1 IT Service Management PV203 Vladimír Vágner 28.02.2023 2 2 What shall we discuss today? IT Service Management - frameworks 2 This is how the typical IT environement looked like many years ago when the applications were tailor made and the IT support had to focus on almost all aspects of the IT delivery. However “single point of contact" (SPOC) in most case did work. 3 3 Becky: “Application XYZ is not responding” or “Where is my report?!” Becky End User of IT Service Over the time the management of IT starts to become much complicatedd and difficult to be managed properly 4 4 A typical interaction between the help desk and the business departments in many organisations can be like this: Finance Department: ‘Hello. Our finance server is not working. Can you fix it?’ HelpDesk: “Which one?” ‘The one that we use in our department. It’s a black system with a green keyboard.’ ‘I had a look at it, but the hard disk is dead and we will have to replace it. I will call the vendor and arrange for a replacement if possible.’ ‘What about our data?’ ‘I’m afraid we can’t recover the data. The disk is dead and we have not been backing up the data of that server, because nobody told us to. Finance did not approve the purchase of a tape drive for this machine.’ ‘Oh no. We have our entire payroll, purchasing, billing, sales and other important financial data for the entire company on that machine. Five years of data!’ ‘Unfortunately there is nothing we can do. Please excuse me, I have to go and attend another call.’ Enviromment and related services from diffwerewnt vendors/departments resulted often into unsolvable situations 5 5 Becky: “Application XYZ is not responding” or “Network is slow!” Becky End User of IT Service LAN Provider: “LAN is OK” Middleware Provider: “No utilization issues” Host Provider: “No performance problem” Server Provider: “No server problem” WAN Provider: “No WAN issues” Chaos 6 6 IT Service Management (ITSM) is a vital element of IT, but it's also sometimes misunderstood and unappreciated. The simple truth is that every business of any size continues to have a timeless business need for IT Service Management (ITSM) both today and well into the future. The business simply can’t perform consistently without a healthy ITSM capability. However, there has been so much development of tools, technologies, and best practices around ITSM, that it can be confusing to distinguish the many discussions that involve ITSM. In this discussion, we will look at the core of ITSM and the value it continues to deliver to the organization. Understanding the framework of ITSM improves our clarity and appreciation for this vital element of both IT and the business as a whole. It will help us best leverage the unique value ITSM can deliver. Here we will look at four elements for the framework of ITSM and how each can benefit the organization and why all of this is so vital to every organization. It All Starts With Great Service At the heart of ITSM lies the delivery of services. This includes the timeless need to fix a machine that is not working properly, answering the many questions that arise daily, providing support for new employee setup, delivering and configuring mobile devices for workers, managing passwords, and much, much more. It helps to think in 7 7 The Information Technology (IT) departments in many organizations were previously focused on the production of software applications, and in the late 1980s it started to change to a service mode of operation. For IT Service Management (ITSM), the main focus was changed from the development of IT applications, but rather on the management of IT services. “The first, and most obvious, the service quality is the critical success factor ”1 1982 terms of the many needs employees have in order to be productive, and that many of those needs bring us back to IT and to ITSM. And the fact is, when the ITSM team is delivering great service, every employee can work more productively and, in turn, service customers better. This connection is important to understand: the linkage of the ITSM organization to every employee and then to every customer. This linkage is vital to business today, and due to our dependency on technology, more critical than ever. We sometimes get distracted by the many interesting and extensive frameworks including ITIL, COBIT, ISO, DevOps and Agile, but make no mistake—these do not great ITSM make. Yes, the right framework can certainly help with structure and operating models, but the core of ITSM is and must always remain about delivering great service to real people. Quality services enabled by ITSM is a great boost to IT and to the business. The Hub of IT The processes and principles of ITSM are unique in that they connect the assets of the IT infrastructure to the people of the organization. We can think of this as bringing the assets of IT to life through the services that are the heartbeat of the business. These connections are often direct in that every person in the business will utilize assets in some form, including smart phones, laptops, tablets and desktop computers to perform their work every day. This connection between people and technology is now vital to every business and this dependency is only growing. These technologies are simply how we do our work every day. Think for a moment about the dependency our employees have on smartphones, email, and internet access to name a few examples. These resources are fundamental to every business of any size, and in order for these systems to operate in a reliable manner, IT is working around the clock to ensure everything is working as expected. Taking this a step further, the processes of ITSM are at the heart of the daily operations and health of each system. When everything is working correctly, everybody is happy and these systems are simply taken for granted. But if the organization loses internet access or the email server goes down, there is an immediate and significant impact to the business. If we look closely, we can see that some of the fundamentals of Agile are very closely related to this hub and spoke model for IT and ITSM. The many connections of technologies to people and then to customers brings to our attention the tremendous value of ITSM and the role ITSM plays in keeping the business running. Process Strategy and Operations Behind every service that is delivered by ITSM, there is a business process, process strategy, and process model. Yes, we love our processes in IT and nowhere is that more clear than in the domain of ITSM. Incident Management, Problem Management, Change Management, Release Management and Configuration Management are just a few processes that lie at the core of ITSM and with each there is an important strategy that governs the process itself and then the process model and how it operates every day. Because most 7 organizations today utilize an ITSM software application to support operations, it is important we have the process strategy and design right or we won’t be able to run ITSM processes successfully. For every business process, there is a connection