You are on page 1of 338

V3.1.0.

cover

 Front cover

ITIL (IT Infrastructure Library)


Foundation

(Course Code SM25)

Student Notebook
ERC 1.0

IBM Certified Course Material


Student Notebook

Trademarks
IBM® is a registered trademark of International Business Machines Corporation.
Other company, product and service names may be trademarks or service marks of others.

September 2004 Edition

The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.

© Copyright International Business Machines Corporation 2004. All rights reserved.


This document may not be reproduced in whole or in part without the prior written permission of IBM.
Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is subject to restrictions
set forth in GSA ADP Schedule Contract with IBM Corp.
V3.1.0.1
Student Notebook

TOC Contents
Course Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Course Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
ITIL Foundation Course: IT Infrastructure Library Overview . . . . . . . . . . . . . . . . . . .xvi
ITIL Foundation Course: Objectives and Contents of the Course . . . . . . . . . . . . . . xvii
ITIL Foundation Course: ITIL Defines a Three-Tiered Structure of Certification Training
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
ITIL Foundation Course: Process Chart Reference . . . . . . . . . . . . . . . . . . . . . . . . .xix

Unit 1. What ITIL Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1


Unit 01: What ITIL is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
What ITIL is: ITIL: de facto standard for service management built on industry “best
practice” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
What ITIL is: Main characteristics of ITIL are: IT services are business-oriented, and
provision of quality customer service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
What ITIL is: Originally created by the UK's Central Computer and Telecommunications
Agency (CCTA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
What ITIL is: The BSI roadmap to make ITIL a standard for service management 1-7
What ITIL is: ITIL is a library of books that aim to describe best practices for IT
infrastructure management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
What ITIL is: The ITIL books describe best practices in IT management, with a special
focus on service management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Most people think of ITIL as service support, but the increasing popularity of ITIL should
be leveraged against a broader spectrum of services . . . . . . . . . . . . . . . . . . . . . . 1-12
What ITIL is: Service management focuses on the tactical and operational processes
of service support and service delivery and their relationships, including security
management (separate ITIL book) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
What ITIL is: ITIL processes in service support represent many of the reactive
processes within IT operations (operational) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14
What ITIL is: Service Delivery focuses on what service the business requires in order
to provide adequate support to the business users (tactical) . . . . . . . . . . . . . . . . 1-15
What ITIL is: Service support process (operational processes) relationships and their
interaction with the CMDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
What ITIL is: Service delivery process (tactical processes) relationships . . . . . . . 1-17
What ITIL is: Other ITIL books . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18
What ITIL is: Customers across the globe are asking more and more about ITIL 1-19
What ITIL is: ITIL implementation: Adopt and Adapt . . . . . . . . . . . . . . . . . . . . . . . 1-20

Unit 2. Process Implementation Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1


Unit 02: Process Implementation Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Process Implementation: What is a process? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

© Copyright IBM Corp. 2004 Contents iii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Process Implementation: A process flows across the organizational hierarchies within


a company and sometimes flows across company boundaries . . . . . . . . . . . . . . . .2-4
Process Implementation: Why do we need processes? . . . . . . . . . . . . . . . . . . . . . .2-5
Process Implementation: What are the benefits? (1) . . . . . . . . . . . . . . . . . . . . . . . .2-6
Process Implementation: What are the benefits? (2) . . . . . . . . . . . . . . . . . . . . . . . .2-7
Process Implementation: What are the benefits? (3) . . . . . . . . . . . . . . . . . . . . . . . .2-8
Process Implementation: Mission-critical changes or reorganizations within an IT
corporation require new processes or needs to improve existing processes . . . . . .2-9
Process Implementation: Continuous processes improvement is also a trigger . .2-10
Process Implementation: Why implement service management? . . . . . . . . . . . . .2-11
Process Implementation: Service and Process . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12
Process Implementation: Service, Process, Procedure, and work instructions . . .2-13
Process Implementation: Project Management . . . . . . . . . . . . . . . . . . . . . . . . . . .2-14
Process Implementation: Factors who will influence the success of an ITSM project
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15
Process Implementation: People . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-16
Process Implementation: Each task within a process is executed by a role . . . . . .2-17
Process Implementation: ITSM Project (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-18
Process Implementation: ITSM Project (2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-19
Process Implementation: From the above model, 5 phases of a ITSM project are
definable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-20
Process Implementation: Ongoing quality improvement . . . . . . . . . . . . . . . . . . . .2-21
Process Implementation: Communication Plan . . . . . . . . . . . . . . . . . . . . . . . . . . .2-22
Process Implementation: Global Consideration . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24
Process Implementation: Process Description . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-25
Process Implementation: High-Level Design of a Process . . . . . . . . . . . . . . . . . . .2-26
Process Implementation: A Process Implementation considers both an initial process
design and an improvement of the existing environment . . . . . . . . . . . . . . . . . . . .2-27
Process Implementation: A review is important for quality assurance . . . . . . . . . .2-28
Process Implementation: A review is important for quality assurance . . . . . . . . . .2-29
Process Implementation: Critical success factors . . . . . . . . . . . . . . . . . . . . . . . . .2-31
Process Implementation: Possible problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32
Process Implementation: Project costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-33

Unit 3. Service Desk (SPOC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1


Unit 03: Service Desk (SPOC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2
Service Desk: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3
Service Desk: The Service Desk is the Single Point of Contact [SPOC] between the
users and the IT Services Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4
Service Desk: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5
Service Desk: The Service Desk is traditionally seen as a group of specialists who have
the required knowledge to process any kind of request or incident . . . . . . . . . . . . .3-6
Service Desk: The Importance of the Service Desk . . . . . . . . . . . . . . . . . . . . . . . . .3-7
Service Desk: Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8
Service Desk: Service Desk Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9
Service Desk: Service Desk Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10
Service Desk: Processes within the Service Desk . . . . . . . . . . . . . . . . . . . . . . . . .3-11
Service Desk: Inputs and Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12

iv ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

TOC Service Desk: There are 3 Service Desk Types (1): the Local Service Desk . . . . 3-13
Service Desk: There are 3 Service Desk Types (2): Central Service Desk . . . . . 3-14
Service Desk: There are 3 Service Desk Types (3): Virtual Service Desk . . . . . . 3-15
Service Desk: User empowerment (self-help) enhances customer satisfaction while
lowering support cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Service Desk: A crucial success factor is standardized working methods . . . . . . 3-17
Service Desk: Setting up a Service Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18
Service Desk: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19
Service Desk: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Service Desk: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Service Desk: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

Unit 4. Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1


Unit 04: Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Incident Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 4-3
Incident Management: Mission statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Incident Management: Definition: Incident, Problem and “Known Error” . . . . . . . . 4-5
Incident Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Incident Management: Activity incident handling . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Incident Management: The status of an incident reflects its current position in its
lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Relationship with other IT services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Incident Management: Use of standard registration, documentation, and methods is
basis of success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Incident Management: Classification: Find service affected, match against SLA, and
assign priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Incident Management: Priority order for handling incidents is primarily defined by
impact and urgency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Incident Management: Each priority is related to a certain recovery time… . . . . . 4-14
Incident Management: … This results in an appropriate escalation . . . . . . . . . . . 4-15
Incident Management: Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
Incident Management: Escalation – Trigger and Measures . . . . . . . . . . . . . . . . . 4-18
Incident Management: Escalation – Escalation Levels . . . . . . . . . . . . . . . . . . . . . 4-19
Incident Management: Escalation – Example of an Escalation Matrix . . . . . . . . . 4-20
Incident Management: Input and Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
Incident Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
Incident Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
Incident Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
Incident Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

Unit 5. Problem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1


Unit 05: Problem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Problem Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 5-3
Problem Management: Mission statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Problem Management: Some definitions: Problem, Known Error, and RFC . . . . . . 5-5
Problem Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Problem Management: Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Problem Management: Activity: Problem Control . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

© Copyright IBM Corp. 2004 Contents v


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Problem Management: Activity: Error Control . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10


Problem Management: Activity: Proactive Problem Management . . . . . . . . . . . . .5-11
Problem Management: Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12
Problem Management: Reactive - Proactive . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-13
The Complete Picture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-14
Problem Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-15
Problem Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-16
Problem Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-17
Problem Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-18

Unit 6. Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1


Unit 06: Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2
Change Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . .6-3
Change Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-4
Change Management: Some definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-5
Change Management: Why Change Management is so important . . . . . . . . . . . . .6-7
Change Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8
Change Management: The Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9
The Process Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-10
Change Management: Content of a Request for Change (RFC) . . . . . . . . . . . . . .6-11
Change Management: Categorization: Minor – Significant – Major . . . . . . . . . . . .6-13
Change Management: Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14
Change Management: Composition of the Change Advisory Board (CAB) should reflect
user, customer, and service provider view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15
Change Management: Optimization can be reached through correlation of RFCs on
related CIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16
Change Management: Interfaces to other SM processes (1) . . . . . . . . . . . . . . . . .6-17
Change Management: Interfaces to other SM processes (2) . . . . . . . . . . . . . . . . .6-18
Change Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19
Change Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-20
Change Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-21
Change Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22

Unit 7. Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1


Unit 07: Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Configuration Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . .7-3
Configuration Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Configuration Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Configuration Management: Definition: Configuration Item . . . . . . . . . . . . . . . . . . .7-6
Configuration Management: Definition: Configuration Item – Scope and Level of Detail
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Configuration Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-9
Configuration Management: Configuration Management Database (CMDB) – Structure
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-11
Configuration Management: CMDB – Status of CI . . . . . . . . . . . . . . . . . . . . . . . . .7-12
Configuration Management: Interfaces with all other processes . . . . . . . . . . . . . .7-13
Configuration Management: Relationship with Release and Change Management
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-15

vi ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

TOC Configuration Management: CIs and their relations to other processes . . . . . . . . 7-16
Configuration Management: Variant and Baseline . . . . . . . . . . . . . . . . . . . . . . . . 7-17
Configuration Management: Licence Management . . . . . . . . . . . . . . . . . . . . . . . . 7-18
Configuration Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19
Configuration Management: Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20
Configuration Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21
Configuration Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-23
Configuration Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-24

Unit 8. Release Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1


Unit 08: Release Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Release Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 8-3
Release Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
Release Management: Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Release Management: Why Release Management . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Release Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Release Management: Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
Release Management: Major Activities of Release Management . . . . . . . . . . . . . . 8-9
Interactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Release Management: DSL and DHS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
Release Management: Software Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Release Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
Release Management: Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17
Release Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Release Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19
Release Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20

Unit 9. Service Level Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1


Unit 09: Service Level Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Service Level Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . 9-3
Service Level Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Service Level Management: Why Service Level Management . . . . . . . . . . . . . . . . 9-5
Service Level Management: SLM – Balance service capabilities and service
requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Service Level Management: Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
Service Level Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
Service Level Management: Service Level Management Activities . . . . . . . . . . . . 9-9
Service Level Management: Manage relationship with customers and suppliers
(internal and external) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10
Service Level Management: Different points of view: Communication . . . . . . . . . 9-11
Service Level Management: Content of a Service Level Agreement (SLA) . . . . . 9-12
Service Level Management: Service Level Agreement (SLA) – Basic Structure . 9-13
Service Level Management: Service Level Agreement (SLA) – Legal Contents . 9-14
Service Level Management: Elements of a Service Spec Sheet . . . . . . . . . . . . . 9-15
Service Level Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16
Service Level Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17
Service Level Management: Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-18
Service Level Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19

© Copyright IBM Corp. 2004 Contents vii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Service Level Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-20

Unit 10. Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1


Module 10: Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2
Availability Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . .10-3
Availability Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-4
Availability Management: Definitions (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-5
Availability Management: Definitions (2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-6
Availability Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-7
Availability Management: Inputs and Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-8
Availability Management: Uptime, Downtime, and Availability . . . . . . . . . . . . . . . .10-9
Availability Management: Availability Measurements (1) . . . . . . . . . . . . . . . . . . .10-11
Availability Management: Availability Measurement (2) . . . . . . . . . . . . . . . . . . . .10-12
Availability Management: Availability Measurement Example (3) . . . . . . . . . . . .10-13
Availability Management: Risk Management is also an aspect of availability . . .10-14
Availability Management: Availability Reporting . . . . . . . . . . . . . . . . . . . . . . . . . .10-16
Availability Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18
Availability Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-19
Availability Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-20
Availability Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-21

Unit 11. Capacity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1


Unit 11: Capacity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2
Capacity Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . .11-3
Capacity Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-4
Capacity Management: Why Capacity Management? . . . . . . . . . . . . . . . . . . . . . .11-5
Capacity Management: Capacity Management has three sub-processes . . . . . . .11-6
Capacity Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-8
Capacity Management: Input & Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-10
Capacity Management: Iterative Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-11
Capacity Management: Capacity Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-12
Capacity Management: Capacity Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-14
Capacity Management: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-16
Capacity Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-17
Capacity Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-20
Capacity Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-21

Unit 12. Financial Management for IT Services . . . . . . . . . . . . . . . . . . . . . . . . 12-1


Unit 12: Financial Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-2
Financial Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . .12-3
Financial Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-4
Financial Management: Why Financial Management for IT Services (1) . . . . . . . .12-5
Financial Management: Why Financial Management for IT Services (2) . . . . . . . .12-6
Financial Management: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-7
Financial Management: Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-8
Financial Management: Process – Budgeting and Accounting Activities (mandatory)
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-10
Financial Management: Process – Charging (optional) . . . . . . . . . . . . . . . . . . . .12-11

viii ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

TOC Financial Management: Cost Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-12


Financial Management: Cost Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-14
Financial Management: Costs types – Example: Printing a report . . . . . . . . . . . 12-17
Financial Management: Example of IT Accounting . . . . . . . . . . . . . . . . . . . . . . . 12-18
Financial Management: Links to other processes . . . . . . . . . . . . . . . . . . . . . . . . 12-19
Financial Management: Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21
Financial Management: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22
Financial Management: Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24
Financial Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25

Unit 13. IT Service Continuity Management (ITSCM) . . . . . . . . . . . . . . . . . . . . 13-1


Unit 13: IT Service Continuity Management (ITSCM) . . . . . . . . . . . . . . . . . . . . . . 13-2
ITSCM Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 13-3
ITSCM: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4
ITSCM: Why ITSCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5
ITSCM: Definitions: Business Continuity Management (BCS) and ITSCM . . . . . . 13-6
ITSCM: Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-7
ITSCM: Continuity Management Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8
ITSCM: Risk of events that can cause disaster . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-9
ITSCM: Some events that have caused problems . . . . . . . . . . . . . . . . . . . . . . . 13-10
ITSCM: Risk Analysis as part of BCM Requirements definition . . . . . . . . . . . . . 13-11
ITSCM: The continuity strategy involves the selection of recovery options . . . . 13-12
ITSCM: Continuity Plan Invocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14
ITSCM: Test and Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15
ITSCM: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16
ITSCM: Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-18
ITSCM: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-19

Unit 14. Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1


Unit 14: Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
ITSCM Management: Integration into the IPW Model . . . . . . . . . . . . . . . . . . . . . . 14-3
Security Management: Mission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4
Security Management: Definitions: CIA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5
Security Management: Why Security Management? . . . . . . . . . . . . . . . . . . . . . . 14-6
Security Management: Information Security Incident . . . . . . . . . . . . . . . . . . . . . . 14-7
Security Management: Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8
Security Management: Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-9
Security Management: Process- Input from Customer . . . . . . . . . . . . . . . . . . . . 14-10
Security Management: Process – Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-11
Security Management: Process – SLA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12
Security Management: Process – Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13
Security Management: Process – Implement . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14
Security Management: Process – Evaluate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15
Security Management: Process – Maintain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16
Security Management: Process – Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17
Security Management: Level of measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18
Security Management: Benefits and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19
Security Management: Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-20

© Copyright IBM Corp. 2004 Contents ix


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

x ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

pref Course Description


ITIL (IT Infrastructure Library) Foundation

Duration: 2 days

Purpose
Learn the basics of Information Technology (IT) Infrastructure Library
(ITIL) and discover the importance of a systematic approach to
management. The ITIL contains a comprehensive description of the
processes involved in managing IT infrastructures. Build your
awareness of the best practice approach to IT service support and
service delivery. Gain an understanding of the importance of an IT
infrastructure and IT service for an organization, a process-like
approach to business organization, the ITIL management framework,
basic terms, and concepts of the work processes used to manage an
IT infrastructure. Take the ITIL Foundations Certification Exam upon
course completion.

Audience
This course is intended for people working in the field of IT service
management.

Prerequisites
None

Objectives
Upon completion of the course, the student will be able to:
• Understand the importance of an IT infrastructure
• Describe the best practices for IT service
• Develop a process-like approach to business organization
• Describe the ITIL management framework
• Understand the basic terms and concepts of the work processes
used to manage an IT infrastructure

© Copyright IBM Corp. 2004 Course Description xi


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Contents
Topics include:
• ITIL best practice: history, purpose, and acceptance
• Introduction to the ITIL booklets of best practices
• ITIL scope, infrastructure, and process terms
• Characteristics of the ITIL sets and process groups
• Strategic, tactical, and operational perspectives
• Service support set: configuration management, service desk
incident management, problem management, change
management, and release management
• Service delivery set: service level management, availability
management, capacity management, IT service continuity
management, and financial management for IT services
• Links with the security management process
• Example examination

Curriculum relationship
The Foundation Certificate in IT Service Management is a prerequisite
for the Practitioner's and Manager's Certificate in IT Service
Management.

xii ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

pref Agenda
Day 1
ITIL Introduction
Service Desk
Incident Management
Problem Management
Change Management
Configuration Management
Release Management
Exercise

Day 2
Recap Discussion
SLM
Availability Management
Capacity Management
Financial Management
Continuity Management
Security Management
Examination

© Copyright IBM Corp. 2004 Agenda xiii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

xiv ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

pref Course Introduction

© Copyright IBM Corp. 2004 Course Introduction xv


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITIL Foundation Course


IT Infrastructure Library Overview

ITIL – Planning to Implement Service Management

Technology
Business

Service Management

The Service Support ICT


Business Infrastructure
Perspective Management
Service Delivery

Security
Management

Application Management

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 0-1. ITIL Foundation Course: IT Infrastructure Library Overview SM251.0

Notes:

xvi ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

pref IBM Global Services

ITIL Foundation Course


Objectives and Contents of the Course
ƒ Objectives
– Understand the ITIL Framework (what, who, where, why, and how)
– Understand the benefits of adopting ITIL
– Use the same language for Service Management
– Pass for the Foundation Certification Exam

ƒ Contents
– Overview of the 2 ITIL core modules:
• 5 Processes of Service Support und 1 Function
• 5 Processes of Service Delivery
• Security Management for IT Services
– Activities of each ITIL process
– Benefits/difficulties/costs of implementing ITIL process
– Links with other ITIL processes
– ITIL process roles and responsibilities
– Order of implementation within ITIL process
– Success factors within an ITIL implementation
– No details of procedures within process, which are organization-dependent!

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 0-2. ITIL Foundation Course: Objectives and Contents of the Course SM251.0

Notes:

© Copyright IBM Corp. 2004 Course Introduction xvii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITIL Foundation Course


ITIL Defines a Three-Tiered Structure of Certification Training

Practitioners (9 certificates)
Availability Mgmt (5 days)
Incident Mgmt (5 days)
Problem Mgmt (5 days)
Configuration Mgmt (5 days)
Service Level Mgmt (5 days)
Change Mgmt (5 days)
Foundations
1 hour Multiple Choice
Essential (2 days)
1 hour Multiple Choice
Service Manager
Service Support (5 days)
Prerequisites
assessed by 3 hours Essay Examination
Examination Service Delivery (5 days)
Board 3 hours Essay Examination

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 0-3. ITIL Foundation Course: ITIL Defines a Three-Tiered Structure of Certification Training SM251.0

Notes:
ITIL defines three levels of certification. The Foundations Certificate is the first level and
covers Service Management essentials. Foundations classes typically last 2 days, and
culminate with a 1-hour multiple choice exam.
Next, 9 Practitioner Certificates are available. These each concentrate on a specific
process area within Service Management, such as Change Management. Each of the
Practitioner classes lasts 5 days and ends with a 1-hour multiple choice exam.
ITIL's highest level of certification is the Service Manager, or Masters certificate. Service
Manager classes involve two weeks of intense study, and Service Managers must pass two
3-hour essay-based exams: one for Service Support, and one for Service Delivery.
Furthermore, the exam board must assess and validate that each person sitting for the
Service Manager exam has met all of the defined prerequisites.
So, when someone holds ITIL certification, you know what you're getting because the
levels of certification and testing are independently defined and verified.

xviii ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

pref IBM Global Services

ITIL Foundation Course


Process Chart Reference

Source: IPW Model is a trade mark of Quint Wellington Redwood and KPN Telecoms

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 0-4. ITIL Foundation Course: Process Chart Reference SM251.0

Notes:
The chart which aims to show the flow of ITIL processes, and the most referenced by itSMF
(IT Service Management Forum), is the IPW Process Model, a trade mark of Quint
Wellington and KPN. The IPW Model is neither a complete nor a perfect plot of ITIL
processes. It will, however, be used during the training, just to show some interfaces
between processes, and the position of a process within the operational or tactical activities
of the business.

© Copyright IBM Corp. 2004 Course Introduction xix


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

xx ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 1. What ITIL Is

What This Unit Is About


This unit is an introduction to ITIL. We will start with a short history,
then discover ITIL, and explain why it is increasingly popular to help
managing IT.

What You Should Be Able to Do


After completing this unit, you should be able to think about how a
formalized framework can help a company manage its asset.

References
BS 15000-1:2002 IT Service Management (Part 1: Specification for
Service Management)
BS 15000-2:2003 IT Service Management (Part 2: Code of Practice
for IT Service Management)
PD 0005:2003 IT Service Management – A Manager’s Guide
PD 0015:2002 Service Management – Self-Assessment
Workbook

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 01
What ITIL is

Contents of this module:

ƒ What ITIL is
ƒ ITIL history
ƒ Contents of ITIL books
ƒ Popularity and benefits of ITIL

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-1. Unit 01: What ITIL is SM251.0

Notes:

1-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
ITIL: de facto standard for service management
built on industry “best practice”

What is ITIL?
ƒ ITIL stands for Information Technology Infrastructure Library
ƒ A set of books that describe best practices for IT infrastructure management
ƒ An internationally-recognized set of best practices in the public domain
• Provides guidance, but not a step-by-step methodology
ƒ A holistic approach to IT infrastructure management
ƒ ITIL by its widespread use became a de facto standard
The aims in developing the IT Infrastructure Library are
ƒ To facilitate the quality management of IT services, and in doing so increase the efficiency
with which the corporate objectives and business requirements are met
ƒ To improve efficiency, increase effectiveness, and reduce risks
ƒ To provide codes of practice in support of total quality
Benefits of implementing ITIL
ƒ Enhanced customer satisfaction, as it is clear what service providers know and deliver
ƒ Formalize the use of procedures so that they are more reliable to follow
ƒ Improved quality of service – more reliable business support
ƒ Better motivated staff through better management of expectations and responsibilities

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-2. What ITIL is: ITIL: de facto standard for service management built on industry “best practice” SM251.0

Notes:
• Service support is currently the most popular topic worldwide in terms of customer
popularity; the ITIL book on Service Support is most often referenced.
• ITIL is a library of books on what you need to do to manage IT as business; but it does
not explain in detail how to do it.
• The ITIL framework places a strong emphasis on process; and is of most interest to
customers who see process as important.
• Application management is NOT application development. Instead, it looks at the entire
lifecycle of managing applications from a service point of view. For example, for SAP,
when you are gathering requirements, you need to think about all of the service
management elements to make the lifecycle effective. How will the application be
configured? Will it be available at the required service levels? How will new releases be
deployed? How will it be supported? And so on.

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

• All books are released except for The Business Perspective which will cover the
business value chain (customer/IT/business), business alignment (how an organization
is set up, how it is governed, and managing the relationship between IT and business);
it is mostly an overview of ITIL's value to the business, and emphasizes that IT should
have a business perspective.

1-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
Main characteristics of ITIL are: IT services are business-oriented, and
provision of quality customer service

Other Characteristics of ITIL


– Service and customer focused
– Helicopter view of processes and activities
– Provides a common language. This makes education very important to provide this
common language to all people in the process.
– Independent of organizational structures, architectures or technologies

IT management is all about the efficient and effective use of the four Ps: people,
processes, products (tools and technology), and partners (suppliers, vendors, and
outsourcing organizations).

People

Processes Products

Partners

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-3. What ITIL is: Main characteristics of ITIL are: IT services are business-oriented, and provision of quality customer service
SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

What ITIL is
Originally created by the UK’s Central Computer and
Telecommunications Agency (CCTA)

Origin and History of ITIL


ƒ Originated from UK government in late 1980s (CCTA Central Computer and Telecommunications
Agency
ƒ First publications appeared in 1989
ƒ Further developed by incorporating public and private sector best practice (IBM, HP, Microsoft, and
so on)
ƒ Consolidated in 1999 into ITIL Version 2. Two books to improve consistency and focus on service
management were published – Service Support and Service Delivery
ƒ These two core books were supplemented by new books that cover implementation planning,
security management, infrastructure management, application management, and the business
perspective
ƒ 2001: the CCTA is incorporated within the Office of Government Commerce (OGC). ITIL is a
registered mark of OGC.

ƒ ITIL has subsequently been used as the basis for the development of a British Standard for Service
Management.

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-4. What ITIL is: Originally created by the UK's Central Computer and Telecommunications Agency (CCTA) SM251.0

Notes:

1-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
The BSI roadmap to make ITIL a standard for service management

British Standards Institution (BSI)

ƒ 1998 - Code of Practice [PD0005]


ƒ 2000 - Self-assessment Workbook [PD0015]
- Specification [BS15000:2000]
ƒ 2001 - Early adopters Æ Feedback
ƒ 2002 - Rewrite as Part 1 & 2 Standard
What to
achieve
Specification
- Rewrite PD0015/PD0005 BS15000

Guidance
ƒ 2003 - Formal certification scheme PD0015 Code of Practice

ƒ 2006 - ISO Standard PD0005


Management
overview

Process
OGC ITIL
definitions
questionnaire

In-house processes & Deployed


procedures solution

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-5. What ITIL is: The BSI roadmap to make ITIL a standard for service management SM251.0

Notes:
ITIL consists of modules containing advice and guidance on best practice relating to the
provision of IT services. ITIL has subsequently been used as the basis for the development
of a British Standard for Service Management. The standard and ITIL are aligned, and the
standard has itself been recently revised and is now defined in the following set of
documents:
• BS 15000-1:2002, IT Service Management (Part 1: Specification for Service
Management)
• BS 15000-2:2003, IT Service Management (Part 2: Code of Practice for IT Service
Management)
• PD 0005:2003, IT Service Management – A Manager's Guide
• PD 0015:2002, IT Service Management – Self Assessment Workbook
These documents provide a standard against which organizations can be assessed and
certified with regard to the quality of their IT Service Management processes.

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

A BS 15000 Certification scheme was introduced in July 2003. The scheme was designed
by the itSMF and is operated under their control. A number of auditing organizations are
accredited within the scheme to assess and certify organizations as compliant to the BS
15000 standard and its content. The BS 15000 standard is now progressing towards an
international (ISO) standard on Service Management.

1-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
ITIL is a library of books that aim to describe best practices for IT
infrastructure management

Content of ITIL
“Currently ITIL consists in a set of
books, which document and place
existing methods and activities in a
structured context."

ITIL as a Guidance
"ITIL does not cast in stone every action
you should do on a day to day basis
because that is something that will differ
from organization to organization.
Instead it focuses on best practice that
can be utilized in different ways
according to need."

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-6. What ITIL is: ITIL is a library of books that aim to describe best practices for IT infrastructure management SM251.0

Notes:
ITIL is a framework, not a methodology. It describes what needs to be done, but the advice
it offers may be implemented in a variety of ways. ITIL provides guidance, not a
step-by-step “how-to” for managing IT services, but it does include a rich body of
documentation.

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

What ITIL is
The ITIL books describe best practices in IT management, with a
special focus on service management

ITIL – Planning to Implement Service Management

Technology
Business

Service Management

The Service Support ICT


Business Infrastructure
Perspective Management
Service Delivery

Security
Management

Application Management

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-7. What ITIL is: The ITIL books describe best practices in IT management, with a special focus on service management
SM251.0

Notes:
The most widely used processes within the ITIL framework are those in Service
Management.
IT Service Management is concerned with delivering and supporting IT services that are
appropriate to the business requirements of the organization. ITIL provides a
comprehensive, consistent, and coherent set of best practices for IT Service Management
processes, promoting a quality approach to achieving business effectiveness and
efficiency in the use of information systems. ITIL processes are intended to be
implemented so that they underpin, but do not dictate, the business processes of an
organization.
Being a framework, ITIL describes the contours of organizing Service Management. The
models show the goals, general activities, inputs, and outputs of the various processes,
which can be incorporated within IT organizations. ITIL does not cast in stone every action
you should do on a day-to-day basis, because that is something which will differ from

1-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty organization to organization. Instead, it focuses on best practice that can be utilized in
different ways according to need.
Thanks to this framework of proven best practices, the IT Infrastructure Library can be used
within organizations with existing methods and activities in Service Management. Using
ITIL does not imply a completely new way of thinking and acting. It provides a framework in
which to place existing methods and activities in a structured context. By emphasizing the
relationships between the processes, any lack of communication or cooperation between
various IT functions can be eliminated or minimized.

