisfaction).
SS – Demand Management
One Liner:

Know your customer’s requirements

Objectives:

• To understand customer’s current requirements for services

• Trend of requirements over a period/business cycle

• Match the customer’s expectations with organization's capabilities of

providing services

• Ensure Warranty & Utility are in alignment with customer’s needs

SS – Demand Management
Activities:

• The primary objective of Demand Management is to assist the IT Service

Provider in understanding and influencing Customer demand for services
and the provision of Capacity to meet these demands.

• Identification and analysis of Patterns of Business Activity (PBA) and user

profiles (UP) that generate demand.

• Utilizing techniques to influence and manage demand in such a way that

excess capacity is reduced but the business and customer requirements
are still satisfied.

Key Concepts:

• Pattern of Business Activity (PBA), User profile

• Core service vs. Enabling Services vs. Enhancing Services

• Service Package (SP) vs. Service Level Package (SLP)

SS – Demand Management
Pattern of Business Activity:

• A Workload profile of one or more Business Activities. Patterns of Business

Activity are used to help the IT Service Provider understand and plan for
different levels of Business Activity.
• Represents change in pattern of customers demands as provided by the
customer
• Important to track as it helps the organization identify improvements in
existing services or identify future opportunities
• PBA will help us understand changing business needs

User Profile

• A pattern of User demand for IT Services. Each User Profile includes one or
more Patterns of Business Activity.
 Users means people or even processes/functions etc.
 Is usually associated with one or more PBA
SS – Demand Management
Core Service:

Core Service is an IT Service that delivers basic outcomes desired by one or

more Customers. They represent the value that the customer wants and for
which they are willing to pay.
 E.g. for a Bank, the core service would be providing financial capital to
small and medium enterprises.

Enhancing services or Supporting Services:

Enhancing Service ‘supports’ or enhances the core services or add on to core

Service.
 It’s like an added feature which may not be desired but important to
have
 E.g. Self help when users access the website, backups

Enabling Service:

A service that is needed in order to deliver a core service. Enabling services

may or may not be visible to the customer, but they are not offered to
customers in their own right
 E.g. Networks, Servers, Infrastructure
SS – Demand Management
Service Level Package:

SLP has a defined level of Utility & Warranty for a given SP. Each SLP is
designed to meet the needs of a particular Pattern of Business Activity.
 E.g. Providing 100 servers is a SP deal but some of them could be
under Gold SLP and some could be under Silver SLP.

Service Package:

A detailed description of an IT Service that is available to be delivered to

Customers. A Service Package includes a Service Level Package and one or
more Core Services and Supporting Services.

Core Services Package Supporting Services Package

(Basic outcomes desired by (Enables or Enhances the
the customer.) value proposition )

Service Level Packages

(Defines level of utility and warranty provided by Service Package)
Availability Levels Capacity Levels Security Levels
Continuity
Service Features
Service Support
Service
Design
Service Design - Business Value
• Reduce total cost of ownership (TCO)

• Improve quality of service

• Improve consistency of service

• Ease the implementation of new or changed services

• Improve service alignment

• Improve service performance

• Improve IT governance

• Improve effectiveness of service management and IT processes

• Improve information and decision-making

• Improve alignment with customer values and strategies

Service Design - Purpose, Objectives and Scope
Purpose:

To design IT services, together with the governing IT practices,

processes and policies, to realize the service provider’s strategy and to facilitate
the introduction of these services into supported environments ensuring quality
service delivery, customer satisfaction and cost-effective service provision.

Objectives:

• To design IT services so effectively that minimal improvement during their

lifecycle will be required
• Provides guidance for the design of appropriate and innovative IT services to
meet current and future agreed business requirements

• Describes the principles of service design and looks at identifying, defining

and aligning the IT solution with the business requirement

• It also introduces the concept of the service design package and looks at
selecting the appropriate service design model
Service Design - Scope
Scope:

• New or Changed Service Solutions Design

• Service Management systems and tools design

• Technology and Management architectures design

• Processes design

• Measurement systems design

Service Design - Processes
1. Design Planning and Support

2. Service Catalogue Management

3. Service Level Management

4. Supplier Management

5. Availability Management

6. Capacity Management

7. Information Security Management

8. IT Service Continuity Management

SD – Design Planning and Support
One Liner:

Identify, manage, adopt and implementing standardized and

comprehensive approaches for service design

Objectives:

• To ensure the goals and objectives of the service design stage are met by
providing and maintaining
• Single point of coordination
• Control for all activities
• Processes in Service Design
• Plan and coordinate the resources and capabilities
• Ensure that appropriate service designs and/or SDPs are produced
• Manage the quality criteria, requirements and handover points
• Improve the effectiveness and efficiency of service design activities
• Ensure that all parties adopt a common framework
• Monitor and improve the performance of the service design lifecycle stage
• Review Design and hand over SDP to Service transition.
SD – Service Catalogue Management
One Liner:

To provide and maintain a single source of consistent

information on all operational services and those being prepared to be
run operationally

Objectives:

• Manage the information contained within the service catalogue

• Ensure that the service catalogue is accurate

• Ensure that the service catalogue is made available to those approved to

access it

• Ensure that the service catalogue supports the evolving needs of all other
service management processes
SD – Service Catalogue Management
Key Concepts:

Business Service Catalog

Details of all the IT services delivered to the customer, together with

relationships to the business units and the business process that rely on the IT
services. This is the customer view of the Service Catalogue.

• Visible to customer (or even to common public)

Technical Service Catalog

Contains the details of all the IT services delivered to the customer, together
with relationships to the supporting services, shared services, components and
CIs necessary to support the provision of the service to the business.

• Usually Not visible to Customer

SD – Service Level Management
One Liner:

Negotiate & Agree Service Levels and Service Targets with

client

Objectives:

• Define, document, agree, monitor, measure, report and review the level of
IT services

• Provide and improve the relationship and communication with the business

• Ensure that specific and measurable targets are developed

• Monitor and improve customer satisfaction with the quality of service

• Ensure that IT and the customers have a clear and unambiguous

expectation of the level of service to be delivered

• Ensure that even when all agreed targets are met, the levels of service
delivered are subject to proactive, cost-effective continual improvement
SD – Service Level Management
Key Concepts:
Service Level
• Detailed recording of the Customer’s needs, forming the basis for design
requirements criteria for a new or modified service.
(SLR)
• A written statement of available IT services, default levels, options, prices
Service Catalog and identification of which business processes or customers use them.

