Tuesday, April 22, 2008

ITIL Quick Guide

Welcome To the ITIL

The Information Technology Infrastructure Library (ITIL) defines the organisational structure and skill requirements of an information technology organisation and a set of standard operational management procedures to allow the organisation to manage an IT operation and associated IT infrastructure. The operational procedures are supplier independent and apply to all items of equipment within the IT Infrastructure.

The 'library' itself comprises seven distinct sets: Service Support; Service Delivery; ICT Infrastructure Management; Planning to Implement Service Management; Applications Management; The Business Perspective; and Security Management. Within these sets are the specific descriptions and definitions of the various ITIL disciplines.

ITIL was originally created by the CCTA under the auspices of the British government, and ITIL is a registered trademark of the UK Government's Office of Government Commerce (usually known as the OGC).

The two most commonly used sets (the core sets) are Service Support and Service Delivery. The disciplines within these are as follows:

-Incident Management

-Problem Management

-Configuration Management

-Change Management

-Release Management

-Service Desk

-Service Level Management

-IT Financial Management

-Capacity Management

-Availability Management

-IT Service Continuity Management

-IT Security Management

Service Support

Incident Management

An 'Incident' is any event which is not part of the standard operation of the service and which causes, or may cause, an interruption or a reduction of the quality of the service.

The objective of Incident Management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price.

Inputs for Incident Management mostly come from users, but can have other sources as well like management Information or Detection Systems. The outputs of the process are RFC’s (Requests for Changes), resolved and closed Incidents, management information and communication to the customer.

Activities of the Incident Management process:

Incident detection and recording

Classification and initial support

Investigation and diagnosis

Resolution and recovery

Incident closure

Incident ownership, monitoring, tracking and communication

These elements provide a baseline for management review.

Incident Management Overview

Mission Statement

Restore normal state IT service operations as quickly as possible to minimize the adverse impact on business operations.

Process Goal Achieve the process mission by implementing:

• ITIL-aligned Incident Management Policies, Processes and Procedures

• Incident escalation standards

• Dedicated Incident Management Process Owner

• Incident classification categories

• Incident reports

• Incident communications and education for IT staff

Critical Success Factors (CSFs)

The Critical Success Factors are:

Maintaining IT Service Quality

• Maintaining Customer Satisfaction

• Resolving Incidents Within Established Service Times

Key Activities

Key Activities the key activities for this process are:

Detect and record incidents

• Classify incidents

• Provide initial incident support

• Prioritize incidents based on impact and urgency

• Investigate and diagnose incidents

• Resolve incidents and recover service per agreed service levels

• Close incidents

• Maintain ownership, monitoring, tracking and communications about incidents

• Provide management information about Incident Management quality and operations

Key Performance Indicators (KPIs) Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Maintaining IT Service Quality

• Number of Severity 1 incidents (total and by category)

• Number of Severity 2 incidents (total and by category)

• Number of other incidents (total and by category)

• Number of incidents incorrectly categorized

• Number of incidents incorrectly escalated

• Number of incidents bypassing Service Desk

• Number of incidents not closed/resolved with workarounds

• Number of incidents resolved before customers notice

• Number of incidents reopened

Maintaining Customer Satisfaction

• Number of User/Customer surveys sent

• Number of User/Customer surveys responded to

• Average User/Customer survey score (total and by question category)

• Average queue time waiting for Incident response

Resolving Incidents Within Established Service Times

• Number of incidents logged

• Number of incidents resolved by Service Desk

• Number of incidents escalated by Service Desk

• Average time to restore service from point of first call

• Average time to restore Severity 1 incidents

• Average time to restore Severity 2 incidents

The Difference between Incident Management and Problem Management

Incidents and Service Requests are formally managed through a staged process to conclusion. This process is referred to as the "Incident Management Lifecycle". The objective of the Incident Management Lifecycle is to restore the service as quickly as possible to meet Service Level Agreements. The process is primarily aimed at the user level.

Problem Management deals with resolving the underlying cause of one or more Incidents. The focus of Problem Management is to resolve the root cause of errors and to find permanent solutions. Although every effort will be made to resolve the problem as quickly as possible this process is focused on the resolution of the problem rather than the speed of the resolution. This process deals at the enterprise level.

