IT Service Management based on ITIL PV214: Řízení dodávky IT služeb vycházející z ITIL Ing. Aleš Studený About the Course ITIL 2011 overview, Nadin Ebel – ISBN 9788025137321 ITSM - ISO/IEC DIS 20000 – ISBN 807283186 ITIL Service Strategy – ISBN 0113310455 ITIL Service Design – ISBN 0113310471 ITIL Service Transition – ISBN 011331048X ITIL Service Operation – ISBN 0113310463 ITIL Continual Service Improvement – ISBN 0113310498 ITIL Introduction to Service Lifecycle – ISBN 0113310617 Recommended Literature ITIL Core Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Transition planning and support Change Management Service asset and configuration managem Release and deployment management Service validation and testing Evaluation Knowledge management Event Management Incident Management Request Fulfilment Problem Management Access Management Service Desk Technical Management IT Operations Management Application Management Financial Management Return on Investment Service Portfolio Management Demand Management 7-Step Improvement Process The course responds to the growing trend of world order, when everything will be provided in the form of services. This trend is evident in all sectors, but the most in the IT industry. Best practices providing IT services have been drawn up together with many professionals in the publications of the ITIL (Information Technology Infrastructure Library), which is based on the world standard ISO/IEC 20000. Course Targets Students can get acquainted with theoretical knowledge and practical experience of how to manage the delivery of IT services. This experience may apply not only to manage internal IT, but also for the management of IT companies. These principles can apply as well as in the management of any other organization whose goal is to deliver the service. Course Targets At the end of the course students should be able to: understand and explain the basics of IT Service Management and discover the importance of a systematic approach to management based on Information Technology Infrastructure Library (ITIL). Course Targets ITIL - Who and Why? Pioneers, Settlers and Town Planners ITIL is, in essence, a library that documents best practices for IT Service Management. Non-proprietary, public domain books are the basis of the programme. Many of the concepts, when reviewed, look like common sense. However, like a lot of common sense, it is the application and use that results in it not being as simple as it seems. ITIL is, in essence… 1989–96 CCTA vydává 46–50+ knih ITIL v1 pro vládu GB 2000/01 CCTA/OGC vydává 8 knih ITIL v2 a dále spravuje ITIL 2007 OGC vydává 5 knih ITILv3 dle životního cyklu služby 2011 OGC/„Her Majesty’s government“ aktualizuje na ITIL 2011 2019 Axelos aktualizuje na ITIL 4 CCTA = The Central Computer and Telecommunications Agency was a UK government agency providing computer and telecoms support to Government departments. CCTA se dnes jmenuje OGC = Office of Government Commerce Earliest version of ITIL (1980s) was actually originally called GITIM, Government Information Technology Infrastructure Management Usnesení vlády české republiky č. 624-2001 ITIL - dlouhá historie a přesto moderní Help-Desk, Incident Management, SLA (1989) Configuration Management (1990) Software Control, Distribution (1992) Service Support, Service Delivery (2001) Infrastructure Management (2002) Business Perspective (2004) Service Strategy, Design, Transition. Continual Improvement (2007) Historie & postup vzdělávání Source of Service Management Practice IT Maturity Model Customer vs. Provider Maturity <--- Strategic Alignment ---> <-- Service levels --> Support, RFC IT Customer Relationship Management Business Managers Budget holder Department manager, Project manager, User IT Management Service Level Management Service Desk: Incident, Change etc. Strategic Tactical Operational Customer organization IT organization Demand Supply Policy ReportingLine ITIL Goal: Do not re-invent America… It can be adapted for any size of organization. Being a framework, ITIL describes the contours of organising Service Management. The models show the goals, general activities, inputs and outputs of the various processes, which can be incorporated within IT organisations. ITIL is scalable ITIL does not cast in stone every action required on a day-to-day basis because that is something which differs from organisation to organisation. Instead it focuses on best practice that can be utilised in different ways, according to need. ITIL does not cast in stone… ITIL Core Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Transition planning and support Change Management Service asset and configuration managem Release and deployment management Service validation and testing Evaluation Knowledge management Event Management Incident Management Request Fulfilment Problem Management Access Management Service Desk Technical Management IT Operations Management Application Management Financial Management Return on Investment Service Portfolio Management Demand Management 7-Step Improvement Process Vliv ostatních standardů na ITIL Nejlepší praktiky a standardy v ITSM 26 ITIL = Information Technology Infrastructure Library ISO = International Organization for Standardization • 20000 Management služeb IT • 9001 Systém managementu kvality • 38500 IT Governance Standard • 7001 Information Security Management System Standard COBIT = Control Objectives for Information and Related Technology eTOM = enhanced Telecom Operations Map MOF = Microsoft Operation Framework ITIL common language is one of the biggest benefits of IT Infrastructure Library. ITIL common language is mainly about building a glossary of terms to be used in the IT sector to facilitate communication. It is useful for communication with your staff or with your business partners. ITIL Common Language Essential ITSM support tools Service Desk Contact with Customer Configuration Management Database What we care about? Event Management Contact with HW Operations Management Technical Management Service Unfortunately, until recently, many IT departments have been too obsessed with technology and flashing lights to recognise that they have Customers at all. … The days when staff in IT departments regarded their ‘Customers’ as a necessary evil or just difficult colleagues have (hopefully) passed. Cultural aspects (ITIL Service Delivery) 1989–96 CCTA vydává 46–50+ knih ITILv1 pro vládu GB 2000/01 CCTA/OGC vydává 8 knih ITILv2 a dále spravuje ITIL 2007 OGC vydává 5 knih ITILv3 dle životního cyklu služby 2011 OGC/„Her Majesty’s government“ aktualizuje na ITIL 2011 • Firmy nechtějí již IT. • Firmy chtějí služby. ITIL - dlouhá historie a přesto moderní !!! ITIL = IT Infrastructure Library ITSM = IT Service Management ITIL -> ITSM IT Maturity Model Schéma organizace (procesy) Zisk. Vývoj Výroba Prodej Služby Marketing ERP (SAP, MS Dynamics atd.) IT HW Aplikace (SW) IT support Rozvoj technologií a systémů Schéma organizace (lidi) Ředitelství Vývoj Výroba Prodej Služby Marketing Finance IT Service Desk Aplikace ERP Infrastruktura Schéma organizace (lidi) Ředitelství Vývoj Výroba Prodej Služby Marketing Finance IT Service Desk Aplikace ERP Infrastruktura Může se IT dostat na 1. úroveň? Schéma organizace (lidi) Ředitelství Vývoj Výroba Prodej Služby Marketing Finance IT Service Desk Aplikace ERP Infrastruktura IT Maturity Model Schéma organizace (procesy) Zisk. Vývoj Výroba Prodej Služby Marketing ERP (SAP, MS Dynamics atd.) IT HW Aplikace (SW) IT support Rozvoj technologií a systémů Schéma organizace (procesy) Zisk. Vývoj Výroba Prodej Služby Marketing ERP = ITIL Infrastruktura (budovy, autodoprava, ...) Výzkum, vývoj, rozvoj technologií a systémů Řízení lidských zdrojů Nákup A service is a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks. Service Service Management is a set of specialized organizational capabilities for providing value to customers in the form of services. Service Management The implementation and management of quality IT services that meet the needs of the business. IT service management is performed by IT service providers through an appropriate mix of people, process and information technology. IT Service Management (ITSM) A service that is delivered to business customers by business units. For example, delivery of financial services to customers of a bank, or goods to the customers of a retail store. Successful delivery of business services often depends on one or more IT services. A business service may consist almost entirely of an IT service – for example, an online banking service or an external website where product orders can be placed by business customers. Business Service A service provided by an IT service provider. An IT service is made up of a combination of information technology, people and processes. A customer-facing IT service directly supports the business processes of one or more customers and its service level targets should be defined in a service level agreement. Other IT services, called supporting services, are not directly used by the business but are required by the service provider to deliver customer-facing services. IT Service (customer-facing service) An IT service that is not directly used by the business, but is required by the IT service provider to deliver Customer-facing services (for example, a directory service or a backup service). Supporting services may also include IT services only used by the IT service provider. All live supporting services, including those available for deployment, are recorded in the service catalogue along with information about their relationships to customer-facing services and other CIs. Supporting Service Business vs. Technical Service Catalogue Dokážete si představit situaci, kdy všechny technologie jsou v pořádku, ale služba nefunguje? Příklad Služby vs. Technologie Pracovní místo Mail box Účetní systém Konstrukční aplikace Projekční aplikace Příklady IT služeb Někdy je propojení IT služeb a Byznys služeb velmi úzské. Tomograf: Lékař si to sám nastavuje (L1) a pokud vznikne incident, je schopen komunikovat s L2/L3 CAD/CAM: Konstruktér si sám je schopne nainstalovat knihovnu… DTP: Business Service / IT Service An approach to