ITIL Foundations Certification Course

ITIL Foundations Certification Course
ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office. IT Infrastructure Library is a Registered Trade Mark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
3/31/2012
Page 1
Introduction
ITIL History What is ITIL? The ITIL Framework ITIL Certifications Benefits of ITIL Remember about ITIL
3/31/2012
Page 2
ITIL History
In the late 1980s, the British govt. asked the Central Computer and Telecommunications Agency (CCTA) to structure the IT organisations of the British government agencies.
This resulted in the IT Infrastructure Library, a library of books describing best practices in IT management, and a detailed approach for the implementation of these best practices.
The aims of the CCTA in developing the IT Infrastructure Library were: to facilitate the quality management of IT services. increase the efficiency with which the corporate objectives are met. to improve efficiency, increase effectiveness, and reduce risks. to provide codes of practice in support of total quality.
3/31/2012
Page 3
What is ITIL?
ITIL is a compilation of best practices in IT Service Management, developed by the OGC (Office of Govt. Commerce) and supported by publications, qualifications and an international user group. ITIL defines the organisational structure and skill requirements of an information technology organisation and a set of standard operational management procedures to allow the organisation to manage an IT operation and associated IT infrastructure. ITIL does not set in stone every action you should do on a day-to-day basis as that is something which differs from organisation to organisation. Instead, it allows the IT Infrastructure Library to be utilised within organisations with existing methods and activities in Service Management. IT Service Management is concerned with delivering and supporting IT services that are appropriate to the business requirements of the organisation.
3/31/2012
Page 4
The ITIL Framework

ITIL comprises of seven distinct books:
Service Support
describes the processes associated with the day-to day support and maintenance activities associated with the provision of IT services
Service Delivery
covers the processes required for the planning and delivery of quality IT services and looks at the longer term processes associate with improving the quality of IT services delivered
ICT (Information & Communications Technology) Infrastructure Management

covers all aspects of ICT Infrastructure Management from identification of business requirements through the tendering process, to the testing, installation, deployment, and ongoing operation and optimisation of the ICT components and IT services
3/31/2012
Page 5
The ITIL Framework

Planning to implement Service Management
examines the issues and tasks involved in planning, implementing and improving Service Management processes within an organisation. It also addresses the issues associated with addressing Cultural and Organisational Change, the development of a vision and strategy and the most appropriate method of approach.
Application Management
describes how to manage applications from the initial business need, through all stages in the application lifecycle, up to and including retirement. It places emphasis on ensuring that IT projects and strategies are tightly aligned with those of the business throughout the application lifecycle, to ensure that the business obtains best value from its investment.
3/31/2012
Page 6
The ITIL Framework

The Business Perspective
provides advice and guidance to help IT personnel to understand how they can contribute to the business objectives and how their roles and services can be better aligned and exploited to maximise that contribution
Security Management
details the process of planning and managing a defined level of security for information and IT services, including all aspects associated with reaction to security Incidents. It also includes the assessment and management of risks and vulnerabilities, and the implementation of cost justifiable countermeasures
3/31/2012
Page 7
3/31/2012
Page 8
ITIL Framework
Service Desk Configuration Management Incident Management Problem Management Change Management Release Management
Planning to implement service management
Service Level Management Availability Management Capacity Management Financial Management for IT Services IT Services Continuity Management
Guidance on integrating the business perspective into every aspect of service management
Service management
The business perspective
Service support
ICT Infrastructure management
Design and Plan Deployment Operations Technical Support
The technology The technology
The business
Service delivery
Software Asset Management
Security management
IT Infrastructure Security Management Security setup from the IT manager's point of view
Application management
What is the vision? Where are we now? Where do we want to be? How do we check our milestones? How do we keep momentum?
Organization & Roles Process Overview Tools & Technology Partners and SAM
Manage the Business Value Align Service Delivery with Business Strategy Drivers and Organizational Capability Application Lifecycle Management Organization Roles and Functions Control Methods and Techniques 3/31/2012 Page 9
ITIL Framework
( contd )
The two most commonly used disciplines are Service Support and Service Delivery Service Support comprises of : Service Desk Incident Management Problem Management Configuration Management Change Management Release Management
Service Delivery comprises of : Service Level Management Financial Management for IT Services Capacity Management Availability Management IT Service Continuity Management
3/31/2012
Page 10
3/31/2012
Page 11
Resolve incidents as they occur
Service Management
Service Delivery
Availability Problem Capacity Change ITSCM Define what services and service levels will be supported and delivered Release SLM Ensure the greed services are available at agreed levels Ensure agreed services have the required and agreed to capacity
Service Support
Incident Service Desk
Identify root causes of incidents and submit RFCs to remove them Single Point of Contact for users of IT Services Ensure standard methods and procedures are used from the RFCs to the PIR Manage major hardware and software releases as part of effective change management Manage technical information regarding the version, status, ownership and relationships among IT assets.
FMITS
Config
Ensure agreed-to services can recover after a disruption as a part of business continuity management
Budget, account and optionally charge for IT services
3/31/2012
Page 12
ITIL Certifications
ITIL accreditation demonstrates that an individual has met the standards in Service Management as set by an examination certification board comprising representatives of OGC, itSMF and the Examination Institutes
Official qualifications based on ITIL are currently offered by the following Examination Institutes :
ISEB (The Information Systems Examination Board), a wholly owned subsidiary of the British Computer Society EXIN (the European Examination Institute for Information Science) in the Netherlands
ITIL qualifications are recognised world-wide. Whether you passed your exam via ISEB or EXIN, the qualification is recognised by the industry
3/31/2012
Page 13
ITIL Certifications
(contd..)
Foundations Certificate
This is designed to provide a foundation level of knowledge in IT Service Management and is aimed at all personnel who wish to become familiar with the best practices for IT Service Management
Practitioners Certificate
This is aimed at those who are responsible within their organisation for designing specific processes within the IT Service Management discipline, and performing the activities that belong to those processes
Managers Certificate
This is aimed at those who need to demonstrate a capability for managing ITIL-based solutions across the breadth of the Service Management subjects.
3/31/2012
Page 14
ITIL Certifications
Foundations
Essential (2 days)
Practitioners (9 certificates)
Change Manager (5 days)
Service Level Manager (5 days)
1 hour Multiple choice

(Know list of Basic Concepts)
1 hour Multiple choice
Prerequisites form assessed by Examination Board In course assessment 3 hour examination (essay form)
Service Delivery (5 days) Service Support (5 days)
3 hour examination (essay form)
Service Manager
3/31/2012 Page 15
Benefits of ITIL
Adopting ITIL guidance can provide such benefits as: Continuous improvement in the delivery of quality IT services Reduced long term costs through improved Return On Investment through process improvement Demonstrable Value For Money to the business, the board and stakeholders, through greater efficiency Reduced risk of not meeting business objectives, through the delivery of rapidly recoverable, consistent services
Improved communication and better working relationships between IT and the business
The ability to absorb a higher rate of Change with an improved, measurable rate of success Processes and procedures that can be audited for compliance to best practice guidelines
3/31/2012
Page 16
Remember about ITIL ..