Service Level • An Agreement between an IT Service Provider and a Customer. The SLA
describes the IT Service, documents Service Level targets, and specifies the
Agreement (SLA) responsibilities of the IT Service Provider and the Customer.

Operational Level • Internal agreement with another function of the same organization which
Agreement (OLA) supports the IT service provider in their delivery of services.

Underpinning • Contract with an external supplier that supports the IT organization in their
Contract (UPC) delivery of services.

• A Service Level Agreement Monitoring(SLAM) Chart is used to help

SLAM Chart monitor and report achievements against Service Level Targets.
58
SD – Service Level Management
Key Concepts

Service Level Management: Designing SLA Structures

Customer Based vs. Service Based SLA’s Multi Level SLA’s

Customer A Customer B Customer C Corporate

Service Based Corporate Level SLA

Customer Based Customer A Customer B

Service X Service Y Service Z

(Tea) (Coffee) (Juice) Customer Level SLA
Service X Service Y Service Z
(Tea) (Coffee) (Juice)

Service Level SLA

SD – Service Level Management
Key Concepts:

Elements of SLA

• Service Scope and description

• Service hours
• Measures of availability and reliability
• Support details – whom to contact, when and how
• Respond and fix times
• Deliverables and time scales
• Change approval and implementation
• Reference to IT Service Continuity Plan
• Signatories
• Responsibilities of both parties
• Review process
• Glossary of terms
SD – Supplier Management
One Liner:

Manage Supplier Relationship & Performance

Objectives:

• To manage suppliers and the services they supply, to provide seamless

quality of IT service to the business and ensure that value for money is
obtained.

• Ensure that underpinning contracts and agreements with suppliers are

aligned to business needs.

• Manage relationships with suppliers.

• Negotiate and agree contracts with suppliers.

• Manage supplier performance.

• Maintain a supplier policy and a supporting Supplier and Contract

Database (SCD).
SD – Supplier Management
Key Concepts:

Supplier Contracts Database

Supplier Supplier and

Strategy Contracts
& Policy Evaluation

Establish new
suppliers and
Supplier Contracts
&
Supplier categorization and Contract
Maintenance of the SCD
Database
(SCD)
Supplier & Contract
Management &
performance

Contract Renewal
And/or termination
SD – Availability Management
One Liner:

Ability of an IT service or other configuration item to perform

its agreed function when required. Availability is determined by
reliability, maintainability, serviceability, performance and security.

Objectives:

• To ensure that the level of availability delivered in all IT services meets the
agreed availability needs and/or service level targets in a cost-effective and
timely manner.
• Produce and maintain an appropriate and up-to-date availability plan
• Provide advice and guidance to all other areas of the business and IT
• Ensure that service availability achievements meet all their agreed targets
• Assist with the diagnosis and resolution of availability-related incidents
• Assess the impact of all changes on the availability plan
• Ensure that proactive measures to improve the availability
SD – Availability Management
Key Concepts:

AVAILABILITY: The ability of a service, component or configuration

item to perform it’s agreed & expected function when required
(AST-DT) X 100
Availability= --------------------------
AST
AST = Agreed Service Time
DT = Downtime

Reliability: A measure of how long a Configuration Item or IT Service

can perform its agreed Function without interruption. Usually measured as
MTBF or MTBSI. The term Reliability can also be used to state how likely it is
that a Process, Function etc. will deliver its required outputs.

Available time in hours

Reliability (MTBSI in hours) = -----------------------------------------------
Number of breaks

Available time in hours – Total downtime in hours

Reliability (MTBF in hours) = ----------------------------------------------------------------------------
Number of breaks
SD – Availability Management
Key Concepts:

Maintainability (or Recoverability):A measure of how quickly and

Effectively a Configuration Item or IT Service can be restored to normal working
after a Failure. Maintainability is often measured and reported as MTRS.

Maintainability is also used in the context of Software or IT Service

Development to mean ability to be Changed or Repaired easily

Total Downtime in hours

Maintainability (MTRS in hours) = -------------------------------------
Number of service breaks

Serviceability: The ability of a Third Party Supplier to meet the terms

of their Contract. This Contract will include agreed levels of Reliability,
Maintainability or Availability for a Configuration Item.
.
Availability Plan: A Plan to ensure that existing and future Availability
Requirements for IT Services can be provided Cost Effectively. This Plan is
made on a quarterly/Half yearly basis and agreed with customer.
All Availability related information is stored in AMIS
SD – Availability Management
Key Concepts:
Vital Business Function (VBF)
The term is used to reflect the business critical elements of the
business process supported by an IT service.

High Availability
Minimizing the impact of component failure

Fault Tolerance
The ability of an IT Service or Configuration Item to continue to
Operate correctly after Failure of a Component part.

Business Impact Analysis

BIA is the Activity that identifies Vital Business Functions and their
dependencies. These dependencies may include Suppliers, people, other
Business Processes, IT Services etc.

BIA defines the recovery requirements for IT Services. These requirements

include Recovery Time Objectives, Recovery Point Objectives and minimum
Service Level Targets for each IT Service
SD – Availability Management
SD – Capacity Management
One Liner:

Ensure IT is sized in optimum & Cost effective manner

Objectives:

• To ensure that the capacity of IT services and the IT infrastructure

• meets the agreed capacity- and performance-related requirements in a
cost-effective and timely manner
• Produce and maintain an appropriate and up-to-date capacity plan
• Provide advice and guidance to all other areas of the business and IT
• Ensure that service performance achievements meet all of their agreed
targets
• Assist with the diagnosis and resolution of performance- and capacity-
related incidents and problems

• Assess the impact of all changes on the capacity plan

• Ensure that proactive measures to improve the performance of services
SD – Capacity Management
SD – Capacity Management
Key Concepts:

Performance Management:
Monitoring: that resources and services perform as required to meet the
terms of the SLAs.
Tuning: is used to identify measures to improve either utilization or
performance levels for a specific device or service.