Problem Management

The objective of Problem Management is to minimize the impact of problems on the organisation. Problem Management plays an important role in the detection and providing solutions to problems (work arounds & known errors) and prevents their reoccurrence.

A 'Problem' is the unknown cause of one or more incidents, often identified as a result of multiple similar incidents.

A 'Known error' is an identified root cause of a Problem.

There is frequently a Conflict between Incident Management and Problem Management

Conflict between Incident Management and Problem Management:

Background: Incident Management is concerned with restoring service as quickly as possible. Problem Management is concerned with determining and eliminating root cause (and hence eliminating repeat problems).

So from an Incident Management perspective the best decision is to, for example, reboot a server to restore the service. This is not ideal from a Problem Management perspective as the reboot may destroy any diagnostics and so prevent progress towards identifying root cause.

Possible Solution: Form a plan of attack for the next occurrence of the problem:

• What diagnostics to collect

• How long to allow for diagnostics before service is restored

• Prepare the necessary resources (people, process, and technology) prior to the incident

• Communicate the plan to the stakeholders.

The Problem Management process uses these inputs:

  • Incident Records And Details About Incidents

  • Known Errors: A Known Error is a problem for which the root cause is understood and there is a temporary workaround or a permanent fix has been identified. Note that the implementation of the permanent fix may be some time in the future.

  • Information about CIs From The CMDB

  • Information From Other Processes

The outputs of the PM process:

  • RFCs (Request for Change)
  • RFC: RFC is an acronym for: Request for Change.

This is normally part of a formal procedure, and can, for example, be an input to a service desk. It is largely part of 'business as usual' in a development or business cycle.

  • Management Information
  • Work Arounds:

A work around is an uncommon solution to a problem where the known methodology is insufficient. Work arounds are usually used to minimize the effects of the problem, until a permanent solution is offered. Note that when the root cause has been identified Work Arounds become Known Errors.

  • Known Errors
  • Update Problem Records (solved problems records if the known error is resolved)

Problem management Overview

Mission Statement

Minimize the adverse impacts of incidents and problems on the business caused by errors in the IT infrastructure and initiate actions to prevent recurrence of incidents related to those errors.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned Problem Management Policies, Processes and Procedures

• Dedicated Problem Manager

• Problem classification categories

• Problem trend reports

• Publicized Known Errors

• Problem analysis toolkit

• Root Cause Analysis skills and culture

• Actions to minimize impact of problems

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

Avoiding Repeated Incidents

• Minimizing Impact Of Problems

Key Activities

The key activities for this process are:

Provide problem control

• Provide error control

• Proactively manage problems

• Conduct major problem reviews

• Provide management information about Problem Management quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Avoiding Repeated Incidents

• Number of repeat incidents

• Number of existing Problems

• Number of existing Known Errors

Minimizing Impact of Problems

• Average time for diagnosis of Problems

• Average time for resolution of Known Errors

• Number of open Problems

• Number of open Known Errors

• Number of repeat Problems

• Number of Major Incident/Problem reviews

Configuration Management

Goals: Providing information on the IT infrastructure to all other processes and IT management. Enabling control of the infrastructure by monitoring and maintaining information on all the resources needed to deliver services

Activities

• Planning.

• Identification and naming.

• Control.

• Status accounting.

• Verification & audit.

Benefits

• Providing accurate information on Configuration Items (CIs) and their documentation

• Controlling valuable CIs

• Facilitating adherence to legal obligations

• Helping with financial and expenditure planning

• Making software changes visible

• Contributing to contingency planning

• Supporting and improving Release management

• Allowing the organization to perform impact analysis and schedule changes safely and efficiently

• Providing problem management with data on trends

Configuration Management Overview

Mission Statement

To identify, record and report on configuration items and their relationships that underpin IT services.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned Configuration Management policies, processes and procedures

• Dedicated Configuration Management Process Owner

• Configuration Management Database (CMDB) data schema

• Proper authorization and control over CMDB data

• Periodic audits and reviews of IT services and their configuration items.

• Accurate information on IT services and their configuration items

• Verification of configuration records against the IT infrastructure and correction actions for any exceptions found.