IT service management that emphasizes the importance of coordination and control across the various functions, processes and systems necessary to manage the full lifecycle of IT services. The service lifecycle approach considers the strategy, design, transition, operation and continual improvement of IT services. Also known as service management lifecycle. Service Lifecycle Processes across the Service Lifecycle Process Edward Deming principle: PDCA PDCA: Continuous Improvement People: Group, Team, Department, Division Roles Functions Processes ITIL terminology basic A group is a number of people who are similar in some way. A team is a more formal type of group. These are people who work together to achieve a common objective. Departments are formal organization structures which exist to perform a specific set of defined activities on an ongoing basis. A division refers to a number of departments that have been grouped together, often by geography or product line. Group, Team, Department, Division A set of responsibilities, activities and authorities assigned to a person or team. A role is defined in a process or function. One person or team may have multiple roles – for example, the roles of Configuration Manager and Change Manager may be carried out by a single person. Role is also used to describe the purpose of something or what it is used for. Role A team or group of people and the tools or other resources they use to carry out one or more processes or activities – for example, the Service Desk. The term also has two other meanings: • An intended purpose of a configuration item, person, team, process or IT service. For example, one function of an email service may be to store and forward outgoing mails, while the function of a business process may be to despatch goods to customers. • To perform the intended purpose correctly, as in ‘The computer is functioning.’ Function A structured set of activities designed to accomplish a specific objective. A process takes one or more defined inputs and turns them into defined outputs. It may include any of the roles, responsibilities, tools and management controls required to reliably deliver the outputs. A process may define policies, standards, guidelines, activities and work instructions if they are needed. For example: Incident process. Process Basic process Measurable Specific results Customers Responds to a specific event Process characteristics The person who is held accountable for ensuring that a process is fit for purpose (viz RACI). The process owner’s responsibilities include sponsorship, design, change management and continual improvement of the process and its metrics. This role can be assigned to the same person who carries out the process manager role, but the two roles may be separate in larger organizations. Process Owner A role responsible for the operational management of a process. The process manager’s responsibilities include planning and coordination of all activities required to carry out, monitor and report on the process. There may be several process managers for one process – for example, regional change managers or IT service continuity managers for each data centre. Process Manager Carries out one or more process activities Understands how his or her role adds to value creation Works with other stakeholders to ensure contributions are effective Ensures inputs, outputs and interfaces for activities are correct Creates or updates activity-based records Process Practitioner Defining roles and responsibilities RACI model / matrix Procesy a postupy stále na očích Jednotlivé instrukce chodí v každém kroku mailem v notifikacích. Process Maturity Obcházení procesu musí být složitější než jeho dodržení. Jak nastavovat procesy? Service Operation ITIL Core Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Transition planning and support Change Management Service asset and configuration managem Release and deployment management Service validation and testing Evaluation Knowledge management Event Management Incident Management Request Fulfilment Problem Management Access Management Service Desk Technical Management IT Operations Management Application Management Financial Management Return on Investment Service Portfolio Management Demand Management 7-Step Improvement Process Balancing service quality and cost Reactive vs. Proactive Service Operation - Functions Technical Management IT Operations Management Application Management IT Operations Control Facilities Management Single Point of Contact (SPOC) @ intranet e-mail Service Desk telefon nebo osobně Události (tiskárny, System Center, apod.) Service Desk ITIL: Service Operation A Service Desk is a functional unit made up of a dedicated number of staff responsible for dealing with a variety of service events, often made via telephone calls, web interface, or automatically reported infrastructure events. Service Desk No Service Desk IT Service Desk: Local vs. Central SD: Virtual & Global 'follow the sun' Call Centrum – Jen záznam (zaměření na rychlost) Helpdesk – IM (technicky) Service Desk – IM, RF, spokojenost To je hlavní dilema při implementaci SD Exponenciální růst nákladů Počet žádostí vyřešených na 1. úrovni podpory Operátoři Částečně kvalifikovaní odborníci Experti Plně kvalifikovaní odborníci Logging all relevant incident/service request Providing first-line investigation and diagnosis Resolving those incidents/service requests Escalating incidents/service requests Keeping users informed of progress Conducting customer/user satisfaction callbacks/surveys as agreed Updating the CMS Service Desk objectives Event Management Incident Management Request Fulfilment Problem Management Access Management Service Operation - Processes Event Management ITIL: Service Operation Event Management is the process that monitors all events that occur through the IT infrastructure to allow for normal operation and also to detect and escalate exception conditions. Event Management These two areas are very closely related, but slightly different in nature. Event Management is focused on generating and detecting meaningful notifications about the status of the IT Infrastructure and services. For example, monitoring tools will check the status of a device to ensure that it is operating within acceptable limits, even if that device is not generating events. Monitoring vs. Event Management An event can be defined as any detectable or discernible occurrence that has significance for the management of the IT Infrastructure or the delivery of IT service and evaluation of the impact a deviation might cause to the services. Events are typically notifications created by an IT service, Configuration Item (CI) or monitoring tool. Event Informational - user logs in, job completes successfully, device has come online… Warning - memory on a server is currently at 65% and increasing, collision rate on a network has increased by 15% over the past hour… Exception - server is down, response time of network has slowed to more than 15 seconds, more than 150 users have logged on to the General Ledger application… Categories of Event Process Event Tree Analysis Number of events by category Number of events by significance Number and percentage of events that required human intervention and whether this was performed Number and percentage of events that resulted in incidents or changes Metrics Achieving the correct level of filtering: • Integrate Event Management into all Service Management processes where feasible. • Design new services with Event Management in mind. • Trial and error. No matter how thoroughly Event Management is prepared, there will be classes of events that are not properly filtered. Event Management must therefore include a formal process to evaluate the effectiveness of filtering. For example, a user logging into a system today is normal, but if that user leaves the organization and tries to log in it is a security breach. Critical Success Factors Incident Management ITIL: Service Operation An unplanned interruption to an IT service or reduction in the quality of an IT service. Failure of a configuration item that has not yet impacted service is also an incident, for example failure of one disk from a mirror set. Incident Incident Management concentrates on restoring the service to users as quickly as possible, in order to minimize business impact. Incident Management is the process for dealing with all incidents; this can include failures, questions or queries reported by the users (usually via a telephone call to the Service Desk), by technical staff, or automatically detected and reported by event. monitoring tools. Incident Management The primary goal of the Incident Management process is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained. ‘Normal service operation’ is defined here as service operation within SLA limits. Main objectives of IM Part of the initial logging must be to allocate suitable incident categorization coding so that the exact type of the call is recorded. This will be important later when looking at incident types/frequencies to establish trends for use in Problem Management, Supplier Management and other ITSM activities. Incident categorization Initial categorization Closure categorization Affected Service? Service Requests? Incident categorization Impact is often the number of users being affected. Urgency is how quickly the business needs a resolution Incident prioritization Pokud mám dva incidenty: 1. Zaseklý papír v podavači => pracnost = 15 min 2. Rozbitý podavač v tiskárně => pracnost = 2 h (je jedno, zda budu čekat 2:00 h nebo 2:15 h) Je to důležité z pohledu spokojenosti. Impact / Urgency / Pracnost A separate procedure, with shorter timescales and greater urgency, must be used for ‘major’ incidents. A definition of what constitutes a major incident must be agreed and ideally mapped on to the overall incident prioritization system – such that they will be dealt with through the major incident process. Major incidents Functional escalation As soon as it becomes clear that the Service Desk is unable to resolve the incident itself (or when target times for first-point resolution have been exceeded – whichever comes