Remember : ITIL describes what needs to be done but NOT how it should be done ITIL does NOT define: Every role, job or organisation design Every tool, every other equipment, every required customisation Every process, procedure and task required to be implemented ITIL does NOT claim to be a comprehensive description of everything within IT, but it instead contains best practices that have observed and accepted in the industry
3/31/2012
Page 17
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 18
Service Support
3/31/2012
Page 19
The Service Support set

Service Desk
Single point of contact between service providers and Users, on a day-to-day basis
Focal point for reporting Incidents and making service requests

Keeps Users informed of service events, actions and opportunities that are likely to impact their ability to pursue their day-to-day activities
Incident Management
Restore normal service operations as quickly as possible Should interface closely with Problem Management, Change management and the Service Desk Incident priorities and escalation procedures need to be agreed as part of the Service Level Management process and documented in the SLAs
3/31/2012 Page 20

Problem Management
Prevent and minimize the adverse effect on the business of errors in the IT Infrastructure
Performs RCAs to establish the root causes of Problems

Requires the accurate and comprehensive recording of Incidents in order to identify effectively and efficiently the cause of the Incidents and trends Liaises closely with Availability Management process to identify these trends and instigate remedial action
Change Management
Ensure standardized methods and procedures are used for efficient, prompt and authorized handling of all changes in the IT Infrastructure
Close relationship with Configuration Management and Release Management

3/31/2012 Page 21

Release Management
Ensure that all technical and non-technical aspects of a release are dealt with in a coordinated approach
Actual implementers of Changes

Responsible for secure and managed rollout of Changes
Configuration Management
Provide a logical model of the IT Infrastructure by identifying, controlling, maintaining and verifying the versions of all Configuration Items (CIs)
Stores information in the CMDB of what CIs available, where are they available and how are they inter-connected
3/31/2012
Page 22
Service Support
3/31/2012
Page 23
Service Desk
Service Desk acts as the Single Point of Contact (SPOC) between the users and the IT Services Organization
ITIL defines customers and users : Customers : People (generally senior managers) who commission, pay for and own the IT Services, sometimes referred to as "the business" Users : People who use the services on a day-to-day basis
3/31/2012
Page 24
Service Desk
(contd..)
The primary functions of the Service Desk are : Incident Control : life cycle management of all Service Requests Communication : keeping the customer informed of progress and advising on workarounds It handles all incoming calls and only directs them through to the second or third tier support when necessary : for the customer, the advantage is that they dont have to ring around searching for the right person to solve their problem for IT personnel, it means that they only have to deal with issues that are related to their skills or area of responsibility
Note:- The Service Desk is not a process - it is a FUNCTION
3/31/2012
Page 25
Service Desk
- Types
The Service Desk function is known under various names :

Call Centre
main emphasis on professionally handling large call volumes of telephonebased transactions
HelpDesk
manage, co-ordinate and resolve incidents as quickly as possible
Service Desk
not only handles incidents, problems and questions but also provides an interface for other activities such as change requests, maintenance contracts, software licenses, Service Level Management, Configuration Management, Availability Management, Financial Management and IT Services Continuity Management
3/31/2012 Page 26
Service Desk
- Types
Many Call Centres and HelpDesks naturally evolve into Service Desks to improve and extend overall service to the Customers and the Business All three functions share common characteristics : they represent the service provider to the Customer and the User (internal or external) they operate on the principle that customer satisfaction and perception is critical they depend on blending people, processes and technology to deliver a service
3/31/2012
Page 27
Service Desk
- Structures
The three types of structure that can be considered are : Local Service Desk
to meet local business needs - is practical only until multiple locations requiring support services are involved
Central Service Desk

for organisations having multiple locations - reduces operational costs and improves usage of available resources
Virtual Service Desk

for organisations having multi-country locations - can be situated and accessed from anywhere in the world due to advances in network performance and telecommunications reduces operational costs and improves usage of available resources
3/31/2012
Page 28
Service Desk
- Local
3/31/2012
Page 29
Service Desk
- Central
3/31/2012
Page 30
Service Desk
- Virtual
3/31/2012
Page 31
Service Desk
- Functions
The common Service Desk functions include : receiving calls and first-line customer liaison recording and tracking incidents and complaints keeping customers informed on request status and progress making an initial assessment of requests, attempting to resolve them or refer them to someone who can, based on agreed service levels managing the request life-cycle, including closure and verification communicating planned and short-term changes of service levels to customers coordinating second-line and third party support groups providing management information and suggestions for service improvement identifying or contributing to problem identification highlighting Customer training and education needs closing incidents after confirmation with the Customer
3/31/2012
Page 32
Service Desk
Customer-focused
- Staff Profile
A Service Desk staff member should be : articulate and methodical trained in interpersonal skills multilingual (if required) able to understand the businesss objectives able to understand and accept that: the Customers Problem affects the business without the Customer there is no support department the Customer is an expert in their own field genuinely wanting to deliver a first-class service
3/31/2012
Page 33
Service Desk
- Benefits
A Service Desk benefits an organisation by : improved customer service, perception and satisfaction increased accessibility through a single point of contact, communication, and information. better quality and speedier turnaround of customer requests improved teamwork and communication enhanced focus and a proactive approach to service provision reduced negative business impact better managed infrastructure and improved control improved usage of IT support resources and increased productivity of business personnel more meaningful management information for decision support
3/31/2012
Page 34
Service Desk
- Critical Success Factors
To introduce and maintain a successful Service Desk, it is essential that: business needs and requirements are understood Customer requirements are understood
investment is made in training for customers, support teams and Service Desk staff
service objectives, goals and deliverables are clearly defined service levels are practical, agreed and regularly reviewed
3/31/2012
Page 35
Service Support
3/31/2012
Page 36
Incident Management
An Incident is defined as any event which is not part of the standard operation of a service and which causes or may cause, an interruption to, or a reduction in, the quality of that service The primary goal of Incident Management is to restore normal service operations as quickly as possible with the least possible impact on business operations, at a cost-effective price, thus ensuring that the optimum levels of service quality and availability are maintained In lay-man terms, Incident Management is similar to fire-fighting Inputs for Incident Management mostly come from users (through the Service Desk), but can have other sources as well like Automatic Detection Systems or Release Management
3/31/2012
Page 37
3/31/2012
Page 38
Incident Management
Functions
3/31/2012
Page 39
Incident Management
Incident detection and recording Classification and initial support
- Functions
The primary functions of Incident Management are :
Investigation and diagnosis

Resolution and recovery Incident closure Incident ownership, monitoring, tracking and communication
3/31/2012
Page 40
Incident Management
- Functions
Incident detection and recording Inputs

Incident details from Service Desk or event management systems
Actions
record basic details of the Incident alert specialist support group(s) as necessary start procedures for handling the service request
Outputs
updated details of Incidents the recognition of any errors on the CMDB notice to Customers when an Incident has been resolved
3/31/2012
Page 41
Incident Management
Inputs
- Functions
Classification and initial support

recorded Incident details configuration details from the CMDB response from Incident matching against Problems and Known Errors
Actions
matching against Known Errors and Problems informing Problem Management of the existence of new Problems and of unmatched or multiple Incidents assigning impact and urgency, and thereby defining priority providing initial support (assess Incident details, find quick resolution) closing the Incident/routing to a specialist support group, and informing User(s).
Outputs
RFC for Incident resolution updated Incident details, and
Work-arounds for Incidents, or Incident routed to second- or third-line support
3/31/2012 Page 42
Incident Management

