information technology infrastructure library (itil) history, concepts and alignment to cobit and...

Information Technology Infrastructure Library (ITIL)History, Concepts and Alignment to CobiT and ISO 20000

Objectives:

1. Learn about the history of ITIL

2. Understand ITIL’s key objectives

3. Discover all components of the ITIL Framework

4. Visit each of the core 10 ITIL SM Processes

5. Learn the importance of process interaction

6. Understand the ISO 20000 & alignment to ITIL

7. Understand the alignment to CobiT Framework

8. Learn about the future of ITIL

WHAT IS ITIL?

Framework for Best Practices in IT Service Management

ITIL Objectives

Three Key Objectives of IT Service Management:

1. Align IT Services with the Current and Future Needs of the Business and its Customers

2. Improve Quality of IT Services

3. Reduce Long-Term Costs of IT Service Provision

The Deming Cycle

The ITIL Library

Source: OGC

Service Support

Service Delivery

Security Management

Security Management

The Business Perspective

ICT Infrastructure Management

Planning to Implement Service Management

Applications Management

Th

e B

usin

ess

Th

e B

usin

ess

Th

e T

ech

nolo

gy

Th

e T

ech

nolo

gy

Software Asset Management

ITSM Components

FinancialManagement

for IT services

Capacity Management

Availability Management

IT Service Continuity

Management

IncidentManagement Problem Management

Change Management

Configuration Management

Release Management

ITInfrastructure

ITInfrastructure

security

security

Service DeskService Desk

Service Level Management

• Service Support– The Service Desk– Incident Management– Problem Management– Configuration Management– Release Management– Change Management

• Service Delivery– Service Level Management– Availability Management– IT Service Continuity Management– Capacity Management– Financial Management for IT Services

The Service DeskThe Service Desk The Service Desk

To act as the single point of contact between the User and IT Service Management and track status of all customer interactionsTo handle Incidents and requests, and provide an interface for other activities such as Change, Problem, Configuration, Release, Service Level, and IT Service Continuity Management

To act as the single point of contact between the User and IT Service Management and track status of all customer interactionsTo handle Incidents and requests, and provide an interface for other activities such as Change, Problem, Configuration, Release, Service Level, and IT Service Continuity Management

Goals

Inputs to the Service DeskThe Service Desk The Service Desk

Information

Why a Service Desk?

• The Service Desk is more than just a Help Desk

• The first and single point of contact

• High quality support to meet business goals

• Help identify costs of IT services

• Proactive support and communication of changes

• Increase user perception and satisfaction

• Identification of business opportunities

• Identification of Training Opportunities

The Service Desk The Service Desk

Essentials

Responsibilities

• Receive and record all calls from users

• Provide first-line support (using knowledge resources)

• Refer to second-line support where necessary

• Monitoring and escalation of incidents

• Keep users informed on status and progress

• Provide interface between ITSM disciplines

• Produce measurements and metrics

The Service Desk The Service Desk

Activities

Incident ManagementIncident Management Incident Management

Incident definition

Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of that service

Work-around definition

A method of avoiding an Incident or Problem either by employing a temporary fix or technique so the user is no longer reliant on a Configuration Item (CI) that is known to cause failure

To restore normal service operation as quickly as possible with

minimum disruption to the business, thus ensuring that the

best achievable levels of availability and service are

maintained

To restore normal service operation as quickly as possible with

minimum disruption to the business, thus ensuring that the

best achievable levels of availability and service are

maintained

Goals

The Incident Life Cycle – the monitoring and tracking of Incidents

Yes

No

Note. This is not Problem Closure

Including Impact and Urgency selection

Incident Management Incident Management

Activities

Categorization

•Service affected (and possibly by association the affected SLA)

•User perception of failure in terms of the User’s inability to do something– Batch job output has not been received

– I can’t print, connect to a server or access an application

•Category and details of CI thought to be at fault

•Category and details of CI eventually found to be at fault

•The fault in the CI, the quick fix and the action taken, etc.