to an IT and ITSM process that then enables the business to operate effectively. Why It all Matters So, why does all of this matter and why should we care about ITSM? That is a great question and that brings us back to the fundamental connection of technology to services to our people. The modern business has a remarkable and inescapable dependency on technology, and when technology is working for our people, anything is possible. But when technology is not deployed properly and for-purpose, everything becomes more difficult. In some cases, the business becomes paralyzed. Virtually every element of business today relies on software and/or hardware to perform our daily tasks, and the good people of ITSM help ensure these tools and technologies are performing exactly as they should. Even better, the next ten years of ITSM will bring a new model for personalized service and a focus on bringing new innovations to the business that will help bring business performance to the next level. In today’s market this is only possible through the strategic use of technology. The business and technology are now inseparable. This focus on real business results and the value we deliver to customers are quickly becoming the new focus of the ITSM organization—success with this new value focus will separate the new market leaders from all the others. Great service, healthy processes, and reliable technologies are only the beginning. They are very much a springboard to the next decade of ITSM which will be focused on business results and delivering value to customers. This is only possible with a healthy ITSM framework—the key to the new generation of ITSM solutions and the new model for IT. From ITSM Understanding the Framework and Why It’s Important, Kevin J. Smith, April 04, 2019 @ivanti Blog 7 Enterprises operating in dynamic environments need to improve their performance and maintain competitive advantage. Adopting practices in industry-wide use can help to improve capability. The term ‘best practice’ generally refers to the ‘best possible way of doing something’. As a concept, it was first raised as long ago as 1919, but it was popularized in the 1980s through Tom Peters’ books on business management. The idea behind best practice is that one creates a specification for what is accepted by a wide community as being the best approach for any given situation. Then, one can compare actual job performance against these best practices and determine whether the job performance was lacking in quality somehow. Alternatively, the specification for best practices may need updating to include lessons learned from the job performance being graded. Enterprises should not be trying to ‘implement’ any specific best practice, but adapting and adopting it to suit their specific requirements. In doing this, they may also draw upon other sources of good practice, such as public standards and frameworks, or the proprietary knowledge of individuals and other enterprises. More recently, the ITIL framework has offered a supplementary list 8 ITIL is not a standard in the formal sense but a framework which is a source of good practice in service management. The standard for IT service management (ITSM) is ISO/IEC 20000, which is aligned with, but not dependent on, ITIL. The objective of the ITIL service management framework is to provide guidance applicable to all types of organisations that provide IT services to businesses, irrespective of their size, complexity, or whether they are commercial service providers or internal divisions of a business. Enterprises operating in dynamic environments need to improve their performance and maintain competitive advantage. Adopting practices in industry-wide use can help to improve capability. 8 1972: IBM starts research on quality service delivery called Information Systems Management Architecture (ISMA). 1980: IBM publishes Volume I of the IBM Management series titled "A management System for the Information Business", first public edition of ISMA. 1986: CCTA authorizes a program to develop a common set of operational guidance with the objective of increasing efficiencies in Government IT. 1988: "Government Infrastructure Management Method (GITMM)", is formalized and issued as 'guidelines' for Government IT operations in the UK focused on Service Level Management. Same year, the development team was expanded and work continued on Cost, Capacity, and Availability. 1989: GITMM title is inadequate. It is not a method, (last M), and it should lose its G letter in order to be marketable out of government. Renamed to ITIL. 1989: First 'ITIL' book published, Service Level Management, then Help 9 V3 updated ‘11 ITIL 2011 books grew 57% in weight and 46% in number of pages due to rewrite and redesign (larger font). Desk (incorporating the concepts of Incident Management), Contingency Planning, and Change Management. Books had 50-70 pages. 1990: Problem Management, Configuration Management and Cost Management for IT Services published. 1991: Published - Software Control & Distribution, on 89 pages. 1992: Availability Management, 69 pages. 1996: (July) First ITIL Service Manager class delivered in US by US company, ITSMI, 16 attended, 10 candidates, nine passes, one distinction, first US company authorized as an ITIL accredited course provider - ITSMI. 1997: Customer focused update to the Service Level Management book, 106 pages. 1997: ITIMF legally becomes what we know today as the IT Service Management Forum (itSMF UK). 2000: Service Support V2 published, 306 pages. 2001: Service Delivery V2 published, 376 pages. 2001: CCTA became a part of the Office of Government Commerce (OGC) 2002: Application Management, 158 pages, Planning to Implement IT Service Management, 208 pages and ICT Infrastructure Management, 283 pages, published. 2003: Software Asset Management, 146 pages, published. 2004: Business Perspective: The IS View on Delivering Services to the Business, published, 180 pages. 2006: (June) ITIL Glossary V2 published 2006: (June) APM Group Limited announced as preferred bidder of ITIL accreditation & certification program, over the itSMF International (expectant winner) 2007: (May) ITIL V3 five core books published. 