- Incident Classification
Incident Classification is used to :

Specify the service with which the incident is related Associate with an SLA where appropriate Select/define the best specialist/group to handle the incident Identify the priority based upon the business impact & urgency Define what questions should be asked or information checked Identify a relationship to match against Known Errors or solutions
Typically classification consists of three parts: Categorisation Prioritising Matching
3/31/2012
Page 43
Incident Management
Categorisation Application
Service not available Application bug/query
Hardware
Automatic alert Printer not printing
Service Request
Password forgotten
Security Incident
Virus
3/31/2012
Page 44
Incident Management - Example coding system for

Incident classification
3/31/2012
Page 45
Incident Management
Prioritising
The priority with which Incidents need to be resolved and therefore the amount of effort put into the resolution of and recovery from Incidents, will depend upon : The impact on the business The urgency with which a resolution/work-around is needed The size, scope and complexity of the Incident The resources available for coping in the meantime and for correcting the fault
3/31/2012
Page 46
Incident Management
All incidents are categorised in order to establish appropriate priorities and resolution lead times To facilitate lead-times of incident resolution, accurate classification and sufficient registration is imperative The criteria to consider when assigning priority are: Impact : To what extent an incident results in a deviation from the normal service level; aspects are the number of users and the service concerned Urgency : To what extent the solution of an incident can be postponed
Priority = Impact x Urgency
3/31/2012
Page 47
Incident Management - Example of a priority coding

system
3/31/2012
Page 48
Incident Management
Matching
Matching is the process whereby the Incident details are compared to knowledge that is already present in the organisation. Successful matching could give access to proven resolution actions, which should require no further investigation effort.
3/31/2012
Page 49
3/31/2012
Page 50
Incident Management
Investigation and diagnosis Inputs
- Functions
updated Incident details configuration details from the CMDB
Actions
assessment of the Incident details, collection and analysis of all related information, and resolution (including any Work-around) or a route to n-line support
Outputs
Incident details yet further updated, and a specification of the selection or required Work-around
3/31/2012
Page 51
Incident Management
Resolution and recovery Inputs
- Functions
updated Incident details any response on an RFC to effect resolution for the Incident(s) any derived Work-around or solution
Actions
resolve the Incident using the solution/Work-around or, alternatively, to raise an RFC (including a check for resolution) take recovery actions
Outputs
RFC for future Incident resolution resolved Incident, including recovery details, updated Incident details
3/31/2012
Page 52
Incident Management
Incident closure Inputs
updated Incident details resolved Incident
- Functions
Actions
the confirmation of the resolution with the Customer or originator close category Incident
Outputs
updated Incident detail closed Incident record
3/31/2012
Page 53
Incident Management
- Functions
Ownership, monitoring, tracking and communication Inputs

Incident records
Actions
monitor Incidents escalate Incidents inform User
Outputs
management reports about Incident progress escalated Incident details; and Customer reports and communication
3/31/2012
Page 54
Incident Management
- Escalation
There are two levels of escalation possible: Transferring an Incident from first-line to second-line support groups or further is called Functional Escalation and primarily takes places because of lack of knowledge or expertise
Hierarchical Escalation can take place at any moment during the resolution process when it is likely that resolution of an Incident will not be in time or satisfactory
3/31/2012
Page 55
Incident Management
- Tasks
3/31/2012
Page 56
Incident Management
- Benefits
The benefits to be gained by implementing an Incident Management process are: For the business as a whole: reduced business impact of Incidents by timely resolution, thereby increasing effectiveness the proactive identification of beneficial system enhancements and amendments the availability of business-focused management information related to the SLA. For the IT organisation in particular: improved monitoring, allowing performance against SLAs to be accurately measured improved management information on aspects of service quality better staff utilisation, leading to greater efficiency elimination of lost or incorrect Incidents and service requests improved User and Customer satisfaction.
3/31/2012
Page 57
Incident Management - Critical Success Factors

The critical success factors for Incident Management are : A sound up-to-date CMDB really helps Create knowledge databases (KEDB) and make them easily accessible Use tools whenever appropriate Establish interfaces with other processes
3/31/2012
Page 58
Service Support
3/31/2012
Page 59
Problem Management
A problem is a condition identified from multiple incidents exhibiting common symptoms, or from a single significant incident, indicative of a single error, for which the cause is unknown.
The goal of Problem Management is to minimize the adverse impact of incidents and problems on the business caused by errors within the IT Infrastructure, and to prevent reoccurrence of incidents related to these errors.
While Incident Management focuses on quick resolution of incidents, Problem Management analyses the root cause of the incidents.
3/31/2012
Page 60
Problem Management
Problem Definition
(contd..)
Many criteria can be used to define a Problem including : A number of related incidents
Incident closed via work-around (temporary fix)

Major incident Information from third parties
3/31/2012
Page 61
Problem Management
Problem Management Terminology
Problem
(contd..)
The unknown root cause of one or more incidents (not necessarily or often solved at the time the incident is closed) Error A condition that exists after the successful diagnosis of the root cause of a Problem
Known Error
Error + solution and/or workaround has been found Known Error DataBase (KEDB) Repository of known errors for the benefit and utilisation of Incident Management
3/31/2012 Page 62
Problem Management
(contd..)
Problems can be identified from incidents. When a problem is defined, diagnosis takes place to find the root cause of the problem, and then a change request is entered to correct the problem
3/31/2012
Page 63
Problem Management
(contd..)
The "Funnel Effect" is shown below - multiple incidents are usually, after investigation, re-classified as a smaller number of problems, which are also reanalyzed and (usually) reclassified as yet a smaller number of known errors, which usually, after further investigation, end up resulting in a smaller number of RFCs
3/31/2012
Page 64
Problem Management (contd..)

The primary functions of Problem Management are : Problem Control: identifying the real underlying causes of incidents in order to prevent future reoccurrences
3/31/2012
Page 65
Problem Management
(contd..)
Error Control : the processes involved in successful correction of Known Errors. The objective is to change IT components to remove Known Errors affecting the IT infrastructure and thus to prevent any recurrences of incidents
3/31/2012
Page 66
Problem Management
(contd..)
Investigation and Diagnosis of Problems

The various methods include : Ishikawa diagrams
Kepner and Tregoe

Brainstorming sessions Voting Flowcharts Common sense
Deduction
3/31/2012
Page 67
Problem Management
(contd..)
Proactive Problem Management comprises of :

Trend Analysis Identifying fragile components of an IT Infrastructure and investigate the reasons for this fragility Targeting preventive actions Trend analysis can lead to the identification of faults in the IT Infrastructure which can then be analysed and corrected via Problem and Error Control Improving procedures Research other sources of knowledge about known errors
3/31/2012
Page 68
3/31/2012
Page 69
Problem Management
(contd..)
Known Error DataBase (KEDB) :