Modelling: The ability to predict the behavior of the IT infrastructure under any
given volume and variety of work.
• Mathematical models for determining the benefits and costs of
varying capacity.
• Challenge getting data on single platform to analyze across all
platforms
• Simulation and Analytical techniques
Application Sizing: The primary objective of application sizing is to estimate
the resource requirements to support a proposed application change or new
application, to ensure that it meets its required service levels

Capacity Plan: Contains information on the current usage of service and

components, and plans for the development of IT capacity to meet
the needs in the growth of both existing service and any agreed new Services
All Capacity Related information is stored in CMIS
SD – Capacity Management
Capacity Management: Sub Process

Business • Translates business needs and plans into requirements for

service and IT infrastructure, ensuring that the future business
Capacity requirements for IT services are quantified, designed, planned
Management and implemented in a timely fashion.

• Management, control and prediction of the end-to-

end performance and capacity of the live, operational
IT services usage and workloads.
Service Capacity
Management • Ensure that the performance of all services, as
detailed in service targets within SLAs and SLRs, is
monitored and measured, and that the collected data
is recorded, analyzed and reported.
Component • Management, control and prediction of the
Capacity performance, utilization and capacity of individual IT
Management technology components.
SD – Information Security Management
One Liner:

Protecting Data and Information

Objectives:

• To align IT security with business security and ensure that information

security is effectively managed in all service and IT Service Management
activities.

• To protect the interests of those relying on information, and the systems and
communications that deliver the information, from harm resulting from
failures of availability, confidentiality and integrity.

• To provide effective security measures at Strategic, Tactical & Operational

Levels for an organization.
SD – Information Security Management
Key Concepts:

Information Security Policy

A policy of an organization which ensures the compliance to Information
Security Objectives & specific security policies.

Security Analysis & Controls

To Analyze the threats to organization’s data/Information & to
eliminate/minimize the same

To provide security controls (checkpoints) at various levels so as to

reduce the impact of security breaches

Information Security Management System (ISMS)

The framework of Policy, Processes, Standards, Guidelines and tools that
ensures an Organization can achieve its Information Security
Management Objectives
SD – Information Security Management
• Protecting information against unauthorized access and use.
Confidentiality
• Examples: Passwords, swipe cards, firewalls
Processes

• Accuracy, completeness and timeliness of services, data

Sub -

Integrity information, systems and physical locations.

• Examples: Rollback mechanisms, test procedures, audits.

• The information should be accessible at any agreed time. This

depends on the continuity provided by the information
Availability processing systems.
• Examples: UPS, resilient systems, Service desk hours
SD – Information Security Management
Security Policy:

Security Policy Contains….

Audience for
 An overall Information Security Policy
Security Policy
 Use and misuse of IT assets policy
• These policies  Access control policy
should be widely  Password control policy
available to all  E-mail policy
 internet policy
customers and
 Anti-virus policy
users, and their  Information classification policy
compliance should  Document classification policy
be referred to in all  Remote access policy
SLRs, SLAs,  Policy for supplier access of IT service,
contracts and information and components
agreements.  Asset disposal policy.
SD – Information Security Management
ISMS (Information Security Management System:

•Service level Agreements

Interested (SLA’s)
•Awareness,
Classification
Interested
Parties •Underpinning Contracts
(UC’s)
•Personnel Security Parties
•Physical Security
(Customers, •Operational level •Systems Security (Customers,
agreements (OLA’s)
•Security Incident
Suppliers •Policy Statements
Plan Implement Procedures
Suppliers
etc.) etc.)

Information
Security
Control Managed
• Organize Information
Requirements &
Expectations • Establish framework Security
• Allocate responsibilities

Maintain Evaluate
• Learn •Internal audit
• Improve •External audit
•Self assessments
• Plan
•Security Incidents
• Implement
SD – IT Service Continuity Management
One Liner:

Recover from disaster as per agreed & applicable SLA

Objectives:

To support the overall business continuity management (BCM) process by

ensuring that, by managing the risks that could seriously affect IT services, the
IT service provider can always provide minimum agreed business continuity-
related service levels.
Produce and maintain a set of IT service continuity plans
Complete regular BIA exercises
Conduct regular risk assessment and management exercises
Provide advice and guidance to all other areas of the business and IT
Ensure that appropriate continuity mechanisms are put in place
Ensure that proactive measures to improve the availability of services
Negotiate and agree contracts with suppliers for the provision
SD – IT Service Continuity Management
SD – IT Service Continuity Management
Do nothing
Manual workarounds
Reciprocal arrangements : this is an agreement between organizations to use one
another’s facilities in a disaster. This may work for batch jobs or storage,
Immediate recovery – hot standby (<24 hrs) : this is an alternative site, already running
critical systems, to be used when the main site is inaccessible or unusable.
Intermediate recovery – warm standby (24-72 hrs) : this is similar to Immediate Recovery
except that critical systems need to be recovered and run. This usually takes between 24
and 72 hours.
Gradual recovery – cold standby (>72 hrs) : an empty facility, with utilities, support staff
and telecommunications equipment, that is ready to accommodate new computer
equipment.
Fortress Approach : An approach to IT Service Continuity where the entire IT site is made
as disaster-proof as possible
Dormant contracts : suppliers agree to keep stock of certain items, which will be available
at a fixed price through the year.
Insurance
 Service
Transition
Service Transition - Business Value
• Enable projects to estimate the cost, timing, resource requirement and risks
Result in higher volumes of successful change

• Be easier for people to adopt and follow

• Enable service transition assets to be shared and re-used

• Reduce delays from unexpected clashes and dependencies

• Reduce the effort spent on managing the service transition test and pilot
Environments

• Improve expectation setting for all stakeholders involved

• Increase confidence that the new or changed service can be delivered

• Ensure that new or changed services will be maintainable and cost-effective

• Improve control of service assets and configurations

Service Transition - Purpose, Objectives and Scope
Purpose:

To ensure that new, modified or retired services meet the expectations

of the business as documented in the service strategy and service design
stages of the lifecycle.