first!) the incident must be immediately escalated for further support. Hierarchic escalation If incidents are of a serious nature (for example Priority 1 incidents) the appropriate IT managers must be notified, for informational purposes at least. Functional & Hierarchic escalation Process Total numbers of Incidents Breakdown of incidents at each stage (e.g. logged, work in progress, closed etc) Size of current incident backlog Number and percentage of major incidents Number and percentage of incidents incorrectly assigned Metrics Reports Incidenty - sumarizace A good Service Desk is key to successful Incident Management Clearly defined targets to work to – as defined in SLAs Adequate customer-oriented and technically training support staff with the correct skill levels Integrated support tools to drive and control the process OLAs and UCs that are capable of influencing and shaping the correct behaviour of all support staff. Critical Success Factors Request fulfilment ITIL: Service Operation The term ‘Service Request’ is used as a generic description for many varying types of demands that are placed upon the IT Department by the users. Many of these are actually small changes – low risk, frequently occurring, low cost, etc. (e.g. a request to change a password, a request to install an additional software application onto a particular workstation, a request to relocate some items of desktop equipment) or maybe just a question requesting information Service Request their scale and frequent, low-risk nature means that they are better handled by a separate process (=Request fulfilment), rather than being allowed to congest and obstruct the normal Incident and Change Management processes. Service Requests will usually be satisfied by implementing a Standard Change. Typically include some form of pre-approval by Change Management. Low-cost & low-risk changes Service Catalogue Service Catalogue The total number of Service Requests (as a control measure) Breakdown of service requests at each stage (e.g. logged, WIP, closed, etc.) The size of current backlog of outstanding Service Requests The mean elapsed time for handling each type of Service Request Metrics 0 10 20 30 40 50 60 70 80 90 100 Zbývá Vyřešených Podaných Reports Problem Management ITIL: Service Operation ITIL defines a ‘problem’ as the unknown cause of one or more incidents. Problem Problem Management is the process responsible for managing the lifecycle of all problems. The primary objectives of Problem Management are to prevent problems and resulting incidents from happening, to eliminate recurring incidents and to minimize the impact of incidents that cannot be prevented. Problem Management Suspicion or detection of an unknown cause of one or more incidents by the Service Desk Analysis of incidents as part of proactive Problem Management Automated detection of an infrastructure or application fault, using event/alert tools A notification from a supplier or contractor Problem detection Can the system be recovered / replaced? How much will it cost? How many people, with what skills, will be needed to fix the problem? How long will it take to fix the problem? How extensive is the problem (e.g. how many CIs are affected)? Problem Prioritization The Configuration Management System (CMS) must be used to help determine the level of impact and to assist in pinpointing and diagnosing the exact point of failure. The Know Error Database (KEDB) should also be accessed and problem-matching techniques (such as key word searches) should be used to see if the problem has occurred before and, if so, to find the resolution. Impact of a Problem Chronological Analysis Pain Value Analysis Kepner and Tregoe Brainstorming Ishikawa Diagrams Pareto Analysis Problem analysis / solving techniques In some cases it may be possible to find a workaround to the incidents caused by the problem – a temporary way of overcoming the difficulties. For example, a manual amendment may be made to an input file to allow a program to complete its run successfully. Workaround As soon as the diagnosis is complete, and particularly where a workaround has been found (even though it may not yet be a permanent resolution), a Known Error Record must be raised and placed in the Known Error Database – so that if further incidents or problems arise, they can be identified and the service restored more quickly. Known Error Record Those things that were done correctly Those things that were done wrong What could be done better in the future How to prevent recurrence Whether there has been any third-party responsibility and whether follow-up actions are needed. Major Problem Review When any change has been completed (and reviewed), and the resolution has been applied, the Problem should be formally closed – as should any related Incident that are still open. Problem record contains a full historical description of all events. The status of any related Known Error Record should be updated to shown that the resolution has been applied. Problem Closure Problem Management consists of two major processes: • Reactive Problem Management, which is generally executed as part of Service Operation • Proactive Problem Management which is initiated in Service Operation, but generally driven as part of Continual Service Improvement Process Process Incident / Problem / Change Request Workaround The percentage of problems resolved within SLA targets (and the percentage that are not!) The number and percentage of problems that exceeded their target resolution times The backlog of outstanding problems and the trend (static, reducing or increasing?) The number of Known Errors added to the KEDB Metrics Linking Incident and Problem Management tools The ability to relate Incident and Problem Records The second- and third-line staff should have a good working relationship with staff on the first line Making sure that business impact is well understood by all staff working on problem resolution. Critical Success Factors Access Management ITIL: Service Operation Access Management is the process of granting authorized users the right to use a service, while preventing access to non-authorized users. Access management implements the policies of Information Security Management. It has also been referred to as Rights Management or Identity Management in different organizations. Access Management Access refers to the level and extent of a service’s functionality or data that a user is entitled to use. Identity of a user is unique to that user. Rights refer to the actual settings whereby a user is provided access to a service or group of services. Services or service groups - Most users do not use only one service, and users performing a similar set of activities will use a similar set of services. Directory Services refers to a specific type of tool that is used to manage access and rights. Basic concepts RFC - This is most frequently used for large-scale service introductions or upgrades where the rights of a significant number of users need to be updated as part of the project. Service Request - This is usually initiated through the Service Desk, or directly into the Request Fulfilment. Request from manager of a department or appropriate Human Resources Management personnel. Process / Triggers Service Transition ITIL Core Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Transition planning and support Change Management Service asset and configuration managem Release and deployment management Service validation and testing Evaluation Knowledge management Event Management Incident Management Request Fulfilment Problem Management Access Management Service Desk Technical Management IT Operations Management Application Management Financial Management Return on Investment Service Portfolio Management Demand Management 7-Step Improvement Process To plan and manage the capacity and resource requirements to manage a release To ensure that a service can be operated, managed and supported To provide quality knowledge and information about services and service assets Provide efficient repeatable build and installation mechanisms that can be used to deploy releases Objective of Service Transition Prioritizing conflicts for service transition resources Coordinating the efforts required to manage multiple simultaneous transitions Maintaining policies, standards and models for service transition activities and processes Transition planning and support Change Management ITIL: Service Transition The addition, modification or removal of authorized, planned or supported service or service component and its associated documentation. Change = Service change Simple changes may seem innocuous but can cause damage out of all apparent proportion to their complexity. There have been several examples in recent years of high profile and expensive business impact caused by the inclusion, exclusion or misplacing of a ‘.’ in software code. No change is without risk Standardized methods and procedures are used for efficient and prompt handling of all changes All changes to service assets and configuration items (CI) are recorded in the Configuration Management Overall business risk is optimized. Change Management Process Creating a culture of Change Management across the organization where there is zero tolerance for unauthorized change Aligning the service Change Management process with business, project and stakeholder Change Management processes Policies support Change Management • Who RAISED the change? • What is the REASON for the change? • What is the RETURN required from the change? • What are the RISKS involved in the change? • What RESOURCES are required to deliver the change? • Who is RESPONSIBLE for the build, test and implementation of the change? • What is the RELATIONSHIP between this change and other changes? The seven Rs of Change Management There is a defined trigger to initiate the RFC The tasks are well known, documented and proven Authority is effectively given in advance Budgetary approval will typically be preordained or within the control of the change requester The risk is usually low and always well understood. Standard changes (pre-authorized) Standard change Správa incidentů Správa změn Rozsáhlé projektově řízené změny Plnění žádostí Standardní změny RfC RfC RfC No change should be approved without having explicitly addressed the question of what to do if it is not successful. Ideally, there will be a back-out plan, which will restore the organization to its initial situation, often through the reloading of a baselined set of CIs, especially software and data. Remediation plan For a major change with significant organizational and/or financial implications, a change proposal may be required, which will contain a full description of the change together with a business and financial justification for the proposed change. The change proposal will include signoff by appropriate levels of business management. Change proposal Process: Standard Change Process: Normal Change Process: Standard Deployment Request The Change Advisory Board (CAB) is a body that exists to support the authorization of changes and to assist Change Management in the assessment and prioritization of changes. As and when a CAB is convened, members should be chosen who are capable of ensuring that all changes within the scope of the CAB are adequately assessed from both a business and a technical viewpoint. Change Advisory Board - CAB Customer(s) User manager(s) User group representative(s) Applications developers/maintainers Specialists/technical consultants Services and operations staff CAB members e.g. Emergency Change Advisory Board (ECAB) Group that should review changes that must be implemented faster than the normal change process. The ECAB will be used for emergency changes where there may not be time to call a full CAB. CAB vs. ECAB Scope of change and release The emotional cycle of Change Valley of Despair / Circle of Chaos Unauthorized changes (above zero is unacceptable) Unplanned outages A low change success rate A high number of emergency changes Delayed project implementations. Indicators of poor Change Management The number of changes implemented to services which met the customer’s agreed requirements, e.g. quality/cost/time The benefits of change expressed as ‘value of improvements made’ + ‘negative impacts prevented or terminated’ Reduction in the number and percentage of unplanned changes and emergency fixes Metrics Open changes - status Changes – open / close Change - Time sheet Service Asset and Configuration Management (SACM) Asset Management covers service assets across the whole service lifecycle. It provides a complete inventory of assets and who is responsible for their control. It includes: • Full lifecycle management of IT and service assets, from the point of acquisition through to disposal • Maintenance of the asset inventory. SACM - Scope A configuration item (CI) is an asset, service component or other item that is, or will be, under the control of Configuration Management. Configuration items may vary widely in complexity, size and type, ranging from an entire service or system including all hardware, software, documentation and support staff to a single software module or a minor hardware component. Configuration items may be grouped and managed together, e.g. a set of components may be grouped into a release. Configuration items - CI Service capability assets: management, organization, processes, knowledge, people Service resource assets: financial capital, systems, applications, information, data, infrastructure and facilities, financial capital, people Service model, Service package, Release package, Service acceptance criteria. Categories - Service Cis (Assets) Organization CIs Service lifecycle CIs Internal CIs External CIs Interface CIs Other Categories - CIs To manage large and complex IT services and infrastructures, Service Asset and Configuration Management requires the use of a supporting system known as the Configuration Management System (CMS). Configuration Management System The CMS holds all the information for CIs within the designated scope. Some of these items will have related specifications or files that contain the contents of the item, e.g. software, document or photograph. For example, a Service CI will include the details such as supplier, cost, purchase date and renewal date for licences and maintenance contracts and the related documentation such as SLAs and underpinning contracts. Configuration Management System Relationships describe how the configuration items work together to deliver the services. These relationships are held in the CMS – this is the major difference between what is recorded in a CMS and what is held in an asset register. Relationships CI is a part of another CI, e.g. a software module is part of a program; a server is part of a site infrastructure – this is a ‘parent– child’ relationship. CI is connected to another CI, e.g. a desktop computer is connected to a LAN. CI uses another CI, e.g. a program uses a module from another program; a business service uses an infrastructure server. CI is installed on another, e.g. MS Project is installed on a desktop PC. Relationships - dependency Logical configuration model Naming conventions should be established and applied to the identification of CIs, configuration documents and changes, as well as to baselines, builds, releases and assemblies. Labelling configuration items All physical device CIs should be labelled with the configuration identifier so that they can be easily identified. Naming configuration items A configuration baseline is the configuration of a service, product or infrastructure that has been formally reviewed and agreed on, that thereafter serves as the basis for further activities and that can be changed only through formal change procedures. It captures the structure, contents and details of a configuration and represents a set of configuration items that are related to each other. Configuration baseline Centrála společnosti Jednotlivé prodejny The Definitive Media Library (DML) is the secure library in which the definitive authorized versions of all media Cis are stored and protected. It stores master copies of versions that have passed quality assurance checks. This library may in reality consist of one or more software libraries or file-storage areas, separate from development, test or live file-store areas. It contains the master copies of all controlled software in an organization. Definitive Media Library - DML DML and CMDB Example of a Configuration Management System Ensure there is conformity between the documented baselines (e.g. agreements, interface control documents) and the actual business environment to which they refer Verify the physical existence of CIs in the organization or in the DML. Check that release and configuration documentation is present before making a release. Verification and audit Persuading technical support staff to adopt a checking in/out policy An attitude of ‘just collecting data because it is possible to do’; this leads SACM into a data overload Focusing on establishing valid justification for collecting and maintaining data at the agreed level of detail Challenges & Critical success factors Evidence majetku Správa hardware „Firma“ (majitel) nechce, aby se mu ztrácely věci „Finance“ potřebují správně alokovat náklady (odpisy) a znát hodnotu majetku „IT“ potřebuje mít přehled o zařízeních (záruka do, RAM, HDD atd.) Popis problematiky evidence majetku Mít maximální přehled nad majetkem společnosti a přitom zjednodušit administrativní činnosti. Zajistit aktuálnost informací • Evidují ti co se o věci starají • Evidence probíhá okamžitě a je přesnější Minimalizovat nutnost ručního zadávání dat • Znát historii změn (automaticky) Dobré podklady pro plánování obnovy HW a SW Záměr: pragmatické řešení Evidence majetku společnosti Majetek společnosti Inventární majetek v ERP nebo jiném účetním systému ✓ inventární číslo ✓ datum nákupu ✓ dodavatel ✓ číslo faktury ✓ zůstatková cena ✓ atd. IT evidence v ALVAO ✓ inventární číslo ✓ sériové číslo ✓ evidenční číslo ✓ záruka do ✓ RAM, HDD atd. ✓ IP adresa atd. ✓ evidence instalací ✓ evidence poruch ✓ vazby PC vs. licence ✓ atd. Inventární majetek ✓ Např. skříně, stoly, stroje, nářadí a další zařízení… Inventární majetek / Operativní evidence ✓ Počítače, notebooky, tiskárny, aktivní prvky… ✓ Často má jedno inventární číslo několik částí… ✓ PC bylo součástí většího technologického celku ✓ PC se nakoupilo s monitorem, brašnou, dokovací stanicí apod. ✓ Také některé SW licence se evidují pod jedním inventárním číslem ✓ OEM licence jsou součástí PC (hmotného majetku) Drobný majetek do spotřeby / V pronájmu / Operativní evidence ✓ Mobilní telefony, stolní telefony ✓ SIM karty ✓ Počítače a další zařízení v pronájmu ✓ Čipové karty, tokeny, klíče apod. Naprostou většinu informací zjistí ALVAO automaticky pomocí detekcí po síti. Pomalé změny Rychlé změny 1. Zapsání HW + OEM SW do IT evidence (v den dodání) 2. Přidělení dalších SW licencí na HW a uživatele 3. Instalace a konfigurace (PC, NTB, telefon atd.) 4. Přichází faktura (několik dní i týdnů po dodání) 5. Zaevidování majetku v ERP (několik dní i týdnů po dodání) 6. Notifikace mailem o novém IT majetku (v ERP) 7. Tisk štítků a polepení 8. Předání uživateli (předávací protokol z ERP) Proces nákupu HW / SW licence Snadný přístup k přesným informacím Propojení na účetní evidenci majetku (ERP Noris) Rychlý přehled o umístění majetku Přehled naposledy pořízeného majetku Přínosy pro ekonomické oddělení Přehled svěřeného majetku a přidělených licencích na intranetu Zaměstnanci vidí svěřený IT majetek 1. Přesun majetku v evidenci (HW+SW) 2. Instalace a konfigurace (PC, NTB, telefon atd.) 3. Předání uživateli (předávací protokol) 4. Promítnutí změny v ERP (obvykle do konce zúčtovacího období) 1x Ročně souhrnné listy (inventura) Proces přesunu HW / SW licence 1. Pokus o uplatnění majetku jinde ve společnosti 2. Přesun majetku v evidenci (HW+SW) do složky na vyřazení 3. Uvolnění SW licencí 4. Vymazání citlivých dat z HW 5. Účetní vyřazení majetku - ERP (obvykle 1x ročně) Proces vyřazení HW / SW licence Release and Deployment Management Release and Deployment Management aims to build, test and deliver the capability to provide the services specified by Service Design and that will accomplish the stakeholders’ requirements