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Most people think of ITIL as service support, but the increasing popularity of
ITIL should be leveraged against a broader spectrum of services
• Service Desk
• Service Level Management
• Configuration Management
• Availability Management
• Incident Management
• Capacity Management
• Problem Management
• Financial Management for IT Services
• Change Management
• IT Services Continuity Management
• Release Management

Planning to implement service management


• Not Published
(4/2004) • Design and Plan
• Draft being Service management • Deployment

The technology
reviewed Operations
The business

(IBMers on The ICT • Technical Support


review team) Service support
business Infrastructure
perspective management
Service delivery • IT Infrastructure Security
Security Management
Software Asset Management management • Security setup from the IT
manager's point of view
Application management

• Manage the Business Value


• What is the vision?
• Organization & Roles • Align Service Delivery with Business Strategy
• Where are we now?
• Process Overview • Drivers and Organizational Capability
• Where do we want to be? • Tools & Technology • Application Lifecycle Management
• How do we check our milestones? • Partners and SAM
• Organization Roles and Functions
• How do we keep momentum?
• Control Methods and Techniques
9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-8. Most people think of ITIL as service support, but the increasing popularity of ITIL should be leveraged against a broader
spectrum of services SM251.0

Notes:

1-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
Service management focuses on the tactical and operational processes
of service support and service delivery and their relationships,
including security management (separate ITIL book)

Capacity
Management
Availability Service Delivery - IT Service
Management Provide quality, cost- Continuity
effective IT Services

Service Level Financial


Management Management

Release Configuration
Management Management

Service Support - Provide


Change stability and flexibility for IT
Incident
Management service provision
Management
Problem
Security
Management
Management

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-9. What ITIL is: Service management focuses on the tactical and operational processes of service support and service delivery
and their relationships, including security management (separate ITIL book) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

What ITIL is
ITIL processes in service support represent many of the reactive
processes within IT operations (operational)
Service Desk
Central point of contact between users and the IT service organization.

Incident Management
Restore normal service operations as quickly as possible.

Problem Management
Prevent and minimize the adverse effect on the business of errors in the IT
Infrastructure.

Configuration Management
Provide a logical model of the IT infrastructure by identifying, controlling, maintaining,
and verifying the versions of all configuration items.

Change Management
Ensure standardized methods and procedures are used for efficient, prompt, and
authorized handling of all changes in the IT infrastructure.

Release Management
Ensure that all technical and non-technical aspects of a release are dealt with in a
coordinated approach.

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-10. What ITIL is: ITIL processes in service support represent many of the reactive processes within IT operations (operational)
SM251.0

Notes:

1-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
Service Delivery focuses on what service the business requires in
order to provide adequate support to the business users (tactical)

Service Level Management


Maintain and improve IT service quality through a constant cycle of agreeing, monitoring,
reporting, and reviewing IT service achievements.

Financial Management for IT Services


Provide cost-effective stewardship of IT assets and resources used in providing IT services.

Capacity Management
Ensure that capacity and performance aspects of the business requirements are provided in a
timely and cost-effective manner.

Availability Management
Optimize the capability of the IT infrastructure and supporting organization to deliver a cost-
effective and sustained level of availability to satisfy business objectives.

IT Service Continuity Management


Ensure that the required IT technical and service facilities can be recovered within the time
scales required by Business Continuity Management.

Security Management
Manage a defined level of security on information and IT services.

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-11. What ITIL is: Service Delivery focuses on what service the business requires in order to provide adequate support to the
business users (tactical) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

What ITIL is
Service support process (operational processes) relationships and their
interaction with the CMDB
The business, customers, and users

Incidents Communications
Management Queries Updates
tools Enquiries Workarounds

Incident Incidents Service


Incidents management desk Customer Changes
Survey
Problem reports
Service reports management
Incident statistics Release
Audit reports
Problem statistics
Change
Trend analysis management
Problem reports
Problem review Change schedule
Diagnostic aids CAB minutes Release
Audit reports Change statistics management
Change reviews
Audit reports Release schedule
Release statistics Configuration
CMDB reports
Release reviews management
CMDB statistics
Secure library
Policy standards
Testing standards
Audit reports
Audit reports

Problems CIs
Incidents Changes Releases
Known errors Relationships
Configuration management database
13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-12. What ITIL is: Service support process (operational processes) relationships and their interaction with the CMDB SM251.0

Notes:
Explain the links between processes. Configuration Management is shown as the basic
process.

1-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
Service delivery process (tactical processes) relationships

The business, customers, and users

Availability Queries
Communications
management Updates
Enquiries
Reports

Availability plan Capacity Service level


AMDB management management
Design criteria
Requirements
Targets/thresholds SLAs, SLRs, OLAs, UCs
Targets
Reports Service reports
Capacity plan Financial Achievements
Audit reports Service catalog
CDB management for SIP
Targets/thresholds Exception reports
Capacity reports IT services
Audit reports
Schedules
Audit reports Financial plan
Types and models
Costs and charges
Reports IT continuity plans
Budgets and forecasts
IT service
BIA and risk analysis
Audit reports continuity Requirement definition
management Control centers
System Alerts and DB contracts
Management Exceptions Reports
tools Changes Audit reports

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-13. What ITIL is: Service delivery process (tactical processes) relationships SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

What ITIL is
Other ITIL books
Planning to Implement Service Management - explains the steps necessary to identify
how an organization might expect to benefit from ITIL, and how to set about reaping those
benefits.

ICT Infrastructure Management - covering Network Service Management, Operations


Management, Management of Local Processors, Computer Installation, and Acceptance,
and for the first time, Systems Management.

Applications Management - embracing the Software Development Lifecycle, expanding


the issues touched on in Software Lifecycle Support and Testing of IT Services.
Applications Management also provides more detail on Business Change, with emphasis
being placed on clear requirement definition and implementation of solutions.

The Business Perspective - concerning the understanding and provision of IT service


provision. Issues covered include Business Continuity Management, Partnerships and
Outsourcing, Surviving Change, and Transformation of business practices through radical
change.

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-14. What ITIL is: Other ITIL books SM251.0

Notes:
These books are not in focus for the foundation.

1-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

What ITIL is
Customers across the globe are asking more and more about ITIL

Benefits of ITIL
ƒ More professional staff
ƒ Enhanced customer satisfaction as service providers know and
deliver what is expected of them
ƒ Better service quality and responsiveness
ƒ Properly aligned roles and responsibilities
ƒ ITIL incorporates a QM strategy
ƒ Long-term cost reduction for IT services
ƒ Improved alignment of IT with the business and improved service
delivery
ƒ ITIL brings a cross-organizational focus on business results and
customer satisfaction

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-15. What ITIL is: Customers across the globe are asking more and more about ITIL SM251.0

Notes:
ITIL is focused on improving service quality to the customer. Customers who adopt the ITIL
framework can expect to see improved alignment of IT with the business, a long-term
reduction in the cost of IT services, and better service quality and responsiveness.
Customers should see a reduction in system outages as proactive planning and quality
measures are implemented, and they should be able to implement IT infrastructure more
quickly to support new business requirements. Customer satisfaction should increase
because service providers will know and deliver what is expected of them, based on what
the business requires. And support services should become more competitive.
Service providers will also benefit from the adoption of ITIL. Service providers should see
improvements in service delivery because they will have a single definable, repeatable,
scalable, and consistent set of IT processes. Roles and responsibilities will be properly
aligned and understood. Communications between IT departments should improve
because the linkages between processes will be documented and understood. Service
providers should see better resource utilization — and resources will be allocated based on
business demands — and staff will be more professional and motivated because skill
requirements and capabilities, along with job expectations, are better understood.

© Copyright IBM Corp. 2004 Unit 1. What ITIL Is 1-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

What ITIL is
ITIL implementation: Adopt and Adapt

ƒ ITIL describes what needs to be done but not how it should be done.

ƒ ITIL does not define:


ƒ Every role, job, or organization design
ƒ Every tool, every tool requirement, every required customization
ƒ Every process, procedure, and task required to be implemented

ƒ ITIL does not claim to be a comprehensive description of everything within IT, but IT
management “best practices” observed and accepted in the industry.

ƒ Adopt ITIL as a common language and reference point for IT Service Management
best practices and key concepts.

ƒ Adapt ITIL best practices to achieve business objectives specific to each company.

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 1-16. What ITIL is: ITIL implementation: Adopt and Adapt SM251.0

Notes:

1-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 2. Process Implementation Strategy

What This Unit Is About


This unit is an introduction to IT service management as a coordinated
set of processes. We will start with defining the need for processes,
then look at what processes are, how they evolve, and how ITIL and
Service Management bring value to companies to develop their
business.

What You Should Be Able to Do


After completing this unit, you should be able to think about how
processes can help a company manage its assets better, with the
ultimate objective of creating visible value for users and business
customers.

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 02
Process Implementation Strategy

Content:

ƒ Understand processes and their benefits


ƒ Introduce new processes or improve existing processes
ƒ IT service management project
ƒ Success factors, problem areas, costs

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-1. Unit 02: Process Implementation Strategy SM251.0

Notes:

2-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
What is a process?
ITIL focus on Processes

A process is a sequence of interrelated activities that collectively take an input, add


value to it, and produce an output which achieves a specific objective

CONTROL
Policy
Budgets
...

Input Process Output

Requests Changed
Incidents environment
Alerts a report
Requirements a resolved incident
... ..

ENABLE
People
Tools
Knowledge
Resources

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-2. Process Implementation: What is a process? SM251.0

Notes:
Process control can similarly be defined as:
the process of planning and regulating, with the objective of performing the process in
an effective and efficient way.
Processes, once defined, should be under control; once under control, they can be
repeated and become manageable. Degrees of control over processes can be defined, and
then metrics can be built in to manage the control process.
The output produced by a process has to conform to operational norms that are derived
from business objectives. If products conform to the set norm, the process can be
considered effective (because it can be repeated, measured, and managed). If the
activities are carried out with minimum effort, the process can also be considered efficient.
Process result metrics should be incorporated in regular management reports.

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
A process flows across the organizational hierarchies within a company
and sometimes flows across company boundaries

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-3. Process Implementation: A process flows across the organizational hierarchies within a company and sometimes flows
across company boundaries SM251.0

Notes:

2-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Why do we need processes?
ƒProcess serves as a foundation for the definition of the remaining elements of the
management system-organization and technology

ƒProcesses capture and document:


-Ownership, responsibilities, measurements
-Consistent, structured working practices
-Policy decisions, scope, and objectives
-Clear interfaces and two-way communication paths with other processes, people,
and tools

ƒProcesses ensure a stable, controlled, repeatable service that can be objectively


measured against contract deliverables and service levels

ƒProcesses enable:
-Efficient and effective service to meet both client and provider needs
-Cost and quality improvement

“Service-focused
“Service-focused processes
processes enable
enable ITIT technology
technology and
and organization
organization to
to be
be
managed in ways which facilitate alignment with clients' business objectives.”
managed in ways which facilitate alignment with clients' business objectives.”
5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-4. Process Implementation: Why do we need processes? SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
What are the benefits? (1)
ƒGartner has reported that:
-Around 70% of systems management technology implementations fail due
to neglect of process and organization considerations

-Approximately 80% of unplanned downtime is caused by process and


people issues, with the remainder caused by technology failures and
disasters

-Up to 70% of ROI derives from process improvements rather than tools

ƒThe implementation and continual improvement of effective processes utilizing


best practices enable delivery of a service in which these errors are reduced

””Processes
Processes are
are critical
critical to
to maintain
maintain effective
effective business
business operations.”
operations.”

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-5. Process Implementation: What are the benefits? (1) SM251.0

Notes:

2-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
What are the benefits? (2)
A cross-organizational focus on commitment versus profitability

Customer Profitability
Commitments

EFFICIENCIES

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-6. Process Implementation: What are the benefits? (2) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
What are the benefits? (3)
A cross-organizational focus on business results and customer satisfaction

Delivery Costs Customer Satisfaction

• Measurable
• Auditable
• Service Level
Compliant

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-7. Process Implementation: What are the benefits? (3) SM251.0

Notes:

2-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Mission-critical changes or reorganizations within an IT corporation
require new processes or needs to improve existing processes

Which problems do IT organizations face today?


ƒ Service costs not allocatable
ƒ Difficulties to justify investments
ƒ Service improvements not measurable
ƒ A few people with too many responsibilities
ƒ Reluctance to change organizational culture
ƒ Lack of relationship management

Which challenges do IT organizations face today?


ƒ Should quality of IT services be improved?
ƒ Is a merger with another organization planned?
ƒ Are any mission-critical business changes planned?
– Server consolidation
– Additional clients to manage
ƒ Is any OS migration planned?

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-8. Process Implementation: Mission-critical changes or reorganizations within an IT corporation require new processes or
needs to improve existing processes SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
Continuous processes improvement is also a trigger

Does the IT organization have the capability to provide the required service with
the required quality?
ƒ Are IT processes aligned with business processes?
ƒ How are main processes integrated with each other?
ƒ Are processes clearly defined, documented, and available for all concerned?
ƒ Are process inputs measurable and repeatable?

How efficiently is the existing IT organization providing services?


ƒ Method and tools used for process modeling and audit?
ƒ How are IT processes tool supported?
ƒ How difficult will it be to introduce or to change a process?

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-9. Process Implementation: Continuous processes improvement is also a trigger SM251.0

Notes:

2-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Why implement service management?

The specific goals of IT are to develop and maintain IT services that:


ƒ Develop and maintain good and responsive relationships with the business
ƒ Meet the existing IT requirements of the business
ƒ Are easily developed and enhanced to meet future business needs, within
appropriate timescales and costs
ƒ Make effective and efficient use of all IT resources
ƒ Contribute to the improvement of the overall quality of IT service within the
imposed cost constraints

One
One of
of the
the main
main objectives
objectives of
of ITIL
ITIL is
is to
to assist
assist IT
IT service
service provider
provider
organizations
organizations “to
“to improve
improve IT
IT efficiency
efficiency and and effectiveness
effectiveness while
while
improving
improving the
the overall
overall quality
quality of
of service
service to to the
the business
business within
within
imposed cost constraints”.
imposed cost constraints”.

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-10. Process Implementation: Why implement service management? SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
Service and Process

Delivering
Offer order, A delightful
Preparing Greeting and selection, Preparing monitoring dining
tables seating taking order order customer experience

Process 1 Process 2 Process 3 Process 4 Process 5

Manage Handle Understand Realize Deploy


Customer Service
Facilities Customer Solution Solution
Requirements
Interaction

Implement
Determine required
Contacting the required processes, Providing
Building the potential quality of tools, and applications Availability of
infrastructure customer service organization and reporting applications

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-11. Process Implementation: Service and Process SM251.0

Notes:

2-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Service, Process, Procedure, and work instructions

A Service can be defined as:


A specific output that provides customer value. It is a measurable product which
is the basis for doing business with customer, and is delivered through a series
of processes, or activities, or both.

A Process can be defined as:


a connected series of actions, activities, changes, and so on, performed by
agents with the intent of satisfying a purpose or achieving a goal.

A Procedure is a description of logically related activities, and who carries them


out. A procedure may include stages from different processes. A procedure
defines who does what, and varies depending on the organization.

A set of work instructions defines how one or more activities in a procedure


should be carried out.

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-12. Process Implementation: Service, Process, Procedure, and work instructions SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
Project Management

When implementing new processes in an organisation, there are benefits to


running the activity as a project.

One of the benefits of adopting a project approach to this activity is that it is


possible to undertake the necessary investigations and have designated
decision points where a decision can be made to continue with the project,
change direction, or stop.

A
A project
project can
can be
be defined
defined as:
as:

”A
”A temporary
temporary organization
organization that
that is
is needed
needed to
to achieve
achieve aa predefined
predefined
result
result at
at aa predefined
predefined time
time using
using predefined
predefined resources.“
resources.“

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-13. Process Implementation: Project Management SM251.0

Notes:

2-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Factors who will influence the success of an ITSM project

3
1.
1. Process
Process
2.
2. Infrastructure
Infrastructure
3.
3. Staff
Staff 6
4.
4. Customers

5
Customers

2
5.
5. Strategy
Strategy
1
6.
6. Culture
Culture &
&
Organization
Organization

4
15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-14. Process Implementation: Factors who will influence the success of an ITSM project SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
People

ƒ implement the staff training plan and make this an ongoing activity, focusing
on both social and technical skills
ƒ assign roles within the ITIL model to people, and make this part of their
function description
ƒ delegate tasks and authorizations as low as possible in the organisation.
Authority matrix: The ARCI model

A– accountability
control the results of a process
R – responsibility
is responsible for the process and process activities
C – consulted
provide expertise, know-how to enable process
I – informed
is informed about the process and the process quality

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-15. Process Implementation: People SM251.0

Notes:

2-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Each task within a process is executed by a role

Typical roles within IT Service Management (ITSM)

ƒ Process owner
ƒ Process manager
ƒ Process team member (internal and external)

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-16. Process Implementation: Each task within a process is executed by a role SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
ITSM Project (1)

ƒBefore starting a project, an organization should have a vision about


what the results are intended to be.

ƒBy defining the means necessary to achieve the project result, it is


possible to isolate these assets (people, budget, and so on) from the
day-to-day activities. This increases the success rate of the project.

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-17. Process Implementation: ITSM Project (1) SM251.0

Notes:

2-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
ITSM Project (2)
The following process model should be used by the organization as the
framework for the process improvement/introduction project.

Visions and
Where do we
business
want to be?
objectives

Where are we
Assessments
now?

How do we get
where we want Process change
to be?

How do we
know we have Metrics
arrived?

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-18. Process Implementation: ITSM Project (2) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
From the above model, 5 phases of a ITSM project are definable

Assessment the current situation

Production of the project plan

Communication Strategy
Definition of processes

Organization
-Process model -Management information
-Procedures Specification -Quality assurance methods
-Authority matrix -Support tools

-Roles and -Management reports -Tool


responsibilities -Procedures

Implementation/Improvement

Project Review

20 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-19. Process Implementation: From the above model, 5 phases of a ITSM project are definable SM251.0

Notes:

2-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Ongoing quality improvement

The Deming Cycle

Maturity Level Clockwise direction

Quality
improvement
OPTIMIZED 5 Continuous
step by step
Do Plan
MANAGED 4 Quality Assurance
P = Plan
Check Act D = Do
DEFINED 3 C = Check
A = Act

REPEATABLE 2
Consolidation of the level reached
(e.g ISO 9001, BSI)
INITIAL 1

Time Scale

21 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-20. Process Implementation: Ongoing quality improvement SM251.0

Notes:
For quality improvement, Deming proposed the Deming Cycle (or Circle). The four key
stages are plan, do, check, and act, after which a phase of consolidation prevents the
“circle” from “rolling down the hill” as illustrated in the figure. The consolidation phase
enables the organization to take stock of what has been taking place and to ensure that
improvements are embedded. Often, a series of improvements have been made to
processes that require documentation (both to allow processes to be repeatable and to
facilitate recognition of the achievement of some form of quality standard).

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
Communication Plan

Managing change can only succeed with the correct use of communication.
In order to ensure that all parties are aware of what is going on and can play a relevant part
in the project, it is advisable to clarify how the project will communicate with all interested
parties.

Managing communications effectively involves the following nine steps:


ƒ Describe the communications process in the change process from the start
ƒ Analyze the communication structure and culture
ƒ Identify the important target groups
ƒ Assess the communication goals for each target group
ƒ Formulate a communication strategy for each target group
ƒ Choose the right communication media for each target group
ƒ Write a communication plan
ƒ Communicate
ƒ Measure and redirect if necessary.
22 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-21. Process Implementation: Communication Plan SM251.0

Notes:
Managing change can only succeed with the correct use of communication. A Service
Management project will involve a lot of people but, typically, the outcome will affect the
working lives of many more. Implementing or improving Service Management within an
organization requires a change of mindset by IT management and IT employees as well as
IT customers and users. Communication around this transformation is essential to its
success.
In order to ensure that all parties are aware of what is going on and can play a relevant part
in the project, it is advisable to clarify how the project will communicate with all interested
parties. A well-planned and executed communication plan will have a direct positive
contribution to the success of the project.
A good communication plan should be built on a proper concept of what communication
is. Communication is more than a one-way information stream. It requires continuous
attention to the signals (positive and negative) of the various parties involved. Managing
communications effectively involves the following nine steps:

2-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty • Describing the communications process in the change process from the start
• Analyzing the communication structure and culture
• Identifying the important target groups
• Assessing the communication goals for each target group
• Formulating a communication strategy for each target group
• Choosing the right communication media for each target group
• Writing a communication plan
• Communicating
• Measuring and redirecting if necessary.
A communication plan describes how target groups, contents, and media are connected
in a timeframe. Much like a project plan, a communication plan shows how actions,
people, means, and budgets are to be allocated for the communication process.

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-23


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
Global Consideration

Process na
pl

ff

ff
ct

w
O

ie
e
s

gn

gn
oj

ev
es

High-level Detailed Process


Pr

Si

Si

R
s
As

process model process description implementation

Product
Define tool Installation &
Tool selection
requirements configuration

People
Process
Awareness ITIL training
workshops

23 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-22. Process Implementation: Global Consideration SM251.0

Notes:

2-24 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Process Description

To document processes, the following should be described:

ƒ A description of related activities with a defined goal


ƒ Which input for the process
ƒ Interfaces to other processes
ƒ Definition of process parameters (who, where, what, when)

The benefits of process description:


ƒ Process integrity
ƒ Consistent view
ƒ Comparable procedures
ƒ Easy check and review

24 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-23. Process Implementation: Process Description SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-25


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
High-Level Design of a Process

Organization strategy
Organization targets

Evaluation
(Control points, parameters, attributes)

Inputs Outputs
Activities

Process goals and


implementation strategies

25 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-24. Process Implementation: High-Level Design of a Process SM251.0

Notes:

2-26 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
A Process Implementation considers both an initial process design
and an improvement of the existing environment

ƒ Inputs / Premises ƒ Develop a timetable



High-level process flow – Setup of workshops and training

Procedures events

Roles and responsibilities – Presentations

Tool (installed and configured) – Handouts and documents

Personal (skills and know-how) – Marketing material

Management commitment ƒ Plan of workshops and deployment

Enabler team in relation to the ƒ Specify time and goals of coaching
”authority matrix“ phase
– Awareness und acceptance by
customer/user ƒ Plan of the Initial Process Review and
Adjustment phase
ƒ Develop a training plan
– Define target groups
– Define training content after
workshops

26 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-25. Process Implementation: A Process Implementation considers both an initial process design and an improvement of the
existing environment SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-27


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
A review is important for quality assurance

Post-Project Review
ƒ Achievement of the project's objectives
ƒ Performance against plan (estimated time and costs versus actuals)
ƒ Effect on the original plan and business case over the time of the project
ƒ Statistics on issues raised and changes made
ƒ Total impact of changes approved
ƒ Statistics on the quality of the work carried out (in relation to stated
expectations)
ƒ Lessons learned

Auditing for compliance using defined quality parameters and metrics

27 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-26. Process Implementation: A review is important for quality assurance SM251.0

Notes:

2-28 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Define

ITIL Best Practices


Improve Service Management
Control

Evaluate

28 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-27. Process Implementation: A review is important for quality assurance SM251.0

Notes:
As the project draws to a close, it is important to analyze how the project was managed
and to identify lessons that were learned along the way. This information can then be used
to benefit the project team as well as the organization as a whole. An End Project Report
typically covers:
• Achievement of the project's objectives
• Performance against plan (estimated time and costs versus actuals)
• Effect on the original plan and business case over the time of the project
• Statistics on issues raised and changes made
• Total impact of changes approved
• Statistics on the quality of the work carried out (in relation to stated expectations)
• Lessons learned
• A post-project review plan

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-29


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Post-project review
The business case will have been built from the premise that the outcome of the project
will deliver benefits to the business over a period of time. Thus, delivery of benefits needs
to be assessed at a point after the project products have been put into use. The
post-project review is used to assess whether the expected benefits have been realized,
as well as to investigate whether problems have arisen from use of the products.
Each of the benefits mentioned in the business case should be assessed to see how well, if
at all, it has been achieved. Other issues to consider are whether there were additional
benefits, or unexpected problems. Both of these can be used to improve future business
cases.
If necessary, follow-up actions may be identified to improve the situation that then exists.
Auditing for compliance using quality parameters
Process quality parameters can be seen as the “operational thermometer” of the IT
organization. Using them, you can determine whether the IT organization is effective and
efficient. Quality parameters need to be quantified for your own circumstances. However,
this task will be easier once you have determined the required service levels and internal
service requirements. There are two types of quality parameters: process-specific and
generic.
Generic quality parameters for IT Service Management:
Generic quality parameters that need to be considered include:
• Customer satisfaction
• Staff satisfaction
• Efficiency
• Effectiveness
Appropriate information should be collected to rate the organization’s performance relative
to these parameters. The nature of the information required will vary depending on how you
decide to judge each aspect, but what information is required should be clearly thought
through from the start of the project so that measurement is possible during the
post-project review.
Process-specific parameters
Process-specific metrics for each process are discussed in each of the process-specific
chapters of this book.

2-30 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Critical success factors

Successful Service Management processes should:


ƒ Be of sound design, adapted to the culture of the organization in question,
but rigorous in their expectation of discipline in the manner of their following
ƒ Provide a good understanding of the customer requirements, concerns, and
business activities, and deliver business-driven rather than technology-
driven services
ƒ Enhance customer satisfaction
ƒ Improve value for money, resource utilization, and service quality
ƒ Deliver an infrastructure for the controlled operation of ongoing services by
formalized and disciplined processes
ƒ Equip staff with goals and an understanding of customers' needs

29 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-28. Process Implementation: Critical success factors SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-31


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Process Implementation
Possible problems

Problems with Service Management processes that may be encountered include:


ƒ Excessively bureaucratic processes, with a high percentage of the total
support headcount dedicated to administering Service Management
ƒ Inconsistent staff performance for the same process (often accompanied by
noticeable lack of commitment to the process from the responsible staff)
ƒ Lack of understanding on what each process should deliver
ƒ No real benefits, service-cost reductions, or quality improvements arising
from the implementation of Service Management processes
ƒ Unrealistic expectations, so that service targets are rarely hit
ƒ No discernible improvement

30 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-29. Process Implementation: Possible problems SM251.0

Notes:

2-32 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Process Implementation
Project costs

The costs associated with the implementation and running of the processes are
roughly categorized as follows:
ƒ Project management costs
ƒ Project delivery costs (consultancy fees, project team for implementation,
process owner)
ƒ Equipment and software
ƒ Training costs (including awareness, training in specific tools, and training in
business awareness)
ƒ Documentation costs
ƒ Ongoing staff and accommodation costs (for running the processes,
including subsequent training needs).

31 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 2-30. Process Implementation: Project costs SM251.0

Notes:
When building the business case for a project, it is essential to be clear about what the
project costs are, and what the ongoing running costs of the Service Management
processes will be. Project costs are one-off costs, while the running costs form a
commitment for the organization that may involve long-term contracts with suppliers.
The costs of implementing IT Infrastructure Library processes clearly vary according to the
scale of operations. The costs associated with the implementation and running of the
processes are roughly categorized as follows:
• Project management costs
• Project delivery costs (consultancy fees, project team for implementation, process
owner)
• Equipment and software
• Training costs (including awareness, training in specific tools, and training in business
awareness)
• Documentation costs

© Copyright IBM Corp. 2004 Unit 2. Process Implementation Strategy 2-33


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

• Ongoing staff and accommodation costs (for running the processes, including
subsequent training needs)
The costs of failing to provide effective processes can be considerable.

2-34 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 3. Service Desk (SPOC)

What This Unit Is About


This unit is an introduction to the Service Desk, the single point of
contact between the users and the IT Services organization.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
responsibilities and obligations of the service desk, and understand
the benefits of the ITIL framework.