Objectives:

• Plan and manage service changes efficiently and effectively

• Manage risks relating to new, changed or retired services
• Successfully deploy service releases into supported environments
• Set correct expectations on the performance and use of new or changed
services
• Ensure that service changes create the expected business value
• Provide good-quality knowledge and information about services and
service asset

Scope:

Release planning, building, testing, evaluation and deployment. The

publication also considers service retirement and transfer of services between
service providers
Service Transition - Processes
1. Transition Planning and Support

2. Service Asset and Configuration Management

3. Service Validation and Testing

4. Evaluation

5. Change Management

6. Release and Deployment Management

7. Knowledge Management
ST – Transition Planning and Support
One Liner:

Identify, manage and control the risks of failure and disruption

across transition activities.

Objectives:

• Plan and coordinate the resources

• Coordinate activities across projects, suppliers and service teams
• Establish new or changed services into supported environments within
• the predicted cost, quality and time estimates
• Establish new or modified management information systems and tools,
• technology and management architectures, service management
processes, and measurement methods and metrics.
• Ensure that all parties adopt the common framework of standard reusable
• processes and supporting systems
• Provide clear and comprehensive plans that enable customer and business
change projects to align their activities with the ST plans.
• Identify, manage and control risks and improve performance of Service
Transition lifecycle stage.
ST – Service Asset and Configuration Management
One Liner:

To ensure that the assets required to deliver services are properly

controlled, and that accurate and reliable information about those assets is
available when and where it is needed.

Objectives:
• Provide the Logical Model for IT infrastructure correlating the IT services &
their components
• Create & maintain Configuration Management System
• Identify, control, record, report, audit and verify services and other Cis.
• Account for, manage and protect the integrity of CIs through the service
lifecycle by working with change management
• Ensure the integrity of CIs and configurations required to control the
services by establishing and maintaining an accurate CMS
• Maintain accurate configuration information on the historical, planned and
current state of services and other Cis
• Support efficient and effective service management processes by providing
accurate configuration information
ST – Service Asset and Configuration Management
Activities:
ST – Service Asset and Configuration Management
Key Concepts:

Configuration Item (CI):

Any Component that needs to be managed in order to deliver an IT Service
Baseline:
Snapshot of a CI or a group of CIs at a given time or stage
Used for later comparisons
Can be in the form of excel or database file
Variant:
A baseline with minor differences
Definitive Media Library:
One or more locations in which the definitive and approved versions of all software
Configuration Items are securely stored. The DML may also contain associated CIs
such as licenses and documentation. The DML is a single logical storage area even
if there are multiple locations. All software in the DML is under the control of
Change and Release Management and is recorded in the Configuration
Management System. Only software from the DML is acceptable for use in a
Release.
Configuration Management System:
It is a system which controls & maintains the record if all CIs in a structured manner
in 1 or more databases known as CMDB
Stores Attributes of CIs, Relationship between CIs
Consists of Multiple layers like Integration, Presentation etc.
ST – Service Validation and Testing
One Liner:

Perform quality assurance to ensure that the new or changed

service is fit for purpose and fit for use
Objectives:

• Provide confidence that the release will deliver the expected outcomes and
value to the customers with in the projected costs, capacity and constraints.

• Validate that a service is ‘fit for purpose’ – it will deliver the required
performance with the desired constraints removed.

• Assure a service is ‘fit for use’ – it meets certain specifications under the
specified terms and conditions of use.

• Confirm that the customer requirement are correctly defined and remedy
any errors early in the lifecycle as this is cheaper.
ST – Service Validation and Testing
Key Concepts: Test Models

Includes test plan, what is to be tested and the test scripts that define how
each element will be tested. Ensures that testing is executed consistently in a
repeatable way, i.e., effective and efficient.
ST – Service Validation and Testing
Key Concepts: Service V Model
ST – Evaluation Management
One Liner:

Evaluate the performance of a service change and inform

Change Management

Objectives:

• Evaluate intended and unintended effects of service change

• Provide timely input to change management so that a decision can be

made whether a service change is to be approved or not

Activities:

Evaluation Plan : The outcome of the evaluation planning exercise.

Evaluation Report: A report generated by the evaluation function which is

passed to change management and which comprises:
ST – Evaluation Management
Key Concepts:

Risk Profile: A representation of the residual risk left after a change has been
implemented and after countermeasures have been applied.

Deviations Report: The difference between predicted and actual performance

following the implementation of a change.

A Qualifications statement: Following review of qualification test results and

the qualification plan a statement of whether or not the change has left the
service in a state where by it could not be qualified.

A validation statement: Following review of validation test results and the

validation plan, a statement of whether or not the change has left the service in
a state whereby it could not be validated.

A recommendation: Based on the other factors within the evaluation report

recommendation to change management to accept or reject the change.
ST – Change Management
One Liner:

To control the lifecycle of all changes, enabling beneficial

changes to be made with minimum disruption to IT services

Objectives:
Respond to the customer’s changing business requirements while maximizing
value and reducing incidents, disruption and re-work.
Respond to the business and IT requests for change that will align the services
with the business needs
Ensure that changes are recorded and evaluated, and that authorized changes
are prioritized, planned, tested, implemented, documented and reviewed in a
controlled manner. Prevent Unauthorized changes
Ensure that all changes to configuration items are recorded in CMS Optimize
overall business risk
Prepare Change (& Back out) Plans via FSC & provide PSA
Post Implementation Reviews of Changes
Maintain a record of all changes
ST – Change Management
Activities:
• Planning and controlling changes
• Change and release scheduling
• Communications
• Change decision-making and change authorization
• Ensuring that remediation plans are in place
• Measurement and control
• Management reporting
• Understanding the impact of change
• Continual improvement.
 ST – Change Management
Key Concepts:

CAB: Change Advisory Board is a body that exists to support

the authorization of changes and to assist change
management in the assessment, prioritization and scheduling
of changes

E- CAB: In an emergency situation it may not be possible to

convene a full CAB meeting. Where CAB authorization is
required, this will be provided by the emergency CAB (ECAB)

7 R’s of Change Management:

Who RAISED the change?
What is the REASON for the change?
What is the RETURN required from the change?
What are the RISKS involved in the change?
What RESOURCES are required to deliver the change?
Who is RESPONSIBLE for the build, test and implementation?

What is the RELATIONSHIP between this change and other changes?

ST – Change Management
Key Concepts:

Change: Addition, Modification or removal of – any service or configuration

item or associated documentation including Strategic, Tactical & Operational
changes.