and deliver the intended objectives. Release and Deployment Management A ‘release unit’ describes the portion of a service or IT infrastructure that is normally released together according to the organization’s release policy. The unit may vary, depending on the type(s) or item(s) of service asset or service component such as software and hardware. Release unit Release Package Deployment Considerations Big Bang Phasedvs. Push Pullvs. Automation Manualvs. Release deployed to all areas in one operation Release deployed in increments according to a rollout plan Release is made available for users to access when they need it Installing the release by hand Release is deployed from a central location delivering to all users Using distribution tools to distribute the release Big bang and Phased rollout Phased deployment across geographical locations Early life support (ELS) provides the opportunity to transition the new or changed service to Service Operations in a controlled manner and establish the new service capability and resources. Early life support Benefits of targeted early life support The underlying concept to which Service Testing and Validation contributes is quality assurance – stablishing that the Service Design and release will deliver a new or changed service or service offering that is fit for purpose and fit for use. Service Validation and Testing Evaluation is a generic process that considers whether the performance of something is acceptable, value for money etc. – and whether it will be proceeded with, accepted into use, paid for, etc. Evaluation Správa software (SAM) Audit SW licencí Občanskoprávní odpovědnost na základě autorského zákona • náhrada způsobené škody; místo skutečně ušlého zisku se může autor domáhat náhrady ušlého zisku ve výši odměny, která by byla obvyklá za získání licence k užití díla v době jeho užití • Vydání bezdůvodného obohacení ve výši dvojnásobku ceny licence k užití díla Přestupková odpovědnost na základě autorského zákona (z.č. 200/1990 Sb § 105c) • pokuta 150 000 Kč či 100 000 Kč či 50 000 Kč • náhrada škody Trestní odpovědnost na základě trestního zákona (z.č. 40/2009 Sb.) • Zasáhne nikoli nepatrně do zákonem chráněných práv (škoda nejméně 5.000 Kč) • odnětí svobody až na dva roky • Při značném rozsahu či získání značného prospěchu (škoda nejméně 500.000 Kč) • odnětí svobody na šest měsíců až 5 let • propadnutí věci (např. PC, CD&DVD, kamera apod.) • náhrada škody • Prospěch velkého rozsahu nebo způsobí-li tím jinému škodu velkého rozsahu Následky porušení autorského práva Složitá licenční politika znemožňuje správné evidování licencí v ERP nebo v účetním systému Ruční zjištění skutečného stavu ve společnosti je nemožné Popis problematiky SW auditu Risk Management Model Procesy ISO SAM 19770 Vyhodnocení SW auditu - Paret 80/20 Zákazník dokáže snadno identifikovat chybějící nebo přebývající licence Zákazník dokáže snadno změřit velikost rizika Některé licence jsou zaváděny jednotlivě, jiné licence jako „balík“. Nové verze evidovány jako zhodnocení majetku, které jako nový nehmotný majetek. OEM licence nejsou evidovány vůbec (jsou součástí hmotného majetku). Evidence SW licencí Řešení pořádku v SW licencích Nehmotný majetek v ERP nebo jiném účetním systému ✓ inventární číslo ✓ číslo faktury ✓ datum nákupu ✓ dodavatel ✓ číslo faktury ✓ zůstatková cena ✓ atd. IT evidence v ALVAO ✓ inventární číslo ✓ číslo faktury (nebo nabývacího dokladu) ✓ Schválený SW ✓ SW vzory ✓ licenční logika ✓ vazby na SW vzor ✓ vazby PC vs. licence ✓ vyhodnocení ✓ atd. Řešení pořádku v SW licencích Evidence nakoupených Licencí ALVAO Asset Management SAM Report pro manažera Incident ALVAO Service Desk Knihovna SW produktů ALVAO Internet Server Video: SAM Assistant Interní SW audit Přínosy pro IT manažera Přínosy pro IT manažera Knowledge Management ITIL: Service Transition The purpose of Knowledge Management is to ensure that the right information is delivered to the appropriate place or competent person at the right time to enable informed decision. The goal of Knowledge Management is to enable organizations to improve the quality of management decision making by ensuring that reliable and secure information and data is available throughout the service lifecycle. Purpose & goal Knowledge Management Knowledge Management - DIKW Learning styles Knowledge visualization Driving behavior Seminars, Webinars and advertising Journals and newsletters Knowledge transfer The experience of staff Records of peripheral matters, e.g. weather, user numbers and behaviour, organization’s performance figures Suppliers’ and partners’ requirements, abilities and expectations Typical and anticipated user skill levels. Service Knowledge Management System (SKMS) KB - Determine and prioritize technology needs Relationship of the CMDB, CMS, SKMS Incidents and lost time categorized as ‘lack of user knowledge’ Average diagnosis and repair time for faults fixed in- house Incidents related to new or changed services fixed by reference to knowledge base. Measuring benefit Bude výpadek 🙁 –> nová verze. vs. Nové funkce! Nová verze! Super! 🙂 IT komunikace a IT Marketing Service Design ITIL Core Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Transition planning and support Change Management Service asset and configuration managem Release and deployment management Service validation and testing Evaluation Knowledge management Event Management Incident Management Request Fulfilment Problem Management Access Management Service Desk Technical Management IT Operations Management Application Management Financial Management Return on Investment Service Portfolio Management Demand Management 7-Step Improvement Process A service is a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks. Value Proposition for Service Design These are the design of: • New or changed services • Service Management systems and tools, especially the Service Portfolio, including the Service Catalogue • Technology architecture and management systems • The processes required • Measurement methods and metrics. Five individual aspects of Service Design Producing quality, secure and resilient designs for new or improved services Taking service strategies and ensuring they are reflected in the service design processes and the service designs that are produced Measuring the effectiveness and efficiency of service design and the supporting processes Service Design goals The Four Ps Scope of Service Design Document(s) defining all aspects of an IT service and its requirements through each stage of its lifecycle. A service design package is produced for each new IT service, major change or IT service retirement. This pack is then passed from Service Design to Service Transition and details all aspects of the service and its requirements through all of the subsequent stages of its lifecycle. Service design package (SDP) Service Catalogue Management ITIL: Service Design The purpose of Service Catalogue Management is to provide a single source of consistent information on all of the agreed services, and ensure that it is widely available to those who are approved to access it. Purpose of Service Catalogue Manag. The objective of Service Catalogue Management is to manage the information contained within the Service Catalogue, and to ensure that it is accurate and reflects the current details, status, interfaces and dependencies of all services that are being run, or being prepared to run, in the live environment. Objective of Service Catalogue Manag. A database or structured Document with information about all Live IT Services, including those available for Deployment. The Service Catalogue is the only part of the Service Portfolio published to Customers, and is used to support the sale and delivery of IT Services. The Service Catalogue includes information about deliverables, prices, contact points, ordering and request Processes. Service Catalogue The complete set of Services that are managed by a Service Provider. The Service Portfolio is used to manage the entire Lifecycle of all Services, and includes three Categories: Service Pipeline (proposed or in Development); Service Catalogue (Live or available for Deployment); and Retired Services. See also Service Portfolio Management. Service Portfolio Business vs. Technical Service Catalogue Srozumitelný katalog služeb Service Level Management ITIL: Service Design SLM negotiates, agrees and documents appropriate IT service targets with representatives of the business, and then monitors and produces reports on the service provider’s ability to deliver the agreed level of service. Service Level Management The goal of the Service Level Management process is to ensure that an agreed level of IT service is provided for all current IT services, and that future services are delivered to agreed achievable targets. Proactive measures are also taken to seek and implement improvements to the level of service delivered. Purpose of Service Level Management Define, document, agree, monitor, measure, report and review the level of IT services provided Provide and improve the relationship and communication with the business and customers Ensure that specific and measurable targets are developed for all IT services Monitor and improve customer satisfaction with the quality of service delivered Service Level Management objectives An Agreement between an IT Service Provider and a Customer. The SLA describes the IT Service, documents Service Level Targets, and specifies the responsibilities of the IT Service Provider and the Customer. A single SLA may cover multiple IT Services or multiple customers. See also Operational Level Agreement. Service Level Agreement (SLA) An Agreement between an IT Service Provider and another part of the same Organization. An OLA supports the IT Service Provider’s delivery of IT Services to Customers. The OLA defines the goods or Services to be provided and the responsibilities of both parties. For example there could be an OLA: • Between the IT Service Provider and a procurement department to obtain hardware in agreed times • Between the Service Desk and a Support Group to provide Incident Resolution in agreed times. Operational Level Agreement (OLA) A Contract between an IT Service Provider and a Third Party. The Third Party provides goods or Services that support delivery of an IT Service to a Customer. The Underpinning Contract defines targets and responsibilities that are required to meet agreed Service Level Targets in an SLA. Underpinning Contract (UC) Service Level Management – SLA/OLA Relationship between the customers, SLA, OLA and UC. End to end Desktop Service SLA / OLA / UC Some organizations have found that, in reality, ‘poor response’ is sometimes a problem of user perception. The user, having become used to a particular level of response over a period of time, starts complaining as soon as this is slower. Take the view that ‘if the user thinks the service is slow, then it is’. Poor Response Objective: • Number or percentage of service targets being met • Number and severity of service breaches • Number of services with up-to-date SLAs • Number of services with timely reports and active service reviews. Subjective: • Improvements in customer satisfaction. Key Performance Indicators Don’t fall into the trap of using percentages as the only metric. It is easy to get caught out when there is a small system with limited measurement points (i.e. a single failure in a population of 100 is only 1%; a single failure in a population of 50 is 2% – if the target is 98.5%, then the SLA is already breached). Always go for number of incidents rather than a percentage on populations of less than 100, and be careful when targets are accepted. This is something organizations have learned the hard way. Trap of using percentages SLAM chart give an ‘at-a-glance’ overview of how achievements have measured up against targets. SLA monitoring chart (SLAM) Capacity Management ITIL: Service Design The goal of the Capacity Management process is to ensure that cost-justifiable IT capacity in all areas of IT always exists and is matched to the current and future agreed needs of the business, in a timely manner. Capacity management Pattern of Business Activity (PBA) Business Capacity Management Service Capacity Management Component Capacity Management Capacity Management sub-processes Capacity Management sub-processes • Processor / Memory utilization • Per cent processor per transaction type • IO rates (physical and buffer) and device utilization • Queue lengths • Disk utilization • Response times • Concurrent user numbers • Network traffic rates. Utilization monitoring Availability Management ITIL: Service Design The scope of the Availability Management process covers the design, implementation, measurement, management and improvement of IT service and component availability. Availability Management Service availability: involves all aspects of service availability and unavailability and the impact of component availability, or the potential impact of component unavailability on service availability Component availability: involves all aspect Two interconnected levels: Ability of an IT service or other configuration item to perform its agreed function when required. Availability is determined by reliability, maintainability, serviceability, performance and security. Availability is usually calculated as a percentage. This calculation is often based on agreed service time and downtime. It is best practice to calculate availability of an IT service using measurements of the business output. Availability / Dostupnost (Agreed Service Time – downtime) Availability (%) = —————————————— X 100 % Agreed Service Time Note: Downtime should only be included in the above calculation when it occurs within the Agreed Service Time (AST). However, total downtime should also be recorded and reported. Availability as a percentage: A measure of how long a service, component or CI can perform its agreed function without interruption. The reliability of the service can be improved by increasing the reliability of individual components or by increasing the resilience of the service to individual component failure (i.e. increasing the component redundancy, e.g. By using load-balancing techniques). Reliability / Spolehlivost It is often measured and reported as Mean Time Between Service Incidents (MTBSI) or Mean Time Between Failures (MTBF): Available time in hours Reliability = ————————————— (MTBF in hours) Number of breaks Available time in hours – Total downtime in hours Reliability = —————————————————————— (MTBSI in hours) Number of breaks Reliability -> MTBSI / MTBF A measure of how quickly and effectively a service, component or CI can be restored to normal working after a failure. It is measured and reported as Mean Time to Restore Service (MTRS). Note: Mean Time to Repair (MTTR) is sometimes incorrectly used instead of mean time to restore service. Maintainability / Udržovatelnost Total downtime in hours Maintainability = —————————————— (MTRS in hours) Number of service breaks Maintainability -> MTRS MTTR / MTRS / MTBF / MTBSI Expanded incident lifecycle The most important availability measurements are those that reflect and measure availability from the business and user perspective. Availability vs. user perspective Availability vs. Overall Costs Every failure is an important ‘moment of truth’ – an opportunity to make or break your reputation with the business. Failure = Moment of Truth A document that identifies the effect of planned changes, maintenance activities and test plans on agreed service levels. Projected Service Outage (PSO) IT Service Continuity Management The goal of ITSCM is to support the overall Business Continuity Management process by ensuring that the required IT technical and service facilities (including computer systems, networks, applications, data repositories, telecommunications, environment, technical support and Service Desk) can be resumed within required, and agreed, business timescales. IT Service Continuity Management The business process responsible for managing risks that could seriously affect the business. The process involves reducing risks to an acceptable level and planning for the recovery of business processes should a disruption to the business occur. Business continuity management sets the objectives, scope and requirements for IT service continuity management. Business Continuity Management (BCM) Business impact analysis is the activity in business continuity management that identifies vital business functions and their dependencies. These dependencies may include suppliers, people, other business processes, IT services etc. Business impact analysis defines the recovery requirements for IT services. These requirements include recovery time objectives, recovery point objectives and minimum service level targets for each IT service. Business Impact Analysis (BIA) Risk Management Model Business impacts • A revised ITSCM policy and strategy • A set of ITSCM plans, including all Crisis Management, Emergency Response Plans and Disaster Recovery • Plans, together with a set of supporting plans and contracts with recovery service providers • Business Impact Analysis exercises and reports, in conjunction with BCM and the business • Risk Analysis and Management reviews and reports, in conjunction with the business, Availability • An ITSCM testing schedule, ITSCM test scenarios, test reports and reviews. Outputs ITSCM Information Security Management The goal of the ISM process is to align IT security with business security and ensure that information security is effectively managed in all service and Service Management activities. Is responsible for the availability, confidentiality and integrity of data. Information security management • Information is available and usable when required, and the systems that provide it can appropriately resist attacks and recover from or prevent failures (availability) • Information is observed by or disclosed to only those who have a right to know (confidentiality) • Information is complete, accurate and protected against unauthorized modification (integrity) • Business transactions, as well as information exchanges between enterprises, or with partners, can be trusted (authenticity and non-repudiation). Security objectives • An overall Information Security Policy • Use and misuse of IT assets policy • An access control policy • A password control policy • An e-mail policy • An internet policy • An anti-virus policy • An information and document classification policy • A remote access policy • Etc. Information Security Policy Supplier Management ITIL: Service Design The goal of the Supplier Management process is to manage suppliers and the services they supply, to provide seamless quality of IT service to the business, ensuring value for money is obtained. Is responsible for managing relationships with vendors. Supplier management Supplier categorization Service Strategy ITIL Core Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Transition planning and support Change Management Service asset and configuration managem Release and deployment management Service validation and testing Evaluation Knowledge management Event Management Incident Management Request Fulfilment Problem Management Access Management Service Desk Technical Management IT Operations Management Application Management Financial Management Return on Investment Service Portfolio Management Demand Management 7-Step Improvement Process Enabling the service provider to have a clear understanding of what levels of service will make their customers successful. Enabling the service provider to respond quickly and effectively to changes in the business environment. Support the creation of a portfolio of quantified services. Service Strategies Value to the Business All people who have an interest in an Organization, Project, IT Service, etc. Stakeholders may be interested in the Activities, Targets, Resources, or Deliverables. Stakeholders may include Customers, Partners, Suppliers, Employees, Owners, etc. Stakeholders Customer – pay (managers) User – use (day-to-day) Stakeholders: Customer vs. User From the customer’s perspective, value consists of two primary elements: utility or fitness for purpose and warranty or fitness for use. Value composition Utility what the customer gets Warranty how it