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 03
Service Desk (SPOC)

Content:

ƒ Service Desk – objective and overview


ƒ Responsibilities and obligations
ƒ Important aspects
– User interaction
– Service Desk technologies
– Operational standards
– Implementation considerations
ƒ Costs, benefits, risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-1. Unit 03: Service Desk (SPOC) SM251.0

Notes:

3-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-2. Service Desk: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
The Service Desk is the Single Point of Contact [SPOC] between the
users and the IT Services Organization

ITIL defines customers and users


ƒ Customers
People (generally senior managers) who commission, pay for, and own
the IT services, sometimes referred to as "the business"
ƒ Users
People who use the services on a day-to-day basis

Incident
Problem
Change
....
Service Desk

Users
IT Service Organization

Customers

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-3. Service Desk: The Service Desk is the Single Point of Contact [SPOC] between the users and the IT Services Organization
SM251.0

Notes:

3-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
Mission Statement

The Service Desk is the focal point for all service


requests from the business users to the IT organization
To record and manage the life cycle of incidents, with an
emphasis in rapid restoration of service with minimal
business impact, a Service Desk or Service Desk
organization is recommended. Help Desk, Service Line, and
First-Level Support are used as synonyms for Service Desk.

For the users, the Service Desk is there to: Requests


Requests

ƒ provide a central communication interface Incidents


Incidents

ƒ recover interrupted service as soon as possible

Service Desk as
Single Point of Contact

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-4. Service Desk: Mission Statement SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
The Service Desk is traditionally seen as a group of specialists who have the
required knowledge to process any kind of request or incident

The Function Service Desk can reach a high efficiency using the following
measures:
ƒ Definition of the “service” mentality in the Service Desk documentation. The
task of the Service Desk does not only consist of “resolving an incident”, but
mainly in the “immediate recovery of the user’s service”.
ƒ Definition of clear processes to support the activities of Service Desk
members (Incident Management process).
ƒ Definition of close relationships between Service Desk and other important
ITSM processes, such as Problem Management.

The importance of the Service Desk is seen particularly in its special role as
interface between IT and the user; thus the Service Desk represents the IT
organization from the user’s point of view.

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-5. Service Desk: The Service Desk is traditionally seen as a group of specialists who have the required knowledge to process
any kind of request or incident SM251.0

Notes:

3-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
The Importance of the Service Desk
The Service Desk
ƒ .... directly performs customer-oriented service.
ƒ .... interacts with the users.
ƒ .... is a decisive factor of the acceptance of IT.
ƒ .... strives to provide a faster and more direct incident recovery.
ƒ .... coordinates second- and third-level support.
ƒ .... recognizes the current needs of the user.
ƒ .... performs organized support, instead of disorganized support performed in a rush.
ƒ .... is able to organize support with high availability economically.
ƒ .... centrally evaluates incident reports.
ƒ .... proves the effectiveness of changes and improvements performed.
ƒ .... recognizes problems early.
ƒ .... reduces customer requests on a long-term basis.
ƒ .... supplies information about IT productivity.

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-6. Service Desk: The Importance of the Service Desk SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
Communication
Communication is one of the success factors for IT services management.

Communication is key for quality of service. ƒ The Service Desk is a function of


Service Management and not a
The Service Desk informs about: process within Service Management.
ƒ current status of services
ƒ usability ƒ This function is held by an internal
ƒ planned changes organization unit.

Service quality supports customer relations. ƒ SPOC – Single Point of Contact.


Because of the importance of ƒ All requests, information, wishes,
communication with users, IT services claims, complaints, requirements, and
demands a position which fulfils this task so on, are transferred via the Service
with..... Desk to the relevant departments, and
ƒ .... dedication information is passed from there via
the Service Desk to the customer.
ƒ .... and especially competency..

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-7. Service Desk: Communication SM251.0

Notes:

3-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
Service Desk Responsibility

The Service Desk is responsible for:

ƒ Servicing the user contact point SPOC

ƒ Controlling incident recovery Incident Mgmt

ƒ Supporting the running of the business 1st Level Support

ƒ Providing management information Reporting

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-8. Service Desk: Service Desk Responsibility SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
Service Desk Activities

ƒ Call handling
ƒ Recording and tracking service requests, including incidents, until closure
and verification with the user
ƒ Requesting incident classification and initial support, including forwarding to
second level, within Service Level Agreements (SLA)
ƒ Keeping customer informed on request status and priority
ƒ Initiating escalation procedures in relation to the SLA
ƒ Coordinating incident handling until resolution with 2nd- and 3rd-line support
ƒ Helping to identify problems by recording all incidents
ƒ Providing management information and recommendations for service
improvement
ƒ Communicating planned changes to users

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-9. Service Desk: Service Desk Activities SM251.0

Notes:

3-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
Processes within the Service Desk
user
user user
user

informed
informed
request
request creation of ticket advise, information if required, delivery of information material user
user

admin
admin entitlement user
user with
with
entry initiation of measures change
request
request check change
change

direct solution
registration, 2nd level documen- customer satisfied
satisfied
incident
incident transfer callback
analysis tation information user
user
tracking and escalation

complaint satisfied
satisfied
complaint
complaint handling recover satisfaction initiation of follow-up actions
entry user
user

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-10. Service Desk: Processes within the Service Desk SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
Inputs and Outputs

Telephone Fax
requests requests
Request via Requests via Hardware/
e-mail/voice/ Internet/ application
video browser events

Management
Escalations information and monitoring
Service Desk

External Internal
Product Sales & Contract
service service
support Marketing support
support support

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-11. Service Desk: Inputs and Outputs SM251.0

Notes:

3-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
There are 3 Service Desk Types (1):
the Local Service Desk
There is no “universal” type of Service Desk. Choosing which one to adopt
depends on a number of factors:
ƒ Establishment of identical
processes and procedures in User 1 User 2 User 3
all locations
ƒ Transfer of local skills to
other Service Desks
ƒ Assurance of compatibility of
Local First-Level-Support
hardware, software, and Service Desk
network
ƒ Usage of identical escalation
processes and identical Desktop Network
Application System &
Vendor
Support Operation
codes for impact, severities, Support Support
Support
Support

priorities, and status in all


locations

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-12. Service Desk: There are 3 Service Desk Types (1): the Local Service Desk SM251.0

Notes:
These three slides describe the key factors of each service desk type.

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
There are 3 Service Desk Types (2):
Central Service Desk

Customer Customer Customer


location 1 location 2 location 3 ƒ Reduced
operational
costs
ƒ Consolidated
management
overview
Central First-level support ƒ Improved usage
Service Desk of available
resources
Second-level support

System & Other


Desktop Network Application
operation manufacturer
support support support
support support

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-13. Service Desk: There are 3 Service Desk Types (2): Central Service Desk SM251.0

Notes:

3-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
There are 3 Service Desk Types (3):
Virtual Service Desk

ƒ “Follow the sun”


ƒ Common, agreed-on
Virtual language should be
Service Desk used for data entry
Sydney
Service Desk
ƒ Depends on the
technology in use
(not every tool is
Service
able to build a VSD)
Management
database
Amsterdam
Service-Desk
Seattle Service Desk

location 1 location ‘n’

local user

other manufacturer/
supplier
service desks
remote user

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-14. Service Desk: There are 3 Service Desk Types (3): Virtual Service Desk SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
User empowerment (self-help) enhances customer satisfaction while
lowering support cost
User value:
ƒ Empowers them with ability to resolve problems at their own pace
ƒ Benefit from the ability to get assistance in context
ƒ Spend less time on call resolution
ƒ Avoids costly and inconvenient re-imaging solutions
ƒ Consistent 7x24 support experience

Support Center Value:


ƒ Self-support tools and self-healing tools eliminate calls to the call center
ƒ Arms the agent with information about the user prior to initiating contact
ƒ Remote control and chat improve agent productivity
ƒ Increases customer satisfaction
ƒ Reduces dependency on desk-side support
ƒ Allows support professionals to focus on the incidents that do require
assistance

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-15. Service Desk: User empowerment (self-help) enhances customer satisfaction while lowering support cost SM251.0

Notes:

3-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
A crucial success factor is standardized working methods

In order to ensure efficiency, person-independent quality, integrity of data, and


traceability, a highly standardized working method is necessary.

Therefore, actions are mainly performed:


ƒ supported by tools
ƒ with electronic forms
ƒ on standard solution and configuration databases

For help, one can refer to a support manual, which contains all procedures and
necessary information.

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-16. Service Desk: A crucial success factor is standardized working methods SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
Setting up a Service Desk

For the conceptual design of a Service For setting up a Service Desk, the
Desk, you will have to consider the following points have to be considered:
following points:
ƒ Business goals that users aim for
ƒ Number of expected calls ƒ Support by management
ƒ Structure of the Service Desk: central ƒ Involvement of users to find a
or local common understanding
ƒ Tools (hardware, software, and ƒ Involvement of members of staff
telephone systems)
ƒ Explain to those involved the benefits
ƒ The way business operates, and and their responsibilities
working procedures of the users
ƒ Service Desk processes ƒ In project management quick wins,
several phases with defined
ƒ Workload distribution between first-, milestones
second-, and third-level support ƒ Marketing of new services
ƒ Know-how of Service Desk team

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-17. Service Desk: Setting up a Service Desk SM251.0

Notes:

3-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
Benefits and Costs

Benefits:
ƒ Complete incident control
ƒ Effective support of the specialist department
ƒ Higher user productivity
ƒ Improved relationship between IT and users
ƒ Significant management information
Costs:
ƒ Costs vary depending on type and volume of Service Desk tasks
ƒ Include purchase price for hardware, software, employees, and
premises; and current costs for employees, premises and
telephony

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-18. Service Desk: Benefits and Costs SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
Risks

Without Service Desk: With Service Desk:

ƒ Users don’t know whom to contact in ƒ The Service Desk could become a
case of an incident bottleneck when there are more
ƒ Incidents are not registered and get incidents or users than expected
forgotten ƒ User still contact the specialists if they
ƒ Incident escalation cannot be had been doing this in the past
addressed properly ƒ Tensions between Service Desk and
ƒ IT specialists are interrupted by user other IT service fields are likely,
calls especially if the Service Desk does
not escalate in compliance with
ƒ Higher effort for resolving problems regulations or even report directly to IT
ƒ No conclusive management management
information

20 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-19. Service Desk: Risks SM251.0

Notes:

3-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Desk
Best Practices

ƒ Standardized documentation of caller data


ƒ Automatic ID allocation of the request; sending of return receipt and feedback form
ƒ Selective administration of user data in the Configuration Management Data Base
ƒ Usage of CTI and ACD technologies (voice calls, routing, and so on)
ƒ Utilization of system monitoring for early detection of service impairment
ƒ Staff from second-level support are temporarily deployed in Service Desk
ƒ Large Service Desks are structured in teams with special know-how and are
supported by skill routing
ƒ Working with super users

CTI = Computer Telephony Integration


ACD: Automatic Call Distribution

21 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-20. Service Desk: Best Practices SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 3. Service Desk (SPOC) 3-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk
Summary

ƒ Service Desk is a function, not a process within Service Management


ƒ Service Desk is the focal point for all service requests from business users directed
to the IT organization (including third-party providers), and manages them within
Service Level Agreements
ƒ Service Desk responsibilities include:
– Single Point of Contact (SPOC)
– Incident Management
– First-level support
– Reporting
ƒ Service Desk is the window on the level of service offered by the IT organization to
the business
ƒ Keeps users up-to-date with the status of their service request
ƒ Provides management information on relevant topics regarding the service
ƒ Three Service Desk types: Local, Central, and Virtual Service Desk

22 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 3-21. Service Desk: Summary SM251.0

Notes:

3-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 4. Incident Management

What This Unit Is About


This unit is an introduction to Incident Management, and its
relationship with the Service Desk.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
responsibilities and obligations of this service, and understand the
benefits of the ITIL framework.

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 04
Incident Management

Content:

ƒ Incident Management – objective and overview


ƒ Some definitions
ƒ Responsibilities and obligations
ƒ Important aspects:
– Incident lifecycle
– Incident recording
– Incident priority
– Escalation
ƒ Benefits and risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-1. Unit 04: Incident Management SM251.0

Notes:

4-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-2. Incident Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Mission statement

The primary goal of incident management is to restore normal service


operation, within Service Level Agreement limits, as quickly as possible,
after an incident has occurred to that service, and minimize the adverse
impact on business operations.
Practice shows that handling both of failures in the infrastructure and of service requests
is similar, and both are therefore included in the definition and scope of the process for
Incident Management.
The Service Desk is responsible for monitoring the resolution process of all registered
incidents; indeed the Service Desk is the owner of all incidents. The process is mostly
reactive. To react efficiently and effectively therefore demands a formal method of
working that can be supported by software tools.
Goals of Incident Management:
ƒ Restore the service as quickly as possible.
ƒ Minimum disruption to users’ work
ƒ Management of an incident during its entire lifecycle
ƒ Support of operational activities

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-3. Incident Management: Mission statement SM251.0

Notes:

4-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Definition: Incident, Problem and “Known Error”

Incident
An event, not part of the standard operation of a service, which causes, or may
cause, an interruption or reduction in the quality of that service

Problem (Unknown Error)


The unknown cause of one or more incidents
(which are not resolved in any case when finalizing the incident)
Normally a problem record is raised only if investigation is warranted.

“Known Error”
A problem which is successfully diagnosed and for which a workaround has been
identified

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-4. Incident Management: Definition: Incident, Problem and “Known Error” SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Tasks

Support of
User Interface operational
processes

Incident
Incident
Management
Management

Management
Information

Incident Control

Problem Management

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-5. Incident Management: Tasks SM251.0

Notes:
Help desk and incident control: Even if the incident is transferred to second- or third-level
support, the service desk is responsible for the management of the incident, giving
feedback to the user, and so on.

4-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Activity incident handling
Identification and
registration of incidents

Incident ownership, monitoring, tracking,


Progress control
First classification
and support

and communication
Responsibility Yes
Service Service Request
Request? Procedure

No

Reporting Analysis and diagnosis

Troubleshooting
and recovery
Quality assurance

Incident closure
7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-6. Incident Management: Activity incident handling SM251.0

Notes:
Incident management activities:
• Incident handling
• To restore normal working conditions as quickly as possible
• Incident monitoring
• Registration of incidents

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
The status of an incident reflects its current position in its lifecycle
Incident detection new
and recording

accepted
Classification
and initial support
planned

Yes
Service Service Request
Procedure assigned
Request?

No
in process
Investigation and
diagnosis
on hold

Resolution
and recovery
solved

Incident closure closed


8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-7. Incident Management: The status of an incident reflects its current position in its lifecycle SM251.0

Notes:
The status of an Incident reflects the current position in its lifecycle, sometimes known as
its workflow position. Everyone should be aware of each status and its meaning. Some
examples of status categories might include:
• New
• Accepted
• Scheduled
• Assigned/dispatched to specialist
• Work in progress (WIP)
• On hold
• Resolved
• Closed

4-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Throughout an Incident lifecycle, it is important that the incident record be maintained. This
allows any member of the service team to provide a customer with an up-to-date progress
report. Examples of update activities include:
• Update history details
• Modify status (such as “new” to “work-in-progress” or “on hold”)
• Modify business impact or priority
• Enter time spent and costs
• Monitor escalation status
An originally reported customer description may change as the incident progresses. It is,
however, important to retain the description of the original symptoms, both for analysis and
so that you can refer to the complaint in the same terms used in the initial report. For
example, the customer may have reported a printer not working, which is found to be have
been caused by a network failure. When responding to the customer, it is better initially to
explain that the printer incident has been resolved rather than to talk about resolution of
network problems.

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Desk Data center Net operation Organization Other sources


Data center
operation Net operation Organization Other sources
operation

Report of an incident

Incident detection and recording


Incident detection and recording

Classification and initial support


Classification and initial support
information
Ownership, tracking,
evaluation, information
evaluation, tracking,

Service
Process for Service Request
Request?
CMDB
Ownership,

CMDB
Investigation and diagnosis
Investigation and diagnosis

Resolution and recovery


Resolution and recovery Problem
Problem
errors
errors
DB
Incident closure
Incident closure DB

Change Problem
Management Management

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-8. Relationship with other IT services SM251.0

Notes:

4-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Use of standard registration, documentation,
and methods is basis of success
Identification &
Data about an incident
registration of incidents

First classification
and support
ƒ Reporter of the incident ƒ Incident ID
Service Yes Service Request
ƒ Name, user ID ƒ Date, time
Request? Procedure
ƒ Phone number ƒ Status
No

Analysis and diagnosis


ƒ Department ƒ Effect, severity,
ƒ Department number priority
Troubleshooting and recovery
ƒ Affected person ƒ Service Level
Incident Closure

ƒ Affected system ƒ Problem editor


ƒ Inventory number, CI ID ƒ Transfer to
ƒ Class/ type/ model ƒ Performed actions
ƒ Solution
ƒ Date, time
ƒ Category
ƒ Symptom description ƒ History
ƒ Category
ƒ Free text description

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-9. Incident Management: Use of standard registration, documentation, and methods is basis of success SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Classification: Find service affected,
match against SLA, and assign priority
Identification &
registration of incidents

First classification
and support
Classification:
Service
Request?
Yes Service Request
Procedure
ƒ Impact
No – Reflects business criticality of the incident
Analysis and diagnosis

– Reflects extent to which an incident leads to


Troubleshooting and recovery
degradation of SLA, such as number of users that
Incident Closure suffer
ƒ Urgency
– Reflects required speed of solving an incident
ƒ Workload
– Reflects expected effort to solve the incident
ƒ Priority
– Reflects order in which to solve the incidents

Priority = Impact x Urgency


11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-10. Incident Management: Classification: Find service affected, match against SLA, and assign priority SM251.0

Notes:
One of the important aspects of managing an incident is to define its priority: how
important it is, and its impact on the business. The responsibility for its definition lies with
Service Level Management within the parameters set in the Service Level Agreement
(SLA). The priority with which incidents need to be resolved, and therefore the amount of
effort to be put into the resolution of, and recovery from, incidents, will depend upon:
• Impact on the business
• Urgency to the business
• Size, scope, and complexity of the incident
• Resource availability, for coping in the meantime, and for correcting the fault.
Impact is a measure of the business criticality of an incident or problem, often equal to the
extent to which an incident leads to degradation of agreed service levels. Impact is often
measured by the number of people or systems affected. Criteria for assigning impact
should be set up in consultation with the business managers and formalized in SLAs.

4-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Priority order for handling incidents is primarily defined by impact
and urgency
ƒA simple priority matrix example

Priority 2 Priority 1
Limited Significant
damage, should damage, must be
be recovered recovered
immediately immediately
Urgency

Priority 4 Priority 3
Limited damage, Significant damage,
does not need does not need
to be recovered to be recovered
immediately immediately

Impact
12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-11. Incident Management: Priority order for handling incidents is primarily defined by impact and urgency SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Each priority is related to a certain recovery time…

Priority 1: Significant damage, must be


1 hour
recovered immediately

Priority 2: Limited damage, should be


2 hours
recovered immediately

Priority 3: Significant damage, does not


4 hours
need to be recovered immediately

Priority 4: Limited damage, does not need


8 hours
to be recovered immediately

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-12. Incident Management: Each priority is related to a certain recovery time… SM251.0

Notes:

4-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
… This results in an appropriate escalation
Functional versus hierarchical escalation
Managing
Board

Information / Support
(Escalation)

Hierarchical Incident Mgt.


Escalation

Functional
Escalation

Transfer or integration of further knowledge carriers

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-13. Incident Management: … This results in an appropriate escalation SM251.0

Notes:
Escalation is the mechanism that assists timely resolution of an incident. It can take place
during every activity in the resolution process.
There are two levels of escalation possible:
• Hierarchical (vertical escalation): for example, asking management for more human
resources, equipment, or both (exception)
• Functional (horizontal escalation): for example, ask a specialist (second-line support)
Transferring an incident from first-line to second-line support groups or further is called
functional escalation, and primarily takes place because of a lack of knowledge or
expertise. Preferably, functional escalation also takes place when agreed time intervals
elapse. The automatic functional escalation based on time intervals should be planned
carefully and should not exceed the (SLA) agreed resolution times.
Hierarchical escalation can take place at any moment during the resolution process when it
is likely that the resolution of an incident will not be in time or satisfactory. In case of a lack
of knowledge or expertise, hierarchical escalation is generally performed manually (by the

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Service Desk or other support staff). Automatic hierarchical escalation can be considered
after a certain critical time interval, when it is likely that a timely resolution will fail.
Preferably, this takes place long enough before the (SLA) agreed resolution time is
exceeded so that corrective actions by authorized line management can be carried out, for
example hiring third-party specialists.

4-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Escalation

Objective of an escalation or escalation procedure is the avoidance or minimizing


of material or immaterial damage. The definition of an escalation comprises:

ƒ escalation trigger
ƒ escalation measures
ƒ escalation levels

The combination of the three keys results in an


ƒ escalation matrix with escalation paths

The escalation procedures should be clearly agreed between all involved parties.
Escalation can usefully improve service provision only if it is accepted by all
parties.

Escalation should not be misused as a proof of guilt.

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-14. Incident Management: Escalation SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Escalation – Trigger and Measures

Escalation trigger
The escalation trigger indicates at which opportunity, state, or incident the procedure of
processing a problem will be intensified, increased, or changed in order to recover the
service.

ƒ after exceeding the reaction time


ƒ one hour before the expiration of the recovery time
ƒ when exceeding the recovery time
ƒ after the third transfer
ƒ VIP

Escalation measures
Once an escalation has been released, incident processing is intensified, increased, or
changed in order to recover the service. This results in raising of three general possible
measures:
ƒ Organisational measurements, such as calling in third level or the vendor;
ƒ Information, such as to the higher hierarchical level;
ƒ Increased assignment of resources: budget, staff, material

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-15. Incident Management: Escalation – Trigger and Measures SM251.0

Notes:

4-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Escalation – Escalation Levels

Escalation Levels
Escalation levels ensure that for repeated occurrences of an escalation trigger,
the according measures are intensified, increased, or changed.

Reasons for increasing the escalation level can be the following:


ƒ threatening exceeding or already expired reaction time;
ƒ threatening exceeding or already expired recovery time;
ƒ very high priority of the disrupted service

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-16. Incident Management: Escalation – Escalation Levels SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Escalation – Example of an Escalation Matrix
Escalation steps
Priority 0 1 2 3 4
Measures
1 very urgent to inform
and very measures
important
2 urgent and to inform
important measures
3 urgent and to inform
not important measures
4 not urgent to inform
and important measures
5 not urgent to inform
and not
important measures

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-17. Incident Management: Escalation – Example of an Escalation Matrix SM251.0

Notes:

4-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Input and Output

Input Output

ƒ Incident reports from Service Desk ƒ Requests for change to Change


and Monitoring Management
ƒ Information about users, system ƒ Information about incidents or
configuration, service levels problems to Problem Management
ƒ Information about solutions, tested ƒ Solved and closed incidents
workarounds ƒ Information to the user
ƒ Information about changes ƒ Reports to management
performed

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-18. Incident Management: Input and Output SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Benefits

ƒ Reduced business impact of incidents by timely resolution


ƒ Proactive identification of possible enhancements
ƒ Management information related to business-focused SLA
ƒ Improved monitoring
ƒ Improved management information related to aspects of service
ƒ Better staff utilization: no more interruption-based handling of incidents
ƒ Elimination of lost incidents and service requests
ƒ Better CMDB information
ƒ Better user/customer satisfaction

20 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-19. Incident Management: Benefits SM251.0

Notes:

4-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Risks

Potential problem areas:

ƒ No management/staff commitment, hence no resources


ƒ Lack of clarity of business needs
ƒ Badly-defined service goals
ƒ Working practices not reviewed or changed
ƒ No service levels defined with customer
ƒ Lack of knowledge on resolving incidents
ƒ The quality of the Configuration Database
ƒ No integration with other processes
ƒ Resistance to using process

21 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-20. Incident Management: Risks SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-23


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Incident Management
Best Practices

ƒ Integration with Service Level Management


ƒ Qualified processing of requests instead of simple transfer
ƒ More important than just a cost reduction is the increase of the company’s
efficiency
ƒ Separation of incident and problem management

22 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-21. Incident Management: Best Practices SM251.0

Notes:
The integration with Service Level management means that the service desk is aware of
the availability and constraints within the provision of services.
Some service desks may have just a "dispatching" role concerning incoming calls, and
other individuals may then have to handle the incoming incidents from a technical point of
view. It would be preferable, however, to have broad-skilled service desk operators who do
handle the incidents themselves, rather than just registering calls and routing them.
Interpersonal skills are essential for service desk personnel, as every contact with the
customer is an opportunity to improve the customer’s perception of the IT function.
Consider how many of your technical staff are currently skilled and trained to manage the
customer interface for your department or organization.
Support departments often mistake “quick fixes” for good service. In some cases, this is, of
course, true. The customer wants a fix or response, but knows that this is not always
practical. It is important to engender in customers and users the confidence that, once an
incident has been reported, it will be professionally managed. If that confidence is not
present, they may revert to calling their favorite support specialist and bypass the service
desk. In some cases, they might stop calling on IT altogether.

4-24 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Incident Management
Summary

ƒ The goal of incident management is to restore normal service operation, within Service
Level Agreement limits, as quickly as possible, after an incident has occurred to that
service, and to minimize the adverse impact on business operations.
ƒ Incident Management process
– Incident detection and recording
– Classification and initial support
– Investigation and diagnosis
– Resolution and recovery
– Incident closure
ƒ Prioritization primarily determined by impact on business and urgency with which a
resolution or workaround is needed; correct prioritization enables optimum staffing and
use of other resources to customer satisfaction.
ƒ Escalation (functional and hierarchical)

23 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 4-22. Incident Management: Summary SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 4. Incident Management 4-25


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

4-26 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 5. Problem Management

What This Unit Is About


This unit is an introduction to Problem Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 05
Problem Management

Content:

ƒ Problem Management – objective and overview


ƒ Some definitions
ƒ Responsibilities and obligations
ƒ Important aspects
– Incidents, problems, and changes
– Proactive/reactive problem management
ƒ Benefits, costs, risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-1. Unit 05: Problem Management SM251.0

Notes:

5-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Problem Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-2. Problem Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Problem Management
Mission statement

The goal of Problem Management is to minimize the adverse impact of


Incidents and problems on the business that are caused by errors within
the IT Infrastructure, and to prevent recurrence of incidents related to these
errors.

In order to achieve this goal, Problem Management seeks:


ƒ To find the root cause of problems and to initiate corrective action
ƒ Permanently reduce number and severity of incidents and problems by
identifying improvements in the infrastructure

2 aspects:
ƒ Reactive: identify and solve problems in response to one or more incidents
ƒ Proactive: analyze trends of incidents, and identify and solve problems
before they occur

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-3. Problem Management: Mission statement SM251.0

Notes:

5-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Problem Management
Some definitions: Problem, Known Error, and RFC

Problem
The unknown cause of one (significant) incident or multiple incidents exhibiting
common symptoms (which are not resolved in any case when finalizing the
incident)
Normally a problem record is raised only if investigation is warranted.

Known Error
A problem that is successfully diagnosed and for which a workaround has been
identified

Request for Change (RFC)


Request for Change to any component of an IT infrastructure or to any aspect of
an IT service

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-4. Problem Management: Some definitions: Problem, Known Error, and RFC SM251.0

Notes:
A problem is a condition often identified as a result of multiple incidents that exhibit
common symptoms. Problems can also be identified from a single significant incident,
indicative of a single error, for which the cause is unknown, but for which the impact is
significant.
A known error is a condition identified by successful diagnosis of the root cause of a
problem, and the subsequent development of a workaround.
Structural analysis of the IT infrastructure, reports generated from support software, and
user-group meetings can also result in the identification of problems and known errors.
This is proactive Problem Management.
Problem control focuses on transforming problems into known errors. Error control focuses
on resolving known errors structurally through the Change Management process.

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Problem Management
Tasks

Incident
Management

Problem
Control Incident Control

Problem
Problem
Management
Management

Error Control Management


Information

Change
RFCs
Management
6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-5. Problem Management: Tasks SM251.0

Notes:
The Problem Management process is intended to reduce both the number and severity of
incidents and problems on the business. Therefore, part of Problem Management's
responsibility is to ensure that previous information is documented in such a way that it is
readily available to first-line and other second-line staff. This is not simply a matter of
producing documentation. What is required includes:
• The information to be indexed so that it is easily referenced by simple and detectable
triggers from new incidents
• Regular inspection to ensure the continued relevance of documentation in the light of
changing:
- Technology
- Available external solutions
- Business practices and requirements
- In-house skills

5-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty - Frequency and impact of recurring incidents


- Interpretation of internal best practice
• That the process should be subject to a detailed review
• Staff using the information to be trained to understand the depth and power of the
information available, how to access and interpret it, and their role in providing feedback
on its relevance and ease of use
• A suitable repository for the information, typically based on an integrated Service
Management tool which can capture it at logging or first-analysis stage of the incident
handling process.