Standard changes: Pre-authorized, Reoccurring, low cost and low Risk with
an established procedure. Tasks are well known, documented
E.g replacement of faulty printer, upgrade PC etc.

Normal changes: Types are specific to the organization. These have High
Risk and Impact. Type determines what assessment is required.
E.g Replace the functionality of Application etc

Emergency changes: Business criticality means there is insufficient time for

normal handling. Should use normal process but speeded up, Impact can be
high, more prone to failure, Should be kept to minimum

Remediation Planning: Actions taken to recover after a failed change or

release. Remediation may include back-out, invocation of service continuity
plans, or other actions designed to enable the business process to continue.
ST – Change Management
Key Concepts:

Request for Change (RFCs): Incidents, upgrades to the infrastructure, or changes in

the business requirements generate the need for a Request for Change (RFC)

Change Classification & Prioritization: To classify & plan changes in the order of their
impact & urgency

Forward Schedule of Changes (FSC): A Document that lists all approved Changes
and their planned implementation dates. Detailed short term schedules and less detailed
for longer term planning. It also contains information about Changes that have already
been implemented.

Projected Service Availability (PSA) : To determine the best time for a change
implementation

Projected Service Outage (PSO): A Document that identifies the effect of planned
Changes, maintenance Activities and Test Plans on agreed Service Levels
The FSC, PSA and PSO are agreed with the customers
ST – Release and Deployment Management
One Liner:

To plan, schedule and control the build, test and deployment

of releases, and to deliver new functionality required by the business
while protecting the integrity of existing services

Objectives:
• Define and agree release and deployment management plans with
• customers and stakeholders.
• Create and test release packages that consist of related CI.
• Ensure that the integrity of a release package and its constituent
components is maintained throughout the transition activities.
• Deploy release packages from the DML to the live environment.
• Ensure that all release packages can be tracked, installed, tested, verified
and/or uninstalled or backed out if appropriate.
• Ensure that organization and stakeholder change is managed.
• Ensure that a new or changed service and its enabling systems, technology
and organization are capable of delivering value
• Skills & Knowledge Transfer.
 ST – Release and Deployment Management
Activities:

• Planned Release and Deployment in line to the business needs

• Build, Install, Test and Integrate releases
 Efficiently, successfully and on schedule.
 With minimal impact on production services, operations, and support teams
 Enabling new or changed services to deliver agreed service requirements
• Control and minimize the impact of releases to the ongoing services
• Transfer knowledge and skills to end users and support teams, leading to
an effective use and support.
Roll Out Planning
Release Design Release Release
Release Communication, Review and
Building & Testing & Distribution,
Planning Preparation & Close
Configuring Acceptance Training
Implementation

Definitive Media Library (DML)

Configuration Management System (CMS)
Change Management
ST – Release and Deployment Management
Key Concepts:

Release: A collection of hardware, software, documentation, Processes or

other Components required to implement one or more approved Changes to IT
Services. The contents of each Release are managed, Tested, and Deployed
as a single entity.

Release Unit: Components of an IT Service that are normally Released

together. A Release Unit typically includes sufficient Components to perform a
useful Function.
For example one Release Unit could be a Desktop PC, including Hardware,
Software, Licenses, Documentation etc. A different Release Unit may be the
complete Payroll Application, including IT Operations Procedures and User
training.

Release Package: Single Release or many related Releases.

For Example Can include hardware, software, utility, warranty, documentation

training
 ST – Release and Deployment Management
Key Concepts:

Release management is responsible for planning, scheduling, and

controlling the movement of new or changed services, in the form of a
release unit or package, to both the testing and the live production
environments.

Release Policy:
• The unique identification, numbering, naming conventions and roles
and responsibilities at each stage in the release and deployment.
• Release Definition, and Release Window.
• The expected frequency for each type of release.
• The mechanism to automate the build, installation and release.
• Exit and entry criteria
• Criteria and authorization to exit early life support

Deployment management is responsible for the movement of new or

changed hardware, software, documentation, or other configuration items
into the live production environment.
 ST – Release and Deployment Management
Release Types
• Depending on the number of changes that should be included in one Release,
a Release can be of the following type:
• Delta Release
 Just a few changes normally a quick fix
• Full Release
 When a program is released in its entirety, including the parts that
were not changed.
 A number of similar Changes can be implemented together in this
Release
 More preparation and resources are required for a Full Release
• Package Release
 You use a Package Release when you Release a group of
software. Each of the software in the package depends on the
other software in the group for its performance.
 For example, scheduled upgrades to third-party software, such as
Systems software and Office applications are appropriate for
Package Releases.
ST – Release and Deployment Management
Release / Deployment Methods

• Big Bang vs. Phased Approach

• In Big Bang approach the new or changed component is deployed to

all user areas in one go
• Phased approach involves deployment of components to part of user
area & then deploying in other areas in phased manner
• Alternatively, the release itself is carried out in phased manner

• Push vs. Pull (usually for software)

• Push is used when a component is deployed from a centre & pushed

to it’s target locations
• Pull is used when a software is stored in centre & users are
requested to pull it based on their requirements

• Automated vs. Manual

• Automation will help to ensure repeatability and consistency

• Manual activities are error prone and inefficient, can slow down the
release team and can cause resource/capacity issues.
ST – Knowledge Management
One Liner:

The Process responsible for gathering, analyzing, storing and

sharing knowledge and information within an Organization. The primary
purpose of Knowledge Management is to improve Efficiency by reducing
the need to rediscover knowledge.

Objectives:

• Improve the quality of management decision

• Enable the service provider to be more efficient and improve quality of

service

• Ensure that staff have a clear and common understanding of the value

• Maintain a service knowledge management system

• Gather, analyze, store, share, use and maintain knowledge, information and
data throughout the service provider organization
ST – Knowledge Management
Activities:
ST – Knowledge Management
Key Concepts:

Data: A set of discrete facts about the events, Usually large amount of data
is/can be collected

Information: The data is arranged/sorted in appropriate context & manner so

that it’s easy to locate/work on
Answers questions like Who, what, when, where?