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Managing Configuration Item information

• Providing capability to perform risk analysis of changes and releases

Key Activities

The key activities for this process are:

• Plan for Configuration Management databases and activities

• Identify Configuration Items

• Control Configuration Item information

• Perform status accounting

• Perform verification and audit of Configuration Management databases

• Provide management information about Configuration Management quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF) that was listed above.

Managing Configuration Item Information

• Number of Configuration Items logged and tracked

• Number of Configuration Items with attribute failures

• Number of changes to Configuration Item attributes

• Number of additional Configuration Items

• Number of deletions of Configuration Items

• Number and frequency of exceptions in configuration audits

Providing Capability To Perform Risk Analysis Of Changes and Releases

• Number of incidents caused by inaccurate configuration data

• Percentage of Services tracked with Configuration Items versus known products and services

Software tools

Most organisations should required a Configuration management-based tool, capable of storing all relevant configuration items (CIs). Such a tool should have the following facilities:

• Problems, RFCs are stored upon the same database in an easily accesible format.

• The ability to identify the relationship among CIs (physical and logical), and between CIs and RFCs, RFCs and Problems, RFCs and CI

Change Management

Goal: Ensure that standardized methods and procedures are used for efficient and prompt handling of all changes, in order to minimize the impact of Change-related incidents upon service quality, and consequently to improve the the day-to-day operations of the organization

Input: RFCs, CMDB, Forward Schedule of Changes (FSC))

Activities

• Filtering changes

• Managing changes and the change process

• Chairing the CAB and CAB/EC

• Reviewing and closing RFCs

• Management reports

Benefits

• Better alignment of IT service to business requirements

• Increased visibility and communication on changes to both business and service support staff

• Improved risk assessment

• Reduced adverse impact of changes on the quality of services and on SLAs

• Improved problem and availability management through the use of valuable management information relating to changes

• Fewer changes to be backed-out

Change Management Overview

Mission Statement

Coordinate and control all changes to IT services to minimize adverse impacts of those changes to business operations and the users of IT services.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned Change Management Policies, Processes and Procedures

• Standardized methods and techniques for efficient handling of changes

• Dedicated Change Manager

• Change Advisory Board

• Forward Schedule of Changes (FSC)

• Published Service Availability (PSA) reports

• Proper levels of pre and post Change communications with customers and users

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Controlling Changes

• Making Quick And Accurate Changes Based On Business Priorities

• Protecting Services When Making Changes

Key Activities

The key activities for this process are:

• Accept Changes

• Prioritize and classify changes

• Coordinate change impact assessment

• Coordinate approval of changes

• Coordinate scheduling of changes

• Coordinate implementation of changes

• Conduct post implementation reviews

• Provide management information about Change Management quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Controlling Changes

• Number of RFCs processed

• Number of RFCs rejected

• Number of unauthorized changes detected

• Number of RFCs implemented on schedule

• Number of RFCs requiring reschedules

Making Quick and Accurate Changes Based On Business Priorities

• Number of RFCs marked as URGENT

• Number of RFCs not tested prior to implementation

• Number of RFCs that failed

• Number of RFCs without business case

• Number of RFCs bypassing CAB or CAB/EC

Protecting Services When making Changes

• Number of SEV1 incidents caused by RFC implementation

• Number of SEV2 incidents caused by RFC implementation

• Number of other incidents caused by RFC implementation

• Number of RFCs without a backup strategy

Release Management

This discipline of IT Service Management is the management of all software configuration items within the organisation. It is responsible for the management of software development, installation and support of an organization’s software products.

Software is often not regarded as a tangible asset because of its intangible nature, which results in it not being effectively controlled. There can be several versions of the same software within the organization, and there can also be unlicensed and illegal copies of externally provided software.

The practice of effective Software Control & Distribution (SC&D) involves the creation of a Definitive Software Library (DSL), into which the master copies of all software is stored and from here its control and release is managed. The DSL consists of a physical store and a logical store.

The physical store is where the master copies of all software media are stored. This tends to be software that has been provided from an external source.

The logical store is the index of all software and releases, versions, etc. highlighting where the physical media can be located. The logical store may also be used for the storage of software developed within the organization.