Problem Management reduces a Problem into an Error after it has successfully identified the root cause of the Problem. When a solution or a work-around is identified for this Error, it is transformed into a Known Error. The Known Error DataBase is a repository containing all these Known Errors. The KEDB is essentially for the utilisation of the Incident Management process and to prevent Incidents from becoming Problems
3/31/2012
Page 70
Known Error DataBase (KEDB) :
3/31/2012
Page 71
Problem Management
(contd..)
Incident v/s Problem Management :

While Incident Management focuses on quick resolution of incidents, Problem Management analyses the root cause of the incidents
3/31/2012
Page 72
Problem Management
(contd..)
Incident v/s Problem Management :
Incident Management is the basis for defining Problems and information from Problem Management is made available for Incident Matching.
The differences between Incident & Problem Management are : Objectives are different Different skills/expertise required Time is less of an issue within Problem Management Activities carried out are different
3/31/2012
Page 73
Problem Management
- Tasks
3/31/2012
Page 74
Problem Management
- Benefits
The benefits of Problem Management are : improved IT Service quality (by removing structural errors pro-actively) reduction in the number of incidents providing permanent solutions thereby resolved problems stay resolved improving the organisations knowledge by contributing known error data to the service desk / incident management / configuration management, etc.
3/31/2012
Page 75
Problem Management
- Critical success factors
The critical success factors for Problem Management are : Keep Incident Management and Problem Management separate Start with re-active Problem Management and then progress towards developing pro-active Problem Management Makes use of tools to detect possible trends Interface with Incident Management and Change Management
3/31/2012
Page 76
Service Support
3/31/2012
Page 77
Change Management
A change is an event that results in a new status of one or more configuration items (CI's)
3/31/2012
Page 78
Change Management
The goal of Change Management is to ensure that standardised methods and procedures are used for efficient handling of all Changes, in order to minimise the impact of Change-related incidents and to improve day-to-day operations.
The main aims of Change Management are : Minimal disruption of services Reduction in back-out activities Economic utilisation of resources involved in the change
3/31/2012
Page 79
Change Management
Change Management Terminology
Change
the addition, modification or removal of CIs

Request for Change (RFC) form used to record details of a request for a change and is sent as an input to Change Management by the Change Requestor Forward Schedule of Changes (FSC) schedule that contains details of all the forthcoming Changes
3/31/2012
Page 80
Change Management
Change Categories
(contd..)
Category 0 : Is executed without prior contact. Used for workarounds/ temporary fixes Category 1 : Little or no impact. Change Manager authorises this RFC Category 2 : Significant impact. CAB discussion needed. Change Manager requests advice on authorisation and planning Category 3 : Major impact. Considerable resources required. Senior Management need to be a part of the CAB.
Change Priorities
Urgent: change is required now, in order to achieve the service levels High: as soon as possible, otherwise risk to current or future production Normal: change solves serious mistakes or a lack in functionality
Low: change yields improvements that are not required by contract
3/31/2012
Page 81
Request for Change ( RFC)
3/31/2012
Page 82
Change Management
Request for Change ( RFC)
(contd..)
It is a formal document sent to Change Management by the Change Requestor requesting for a change. Every RFC runs through a number of stages before the change can be implemented
3/31/2012
Page 83
Change Management
Change Review
(contd..)
All implemented changes must be reviewed to establish whether: The change has had the desired effect and met its objectives There have been no unexpected or undesirable side-effects The resources used to implement the change were as planned
Change Advisory Board (CAB)

The CAB is an advisory board that reviews RFCs and determines and provides detail of likely impact CAB participants include : Customers/users affected by the change Representatives of Service Management areas Application development teams
3/31/2012 Page 84
Change Management
(contd..)
Change Advisory Board/ Executive Committee (CAB/EC)

The CAB/EC is responsible for authorising urgent changes The members vary depending on their involvement with the urgent change, and their availability at the time
What the CAB discusses :

Failed or backed-out Changes
Changes applied without reference to the CAB by Incident Management RFCs to be assessed by CAB Change reviews Change management process
3/31/2012
Page 85
Change Management
- CAB attendees
3/31/2012
Page 86
Change Management
Change Approval Process
(contd..)
Financial approval Indicates costs are within budgetary limits or cost-benefit criteria are met Technical approval Assurance that the Change is feasible, sensible and can be performed without serious interruptions to the business Customer approval To ensure that business managers are satisfied with the proposals and accept any impact to their requirements
3/31/2012
Page 87
Change Management
- Tasks
3/31/2012
Page 88
Change Management
- Benefits
The benefits of Change Management are : increased visibility and better communication of changes improved risk assessment of changes fewer backed-out or failed changes better productivity of Users (fewer disruptions) and IT Staff (duties clearly planned) ability to absorb large number of changes reduction in the number of incidents and problems caused by changes
3/31/2012
Page 89
Change Management - Critical success factors

The critical success factors for Change Management are : Be prepared for dealing with Urgent Changes Integrate with Configuration and Release Management Ensure management commitment is present and let them set the example Choose appropriate Project Management methodologies
3/31/2012
Page 90
Service Support
3/31/2012
Page 91
Release Management
Release Management undertakes the planning, design, build, configuration and testing of hardware and software to create a set of Release components for a live environment
Release Management takes a holistic view of a Change to an IT service and ensures that all aspects of a Release, both technical and non-technical, are considered
The input to the Release Management process comes from the Change Management process
3/31/2012
Page 92
Release Management
Release Categories
(contd..)
A Release consists of the new or changed software and/or hardware required to implement approved Changes
Releases are categorised as : Major software Releases and hardware upgrades, normally containing large areas of new functionality, some of which may make intervening fixes to Problems redundant. A major upgrade or Release usually supersedes all preceding minor upgrades, Releases and emergency fixes Minor software Releases and hardware upgrades, normally containing small enhancements and fixes, some of which may have already been issued as emergency fixes. A minor upgrade or Release usually supersedes all preceding emergency fixes Emergency software and hardware fixes, normally containing the corrections to a small number of known Problems
3/31/2012
Page 93
Release Management
(contd..)
Releases can be divided based on the release unit into : Delta Release : is a release of only that part of the software which has been changed. For ex: Security patches to plug bugs in a software Full Release : means that the entire software program will be release again. For ex : an entire version of an application Packaged Release : is a combination of many changes . For ex : an Operating System image containing the applications as well
3/31/2012
Page 94
Release Management
Release Policy
(contd..)
A Release policy should include : Release naming and numbering conventions A definition of major and minor Releases, plus a policy on issuing emergency fixes Frequency of Releases Expected deliverables for Releases (e.g. installation instructions and Release notes) Guidance as to how and where Releases should be documented (e.g. which tool to use and how) A policy on the production of back-out plans
3/31/2012
Page 95
Release Management
(contd..)
One of the main activities of Release Management is managing the Definitive Software Library (DSL) and the Definite Hardware Storage (DHS)
Definitive Software Library (DSL)

Secure compound in which the authorised versions of all software CIs are stored and protected. Includes copies of purchased software (along with the license documents) as well as the software developed on site
Definite Hardware Storage (DHS)