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Problem Management
Scope

Problem control, error control, and proactive Problem Management are all
within the scope of the Problem Management process

Problem Control:
Handle problems in an effective way. Identify root cause (CI at fault), and provide
the Service Desk with information and workaround. Similar to incident control, but
more carefully managed to avoid reoccurrence.

Error Control:
Progresses from known errors until elimination by implementation of a change.

Proactive Problem Management:


Analysis of trends from incident records provides view on potential problems
before they occur

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-6. Problem Management: Scope SM251.0

Notes:

5-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Problem Management
Activity: Problem Control

Problem Control is concerned with:


Progress Control Identification and
Registration
ƒ Problem identification and recording: if
incidents cannot be matched against known
errors and problems, or are recurring. Also
when major Incident occurs. Classification
ƒ Problem classification: determine effort Responsibility
required to detect and recover failing CI.
Impact on service levels assessed. CMDB
helps! Determine: category, impact, urgency, Assign Resources
priority.
ƒ Problem investigation and diagnosis:
leading to a known error (which includes a
Reporting
workaround for the associated incident). Find Investigation and
underlying cause. Procedural errors do not Diagnosis
become known errors. These problems are
closed with appropriate categorization code.
Quality Control Definition
Known Error

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-7. Problem Management: Activity: Problem Control SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Problem Management
Activity: Error Control
Error control covers the processes involved in successful correction of known errors.
The objective is to change IT components to remove known errors affecting the IT
infrastructure, and thus to prevent any recurrence of incidents.

ƒ Error identification and recording: Error Identification &


faulty CI is detected, and known error Recording
status is assigned. Progress Control
ƒ Error assessment: initial
assessment of means required to
solve the problem and raising of an
RFC. Responsibility Error Assessment
ƒ Recording error resolution: solution
for each known error should be in the
PM system, made available for
incident matching RFC
Reporting Record Error Solution
ƒ Error closure: After successful
implementation of the change, the
error is closed together with all
associated Incident records. Change successful
ƒ Monitoring problem and error Quality Control
resolution progress: Change Close Error and
management is responsible for Associated Problems
implementing RFCs, but error control
is responsible for monitoring progress
in resolving known errors.

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-8. Problem Management: Activity: Error Control SM251.0

Notes:
Error identification and recording: faulty CI is detected, and known error status is
assigned.
Error assessment: initial assessment of means required to solve the problem and raising
of an RFC. The actual work done is under control of Change Management. Also the
decision can be that some errors are not solved because, for example, it is too expensive.
Recording error resolution: solution for each known error should be in the PM system,
made available for incident matching.
Error Closure: After successful implementation of the change, the error is closed, together
with all associated incident records. Potentially, interim status given.
Monitoring problem and error resolution progress: Change Management is
responsible for implementing RFCs, but error control is responsible for monitoring progress
in resolving known errors and the continuing impact of the problem. Hence close
interaction between both (PM might raise CAB). Monitoring against SLA should happen.

5-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Problem Management
Activity: Proactive Problem Management
Proactive problem management activities are concerned with identifying and
resolving problems and known errors before Incidents occur, thus minimizing
the adverse impact on the service and business-related costs.
ƒTrend analysis: identify “fragile” components and their
reason. Requires availability of sufficient historical data.
ƒTargeting support action: towards problem areas
requiring most support time, or causing most impact to
the business (volume of incidents, number of users
impacted, cost to the business).
ƒProviding information to organization: Providing insight
in effort and resources spent by organization in
diagnosing and resolving problems and known errors to
management. Also information on workarounds,
permanent fixes, and status information should be given
to Service Desk.

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-9. Problem Management: Activity: Proactive Problem Management SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Problem Management
Reporting
Reporting on problem management serves an internal purpose as well as an
external purpose
ƒItems that can be reported to IT management:
ƒ Time spent on research and diagnosis
ƒ Brief description of actions taken
ƒ Planning unresolved problems with regard to use of people, use of tools, and costs
ƒ Problems categorized into: status, service, impact, category, user group
ƒ Turnaround time of closed problems
ƒ Elapsed time and expected resolution period for unresolved problems
ƒ Temporary corrective actions
ƒItems that are important for Service Level Management
ƒ Number of problems categorized into: user group, category, impact, service
ƒ Turnaround time of closed problems
ƒ Expected solution period for unresolved problems
ƒItems that are important for Service Desk
ƒ Status of problems
ƒ Information on bypasses
11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-10. Problem Management: Reporting SM251.0

Notes:

5-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Problem Management
Reactive - Proactive
Reactive Proactive

Avoid problems in other


systems and applications

Monitoring of change management

Initiate changes in order to avoid:


- the occurrence of incidents
- the reoccurrence of incidents

Identify trends

Problem identification and problem diagnosis

2nd / 3rd level support for incidents

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-11. Problem Management: Reactive - Proactive SM251.0

Notes:
Problem Management should focus on proactive function.
When Problem Management is introduced in an organization, its main focus is reactive. But
this process should ideally mature from reactive to proactive, otherwise improvement is
necessary.

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

The Complete Picture

Incident Mgmt Problem Control Error Control Change Mgmt


Registration Identification identification Change
Registration Identification identification Change
Management
Management
Recording Recording Recording
Recording Recording Recording
Problem?
Classification Classification Assessment
Classification Classification Assessment
Tracking
Assign
Tracking
Tracking

Diagnosis Error? Diagnosis


Tracking

Diagnosis Diagnosis RFC?


Service

Tracking
Request?

Tracking
Support Solution
Support Solution
Problem Resolution
Problem Resolution
Error / problem Change
Diagnosis Error / closure
problem Change
Diagnosis Incident Evaluation (PIR)
Incident closure Evaluation (PIR)

Resolution
Resolution

Process for Service Requests


Incident closure
Incident closure

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-12. The Complete Picture SM251.0

Notes:

5-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Problem Management
Benefits

The benefits of taking a formal approach to problem management include


the following:

ƒ Improved IT service quality: removal of structural errors improves quality of


service
ƒ Incident volume reduction: Structural errors generating Incidents are
removed
ƒ Permanent solutions: Problems resolved stay resolved
ƒ Improved knowledge on organization: Problem Management learns from
past experience, using historical data to identify trends
ƒ Higher first call resolution rate at Service Desk: Problem management
creates incident workaround data for rapid incident closure

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-13. Problem Management: Benefits SM251.0

Notes:
• Improved IT service quality. Problem Management helps generate a cycle of rapidly
increasing IT service quality. High-quality reliable service is good for the business users
of IT, and good for the productivity and morale of the IT service providers.
• Incident volume reduction. Problem Management is instrumental in reducing the
number of incidents that interrupt the conduct of business.
• Permanent solutions. There will be a gradual reduction in the number and impact of
problems and known errors as those that are resolved stay resolved.
• Improved organizational learning. The Problem Management process is based on the
concept of learning from past experience. The process provides the historical data to
identify trends, and the means of preventing failures and of reducing the impact of
failures, resulting in improved user productivity.
• Better first-time fix rate at the Service Desk. Problem Management enables a better
first-time fix rate of incidents at the Service Desk, achieved via the capture, retention,
and availability of incident resolution and workaround data within a knowledge
database available to the Service Desk at call logging.

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Problem Management
Risks

Potential problem areas:

ƒ Simultaneous assignment of support agents to incident and problem


management
ƒ Less common tools of the individual departments
ƒ Insufficient communication between system development and problem
management in regard to known errors
ƒ Lack of discipline in the support team

Note: While Incident Management focuses on quick resolution of incidents,


Problem Management analyzes the root cause of incidents.

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-14. Problem Management: Risks SM251.0

Notes:

5-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Problem Management
Best Practices

ƒ Make a clear separation between incidents and


problems (clear fields of responsibility with their
own measurement criteria and KPIs)
ƒ Focus on minimizing or avoidance of incidents Incident Management
ƒ In addition to the production environment, the (fighting fires)
development environment should also be involved
in the process.

Problem Management
(find root cause)

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-15. Problem Management: Best Practices SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 5. Problem Management 5-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Problem Management
Summary
ƒ The goal of problem management is to minimize the impact of incidents and problems
on the business that are caused by errors within the IT infrastructure and to prevent
recurrence of incidents related to these errors.
ƒ Stabilize IT services, through:
– minimizing the impact of incidents (quick fix)
– tracing (and removing) errors in the IT infrastructure to obtain the highest possible
stability of IT services, both reactively and proactively
– Better use of resources
ƒ Problem management activities
– Problem control
– Error control
– Proactive problem management
ƒ Problem: the root cause is known
ƒ Known error: root cause is known, a workaround is provided, but the definitive fix is not
provided
ƒ Proactive - Reactive
17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 5-16. Problem Management: Summary SM251.0

Notes:

5-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 6. Change Management

What This Unit Is About


This unit is an introduction to Change Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 06
Change Management

Content:

ƒ Change Management – objective and overview


ƒ Some definitions
ƒ Responsibilities and obligations
ƒ Important aspects:
– RFC content
– Categorization and prioritization of changes
– Change Advisory Board (CAB)
– Interface to other processes
ƒ Benefits and risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-1. Unit 06: Change Management SM251.0

Notes:

6-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-2. Change Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Change Management
Mission Statement

Change Management ensures that standardized methods and procedures are


used for efficient and prompt handling of all changes, to minimize the impact of
change-related incidents on service quality, and to improve the day-to-day
operations of the organization.
Goal of Change Management:

Efficient
Efficientand
andcost-saving
cost-saving
implementation
implementationof of
authorized
authorizedchanges
changes
with minimum
with minimumriskrisk
for
forexisting
existingandandnew
newITITinfrastructure
infrastructure

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-3. Change Management: Mission Statement SM251.0

Notes:
Changes arise as a result of problems, but many changes can come from proactively
seeking business benefits such as reducing costs or improving services. The goal of the
Change Management process is to ensure that standardized methods and procedures are
used for efficient and prompt handling of all changes, in order to minimize the impact of
change-related incidents upon service quality, and consequently to improve the
day-to-day operations of the organization.
To make an appropriate response to a change request entails a considered approach to
assessment of risk and business continuity, change impact, resource requirements, and
change approval. This considered approach is essential to maintain a proper balance
between the need for change against the impact of the change.
It is particularly important that Change Management processes have high visibility and
open channels of communication in order to promote smooth transitions when changes
take place.

6-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Some definitions

Change:
ƒ Process of moving from one defined state to another
Request for Change (RFC)
ƒ Request for Change to any component of an IT infrastructure or to any aspect of
an IT service
Change Advisory Board (CAB):
ƒ Body which approves changes and assists Change Management in assessment
and prioritization of changes
CAB/EC:
ƒ CAB Emergency Committee. Convened for urgent changes, or when emergency
decisions have to be made.

Post Implementation Review (PIR):


ƒ Assessment of implemented changes after a predefined period of time.

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-4. Change Management: Some definitions SM251.0

Notes:
A problem is a condition often identified as a result of multiple incidents that exhibit
common symptoms. Problems can also be identified from a single significant incident,
indicative of a single error, for which the cause is unknown, but for which the impact is
significant.
A known error is a condition identified by successful diagnosis of the root cause of a
problem, and the subsequent development of a workaround.
Structural analysis of the IT infrastructure, reports generated from support software, and
user-group meetings can also result in the identification of problems and known errors.
This is proactive Problem Management.
Problem control focuses on transforming problems into known errors. Error control focuses
on resolving known errors structurally through the Change Management process.
When major problems arise, there may not be time to convene the full Change Advisory
Board (CAB), and it is therefore necessary to identify a smaller organization with authority
to make emergency decisions. Such a body is known as the CAB Emergency Committee

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

(CAB/EC). Change procedures should specify how the composition of the CAB and
CAB/EC will be determined in each instance, based on the criteria listed above and any
other criteria that may be appropriate to the business. This is intended to ensure that the
composition of the CAB will be flexible, in order to represent business interests properly
when major changes are proposed. It will also ensure that the composition of the CAB/EC
will provide the ability, both from a business perspective and from a technical standpoint, to
make appropriate decisions in any conceivable eventuality.

6-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Why Change Management is so important
ƒ IT becomes an increasingly critical factor for business. Business demands
continuous change as new technologies are adopted. Users demand
increasing services in order to be able to fulfil their tasks. All these factors
require an IT environment in which management and control of changes are
very precisely managed.

ƒ Experience shows that a high percentage of problems with regard to IT


service quality can be traced back to a change of a system. Such problems
cause enormous costs and are becoming less acceptable.

ƒ This module describes the best practices for change management; they
impact the implementation of many other ITSM best practices. Finally, each
development - either relating to capacity management or a service desk -
corresponds with changes which again stand for a risk. That is why a very
strict procedure for effective change management makes sense.

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-5. Change Management: Why Change Management is so important SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Change Management
Tasks

Management of RFCs Authorize and


(change requests) plan changes

Change
Change
Management
Management

Review of all
implemented Monitoring of change
changes realization, testing,
and implementation

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-6. Change Management: Tasks SM251.0

Notes:
Most activities of change management involve control and decide (approval or rejection).
Changes must be carefully managed throughout their entire lifecycle from initiation and
recording, through filtering, assessment, categorization, authorization, scheduling, building,
testing, implementation, and eventually their review and closure. One of the key
deliverables of the process is the Forward Schedule of Change (FSC), a central
programme of change agreed by all areas, based on business impact and urgency.

6-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
The Process

Implementation Management

RFC
RFC Preparation Classification
Prioritization Rejection
Approval
Realization Planning
CAB
Test Authorization
Rejection

Implementation Evaluation/PIR
Backout

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-7. Change Management: The Process SM251.0

Notes:
Implementation and management activities within change management.

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Acceptance and
Documentation

PIR
Proof of Success

Release
ReleaseManager
Manager
Implementation

Control and
Authorization

Decline
Test
Test / Reject
Service
ServicePlanning
Planning
Building Review End

Control and Approval Rejected


Realization of
Simple Changes
Changes
Scheduling
and Planning

Processing/
Classification
-Registration-

RFC
RFC

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-8. The Process Steps SM251.0

Notes:

6-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Content of a Request for Change (RFC)

Sponsor and
Change
Requester

Software
Change
Hardware Advisory Board
(CAB)
CIs
CIs SLA and so on
Documentation
and so on
Purpose
RFC
Environment RFC

Category
Priority
Resource
What? Why? Cost
When? Impact on Estimation
Business
Services

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-9. Change Management: Content of a Request for Change (RFC) SM251.0

Notes:
Requests for Change (RFCs) are triggered for a wide variety of reasons, from a wide
variety of sources. The reasons include:
• Required resolution of an incident or problem report
• User or customer dissatisfaction expressed via customer liaison or Service Level
Management
• The proposed introduction or removal of a new CI
• Qproposed upgrade to some component of the infrastructure
• Changed business requirements or direction
• New or changed legislation
• Location change
• Product or service changes from vendors or contractors.

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

RFCs can be concerned with any part of the infrastructure or with any service or activity.
Here are some examples:
• Hardware
• Software
• Documentation
• Telecommunications facilities
• Engineering cover
• Training courses
• IT infrastructure management procedures
• Tactical plans
• Environmental infrastructure
RFCs can, of course, be in paper form, or — as is increasingly the case — be held
electronically, perhaps on the company intranet.
The following items should be included in an RFC form, whether paper or electronic:
• RFC number (plus cross-reference to problem report number, where necessary)
• Description and identity of item(s) to be changed (including CI identification(s) if
Configuration Management system is in use)
• Reason for change
• Effect of not implementing the change
• Version of item to be changed
• Name, location, and telephone number of person proposing the change
• Date that the change was proposed
• Change priority
• Impact and resource assessment (which may be on separate forms where convenient)
• CAB recommendations where appropriate (which may be held separately, with impact
and resource assessments, where convenient)
• Authorization signature (could be electronic)
• Authorization date and time
• Scheduled implementation (release identification, date and time, or both)
• Location of release or implementation plan

6-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Categorization: Minor – Significant – Major

Category of changes is based on impact to environment (risk to the business).

Category 1 (Minor Changes):


Minor impact only, and few “build” or additional “runtime” resources required. The
Change Manager should have delegated authority to authorize and schedule such
changes.

Category 2 (Significant Changes):


Significant impact, significant build or runtime resources required, or both.
The Change Advisory Board should be convened in order to authorize and schedule
such changes.

Category 3 (Major Changes):


Major impact, very large amount of build or runtime resources required, or both; or
impact likely upon other parts of the organization.
The RFC should be referred to the organization's top Management Board or other
appropriate body for discussion and a policy decision.

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-10. Change Management: Categorization: Minor – Significant – Major SM251.0

Notes:
The issue of risk to the business of any change should also be considered prior to the
approval of any change. Change Management should examine each RFC and decide how
to proceed based on the (predefined) category into which the RFC falls. The categorization
process examines the impact of the approved change on the organization in terms of the
resources needed to effect the change. Note that the structure and complexity of these
categories will very much depend on the needs of the business, including the range of
priority ratings identified

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Change Management
Prioritization

Every RFC should be allocated a priority that is based on the impact of the
problem and the urgency of the remedy.

Immediate:
Causing loss of service or severe usability problems to a larger number of users, a
mission-critical system, or some equally serious problem. Immediate action required.

High:
Severely affecting some users, or impacting a large number of users.
To be given highest priority for change building, testing, and implementation resources.

Medium:
No severe impact, but rectification cannot be deferred until the next scheduled release or
upgrade. To be allocated medium priority for resources.

Low:
A change is justified and necessary, but can wait until the next scheduled release or
upgrade. Resources to be allocated accordingly.

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-11. Change Management: Prioritization SM251.0

Notes:
Every RFC should be allocated a priority that is based on the impact of the problem and
the urgency for the remedy. This priority rating is used to decide which changes should be
discussed and assessed first, either by Change Management or by the CAB if necessary.
Change Management should be responsible for assigning this priority. The priority of RFCs
ideally should be decided in collaboration with the initiator and, if necessary, with the CAB;
but it should not be left to the initiator alone, as a higher priority than is really justified may
result. Risk assessment is of crucial importance at this stage. The CAB will need
information on business consequences in order to assess effectively the risk of
implementing or denying the change.

6-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Composition of the Change Advisory Board (CAB) should reflect user,
customer, and service provider view

Change
Manager Service Level
(Executive) Manager
Manager
Finance Dept
CAB/EC
CAB/EC
Application
CAB Manager
CAB

Release Manager Experts,


Technical
Consultants
Problem
Manager Services Staff

CAB/EC = Emergency Committee


13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-12. Change Management: Composition of the Change Advisory Board (CAB) should reflect user, customer, and service
provider view SM251.0

Notes:
The Change Advisory Board (CAB) is a decision authority, which is made up for the most
part of people from other functions within the organization. Note also that it is Configuration
Management who are responsible for ensuring that information regarding the possible
implications of a proposed change is made available, and that these possible impacts are
detected and presented appropriately. There will also be a need to have managers from
different areas of the organization within the CAB. The Change Manager is the executive
authority within the CAB. CAB is an ITIL term.
There will be occasions when a proposed infrastructure change will potentially have a
wider impact upon other parts of the organization (such as application development
projects or business operations), or vice versa. To mitigate possible negative impacts from
either direction, it is imperative that the infrastructure and other Change Management
systems be appropriately interfaced.

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Change Management
Optimization can be reached through correlation of RFCs on related CIs

Original request for


Original request for Configuration Management
change
change

Software CI to be Correlating
changed education CI

Correlating Correlating
operating CI hardware CI

Summarized request for change


Summarized request for change

Realistic impact of changes and reduction of bureaucratic expenditure

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-13. Change Management: Optimization can be reached through correlation of RFCs on related CIs SM251.0

Notes:
Configuration Management enables visualization of related CIs. Thus it is possible to
globally estimate the impact of an RFC in the whole IT environment. It would be useful to
consider the impact of an RFC on related CIs; this will give the support team a better view
of the realistic impact on the business, and will reduce bureaucratic expenditure.

6-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Interfaces to other SM processes (1)
Initiate change
Capacity Identify affected CIs
CapacityManagement
Management
Configuration
ConfigurationManagement
Management
Security
SecurityManagement
Management

Service
ServiceDesk
Desk
Determine effects of

Base
DataBase
planned changes
Problem Reports
ProblemManagement

ManagementData
Management Security
RFC SecurityManagement
Management

ConfigurationManagement
Account
AccountManagement
Management Capacity
CapacityManagement
Management
(for
(forcustomers)
customers) Change
Availability
Availabilityand
andITITServices
Services
Management Continuity
Service ContinuityManagement
Management
ServiceBuild
Buildand
andTest
Test Process

Configuration
Transfer Service
ServiceLevel
LevelManagement
Management
......
Financial
FinancialMgmt
MgmtITITServices
Services
Status Change Report
Distribution
Release
ReleaseManagement
Management
Update CMDB
Configuration
ConfigurationManagement
Management

Inform customers Generate new services


Service Service
ServiceDesign
ServiceDesk
Desk Design

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-14. Change Management: Interfaces to other SM processes (1) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Change Management
Interfaces to other SM processes (2)

Change
Change Release
Release
Configuration
ConfigurationManagement
Management Management
Management Management
Management
Determine
Approve
impact Check distribution
change
of new software
or, if required, the
hardware change

Capacity
Capacity Configuration
Configuration Configuration
Configuration
Management
Management Management
Management Management
Management
Determine Documentation
impact on Determine update CMDB
business and affected areas
IT performance

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-15. Change Management: Interfaces to other SM processes (2) SM251.0

Notes:

6-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Benefits

ƒ Better alignment of IT services to business requirements


ƒ Increased visibility and better communication of changes
ƒ Improved risk assessment
ƒ Reduced adverse impact of changes on service quality and SLA
ƒ Fewer backed out failed changes
ƒ Better problem and availability management due to management information on
accumulated changes
ƒ Better productivity of users (fewer disruptions, better service quality)
ƒ Better productivity of IT staff, as duties are better planned, and fewer wrong changes
ƒ Ability to absorb larger volume of changes
ƒ Better perception of IT by the business
ƒ Reduction in number of changes with adverse impact because of poor CM
ƒ Reduction in number of incidents because of changes
ƒ Low number of urgent changes

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-16. Change Management: Benefits SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Change Management
Risks

Potential problem areas:

ƒ Tracking of the change lifecycle easily leads to overload for a paper-based system

ƒ Employees try to bypass change management

ƒ Untested backup procedures – failing blackout procedures

ƒ Integration of external suppliers

ƒ Cultural conflicts – lacking acceptance of the change management process

ƒ Frequent refusal due to lack of strategic expedience

ƒ Possible stagnancy due to continuous analyses

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-17. Change Management: Risks SM251.0

Notes:

6-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Change Management
Best Practices

ƒ Concurrent integration with configuration and release management

ƒ Include the development environment in the change management process


separately from the production environment

ƒ Assign process responsibility, if possible, independently from the organisation’s


hierarchy

ƒ Conceive separate procedure for urgent changes and standard changes instead of
using the normal change management process

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-18. Change Management: Best Practices SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 6. Change Management 6-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Change Management
Summary

ƒ The goal of the change management process is to ensure that standardized


methods and procedures are used for efficient and prompt handling of all changes,
in order to minimize the impact of change-related incidents upon service quality,
and consequently to improve the day-to-day operations of the organization.
ƒ Implement only authorized changes; minimize risk and costs.
ƒ Request for Change (RFC) applies to all components of the IT infrastructure
ƒ Tasks
– Requests for change management, authorize and plan changes, monitor
realization, test and implementation, support the ongoing needs of business
ƒ CAB and Emergency Committee
ƒ Severity/Priority: urgent, high, medium, low
ƒ Effect - Category: none to significant effect
ƒ Back-out procedure
ƒ Process is always closed with change review

20 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 6-19. Change Management: Summary SM251.0

Notes:

6-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 7. Configuration Management

What This Unit Is About


This unit is an introduction to Configuration Management, and its
relationship with IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 07
Configuration Management

Content:

ƒ Configuration Management – objective and overview


ƒ Some definitions
ƒ Responsibilities and obligations
ƒ Important aspects:
– Configuration Management Database (CMDB)
– Interfaces to other SM processes
– Variant and baseline
– License management
ƒ Benefits, costs, risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-1. Unit 07: Configuration Management SM251.0

Notes:

7-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-2. Configuration Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Configuration Management
Mission Statement
Configuration Management provides a logical model for the infrastructure
or a service by identifying, controlling, maintaining, and verifying the
versions of Configuration Items (CIs) in existence.
Configuration Management covers the identification, recording, and reporting of IT
components, including their versions, constituent components, and relationships. Items
that should be under the control of Configuration Management include hardware,
software, and associated documentation.

The goal of Configuration Management is to provide IT infrastructure control through the


identification, registration, monitoring, and management of:
ƒ All the Configuration Items of the IT infrastructure in scope
ƒ All configurations, versions, and their documentation
ƒ All changes, errors, service level agreements, and history of the components in
general
ƒ Relationships between the different components
ƒ Exceptions between configuration records and the real infrastructure

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-3. Configuration Management: Mission Statement SM251.0

Notes:
Configuration Management is concerned with selecting and identifying the configuration
structures for all the infrastructure's CIs, including their “owner”, their interrelationships, and
configuration documentation. It includes allocating identifiers and version numbers for CIs,
labelling each item, and entering it on the Configuration Management Database
(CMDB). CI and CMDB are both ITIL terms.

7-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Tasks

Configuration Management is responsible for:


ƒ Specification of versions, configuration
status accounting of all current and
historical data concerned with each CI
throughout its lifecycle
IT
ƒ Documentation of the relationship IT
Infrastructure
Infrastructure
between all CIs
Planning
ƒ Tracing records about any CI Identification
& naming
ƒ Ensuring that only authorised changes
on a Configuration Item have been
implemented
Status proof
ƒ Reviews and audits that verify the
physical existence of CIs and check
that only authorised and identifiable Control CMDB
CIs are accepted and correctly Verification
recorded in the Configuration and audit
Management system.

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-4. Configuration Management: Tasks SM251.0

Notes:
CM is responsible for records and data associated with a CI, including incidents, known
errors, and problems, and corporate data about employees, suppliers, locations, business
units, and procedures.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Configuration Management
Definition: Configuration Item
All components that are part of the IT infrastructure are called Configuration Items
(CIs).
Configuration Items:
ƒ Are required to provide services
ƒ Should be clearly identifiable
ƒ Are submitted for changes
ƒ Have to be administered

CI
Configuration Items have: CI
ƒ A category
ƒ Relationships
CI
ƒ An attribute
CI CI
ƒ A status

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-5. Configuration Management: Definition: Configuration Item SM251.0

Notes:
CIs may be hardware, software, or documentation. Examples include services, servers,
environments, equipment, network components, desktops, mobile units, applications,
licences, telecommunication services, and facilities. Configuration identification includes
allocating identifiers for CIs, including individual versions of the CI and their configuration
documents. Other records and data associated with a CI include incidents, known errors,
and problems, and corporate data about employees, suppliers, locations, business units,
and procedures.
Examples of CIs:
• Personal computers
• Network components
• Service Level Agreements
• Manuals
• Applications
What do you think is part of your IT infrastructure?

7-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Definition: Configuration Item – Scope and Level of Detail

Documen-
Service Hardware Software Documen- Environment
L Service Hardware Software tation
tation
Environment
L
e
e
v
v
e
e Network
l
l printer
PC
Software
o bundle
o
f Local
f printer USV
d
d
e
e
t DBMS W.P. e-mail
t HD Keyboard CPU
SLA
a
a
i
i
l
l
scope
scope
7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-6. Configuration Management: Definition: Configuration Item – Scope and Level of Detail SM251.0

Notes:
All configuration items that are under control of the IT organization are registered in the
Configuration Management Database (CMDB). CIs have relationships to each other. Every
extra detail will bring more work to keep it up to date.
The scope of the Configuration Management database is defined by the area of
responsibility of the IT organization.
The level of detail is defined by the need for information of the IT management processes,
the control of the information, and the costs and benefits of a CMDB.
The attributes of CIs also depend on the need for information, the control of the
information, and the costs and benefits.
The distinction between Configuration Management and Asset Management is the
recognition of relationships between CIs.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Examples of these relationships:


• Hierarchically subjected to (parent-child relation)
• Is part of (a processor is part of a PC)
• Interfaced with (a system is connected to a printer)
• Uses (a program uses a subroutine)
• Is a copy of (program is a copy of ....)
• Is related to (attribute) (serial number, location, status)

7-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Tasks

Configuration Configuration
identification Control

Configuration
Configuration
Management
Management

Verification and
Status
Audit
Accounting

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-7. Configuration Management: Tasks SM251.0

Notes:
Configuration identification is the selection, identification, and labelling of the configuration
structures and CIs, including their respective “owner” and the relationships between them.
CIs may be hardware, software, or documentation. Examples include services, servers,
environments, equipment, network components, desktops, mobile units, applications,
licences, telecommunication services, and facilities. Configuration identification includes
allocating identifiers for CIs, including individual versions of the CI and their configuration
documents.
Configuration control is concerned with ensuring that only authorized and identifiable CIs
are recorded from receipt to disposal. It ensures that no CI is added, modified, replaced, or
removed without appropriate controlling documentation, such as an approved change
request.
Configuration status accounting is the reporting of all current and historical data concerned
with each CI throughout its lifecycle. It enables tracking of changes to CIs and their
records, for example tracking the status as a CI changes from one state to another, such as
“development”, “test”, “live”, or “withdrawn”.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The first audit must be conducted after the implementation of configuration management.
Furthermore, at regular intervals, verification must take place, in other words the registered
data within the CMDB will be verified with the actual data.