SC&D procedures include the management of the software Configuration Items and their distribution and implementation into a production environment. This will involve the definition of a release programme suitable for the organization, the definition of how version control will be implemented, and the procedures surrounding how software will be built, released and audited.

Release Management Overview

Mission Statement

Implement changes to IT services taking a holistic (people, process, technology) view which considers all aspects of a change including planning, designing, building, testing, training, communications and deployment activities.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned Release Management policies, processes and procedures

• Collaboration with those organizations outside of IT that impact IT services to plan and ensure impacted stakeholders are involved and that the service is appropriately tested (from a customer’s perspective) following implementation

• Dedicated Release Manager

• Actions for planned Releases to analyze impacts and, wherever possible, coordinate efforts (such as packaging Release Units)

• A set of standard repositories for maintaining all authorized versions of software (Definitive Software Library – DSL)

• A set of recognized storage locations for spare parts and other hardware (Definitive Hardware Stores – DHS)

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Producing Operable Solutions

• Controlling Releases Into Production

• Implementing Releases Into Production On Time

Key Activities

The key activities for this process are:

• Conduct release planning

• Coordinate design, building and configuring of releases

• Coordinate release acceptance

• Conduct rollout planning

• Coordinate release communications, preparations and training activities

• Coordinate distribution and installation of releases

• Provide management information about Release Management quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Producing Operable Solutions

• Number of implementations bypassing Change Management

• Number of implementations utilizing non-standard components

• Number of implementations utilizing non-licensed components

• Number of implementations non-authorized

• Number of incidents caused by releases

• Number of failed Releases

Controlling Releases Into Production

• Number of Releases implemented without a corresponding RFC

• Number of urgent releases

• Number of releases implemented but not adequately tested

• Number of releases implemented without operational assurance

Implementing Releases Into Production On Time

• Number of Releases implemented

• Number of Releases implemented late

Service Desk

Though not a process, the Service Desk is an important function within the service support set. It is the first and ideally single point of contact for users (SPOC).

The two main focuses of the Service Desk are: Incident Control and Communication.

The Service Desk handles all incoming calls and only escalates them to the second or third tier support when necessary.

Ideally, the Service Desk will have access to a Knowledge Base, which will contain a list of known solutions for common incidents. This way queries or incidents can be solved by the Service Desk staff without taking time from skilled IT technicians.

For the customer the advantage is that they don’t have to ring around searching for the right person to solve their problem and for IT personnel it means that they only have to deal with issues that are related to their skills or area of responsibility.

The Service Desk is responsible for keeping the customer informed on the status of their request.

A Service Catalogue should be available which lists all of the services that IT provides to the business. This catalogue should list the services from a users perspective. A suggestion from the SLM2000 Service Catalogue template for information to be included in a Service Catalogue is listed below. Actual components required in a Service Catalogue will differ depending on the business situation however.

IT Service Management Service Catalogue

1 Executive Overview

2 Scope

3 Service Summary Sheet

4 Service A

4.1 Description

4.2 Customers

4.3 Options

4.4 Price List

4.5 Dependencies & Contributors

4.6 Functional Specification

4.7 Technical Specification

4.8 Support Activities

4.9 Customizations or Variants

4.10 Existing SLAs

4.11 Restrictions

5 Appendices

6 Terminology

Service Desk Function Overview

Mission Statement

Provide a strategic central point of contact for customers and support the Incident Management process by providing an operational single point of contact to manage incidents to resolution.

Function Goal

Achieve the function mission by implementing:

• ITIL-aligned Service Desk function

• Dedicated Service Desk Function Owner

• Centralized function for incident and request handling

• Ongoing monitoring and management of customer satisfaction

• Strong levels of incident communications and ownership

• Right level of support and customer care skills among Service Desk staff and management

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Ensure long term Customer retention and satisfaction

• Assist in the identification of business opportunities.