An area set aside for secure storage of hardware spares
3/31/2012
Page 96
Release Management
- Tasks
3/31/2012
Page 97
Release Management
greater success rate of changes consistency in the release process
- Benefits
The benefits of Release Management are :
less disruptions to services by synchronizing releases assurance that all CIs in use are of known quality and satisfy legal obligations controlling & safeguarding of CIs lower probability of illegal CIs easier detection of wrong & unauthorized versions
3/31/2012
Page 98
Release Management
The critical success factors for Release Management are : Align with Change and Configuration Management Create test environments that represent the live hardware and software environments as closely as possible
3/31/2012
Page 99
Service Support
3/31/2012
Page 100
Almost every Service Management process depends upon accurate IT infrastructure information. Configuration Management : Provides accurate information on configurations and their documentation to support all the other Service Management processes
Accounts for all the IT assets and configurations within the organisation
Verifies the configuration records against the infrastructure and corrects any exceptions Configuration Management v/s Asset Management Configuration Management revolves around the lifecycles of CIs and their relationships, whereas Asset Management is primarily concerned with the financial value of assets
3/31/2012
Page 101
(contd..)
A configuration item (CI) is a component of, or directly related, to the ITinfrastructure. CI's include: hardware, software, documentation, processes and procedures Examples of CIs : Personal computers, Network components, Service Level Agreements, Manuals, Applications, etc. Hierarchically subjected to (parent-child relation) Is part of (a processor is part of a PC) Interfaced with (a system is connected to a printer) Uses (a program uses a subroutine) Is a copy of (program is a copy of...) Is related to (attribute) (serial number, location, status)
Examples of the relationships between CIs :
3/31/2012
Page 102
Configuration Management DataBase (CMDB)

Details about CIs are stored in the Configuration Management DataBase (CMDB) from which queries about the IT Infrastructure can be answered The details of a CI that are mentioned in a CMDB include : Unique Identifier (service tag) Attributes (supplier, price) Status (ordered, testing, production, archived) History (past incidents, applied changes) Category (hardware, software) Relationship (is connected to, is a part of) The scope of the Configuration Management database is defined by the area of responsibility of the IT organization The level of detail is defined by the need for information of the IT management processes, the control of the information and the costs and benefits of a CMDB
3/31/2012
Page 103
Configuration Management DataBase (CMDB)
3/31/2012
Page 104
(contd..)
Configuration Management Database (CMDB)

Change Management interfaces with Configuration Management to obtain information about a CI and then provides input on what the status of the CIs will be after a change
Configuration Management will then update the CMDB to reflect the changed status of the CI
3/31/2012
Page 105
Configuration Management - Process
3/31/2012
Page 106
Planning
During the planning, define : Purpose, scope and objectives
(contd..)
Related policies and standards

Roles and responsibilities CI naming conventions CMDB design, including scope and key interfaces
3/31/2012
Page 107
Identification
The Identification activity addresses :
(contd..)
Configuration, structures and the selection of CIs
CI types and life-cycles

CI relationships Identification of software and document libraries Identification of configuration baselines Naming conventions
Labelling CIs
3/31/2012
Page 108
Control
The Control activity organises : Registration of new CIs and versions Updating of CI records
(contd..)
Archiving of CIs and their associated records Protection of the integrity of configurations Updating of the CMDB after periodic checking
3/31/2012
Page 109
Status Accounting
(contd..)
Status reports should be produced on a regular basis listing, for all CIs under Control, their current version and history.
Status Accounting reports can be used to establish baselines and enable Changes between baselines and Releases to be traceable.
3/31/2012
Page 110
Verification and Audit
(contd..)
Before acceptance into the environment, new Releases, builds, equipment and standards should be verified against the contracted or specified requirements. Physical configuration audits should be carried out to verify that the asbuilt configuration of a CI confirms to its as-planned configuration and its associated documents.
3/31/2012
Page 111
Configuration BaseLines
(contd..)
A BaseLine is the configuration of a product or system established at a specific point in time, which captures both the structure and the details of that product or system and enables that product or system to be re-built at a later date. Configuration BaseLines and approved Changes to those BaseLines together constitute the Currently Approved Configuration.
3/31/2012
Page 112
Interaction with other processes
3/31/2012
Page 113
Change Management
- Benefits
The benefits of Configuration Management are : helps to minimize the impact of changes provides accurate information on CIs improves security by controlling the versions of CIs in use facilitates adherence to legal obligations helps in financial & expenditure planning
3/31/2012
Page 114
Change Management
Critical success factors
The critical success factors for Configuration Management are : Select the appropriate tool at the start of the process Ensure no one bypasses Change Management Make use of Inventory Systems
3/31/2012
Page 115
Service Support
Incident Management
Problem Management
Change Management
Release Management
Identification
Detection & Recording
Problem Control
Accept & Classify Changes
Release Planning
Control
Classification & Initial Support
Error Control
Evaluate
Design, Build, Configure
Status Accounting
Investigation and Diagnosis
Proactive Prevention of Problems
Authorize & Schedule Changes
Test, Accept
Verification & Audit
Resolution & Recovery
Coordinate Implementation
Plan Roll Out
Closure
Monitor & Report
Communicate, Prepare, Train
Review & Close
Distribute & Install
3/31/2012
Page 116
3/31/2012
Page 117
Service Delivery
Capacity Management Availability Management Service Level Management IT Service Continuity Management Financial Management for IT Services
3/31/2012
Page 118
Service Delivery
3/31/2012
Page 119
The Service Delivery set

Capacity Management Ensure that capacity and performance aspects of the business requirements are provided timely and cost effectively
Availability Management
Optimize the capability of the IT Infrastructure and supporting organization to deliver a cost effective and sustained level of availability to satisfy business objectives
Service Level Management

Maintain and improve IT service quality through a constant cycle of agreeing, monitoring, reporting and reviewing IT service achievements
3/31/2012
Page 120
The Service Delivery set

IT Service Continuity Management
(contd..)
Ensuring that the required IT technical and service facilities can be recovered within the time scales required by Business Continuity Management
Financial Management for IT Services

Provide cost effective stewardship of IT assets and resources used in providing IT services
3/31/2012
Page 121
Service Delivery
3/31/2012
Page 122
Capacity Management
The objective of Capacity Management is to ensure the optimum use of IT resources for the performance agreed upon with the client
Capacity Management is needed to support the optimum and cost-effective provision of IT services by helping organizations to match their IT resources to the current and future demands of their business
The main tasks of Capacity Management are :
Match capacity and demand by increasing or managing available capacity

Ensure that existing capacity is used in an optimum manner
3/31/2012
Page 123
Capacity Management
(contd..)
The main types of Capacity Management are : Business Capacity Management

Trend, forecast, model, prototype and document future business requirements
Service Capacity Management

Monitor, analyse, tune and report on service performance, establish baselines and profiles of use service, manage demand for services
Resource Capacity Management