2011: (July) ITIL 2011 update published. Let's analyse this timeline a bit: ITIL V1 was rather similar to IBM's ISMA, especially in support/delivery 9 domain. Core ITIL V2 books did not differ much from ITIL V1. Only a few processes were altered slightly, but the focus and perspective was pretty much unchanged. And this process lasted for some 20 years. ITIL V3 approximately doubled the scope, almost tripled the number of processes and functions and introduced a few new dimensions and perspectives. We have the first set of core books now, but a lot of time will be needed to develop all the complementary books, to groom and mature the training materials and to polish best implementation practices. ITIL 2011 books grew 57% in weight and 46% in number of pages due to rewrite and redesign (larger font). It all started under Margaret Thatcher, the prime minister of United Kingdom during the eighties. The cost of IT in the government agencies was not in control with disparate processes ruling the roost. Central Computer and Telecoms Agency (CCTA) was commissioned to bring down the cost and streamline processes across agencies. It took CCTA 4 years and 8 billion pounds to come up with a set of best practices, it was called Government Information Technology Infrastructure Management Method (GITIMM), conceptually similar to ITIL®. Consultants who were taken on board this project visited a number of private institutions (including IBM) to understand their processes, and how they performed their IT related activities. The processes and activities were passed through a sieve, and the best sets of processes were retained to give birth to ITIL®. GITIMM, throughout the eighties and early nineties evolved to become ITIL® v1 which consisted of over 30 books. In 2000, the United Kingdom's Office of Government Commerce (OGC) took over CCTA, and a year later ITIL® v2 was released. V2 sub divided ITIL® as service support and service delivery. Maintenance of services came under service support while putting up a new service or modifying it came under service delivery. This version consisted of 8 volumes. The subsequent version - ITIL® v3 was published in May 2007, and it provides a holistic view of services. It covers the entire lifecycle of a service – from the nascent stages of strategies through design, transition to live environment and support when services are active. A major difference between v3 and its predecessors is the inclusion of a continuous improvement phase in the former. This phases stresses on the need for continuous improvement throughout the lifecycle of a service – which makes ITIL® much stronger than what it was envisioned to be. ITIL® v3 further reduced the number of books to 5, called as the core volumes. Sometime last year, there were talks of ITIL® v4, but it turned out to be hoax in the end. 9 Apart from the ISO/IEC 20000 standard, ITIL is also complementary to many other standards, frameworks and approaches. No one of these items will provide everything that an enterprise will wish to use in developing and managing their business. The secret is to draw on them for their insight and guidance as appropriate. Among the many such complementary approaches are: Balanced scorecard: A management tool developed by Dr Robert Kaplan and Dr David Norton. A balanced scorecard enables a strategy to be broken down into key performance indicators (KPIs). Performance against the KPIs is used to demonstrate how well the strategy is being achieved. A balanced scorecard has four major areas, each of which are considered at different levels of detail throughout the organisation. COBIT: Control OBjectives for Information and related Technology provides guidance and best practice for the management of IT processes. COBIT is published by the IT Governance Institute. CMMI-SVC: Capability Maturity Model Integration is a process improvement approach that gives organisations the essential elements for effective process improvement. CMMI-SVC is a variant aimed at service establishment, management and delivery. EFQM: The European Foundation for Quality Management is a framework for organisational management systems. eSCM–SP: eSourcing Capability Model for Service Providers is a framework to help IT service providers develop their IT service management capabilities from a service sourcing perspective. ISO 9000: A generic quality management standard, with which ISO/IEC 20000 is aligned. ISO/IEC 19770: Software Asset Management standard, which is aligned with ISO/IEC 20000. ISO/IEC 27001: ISO Specification for Information Security Management. The corresponding code of practice is ISO/IEC 17799. Lean: a production practice centred around creating more value with less work. PRINCE2: The standard UK government methodology for project management. SOX: the Sarbanes–Oxley framework for corporate governance. Six Sigma: a business management strategy, initially implemented by Motorola, which today enjoys widespread application in many sectors of industry. 9 10 One of the most common questions we hear from people that are new to the world of IT service management (ITSM) is: "What's the difference between ITSM a The most basic answer is that ITSM is the actual practice, or professional discipline, of managing IT operations as a service, while ITIL is a set of best practices tha That's what we're doing in this week's blog post. We'll talk about how IT has changed from its earliest days to adopting the ITSM paradigm and how ITIL develop What Is ITSM? To begin, the ITIL 2011 glossary provides a good definition of ITSM as "The implementation and management of quality IT services that meet the needs of the bu To help put this into context, let's look at how the role of IT within organizations has transformed over the past decades. In the 1970s and 1980s, it became appa In the early days of information technology, IT departments were seen as necessary along with the associated expense rather than a value driver within the orga Reactive IT departments had mixed perceptions within organizations—as you rely on IT to keep things working, and you primarily interact with them when thing Today, IT organizations have evolved in the way they deliver value to the organization. The ITSM paradigm has emerged as the common approach for how IT orga ITSM Delivers IT as a Service Today, ITSM is a professional discipline that encompasses all of the activities and duties involved in designing, creating, delivering, and supporting the lifecycle of The concept of delivering IT as a service has significant implications for how IT organizations are perceived by the enterprises in which they operate. When IT dep ITSM Processes and Automation Drive Organizational Efficiency The goal of ITSM is to effectively design, build, deliver, and manage IT services for the organization, but an underlying reason for service management is to align ITSM professionals engage in strategy generation to ensure that the goals of IT are aligned with the goals of the business. ITSM professionals understand the need for continuous improvement—they may track certain metrics to assess the performance of the IT organization and set t ITSM professionals understand the need to plan and design services effectively, ensuring that they can meet capacity and availability requirements set by the org ITSM professionals understand the importance of streamlined communication between the business (users/customers) and the IT organization, and may have im ITSM professionals understand the need to drive efficiency through automation and self-service—they identify and automate time-consuming tasks, and create ITSM professionals understand the need to minimize business interruptions—they may follow a formal Change Management process to ensure that changes are ITSM is what happens when IT departments focus on their relationship with the business, align their activities with what the business wants, and look to create c What Is ITIL? In the 1980s, the United Kingdom experienced a growing dependency