7-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Configuration Management Database (CMDB) – Structure Overview

IT Infrastructure
IT Infrastructure

Hardware Software Network Documentation


Hardware Software Network Documentation
CI Categories

Suite 1 Suite 2
Suite 1 Suite 2
Superordinated CI
(Parent)
Program 1- 1 Program 1- 2 Program 1- 3
Program 1- 1 Program 1- 2 Program 1- 3
Subordinated CI
(Children)

Module 1- 2- 1 Module 1- 2- 2
Module 1- 2- 1 Module 1- 2- 2

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-8. Configuration Management: Configuration Management Database (CMDB) – Structure Overview SM251.0

Notes:
Many organizations are already using some elements of Configuration Management,
often using spreadsheets, local databases, or paper-based systems. In today's large and
complex IT infrastructures, Configuration Management requires the use of support tools,
which includes a Configuration Management Database (CMDB). Physical and electronic
libraries are needed along with the CMDB to hold definitive copies of software and
documentation. The CMDB is likely to be based upon database technology that provides
flexible and powerful interrogation facilities.
The CMDB should hold the relationships between all system components, including
incidents, problems, known errors, changes, and releases. The CMDB also contains
information about incidents, known errors, and problems, and corporate data about
employees, suppliers, locations, and business units.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Configuration Management
CMDB – Status of CI

)n
tio

ce
t

uc
en

an
od
pm

en

n
pr

aw
lo
d

nt
d

(in
ve
ne

re

oc

dr
t

ai
s
de
de

te
an

m
ve

th
st

wi
or

In

Li
pl

in

in
in

Lifecycle of a CI

CMDB scope

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-9. Configuration Management: CMDB – Status of CI SM251.0

Notes:
Status is a mandatory attribute of a CI. Also, status accounting is an activity within
Configuration Management. It covers the reporting of all current and historical data
concerned with each CI throughout its lifecycle. This enables changes to CIs and their
records to be traceable, for example tracking the status of a CI as it changes from one state
to another, for instance “under development”, “being tested”, “live”, or “withdrawn”.

7-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Interfaces with all other processes

Start
Problem finding and solution process

Incident Strategic processes


Finance
Problem
Architectures
Known error
Configuration
Management Other modules
RFC
Data Base
(CMDB) Service Level
Approved change Management
IT Continuity
Changed, tested, Management
implemented

Closure

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-10. Configuration Management: Interfaces with all other processes SM251.0

Notes:
Configuration Management provides information to other processes of Services
Management.
The Configuration Management process interfaces with all other processes:
• Service Desk / Incident Management
• Problem Management
• Change Management
• Release Management
• Service Level Management
• Availability Management
• Capacity Management
• IT Service Continuity Management
• Financial Management for IT Services
• Security Management
Providing accurate information on CIs and their documentation. This information supports
all other Service Management processes, such as Release Management, Change

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Management, Incident Management, Problem Management, Capacity Management, and


Contingency Planning. For example, if a new product is available that requires a minimum
configuration, Configuration Management can provide information for upgrade planning
and replacements.
Controlling valuable CIs. For example, if a computer were stolen then it would have to be
replaced. Configuration Management helps IT management to know what its assets are
supposed to be, who is responsible for their safekeeping, and whether the actual inventory
matches the official one.
Facilitating adherence to legal obligations. Configuration Management maintains an
inventory of all items of software within an IT infrastructure. CIs that come to light, via
configuration audits or calls to the Service Desk, that are not on this list are not authorized,
and may well have not been paid for. Illegal copies can easily be identified, for erasure or
destruction.
Helping with financial and expenditure planning. Configuration Management provides a
complete list of CIs. It is easy to produce from this list expected maintenance costs and
licence fees; maintenance contracts; licence renewal dates; CI life expiry dates; and CI
replacement costs (provided that this information is stored). By providing this information,
Configuration Management contributes to IT directorates' financial planning.
Making software changes visible. Such changes can be used to trigger investigations by IT
management into possible changes that may be needed for data protection, licence
management, and regulatory compliance.
Contributing to contingency planning. The CMDB and secure libraries facilitate the
restoration of IT service in the event of a disaster, by identifying the required CIs and their
location (provided, of course, that they are themselves properly backed up).
Supporting and improving Release Management. Configuration Management information
supports the rollout across distributed locations by providing information on the versions of
CIs and changes incorporated into a release.
Improving security by controlling the versions of CIs in use. This makes it more difficult for
these CIs to be changed accidentally, maliciously, or for erroneous versions to be added.
Enabling the organization to reduce the use of unauthorized software. Unauthorized
software, and non-standard and variant builds, all increase complexity and support costs,
and so any reduction in their occurrence should bring benefits to the organization.
Allowing the organization to perform impact analysis and schedule changes safely,
efficiently, and effectively. This reduces the risk of changes affecting the live environment.
Providing Problem Management with data on trends. Such data will relate to trends in
problems affecting particular CI types, such as from particular suppliers or development
groups, for use in improving the IT services. This information on problem trends supports
the proactive prevention of problems.

7-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Relationship with Release and Change Management
Change
Change Release
Release Configuration
Configuration
Management
Management Management
Management Management
Management

Configuration Management Database


Register RFC and Documentation and
assign ID configuration audit

Definitive Software Library


Reporting of
Impact analysis affected CIs, areas,
and people

Update
Approve change
documentation
Distribution of
Implementation software and
(includes pre-release hardware Update
testing for software) documentation documentation

Post-implementation
review
Store changed CIs
according to quality
Close RFC
required

Closure

Example: release of new software


12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-11. Configuration Management: Relationship with Release and Change Management SM251.0

Notes:
Configuration Management has a strong relationship with Change and Release
Management. Therefore, these processes are often planned alongside Configuration
Management.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Configuration Management
CIs and their relations to other processes

Incident Record Change Record


Incident Record Change Record

CI
CI
Problem Record Known Error Record
Problem Record Known Error Record

Service / SLA
Service / SLA

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-12. Configuration Management: CIs and their relations to other processes SM251.0

Notes:

7-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Variant and Baseline

Variant
Configuration items with same base functionality, but with minor differences (for
example, a printer with additional RAM is a variant of a printer).

Baseline (basis of comparison)


A configuration baseline is the configuration of a product or system established at a
specific point in time, which captures both the structure and details of a configuration. It
serves as a reference for further activities. An application or software baseline provides
the ability to change or to rebuild a specific version at a later date.
A configuration baseline is also a snapshot, or a position, that is recorded. Although the
position may be updated later, the configuration baseline remains fixed as the original
state and is thus available to be compared with the current position. A configuration
baseline is used to assemble all relevant components in readiness for a change or
release, and to provide the basis for a configuration audit and regression, for example
after a change.
The Configuration Management system should be able to save, protect, and report on a
configuration baseline, its contents, and documentation.

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-13. Configuration Management: Variant and Baseline SM251.0

Notes:
General guidance is: if a CI can be regarded as slightly different from another related CI,
and problems affecting one are likely to affect the other, or changes made to the one will
probably have to be made to the other, then use of a variant should be considered;
otherwise, a different CI should be used.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Configuration Management
Licence Management

Responsibility for controlling and auditing software licences should be


unambiguous and involves purchasing and Asset or Configuration Management.

ƒ Company directors, senior managers, and others, are liable to face


imprisonment and fines if illegal software is found to be in use within their
enterprise.
ƒ Purchase of unnecessary licences wastes resources.
ƒ Configuration Management enables an enterprise to monitor and control
software licences, from purchase to disposal.

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-14. Configuration Management: Licence Management SM251.0

Notes:
Licence Management is part of Configuration Management.
Company directors, senior managers, and others are liable to face imprisonment and fines
if illegal software is found to be in use within their enterprise. Configuration Management
enables an enterprise to monitor and control software licences, from purchase to disposal.
Software licence structures, and corporate and multi-licensing schemes, need to be
understood and communicated to service-provider staff and Customers.
Responsibility for controlling and auditing software licences should be unambiguous and
should involve purchasing and Asset or Configuration Management. This may be difficult
when Users find it so easy to purchase and download software from the Internet, but this
can be resolved by links to disciplinary procedures detailed within the organization’s
Security Policy.

7-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Benefits

ƒ Improved Asset Management


ƒ Helps to minimize risks of changes
ƒ Provides accurate information on CIs and their documentation
ƒ Improves security by controlling the versions of CIs in use
ƒ Facilitates adherence to legal obligations
ƒ Helps in financial and expenditure planning
ƒ Supports Release Management and Service Level Management

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-15. Configuration Management: Benefits SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Configuration Management
Costs

Costs are outweighed by benefits, because Configuration Management allows


handling of a large volume of changes, thus keeping quality. Configuration
Management control reduces risks of viruses, wrong software, fraud, theft, and so
on.
ƒ Staff costs for developing and running procedures
ƒ Hardware and software configuration identification
ƒ Hardware and software for the CMDB & DSL
ƒ Customization of Configuration Management tool
ƒ Integration with other Service Management tools
ƒ Training and education

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-16. Configuration Management: Costs SM251.0

Notes:

7-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Risks

Potential problem areas:

ƒ CIs with too much or too little detail


ƒ Interfaces to other systems in which CI information is stored
ƒ Keep the information in the CMDB accurate
ƒ Roles and responsibilities
ƒ Lack of configuration control
ƒ Overambitious schedules and unrealistic expectations
ƒ No commitment from management

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-17. Configuration Management: Risks SM251.0

Notes:
CIs are defined at the wrong level with too much detail (so that staff become involved in
unnecessary work) or too little detail (so that there is inadequate control).
Implementation is attempted without adequate analysis and design. The end result is,
consequently, not what is required.
Tactical schedules are over-ambitious. Configuration Management may be perceived as a
bottleneck if adequate time is not built into schedules to allow staff to carry out their duties.
When changes and releases are being scheduled, past experience of the time taken to
complete Configuration Management activities should be taken into account. IT
management needs to be proactive in providing automated facilities for activities on the
critical path and to make it clear that time should be allowed for Configuration
Management.
Commitment is lacking. Without a firm commitment to the processes from managers, it is
difficult to introduce the controls that some staff would prefer to avoid. Examples of poor
Change Management and Configuration Management can often convince managers of
the need for better control.

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The process is perceived to be too bureaucratic or rigorous. Consequently, individuals and


groups use this as an excuse for not following the process.
The process is routinely circumvented. Some people will try to circumvent Configuration
Management in the interests of speed or with malicious intent. Attempts should be made to
overcome this problem by making such people aware of the benefits of Configuration
Management.
Processes are inefficient and error-prone. This is often the case where manual processes
are in use. In almost all cases it is advisable to choose an automated solution from the
outset.
Expectations of what the tool can do are unrealistic. Staff and managers may expect a
Configuration Management tool to deliver a total solution and end up blaming the tool for
processes or people that appear insufficient for the task.
The chosen tool may lack flexibility. Problems can occur when the Configuration
Management tool does not allow for new requirements or does not support all CI
categories.
Configuration Management has been implemented in isolation. If Configuration
Management is implemented without Change Management or Release Management, it is
much less effective and the intended benefits may not be realized.
Expectations of what the Configuration Management process can do are unrealistic. Asset
and Configuration Management cannot and should not be expected to make up for poor
project management or poor acceptance testing. Poorly controlled installations and test
environments will affect the quality of releases and result in additional incidents,
problems, and changes, which will in turn require additional resources.
Proper configuration control is not in place. For example, Configuration Management may
be difficult where Users have the ability to purchase, download, and install software from
the Internet.

7-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Configuration Management
Best Practices

ƒ Early establishment of configuration management


ƒ Show the extraordinary significance of the database thus created
ƒ Enforce the compliance of change management processes
ƒ Meticulous selection and design of support tools
ƒ Inventory should be tool supported and automated
ƒ "You can only control what you know or what is documented."

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-18. Configuration Management: Best Practices SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 7. Configuration Management 7-23


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Configuration Management
Summary

ƒ Configuration Management provides a logical model of the infrastructure or a


service by identifying, controlling, maintaining, and verifying the versions of
Configuration Items (CIs) in existence.
ƒ Activities: planning, identification and registration, status accounting, control,
verification and audit, reporting, role for the evaluation of change effects.
ƒ Configuration Items: categories, attribute, relationships, status, unique
reference number
ƒ Configuration Management Database (CMDB)
ƒ Scope and level of detail of CMDB (value of information)
ƒ Variant and Baselines
ƒ Licence Management
ƒ Configuration Management process supports all other service management
processes

20 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 7-19. Configuration Management: Summary SM251.0

Notes:

7-24 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 8. Release Management

What This Unit Is About


This unit is an introduction to Release Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 08
Release Management

Content:

ƒ Release Management – objective and overview


ƒ Responsibilities and obligations
ƒ Some definitions
ƒ Important aspects:
– Definitive software library/definitive hardware store
– Software release
ƒ Benefits, costs, risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-1. Unit 08: Release Management SM251.0

Notes:

8-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Release Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-2. Release Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Release Management
Mission Statement

Release Management takes a holistic view of a change to an IT service, and


should ensure that all aspects of a release, both technical and non-technical, are
considered together.

Release Management should be used for:


ƒ Large or critical hardware rollouts, especially when there is a dependency on a
related software change in the business systems, in other words not every single
PC that needs to be installed
ƒ Major software rollouts, especially initial instances of new applications along with
accompanying software distribution and support procedures for subsequent use if
required
ƒ Bundling or batching related sets of changes into manageable-sized units
Release Management undertakes the planning, design, building, configuration,
and testing of hardware and software to create a set of release components for a
live environment. Activities also cover the planning, preparation, and scheduling
of a release to many customers and locations.

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-3. Release Management: Mission Statement SM251.0

Notes:
Software Control & Distribution (SC&D) is more than just application software. Software
items are operating systems software, middleware configurations, and application
software. In addition to startup scripts and configuration scripts, firmware is also included
under software items.

8-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Release Management
Goal

ƒ Plan and oversee successful rollout of software and hardware releases


ƒ Design and implement efficient procedures for distribution and installation of
changes to IT systems
ƒ Ensure changes in hardware and software are traceable, authorized, tested, and
correct
ƒ Communicate and manage expectations to the customer during planning and
rollout of releases
ƒ Agree content and rollout plan for the release, through Change Management
ƒ Implement software and hardware releases in operational environment using
controls from Configuration Management and Change Management
ƒ Ensure that all master copies of all software are secured in the DSL and that the
CMDB is updated

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-4. Release Management: Goal SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Release Management
Why Release Management

Software is increasingly considered as an important capital value with even a


strategic importance. The control of software is therefore mandatory. Some of the
most important aspects are:
ƒ Preventive measures (for example, to avoid pirate copies)
ƒ Consistency (for example, compatibility of client programmes with server
programmes)
ƒ Licences (for example, software should not be used by more than the
agreed number of users simultaneously)

Release management is responsible for the storage of authorized software (self-


developed, purchased or licensed applications, or utility software), the release of
software in a production environment, the distribution of software to remote
locations, as well as the implementation of software to make it operational.

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-5. Release Management: Why Release Management SM251.0

Notes:

8-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Release Management
Tasks

Control of the
Definitive Software
Library (DSL) and
DHS
Definition of release
guidelines

Distribution of
software, hardware,
Release and linked CIs
Release
Management
Management

Performing software
Monitoring of the and hardware audits
release creation (using CMDB)

Management of
the releases

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-6. Release Management: Tasks SM251.0

Notes:
The Release Management process takes a holistic view of changes to IT services,
considering all aspects of a release, both technical and non-technical. Release
Management is responsible for all legal and contractual obligations for all hardware and
software in use within the organization. In order to achieve this and to protect the IT assets,
Release Management establishes secure environments, both for hardware in the Definitive
Hardware Store (DHS), and for software in the Definitive Software Library (DSL).

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Release Management
Definitions

Release: a collection of authorized changes to an IT service. Often divided into:


ƒ Major software releases and hardware upgrades
ƒ Minor software releases and hardware upgrades
ƒ Emergency software and hardware fixes
Release Unit: portion of IT infrastructure that is normally released together.
Full Release: all components of the Release Unit are built, tested, and implemented
together. Reduced likelihood of untested errors; longer time to implement.
Delta Release: includes only those CIs in the Release Unit that have actually changed
since the last release.
Package Release: grouping of Full and Delta Release to reduce the frequency of
releases. Reduces probability of outdated or incompatible software in use.
Definitive Software Library (DSL): Secure compound containing all definitive
authorized versions of all SW CIs (master copies). Also for master copies of
documentation.
Definitive Hardware Store: secure area containing definitive hardware spares.
CMDB: contains definitions of planned releases, and CIs impacted by planned and past
releases.

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-7. Release Management: Definitions SM251.0

Notes:

8-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Release Management
Major Activities of Release Management

Live
Live
Development
Development Environment
Environment Controlled
Controlled Test
Test Environment
Environment Environment
Environment

Acceptance
Release Acceptance
Configure

Planning
Planning

& Configure

Roll-Out Planning

Communication,
Release Planning

Communication,
Fit-for-Purpose
Policy

Fit-for-Purpose

&
Release Policy

Development,
Procurement

Distribution &
Development,

Preparation,
Procurement

Preparation,

Installation
Installation
Distribution
Training
Design,

Testing

Training
Design,

Testing
Release

Roll-Out
Release

Build &

Release
Build

CMDB
CMDB with
with Definitive
Definitive Software
Software Library
Library (DSL)
(DSL)

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-8. Release Management: Major Activities of Release Management SM251.0

Notes:
The main components to be controlled are:
• Application programs developed in-house
• Externally developed software (including standard off-the-shelf software as well as
customer-written software)
• Utility software
• Supplier-provided systems software
• Hardware, and hardware specifications
• Assembly instructions and documentation, including user manuals.
All deliverables need to be managed effectively, from development or purchasing, through
customization and configuration, through testing and implementation, to operation in the
live environment.
This figure outlines the major activities in Release Management and their position in the
lifecycle of a change. Configuration Management records should be updated during build

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

and release to ensure that there are trusted releases that can be reverted to in case of
problems. A release should be under Change Management, and the content and timing of
a release should be authorized in advance via the Change Management process.

8-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

User
User Service
Service
Individual software installation Provider
Provider
Individual
Individual Installation
Installation and
and configuration
configuration Individual
Individual
programs
Installation
Installation of
of updates
updates programs
programs of
ofindividual
individual programmes
programmes programs

Software roll-out
Software
Software Software
Software Installation
Installation Software
Software
installation Configuration
Configuration Function
Functiontesting
testing management
installation transmission
transmission monitoring
monitoring management

System reload
System
System
Base
Basesystem
system Reinstallation
Reinstallation of
ofthe
the base
base system
system User-specific
User-specific configuration
configuration support
support

Update of the CMDB


Documentation
Documentation of
ofthe
the Transmission
Transmission of
oferror
error
Configuration
Configuration Hardware
Hardware inventory
inventory CMDB
CMDB
software
software configuration
configuration protocols
protocols

Application support
Remote
Remoteoperation
operationof
of the
the Application
Application
Applications
Applications Guidance
Guidance to
to users
users Configuration
Configuration check
check support
application
application support

System support
System
System Update
Update // configuration
configuration of
of PC
PC and
and ISDN
ISDN Updates
Updates and
and Installation
Installation System
System
technology
technology technology
technology patches
patches of
ofupdates
updates support
support

Directed
Directed Time
information
information flow
flow

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-9. Interactions SM251.0

Notes:
Some subprocesses of release management.

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Release Management
DSL and DHS

DSL = Definitive Software Library


contains the master copies of all
controlled software in an organization
Quality Control
(Viruses / Licence /
Test /
DHS = Definitive Hardware Store Logical Completeness)
Storage
secure storage of definitive hardware
spares
Release issue
ƒ These are spare components and
assemblies that are maintained at
the same level as the comparative DSL
Software and
systems within the live environment. linked
Physical
Configuration
ƒ Details of these components and Distribution
Items
their respective builds and contents
are comprehensively recorded in the Physical
Storage
CMDB.

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-10. Release Management: DSL and DHS SM251.0

Notes:
The Definitive Software Library (DSL) is the term used to describe a secure compound in
which the definitive authorized versions of all software CIs are stored and protected. This
one storage area may, in reality, consist of one or more software libraries or file-storage
areas that should be separate from development, test, or live file-store areas. It contains
the master copies of all controlled software in an organization. The DSL should include
definitive copies of purchased software (along with licence documents or information), as
well as software developed on-site. Master copies of controlled documentation for a system
will also be stored in the DSL in electronic form.
DHS - An area should be set aside for the secure storage of definitive hardware spares.
These are spare components and assemblies that are maintained at the same level as the
comparative systems within the live environment. Details of these components and their
respective builds and contents should be comprehensively recorded in the CMDB. These
can then be used in a controlled manner when needed for additional systems or in the
recovery from major incidents. Once their (temporary) use has ended, they should be
returned to the DHS or replacements obtained.

8-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Release Management
Software Release

Release Unit
Determines the content of the
software package
Network
Computer Release Types
Mainframes
ƒ Full Release (All software CIs from
Software
the release are built, tested, and
Management implemented together.)
Internet
System
Software ƒ Delta Release (includes only those
Software
Distribution CIs within the Release unit that
Distribution
have actually changed or are new
Planning
CDs since the last full or delta release.)
ƒ Package Release (individual
Laptops releases (full units, delta releases,
Client/Server
or both) are grouped together to
form Package Releases.)
PCs
ƒ Emergency Fix

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-11. Release Management: Software Release SM251.0

Notes:
Please note the following for the slide:
Full Release
The major advantage of full releases is that all components of the release unit are built,
tested, distributed, and implemented together. There is no danger that obsolete versions of
CIs that are incorrectly assumed to be unchanged will be used within the release. There is
less temptation to short-circuit testing of supposedly unchanged CIs and of the interfaces
from changed CIs to unchanged ones.
Any problems are therefore more likely to be detected and rectified before entry into the
live environment. The disadvantage is that the amount of time, effort, and computing
resources needed to build, test, distribute, and implement the release will increase.
Although in some circumstances the testing of a delta release (see below) may need to be
as extensive as that for an equivalent full release, the amount of building effort required to
test a delta release is normally less than for a full release.

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Regression testing as part of the process of implementing a full release allows a large
number of components to be retested to ensure that there is no degradation in system
function or behavior.
An example of a full release could consist of the complete release of a new version of
client desktop software, or client desktop hardware, or both.
Delta Release
A delta, or partial, release is one that includes only those CIs within the release unit that
have actually changed or are new since the last full or delta release. For example, if the
release unit is the program, a delta release contains only those modules that have
changed, or are new, since the last full release of the program or the last delta release of
the modules.
There may be occasions when release of a full unit cannot be justified. In such cases, a
delta release may be more appropriate. A decision should be made on whether delta
releases are allowed, and under what circumstances. There is no single “correct” choice. It
is recommended that delta releases be allowed, with the decision being taken on a case by
case basis.
In each case, the Change Advisory Board (CAB) should make a recommendation, based
upon all the relevant facts, on whether the release unit stipulated in the release policy is
appropriate, or whether a delta release is preferable. In making its recommendation, the
CAB should take into account:
• The size of a delta release in comparison with a full release, and hence the resources
and effort required
• The urgency of the need for the facilities to be provided by the release to the users
• The number of CIs (below the release unit level) that have changed since the last full
release; a very large number may enforce a full release
• The possible risk to the business if compatibility errors are found in the release (for
example, would it be preferable to wait for a full release than to risk interface problems
arising with a delta release?)
• The resources available for building, testing, distributing, and implementing the delta
release (for example, if implementation is to be via non-technical staff, is it easier to
implement a complete new release than a delta release?)
• The completeness of impact analysis information to make an informed and objective
decision.
Package Release
To provide longer periods of stability for the live environment by reducing the frequency of
releases, it is recommended that, where appropriate and where the resulting larger amount
of change can be confidently handled without problems, individual releases (full units,
delta releases, or both) are grouped together to form “package releases”. For example,
changes to one system or suite will often require changes to be made to others. If all these

8-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty changes have to be made at the same time, they should be included in the same package
release.
A package can, for example, contain an initial version of a new TP service, several new
versions of batch programs, a number of new and initial versions of individual modules,
together with the release of a complete new desktop system (both hardware and software).
Both full and delta releases may be included.
The use of package releases can reduce the likelihood of old or incompatible software
being wrongly kept in use. It can encourage organizations to ensure that all changes that
should be made concurrently, in different suites and systems, are actually made
concurrently. It can also encourage organizations to test the interworking of these suites
and systems fully.
Care should be taken, however, not to exceed, in any particular package release, the
amount of change that can be handled comfortably. When making a decision on what to
include in the package, care should be taken to ensure that the full impact of all individual
parts on each other part is understood and has been properly assessed.

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Release Management
Benefits

ƒ Greater success rate in hardware and software release, hence improved QOS delivered to
the business
ƒ Consistency in the release processes of hardware and software environments
ƒ Less disruption of service to business by synchronizing releases having impact on different
components
ƒ Assurance that hardware and software in use is of known quality, because releases are built
properly (quality control, testing, under Change Management)
ƒ More stable environment, as changes are bundled into releases, hence fewer
implementations required
ƒ Better expectation level because of release schedule
ƒ Audit trail of changes
ƒ Control and safeguarding of hardware and software assets
ƒ Higher rate of changes can be absorbed without affecting IT QOS by using a release
comprising multiple changes
ƒ Lower probability of illegal copies in environment
ƒ Easier detection of wrong versions and unauthorized copies
ƒ Reduced time to release and fewer delays

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-12. Release Management: Benefits SM251.0

Notes:

8-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Release Management
Costs

ƒ Resources
– Software: supported software tools, database
– Security for DSL
– Hardware and equipment, especially data storage
– Spare components (DHS)
– Network resources (remote control)

ƒ Staff:
– Salary, training
– Tests

ƒ Tailoring of the process

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-13. Release Management: Costs SM251.0

Notes:
This slide discusses the costs of building the DSL and the DHS. For secure release
distribution, a secure network is needed. The staff who support the process and the
tailoring of the process will generate expense.

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Release Management
Risks

Potential problem areas:

ƒ Establishment of version and release guidelines with external suppliers


ƒ Bypass defined procedures
ƒ Creation of the definitive software library
ƒ DSL integration using automatic software distribution
ƒ Ensure that version numbering guidelines comply with releases
ƒ Staff resistance to procedures because of lack of knowledge of benefits.
Education is required.

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-14. Release Management: Risks SM251.0

Notes:

8-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Release Management
Best Practices

ƒ Physical storage of all operational software in the definitive software library


(DSL)
ƒ Distribution of each software item from the DSL. Use of the DSL as source
for distribution.
ƒ Integration of Release Management (operational), Change Management
(control), and Configuration Management (control and administration)
ƒ Control of each software item using release, version, and package
guidelines
ƒ Release Management process also for additionally purchased software (not
only for self-developed software)

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-15. Release Management: Best Practices SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 8. Release Management 8-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Release Management
Summary

ƒ Release Management undertakes the planning, design, building, configuration,


and testing of hardware and software to create a set of release components for a
live environment. The focus is to protect the live environment and services
through the implementation of formal procedures and release checks.
ƒ A Release is a collection of authorized changes to an IT service.
ƒ Responsibilities: control of the DSL, definition, building and management of
software releases, distribution of software CIs, software audits
ƒ Release types: Full, Package, Delta Release, and Emergency Fix
ƒ DSL and DHS
ƒ Process relationship
– Release Management (Operational)
– Change Management (Control).
– Configuration Management (Control and Administration).