is delivered Value Value Creation Utility: outcomes / constraints An organization supplying services to one or more internal customers or external customers. Service provider is often used as an abbreviation for IT service provider. Service provider type: • Type I – internal service provider • Type II – shared services unit • Type III – external service provider Service Provider Internal service provider Shared services unit External service provider Ensuring that Policies and Strategy are actually implemented, and that required Processes are correctly followed. Governance includes defining Roles and responsibilities, measuring and reporting, and taking actions to resolve any issues identified. Governance Centralized / Decentralized organization The process responsible for maintaining a positive relationship with customers. Business relationship management identifies customer needs and ensures that the service provider is able to meet these needs with an appropriate catalogue of services. This process has strong links with service level management. Business Relationship Management Pick a customer and carefully analyse their business to understand the ecosystem in which they operate. • What conditions make the customer’s business grow? • How do your services create or sustain such conditions? • What challenges and opportunities does their business face? • How do your services help your customer address them? Understanding the customer’s business Financial Management ITIL: Service Strategy IT manažer (CIO), CEO a CFO řeší: • Jak stanovit IT rozpočet? • Jak řešit jeho správné čerpání? • Jít do outsourcingu? • Jak najít optimální úroveň kvality? Společný záměr: • Neplýtvat penězi a čerpat IT rozpočet transparentně. Výchozí stav Identifikace problému Infrastruktura (IT, budovy, autodoprava, ...) Výzkum, vývoj, rozvoj technologií a systémů Řízení lidských zdrojů Nákup Zisk Vývoj Výroba Prodej Služby Marketing Měřit spotřebu servisních služeb Cost categories such as hardware, software, labour, administration, etc. These attributes assist with reporting and analysing demand and usage of services and their components in commonly used financial terms. Cost Types Classification addresses different accounting methodologies that are required by the business and regulatory agencies. Capital / Operational costs This designation determines whether a cost will be assigned directly or indirectly to a consumer or service. Direct costs are charged directly to a service since it is the only consumer of the expense. Indirect or ‘shared’ costs are allocated across multiple services since each service may consume a portion of the expense. Direct / Indirect costs This segregation of costs is based on contractual commitments of time or price. The strategic issue around this classification is that the business should seek to optimize fixed service costs and minimize the variable in order to maximize predictability and stability. Fixed / Variable costs Traditional Chart of Accounts Notional charging – „twobook“ model Tiered subscription – gold, silver and bronze levels Metered usage – real-time usage (hours, days or weeks) Direct Plus – service are charged + shared indirect costs (costs attributed directly to a service) Fixed or user cost – by an agreed denominator such as number of users Chargeback models IT začalo vést přesnou evidenci IT majetku na konkrétní zaměstnance 1. Evidence IT majetku Stanovení měsíční ceny za veškerý HW, SW 2. Evidence poskytování služeb @ intranet e-mail Service Desk telefon nebo osobně Stanovení ceny za požadavek a interní hodinovou sazbu Manažeři vidí kolik IT zdrojů spotřebují jeho podřízení Vnitrofakturace IT nákladů Ukázání IT nákladů Náklady za IT služby Rozpad IT nákladů Začala fungovat tržní samoregulace • Uvážlivé čerpání služeb • Vracení IT majetku Zlepšily se IT služby • Narovnal se vztah: zákazník – dodavatel • Pozitivní zpětná vazba z průzkumu spokojenosti Přínosy Šetřete tím, že nastavíte uvnitř společnosti zdravou tržní atmosféru a aktivujete tak autoregulační systém Začněte jednoduše ukazováním spotřeby Nezabývejte se detaily, důležitý je princip Automatizujte systém, aby vnitrofakturace byla co nejjednodušší Doporučení na závěr Return on Investment ITIL: Service Strategy A measurement of the expected benefit of an investment. In the simplest sense, it is the net profit of an investment divided by the net worth of the assets invested. When dealing with financial officers, ROI most likely means ROIC (Return on Invested Capital), a measure of business performance. This is not the case here. In service management, ROI is used as a measure of the ability to use assets to generate additional value. Return on Investment (ROI) A measurement of the expected benefit of an investment. Value on investment considers both financial and intangible benefits. The extra value created by establishment of benefits that include non-monetary or long-term outcomes. ROI is a subcomponent of VOI. Value On Investment (VOI) A technique used to help make decisions about capital expenditure. It calculates a figure that allows two or more alternative investments to be compared. A larger internal rate of return indicates a better investment. Internal Rate of Return (IRR) A technique used to help make decisions about capital expenditure. It compares cash inflows with cash outflows. Positive net present value indicates that an investment is worthwhile. Net Present Value (NPV) ROI - NPV, IRR, and Payback A methodology used to help make investment decisions. TCO assesses the full Lifecycle cost of owning a Configuration Item, not just the initial cost or purchase price. Total Cost of Ownership (TCO) Service Portfolio Management ITIL: Service Strategy The process responsible for managing the service portfolio. Service portfolio management ensures that the service provider has the right mix of services to meet required business outcomes at an appropriate level of investment. Service portfolio management considers services in terms of the business value that they provide. Service Portfolio Management (SPM) Service Pipeline and Service Catalogue Services investments are split between three strategic categories: • Run the business (RTB) – RTB investments are centred on maintaining service operations • Grow the business (GTB) – GTB investments are intended to grow the organization’s scope of services • Transform the business (TTB) – TTB investments are moves into new market spaces Services investments The investment categories are further divided into budget allocations: • Venture – create services in a new market space. • Growth – create new services in existing market space. • Discretionary – provide enhancements to existing services. • Non-discretionary – maintain existing services • Core – maintain business critical services Investment categories Investment categories - budget Demand Management ITIL: Service Strategy Demand Management is a critical aspect of service management. Poorly managed demand is a source of risk for service providers because of uncertainty in demand. Excess capacity generates cost without creating value that provides a basis for cost recovery. Customers are reluctant to pay for idle capacity unless it has value for them. Demand Management Tight coupling between demand and capacity Business activity influences patterns of demand for services Pattern of Business Activity (PBA) Service packages Continual Service Improvement ITIL Core Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management Transition planning and support Change Management Service asset and configuration managem Release and deployment management Service validation and testing Evaluation Knowledge management Event Management Incident Management Request Fulfilment Problem Management Access Management Service Desk Technical Management IT Operations Management Application Management Financial Management Return on Investment Service Portfolio Management Demand Management 7-Step Improvement Process The primary purpose of CSI is to continually align and realign IT services to the changing business needs by identifying and implementing improvements to IT services that support business processes. These improvement activities support the lifecycle approach through Service Strategy, Service Design, Service Transition and Service Operation. In effect, CSI is about looking for ways to improve process effectiveness, efficiency as well as cost effectiveness. Continual Service Improvement (CSI) Review, analyse and make recommendations on improvement opportunities in each lifecycle phase. • Review and analyse Service Level Achievement results. • Identify and implement individual activities to improve IT service quality and improve the efficiency and effectiveness of enabling ITSM processes. • Improve cost effectiveness of delivering IT services without sacrificing customer satisfaction. • Ensure applicable quality management methods are used to support continual improvement activities. CSI objectives Deming Cycle Continual Service Improvement model Metrics purposes 7-Step Improvement Process ITIL: Continual Service Improvement 7-Step Improvement Process At the onset of the service lifecycle, Service Strategy and Service Design should have identified this information. CSI can then start its cycle all over again at ‘Where are we now?’ This identifies the ideal situation for both the Business and IT. 1. Define what you should measure This activity related to the CSI activities of ‘Where do we want to be?’ By identifying the new service level requirements of the business, the IT capabilities (identified through Service Design and implemented via Service Transition) and the available budgets, CSI can conduct a gap analysis to identify the opportunities for improvement as well as answering the question ‘How will we get there?’ 2. Define what you can measure In order to properly answer the ‘Did we get there?’ question, data must first be gathered (usually through Service Operations). Data is gathered based on goals and objectives identified. At this point 3. Gathering the data Here the data is processed in alignment with the CSFs and KPIs specified. This means that timeframes are coordinated, unaligned data is rationalized and made consistent, and gaps in data are identified. The simple goal of this step is to process data from multiple disparate sources into an ‘apples to apples’ comparison. Once we have rationalized the data we can then begin analysis. 