on IT throughout its departments, but without a standard set of practices for managing th ITIL began as an acronym for the "Information Technology Infrastructure Library" which was published between 1989 and 1996 as a volume of 30 books, each on A minimum set of ITIL best practices are contained in ISO 20000 Part 11. This is used by organizations that desire or need a certified standard with clearly define ITILv3 (2011 Edition) Lifecycle approach ITIL Processes Reflect Best Practices for ITSM We can understand ITIL as a regularly updated set of best practices for ITSM. For IT organizations that want to adopt the paradigm of IT as a service, the ITIL framework provides a set of processes and best practices that can be implemented by the IT organization to help provide better services to users, meet goals for service capacity and availability, and ensure that the actions of the IT organization effectively support the business objectives of the organization. While ITSM is a professional discipline that concerns itself with the effective design, deployment, and management of IT services, ITIL is a framework that IT professionals can use to implement best practices for ITSM within their organizations and move towards a more effective IT organization that delivers exceptional value to the enterprise. 10 11 1 1 W 11 hat Is the ITSM ITIL Framework? Under ITIL 2011, the discipline of ITSM is broken down into five stages, each corresponding to one stage of the IT service lifecycle. The five stages of the IT service lifecycle are service strategy, service design, service transition, service operation, and continual service improvement. Each stage is covered is one of the five ITIL books, and each is comprised of many processes and sub-processes that together form the set of best practices for managing that stage of the service life cycle: Service Strategy: Service strategy entails the development of a strategy for the IT organization to serve its customers, typically the business to which it belongs. Service strategy begins with assessing the needs of the business and customers, then determines what services the IT organization will offer and what capabilities it should develop to meet the needs of the organization. Service Design: Service design includes the creation, design, and modification of new and existing IT services. In this stage, IT organizations design new services for the organization and implement changes to existing services. Service Transition: Once a service has been designed, the next step is for it to be built and deployed. This development of capabilities and deployment happens in the service transition stage. ITIL's Service Transition book also includes processes for ensuring that changes to existing services are executed in a coordinated fashion that minimizes business interruptions. Service Operation: Service Operation is an important stage of the ITIL life cycle whose goal is to ensure that services offered by the IT organization are delivered effectively and efficiently. Service Operation includes all four functions associated with ITIL: Technical Management, Application Management, IT Operations Management, and the service desk. Continual Service Improvement (CSI): The goal of continual service improvement is to ensure that the organization captures data, information and knowledge from its successes and failures, and uses them to continually improve the efficiency of its processes and service offerings. Formalizing ITSM Service Management Processes with ITIL The ITIL framework offers a template for modern IT organizations to implement ITSM effectively and start delivering more value to their organizations through effective and efficient service life cycle management for all IT services. The ITSM paradigm emerged out of a need to align the goals of the IT organization with the needs of the business. ITSM and the concept of IT as a service led to the rise of help and service desks—a single point of contact between the IT organization and the business, where users could make IT related requests and report issues. ITSM grew as a professional discipline as more organizations attempted to formalize their own best practices. Even today, organizations may have some service management processes that are consistent with ITIL and others that aren't, or they may develop their own processes that suit their unique circumstances. The ITIL framework emerged in the 1980s as a set of best practices for ITSM. ITIL brought standardization and widespread use of best practices to IT organizations around the world and it remains the leading standard for IT organizations worldwide when it comes to effective and efficient management of the IT service life cycle. ITIL is like a playbook for ITSM—it offers guidance in the most effective ways espoused by leading professionals around the world. As IT organizations mature, they should move towards an ITIL-compliant model of ITSM that follows best practices to maximize value for the organization. ITSM Solutions for ITIL and related Compliance ITSM software solutions exist to help organizations implement their own best practices for IT Service Management. 11 12 12 12 Why is ITIL important to …? • Reduced disruption to IT Services • Greater control of IT infrastructure & changes to it • Lower IT cost – centralized & standardized services • Connects the IT infrastructure to the business it supports so that IT investment is focused on the highest priority business needs • Single point of contact for end-users for incidents, service requests, and information – reduces multiple help desks • Vendor-neutral language to describe IT service management – helps to manage IT support across multiple suppliers • End-to-end integration of IT management processes • Supports business controls compliance RESULTS IN BETTER QUALITY, LOWER TCO, IT ALIGNMENT TO BUSINESS, AND EASIER SOURCING TCO – Total Cost of Ownership 13 ITIL 4 will be more discussed during next lesson ITIL® 4 Concept § Introduces Service Value System Ø Describes basic elements of the system via which the value of the product is being created with the aim on the customer and user requirements and experience § Describes model of the value creation – Service Value Chain Ø And its 6 main activities for each process/practice § Does not contain processes description in the lifecycle Ø Lists 34 management practices within 3 basic groups Ø General Management, Service management, Technical Management § Bases description of 4 Dimensions on v3`s four attributes of SM Ø Critical mission in value creation Ø Includes important external factors to consider (economical, political, social, etc) 15 15 What problems are organisations trying to solve with ITIL • Establish baseline of process/process supporting tools/knowledge Ø Some of them don’t have processes established in some areas – like problem management • Stabilize/Standardize/Centralize infrastructure • Process/ITSM tools standardization Ø Either across customer internal lines of business or across suppliers • Integration of infrastructure and application management Ø Want to