Knowledge: Created based on the information/data or own expertise

• Answers How?
• Is dynamic & context based
• Helps in decision making

Wisdom: Gives detailed understanding, Arriving at the judgment

• Helps finalize future decisions/actions
• Wisdom is about having the application and contextual awareness to
provide a strong commonsense judgment
 Service
Operations
Service Operations - Business Value
• Reduce unplanned labor and costs for both the business and IT

• Reduce the duration and frequency of service outages

• Provide operational results and data that can be used by other ITIL
processes

• Meet the goals and objectives of the organization’s security policy

• Provide quick and effective access to standard services

• Provide a basis for automated operations

Service Operations - Purpose, Objectives and Scope
Purpose:

To coordinate and carry out the activities and processes required to

deliver and manage services at agreed levels to business users and customers.
Service operation is also responsible for the ongoing management of the
technology that is used to deliver and support services

Objectives:

• Maintain business satisfaction and confidence in IT

• Minimize the impact of service outages on day-to-day business activities
• Ensure that access to agreed IT services is only provided to those
authorized to receive those services

Scope:
• Services

• Service Management Processes

• Technology

• People
Service Operations - Processes & Functions
1. Access Management

2. Event Management

3. Service Request Management Processes

4. Incident Management

5. Problem Management

1. Service Desk

2. IT Operations Management
Functions
3. Technical Management

4. Application Management
SO – Access Management
One Liner:

To provide the right for users to be able to use a service or

group of services. It is therefore the execution of policies and actions
defined in information security management.

Objectives:

• Granting authorized users the access to their Required services

• Ensure that the access provided is of Right level

• Revoke the access after getting the necessary & relevant approvals

• (Indirectly) prevent non-authorized access from non-authorized users

SO – Access Management
Activities:

Request Access: Users can request access via, RFC or Service Request via
Request Fulfillment or Helpdesk Menu

Verify User Identity: Access Management Team ensures that users are who
they say are & they have legitimate requirement for service

Provide Rights: Access team provides the rights to users as per Policies of
the organization

Monitor Identity Status: Monitor users identity status, their change of roles,
expiry of valid account etc.

Log & Track the Access: Ensure the Accesses are logged & data is
maintained as per organizations policies

Restrict Access: Restrict or modify the rights as per user status & as directed
by policies.

Revoke: Stop the access based on ISM Policy and status.

SO – Access Management
Key Concepts:

Access • Access refers to the level and extent of a service’s

functionality or data that a user is entitled to use.
Identity • The information about the user that distinguishes
them as an individual, and which verifies their status
within the organization.
• By definition, the identity of a user is unique to that
user.
Rights • Also called privileges, refer to the actual settings
whereby a user is provided access to a service or
group of services.
• Typical rights or levels of access include read, write,
execute, change, delete.
Service/ • Granting users/User groups access to similar set of
Service Groups services
 SO– Event Management
One Liner:

To manage events throughout their lifecycle. This lifecycle of

activities to detect events, make sense of them and determine the
appropriate control action is coordinated by the event management process

Objectives:

• Detect all changes of state that have significance for the management of a CI
or IT service

• Determine the appropriate control action for events and ensure these are
communicated to the appropriate functions

• Provide the trigger, or entry point, for the execution of many service operation
processes and operations management activities

• Provide the means to compare actual operating performance and behavior

against design standards and SLAs

• Provide a basis for service assurance and reporting; and service improvement.
ST – Event Management
Activities:
Event: A change of state which has significance for the management of a Configuration
Item or IT Service.
The term Event is also used to mean an Alert or notification created by any IT
Service, Configuration Item or Monitoring tool. Events typically require IT
Operations personnel to take actions, and often lead to Incidents being logged.
Alerts: An occurrence of something which triggers event or a call for action or a human
intervention
A warning that a threshold has been reached, something has changed, or a Failure
has occurred. Alerts are often created and managed by System Management tools.
ST – Event Management
Key Concepts:

Information: An event which is only meant to provide information.

Informational events are usually recorded for a pre-determined period
E.g. Backup job completed

Warning: Event meant as a proactive measure to indicate that a service or

device is reaching a threshold
E.g. Network traffic reaching a congestion point

Recording, Filtering Events: All Events usually get recorded in a log file
Events are filtered according to their types either automatically or manually

Prioritization of Events: Events are prioritized based on their importance &

their types. Based on SLAs, some events can always get high priority.

Exception: Event which indicates that a service or a device is behaving

abnormally (against a defined behavior)
E.g. a server is down

Exceptions Management: Exception is usually converted into Incident or

problem or RFC. Exception does NOT necessarily represents Incident/problem
SO – Service Request Management
One Liner:

Provide a quick response to standard service requests

Objectives:

• Maintain user and customer satisfaction through efficient and professional

handling of all service requests

• Provide a channel for users to request and receive standard services for
which a predefined authorization and qualification process exists.

• Provide information to users and customers about the availability of

services and the procedure for obtaining them.

• Source and deliver the components of requested standard services (e.g.

licenses and software media).

• Assist with general information, complaints or comments

SO – Service Request Management
Activities:

• Typically involves a routine type of change

• Although may be managed by Service Desk, it is NOT treated as Incident
• Pre-defined process
• Some changes can be pre-approved (or Auto Approved) e.g. Requesting
stationary
• Some changes may require additional or special approvals
• Make Self-Help available
SO – Incident Management
One Liner:

To restore normal service operation as quickly as possible

and minimize the adverse impact on business operations, thus ensuring
that agreed levels of service quality are maintained.

Objectives:
• Ensure that standardized methods and procedures are used for efficient
and prompt response, analysis, documentation, ongoing management and
reporting of incidents.

• Increase visibility and communication of incidents to business and IT

support staff.

• Enhance business perception of IT through use of a professional approach

in quickly resolving and communicating incidents when they occur.

• Align incident management activities and priorities with those of the

business.

• Maintain user satisfaction with the quality of IT services.

SO – Incident Management
Activities:
SO – Incident Management
Key Concepts:

Incident: An unplanned interruption to an IT Service or a reduction in the

Quality of an IT Service. Failure of a Configuration Item that has not yet
impacted Service is also an Incident. For example Failure of one disk from a
mirror set.

Major Incident: An Incident Model to handle Incidents of Major Impacts and

great Urgency. Major incidents needs separate procedures.