Monitor, analyse, tune and report on utilisation of components, establish baselines and profiles of use of components
3/31/2012
Page 124
3/31/2012
Page 125
Capacity Management
(contd..)
Capacity Management activities can be subdivided into planning and monitoring activities
3/31/2012
Page 126
3/31/2012
Page 127
Capacity Management
(contd..)
Demand Management (covers the management of users' demands for IT resources) Short-term: optimization Long-term: have an insight into future projects Workload Management (concerned with identifying and understanding the applications, their work patterns and peaks, and their use of hardware resources) Resource Management (storage management, assessment of new HW technology) Performance Management (measure, control and tuning of performance of components of the IT infrastructure)
Application Sizing (forecast for HW resources for new and changed applications)
3/31/2012 Page 128
Capacity Management

(contd..)
Modelling (trend analysis, estimation, simulation, analytic modeling) Capacity Planning (Capacity plan which details the current levels of resource utilisation and service performance, and forecasts the future requirements for resources)
3/31/2012
Page 129
Capacity Management
(contd..)
Capacity Management DataBase (CDB) Capacity Management collects data from a variety of hardware platforms and software applications that could be widely distributed and stores the data in a CDB. The components of a CDB include : service data from SLAs business data from the business plans and strategy technical data from the manufacturers specification of the hardware and software components financial data
3/31/2012
Page 130
Capacity Management
- Tasks
3/31/2012
Page 131
Capacity Management
- Benefits
The benefits of Capacity Management are : Reduced risk of performance problems and failure Cost savings Both achievable through: Planned buying Deferring expenditure until really needed (but in a controlled way) Matching capacity to business need Ensures that systems have sufficient capacity to run the applications required by the business for the foreseeable future
Provides information on current and planned resource utilization of individual components allowing decisions on which components to upgrade, when to do so, and how much it will cost.
3/31/2012
Page 132
Capacity Management
The critical success factors for Capacity Management are : Interface with Availability and Financial Management Ensure business expertise is available, especially for Business Capacity Management
3/31/2012
Page 133
Service Delivery
3/31/2012
Page 134
A service is available when the service has been provided for an agreed number of direct users, within a maximum response time, maintaining the agreed functionality
Availability Management is concerned with the planning, and ongoing management activities, needed to ensure that the reliability and availability levels, as specified in the SLAs, are achieved and maintained
The goal of Availability Management is to optimise the capability of the IT Infrastructure, services and the supporting organisation to deliver effective and sustained levels of availability that enable the business to satisfy the business objectives
3/31/2012
Page 135
Availability Management (contd..)

Availability Management Terminology Availability
The extent that a CI or an IT service is able to perform the expected functionality of the CI or IT service over a specified time period
Reliability Refers to the extent that an IT service is able to perform the expected functionality, over a certain period of time, under prescribed circumstances OR freedom from operational failure. Maintainability This indicates the ease of the maintenance of the IT service (preventative, inspective, corrective)
3/31/2012
Page 136
Availability Management (contd..)

Serviceability All relevant contractual conditions of external suppliers and third-party suppliers to maintain CIs
Resilience The ability of an IT service to function correctly in spite of the incorrect operation of one or more subsystems
3/31/2012
Page 137
3/31/2012
Page 138
3/31/2012
Page 139
Availability = Host * Network * Server * Workstation = 0.98 * 0.98 * 0.98 * 0.975 * 0.96 = 0.8809 Total Infrastructure Availability = 88.09%.
3/31/2012
Page 140
(contd..)
3/31/2012
Page 141
3/31/2012
Page 142
Un-Availability Costs Tangible costs
(contd..)
Lost user and IT staff productivity, lost revenue, overtime payments, wasted goods and material, fines and penalties
Intangible costs Loss of goodwill (customer dissatisfaction), loss of customers, loss of business opportunity (to sell, gain customers), damage to business reputation, loss of confidence, damage to staff morale
3/31/2012
Page 143
Calculating Un-Availability Costs Determine the Vital Business Function
(contd..)
Carry out CRAMM (Computer Risk Assessment Management Methodology)
3/31/2012
Page 144
- Tasks
3/31/2012
Page 145
- Benefits
The benefits of Availability Management are : IT services with an availability requirement are designed, implemented, and managed to consistently meet that target Improvement of capability of the IT infrastructure to attain the required levels of availability to support the critical business processes Improvement of customer satisfaction and recognition that availability is the prime IT deliverable Reduction in frequency and duration of incidents that impact IT availability Single point for availability is established within the IT organization (process owner) Levels of IT availability provided are cost-justified and support SLAs fully Shortcomings in provision of availability are recognized and coped with in a formal way Mindset moves from error correction to service enhancement: from reactive to proactive attitude
3/31/2012
Page 146
The critical success factors for Availability Management are :

Integrate with IT Service Continuity Management Understand the un-availability costs (both tangible and intangible costs)
3/31/2012
Page 147
Service Delivery
3/31/2012
Page 148

A Service Level Agreement (SLA) is a two-sided written agreement between an IT Service Provider and the IT Customer(s), defining the key service targets and responsibilities of both parties
Service Level Management is the process of negotiating, defining, contracting, monitoring and reviewing the levels of customer service, that are both required and cost effective
Service Level Management helps to develop a better relationship between the IT Organisation and its customers
3/31/2012
Page 149

Service Level Management aims to :
(contd..)
Strike a balance between customer requirements and service costs Identify customer requirements in terms of what customers want and what can be delivered Measurable service standards What you don't measure, you can't agree upon Enhance quality by implementing quality improvement programs What can be measured can be improved! Business relationship between customer and supplier
3/31/2012
Page 150

Service Level Management Contracts
(contd..)
The IT organization has several contracts: An SLA with customers, an OLA with an internal supplier and underpinning contracts with external suppliers
3/31/2012
Page 151

Functions of Service Level Management
(contd..)
As well as setting up and monitoring SLAs, maintaining underpinning contracts with suppliers and managing relationships with customers are also functions of SLM
3/31/2012
Page 152
(contd..)
Service Level Management consists of activities that are needed to set up a SLA, but also activities needed to see if the Service Levels are met
3/31/2012
Page 153

Balancing IT Service Supply & Demand
(contd..)
Important within a SLA is the balance between the demand for IT services and the supply of IT services
Demand and Supply for IT Services can be balanced by : Being aware of the business requirements Being aware of the IT possibilities (technical and economical) Alignment of expectations
3/31/2012 Page 154

(contd..)
Service Level Agreements consist of elements of the other Service Management processes Input from those processes is required for agreeing and monitoring Service Levels
3/31/2012
Page 155

SLA Details
(contd..)
3/31/2012
Page 156

Elements of an SLA
(contd..)
General Introduction : Parties, Signatures, Service Description Reporting & Reviewing : Content, Frequency Incentives & Penalties Support
Service Hours, Support, Change Procedures, Escalation

Delivery Availability, Reliability, Throughput, Transaction Response Time, Batch Turn-around Times, Contingency & Security, Charging
3/31/2012
Page 157

Service Level Reports (SLR)
Measured from the customers perspective
(contd..)
Data like reaction times, escalation times and support should be made measurable
Reports should be produced regularly Reports contain measuring values concerning the up-to-date supporting levels and the trend developments
3/31/2012
Page 158