be able to improve infrastructure stability by integrating applications & infrastructure • Right size infrastructure to support critical business services • Link IT investment and support to business strategies and priorities 17 17 17 Information Technology Infrastructure Library IT Service Management ~ ITSM covers IT services, processes, technology, and staffing and personnel practices that contribute to the management of IT infrastructure ITIL® represents the best practices in IT Service Management ü Becoming international standard ü Adopt & Adapt to organization’s business needs ü The Client’s business enablement is the main focus – not the technology The term ‘best practice’ generally refers to the ‘best possible way of doing something’. As a concept, it was first raised as long ago as 1919, but it was popularised in the 1980s through Tom Peters’ books on business management.The idea behind best practice is that one creates a specification for what is accepted by a wide community as being the best approach for any given situation. Then, one can compare actual job performance against these best practices and determine whether the job performance was lacking in quality somehow. Alternatively, the specification for best practices may need updating to include lessons learned from the job performance being graded.Enterprises should not be trying to ‘implement’ any specific best practice, but adapting and adopting it to suit their specific requirements. In doing this, they may also draw upon other sources of good practice, such as public standards and frameworks, or the proprietary knowledge of individuals and other enterprises. 18 18 Summary: The Difference Between ITIL and ITSM is - ITSM is how you manage the services you deliver to end users, and ITIL teaches you the best practices for ITSM. Whether services are being provided by an internal unit of the organization or contracted to an external agency, all services should be driven solely by business needs and judged by the value that they provide to the organization. Apart from the ISO/IEC 20000 standard, ITIL is also complementary to many other standards, frameworks and approaches. No one of these items will provide everything that an enterprise will wish to use in developing and managing their business. The secret is to draw on them for their insight and guidance as appropriate. Among the many such complementary approaches are: Balanced scorecard: A management tool developed by Dr Robert Kaplan and Dr David Norton. A balanced scorecard enables a strategy to be broken down into key performance indicators (KPIs). Performance against the KPIs is used to demonstrate how well the strategy is being achieved. A balanced scorecard has four major areas, each of which are considered at different levels of detail throughout the organisation. COBIT: Control OBjectives for Information and related Technology provides guidance and best practice for the management of IT processes. COBIT is published by the IT Governance Institute. CMMI-SVC: Capability Maturity Model Integration is a process improvement approach that gives organisations the essential elements for effective process improvement. CMMI-SVC is a variant aimed at service establishment, management and delivery. EFQM: The European Foundation for Quality Management is a framework for 19 19 What framework or processes are you employing to support your ITSM strategy? Source : 2017 Forbes Insights survey on The State of Information Technology Service Management (ITSM) organisational management systems. eSCM–SP: eSourcing Capability Model for Service Providers is a framework to help IT service providers develop their IT service management capabilities from a service sourcing perspective. ISO 9000: A generic quality management standard, with which ISO/IEC 20000 is aligned. ISO/IEC 19770: Software Asset Management standard, which is aligned with ISO/IEC 20000. ISO/IEC 27001: ISO Specification for Information Security Management. The corresponding code of practice is ISO/IEC 17799. Lean: a production practice centred around creating more value with less work. PRINCE2: The standard UK government methodology for project management. SOX: the Sarbanes–Oxley framework for corporate governance. Six Sigma: a business management strategy, initially implemented by Motorola, which today enjoys widespread application in many sectors of industry. 19 ISACA is an international professional association focused on IT governance. It is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only 20 20 • COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. • Since 1996, COBIT has evolved to offer practitioners the latest knowledge, tools, and best practices for maximizing the value of IT for businesses all over the world. COBIT 2019 is an elite IT governance and management framework, perfect for helping you transform your IT operations into a finely-honed and fully-optimized tool: perfectly suited at all levels for day to day operations, long term goals, and even continuous evolution. • COBIT 5, the previous version of COBIT, was focused on providing objectives, tools, and best practices that were universally applicable to all IT operations. • COBIT 2019 is focused on creating bespoke IT frameworks, specifically suited to an individual company’s own requirements and goals. COBIT 21 21 COBIT 2019 core model (ISACA) COBIT 2019 also works by establishing the potential for progressive evolution. These days, IT is constantly in flux, with businesses having to consider new technology, legislation, practices, and so on on a regular basis. COBIT 2019 establishes the potential for progressive evolution in IT frameworks. With elements of digital and IT management being in constant flux, businesses must be prepared to reexamine their chosen best practices, software, technology, and compliance initiatives on a regular basis. This is not only for the sake of meeting the standards set by clients but also surpassing them. To help users cope with this, COBIT 2019 offers several methods for continuous improvement. Firstly, it lays out the ‘COBIT Performance Management (CPM)’ system. Based on the CMMI Performance Management Scheme (and scored between 0 and 5), this is used to gauge the overall capability of a process: 0 - Lack of any basic capability. Incomplete approach to address governance and management purpose. May or may not be meeting the intent of any process practices 1 - The process more or less achieves its purpose through the application of an incomplete set of activities that can be characterized as initial or intuitive - not very organized 2 - The process achieves its purpose through the application of a basic yet complete set of activities that can be characterized as performed 22 22 COBIT 5 principles: • Meeting stakeholder needs • Covering user enterprises from end to end • Applying a single integrated framework • Enabling a holistic approach • Separating governance from management “Stakeholder - A person, group or organization that has interest or concern in an organization” COBIT 2019 expansion • Provide Stakeholder Value • Holistic