Impact: A measure of the effect of an Incident on Business Processes.

Impact is often based on how Service Levels will be affected.

Urgency: A measure of how long it will be until an Incident has a significant

Impact on the Business.

Priority: Impact and Urgency are used to assign Priority

Functional Escalation: Transferring an Incident to a technical team with a

higher level of expertise to assist in an Escalation.
Hierarchical Escalation: Informing or involving more senior levels of
management to assist in an Escalation.
SO – Problem Management
One Liner:

Problem Management seeks to identify and remove the root-

cause of Incidents in the IT Infrastructure.

Objectives:
• Prevent problems and resulting incidents from happening.
• Eliminate recurring incidents.
• Minimize the impact of incidents that cannot be prevented.
• The process responsible for managing the lifecycle of all problems.
• Together with Incident and Change Management increases IT service
availability and quality.
• Reduction in downtimes and disruptions of Business critical systems.
• Reduced expenditure on workarounds or fixes that do not work.
• Reduction in cost of effort in fire-fighting or resolving repeat incidents.
• Shares the coding with Incident Management (Categorizations).
SO– Problem Management
Activities:

Problem Problem Problem

detection & Categorization Investigation &
Logging & Prioritization Diagnosis

Problem Workarounds & Known

Resolution & raising Known Error
Closure Error Records Database

Errors from
Major Problem
Development /
Reviews
Suppliers
SO– Problem Management
Key Concepts:

Problem: Finding the unknown underlying root cause of one or more incidents.

Work Around: A temporary solution/Quick Fix which enables to user to

continue using the service even though the root cause is not identified/removed

Known Error: A Problem for which the root cause is identified, Permanent fix is
available and a temporary Work-around has been made available.

Known Error Database: The purpose of this database is to maintain a record

of all the previous incidents, problems & known errors

Problem Review:
• What was done right
• What was done Incorrect
• What could have been done better next time
• How to prevent the problem from happening again
• Lessons learnt
SO– Problem Management
Key Concepts:

Reactive • Resolution of underlying cause (s)

Problem • The activities are similar to those of Incident
Management Management for the logging, categorization and
classification for Problems. The subsequent activities are
different as this is where the actual root-cause analysis is
performed and the Known Error corrected.
• Covered in Service Operation
Proactive • Prevention of future problems by analyzing Incident
Problem Records, and using data collected by other IT Service
Management Management processes and external sources to identify
trends or significant problems.
• Generally undertaken as part of Continual Service
Improvement (CSI)
SO– Problem Management
Pain Value Analysis: Ishikawa Diagrams:
1) Form an explicit table listing the causes and their
frequency as a percentage.
2) Arrange the rows in the decreasing order of importance
of the causes (i.e., the most important cause first)
3) Add a cumulative percentage column to the table.
4) Plot with causes on x- and cumulative percentage on y-axis
5) Join the above points to form a curve
6) Plot (on the same graph) a bar graph with causes
on x- and percent frequency on y-axis
7) Draw a line at 80% on y-axis parallel to x-axis.
Then drop the line at the point of intersection with the
curve on x-axis. This point on the x-axis separates the
important causes (on the left) and trivial causes (on the right)
8) Explicitly review the chart to ensure that at least 80%
of the causes are capture

Kepner and Tregoe Analysis: Major Problem Reviews:

1) Defining the Problem 1) Assign Responsibility for the Review
2) Describing the Problem with regards 2) Start Documenting and take inputs
to identify, location, time and Size. From Incident resolution.
3) Establish the possible root cause 3) Gather Data
4) Testing the most possible Cause 4) Initiate Meeting
5) Verifying the true cause. 5) Report Preparation
6) Share the Learning
SO – Functions
SO – Service Desk
One Liner:

Act as a single Point of Contact for all the end user related queries

Objectives:
• A Service Desk is a functional unit made up of a dedicated number of staff
responsible for dealing with a variety of service events, often made via
telephone calls, web interface, or automatically reported infrastructure
events.
• A Service Desk is a functional unit made up of a dedicated number of staff
responsible for dealing with a variety of service events, often made via
telephone calls, web interface, or automatically reported infrastructure
events.
• The Service Desk is a vitally important part of an organization’s IT
Department and should be the single point of contact for IT users on a day-
by-day basis.
• The value of an effective Service Desk should not be underrated – a good
Service Desk can often compensate for deficiencies elsewhere in the IT
organization, but a poor Service Desk (or the lack of a Service Desk) can
give a poor impression of an otherwise very effective IT organization.
SO – Service Desk
Objectives:
• Logging all relevant incident/service request details.
• Allocating categorization and prioritization codes.
• Providing first-line investigation and diagnosis.
• Resolving those incidents/service requests they are able.
• Escalating incidents/service requests.
• Keeping users informed of progress.
• Closing all resolved incidents, requests and other calls.
• Conducting customer/user satisfaction callbacks.
• Communication with users.
• Updating the CMS under the direction and approval of Configuration
Management if so agreed.
• Logging all the Tickets.
SO – Service Desk
Types of Service Desk

Type Description
1. Local Located physically close to the user community it serves.

2. Centralized Service desk is deployed at one central physical location.

3. Virtual Impression of single, centralized Service desk, through the use

of technology and tools to create a virtual Service desk.

4. Follow-The-Sun Multiple Service desks across time zones to provide 24x7

service.
5. Specialized ‘specialist groups’ within the overall Service Desk structure, so
that incidents relating to a particular IT service can be routed
directly (normally via telephony selection or IVR or a web-
based interface) to the specialist group.
SO – Service Desk
SO – IT Operations Management
One Liner:

Support day-to-day basic level operational activities.

Objectives:

• The function responsible for the ongoing management and maintenance of

an organization ’s IT Infrastructure to ensure delivery of the agreed level of
IT services to the business.

• Maintenance of the as- is infrastructure and procedures to achieve stability

of the organization’s day-to-day processes and activities.

• Regular scrutiny and improvements to achieve improved service at reduced

costs, while maintaining stability.

• Swift application of operational skills to diagnose and resolve any IT

operations failures that occur.
SO – IT Operations Management
Key Concepts:

Operations Control - oversees the execution and monitoring of the

operational activities and events in the IT Infrastructure.
Includes Console Management, Job Scheduling, Backup & restore,
Print & output Management and Maintenance activities on behalf of
Technical or Application Management teams.