• Reduce support costs by the efficient use of resource and technology

Key Activities

The key activities for this function are:

• Provide advice and guidance to customers

• Communicate and promote IT services

• Manage and control service communications to customers, suppliers and the business

• Coordinate Incident Management activities

• Manage people, processes and technologies that form the contact infrastructure

• Provide management information about Service Desk quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Ensure Long Term Customer Retention and Satisfaction

• Percent Of Customers Given Satisfaction Surveys

• Customer Satisfaction Rating Of Service Desk

• Percent Of Caller Hold Times Within Service Targets

• Percent Of Calls Responded To Within Service Targets

• Number Of Incident Records Not Yet Closed

• Number Of Calls Abandoned

Assist In The Identification Of Business Opportunities

• Number Of Calls Referred To Sales Organization

• Dollar Value Of Referred Calls To Sales Organization

Reduce Support Costs By Efficient Use Of Resources and Technologies

• Percent Of Calls Resolved At The Service Desk Without Escalation

• Staff Turnover Rate

• Overall Cost Per Call.

Service Delivery

Service Level Management

Service Level Management is the process that forms the link between the IT organization and customers.

Implementing Service Level Management can only be completely successful when the other ITIL processes are implemented as well.

The main aim of SLM is to ensure the quality of the IT services provided, at a cost acceptable to the business/customer.

The goal for SLM is to maintain and improve on service quality through a constant cycle of agreeing, monitoring, reporting and improving the current levels of service. It is focused on the business and maintaining the alignment between the business and IT.

Service Level Management Overview

Mission Statement

Plan, coordinate, negotiate, report and manage the quality of IT services at acceptable cost.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned Service Level Management policies, processes and procedures

• Business-aligned IT services through a constant cycle of agreeing, monitoring and reporting

• Dedicated Service Level Management Process Owner

• Holistic management over IT services versus independent technical silos

• IT Service Catalog

• Service Level Agreements for customers of IT services

• Operational Level Agreements and Underpinning Contracts with IT suppliers

• Reports on the quality of IT services on a regular basis

• Proactive actions to seek service improvements where needed

• Proactive actions to eradicate unacceptable levels of service.

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Meeting Customer Needs And Priorities

• Adherence To Service Levels

• Providing Services Cost Effectively

• Controlling Service Delivery

• Maintaining Recognized Industry Acceptance For IT Quality

• Maintaining An IT Service Culture

Key Activities

The key activities for this process are:

• Identify IT services and service requirements

• Define, build and manage the IT Service Catalog

• Define, build and negotiate Service Level Agreements (SLAs)

• Define, build and negotiate Operational Level Agreements (OLAs)

• Identify Underpinning Contract service requirements (UCs)

• Monitor and manage SLAs, OLAs and UCs

• Initiate service improvement actions

• Provide management information about Service Level Management quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Meeting Customer Needs and Priorities

• Customer satisfaction score/rating

• Average time to implement SLA requests

• Number of SLAs in renegotiation

• Number of SLAs requiring changes (targets not attainable, etc.)

• Number of SLA issues logged

Adherence To Service Levels

• Number of SLA targets missed

• Number of SLA targets threatened

Providing Services Cost Effectively

• Current cost per customer for delivery of services

• Percentage improvement in delivery cost per customer

Controlling Service Delivery

• Number of OLA issues logged

• Number of Underpinning Contract issues logged

Maintaining Recognized Industry Acceptance For IT Quality

• Number of ITs articles/white papers published

• Percentage IT Operations staff in industry (i.e; itSMF) programs

• Percentage progress towards industry certification (i.e; ISO9000)

• Dollars spent on external communications activities

Maintaining an IT Service Culture

• Percentage of IT Operations staff ITIL-aware

• Number of IT Operations staff ITIL certified

• Number of IT Operations staff with advanced ITIL certification

• Number Of Agreed SLAs Not Supported By OLAs/UCs

IT Financial Management

IT Financial Management is the discipline of ensuring that the IT infrastructure is obtained at the most effective price (which does not necessarily mean cheapest) and calculating the cost of providing IT services so that an organisation can understand the costs of its IT services. These costs may then be recovered from the customer of the service.

Costs are divided into costing units: Equipment; Software; Organisation (staff, overtime; accommodation; transfer costs (costs of 3rd party service providers)

These costs are divided into Direct and Indirect costs and may be Capital or Ongoing.