Service Catalog
(contd..)
A Service Catalogue can be used to list the "normal" services provided by the IT organization whereas Service Level Agreements can be set up for "special" services
The Service Catalogue contains : Relevant characteristics of services Relevant information of the use of the services
3/31/2012
Page 159
- Tasks
3/31/2012
Page 160
- Benefits
The benefits of Service Level Management are : Improvement in IT service quality and reduction of service outages can lead to significant financial savings Satisfied customers and better customer relationship Clearer view between both parties on roles and responsibilities Specific targets that have to be achieved and that can be measured and reported Focusing of IT effort on what the business thinks is key IT and customers have consistent expectations on the level of service required Identification of weak areas that can be remedied subsequently SLM underpins supplier management and vice-versa IT services are designed to meet Service Level Requirements SLAs can be the basis for charging, and are the demonstration of what customers receive for their money.
3/31/2012
Page 161
The critical success factors for Service Level Management are : Service Level Management should not just be limited to SLAs Ensure buy-in from all other Service Management processes Create a definition of Service
3/31/2012
Page 162
Service Delivery
3/31/2012
Page 163

The objective of IT Service Continuity Planning is to restore IT services as quickly and as completely as possible after a disaster has taken place IT Service Continuity Management ensures that the required IT technical and services facilities (including computer systems, networks, applications, telecommunications, technical support and service desk) can be recovered within required, and agreed, business schedules. The reasons an organization should implement IT Service Continuity Management are : Avoid financial risks (insurance) Increased dependence on IT services; business protection Provides a competitive edge Legal requirements Customers demands
3/31/2012
Page 164
(contd..)
Business Continuity Management and IT Service Continuity Management Business Continuity Management (BCM) is concerned with managing risks to ensure that at all times an organization can continue operating to, at least, a predetermined minimum level. The BCM process involves reducing the risk to an acceptable level and planning for the recovery of business processes should a risk materialize and a disruption to the business occur. IT Service Continuity Management (ITSCM) must be a part of the overall BCM (Business Continuity Management) process and is dependent upon information derived through this process. ITSCM is focused on the continuity of IT Services to the business. BCM is concerned with the management of Business Continuity that incorporates all services upon which the business depends, one of which is IT.
3/31/2012
Page 165

IT Service Continuity Management activities include : Risk Analysis Risk Management Continuity Plan Creation Testing Improving Maintenance
(contd..)
Reporting
These activities are all engineered to provide IT Service continuity
3/31/2012
Page 166

The recovery options that can be used are : Do nothing !!! Insure for damage
(contd..)
Manual back-up procedures (on paper until IT is restored) Take-over by other organization with similar equipment (reciprocal) Fortress approach; disaster-proof Gradual recovery {cold standby} 72-48 hours Intermediate recovery {warm standby} 24-1 hours
Immediate recovery {hot standby} seconds

Using internal / external / fixed / portable / mobile centres
3/31/2012
Page 167

Risk Assessment
(contd..)
3/31/2012
Page 168

Contingency Plan
Contents Administration
(contd..)
IT infrastructure
IT infrastructure management and procedures for operation Staff Security Continuity site
Return to original situation

Scope Hardware, Software, Networks, Terminals/PCs, Accommodation (for IT and users), Building facilities and Staff
3/31/2012
Page 169
(contd..)
3/31/2012
Page 170

The benefits of IT Service Continuity Management are : Potential lower insurance premiums
- Benefits
Business relationship with the rest of the enterprise is fostered because IT organization is forced to get a better understanding of the business Positive marketing of contingency capabilities. Effective ITSCM allows organization to provide high service levels and thus win business Organizational credibility is increased towards customers, business partners, and stakeholders
Competitive advantage over organizations without it
3/31/2012
Page 171
The critical success factors for IT Service Continuity Management are : Ensure alignment to BCM If its not worth protecting, its not worth doing Test under realistic circumstances
3/31/2012
Page 172
Service Delivery
3/31/2012
Page 173

Financial Management gives insight into the costs of the IT organization and options to charge the costs - making it possible to run IT as a business
The reasons why an organization should implement Financial Management for IT Services are : Cost/profits awareness (make users aware of what services actually cost) Decision-making support Cost recovery
Cost control (know the full cost of the provided IT services)

Planning Efficiency Influence on use (for instance providing incentives for using off-peak times
3/31/2012
Page 174

The goals of Financial Management for IT Services are to : Provide cost-effective stewardship of the IT assets and resources used in providing IT Services Be able to account fully for the spendings on IT Services and to attribute these costs to the services delivered to customers Assist management decisions on investments by providing detailed business cases for Changes to IT Services
3/31/2012
Page 175

Financial Management for IT Services activities include : Budgeting IT Accounting Charging
(contd..)
Budgeting
The process of predicting and controlling the spending of money within the enterprise and consists of a periodic negotiation cycle (usually annual) to set limits on budgets and the day-to-day monitoring of the current budgets. Budgeting enables an organisation to : Predict the money required for a given period Ensure that actual spending can be compared with predicted spending Reduce the risk of over-spending
Ensure that revenues are available to cover predicted spending
3/31/2012
Page 176

IT Accounting
(contd..)
The set of processes that enable the IT organization to fully account for the way its money is spent (particularly the ability to identify costs by customer, by service, by activity). It usually involves ledgers and should be overseen by someone trained in Accountancy. IT Accounting enables an organisation by : Account for the money spent Calculate the cost of providing IT Services to both internal & external services Perform cost-benefit or return-on-investment analyses
Identify the cost of Changes
3/31/2012
Page 177

Charging
(contd..)
The set of processes required to bill a customer for the services supplied to them. To achieve this requires sound Accounting, to a level of detail determined by the requirements of the analysis, billing & reporting processes. Charging enables an organisation to : Recover the costs of the IT Services from the Customers of the service Operate the IT Organisation as a business unit, if required Influence User and Customer behaviour
3/31/2012
Page 178
Financial Management for IT Services - Costs
3/31/2012
Page 179
Financial Management for IT Services - Tasks
3/31/2012
Page 180

The benefits of Financial Management for IT Services are : IT accounting supports the IT Service Manager Statements about profitability of the individual IT services
- Benefits
Essential decisions about IT services and the required investments Data for justifying IT expenditures Essential planning and budgeting Overview of costs, created by service failures, as a basis for expenditure justification in strategy planning Users can track costs of the services they have used
3/31/2012
Page 181

success factors
- Critical
The critical success factors for Financial Management for IT Services are : Involve financial / accounting experts Interface with the other Service Management processes Use customer-based charging units
3/31/2012
Page 182
Service Delivery
Capacity Management
IT Services Continuity Management
Identify Service Level Requirements
Determine Requirements
Business Capacity Management
Budget
Initiation
Verification of Feasibility
Perform BIA and assess design criteria
Service Capacity Management
Account
Requirements Analysis & Strategy Definition
Negotiate (Agreeing)
Define Targets & Measures
Resource Capacity Management
Charge (Optional)
Implementation
Establishment of Agreements
Monitoring & Trend Analysis
Operational Management
Monitor Service Levels
Investigate
Report & Review
Produce & Maintain the Availability Plan
3/31/2012
Page 183
3/31/2012
Page 184
Security Management
3/31/2012
Page 185
Security Management
Security Management is the process of managing a defined level of
security on information and IT services, including managing the responses to security incidents The goal of Security Management is to counter risks of threats to one of the most important assets for business: information Information is threatened in three main ways: Confidentiality Integrity (accuracy) Availability (accessibility)
3/31/2012
Page 186
Security Management
Confidentiality
- CIA
Protecting sensitive information from unauthorized disclosure or intelligible interception Integrity Safeguarding the accuracy and completeness of information and software Availability Ensuring that information and vital IT services are available and accessible when required
3/31/2012
Page 187
Security Management - Why Security Management?