Facilities Management - The management of the physical IT environment,

typically a Data Centre or computer rooms and recovery sites together with all
the power and cooling equipment.
SO – Technical Management
One Liner:

Technical Management refers to the groups, departments or

teams that provide technical expertise and overall management of the IT
Infrastructure.

Objectives:

• It is the custodian of technical knowledge and expertise related to managing

the IT infrastructure. In this role, technical management ensures that the
knowledge required to design, test, manage and improve IT services is
identified, developed and refined.

• It provides the actual resources to support the service lifecycle. In this role
technical management ensures that resources are effectively trained and
deployed to design, build, transition, operate and improve the technology
required to deliver and support IT service
SO – Technical Management
Activities:

• The groups, departments or teams that provide technical expertise and

overall management of the IT Infrastructure

• Custodian of technical knowledge and expertise related to managing the IT

Infrastructure.

• Provides the actual resources to support the ITSM Lifecycle.

• Ensures that resources are effectively trained and deployed to design,

build, transition, operate and improve the technology required to deliver and
support IT services.

• To help plan, implement and maintain a stable technical infrastructure to

support the organization’s business Processes

• Well designed and highly resilient, cost-effective infrastructure configuration

• Use of adequate technical skills to maintain the technical infrastructure and

to speedily diagnose and resolve any technical failures that do occur.
SO – Application Management
One Liner:

Application Management refers to the groups, departments or

teams that provide Software expertise and overall management of the
Application Services.

Objectives:

• Application Management is responsible for managing applications throughout

their lifecycle. The Application Management function is performed by any
department, group or team involved in managing and supporting operational
applications.

• Application Management also plays an important role in the design, testing

and improvement of applications that form part of IT services. As such, it may
be involved in development projects, but is not usually the same as the
Applications Development teams.

Note: Application Management and Application Development are not the same
SO – Application Management
Activities:

• Applications that are well designed, resilient and cost-effective

• Ensuring that the required functionality is available to achieve the required

business outcome

• The organization of adequate technical skills to maintain operational

applications in optimum condition

• Swift use of technical skills to speedily diagnose and resolve any technical
failures that do occur.

• To helping to identify functional and manageability requirements for

application software so as to support the organization’s business
Processes.

• Assist in design and deployment of applications.

• Assist in ongoing support/maintenance/improvement of applications.

 Continual
Service
Improvement
Continual Service improvement - Business Value

• Lead to a gradual and continual improvement in service quality.

• Ensure that IT services remain continuously aligned to business

requirements

• Result in gradual improvements in cost effectiveness through a reduction in

costs

• Use monitoring and reporting to identify opportunities for improvement in all

lifecycle stages and in all processes

• Identify opportunities for improvements

Continual Service improvement - Purpose, Objectives and Scope
Purpose:

To align IT services with changing business needs by identifying and

implementing improvements to IT services that support business processes.
Objectives:

• Review, analyze, prioritize and make recommendations

• Review and analyze service level achievement
• Identify and implement specific activities to improve IT service
• Improve cost effectiveness of delivering IT services
• Ensure applicable quality management methods
• Ensure that processes have clearly defined objectives
• Understand what to measure, why it is being measured

Scope:
• The overall health of ITSM as a discipline
• The continual alignment of the service portfolio
• The maturity and capability of the organization, management, processes
• and people utilized by the services
• Continual improvement of all aspects of the IT service and the service
• assets that support them.
CSI – Continual Service improvement
One Liner:

Continual Service Improvement is responsible for managing

improvements to IT Service Management Processes and IT Services.
The Performance of the IT Service Provider is continually measured and
improvements are made to Processes, IT Services and IT Infrastructure
in order to increase Efficiency, Effectiveness, and Cost Effectiveness

Objectives:

Continually align IT services to changing business needs by identifying &

implementing improvements

Continual Improvement of process efficiency & effectiveness along with Cost

Effectiveness

Maintain/Improve overall health of ITSM services in the organization

Alignment of Service Portfolio with Business needs

Maturity of processes, Customer Satisfaction Surveys, Internal & external

Services reviews, Audits.
CSI – Continual Service improvement
Activities:

PDCA – Plan do check Act /Deming circle/cycle/wheel/Shewhart cycle

Dr W Edward Deming, who is considered by many to be the father of modern
quality control.
CSI – Continual Service improvement
Activities:
Continual Service Improvement Model
CSI – 7 Step Improvement Process
CSI – Continual Service improvement
Key Concepts:

Improvement – Favorable Outcome showing a measurable increase in a

desirable metric or a decrease in undesirable metric.

Benefit – Gain achieved from Improvement. This is generally associated with

ROI or VOI.

Return on Investment (ROI) – Quantifiable monetary benefit achieved by

expending a certain amount of money, usually expressed as a percentage.

Value on Investment (VOI) – Non monetary benefit, such as branding,

achieved by expending a certain amount of money.

Baseline – Benchmark used as a reference point for later comparison.

Critical Success Factor (CSF) – Something that must happen if an IT service,

process, plan, project or other activity is to succeed.
Key Performance Indicators (KPI) – are used to measure the achievement of
each critical success factor.
CSI – Continual Service improvement
Key Concepts:

Service Measurement: The ability to predict and report service performance

against targets of an end-to-end service is known as Service Measurement.

Technology metrics: typically components and applications For example

Performance, Availability.

Process metrics: Critical Success Factors (CSFs), Key Performance Indicators

(KPIs), activity metrics for ITSM processes

Service metrics: end-to-end service metrics (often Service metrics are a sum
of process and technology metrics)

CSI register: is created to record all the improvement opportunities and should
be categorized by
 Size (Small, Medium or Large)
 Achievement (Quick, Medium Term or Long term)
 Benefits by Implementation of Improvements
 Automated raising of LOW-priorities over time may be a useful
ITIL – Additional Information

ITIL Acronyms Adobe Acrobat

Document

ITIL Glossary of Terms and Definitions Adobe Acrobat

Document

ITIL Quiz

ITIL Links
THANK YOU

Email: [email protected]
Phone: +91 9963xxxx00