The practice of IT financial management enables the Service Manager to identify the amount being spent on security countermeasures in the provision of the IT services. The amount being spent on these countermeasures needs to be balanced with the risks and the potential losses that the service could incur as identified during a business impact assessment and risk assessment. Management of these costs will ultimately reflect on the cost of providing the IT services and potentially what is charged in the recovery of these costs.

Financial Management Overview

Mission Statement

Provide budgeting, accounting and charging services to control, manage and recover IT cost and spend.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned IT Financial Management policies, processes and procedures

• Dedicated Financial Management Process Owner

• Effective IT budget and planning practices

• Accurate and efficient IT charging and cost recovery for IT services

• Accurate accounting of IT expenditures and revenues

• Reporting on the state and health of IT costs and revenues on a regular basis

• Periodic audits of IT financial information to ensure accuracy

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Effective stewardship over IT finances

Key Activities

The key activities for this process are:

• Perform budgeting for IT services and activities.

• Perform IT accounting activities.

• Perform IT charging and billing activities.

• Provide management information about Financial Management quality and operations.

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Effective Stewardship Over IT Finances

• Overall cost of delivery per customer

• Percentage of IT costs not accounted for

• Dollar value of budget variances/adjustments

• Percentage of IT financial objectives met

• IT Service Headcount

Capacity Management

Capacity Management is the discipline that ensures IT infrastructure is provided at the right time in the right volume at the right price, and ensuring that IT is used in the most efficient manner.

This involves input from many areas of the business to identify what services are (or will be) required, what IT infrastructure is required to support these services, what level of Contingency will be needed, and what the cost of this infrastructure will be.

Capacity management is made up of three sub processes:

Business capacity management (BCM)

Service capacity management (SCM)

Resource capacity management (RCM)

These sub processes all share a common set of activities that are applied from different perspectives. They include the following:

Modeling

Service monitoring

Performance management

Demand management

Workload management

Analysis

Change initiation

Optimization

Trend analysis

These are inputs into the following Capacity Management processes:

· Performance monitoring

· Workload monitoring

· Application sizing

· Resource forecasting

· Demand forecasting

· Modelling

From these processes come the results of capacity management, these being the capacity plan itself, forecasts, tuning data and Service Level Management guidelines.

Capacity Management Overview

Mission Statement

To ensure that all current and future capacity and performance aspects of the IT infrastructure are provided to meet business requirements at acceptable cost.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned Capacity management policies, processes and procedures

• Dedicated Capacity Management Process Owner

• Business Capacity Management to forecast capacity needs based on business events

• Service Capacity Management to ensure capacity levels support established service level targets

• Resource Capacity Management to ensure capacity levels are provided for at the individual IT device level

• Actions to ensure appropriate levels of capacity have been built into new IT Solutions

• Periodic and ongoing forecasting for capacity needs based on both business and technical input

• Ongoing monitoring and analysis of current performance to ensure appropriate levels of capacity have been provided and resources are optimally tuned

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Providing Accurate IT Capacity Forecasts

• Providing Appropriate IT Capacity To Meet Business Needs

Key Activities

The key activities for this process are:

• Perform demand management for business, service and resource capacity activities

• Perform modeling for business, service and resource capacity activities

• Provide application sizing for business, service and resource capacity activities

• Provide capacity plans for business, service and resource capacity activities

• Perform capacity monitoring, analysis and tuning activities

• Implement capacity-related changes

• Control storage of capacity data for capacity activities

• Provide management information about Capacity Management quality and operations.

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Providing Accurate IT Forecasts

• Total dollars in unplanned capacity expenditures

• Total dollars in unused capacity expenditures

• Percent of capacity forecasts that were accurate

• Number of inaccurate business forecast inputs provided

Providing Appropriate IT Capacity To Meet Business Needs

• Number of incidents related to capacity/performance issues

• Number of SLA performance targets missed due to capacity

Availability Management

Availability is usually calculated based on a model involving the Availability Ratio and techniques such as Fault Tree Analysis, and includes the following elements:

· Serviceability – where a service is provided by a 3rd party organisation, this is the expected availability of a component.

· Reliability – the time for which a component can be expected to perform under specific conditions without failure.

· Recoverability – the time it should take to restore a component back to its operational state after a failure.

· Maintainability – the ease with which a component can be maintained, which can be both remedial and preventative.