Information is the most important production factor of the world
Threat to information = threat to the organizations productivity Security Management gets increasingly important, because... Public networks (Internet) are increasingly used Internal networks are opened to customers and business partners Internet usability is increasingly extended (e-commerce, online banking) Processes are controlled via networks
3/31/2012
Page 188
Security Management
Security organization
- Security Measures
With clear responsibilities and tasks Policies, codes of conduct Physical security measures
Physical separation of the computer room

Technical security measures Security in a computer system or network Procedural security measures How the staff are required to act in particular cases Work instructions
3/31/2012
Page 189
Defines its security requirements based on its business requirements
Collect experiences, lessons learned Improvement will be considered for the next round of planning & implementation
The section security in SLA is negotiated between customer and service provider
Show conformity with SLA Management without information is impossible Define processes, functions, roles, responsibilities Organization structure between sub-processes Reporting structure/line of command
SLA Underpinning contracts OLA Policy statement
Avoid the atmosphere of phantom security Internal audits External audits Self-assessments Security incident evaluation
Maintaining awareness - Security works only if disciplined and motivated Security incident handling responsiveness Security incident registration - measurement - classification - and reporting
3/31/2012
Page 190
3/31/2012
Page 191
Security Management
- Tasks
3/31/2012
Page 192
Security Management
Can only be qualified with difficulty
- Benefits
The costs are nevertheless clear if security is not sufficient
3/31/2012
Page 193
3/31/2012
Page 194
A key issue that has existed for some time is the problem of moving application developers and IT Service Management closer together. The lack of Service Management considerations within all phases of the application lifecycle has been seriously deficient for some time. Applications need to be deployed with Service Management requirements included, i.e. designed and built for operability, availability, reliability, maintainability, performance and manageability, and to be tested for compliance to specification. To fully understand Application Management, it is necessary to compare it with Service Management and Application Development: Application Management is the superset which describes the overall handling, or management, of the application as it goes through its entire lifecycle (see Figure 9) Application Development is concerned with the activities needed to plan, design, and build an application that can ultimately be used by some part of the organisation to address a business requirement Service Management focuses on the activities that are involved with the Release, delivery, support and optimisation of the application. The main objective is to ensure that the application once built and deployed can meet the service level that has been defined for it.
3/31/2012 Page 195
3/31/2012
Page 196
It is essential that the requirements of all areas of the business and Service Management are considered at each stage of the application lifecycle. Having IT and the business jointly develop their strategies, as a mutual effort, needs to be a precursor to beginning any Application Development or deployment project. This ensures that IT and the business agree to objectives that are clear, concise and achievable. Once an organisation has a common understanding of the alignment between business and IT, it faces a new problem, ensuring that the increasing number of applications are appropriately documented. A method for managing a complex applications environment is through the use of an application portfolio, which provides a mechanism for viewing and evaluating the entire suite of applications in the business enterprise. Organisations need to assess their ability to build, maintain, and operate the IT services needed by the business. A readiness assessment provides a structured mechanism for determining an organisations capabilities and state of readiness for delivering a new or revised application to support business drivers. The information obtained from an assessment can be used to determine the delivery strategy for an application, IT service, or ICT system. The delivery strategy is the approach to move an organisation from a known state, based on the readiness assessment, to a desired state, as determined by the business drivers.
3/31/2012
Page 197
Application Management sees Application Development and all areas of Service Management as interrelated parts of a whole, which need to be aligned. The implication of this is that Application Development, Service Management and ICT IM units need to cooperate closely to ensure that every phase in the lifecycle dedicates the appropriate attention to service creation, delivery and operational aspects. The emphasis must be on the importance of dealing early in the lifecycle with those issues as this can have a large impact on the effectiveness and efficiency of service delivery and operation. For each application lifecycle phase a management checklist can be developed to ensure appropriate Service Management aspects are fully considered and addressed, identifying the key Application Management roles that need representation to ensure that activities are completed comprehensively. Within each phase of the application lifecycle, and likewise for the service lifecycle, each of the key Application Management roles has very specific goals to meet. It is crucial that organisations find some way of measuring progress and performance with respect to achieving these goals. To be effective, measurements and metrics must be woven through the complete organisation, touching the strategic as well as the tactical and operational levels.
3/31/2012
Page 198
Thank you for your participation
3/31/2012
Page 199

ITIL Foundations Certification Course

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

ITIL Foundations Certification Course

Hochgeladen von

Copyright:

Verfügbare Formate

ITIL Foundations Certification Course

The ITIL Framework

ICT (Information & Communications Technology) Infrastructure Management

The ITIL Framework

The ITIL Framework

The business perspective

ICT Infrastructure management

Design and Plan Deployment Operations Technical Support

The technology The technology

Resolve incidents as they occur

Budget, account and optionally charge for IT services

Service Level Manager (5 days)

1 hour Multiple choice

1 hour Multiple choice

3 hour examination (essay form)

Remember about ITIL ..

The Service Support set

Focal point for reporting Incidents and making service requests

The Service Support set

Performs RCAs to establish the root causes of Problems

Close relationship with Configuration Management and Release Management

The Service Support set

Actual implementers of Changes

Note:- The Service Desk is not a process - it is a FUNCTION

The Service Desk function is known under various names :

Central Service Desk

Virtual Service Desk

- Critical Success Factors

The primary functions of Incident Management are :

Investigation and diagnosis

Incident detection and recording Inputs

Classification and initial support

Incident Classification is used to :

Typically classification consists of three parts: Categorisation Prioritising Matching

Incident Management - Example coding system for

Priority = Impact x Urgency

Incident Management - Example of a priority coding

updated Incident details configuration details from the CMDB

Ownership, monitoring, tracking and communication Inputs

Incident Management - Critical Success Factors

Incident closed via work-around (temporary fix)

Problem Management (contd..)

Investigation and Diagnosis of Problems

Kepner and Tregoe

Proactive Problem Management comprises of :

Known Error DataBase (KEDB) :

Known Error DataBase (KEDB) :

Incident v/s Problem Management :

Incident v/s Problem Management :

- Critical success factors

the addition, modification or removal of CIs

Low: change yields improvements that are not required by contract

Request for Change ( RFC)

Change Advisory Board (CAB)

Change Advisory Board/ Executive Committee (CAB/EC)

What the CAB discusses :

Change Management - Critical success factors

Definitive Software Library (DSL)

Definite Hardware Storage (DHS)

The benefits of Release Management are :

- Critical success factors

Examples of the relationships between CIs :

Configuration Management DataBase (CMDB)