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 8-16. Release Management: Summary SM251.0

Notes:

8-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 9. Service Level Management

What This Unit Is About


This unit is an introduction to Service Level Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 09
Service Level Management

Content:

ƒ Service Level Management – objective and overview


ƒ Responsibilities and obligations
ƒ Some definitions
ƒ Important aspects:
– Service Level Agreement (SLA)
– Service spec sheet
ƒ Benefits, risks, costs
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-1. Unit 09: Service Level Management SM251.0

Notes:

9-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-2. Service Level Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Mission Statement

The goal for Service Level Management is to maintain and improve IT service quality, through a
constant cycle of agreeing, monitoring, and reporting upon IT service achievements and instigation
of actions to eradicate poor service, in line with business or cost justification. Through these
methods, a better relationship between IT Services and its customers can be developed.
Service Level Management (SLM) is essential in any organization so that the level of IT service needed to
support the business can be determined, and monitoring can be initiated to identify whether the required
service levels are being achieved - and if not, why not.
Service Level Agreements (SLA), which are managed through the SLM Process, provide specific targets
against which the performance of the IT organization can be judged.
The following belong to the scope of Service Level Management::
ƒ Service relationship customer - supplier
ƒ Improved specification and knowledge of service demands
ƒ Higher flexibility and reaction readiness of the service provider
ƒ Balanced relation between customer demands and service costs
ƒ Measurable service level
ƒ Objective conflict solution
ƒ Quality improvement (continuous review)

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-3. Service Level Management: Mission Statement SM251.0

Notes:
Service Level Management is the name given to the processes of planning, coordinating,
drafting, agreeing, monitoring, and reporting on SLAs, and the ongoing review of service
achievements to ensure that the required and cost-justifiable service quality is maintained
and gradually improved. SLAs provide the basis for managing the relationship between the
provider and the customer.
What is an SLA?
A written agreement between an IT service provider and the IT customer(s), defining the
key service targets and responsibilities of both parties. The emphasis must be on
agreement, and SLAs should not be used as a way of holding one side or the other to
ransom. A true partnership should be developed between the IT provider and the customer,
so that a mutually beneficial agreement is reached, otherwise the SLA could quickly fall
into disrepute and a culture of blame prevent any true service quality improvements from
taking place.

9-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Why Service Level Management

ƒ Service Level Management (SLM) is responsible for the qualitative and


quantitative management of the services provided by the IT organization to its
customers. An essential element in the service management level process is
the service level agreement (SLA), a "contract" between the IT organization
and its customers, that specifies the services to be delivered. Qualitative as
well as quantitative details such as performance and availability of those
services are specified within the SLA.

ƒ A Service Level Agreement (SLA) is important for the judgement and


execution of most activities in the IT organization. SLAs provide the basis for
managing the relationship between the provider and the customer.

ƒ Due to organizational and cultural effects, the SLM process is one of the most
important but also the most complex. It formalizes the relationship between the
customer organization and the IT organization. The SLA can also serve as a
catalyst to demonstrate the necessity of further important ITSM processes and
their contributions to the fulfilment of the SLA.

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-4. Service Level Management: Why Service Level Management SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


SLM – Balance service capabilities and service requirements

Demand for IT Offer


services IT services

Requirement Capabilities

Customer Primary Issues: Service Provider Primary Issues:


•Cost, Convenience •Efficiency
•Satisfaction •Effectiveness

ƒƒ Knowledge
Knowledge of
of business
business requirement
requirement
ƒƒ Knowledge
Knowledge of
of the
the service
service catalog
catalog

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-5. Service Level Management: SLM – Balance service capabilities and service requirements SM251.0

Notes:

9-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Definitions

Service Level Agreement (SLA): agreement between IT service provider and the IT
customer(s), detailing key service targets and responsibilities of both parties.

Operational Level Agreement (OLA): agreement between IT service provider and


other internal service providers on which the service depends.

Underpinning Contract (UC): contract with external IT service providers (for hardware
or software).

Service Catalog (SC): list of all IT services provided which can come into scope for
SLAs. Also lists users of the service and their maintainers.

Service Level Requirement (SLR): list of all customer requirements for the service.

Service Improvement Program (SIP): Management can instigate a SIP to identify and
implement whatever actions are necessary to overcome any difficulties and restore
service quality.

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-6. Service Level Management: Definitions SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Tasks

Service Demand of
Service level
catalog service level
agreement

Customer
relationship Operational
care Service Level level agreements
Service Level and contracts (UC)
Management
Management

Service specification
sheet (service
specification)
Monitoring,
review, and Service
evaluation improvement
program

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-7. Service Level Management: Tasks SM251.0

Notes:
The tasks which belong to SLM activities include those shown on the slide.

9-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Service Level Management Activities

Identify existing
service levels
and new
requirements
Review and Define offerings
with OLAs and
adjust service
Underpinning
provision, SLA Contracts

Report to the Agree on SLAs


customer and and maintain
IT organization Service Catalog

Monitor and
evaluate
service levels
versus SLAs
9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-8. Service Level Management: Service Level Management Activities SM251.0

Notes:
The main activities within the SLM process are shown on the slide.

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Manage relationship with customers and suppliers
(internal and external)

Business Context IT Provider Internal IT Provider


IT Organizations

Service Level
Management
SLA OLA
Network HW
IT customer
Operating ...
SLA

UC

Service
Portfolio External Provider

Service Level Agreement Operational Level Agreement Underpinning Contract (UC)


(SLA) (OLA) ƒA contract with an external
ƒA written agreement between an ƒA contract or agreement with an supplier covering delivery of
IT Service Provider and the IT internal supplier covering delivery services
Customer(s). of services. ƒA UC should have a commercial
ƒAn SLA should have a commercial ƒAn OLA has no legal part. and a legal part.
and a legal part. ƒA UC is a SLA with the external
supplier or provider‘s point of view
10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-9. Service Level Management: Manage relationship with customers and suppliers (internal and external) SM251.0

Notes:
To define the service which a IT organization should provide, an SLA is a mandatory
contract. To ensure delivery of service, the IT organization needs an underpinning contract
with its suppliers.

9-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Different points of view: Communication

Negotiation of The communication between all individuals concerned is a


service level
agreements key factor for effective and efficient SLAs!

Legal: Staff point of view:


Contract law, handling, Operational specification,
disputes, penalties education, administration

SLA
Customer’s point of view:
Commercial: Reaction time, service time,
Accounting, charging ...
Technical:
Tools, methods,
metrics collection procedures
11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-10. Service Level Management: Different points of view: Communication SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Content of a Service Level Agreement (SLA)

Name, date, Version numbers, SLA release


parties, dates, contents, management and
signatures signatures service change
procedures

Management
reporting, review General information:
methods Service Level
Service Level contact persons,
Agreement
Agreement escalation, penalties,
definitions
Quality
objectives, care
and support
Concerned parties,
Service roles and
specification responsibilities
sheet

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-11. Service Level Management: Content of a Service Level Agreement (SLA) SM251.0

Notes:
Not a fixed rule: some of the content items are mandatory, and others are not.

9-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Service Level Agreement (SLA) – Basic Structure
• Validity
• Name of the client or customer
• Business field, products
Recourse claims for
• Type of service or product non-compliance of SLAs
Ö Definition and scope of business -> liability regulation
Ö Customer requirements
Ö Process steps description for the product handling

• Prerequisites that have to be fulfilled by the customer or client

• Agreed quality standards


Ö Availability
Ö “Deadlines” for same-day handling
Ö Quality degrees
Ö Emergency regulation (reference to emergency concepts)
... + signatures of the
Ö Incidents contract partners
Ö Claims and escalation procedures
• Action plans
Ö Reports
Ö Periodic checks
Ö Q circle
• Costs accounting and charging
• Bonus/Malus Regulation

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-12. Service Level Management: Service Level Agreement (SLA) – Basic Structure SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Service Level Agreement (SLA) – Legal Contents

§ Preamble § Costs and performance clearing


§ Change Management § Performance control, measuring method
§ Scope § Reporting
§ General conditions § Failure of provision
§ Cooperation duties of the customer § Penalties
§ Consulting § Warranty, liability, damages
§ Education § Duration of contract
§ Performance description § Extraordinary termination
§ Backup and data protection § Conversion
§ Limitations, restrictions, exclusions § Claim to working results
§ Priorities § Venue
§ Escalations § Writing
§ Other obligations § Final provision
§ Secrecy

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-13. Service Level Management: Service Level Agreement (SLA) – Legal Contents SM251.0

Notes:

9-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Elements of a Service Spec Sheet

Service description, Service time


Name, date,
date, duration, and location, terms
parties
signatures of delivery and
financial terms

Procedures for Service Supplied


Service
changes, delivery, specification products and
specification
recovery action sheet accessories
sheet

Security, backup
and recovery, Service levels,
contingency, availability,
security performance

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-14. Service Level Management: Elements of a Service Spec Sheet SM251.0

Notes:
The specification sheet specifies in detail what the customer wants (external), and what
consequences this has for the service provider (internal), such as required resources and
skills.

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Benefits

ƒ Improvement in IT service quality and reduction of service outages can lead to


significant financial savings
ƒ Satisfied customers and better customer relationship
ƒ Clearer view between both parties on roles and responsibilities
ƒ Specific targets that have to be achieved and that can be measured and reported
ƒ Focusing of IT effort on what the business thinks is key
ƒ IT and customers have consistent expectations on the level of service required
ƒ Identification of weak areas that can be remedied subsequently
ƒ SLM underpins supplier management and vice-versa
ƒ IT services are designed to meet Service Level Requirements
ƒ SLAs can be the basis for charging, and are the demonstration of what customers
receive for their money.

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-15. Service Level Management: Benefits SM251.0

Notes:

9-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Risks
Potential problem areas:
ƒ Monitoring actual achievements and having the same perception as the customer.
This impacts the following:
– Committing only to achievable targets
– Verifying targets prior to agreement
– SLAs based on desires rather than achievable targets
ƒ Inadequate resources and time – SLA management done in the margin of …
ƒ Too low seniority for SLA manager
ƒ SLAs not supported by adequate UCs and OLAs
ƒ Unclear definition of responsibilities of each party, making some things fall between
the “cracks”
ƒ IT-based rather than business-aligned
ƒ Business not knowing its requirements
ƒ Not focused SLAs
ƒ SLAs being considered as overhead rather than chargeable service
17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-16. Service Level Management: Risks SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Costs
The costs for SLM should be viewed as investment and added value.
ƒ Staff: salaries, training, consultancy – initial and ongoing
ƒ Support tools and hardware
ƒ Marketing costs

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-17. Service Level Management: Costs SM251.0

Notes:

9-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Service Level Management


Best Practices

ƒ Show the winning of business oriented to SLA


ƒ Clearly differentiate Service Level Management (Process) from Service
Level Agreements (Contract)
ƒ Charging on SLA basis and not globally
ƒ Clear definition in a clear language of SLA for all parties
ƒ SLA Definition only as an activity of the Service Level Management process
ƒ Each SLA should be supported by its own OLAs and UCs

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-18. Service Level Management: Best Practices SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 9. Service Level Management 9-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Service Level Management


Summary

ƒ The goal of SLM: to maintain and gradually improve business-aligned IT


service quality, though a constant cycle of agreeing, monitoring, reporting, and
reviewing IT service achievements, and through instigating actions to eradicate
unacceptable levels of service
ƒ Important reasons for implementing Service Level Management: alignment of
expectations, which is a major prerequisite for running the service organization as
a business; improvement of service quality (customer-oriented) through
measurable service levels
ƒ Responsibilities: care of customer relations; planning and maintenance of the
service catalog; drafting of SLRs; negotiation, preparation, and monitoring of
higher service overall contracts, SLAs, OLAs and UCs, as well as plans for
improving service and quality
ƒ SLA: Service Level Agreement (duration, service description, transfer rate,
availability, reaction times, signature)
ƒ The quality of IT services supports the company’s success!

20 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 9-19. Service Level Management: Summary SM251.0

Notes:

9-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 10. Availability Management

What This Unit Is About


This unit is an introduction to Availability Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Module 10
Availability Management

Content:

ƒ Availability Management – objective and overview


ƒ Responsibilities and obligations
ƒ Some definitions
ƒ Important aspects:
– Uptime, downtime, and availability
– Availability measurement
– Availability reporting
ƒ Benefits and risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-1. Module 10: Availability Management SM251.0

Notes:

10-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Integration into the IPW Model

Implementing your Service Desk infrastructure

IPW Model is a trade mark of Quint Wellington and KPN Telecoms


3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-2. Availability Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Mission Statement

Availability management ensures that IT delivers the right levels of


availability required by the business to satisfy its business objectives and to
deliver the quality of service demanded by its customers.
Availability Management should ensure that the required level of availability is provided.
The measurement and monitoring of IT availability is a key activity to ensure that
availability levels are being met consistently.
Availability Management should look continuously to optimize the availability of the IT
Infrastructure, services, and supporting organisation, in order to provide cost-effective
availability improvements that can deliver proven business enhancements to customers.

Goal of Availability Management:


ƒ Forecast, planning, and management of services availability, to ensure that:
– All services are based on appropriate and latest CIs
– For CIs not supported internally, appropriate agreements exist with third-party
suppliers
– Changes are suggested in order to avoid future service downtime
ƒ Ensures that SLA-agreed availability is met

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-3. Availability Management: Mission Statement SM251.0

Notes:

10-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Definitions (1)

Availability: measured by Mean Time Between Failures (MTBF).


ƒ Ability of an IT service or component to perform its required function at a
stated instant, or over a stated period of time
ƒ Underpinned by reliability, maintainability, serviceability, and resilience of the
IT infrastructure
Reliability: measured by Mean Time Between System Incidents (MTBSI)
ƒ Ability to work without operational failure
ƒ Depends on the probability of failure of each component, the resilience built
into the IT infrastructure, and the preventive maintenance applied to prevent a
failure from occurring
Maintainability: measured by the Mean Time To Repair (MTTR)
ƒ Ability to be retained or restored to an operational state
ƒ Depends on anticipation, detection, diagnosis, resolution, recovery from
failures, and restoration of data and IT service

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-4. Availability Management: Definitions (1) SM251.0

Notes:
Availability Management
• Availability is the ability of an IT service or component to perform at a stated instant, or
over a stated period of time.
• Reliability is the level of freedom from operational failure of the IT service or
component.
• Maintainability is the ability to retain in, or restore a service or component to, an
operational state.
• Security focuses on the Confidentiality, Integrity, and Availability (CIA) of data.
• Serviceability on its own cannot be measured as a specific metric. It is a measure of
the three Availability, Reliability, and Maintainability capabilities of the IT service and
components that must be done.

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Definitions (2)

Serviceability: cannot be measured as a specific metric


ƒ Ability to maintain the availability, reliability, and maintainability provided by
the contractual agreements with the IT service providers
Resilience: or Fault Tolerance
ƒ Ability of an IT service to remain operational in spite of malfunction by one or
more subcomponents

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-5. Availability Management: Definitions (2) SM251.0

Notes:

10-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Tasks

Availability
Monitoring, planning
Review, and
Assessment Availability
plan

Availability
Availability
Management
Management

Availability
Improvement
Identification
Availability
Requirements

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-6. Availability Management: Tasks SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Inputs and Outputs

Inputs: Outputs:
ƒ Availability, reliability, and maintainability ƒ Availability and recovery design
requirements of the business for new or criteria for new or enhanced IT
enhanced IT services. services

ƒ Business Impact Assessment (BIA) ƒ Availability techniques that will be


deployed to provide additional
for each vital business function infrastructure resilience
underpinned by the IT infrastructure.
Availability ƒ Availability reporting to reflect the
ƒ Information on IT service and business, IT support, and user
component failures coming from Management perspectives
incidents and problems. ƒ Monitoring requirement for IT
ƒ Configuration and monitoring data components that allow the detection
of deviations in availability
ƒ SLA achievements
ƒ Availability Plan for the proactive
improvement of IT infrastructure
availability

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-7. Availability Management: Inputs and Outputs SM251.0

Notes:

10-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Uptime, Downtime, and Availability
MTTR

Recognition Repair Recovery

Incident Diagnosis Recovery Incident

MTBF

MTBSI

Time

MTTR - Mean Time to Repair Æ DOWNTIME Æ Maintainability


MTBF - Mean Time Between Failure Æ UPTIME Æ Availability (Serviceability)
MTBSI - Mean Time Between System IncidentÆ Average ReliabilityÆ Reliability

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-8. Availability Management: Uptime, Downtime, and Availability SM251.0

Notes:
A guiding principle of Availability Management is to recognize that it is still possible to gain
customer satisfaction even when things go wrong. One approach to help achieve this
requires Availability Management to ensure that the duration of any incident is minimized to
enable normal business operations to resume as quickly as possible.
Availability Management should work closely with Incident Management and Problem
Management in the analysis of unavailability incidents.
A good technique to help with the technical analysis of incidents affecting the availability of
components and IT services is to take an incident “lifecycle” view.
Every incident passes through several major stages. The time elapsed in these stages may
vary considerably. For Availability Management purposes, the standard incident “lifecycle”,
as described within Incident Management, has been expanded to provide additional help
and guidance, particularly in the area of “designing for recovery”.

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

MTBF (Mean Time Between Failures) is the average elapsed time from the time an IT
service or supporting component is fully restored until the next occurrence of a failure to the
same service or component
MTBSI (Mean Time Between System Incidents) is the average elapsed time between the
occurrence of one failure and the next failure
MTTR (Mean Time To Repair) is the average elapsed time from the occurrence of an
incident to resolution of the incident.

10-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Availability Measurements (1)

When is a service not available?

”A service is not available to a customer if the locally required functions cannot


be used, although the agreed conditions for the provision of the service are
fulfilled."

A simple calculation of availability in %:

Agreed service time - Downtime 100


X
Agreed service time 1

But what does 98% availability mean?

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-9. Availability Management: Availability Measurements (1) SM251.0

Notes:
This slide shows some of the simple mathematics required to enable component and total
Infrastructure Availability to be calculated. This information is needed to help formulate
availability targets for IT components and IT services. Additionally, these output
calculations can be input to any availability modeling tools that are available.
The examples provided in this section are fairly straightforward, with the calculations
presented being sufficient to provide adequate estimates of availability. Where more
detailed estimates of availability are required, it may be necessary to research more
complex mathematical calculations. The statistical analysis of incident data and the
forecasting of availability are a rich study field in many industries outside IT, such as
electronics and aviation.

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Availability Measurement (2)

Serial Parallel

Availability = 90%
Disk A

Disk A Disk B

Availability = 90% Availability = 90%


Disk B
Availability = 90%

Availability only then, if both are in operation Availability = 1 – not available

=> AxB= 1 – both are not available =

0.9 * 0.9 = 0.81 or 81% 1 – (A not available) x (B not available) =


1 – 0.1 * 0.1 = 0.99 or 99%

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-10. Availability Management: Availability Measurement (2) SM251.0

Notes:
The availability percentage for each IT component within the total IT infrastructure may be
different, and as such it is necessary to provide a calculation that reflects the total
infrastructure availability.
The levels of resilience provided positively influence the availability percentage for the total
infrastructure.
This slide shows the serial and parallel configuration calculation of availability.

10-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Availability Measurement Example (3)

Example of availability in a parallel or a serial architecture

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-11. Availability Management: Availability Measurement Example (3) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Risk Management is also an aspect of availability

Assets Threats Weaknesses

Risk analysis Risks


Risks
Risk management

Management
Countermeasures Planning for
of downtimes
possible downtimes

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-12. Availability Management: Risk Management is also an aspect of availability SM251.0

Notes:
The identification of risks and the provision of justified countermeasures to reduce or
eliminate the threats posed by such risks can play an important role in achieving the
required levels of availability for a new or enhanced IT service.
Risk Analysis should be undertaken during the design phase for the IT infrastructure and
service to identify:
• Risks that may incur non-availability for the IT components within the IT infrastructure
and service design
• Risks that may incur confidentiality, integrity exposures, or both within the IT
infrastructure and service design
Risk Analysis involves the identification and assessment of the level (measure) of the
risks calculated from the assessed values of assets and the assessed levels of threats to,
and vulnerabilities of, those assets.

10-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Risk Management involves the identification, selection, and adoption of countermeasures
justified by the identified risks to assets in terms of their potential impact upon services if
failure occurs, and the reduction of those risks to an acceptable level.
This approach, when applied via a formal method, ensures that coverage is complete
together with sufficient confidence that:
• All possible risks and countermeasures have been identified
• All vulnerabilities have been identified and their levels accurately assessed
• All threats have been identified and their levels accurately assessed
• All results are consistent across the broad spectrum of the IT infrastructure reviewed
• All expenditure on selected countermeasures can be justified.

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Availability Reporting

Classical reporting measures


ƒ % available
ƒ % unavailable
ƒ Duration of unavailability in hours
ƒ Frequency of failure
ƒ Impact of failure
Problems with classical measures:
– Fails to reflect IT availability as experienced by the business and users
– Conceal “hot spots”. Generally good availability for the IT organization
– Does not support continuous improvement

Future measured variables (CCTA acceptance):


ƒ Impact by user minutes lost (user productivity)
ƒ Impact by business transaction

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-13. Availability Management: Availability Reporting SM251.0

Notes:
The IT support organization has for many years measured and reported on its perspective
of availability. Traditionally, these measures have concentrated on component availability,
and have been somewhat divorced from the business and user views.
Typically, these traditional measures are based on a combination of an availability
percentage (%), time lost, and the frequency of failure. Some examples of these traditional
measures are as follows:
% Available - The truly “traditional” measure which represents qvailability as a percentage
and, as such, is much more useful as a component availability measure than as a service
availability measure. It is typically used to track and report achievement against a service
level target. It tends to emphasize the “big number”, such that if the service level target was
98.5% and the achievement was 98.3%, then it does not seem that bad. This can
encourage a complacent behavior within the IT support organization.
% Unavailable - The inverse of the above. This representation, however, has the benefit of
focusing on non-availability. Based on the above example, if the target for non-availability
was 1.5% and the achievement was 1.7%, then this is a much larger relative difference.

10-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty This method of reporting is more likely to create awareness of the shortfall in delivering the
level of availability required.
Duration - Achieved by converting the percentage unavailable into hours and minutes.
This provides a more “human” measure that people can relate to. If the weekly downtime
target is 2 hours but one week the actual was 4 hours, this would represent a trend leading
to an additional 4 days of non-availability to the business over a full year. This type of
measure and reporting is more likely to encourage focus on service improvement.
Frequency of failure - Used to record the number of interruptions to the IT service. It helps
provide a good indication of reliability from a user perspective. It is best used in
combination with Duration to take a balanced view of the level of service interruptions and
the duration of time lost to the business.
Impact of failure - This is the true measure of service unavailability. It depends upon
mature incident recording, where the inability of users to perform their business tasks is
the most important piece of information captured. All other measures suffer from a potential
to mask the real effects of service failure.
The business may have, for many years, accepted as a fait accompli that the IT availability
that they experience is represented in this way. However, this is no longer being viewed as
acceptable, and the business is keen to better represent availability in measure(s) that
demonstrate the positive and negative consequences of IT availability on their business
and users.
The traditional IT approach to measurement and reporting provides an indicator of IT
availability and component reliability which is important for the internal IT support
organization. However, to the business and users, these measures fail to reflect availability
from their perspective and are rarely understood. This often fuels mistrust between the
business and IT where, despite periods of instability, the “%” target has been met even
though significant business disruption has occurred and customer complaints have been
received.
Furthermore, this method of measurement and reporting can often hide the benefits
delivered to the business from IT improvements. The traditional IT availability measures
can simply mask real IT “added value” to the business operation.
While the traditional IT availability measurement and reporting methods can be considered
appropriate for internal IT reporting, the disadvantages of this approach are that they:
• Fail to reflect IT availability as experienced by the business and the users
• Can conceal service “hot spots”, whereby regular reporting shows the SLA as being
“met”, but the business, the users, or both, are becoming increasingly dissatisfied with
the IT service
• Do not easily support continuous improvement opportunities to drive improvements that
can benefit the business and the users
• Can mask IT “added value”, where tangible benefits to the business and users have
been delivered, but the method of measurement and reporting does not make this
visible.

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Benefits
ƒ IT services with an availability requirement are designed, implemented, and
managed to consistently meet that target
ƒ Improvement of capability of the IT infrastructure to attain the required levels of
availability to support the critical business processes
ƒ Improvement of customer satisfaction and recognition that availability is the
prime IT deliverable
ƒ Reduction in frequency and duration of incidents that impact IT availability
ƒ Single point for availability is established within the IT organization (process
owner)
ƒ Levels of IT availability provided are cost-justified and support SLAs fully
ƒ Shortcomings in provision of availability are recognized and coped with in a
formal way
ƒ Mindset moves from error correction to service enhancement: from reactive to
proactive attitude

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-14. Availability Management: Benefits SM251.0

Notes:

10-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Risks

Potential problem areas:

ƒ Costs of availability management are seen as overhead and are too high
ƒ It is difficult to quantify the availability demands of the user and to determine
their costs
ƒ Lack of available resources with the required skills
ƒ Gathering of availability data requires many tools to underpin and support the
process
ƒ Vendor dependency
ƒ Broad knowledge of IT infrastructure

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-15. Availability Management: Risks SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Availability Management
Best Practices

ƒ Separation of design and measurement

ƒ Usage in connection with capacity, financial management for IT services,


and IT service continuity management

ƒ Determination of metrics using this process

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-16. Availability Management: Best Practices SM251.0

Notes:

10-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Availability Management
Summary

ƒ The goal of the Availability Management process is to optimize the capability of


the IT infrastructure, services, and supporting organization to deliver a cost-
effective and sustained level of availability that enables the business to satisfy
its business objectives.
ƒ Aspects: Availability, Maintainability, Reliability, Serviceability
ƒ Risk Management
ƒ Measures of Availability:
– MTBSI (Mean Time Between System Incidents)
– MTTR (Mean Time To Repair )
– MTBF (Mean Time Between Failures)
– Calculation of Availability

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 10-17. Availability Management: Summary SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 10. Availability Management 10-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

10-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 11. Capacity Management

What This Unit Is About


This unit is an introduction to Capacity Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 11
Capacity Management

Content:

ƒ Capacity Management – objectives and overview


ƒ Responsibilities and obligations
ƒ Important aspects
– Capacity planning
– Capacity Database (CDB)
ƒ Benefits, risks, costs
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-1. Unit 11: Capacity Management SM251.0

Notes:

11-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Capacity Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-2. Capacity Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Mission Statement

Capacity Management is responsible for ensuring that the capacity of the IT infrastructure matches
the evolving demands of the business in the most cost-effective and timely manner.
Capacity Management needs to understand the business requirements (the required provision of IT
services), the organization's operation (the current provision of IT services), and the IT infrastructure (the
means of provision of IT services), and to ensure that all the current and future capacity and performance
aspects of the business requirements are provided cost-effectively.
However, Capacity Management is also about understanding the potential for service provision. New
technology needs to be understood and, if appropriate, used to deliver the services required by the
business. Capacity Management needs to recognize that the rate of technological change will probably
increase and that new technology should be harnessed to ensure that the IT services continue to satisfy
changing business expectations. One of the result of the activities of Capacity Management is a
documented capacity plan.
The goal of Capacity Management:

Ensure
Ensure
required,
required,acceptable,
acceptable,
cost-
cost-effectivecapacity
cost - effective capacity
of
of IT resources, inorder
IT resources, in orderthat
thatthe
theservice
servicelevels
levelswhich
whichare
are
agreed with the company are fulfilled in a timely manner.
agreed with the company are fulfilled in a timely manner.

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-3. Capacity Management: Mission Statement SM251.0

Notes:

11-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Capacity Management
Why Capacity Management?
There are a number of reasons why an organization should implement Capacity
Management.
ƒ Capacity Management provides the required information about:
– Which components need to be upgraded (such as main memory, faster hard
disk, larger bandwidth)
– When to perform upgrades – not too early, otherwise expensive overcapacities
cannot be used; and not too late, in order to avoid bottlenecks, bad
performance, and consequently, customer dissatisfaction
– How much the upgrade will be – planning elements and predictions will
influence budget planning
ƒ Capacity management is based on:
– Business requirements
– Existing structures of the company
– Existing IT infrastructure
ƒ The customer does not require capacity; the customer requires services
ƒ The expenditure for IT capacities needs to be continuously justifiable
ƒ It provides information on current and planned resource utilization of individual
components, allowing decisions on which components to upgrade, when to do so,
and how much it will cost.