Approach • Dynamic Governance System • Governance Distinct from Management • Tailored to Enterprise Needs • End to End Governance System COBIT principles 3 - The process achieves its purpose in a much more organized way using organizational assets. Processes typically are well defined 4 - The process achieves its purpose, is well defined, and its performance is (quantitatively) measured 5 - The process achieves its purpose, is well defined, its performance is measured to improve performance and continuous improvement is pursued Level 2 refers to the basic level of capability, with any numbers below this indicating an area for immediate improvement. COBIT 2019 also utilizes an open-source model. This allows ISACA to collect feedback from the worldwide community of IT governance and management professionals. By regularly assessing this feedback, ISACA will identify areas where the methodology can be improved, such as incorporating new best practices or integrating new technology. As a result, COBIT 2019 users will have an edge in adapting to new opportunities in the future. Finally, COBIT 2019 also lists several ‘enhancing activities’. These are suggested by ISACA to help practitioners enhance their implementation of COBIT. For example, when first adopting COBIT, managers and stakeholders may want to consider investing in COBIT online training. 22 24 COBIT is a set of practices for top management to understand how they should approach their enterprise IT. And ITIL is a roadmap of exactly what should be done to organize IT employees' daily processes 25 25 ISO 20000 says what you need to do, while ITIL tells you how to do it. 26 2626 ISO 20000 ISO 20000 is the international standard for IT Service Management (ITSM), published by ISO (the International Organization for Standardization), and ICE (the International Electoral Commission). To become an international standard, ISO 20000 had to be agreed upon by a majority of member countries, which means it is accepted by a majority of countries worldwide. The standard describes a set of management processes designed to help you deliver more effective IT services (both to those within your business and to your customers). ISO 20000 gives you the methodology and the framework to help you manage your ITSM, while allowing you to prove your company follows best practice. With the requirements of the standard you will achieve best practice, helping to improve your delivery of IT services. And ISO 20000 is applicable to any company size and any industry. ISO 20000 helps organizations benchmark how they deliver managed services, measure service levels and assess their performance. It is broadly aligned with, and draws strongly on, ITIL®. 27 27 ISO20000 is IT Service Management System Standard that specifies ISO2000 certification requirements for the service provider to plan, establish and maintain ISO 20000 controls for an effective Service Management System within an organization. 28 28 ITIL provides advice on best practices in IT service management, including options that may be adopted and adapted by organisations according to business need, local circumstances and the maturity of the service provider. ISO 20000 sets the standards that service management processes should aim for. 29 The Business Process Framework (eTOM) is a critical component of the Open Digital Framework, TM Forum’s blueprint for enabling successful business transformation. It is a comprehensive, industry-agreed, multi-layered view of the key business processes required to run an efficient, effective and agile digital enterprise. All of the Open Digital Framework, including the Business Process Framework, is created and evolved by industry leaders and practitioners in TM Forum’s member driven collaboratgion community. It is a hierarchical catalog of the key business processes required to run a servicefocused business. At the conceptual level, the framework has three major areas, reflecting major focuses within typical enterprises: • Strategy, Infrastructure and Product • Operations • Enterprise Management 6 things you can do with the Business Process Framework 1. Create a common language for use across departments, systems, external 30 3030 It is a hierarchical catalog of the key business processes required to run a service-focused business. At the conceptual level, the framework has three major areas, reflecting major focuses within typical enterprises: • Strategy, Infrastructure and Product • Operations • Enterprise Management Business Process Framework (eTOM) The business process framework is an operating model framework for telecom service provider in the telecommunications industry.[1 The model describes the required business processes of service provider, and defines key elements and how they should interact1. 1. Wikipedia 2. TMForum The Business Process Framework is a reference framework or model for categorizing all the business activities that a service provider will use. It is intended to deliver reusable process elements to enable the construction of best practice or implementation of specific process flows for a wide variety of purposes.2 partners and suppliers, reducing cost and risk of system implementation, integration and procurement. 2. Adopt a standard structure, terminology and classification scheme for business processes to simplify internal operations and maximize opportunities to partner within and across industries. 3. Apply disciplined and consistent business process development enterprise-wide, allowing for cross-organizational reuse. 4. Understand, design, develop and manage IT applications in terms of business process requirements so applications will better meet business needs. 5. Create consistent and high-quality end-to-end process flows, eliminating gaps and duplications in process flows. 6. Identify opportunities for cost and performance improvement through re-use of existing processes and systems. 30 31 3131 ICT Enterprises can leverage the past experience of the IT service and telecommunications industry in the operations space by simultaneously adopting two of most successful approaches, ITIL and the Business Process Framework (eTOM). ITIL encompasses a set of “good practices” that are widely recognized and applied, and shows how these can be orchestrated in a service management lifecycle. TM Forum’s Business Process (eTOM) and Information (SID) Frameworks deliver a reusable, agreed, and widely adopted service-oriented architecture, with processes that can be linked directly with ITIL’s good practices. 