Activities


Impact, Urgency & PriorityIncident Management Incident Management

Impact A measure of the business criticality of an incident or problem (e.g. numbers affected, magnitude)

Urgency A measure of the speed with which an incident or problem requires resolution (i.e. how much delay will the resolution bear)

Priority The order in which an incident or problem needs to be resolved, based on impact and urgency

Definitions

Illustrative Example

Payroll Application: System run once per month to run payroll

Bank Teller Application: System used by cashiers in bank to transact on accounts

Impact Urgency Priority

One Branch teller application performing poorly

Medium : one branch out of 150

High : Queues beginning to form

High

Router Interface down Low : Cashiers and customers not impacted due to redundancy in network

Med : Router needs to be re-booted to restore network redundancy

Med

Impact Urgency Priority

Failure of payroll server

(first week in month)

High: will effect all employees

Low : Payroll not run for 3 weeks

Low (at the moment)

Failure in payroll server (last week of month)

High: will effect all employees

High : Fix needed before 06:00 tomorrow morning

High


Escalation

Hie

rarc

hic

al (a

uth

ority

)

Functional (competence)

Hierarchical escalation would typically include authorization, resources and/or cost


Functional escalation might include specialist groups e.g. Unix Group

Definitions

Functional Escalation

The use of support teams is important in efficient incident resolution.

• First line support deals with the communication to the user, resolution of known incidents (e.g. password resets)…

• …allowing the second and subsequent levels to focus on resolving assigned incidents.

• Targets are often set for improving the percentage of incidents resolved at first level.


Activities

Problem ManagementProblem Management Problem Management

To minimize the adverse effect on the business of Incidents and Problems caused by errors in the infrastructure, and to proactively prevent the occurrence of Incidents, Problems and Errors.

To minimize the adverse effect on the business of Incidents and Problems caused by errors in the infrastructure, and to proactively prevent the occurrence of Incidents, Problems and Errors.

Goals

Problem definition

Unknown cause of one or more incidents

Known Error definition

An Incident or Problem for which the root cause is known and for which a temporary work around or permanent alternative has been identified

Problem Flow

Incidents

Problem

Known Error

Change Process

Service Desk

Problem Management Problem Management

Information

Enabling control of the infrastructure by monitoring and maintaining information on:

Configuration Items (CI) needed to deliver servicesCI status and historyCI relationshipsValuable CIs (monetary or service)

Providing information on the IT infrastructure to all other processes and to IT Management

Enabling control of the infrastructure by monitoring and maintaining information on:

Configuration Items (CI) needed to deliver servicesCI status and historyCI relationshipsValuable CIs (monetary or service)

Providing information on the IT infrastructure to all other processes and to IT Management

Configuration ManagementConfigueration Management Configueration Management

Goals


• Configuration Item (CI) – a component of an IT infrastructure which is (or is to be) under the control of Configuration Management and therefore subject to formal change control

• Configuration Management Database (CMDB) – a database which contains details of the attributes and history of each CI and the relationships between CIs

• Baseline – a snapshot of the state of a CI and its components or related CIs, frozen in time for a particular purpose, such as:– The ability to return a service to a trusted state if a change goes

wrong– A specification for copying the CI or for a roll-out– The minimum CIs needed to maintain vital Business Functions

after a disaster

Definitions

Configueration Management Configueration Management

Major CI Types

PeopleUsers, Customers, Who, Where, What Skills, Characteristics, Experience, Roles

DocumentationDesigns; Reports; Agreements; Contracts; Procedures; Plans; Process Descriptions; Minutes; Records; Events (Incident, Problems, Change Records); Proposals; Quotations

Data FilesWhat, Where, Most Important Environment

Accommodation; Light, Heat, Power; Utility Services (Electricity, Gas, Water, Oil); Office Equipment; Furniture; Plant & Machinery

HardwareComputers, Computer components, Network components & cables (LAN, WAN), Telephones, Switches

ServicesDesktop Support, E-mail, Service Desk, Payroll, Finance, Production Support

SoftwareNetwork Mgmt Systems; In-house applications; O/S; Utilities (scheduling, B/R); Packages; Office systems; Web Management

Definitions


CI Relationships and AttributesActivities

Desktop Device #1 Desktop Device #2

RelationshipsIs connected toIs a copy ofIs part of

AttributesOwner, status, location, serial #, version, supplier, etc.

Server

Cable #1 Cable #2

Cable #3

Disk #1

Disk #2

System Software

Printer #2

Printer #1

Ethernet

Application A Application B

Power


Change ManagementChange Management Change Management

Process of controlling changes to the infrastructure or any other aspect of services, in a controlled manner, enabling approved changes with minimum disruption.