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-4. Capacity Management: Why Capacity Management? SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Capacity Management has three sub-processes

Demand Management

Business Service Resource


Capacity Capacity Capacity
Management Management Management

Capacity Plan

Capacity Iterative activities


Database (Performance Mgmt)

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-5. Capacity Management: Capacity Management has three sub-processes SM251.0

Notes:
Capacity Management consists of a number of sub-processes, within which there are
various activities. The sub-processes of Capacity Management are:
Business Capacity Management: This sub-process is responsible for ensuring that the
future business requirements for IT services are considered, planned, and implemented in
a timely fashion. This can be achieved by using the existing data on the current resource
utilization by the various services to trend, forecast, or model the future requirements.
These future requirements come from business plans outlining new services,
improvements and growth in existing services, development plans, and so on.
Service Capacity Management: The focus of this sub-process is the management of the
performance of the live, operational IT services used by the customers. It is responsible for
ensuring that the performance of all services, as detailed in the targets in the SLAs and
SLRs, is monitored and measured, and that the collected data is recorded, analyzed, and
reported. As necessary, action is taken to ensure that the performance of the services
meets the business requirements. This is performed by staff with knowledge of all the

11-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty areas of technology used in the delivery of end-to-end service, and often involves seeking
advice from the specialists involved in Resource Capacity Management.
Resource Capacity Management: The focus in this sub-process is the management of
the individual components of the IT infrastructure. It is responsible for ensuring that all
components within the IT infrastructure that have finite resource are monitored and
measured, and that the collected data is recorded, analyzed, and reported. As necessary,
action must be taken to manage the available resource to ensure that the IT services that it
supports meet the business requirements. In carrying out this work, the Capacity
Management process is assisted by individuals with specialist knowledge in the particular
areas of technology.

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Tasks

Iterative
Activities
Business
Capacity Analyze
Management
Tuning

Implementation
Service Capacity
Capacity Capacity
Management Monitoring
Management Management

Demand
Resource
Management
Capacity
Management
Capacity
Database Application
(CDB) Sizing

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-6. Capacity Management: Tasks SM251.0

Notes:
Ongoing: iterative activities, Demand Management, storage of data in the Capacity
Database (CDB)
Ad hoc: Modeling and application sizing
Regularly: Production of capacity plan

Iterative activities:
Monitoring in order to ensure optimum use of hardware and software such that agreed
service levels can be achieved. Metrics are:
• CPU, memory, file store utilization
• Transactions: per second, response time
• Batch duration profiles

11-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Distinguish between availability data and performance data. Thresholds should be set
based on analysis of previously recorded data. They should be set below targets in SLAs to
allow for corrective action before an SLA is breached.
Analysis of the collected data to identify trends from which normal utilization and service
levels can be established. Report on exception conditions compared with baseline. Predict
future resource usage. Analysis should happen on short-term, medium-term, and
long-term.
Tuning of configurations to improve performance through:
• Balancing workloads or disk traffic
• Change locking strategy (database, page, table, record, row)
• Efficient use of memory
Implementation of tuning activities in the live environment should happen through
Change Management to limit impact on the customers of the service.

Capacity Database
It is a cornerstone of a successful Capacity Management system. It is the basis of
performance and capacity reports to be delivered to management and technical personnel.
All sub-processes use it.
For more details, see notes on page 11-14.

Demand Management
• Influence demand for, and use of, resources
• Carried out as short-term solution to a capacity problem (like the breakdown of a
redundant component that was also in use, hence halving capacity)
• Carried out as longer-term solution if difficult to justify expensive upgrade
• Exercised through:
- Physical constraints or limiting usage
- Financial constraints or charging
• Can be carried out by any of the three sub-processes.

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Input & Output

SUB-PROCESS
INPUT OUTPUT
Business Capacity Management ƒ Capacity plans
ƒ Technologies Trend, forecast, model, prototype, ƒ CDB
ƒ SLAs, SLRs, and ƒ Minimum requirements
service portfolio size, and documentation and profiles
ƒ Business plans and of future business requirements ƒ Threshold values and
strategies signals
ƒ Maintenance windows ƒ Capacity reports
ƒ Employment and Service Capacity Management (regular, ad hoc, and in
development plans and Monitor, analyze, tune, and report special cases)
programmes ƒ SLA and SLR
ƒ Planning of future on service performance; establish recommendations
changes baselines and profiles of use of ƒ Costs and
ƒ Incidents and recommendations for
problems services further calculations
ƒ Service reviews Manage demand for service ƒ Proactive changes and
ƒ SLA violation service improvements
ƒ Financial plans ƒ Revised maintenance
ƒ Budgets Resource Capacity Management windows
Monitor, analyze, and report on ƒ Effectiveness review
ƒ Audit reports
utilization of components,
Establish baselines and profiles on
use of components

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-7. Capacity Management: Input & Output SM251.0

Notes:

11-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Capacity Management
Iterative Activities

A number of the activities of Capacity


Management need to be carried out
iteratively, and form a natural cycle:
Tuning

ƒ Set up and maintain the Capacity Database


ƒ Reporting
Implementation Analysis
– Analyzes and reports
– Production of the capacity plan
ƒ Demand Management and Monitoring
Monitoring
– Ensure that the future business
requirements for IT services are
considered
– Report on performance against targets
SLM Exception Resource Utilization
contained in SLA Reports Exception Reports
Resource
– Monitoring of resources Utilization SLM Thresholds
– Forecast future capacity requirements Thresholds
Capacity
ƒ Document costs associated with options Management
Database
ƒ Assess new technology and its relevance (CDB)

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-8. Capacity Management: Iterative Activities SM251.0

Notes:
Monitors should be established on all the components and for each of the services. The
data should be analyzed, using, wherever possible, expert systems to compare usage
levels against thresholds. The results of the analysis should be included in reports, and
recommendations made as appropriate. Some form of control mechanism may then be put
in place to act on the recommendations. This may take the form of balancing services,
changing concurrency levels, and adding or removing resource. The cycle then begins
again, monitoring any changes made to ensure that they have had a beneficial effect, and
collecting the data for the next day, week, or month.

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Capacity Plan
The Capacity Plan should be published annually in line with the budgetary cycle. Ideally, it
should be updated quarterly, and consists of the following parts:

ƒ Introduction
– Scope of planning
– Methods
ƒ Assumptions and prerequisites
ƒ Management summary
ƒ Business evaluations and scenarios
ƒ Service summary
ƒ Resource summary
ƒ Options for service improvement
ƒ Cost model
ƒ Recommendations
• Business benefit to expect
• Potential impact (of not) carrying out recommendations; risks involved
– Required resources
– Costs: unique and ongoing

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-9. Capacity Management: Capacity Plan SM251.0

Notes:
Capacity Plan
Contains:
Introduction
Explains background to this issue of the capacity plan:
• Current levels of capacity of the organization
• Problems and pain points identified due to over- or under-capacity.
• Changes since last issue of capacity plan
Scope of plan is given (ideally all IT resources).
Methods used (how and when information obtained from sub-processes):
• Business forecasts from business plans
• Workload forecasts from users
• Service level forecasts from modeling

11-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Management summary


Highlight main issues, options, recommendations and costs.
Business scenarios
Put the plan in the context of the current and future business environment. Mention all
known business forecasts so that readers can determine what is inside and outside the
scope of the plan.
Service summary
For each current and recent service provision, provide a service profile, including
throughput rates and resulting resource utilization. Trends should be presented.
Service forecasts should be detailed because of new and demised services.
Resource summary
Current and recent resource usage should be documented, reporting on trends.
Resource forecasts coming from service forecasts.
Options for service improvement
Outlines possible options for improving effectiveness and efficiency of service delivery;
upgrading network, consolidating applications, rewriting custom built applications, and so
on.
Cost model
Costs associated with options should be documented.
Current and forecasted cost of providing IT services (data generally coming from IT
financial management).
Recommendations
Summary of recommendations made in previous plan and status.
Any new recommendations should be made.
Recommendations should be quantified in terms of:
• Business benefit to expect
• Potential impact in (not) carrying out recommendations
• Risks involved
• Resources required
• Setup cost and ongoing cost

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Capacity Database

Capacity Database (CDB)

ƒ Data in the CDB is stored and used by all the sub-processes of Capacity
Management because it is a repository that holds a number of different types of
data: business, service, technical, financial, and utilization data.

ƒ The CDB is unlikely to be a single database, and probably exists in several


physical locations.

ƒ The information in the CDB is used to form the basis of performance and Capacity
Management reports that are to be delivered to management and technical
personnel.

ƒ The data is also utilized to generate future capacity forecasts, and to allow
Capacity Management to plan for future capacity requirements.

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-10. Capacity Management: Capacity Database SM251.0

Notes:
Capacity Database
It is a cornerstone of a successful Capacity Management system. It is the basis of
performance and capacity reports to be delivered to management and technical personnel.
All sub-processes use it.
It contains business data:
• Number of accounts
• Number of branches
• Number of calls into call centers
• Number of PCs
• Anticipated workloads
It contains service data:
• Transaction response times

11-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty • Times for batch jobs to be processed


• SLM thresholds
It contains technical data:
• Limitations of resources (80% CPU, 30% Ethernet)
It contains financial data:
• Financial plans
• IT budgets
• External suppliers
• CMDB
It contains utilization data of resources:
• Data of current utilization of components
• Lower granularity data on older utilization data of components
Can exist in several physical locations.
Outputs are:
• Service- and component-based reports
• Exception reporting on capacity and performance for component or service. Special
interest in reporting on items that affect SLAs.
• Capacity forecasts to predict future growth.

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Benefits and Costs

Benefits Costs
ƒ Reduced risk of performance problems and ƒ Setting up Capacity Management:
failure – Procurement of required hardware and
ƒ Cost savings software, such as monitoring tools
ƒ Both achievable through: – Project management
– Planned buying – Staff costs
– Deferring expenditure until really – Accommodation
needed (but in a controlled way) ƒ Daily management of Capacity
– Matching capacity to business need Management:
ƒ Ensures that systems have sufficient capacity – Annual maintenance and upgrades
to run the applications required by the – Ongoing staff costs
business for the foreseeable future – Recurring accommodation costs (leasing,
ƒ Provides information on current and planned rental, energy)
resource utilization of individual components
allowing decisions on which components to
upgrade, when to do so, and how much it will
cost.

““Planned
Planned buying
buying is
is cheaper
cheaper than
than panic
panic buying.”
buying.”

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-11. Capacity Management: Benefits and Costs SM251.0

Notes:

11-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Capacity Management
Risks

Potential problem areas:

ƒ Customer expectations exceed technical capability


ƒ Unrealistic product information from vendor
ƒ Wrong estimation of future workload by the customer
ƒ Precise predictions become more difficult with shorter business planning
cycles
ƒ Considering all service areas (software, PC, server, LAN, WAN, TK, and so
on) within the scope of capacity management

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-12. Capacity Management: Risks SM251.0

Notes:
Possible problems:
Over-expectation
Customer expectations often exceed technical capability. Therefore it is essential that
customer expectations for new applications be managed from the outset. Capacity
Management needs to discuss with customers the technical feasibility and, more
importantly, the cost implications, of meeting over-ambitious requirements. The opportunity
to achieve this is provided as part of the application sizing activity, where requirements and
expectations should be discussed and agreed between all parties.
The improvements that can be made through regular tuning may not be significant.
However, if a service or application has been badly designed or implemented, a large
performance gain may be possible.
Also Demand Management is often constrained by the requirement for constant online
access to corporate information. It is not always easy or possible to reschedule the use of

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

services to quieter off-peak periods. For example, it would be difficult for an Internet site
selling flowers to influence the demand for flowers on or around St Valentine's Day!
Vendor influence
Where budget and sales target deadlines coincide, it is not uncommon to be offered what
seems to be the deal of a lifetime, such as “purchase sufficient capacity for today and
tomorrow at yesterday’s prices”. On face value, cost efficiencies can be realized; however,
before purchasing, remember:
• The pace of change is rapid: today's special offer is often tomorrow's end-of-line
product
• Technological advancement: tomorrow's technology will perform faster and have more
built-in capacity than today's technology
• The overall reducing cost of technology: today's performance and capacity will always
be cheaper tomorrow and considerably cheaper in six months’ time.
Manufacturers’ quoted performance figures are often not achievable within a production
environment. Care should be taken when negotiating with vendors for additional
performance. Where possible, performance figures should be verified before purchase
through reference site visits and by simulation testing where appropriate.
Lack of information
Time-to-market pressures are placing ever-increasing demands, and as a result business
planning cycles are shorter. This is not an excuse, but a statement of fact about the
environment within which Capacity Management must function. Traditionally, it has always
been difficult to obtain accurate business forecasts, in order to predict increases and
decreases in demand for IT capacity.
However, even the best business planning function cannot always accurately predict
demand. There have been numerous recent examples of unprecedented and unpredicted
consumer demand for either the latest product or the latest information. Internet sites that
are suddenly popular are good examples of consumer demand far outstripping supply and
causing failed or drastically delayed delivery of information or products. The Internet is a
prime example where consumers literally “at the click of a button” are lost forever as they
go elsewhere to receive a service, never again to return to a temporarily unavailable or
slow site.
It is not possible to provide consistently high-quality service levels, cost-effectively, without
timely, accurate business planning information being made available. However, Capacity
Management can work effectively, even with crude business estimates. Also, it helps if the
Capacity Management process understands the business and can talk to the customer in
their language. The business is much more likely to know how many chocolate bars it is
going to sell than the amount of CPU seconds it uses in the process. The Capacity
Management process always improves over time.

11-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Capacity Management in a distributed environment


Capacity Management is often considered only as a requirement within the host
environment; the network and client environments are not always included as part of the
Capacity Management process.
Anecdote
A group of network managers were asked, “When is the first time you get involved in
capacity planning for new applications to be utilized across the network?” Unfortunately,
the most common answer was, “Usually during the first week of live running, when users
complain about poor performance”. Another common answer was “During customer
acceptance testing, when the application is being tested by users just before transition to
live running”.
However, when also asked, “If you had been involved from the outset, when the new
application was just a customer requirement, could you have provided accurate figures on
spare network capacity within the target environment?”, only a handful were confident in
their ability to do so.
Result
There are a number of results and lessons to be learned from the above:
• The network is not within the scope of Capacity Management, but it should be.
• Huge potential exists for new applications to perform poorly or fail totally.
• Customer perception is that IT fails to deliver (again).
• Potential financial costs are incurred by the business due to application failure.
• Unpredicted and unbudgeted IT costs are incurred to resolve the performance
problems, which usually require to be addressed urgently and thus cost even more.
Level of monitoring to be implemented
Tools available today provide extremely comprehensive monitoring capabilities. It is
possible to monitor most aspects of most components in the IT infrastructure. However,
careful consideration should be given to the level of monitoring to be undertaken, and the
decision should be based upon:
• Business impact of component failure: can monitoring be justified on the basis of
potential impact of failure?
• Utilization volatility: is utilization subject to a steady growth or decline over time, or do
highly volatile changes in utilization occur?
• Ability to monitor components: can monitoring and reporting be automated?
• Cost of component monitoring and reporting: are costs greater than the potential use
that can be made of the data collected?

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Capacity Management
Best Practices

ƒ The Capacity Management process should be reviewed for effectiveness and


efficiency at regular intervals to ensure that:
– It is producing the required output at the required times for the appropriate
audience
– Its activities are cost-effective
ƒ Critical Success Factors
Success in Capacity Management is dependent on a number of factors:
– Accurate business forecasts
– Knowledge of IT strategy and plans, and that the plans are accurate
– An understanding of current and future technologies
– An ability to demonstrate cost-effectiveness
– Interaction with other effective Service Management processes
– An ability to plan and implement the appropriate IT capacity to match business
needs

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-13. Capacity Management: Best Practices SM251.0

Notes:

11-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Capacity Management
Summary

ƒ The goal of Capacity Management is to ensure that all the current and
future capacity and performance aspects of the business requirements
are provided in a timely and cost-effective manner.

ƒ Responsibilities: Business Capacity Management, Service Capacity


Management, Resource Capacity Management

ƒ Demand Management
ƒ Capacity Plan and Capacity Database (CDB)

““Good
Good Capacity
Capacity Management
Management ensures
ensures NO
NO SURPRISES!
SURPRISES!””

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 11-14. Capacity Management: Summary SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 11. Capacity Management 11-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

11-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 12. Financial Management for IT Services

What This Unit Is About


This unit is an introduction to Capacity Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 12
Financial Management

Content:

ƒ Financial Management – objectives and overview


ƒ Responsibilities and obligations
ƒ Important aspects
– Costs types
– IT accounting
– Interfaces to other service management processes
ƒ Benefits and risks
ƒ Best practices
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-1. Unit 12: Financial Management SM251.0

Notes:

12-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-2. Financial Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Mission Statement

Financial Management ensures that the IT organization is able to account fully on


the money spent on IT services, to attribute these costs to IT services delivered to
customers, and to assist management decisions on IT investment by providing
detailed business cases for changes to IT services.

The goal of IT Financial Management is also:

ƒ For internally (in-house) oriented IT service providers

– Monitoring of the usage of IT components and resources for supplying IT


services with regard to cost efficiency

ƒ For externally oriented IT service providers

– Recording of costs incurred, and details of how these relate to services


performed for the customer
– Support management decisions about IT investment by means of detailed
business cases.

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-3. Financial Management: Mission Statement SM251.0

Notes:

12-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Why Financial Management for IT Services (1)

Because you can provide the best service and nevertheless can go
bankrupt

Because there are minimal legal requirements for financial reporting

Because service providers should be business-oriented

Because of increasing economic pressure

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-4. Financial Management: Why Financial Management for IT Services (1) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Why Financial Management for IT Services (2)
IT Financial Management...

ƒ Supports the development of a solid investment strategy


ƒ Enables definitions of performance objectives
ƒ Enables the measurement of services performed
ƒ Makes it easier to prioritize resource deployment, and with it, optimized resource planning
ƒ Ensures solid, financially justified administration of the assets used in the organization
ƒ Supports management in their daily decision-making in order to plan risk reduction
ƒ Creates organizational prerequisites for performing cost-objective accounting

Cost-objective accounting enables...

ƒ Flexible determination of services which are to be defined. It is the basis for the business design of IT
services.
ƒ Determination of real IT service costs, enabling transparent, well-measured, content-related pricing
ƒ Reporting for planning and controlling
ƒ Reporting for financial accounting

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-5. Financial Management: Why Financial Management for IT Services (2) SM251.0

Notes:

12-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Tasks

ITITFinancial
Financial
Management
Management

Budgeting
IT Accounting Charging

Ensures that Provides sound


business provides Provides management business method of
sufficient funds to information on the balancing shape
run the IT services cost of providing IT and quantity of IT
it requires services supporting services with needs
business needs and resources of the
customers

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-6. Financial Management: Tasks SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Process

Cost analysis
Cost analysis external Charging
(accounting) Charging
Business IT IT operational (accounting)
Business IT IT operational
requirements plan (including
requirements plan (including
budgets)
budgets) internal Charging
Charging

Financial targets Costing Charging


models policies

Feedback of proposed charges to


businesses

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-7. Financial Management: Process SM251.0

Notes:
This slide looks at methods for an IT organization to predict and calculate the costs of
service, and discusses ways of estimating the proportion of costs that can be attributed to
each customer where an IT service is shared. This simple diagram is used as a basis for
the whole item.
In summary:
Budgeting enables an organization to:
• Predict the money required to run IT services for a given period
• Ensure that actual spend can be compared with predicted spend at any point
• Reduce the risk of overspending
• Ensure that revenues are available to cover predicted spend (where charging is in
place)
IT accounting enables an organization to:
• Account for the money spent in providing IT services

12-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty • Calculate the cost of providing IT services to both internal and external customers
• Perform cost-benefit or Return-on-Investment analyses
• Identify the cost of changes
Charging enables an organization to:
• Recover the costs of the IT services from the customers of the service
• Operate the IT organization as a business unit if required
• Influence user and customer behavior

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Process – Budgeting and Accounting Activities (mandatory)
To understand whether an IT organization is doing the best that it can and to demonstrate
this to its customers, it has to both understand the true cost of providing a service and
manage those costs professionally. To do this, it is usual to implement IT accounting and
budgeting processes, and often to implement charging processes as well.

Budgeting is the process of predicting and controlling the spending of money within the
organization, and consists of a periodic negotiation cycle to set budgets (usually annual) and the
day-to-day monitoring of the current budgets. Budgeting enables an organization to:
ƒ Predict the money required to run IT services for a given period
ƒ Ensure that actual spending can be compared with predicted spending at any point
ƒ Reduce the risk of overspending
ƒ Ensure that revenues are available to cover predicted spending (where charging is in place)

Accounting is the set of activities that enable the IT organization to account fully for the way its
money is spent. IT accounting enables an organization to:
ƒ Account for the money spent in providing IT services
ƒ Calculate the cost of providing IT services to both internal and external customers
ƒ Perform cost-benefit or return-on-Investment analyses
ƒ Identify the cost of changes

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-8. Financial Management: Process – Budgeting and Accounting Activities (mandatory) SM251.0

Notes:
The aim of budgeting is that the actual costs match the budget (predicted costs). This
budget is usually set by negotiations with the customers who are providing the funds
(although this sometimes happens at an unrefined level, where the business leaders agree
proportions of their revenue to be used to fund IT, based upon what IT have told them their
costs are). Good budgeting is essential to ensure that the money does not run out before
the period ends. Where shortfalls are likely to occur, the organization needs early warning
and accurate information to enable good decisions to best manage the situation.
Current leading practice is to use IT accounting to aid investment and renewal decisions,
and to identify inefficiencies or poor value, but to charge a fixed amount for an agreed
capacity (determined by the level of service agreed in the Service Level Agreements or
SLAs). In this case, IT Finance Management works with Service Level Management (they
may even be the same person) to ensure that the overall costs of running the agreed
services should not exceed the predicted costs. Charging is then often a matter of billing for
agreed periods at an agreed rate, for example 1/12 of each customer's IT budget each
calendar month. Additional charges are made for work above the agreed service levels
(such as office moves, major roll-out, unplanned hardware upgrade).

12-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Process – Charging (optional)

Charging has motivational aspects, considering the effects upon both the
provider and the customer of the service. The objective is to optimize the
behavior of both parties in achieving the organization's aims.

Charging enables an organization to:


ƒ Recover the costs of the IT services from the customers of the service
ƒ Operate the IT organization as a business unit if required
ƒ Achieve transparency for customers
ƒ Influence user and customer behavior
ƒ Achieve profit
– Use market strength (invisible hand)
– Deliver effective services in agreed quality and quantity

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-9. Financial Management: Process – Charging (optional) SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Cost Types
For producing a cost model, the suggested cost types are:
ƒ Hardware costs (CPU, disk storage, LANs, peripherals….)
ƒ Software costs (OS, applications, database, systems management….)
ƒ People costs (payroll costs, company cars, relocation costs, expenses, overtime,
consultancy)
ƒ Accommodation costs (offices, storage, secure areas, utilities)
ƒ External service costs (security, outsourced services,…)
ƒ Transfer costs (goods and services that are sold from one part of an organization
to another)
•• All
All costs
costs for
for services
services can
can be
be grouped
grouped intointo the
the cost
cost types
types listed.
listed.
•• Other types are possible; this is not a fixed rule.
Other types are possible; this is not a fixed rule.
•• Important:
Important: all
all major
major cost
cost elements
elements inin the
the current
current or
or proposed
proposed ITIT
budget are identified and then attributed to the customers
budget are identified and then attributed to the customers who who
“cause”
“cause” them.
them.

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-10. Financial Management: Cost Types SM251.0

Notes:
External service and transfer costs need further explanation. It is now common to buy in
services from external parties (external services) that are a mixture of cost types, for
example an outsourced service for providing an organization’s application development, or
the provision of a data center. It may be difficult to break down this cost (into each of the
first four categories), as it is likely to contain elements that are indivisible or that the
supplier will not wish to detail. It is easier and more usual to categorize this as an external
service cost.
Transfer costs are those that represent goods and services that are sold from one part of
an organization to another (often within a multinational or other large organization that has
a sophisticated internal accounting system). Transfer costs may be for:
• Hardware (an IT organization buying PCs on behalf of a business customer)
• Software (the corporate finance department producing control mechanisms for IT to
manage their costs)
• People (the HR overhead levied by the corporate HR department)
• Accommodation (a charge made by the Facilities Management department)

12-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Transfer costs should be visible in the cost model, because people may forget that internal
goods and services represent a cost to the organization and are part of the cost of
providing service. Hence, a false figure may be reached when assessing costs if a service
is dependent upon activity from another part of the organization but this cost is excluded
from calculations. Some organizations will insist on these transfer costs being accounted
for in each part of the organization, while others might only use them when modeling costs,
and no money will actually pass across the organization. In this publication, it is assumed
that it is not necessary to separately identify transfer costs in the cost model examples.

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Cost Classification
Capital Costs Operational Costs
are the purchase or major enhancement of fixed are those resulting from the day-to-day running
assets, for example computer equipment, of the IT Services organization, such as staff
building, and plant, often also referred to as costs, hardware maintenance and electricity,
“one-off” costs. and relate to repeating payments whose effects
can be measured within a short timeframe,
usually less than the 12-month financial year.

Direct Costs Indirect Costs (sometimes called


those clearly attributable to a single customer, overheads) are those incurred on behalf of all,
such as manufacturing systems used only by or a number of, customers, such as the network
the Manufacturing division. or technical support department, which have to
be apportioned to all, or a number of, customers
in a fair manner.

Fixed Costs Variable Costs


Costs that do not vary even when resource are those that vary with some factor, such as
usage varies. Examples of this would be a usage or time.
maintenance contract for a server or a corporate
software licence (within agreed user limits).

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-11. Financial Management: Cost Classification SM251.0

Notes:
The cost-by-customer cost model requires that all major cost elements in the current or
proposed IT budget be identified and then attributed to the customers who “cause” them.
To do this, the costs first have to be identified as either direct or indirect:
Direct costs are those clearly attributable to a single customer, such as manufacturing
systems used only by the Manufacturing division.
Indirect costs (sometimes called overheads) are those incurred on behalf of all, or a
number of, customers, such as the network or the technical support department, which has
to be apportioned to all, or a number of, customers in a fair manner.
Any indirect costs (sometimes called unabsorbed overheads) which cannot be apportioned
to a set of customers have then to be recovered from all customers in as fair a way as
possible, usually by uplifting the costs calculated so far by a set amount. This ensures that
the sum of all of the costs attributed to each customer still equals the total costs incurred by
the IT organization; this is referred to as the “balance check”. This “balance check” can be
applied to costs divided in other ways, such as by service or location; the sum of the parts
should always equal the whole.

12-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty If the cost model is being produced for the first time, the categories and cost elements for it
need to be developed first, to a level of detail that meets the needs of IT accounting and of
any charging to be performed. Hence an understanding of charging policies is necessary
when the cost model is drawn up.
If costs are mainly direct, perhaps because each customer has independent hardware and
software, the method of recording and of apportioning costs can be very simple. For
example, if Finance are the only customers of the general ledgers and the system on which
they run, all costs directly associated with the general ledgers, including purchase,
maintenance, and support, can be attributed to the Finance department's code in the
ledgers (often called a cost center or a charge code).
However, if resources are shared, for instance a mainframe is running applications for
more than one customer, the hardware costs may have to be classified as indirect and
apportioned to each customer, say by CPU seconds, disk storage, print volumes, and so
on, from workload predictions. To do this requires a model that allows these costs to be
spread across a number of customers.
For finance purposes, costs are classified into either capital or operational when the
financial ledgers are reported (the “books”). This is because capital expenditure is
assumed to increase the total value of the company, while operational expenditure does
not, although in practice the value of capital expenditure decreases over time
(depreciates).
This distinction affects IT accounting, because the cost model needs a method of
calculating the annual cost of using a capital item (such as a mainframe) to deliver an IT
service. The annual costs must make allowance for the decreasing value of capital items
(assets), and make for timely renewal of capital items, such as buildings, servers, and
applications. Usually, this is taken as the annual depreciation, from a method set by the
Finance department (within the boundaries of the country's laws).
Capital costs are typically those applying to the physical (substantial) assets of the
organization. Traditionally this was the accommodation and machinery necessary to
produce the organization’s product. Capital costs are the purchase or major enhancement
of fixed assets; for example, computer equipment, building, and plant are often also
referred to as “one-off” costs. It is important to remember that it is not usually the actual
cost of items purchased during the year that is included in the calculation of the cost of the
services, but the annualized depreciation for the year.
Operational costs are those resulting from the day-to-day running of the IT services
organization, such as staff costs, hardware maintenance, and electricity, and relate to
repeating payments whose effects can be measured within a short timeframe, usually less
than the 12-month financial year.
Fixed or Variable
Costs that do not vary even when resource usage varies are referred to as fixed costs.
Examples of this would be a maintenance contract for a server, or a corporate software
license (within agreed user limits).

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Variable costs are those that vary with some factor, such as usage or time. They are likely
to be used for cost elements which cannot be easily predicted, and for which it is to the
benefit of both supplier and customer to determine the costs exactly, perhaps for variable
charges to be applied. Examples of charges that might vary, because the underlying cost
varies, are out-of-hours cover, major equipment relocation, and the production of additional
quarterly reports.
A cost element such as file store may be considered to be variable. If a customer requires
an additional 10 GB, it may be possible to calculate that the cost of this is £1000, and
hence that the cost per GB is £100. The danger of this approach is that there are often
sharp changes in costs because they cannot be continuously scaled: the next disk drive
may require another cabinet, or an additional process run on the server may cause
queuing problems resulting in all jobs taking longer to run.
It is sometimes necessary to view a cost as having a fixed element and a variable element,
for example, using file store at all requires disk controllers and bandwidth, causing a fixed
cost. The variable cost of additional disk drives can then be calculated and added to the
fixed portion. This level of detail is not usually needed in calculating the cost of a service,
but can be useful when evaluating competing technologies or services.