32 32 Business Process Framework (eTOM) Relationship to ITIL TM Forum’s Business Process (eTOM) and Information (SID) Frameworks deliver a reusable, agreed, and widely adopted service-oriented architecture, with processes that can be linked directly with ITIL’s good practices. The MOF process model enables companies to: • Facilitate consistent IT service management across service solutions. • Establish a structure for IT functions, processes, and procedures. • Represent a life-cycle approach. Central to the MOF process model is its division into four quadrants of operational processes and procedures, named service management functions (SMFs). The SMFs are the foundation-level best practices and prescriptive guidance for operating and maintaining an IT environment. Changing Quadrant The changing quadrant includes the service management functions (SMFs) required to identify, review, approve, and incorporate change into a managed IT environment. This includes changes in software, hardware, documentation, roles and responsibilities, and also specific process and procedural changes. Change Management Change management is responsible for changes in technology, systems, applications, hardware, tools, documentation, and processes, and also changes in roles and 33 33 The Microsoft Operations Framework (MOF) provides guidance that enables organizations to achieve missioncritical system reliability, availability, supportability, and manageability of Microsoft products and technologies. MOF provides operational guidance in the form of white papers, operations guides, assessment tools, best practices, case studies, templates, support tools, and services. This guidance addresses the people, process, technology, and management issues pertaining to complex, distributed, and heterogeneous IT environments. Microsoft Operations Framework - MOF responsibilities. During the change management process, as part of designing your BizTalk Server implementation, you can do the following: • Determine whether the service level agreement with your partners or customers requires a certain level of availability, uptime, and load-processing capabilities. • Determine the best cluster configuration for the BizTalk Server databases for your business needs. The run-time processes write to the BizTalk Management database, MessageBox databases, Tracking Analysis Services database, BAM Analysis database, BAM Star Schema database, BAM Primary Import database, and BAM Archive database. Therefore, these databases are especially important if a disaster occurs, and must have greater priority when determining what databases to cluster. Only users or tools write to the other databases. For the MessageBox databases, you can consider an active/active/active/passive fourserver cluster to minimize the hardware needed. • Determine whether to cluster the master secret server, or if manually restoring the master secret on another Enterprise Single Sign-On server is satisfactory for your scenario. This solution is available, but not highly available. • Determine the number of hosts and host instances that you will need to process your expected message load and to provide high availability. • Create a list of the people that will be involved in the change-management process. This list will include, but is not limited to, the domain administrator, database administrator, infrastructure administrator, BizTalk Server administrator, and IT operations staff. Configuration Management Configuration management is responsible for identifying, controlling, and tracking all versions of software, hardware, documentation, processes, procedures, and all other components of the IT environment under the control of change management. During the configuration management process, you must create a detailed plan for how you are going to implement your highly available solution for BizTalk Server. You must also document the steps that you took to create your solution. At a high level, the steps are: • The domain controller creates the domain groups and accounts that you will use in your BizTalk Server environment. • The infrastructure administrator creates the Windows cluster for the BizTalk Server databases and the Windows cluster for the master secret server. • The database administrator installs and configures Microsoft SQL Server on the Windows cluster for the BizTalk Server databases. • The BizTalk Server administrator configures the master secret server cluster. • The BizTalk Server administrator installs and configures BizTalk Server on the processing, receiving, and sending servers. • The BizTalk Server administrator creates the hosts and installs the host instances on the appropriate servers to provide high availability or to increase capacity, or both. 33 Operating Quadrant The operating quadrant includes the SMFs required to monitor, control, manage, and administer service solutions daily to achieve and maintain service levels within predetermined parameters. Job Scheduling Job scheduling involves the continuous organization of jobs and processes in the most efficient sequence, maximizing system throughput and use to meet service level agreement requirements. Make sure that you schedule planned downtime, such as scheduled updates, at times when the message load is low (for example, late at night) to minimize the potential effect on your business. Supporting Quadrant The supporting quadrant includes the SMFs required to identify, assign, diagnose, track, and resolve incidents, problems, and requests within the approved requirements that are contained in the service level agreements. Optimizing Quadrant The optimizing quadrant includes the SMFs that contribute to maintaining business and IT alignment by focusing on decreasing IT costs while maintaining or improving service levels. This includes review of outages and incidents, examination of cost structures, staff assessments, availability and performance analysis, and capacity forecasting. Service Level Management The goal of service level management is to maintain and continuously improve the quality of IT service, through a constant cycle of negotiating and monitoring service level requirements. The successful service level management function causes an improvement in quality of service, greater levels of customer productivity, and ideally, a reduction in the overall cost of services provided. During the service level management process, you can do the following: Evaluate how the current environment satisfies your service level agreement requirements. Recommend the addition of new servers for processing, receiving, or sending messages to meet the requirements. If necessary, recommend creating highly available solutions for points of failure that were not originally mitigated to meet the availability requirements in the service level agreement. Availability Management The single goal of availability management is to make sure that your customers can use a particular IT service whenever they want. For the availability management process, you can establish mechanisms for notifying IT personnel when a hardware failure occurs so that they can fix or replace the hardware as quickly as possible, and mechanisms for notifying IT 33 personnel when the server load is larger than a particular threshold. Service Continuity Management The objective of the service continuity management function is to make sure that a specified IT service provides value to the customer if regularavailability solutions fail. During the service continuity function you must examine what highavailability configuration to implement to make sure that you continue providing your customers with the services they expect even when a planned or unplanned downtime occurs. Examples of unplanned downtime are hardware failures or acts of nature. 