Process of controlling changes to the infrastructure or any other aspect of services, in a controlled manner, enabling approved changes with minimum disruption.

Change Management ensures that standardized methods and procedures are used for the efficient and prompt handling of all Changes, in order to minimize the adverse impact of any Change‑related incidents upon service quality.

Changes can arise as a result of Problems, Known Errors and their resolution, but many Changes can come from proactively seeking business benefits such as reducing costs or improving services

Goals

Change Management

•Change – a deliberate action that alters the form, fit or function of Configuration Item (CI) such as an addition, modification, movement, or deletion that impacts the IT infrastructure

•Request for Change (RFC) – a means of proposing a change to any component of an IT infrastructure or any aspect of an IT service

•Forward Schedule of Change (FSC) – a schedule that contains details of all the changes approved for implementation and their proposed implementation date

Definitions

Change Management Change Management

Change Management

•Standard Change – a Change that is recurrent, has been proceduralized to follow a pre-defined, relatively risk free path and where Change Management and budgetary authority is effectively give in advance

•Service Request – a request, usually made through a Service Desk, for a Standard Change– Example: providing access to services for a new

member of staff or relocating a few PCs

Definitions

Change Management Change Management

Release Management

• Good resource planning and management are essential to package and distribute a Release successfully.

• The focus of Release Management is the protection of the live environment and its services through the use of formal procedures and checks.

Release Management Release Management

Release Management takes a holistic view of a Change to an IT service and should ensure that all aspects of a Release, both technical and non-technical, are considered together

Release Management takes a holistic view of a Change to an IT service and should ensure that all aspects of a Release, both technical and non-technical, are considered together

Goals

Service Support Process Model

Incident Management


Problem Management

Change Management

Release Management

Services Reports,

Incidents, Statistics,

Audit Reports

Services Reports,

Incidents, Statistics,

Audit ReportsProblem

Statistics,Trend Analysis,

Problem Reports,Problem Reviews,

Diagnostic Aids,

Audit Reports

Problem Statistics,

Trend Analysis,Problem Reports,Problem Reviews,

Diagnostic Aids,

Audit Reports

Change Schedule,

CAB Minutes,Change

Statistics,Change

Reviews,Audit Reports

Change Schedule,

CAB Minutes,Change

Statistics,Change

Reviews,Audit Reports

Release Schedule,Release

Statistics,Release Reviews,

Source Library,Testing

Standards,Audit Reports

Release Schedule,Release

Statistics,Release Reviews,

Source Library,Testing

Standards,Audit Reports

CMDB Reports,CMDB Statistics,Policy/Standards,

Audit Reports

CMDB Reports,CMDB Statistics,Policy/Standards,

Audit Reports

Configuration Management Database

Incidents Problems,Known Errors

Changes Releases CI Relationships

IncidentsService

Desk

ReleasesChanges

Users / Customers

Enquiries,Communications,

Workarounds,Updates

ManagementTools & IT

Infrastructure

• Service Support– The Service Desk– Incident Management– Problem Management– Configuration Management– Release Management– Change Management

• Service Delivery– Service Level Management– Availability Management– IT Service Continuity

Management– Capacity Management– Financial Management for IT

Services


To maintain and gradually improve business aligned IT service quality, through a constant cycle of defining, agreeing, monitoring, reporting and IT service achievements and through instigating actions to eradicate unacceptable levels of service

To maintain and gradually improve business aligned IT service quality, through a constant cycle of defining, agreeing, monitoring, reporting and IT service achievements and through instigating actions to eradicate unacceptable levels of service

Service Level Management manages and improves the agreed level of service between two parties

• The provider who may be an internal service department or the external organisation that provides an outsourced service

• The receiver of the servers i.e. the customer who pays the bill.