12-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Costs types – Example: Printing a report

Printing out a report:

ƒ Fixed direct costs


– Depreciation of the printer
ƒ Fixed indirect costs
– IT Management team, support team
ƒ Variable direct costs
– Paper consumed for printing
ƒ Variable indirect costs
– Printing another report on the same printer
– Ink cartridge

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-12. Financial Management: Costs types – Example: Printing a report SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Example of IT Accounting
Hardware Software Personnel Facility External services Transfer
Hardware Software Personnel Facility External services Transfer

Cost category calculation


Cost category calculation

Direct costs Cost centre accounting Indirect costs


(individual costs) Cost centers (overhead costs)

Cost centers
Overhead costs

Overhead costs extra charge

Cost objective calculation Calculation


Calculation
Revenue
- Individual costs Product (groups)
- Overhead costs
= accumulated
profit

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-13. Financial Management: Example of IT Accounting SM251.0

Notes:

12-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Links to other processes

ƒ Service Level Management: Cost of meeting customer SLA requirements


impacts shape and scope of services that are agreed. IT Finance manager
cooperates with Service Level manager about the costs meeting business
demands and charging policies influencing customer behavior. The more
variations to service levels, the larger the scope of charging, but the larger
the overheads of budgeting, IT accounting, and charging.

ƒ Capacity/Availability Management: Cost information can be used to


estimate cost of desired capacity or availability.

ƒ Configuration Management: Financial management requires asset and


cost information which can be provided through the CMDB.

ƒ Change Management: Influence of changes on cost.

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-14. Financial Management: Links to other processes SM251.0

Notes:
Financial Management for IT Services interacts with most IT service processes and has
particular dependencies upon and responsibilities to:
• Service Level Management - The SLA specifies customer expectations and IT
Services’ obligations. The cost of meeting the customer's requirements may have a
major impact on the shape and scope of the services that are eventually agreed. IT
Finance Management liaises with Service Level Management about the costs of
meeting current and new business demands, the charging policies for the organization,
their effects on customers, and how the policies are likely to influence customer and
user behavior. The more that the SLA allows individual customers to request variations
to service levels, the greater is the scope for (and potential benefits of) charging for IT
services, but also the greater the overheads of budgeting, IT accounting, and charging.
• Capacity Management - Cost information can be used to estimate the costs of the
desired capacity and availability of the system. In planning the capacity, it may be
necessary to discuss the costs with individual customers or the organization as a whole.

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Data that is collected so that costs can be determined may also be relevant to capacity
assessments, such as staff effort, machine usage.
• Configuration Management -Financial Management requires asset and cost
information that may be managed by large organization-wide systems. Configuration
Management is responsible for managing the data relating to assets (configuration
items) and their attributes (such as cost).

12-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Benefits
ƒ IT accounting supports the IT Service Manager
ƒ Statements about profitability of the individual IT services
ƒ Essential decisions about IT services and the required investments
ƒ Data for justifying IT expenditures
ƒ Essential planning and budgeting
ƒ Overview of costs, created by service failures, as a basis for expenditure
justification in strategy planning

ƒ Users can track costs of the services they have used

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-15. Financial Management: Benefits SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Risks

Potential problem areas:

ƒ New discipline, so limited understanding of leading practice in cost modeling and


charging mechanisms, leading to overly complex or ineffective systems
ƒ IT accounting relies on planning information provided by other functions within and
outside IT services management, and is sometimes difficult to obtain
ƒ Combination of IT skills and accountancy skills is rare
ƒ IS strategy and objectives are not clear, hence prediction of capacity requirement is
not accurate
ƒ Senior management may not realize benefits of IT accounting and charging
ƒ Resentment of administrative overhead and workload
ƒ Complex IT accounting and charging makes cost larger than value of information
provided
ƒ Monitoring tools providing resource usage are inaccurate or not cost-efficient

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-16. Financial Management: Risks SM251.0

Notes:
There are a number of possible problems in implementing IT accounting and charging:
• IT accounting and charging are often new disciplines in IT Services, and there is limited
understanding of leading practice in cost modelling and charging mechanisms, which
could lead to over-complex or ineffective systems.
• IT accounting relies on planning information provided by other processes both within
and outside IT Services Management which may not be routinely available, delaying the
project.
• Staff combining accountancy and IT experience are rare, so many activities may need
to be shared with staff from outside IT Services who may not have this as their priority.
• The IS strategies and objectives of an organization may not be well formulated and
documented, and prediction of capacity requirement may not be accurate.
• Senior business managers may not recognize the benefits of IT accounting and
charging, and may resent the administrative overheads and the limitations on workload.

12-22 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty • The IT organization may not be able to respond to changes in users' demands once
costs become an influence.
• The IT accounting and charging processes are so elaborate that the cost of the system
exceeds the value of the information produced.
• The monitoring tools providing resource usage information are inaccurate or irrelevant,
or cost too much to develop and maintain..

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Financial Management
Best Practices

ƒ Clear differentiation between accounting and charging

ƒ Connection with Availability Management, Capacity Management,


Configuration Management, and Change Management

ƒ Customer-specific charging

ƒ Financing, benchmarks, and investments are very important

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-17. Financial Management: Best Practices SM251.0

Notes:

12-24 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Financial Management
Summary

ƒ The goal of Financial Management is to provide cost-effective stewardship


of the IT assets and resources used in providing IT services

ƒ Responsibilities: Budgeting, accounting, charging

ƒ Cost classification (capital/operational, direct/indirect, fixed/variable)

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 12-18. Financial Management: Summary SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 12. Financial Management for IT Services 12-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

12-26 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 13. IT Service Continuity Management


(ITSCM)

What This Unit Is About


This unit is an introduction to Continuity Management, and its
relationship within IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 13
IT Service Continuity Management (ITSCM)

Content:

ƒ IT Service Continuity Management – objectives and overview


ƒ Responsibilities and obligations
ƒ Some definitions
ƒ Important aspects
– Business impact
– Risk analysis
– Service recovery
– Continuity plan
– Continuity plan testing and review
ƒ Benefits, risks, costs
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-1. Unit 13: IT Service Continuity Management (ITSCM) SM251.0

Notes:

13-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-2. ITSCM Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
Mission Statement
The mission for IT Service Continuity Management (ITSCM) is to support the overall Business
Continuity Management process by managing risks to ensure that IT services (including computer
systems, networks, applications, telecommunications, technical support, and service desks) can be
recovered within required, agreed-to business timescales.

ITIL Discipline Contingency Planning (disaster planning) was renamed to IT Service Continuity Management
(ITSCM), and is now part of Business Continuity Management.. The dependencies between business
processes and technology are now so intertwined that Contingency Planning (or Business Continuity
Management, as it is now sometimes termed) incorporates both a business element (Business Continuity
Planning) and a technology element (IT Service Continuity Management Planning).
Goal of ITSCM:
ƒ The goal for ITSCM is to support the overall Business Continuity Management process by ensuring
that the required IT technical and services facilities, including:
– computer systems
– networks
– applications
– telecommunications
– technical support and Service Desk
can be recovered within required, and agreed, business timescales.
ƒ

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-3. ITSCM: Mission Statement SM251.0

Notes:

13-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM
Why ITSCM

ƒ In today's highly competitive and service-oriented business environment,


organizations are judged on their ability to continue to operate and provide a
service at all times. ITSCM focus is to:
- Increase dependence on IT services and business protection
- Reduce cost and time effort for recovery
- Ensure survival

ƒ Continuity planning is therefore essential. ITSCM ensures that a business is


capable of recovering substantial services and their access in the event of a
disaster.

ƒ Many businesses do not survive the first year after an IT disaster!

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-4. ITSCM: Why ITSCM SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
Definitions: Business Continuity Management (BCS) and ITSCM

ƒ Business Continuity Management (BCM) is concerned with managing


risks to ensure that an organization can continue operating to at least a
predetermined minimum level. The BCM process involves:
– Reducing the risk to an acceptable level
– Planning for recovery of business processes should a disruption to the
business occur
ƒ IT Service Continuity Management (ITSCM) is a part of the overall BCM
process and is dependent on information derived from it. It focuses on the
continuity of IT services to the business. Before it is implemented, the
minimum business requirements must be determined.

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-5. ITSCM: Definitions: Business Continuity Management (BCS) and ITSCM SM251.0

Notes:

13-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM
Tasks

ITSCM
ITSCM

Taking
requirements Making, testing,
from BCM improving, and
maintaining a
continuity plan

Risk analysis
and risk
management

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-6. ITSCM: Tasks SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
Continuity Management Process

Initiate BCM Phase 1: Initiation

Business Impact Analysis Phase 2: Requirements and Strategy


Risk Assessment
Business Continuity Strategy
Organizational Phase 3: Implementation
and
Implementation
Planning

Implement Implement Risk


Develop Recovery
Standby Reduction
Rules
Arrangements Measures

Develop Procedures
Initial Testing

Education and Awareness Phase 4: Operational Management


Review and Audit
Testing
Change Management
Training
Assurance

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-7. ITSCM: Continuity Management Process SM251.0

Notes:
It is not possible to develop an effective ITSCM plan in isolation; it must fully support the
requirements of the business. This section considers the four stages of the Business
Continuity lifecycle, with particular emphasis on the IT aspects. A full understanding of the
Business Continuity process can be obtained through the OGC ITIL publications,
An Introduction to Business Continuity Management and A Guide to Business Continuity
Management.

13-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM
Risk of events that can cause disaster

Event
Event Percent
Percent
Theft
Theft 36%
36%
Virus
Virus 20%
20%
Hacking
Hacking 16%
16%
Hardware
Hardware // Communication
Communication 11%
11%
Environment
Environment 7%
7%
Software
Software 4%
4%
Fire
Fire // Flood
Flood // Force
Force Majeure
Majeure 3%
3%
Other
Other 3%
3%

Gartner Study 2001

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-8. ITSCM: Risk of events that can cause disaster SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
Some events that have caused problems

Below
Below is
is aa brief
brief list
list of
of high-profile
high-profile events
events that
that have
have caused
caused significant
significant problems
problems to
to
organizations
organizations over
over thethe years:
years:
ƒƒ Technical
Technical failure:
failure: London
London Stock
Stock Exchange
Exchange (2000)
(2000)
ƒƒ Poison
Poison gas:
gas: Tokyo
Tokyo Underground
Underground System,
System, Japan
Japan (March
(March 1995)
1995)
ƒƒ Power
Power Loss:
Loss: Auckland,
Auckland, New
New Zealand
Zealand (December
(December 1997)
1997)
•• in
in 2003
2003 alone:
alone: US/Canada,
US/Canada, Italy,
Italy, Sweden/Denmark
Sweden/Denmark
ƒƒ Earthquake:
Earthquake: Kobe,
Kobe, Japan
Japan (January,
(January, 1995),
1995), Los
Los Angeles,
Angeles, USA
USA (January
(January 1994)
1994)
ƒƒ Bombing
Bombing ::
–– World
World Trade
Trade Center,
Center, New
New York,
York, USA
USA (February
(February 1993)
1993)
–– Oklahoma
Oklahoma City, Oklahoma, USA (April 1995)
City, Oklahoma, USA (April 1995)
–– Docklands,
Docklands, London,
London, England
England (February
(February 1996)
1996)
–– Bishopsgate,
Bishopsgate, London,
London, England
England (April
(April 1993)
1993)
–– Manchester,
Manchester, England
England (June
(June 1996)
1996)
–– World
World Trade Center, New York, USA
Trade Center, New York, USA (September
(September 2001)
2001)
ƒƒ Flood:
Flood: Bangladesh
Bangladesh (July
(July 1996),
1996), Pakistan
Pakistan (August
(August 1996),
1996), Germany/Poland
Germany/Poland (2002)
(2002)
ƒƒ Web
Web site denial of service attacks, such as Yahoo (2000), Microsoft (2003), SCO
site denial of service attacks, such as Yahoo (2000), Microsoft (2003), SCO (2004)
(2004)

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-9. ITSCM: Some events that have caused problems SM251.0

Notes:

13-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM
Risk Analysis as part of BCM Requirements definition

Assets Threats Weaknesses

Risk analysis Risks


Risks
Risk management

Disaster
Countermeasures Damage Reduction Management

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-10. ITSCM: Risk Analysis as part of BCM Requirements definition SM251.0

Notes:
The second driver in determining ITSCM requirements is the likelihood that a disaster or
other serious service disruption will actually occur. This is an assessment of the level of
threat and the extent to which an organization is vulnerable to that threat.
The top section of the figure refers to the risk analysis: if an organization’s assets are
highly valued, and there is a high threat to those assets, and the vulnerability of those
assets to those threats is high, there would be a high risk. The bottom section of the figure
shows risk management, where countermeasures (proactive), damage reduction
(operation), and disaster management are applied to manage the business risks by
protecting the assets.

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
The continuity strategy involves the selection of recovery options
ƒ Manual workaround
– Can be an effective interim measure but mostly not to be used for more complex
business processes
ƒ Takeover by another organization with similar equipment (reciprocal)
– Arrangement with a another organization using similar technology
ƒ Gradual recovery (cold standby)
– Recovery of service about 72 hours
– Provision of empty accommodation is foreseen – New Installation
ƒ Intermediate recovery (warm standby)
– Recovery of service about 24 hours
– Disaster Recovery center for data recovery only
ƒ Immediate recovery (hot standby)
– For immediate restoration of service (seconds)
ƒ Using internal, external, fixed, portable, mobile centers
12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-11. ITSCM: The continuity strategy involves the selection of recovery options SM251.0

Notes:
Strategy: Recovery options
To be considered for:
• People and accommodation: alternative premises, location, and mobility of staff
• IT systems and networks: recovery of hardware, software, networks, and data used.
Relies on effective backups and good availability management
• Critical services: such as power, telecommunications, water
• Critical assets: such as paper records and reference material
It should take short-term and long-term recovery into account.
Options are:
• Do nothing: not a very good idea
• Manual workarounds: can be an effective interim measure but mostly not to be used
for more complex business processes

13-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty • Reciprocal arrangements with another organization using similar technology is a good
solution in a batch processing environment, but doesn't work in a distributed
environment
• Gradual recovery or cold-standby is good for an organization that can wait up to 72
hours for recovery of full IT services. Provision of empty accommodation is foreseen but
everything else has to be installed (computer equipment and restoration of data).
• Intermediate recovery or warm-standby for recovering IT services within 24 hours.
Typically this is through an equipped disaster recovery center where only data needs to
be recovered. Disadvantages are the distance and sharing with other customers.
• Immediate recovery or hot-standby is for immediate restoration of services, and is
mostly an extension of intermediate recovery, where exclusive access to systems is
provided. Also a mirroring service can be established with regular data transfers. Times
of recovery vary from a second to between 2 and 4 hours.

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
Continuity Plan Invocation

ƒ The invocation is the ultimate test of BCM and ITSCM plans.

ƒ The following should be known in case of emergency:


- Where the plans are located
- The most important actions and points of decision
- Contact information of the crisis management team

ƒ The plan should contain the following details:


- Where are the backup media?
- Where are the essential documentations, procedures, PC images, and so on?
- How should the technical staff be mobilized, and which staff?
- Contacting and alerting external suppliers (hardware; software if required).

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-12. ITSCM: Continuity Plan Invocation SM251.0

Notes:

13-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM
Test and Review

Testing of the continuity plan:


ƒ Should be conducted every 6 to 12 months and after every case of disaster
ƒ Should be conducted under realistic conditions

Review of and changes to the continuity plan:


ƒ Changes of the ITSCM plan due to change in the IT infrastructure
– Custom / Services / SLRs / Risks
– Dependencies / Assets / CIs / Personal
– Contracts / SLAs / Countermeasures / …
ƒ ALL critical and major changes should be approved by the Change Advisory
Board (CAB)

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-13. ITSCM: Test and Review SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
Benefits and Costs

Benefits Costs
ƒ Potential lower insurance premiums ƒ Cost of organization
ƒ Business relationship with the rest of ƒ Cost of implementation
the enterprise is fostered because IT ƒ Cost of HW to recover critical IT
organization is forced to get a better services
understanding of the business
ƒ Contracts for offsite storage, recovery
ƒ Positive marketing of contingency centers, recovery systems
capabilities. Effective ITSCM allows
organization to provide high service ƒ Cost of implementation of
levels and thus win business backup/recovery strategy taking
ITSCM into account
ƒ Organizational credibility is increased
towards customers, business partners, ƒ Cost of testing recovery plans
and stakeholders ƒ Cost of maintaining recovery plans
ƒ Competitive advantage over
organizations without it

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-14. ITSCM: Benefits and Costs SM251.0

Notes:
The advantages of ITSCM include:
• Potential lower insurance premiums: The IT organization can help the organization
demonstrate to underwriters or insurers that they are proactively managing down their
business risks. Therefore, the risk to the insurance organization is lower and the
premiums due should reflect this. Alternatively, the organization may feel comfortable in
reducing cover or self-insuring in certain areas as a result of limiting potential losses.
• Regulatory requirements: In some industries a recovery capability is becoming a
mandatory requirement (for example, regulators stipulate that financial organizations
have sufficient continuity and security controls to meet the business requirements).
Failure to demonstrate tested business and ITSCM facilities could result in heavy fines
or the loss of trading licenses. Within the service community, there is an obligation to
provide continuous services, such as hospitals, emergency services, and prisons.
• Business relationship: The requirement to work closely with the business to develop
and maintain a continuity capability fosters a much closer working relationship between

13-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IT and the business areas. This can assist in creating a better understanding of the
business requirements and the capability of IT to support those requirements.
• Positive marketing of contingency capabilities: Being able to demonstrate effective
ITSCM capabilities enables an organization to provide high service levels to clients and
customers and thus win business.
• Organizational credibility: There is a responsibility on the directors of organizations to
protect the shareholders' interest and those of their clients. Contingency facilities
increase an organization’s credibility and reputation with customers, business partners,
stakeholders, and industry peers. For example, the growth of call centers in many
organizations has meant that the need to maintain customer communications at all
times is vital to the ability to retain customer confidence and loyalty.
• Competitive advantage: Service organizations are increasingly being asked by
business partners, customers, and stakeholders to demonstrate their contingency
facilities, and may not be invited to tender for business unless they can demonstrate
appropriate recovery capabilities. In many cases this is a good incentive for customers
to continue a business relationship, and becomes a part of the competitive advantage
used to win or retain customers.

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

ITSCM
Risks

Potential problem areas:

ƒ No senior management commitment during implementation or ongoing phase


ƒ No personal resource for creating ITSCM plans
ƒ Testing of continuity plans only realistic in the live environment

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-15. ITSCM: Risks SM251.0

Notes:

13-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM
Summary

ƒ The mission of ITSCM is to support the Business Continuity Management process


by ensuring that the required IT technical and services facilities can be recovered
within required and agreed timescales

ƒ The dependencies between business processes and technology are now so


intertwined that Contingency Planning (or Business Continuity Management, as it
is now sometimes termed) incorporates both a business element (Business
Continuity Management) and a technology element (IT Service Continuity
Management).

ƒ Activities: risk analysis, continuity plan, review and test

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 13-16. ITSCM: Summary SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 13. IT Service Continuity Management (ITSCM) 13-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

13-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty Unit 14. Security Management

What This Unit Is About


This unit is an introduction to Security Management, and how it relates
with all other IT Services.

What You Should Be Able to Do


After completing this unit, you should be able to think about the
mission of this service, and understand its benefits within the ITIL
framework.

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Unit 14
Security Management

Content:

ƒ Security Management – objectives and overview


ƒ Definition: CIA, security incident
ƒ Responsibilities and obligations
ƒ Important aspects
– Security measures
ƒ Benefits and costs
ƒ Summary

2 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-1. Unit 14: Security Management SM251.0

Notes:

14-2 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

ITSCM Management
Integration into the IPW Model

Source: IPW Model is a trade mark of Quint Wellington and KPN Telecoms

3 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-2. ITSCM Management: Integration into the IPW Model SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Mission Statement

Security Management is the process of managing a defined level of


security on information and IT services, including managing the responses
to security incidents.
The goal of Security Management is to counter risks of threats to one of the most
important assets for business: the information.

Information is threatened in many ways:


ƒ Confidentiality
ƒ Integrity / Accuracy
ƒ Availability / Accessibility
CC –– Confidentiality
Confidentiality
II –– Integrity
Integrity
AA –– Availability
Availability

4 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-3. Security Management: Mission Statement SM251.0

Notes:
IT Security Management is the process of managing a defined level of security for
information, IT services, and infrastructure. IT Security Management enables and ensures
that:
• Security controls are implemented and maintained to address changing circumstances,
such as changed business and IT service requirements, IT architecture elements,
threats, and so on
• Security incidents are managed
• Audit results show the adequacy of security controls and measures taken
• Reports are produced to show the status of information security.
IT Security Management needs to be part of every IT manager's job description.
Management is responsible for taking appropriate steps to reduce to acceptable levels the
chances of a security incident occurring. This is the process of risk assessment and
management.

14-4 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Definitions: CIA
Security Management should protect the value of the information.

Confidentiality
ƒ Protecting sensitive information from unauthorized disclosure or intelligible
interception

Integrity
ƒ Safeguarding the accuracy and completeness of information and software

Availability
ƒ Ensuring that information and vital IT services are available and accessible when
required

5 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-4. Security Management: Definitions: CIA SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Why Security Management?

ƒ Information is the most important production factor of the world


ƒ Threat to information = threat to the organization‘s productivity
ƒ Security Management gets increasingly important, because...
– Public networks (Internet) are increasingly used
– Internal networks are opened to customers and business partners
– Internet usability is increasingly extended (e-commerce, online banking)
– Processes are controlled via networks

6 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-5. Security Management: Why Security Management? SM251.0

Notes:

14-6 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Information Security Incident

Information Security Incidents are incidents at which


ƒ the confidentiality
ƒ the integrity
ƒ or the availability
of the information is threatened.

Information security incidents


ƒ can accidentally occur,
ƒ or can be intentionally caused.

7 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-6. Security Management: Information Security Incident SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Security Measures

Security measures make it possible to reduce or eliminate


the risks associated with information. Security measures
only add value when used harmoniously.

Security organization The


The security
security organization
organization has has to
to
ƒ With clear responsibilities and tasks establish and maintain a
establish and maintain a properproper
balance
balance between
between the the level
level of
of security
security
ƒ Policies, codes of conduct, or both
and
and the
the ability
ability to
to use
use the
the service.
service.
Physical security measures
ƒ Physical separation of the computer room
Technical security measures
ƒ Security in a computer system or network
Procedural security measures
ƒ How the staff are required to act in particular cases
ƒ Work instructions

8 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-7. Security Management: Security Measures SM251.0

Notes:
Corporate executive management is accountable to stakeholders and shareholders for
security, and is responsible for defining the corporate security policy. IT Security
Management is governed by that policy. The existence of the policy registers and
reinforces the corporate decision to invest in the security of information and information
processing. It provides management with guidelines and direction regarding the relative
importance of various aspects of the organization, and of what is allowable and what is not,
in the use of ICT systems and data.

14-8 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Process

Customer

Report SLA

Maintain Plan

Control

Evaluate
Implement

9 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-8. Security Management: Process SM251.0

Notes:
This slide illustrates the information security process as seen by the business. It covers all
stages, from policy setting and initial risk assessment, through planning, implementation
and operation, to evaluation and audit. The level of security required are defined after the
customer or the business security requirements.
The slide provides an overview of the ITIL IT Security Management Process. The process
shows the complete route, from the collection of a customer's requirements, through
planning, implementation, evaluation and maintenance – under a framework of control –
with regular status reporting to the customer closing the loop.

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Process- Input from Customer

Customer

Defines its
security Report SLA
requirements
based on its
business Maintain Plan
requirements

Control

Evaluate
Implement

10 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-9. Security Management: Process- Input from Customer SM251.0

Notes:

14-10 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Process – Control

Customer

Report SLA

• Define processes,
functions, roles, Maintain Plan
responsibilities
• Organization
structure between
Control
sub-processes
• Reporting
structure/line of
command Evaluate
Implement

11 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-10. Security Management: Process – Control SM251.0

Notes:
Processes, functions, roles, and allocation of responsibilities have to be defined within the
sub-processes.
• The organization structure between these
• The reporting structure or line of command
• The way the security plans are established
• The process through which these are implemented
• The way in which the implementation is evaluated
• The process through which the results of these evaluations are used for the
maintenance of security plans and the implementation thereof
• The reporting structure to the customer

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Process – SLA

Customer
Report

Report SLA

The section
Maintain Plan security in SLA
is negotiated
between
Control customer and
service provider

Evaluate
Implement

12 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-11. Security Management: Process – SLA SM251.0

Notes:

14-12 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Process – Plan

Customer

Report SLA

Maintain Plan • SLA


• Underpinning
contracts
• OLA
Control
• Policy statement

Evaluate
Implement

13 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-12. Security Management: Process – Plan SM251.0

Notes:
The Plan activity includes the way the security section of the SLA is established as well as
the underpinning contracts.
The generic security requirements in the SLA are refined in Operational Level Agreements
(OLAs). These define support requirements internally.
The Plan activities may also use policy statements for the IT service providers to which
they have to comply.

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Process – Implement

Customer

Report SLA
• Maintaining
awareness
Maintain Plan - Security works only if
discipline and
motivation
• Security incident
Control
handling
responsiveness
• Security incident
Evaluate registration
Implement - measurement
- classification
- and reporting

14 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-13. Security Management: Process – Implement SM251.0

Notes:

14-14 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Process – Evaluate

Customer

Report SLA

Maintain Plan

Avoid the
atmosphere of
Control
phantom security
• Internal audits
• External audits
• Self-assessments Evaluate
• Security incident Implement
evaluation

15 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-14. Security Management: Process – Evaluate SM251.0

Notes:
Three types of evaluation:
• Internal audits
• External audits
• Self-assessments
Evaluation results are used to determine or refine measures taken.
Evaluation also assesses standards and policies.
• Can result in RFCs
• Blindly trusting security measures installed long ago will create an atmosphere of
phantom security.

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Process – Maintain

Customer

Report SLA

Maintain Plan
• Collect experiences,
lessons learned
• Improvements will Control
be considered for
the next round of
- planning
- implementation Evaluate
Implement

16 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-15. Security Management: Process – Maintain SM251.0

Notes:
It is important to keep security measures up to date, as the threats on the infrastructure,
organization, and processes are changing constantly.
Maintenance is based on:
• The results of the periodic reviews
• Insight into the changing risk picture
• Changes in the input material (including SLAs)

14-16 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Process – Report

Customer

Report SLA
• Show conformity
with SLA
• Management Maintain Plan
without
information is
impossible Control

Evaluate
Implement

17 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-16. Security Management: Process – Report SM251.0

Notes:
One of the major reasons why information security has been neglected for so long is the
absence of historical records.
Generally no one has any idea of what kind of security incidents have troubled the
organization in the past.
• Ignorance
• Not exposing the dirty linen
Management needs to be aware of the efficiency of the resources spent on security
measures and the effectiveness of the measures.

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Level of measures

Threat How could the security incident happen?


Prevent
Reduction
Security Detection
Incident
Repression

Damage
Correction
How can it be avoided in the future?
Recovery

Evaluation

18 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-17. Security Management: Level of measures SM251.0

Notes:

14-18 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1
Student Notebook

Uempty IBM Global Services

Security Management
Benefits and Costs

Benefits Costs
ƒ Can only be qualified with difficulty ƒ Provision of information and training
(depends on staff mentality)
ƒ The costs are nevertheless clear if
security is not sufficient ƒ Staff, hardware, software

19 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-18. Security Management: Benefits and Costs SM251.0

Notes:

© Copyright IBM Corp. 2004 Unit 14. Security Management 14-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Global Services

Security Management
Summary

ƒ Security Management is responsible for managing and improving a


defined level of security on information and IT services.
ƒ Information Security Incidents are incidents at which
– the confidentiality
– the integrity
– or the availability
of the information is threatened.

ƒ Activities: plan, implement, evaluate, maintain

20 ITIL Foundation Course | Student material v1.0 © 2004 IBM Corporation

Figure 14-19. Security Management: Summary SM251.0

Notes:

14-20 ITIL Foundation © Copyright IBM Corp. 2004


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V3.1.0.1

backpg
Back page
®