· Resilience – the ability to withstand failure.

· Security – the ability of components to withstand breaches of security.

Availability Management and IT Security

IT Security is an integral part of Availability Management, this being the primary focus of ensuring IT infrastructure continues to be available for the provision of IT Services.

Some of the above elements are really the outcome of performing a risk analysis to identify any resilience measures to be put in place, identifying just how reliable elements are and how many problems have been caused as a result of system failure.

The risk analysis also recommends controls to improve availability of IT infrastructure such as development standards, testing, physical security, the right skills in the right place at the right time, etc..

Availability Management Overview

Mission Statement

Optimize the capability of the IT infrastructure, services and supporting organization to deliver a cost effective and sustained level of service availability that meets business requirements.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned Availability Management policies, processes and procedures

• Dedicated Availability Management Process Owner

• Holistic management of IT service availability versus independent technical silos

• Actions to ensure availability levels meet established service level targets

• Service Improvement Projects (SIPs) to address availability

• shortfalls and concerns

• Actions to proactively seek availability improvements where needed

• Actions to ensure appropriate levels of availability have been built into new IT solutions

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Maintaining Availability And Reliability Of IT services

• Providing Availability Cost Effectively

• Proactively Addressing Availability Improvements Where Needed

Key Activities

The key activities for this process are:

• Determine availability requirements

• Compile availability plans

• Monitor availability

• Monitor maintenance obligations

• Provide management information about Incident management quality and operations

Key Performance Indicators (KPIs) Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Maintaining Availability and Reliability Of IT Services

• Number of incidents caused by hardware failures

• Number of incidents caused by maintenance failures

• Number of incidents caused by resilience failures

• Number of incidents caused by security failures

• Number of incidents caused by operational failures

• Number of incidents caused by application failures

• Number of incidents caused by data issues/problems

• Number of incidents caused by lack of support skills

• Number of incidents caused by customer actions

Providing Availability Cost Effectively

• Percentage of delivery cost per customer related to availability activities

• Percentage of delivery cost per customer related to resiliency measures implemented

Proactively Addressing Availability Improvements Where Needed

• Number of Service Improvement Initiatives (SIPs) in place

• Number of SIPs completed on time

• Number of SIPs not yet staffed/started

IT Service Continuity Management

Continuity Management / Disaster Recovery / Business Continuity

Continuity management is the process by which plans are put in place and managed to ensure that IT Services can recover and continue should a serious incident occur. It is not just about reactive measures, but also about proactive measures - reducing the risk of a disaster in the first instance.

Continuity management is so important that many organizations will not do business with IT service providers if contingency planning is not practiced within the service provider’s organisation. It is also a fact that many organizations that have been involved in a disaster where their contingency plan failed ceased trading within 18 months following the disaster.

Continuity management is regarded as the recovery of the IT infrastructure used to deliver IT Services, but many businesses these days practice the much further reaching process of Business Continuity Planning (BCP), to ensure that the whole end-to-end business process can continue should a serious incident occur.

Continuity management involves the following basic steps:

· Prioritising the businesses to be recovered by conducting a Business Impact Analysis (BIA)

· Performing a Risk Assessment (aka Risk Analysis) for each of the IT Services to identify the assets, threats, vulnerabilities and countermeasures for each service.

· Evaluating the options for recovery

· Producing the Contingency Plan

· Testing, reviewing, and revising the plan on a regular basis

Continuity Management and Contingency Planning Information & Resources

A number of portals exist which offer guidance upon the topic of continuity management and contingency planning. For example: www.disasterrecoveryworld.com

Continuity Management and IT

Security Continuity Management (and contingency planning, business continuity and disaster recovery) is an integral part of IT security and risk analysis. Inadequate contingency planning is regarded as a risk to the business, and is often overlooked until it is too late, when a security or other breach results in the loss of supporting IT systems. This is a complex area, but fortunately a methodology and tool has evolved to greatly simplify it. The COBRA system emerged to counter the problems encountered through the use of older, less dynamic systems and approaches. It greatly reduces reliance upon external expertise, being equipped with significant knowledge within its 'knowledge bases'.

IT Service Continuity Overview

Mission Statement

Support business continuity management functions by ensuring that IT services can be recovered in the event of a major business disruption within required timescales.