4. Processing the data Here the data becomes information as it is analysed to identify service gaps, trends and the impact on business. It is the analysing step that is most often overlooked or forgotten in the rush to present data to management. 5. Analysing the data Here the answer to ‘Did we get there?’ is formatted and communicated in whatever way necessary to present to the various stakeholders an accurate picture of the results of the improvement efforts. Knowledge is presented to the business in a form and manner that reflects their needs and assists them in determining the next steps. 6. Presenting and using the information The knowledge gained is used to optimize, improve and correct services. Managers identify issues and present solutions. The corrective actions that need to be taken to improve the service are communicated and explained to the organization. Following this step the organization establishes a new baseline and the cycle begins anew. 7. Implementing corrective action From vision to measurements CSF: Improving IT service quality KPI: 10 percent increase in customer satisfaction rating for handling incidents over the next 6 months. Metrics required: • Original customer satisfaction score for handling incidents • Ending customer satisfaction score for handling incidents. Measurements: • Incident handling survey score • Number of survey scores. Qualitative example Technology metrics (performance, availability etc. of component and application) Process metrics (CSFs, KPIs and activity metrics for processes; health of a process) Service metrics (end-to-end service; component metrics are used to compute the service metrics) Three types of Metrics Implementace ITIL K čemu to je? Kdo to má používat? ITIL? Jaké firmy, organizace, společnosti si nasadí ITIL? Jak jsou velké? Kdo má v ČR ITIL? ITIL? Provides: • Best practices for ITSM • Common language • Drives continual improvement ITIL ITIL provides the foundation for quality IT Service Management. IT actively supports corporate aims by offering services which are based on efficient principles and adequately fulfill business requirements. It can become a profit generator instead of being seen as an inevitable cost burden. Why should you adopt ITIL? The introduction of a consistent set of processes will highlight potential weaknesses in the previous operations and encourages pro-active improvements. Shortened resolution times, better management control, more reliable IT services and the implementation of permanent solutions to formally acknowledged problems are just some of the many ways ITIL will revolutionize your IT services. ITIL Improved Service Quality By applying ITIL Best Practice to your IT operations you can take advantage of many ways of better cost control and cost reduction. A lower Total Cost of IT Ownership (TCO) will be achieved through increased efficiency and productivity, lower incident volumes, faster incident resolution and less business disruption because of service failures. ITIL Cost Reduction It is no longer enough to simply maintain the IT infrastructure by adjusting and upgrading it after the need has arisen - today's IT managers are expected to support the success of the entire business by planning ahead and pro-actively shaping the business IT environment. Because ITIL has been devised by leading industry practitioners you can rest assured that you are implementing proven best-of-breed procedures. ITIL Pro-active IT Management • IT services which align better with business priorities and objectives, meaning that the business achieves more in terms of its strategic objectives • Known and manageable IT costs, ensuring the business better plans its finances • Increased business productivity, efficiency and effectiveness, because IT services are more reliable and work better for the business users • Financial savings from improved resource management and reduced rework • More effective change management, enabling the business to keep pace with change and drive business change to its advantage • Improved user and customer satisfaction with IT • Improved end-customer perception and brand image. Benefits of adopting ITIL Vychází z 23 studií o používání ITIL USA, Spojené království, Austrálie, Německo nebo Jižní Afrika atd. Vztaženo na počet obyvatel používá ITIL 30% až 60% organizací. V jednom případě je to až 85%. Prvními třemi přínosy: • Spokojenost zákazníka • Kontrola nákladů • Rychlejší odezva a řešení Přehled o stavu ITIL Vydáme směrnice? Popíšeme procesy? -> ani náhodou! ;-) Především musí změnit myšlení IT lidí. Většina IT lidí chodí do práce s tím, že když se někomu něco rozbije, tak oni jsou na telefonu a ad-hoc to opraví. To že sedí na židli a čekají na telefonu považují za smysl svojí práce. Můj kamarád to definoval jako: Koule na dveřích, pantofle a „někde tady běhá“ Jak to ITSM zavedeme? Kulturní změna… Ta se neobejde bez intenzivního vzdělávání. Všichni musí na školení ITIL. Oni si sami pak vytvoří svoje směrnice a postupy, tak jak si je dělali do dnes. Můžeme jim ukázat, jak by to mělo být, ale oni musí chtít. Jak to ITSM zavedeme? Guiding Principles Are recommendations that try to help an organization maximize output value. Universal and independent on specific goals, strategies, type of work or management structure of the concrete business environment. Used by other frameworks, methods or standards such as Lean, Agile, DevOps, SCRUM,… Not affected by changes in an organization. Enable the organization to effectively integrate other methods to manage service management. Applies to all levels of an organization. ITIL guiding principles 1. Focus on value 2. Start where you are 3. Progress iteratively with feedback 4. Collaborate and promote visibility 5. Think and work holistically 6. Keep it simple and practical 7. Optimize and automate Seven basic guiding principles Everything should somehow deliver value to specific people (customers, stakeholders, employees, etc.) Satisfying people's needs should be the organization's primary focus to produce value. Understanding how and to whom an organization delivers value is crucial for business success. Focus all your plans, policies, attitudes, products and behaviour on value. What brings value to people changes over time (age, competition, changes in macro perspective). Organizations should detect changes and adapt the business process to match new circumstances. 1. Focus on value Assess the current situation in the organization. Identify things that deliver actual value and can be reused in future. Understand where your organization and its processes, practices, and business value currently is. Try to reuse any resources before throwing them away. Build on current processes that you are doing well. Find their weak points, and look from another perspective. New ideas should at first be integrated into already existing processes. Start from scratch only if it is not possible. 2. Start where you are This principle encourages working iteratively with embedded feedback after each iteration. Organise work into smaller, more manageable sections that deliver something valuable that can be executed and completed promptly. Separate work into teams that can work independently at once. Make little improvements to deliver value early and often to your customers and get feedback from them. Regularly analyse the feedback and improve the product based on it. Show progress to stakeholders or customers to discover if you are going the right way. 3. Progress iteratively with feedback Involve the right people in the right way at the right time to make the best decisions based on better quality information. Connect with your customers, involved parties and stakeholders. Active collaboration of people with shared goals should be promoted to increase output value. Share information, knowledge and skills between everyone involved. Make the progress of employees available to others so that there is transparency, visibility and a sense of urgency to the work required. Calling for help should be safe, easy and encouraged (Service desk, Help desk, etc.) 4. Collaborate and promote visibility Recognize the complexity of the system and organization as a whole. Eliminate narrow thinking and try to comprehend the bigger picture of the system. Encourage everyone to think holistically as a team (we are in it together – winning or losing). Consider how we fit into this system and how our outputs and outcomes affect other participants. Doing what you are best at is not always the best thing to do for your company. You should do different things to gain a broader perspective. 5. Think and work holistically Every process, person or resource has its use and brings value to the overall system. Keep things simple so that they can be done better, faster and with less conflict Look for patterns and ways to simplify the system to increase efficiency and visibility. Prevent overdoing and overcomplicating things. Make it easy so that everyone can understand it. Get exactly the results that are needed, not more, not less. 6. Keep it simple and practical Try to maximize productivity by automating everything that can be automated economically. Automatization can reduce the needed workforce and hence also reduce cost. However, automation can quickly become quite costly, therefore feasibility and costs cannot be overlooked. Make everything as effective and useful as it needs to be. Do not overdo it. Consider automation in every process, routine, area, etc., within the company. 7. Optimize and automate There are 7 basic guiding principles. The guiding principles embody the core of ITIL and service management in general. They establish good practices, actions and decisions at all levels. They guide organizations in their work as they adopt them with other ITIL guidelines to their specific needs and circumstances. The guiding principles encourage and support organizations in continual improvement. Brief summary