Service Level Management Service Level Management

Goals

Availability Management

To optimise the capability of the IT infrastructure and supporting organisations to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives

To optimise the capability of the IT infrastructure and supporting organisations to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives

Availabtily Management Availabtily Management

Goals

IT Service Continuity Management

Note. IT Service Continuity Management used to be known as Disaster Recovery in the old ITIL books

To support the overall Business Continuity Management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales

To support the overall Business Continuity Management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales

IT Service Coninuity ManagementIT Service Coninuity Management

Goals

Capacity Management Capacity Management Capacity Management

To understand the future business requirements (the required service delivery), the organization's operations (the current delivery), and ensure that all current and future capacity and aspects of the business requirements are provided cost effectively

To understand the future business requirements (the required service delivery), the organization's operations (the current delivery), and ensure that all current and future capacity and aspects of the business requirements are provided cost effectively

Goals

Financial Management

Note. Financial Management of IT Services used to be known as Cost Recovery in the old ITIL books

Financial Management For IT ServicesFinancial Management For IT Services

To provide cost-effective stewardship of the IT assets and financial resources used in ServicesTo provide cost-effective stewardship of the IT assets and financial resources used in Services

Goals

Participants in IT Service Management

IT The Business

UsersService Desk

CustomersService Level Management

Operational

Tactical

Sr. IT Mgt

Sr. MgtStrategic

Service Service DeliveryDeliveryService Service DeliveryDelivery

Service Service SupportSupportService Service SupportSupport

ITIL is more than a library of books

Training•Fundamentals

•Practitioner•Service Manager

Qualifications:Certification at each

level

Consultancy: Provision of IT

consulting services to clients based on a de

facto standarditSMF: User groups providing seminars,

conferences, and workshops

Information Technology Infrastructure Library

Tools: ITIL “compliance” is

driving tools manufacturers

Consistent and predictable results, process improvement and cost saving top the list of benefits from implementing defined IT Process methods

* Source: Forrester Research – Stabilizing IT with Process Methodologies – May, 2005

*

CobiT

•What Is It?

•How Does It Relate To ITIL?

• Work instruction• 2• 3• 4,5,6….





XY

##

XY

##

XY

##

XY

##

XY

##

Strategic

COBIT

ITILProcess Control

Process Execution

Work Instruction

COBIT and ITIL–Process Perspective

ITILITILActivitiesActivities

CCOBIOBITTControlControl

WHATWHAT

HOWHOW

CobiT

Gartner Advisory on COBIT and ITIL

ITILITILActivitiesActivities

CCOBIOBITTControlControl

WHATWHAT

HOWHOW

Deliver and Support(DS Process Domain)

Deliver and Support(DS Process Domain)

Monitor and Evaluate

(M Process Domain)

Monitor and Evaluate

(M Process Domain)

Acquire and Implement(AI Process Domain)

Acquire and Implement(AI Process Domain)

Plan and Organise

(PO Process Domain)

Plan and Organise

(PO Process Domain)