Process Goal

Achieve the process mission by implementing:

• ITIL-aligned IT Service Continuity Management policies, processes and procedures

• Dedicated IT Service Continuity Management Process Owner

• Holistic recovery of IT services to ensure business services are recovered versus technologies

• Alignment of IT service recovery plans with Vital Business Functions

• Actions to ensure Operational Level Agreements and Underpinning Contracts with IT suppliers will support recovery services

• Periodic testing and audits of IT service continuity plans

• Communications for IT service recovery needs and requirements across the IT organization

• Staff awareness and education on IT service continuity actions to be taken in the event of a major business disruption

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Ensuring IT Service Recovery Within Agreed Timescales

Key Activities

The key activities for this process are:

• Define scope of IT Service Continuity Management

• Conduct Business Impact Analysis

• Conduct IT Risk Assessment.

• Define IT Service Continuity Strategy in line with Business Continuity strategy

• Perform IT Service Continuity organization and implementation planning activities

• Implement standby arrangements and risk reduction measures

• Develop IT recovery plans and procedures

• Perform Testing of IT recovery plans and procedures

• Review and audit IT recovery plans and procedures

• Perform IT Service Continuity educational training and awareness activities

• Assess impact of IT changes on IT Service Continuity plans and processes

• Validate ongoing ability of IT Service Continuity strategies to meet business requirements

• Provide management information about IT Service Continuity Management quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Ensuring IT Service Recovery within Agreed Timescales

• Percentage of Vital Business Functions covered by IT Service Continuity Plans

• Percentage of Vital Business Functions covered by annual IT Continuity tests

• Number of annual IT Service Continuity Plan testing failures

• Number of 3rd party recovery support contracts not agreed

• Number of audits performed on IT Service Continuity Plan

• Number of business issues logged against IT Service Continuity.

IT Security Management

According to BS 7799, Information Security refers to maintaining:

Confidentiality - Information is accessible only to those authorized.

Integrity- Safeguarding the accuracy and completeness of information

Availability– Authorised users have access to information when required.

C I A

Objectives:

To ensure that it complies with the external requirements-legislation SLA’s etc.

To create a secure environment regardless of the external requirements

Benefits:

Vital Business Information is kept secure

High availability

Quality of information

Security Management Function Overview

Mission Statement

To prevent the occurrence of security-related incidents by managing the cconfidentiality, integrity and availability of IT services and data line with business requirements at acceptable cost.

Function Goal

Prevent security related incidents by establishing:

Achieve the function mission by implementing:

• ITIL-aligned Security Management function

• Dedicated Security Management Function Owner

• Holistic management view of security considering people, process and physical items as well as technical items

• Centralized function for managing security and establishing security related policies

• Ongoing monitoring and reporting of security

• Proactive actions to prevent security related incidents

• Periodic auditing of security practices to continually improve overall security functions and controls

• Effective security controls that are in line with business and regulatory requirements at acceptable cost levels

Critical Success Factors (CSFs)

The Critical Success Factors (CSFs) are:

• Managing Confidentiality, Integrity and Availability Of IT Services And Data

• Providing Security Cost Effectively

• Proactively Addressing Security Improvements Where Needed

Key Activities

The key activities for this function are:

• Plan for Security Management in line with service and policy requirements

• Coordinate implementation of Security Management people, process and technologies

• Execute Security Management control activities

• Evaluate and audit the Security Management supporting infrastructure

• Maintain Security Management people, processes and technical infrastructure

• Provide management information about Security Management quality and operations

Key Performance Indicators (KPIs)

Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).

Managing the Confidentiality, Integrity and Availability of IT Services and Data

• Number of incidents caused by internal security failures

• Number of incidents caused by external security failures

• Number of security audit and testing failures

Providing Security Cost Effectively

• Percentage of delivery cost per customer related to security management activities

• Percentage of delivery cost per customer related to security measures implemented

Proactively Addressing Security Improvements Where Needed

• Number of Security Improvement Initiatives in place.

• Number of Security Improvement Initiatives completed on time

• Number of Security Improvement Initiatives not yet staffed/started

• Number of Security incidents related to non-current security maintenance.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)