33 34 3434 Microsoft Operations Framework (MOF) • MOF is an alternative framework to the Information Technology Infrastructure Library (ITIL). Like ITIL, MOF includes guidelines for the entire lifecycle of an IT service, from concept to retirement or replacement. • MOF encompasses three phases and a foundation layer of the IT service lifecycle: • The plan phase ensures alignment with business and IT objectives, policy compliance, financial management and reliability. • The deliver phase covers envisioning, planning, building, stabilizing and deploying the service. • The operate phase keeps operations, service monitoring and control service, customer service and problem management in line with service level agreement (SLA) goals. • The manage layer helps IT professionals manage governance, risk, and compliance (GRC); change and configuration; and team service. 35 3535 Six Sigma is an effective and adaptable measurement-based improvement methodology which can be used for delivering quality IT services. The main aim of Six Sigma is to reduce variation in processes by offering a structure by which organizations can constantly improve routine IT processes and eliminate defects, waste and cost, thereby increasing service quality and customer satisfaction. Six Sigma is a quality program that, when all is said and done, improves your customer’s experience, lowers your costs, and builds better leaders. — Jack Welch Six Sigma The Plan-do-check-act Procedure 1.Plan: Recognize an opportunity and plan a change. 2.Do: Test the change. Carry out a small-scale study. 3.Check: Review the test, analyze the results, and identify what you’ve learned. 4.Act: Take action based on what you learned in the study step. If the change did not work, go through the cycle again with a different plan. If you were successful, incorporate what you learned from the test into wider changes. Use what you learned to plan new improvements, beginning the cycle again. 36 3636 Six Sigma e.g. compliments ITIL CSI with Deming’s PDCA cycle 37 3737 Whilst using both models can benefit businesses, Six Sigma and ITIL aren’t generally used together, but rather in combination as a complimentary set of practices that can improve businesses from a number of angles. Six Sigma is a methodology based on formulas, calculations and the analysis of business processes in order to improve them. Whilst Six Sigma focuses on the ‘how’ of improving processes, ITIL is more concerned with the theory and guidelines put in place to determine the ‘what’ of the processes. By utilizing ITIL methods, a business can determine what needs to be done in order to improve processes and areas. Six Sigma on the other hand, can help a business work out what the cause of an issue is or where a fault in a process lies and then ascertain how this can be fixed. However, as Six Sigma relies on statistical analysis, it is best practice to sample process improvements on a small trial basis to ascertain whether the benefits are scalable. 6 sigma and ITIL Will be explained and discussed in last session SIAM is an adaptation of ITIL that focuses on managing the delivery of services provided by multiple suppliers. SIAM is not a process. SIAM is a service capability and set of practices in a model and approach that build on, elaborate, and complement every part of the ITIL practices. Effective SIAM seeks to combine the benefits of best-of-breed based multi-sourcing of services with the simplicity of single sourcing, minimising the risks inherent in multi-sourced approaches and masking the supply chain complexity from the consumers of the services. SIAM assists in the situation where policy and execution can no longer be defined absolutely by a single authority, supporting the development of supply chains into supply networks. The primary focus of SIAM is on providing the necessary consistent governance, assurance, and management of these multiple suppliers and services, whether these suppliers are external, internal, or a combination of. It includes approaches for supplier co-ordination, integration, collaboration, interoperability and delivery. This creates an environment where all parties know their role, responsibilities, context 38 38 SIAM – Service Integration and Management is a new concept, based on an old one – i.e. the need to co-ordinate and manage a number of IT suppliers in a single ‘supply chain’. The ‘new’ element is the idea that multiple outsourced suppliers need to be managed by one (SIAM) management layer, so that a single service view is managed and delivered across the supply chain. This uses ITSM concepts in a more commercially focused way and is gaining credence and adoption. SIAM and are empowered to deliver – and are then also held accountable for the outcomes. Businesses that use or wish to use multiple suppliers to deliver integrated services can benefit from a re-interpretation and re-focusing of core ITIL principles, methods and techniques, adapting and augmenting them as the basis for effective SIAM. This provides a different perspective from the situation where the majority of services are provided from within the same organisation, and brings out ITIL's ‘multi-tenant’ capabilities. The need for a specific SIAM approach is exacerbated by the increasing complexity and diversity of the IT value network, supply chain, and service provider characteristics. An example is where the overall service delivered to users is dependent on underpinning services that are a mix of utility/commodity services and value-added services provided by a number of different suppliers. 38 The aim of SIAM is to provide a single point of visibility and control for the service management and delivery of all services provided by suppliers, by: ●●Taking end-to-end accountability for the performance and delivery of IT services to the users, irrespective of the number and nature of suppliers ●●Co-ordinating delivery, integration, and interoperability across multiple services and suppliers ●●Assuring suppliers performance ●●Ensuring that the services effectively and efficiently meet the business need ●●Providing the necessary governance over suppliers on behalf of the business. SIAM can be provided from within the business organisation, outsourced to an external provider, or using a combination. Effective SIAM is dependent on the co-operation and involvement of the suppliers and the business. SIAM cannot be imposed. Because a SIAM model includes all of these parties, moving to a SIAM approach will involve changes to their ways of working.Many of the ITIL principles, 39 39 Internal Service Consumer A Internal Service Consumer B External Service Consumer C SIAM Service Integration and Management Service A provided by Internal Supplier 1 Service B,C provided by external Supplier 2 Service D,E provided by external Supplier 3 SIAM Key Concept © Copyright : Axelos methods and techniques can be, and have been, applied to non-IT service landscapes. 39 40 ITIL What shall we talk about next?