Major Incidents A Quick Win for ITIL?

Yvonne OByrne 12 December 2006

Overview of the presentation

Background to using ITIL at Birmingham Major Incident process a quick win? Demonstrating the results Problems encountered Benefits from using ITIL

Background
Working in Information Services since 1999 Birmingham has a converged Library and IT service with 540 staff (over 100 in IT) IS was reorganised at the start of 2004 Quality recognised with new post created We now have an IT Head of Quality to Do Quality

How do you Do Quality ?

With no staff and no budget No clearly defined remit or scope, other than handle Major incidents and introduce change control Long standing, specialist staff who: are already doing a good job, but work in silos dont want anyone telling them what to do have seen it and heard it all before its all just bureaucracy

Why ITIL?
What I needed:

A clear definition of what Quality means that supports IS & University strategic drivers (risk management, improved communication, customer focus, Value For Money) A framework or standard to sell to IT staff to complement existing good work that staff can buy into that supports them in their work

Major incidents a Quick Win for everyone

Serious problems were escalated unnecessarily to senior management Help Desk staff were overloaded when there was a serious problem Customers complained that we didnt tell them what was happening Local IT staff couldnt help because they didnt know either Technical staff were too busy fixing the problem to tell anyone about it We could do something about it quickly!

Risk management
University group
CPAG (Contingency Planning Action Group) IS Risk Management Group

ITIL process Disaster Major incidents Incidents Projects and Operational service
IT Service continuity management

Problem management Incident management Service Desk Release, Change & Configuration management

Help Desk IS Project Co-ordination Group

Major incident identified by

Customer support calls

Service managers

Help Desk

ICSD staff

Problem Manager

MAJOR Incident

The no. and type of people affected The importance of the business function The no. and type of IT services affected The potential effect on the Universitys external image The elapsed time

= INCIDENT SCORE

Aim to restore service asap

Role of the Problem manager

Holds end of incident review to identify lessons for the future: Identifies actions to be taken to prevent the incident recurring, or to improve our response time Makes sure actions are followed through Identify any underlying problems that may need more time (or funding) to address Reports to the IS Risk Management Group: Prioritises and authorises funding to address serious disruption and fix the underlying problem Statistics are provided to customers as: Key Performance Indicators on service availability and to show service improvement

What do the figures tell us?

Major & Minor Incidents
40 35 30 25 Number 20 15 10 5 0 2004 2005 2006 2 11 Major Minor 31 28 28 37

How does this affect our customers?

Im p act sco re

2004 2005 The impact was reduced by 59% 2005 2006 The impact has reduced by 17%

M ajor Incide nts - Im pact over 3-ye ar pe riod 30000 25000 20000 15000 10000 5000 0 2004 2005 2006 10976

26522

9111

Impact = Score given to Major Incident x no. of hours outage

How far have we progressed?

Proce ss maturity mode l

Impact

Time

And at the service level .

10000 9000 8000 7000 Incident score 6000 5000 4000 3000 2000 1000 0 DoS Networks Email Business Systems 2004 2005 2006

Denial of Service attacks eliminated Network and authentication failures down 95% Email failures reduced by 88% Business Systems failures down 30%

How have these results been achieved?

Replacing old hardware and software Building-in resilience and redundancy to new & existing systems Providing tools for monitoring and analysis Improving communications so that system failure is flagged without delay to the relevant staff Training Data Centre staff to extend routine monitoring and the implementation of fixes Tracking, analysing and fixing issues identified at the end of each incident Developing and improving DR procedures Risk Management Group prioritising & allocating funding Overlapping into other ITIL processes

Problems encountered

Processes are easy compared to the people You can take a horse to water .. Changing the culture is hard work ITIL doesnt really tell you how to do that Spread the word at every opportunity Need to make it relevant to each person and demonstrate the benefits for each individual Its a slow process dont give up

Cultural / people benefits

Provides a consistent way of dealing with incidents and problems A quick win where you can give feedback gains you buy-in from Senior Management and customers Defines roles and responsibilities and encourages ownership of processes Promotes cross-team working and communication of ideas and knowledge, breaks down barriers Provides a professional framework that everyone agrees with

Any Questions?
Yvonne OByrne (y.obyrne@bham.ac.uk)

Head of Quality