Deliver and SupportDeliver and SupportMonitor and EvaluateMonitor and Evaluate

Planning & Organization

Acquire and Implement

Planning & Organization

Acquire and ImplementPlan and OrganisePlan and OrganiseDefine

Strategic IT Plan

Define Strategic IT Plan

Define IT Organisation

and Relationships

Define IT Organisation

and Relationships

Manage IT InvestmentManage IT

Investment

Determine Technological

Direction

Determine Technological

Direction

Communicate Aims and Direction

Communicate Aims and Direction

Manage Human

Resource

Manage Human

Resource

Ensure Compliance with External

Standards

Ensure Compliance with External

Standards

Assess RisksAssess

Risks

Manage ProjectsManage

Projects

Manage QualityManage

Quality

Identify Automated Solutions

Identify Automated Solutions

Acquire and Maintain

Application Software


Application Software


Technology Infrastructure


Technology Infrastructure

Develop and Maintain

IT Procedures

Develop and Maintain

IT Procedures

Install and Accredit Systems

Install and Accredit Systems

Manage ChangeManage

Change

Manage Performance and Capacity

Manage Performance and Capacity

Ensure Continuous

Service

Ensure Continuous

Service

Ensure System Security

Ensure System Security

Identify and Allocate

Costs

Identify and Allocate

Costs

Manage Third-party

Services

Manage Third-party

Services

Define and Manage Service Levels

Define and Manage Service Levels

Educate and

Train Users

Educate and

Train Users

Assist and Advise

IT Customers

Assist and Advise

IT Customers

Manage ConfigurationManage

Configuration

Manage Problems and

Incidents

Manage Problems and

Incidents

Manage DataManage

Data

Manage FacilitiesManage

Facilities

Manage OperationsManage

Operations

Monitor the

Process

Monitor the

Process

Assess Internal Control

Adequacy

Assess Internal Control

Adequacy

Obtain Independent

Assurance

Obtain Independent

Assurance

Provide Independent

Audit

Provide Independent

Audit

Define Information

Architecture

Define Information

Architecture

ITILITILService DeliveryService DeliveryService SupportService Support

Service DeskService

Desk

Incident ManagementIncident

Management

Change ManagementChange

Management

Release ManagementRelease

Management

Problem ManagementProblem

Management

ConfigurationManagementConfiguration

Management

Service Level

Management

Service Level

Management

Availability ManagementAvailability

Management

FinancialManagementFinancial

Management

Continuity ManagementContinuity

Management

CapacityManagementCapacity

Management

ISO 20000

•What Is It?

•How Does It Relate To ITIL?

ISO 20000: Basic Concepts

• Quality standard for IT Service Management

Formal specification defined requirements for an organization to deliver managed services to acceptable quality to customers

• BS 15000 fast-tracked to become IS0 20000

• ITIL forms the basis of the standard

• Standard = a list of criteria that needs to be met

The standard versus the framework

• Standard = audit & certify against. Makes ITIL alive

• Framework = best practice that the standard is based on

ISO 20000

Source: itSMF International



SERVICE DELIVERYCapacity Management

Availability and Service Continuity


Service Reporting

Information Security Management

Budgeting and Accounting for IT Services

RELEASE RELATIONSHIP

RESOLUTIONRelease Management Incident Management

Problem Management

Business Relationship Management

Supplier Relationship Management

CONTROL


Change Management

Example: Change Management

Specifications: Objective + Requirements

Objective:

To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner

Requirement examples:

• All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor

• Requests for changes shall be assessed for their risk, impact and business benefit

• All changes shall be reviewed for success and any actions taken after implementation

Example: Change ManagementCode of Practice: Objective + Detailed Best Practices

Objective (Sub-process: 8.2.2): Closing and reviewing the change request

Detailed Best Practice:• All changes should be reviewed for success or failure after

implementation and any improvements recorded• A post-implementation review should be undertaken for major

changes to check that:– a) the change met its objectives;– b) the customers are happy with the results;– c) there have been no unexpected side effects

• Any nonconformity should be recorded and actioned• Any weaknesses or deficiencies identified in a review of the

change control process should be fed in to service improvement plans

ITIL Future – from this….

Service Support

Service Delivery

Security Management

Security Management



Planning to Implement Service Management

Applications Management

Th

e B

usin

ess

Th

e B

usin

ess

Th

e T

ech

nolo

gy

Th

e T

ech

nolo

gy

Software Asset Management

… to this: ITIL V.3

Pocket Guides

ITIL Practice Working Templates

Th

e B

usin

ess

Th

e B

usin

ess

Th

e T

ech

nolo

gy

Th

e T

ech

nolo

gy

Governance Methods

Case Studies

Certification-based Study Aids

Executive Introduction to IT Service Management

Service

Strategy

Service

Design

Service

Transition

Service Operation

Continuous Service

Improvmt

LIFECYCLE PERSPECTIVE

Various non-proprietary frameworks and methods exist to help IT organizations become more process centric and improve the quality of the services delivered

ITIL CobiTCMM Six Sigma ISO 2000

The IT Infrastructure Library is a customizable framework of best practises that promote quality IT service, build on a process-model view of controlling and managing operations. ITIL was originally developed by the UK government and has since matured into an internationally recognized standard.

Control OBjectives for Information and related Technologyis a framework for information security and provides generally accepted IT control objectives to assist in developing appropriate IT governance and control

The Capability Maturity Model is a method of evaluating and measuring the maturity of the software development process. Recent revisions (CMMI) provide guidance for improving organization process and manage the development, acquisition and maintenance of products and service

A data driven quality management program to control variations and thereby achieve high levels of quality.

A standard concerned primarily with the quality of IT Service Management. It provides the basis to fulfill customer requirements, regulatory requirements, enhance customer satisfaction, and pursue continual improvement

What is it?

Focus IT Operations – IT Service Management

Development Governance and Control

Process Improvement Processes Consistency

IT Specific Yes Yes Yes No Yes

How it fits Define and implement processes

Determine extent of process maturity

Provide process controls

Improve processes Certify processes are being followed

Frameworks and Methodologies

ISO20000CobiT

SIX SIGMA

CMMi

ITILBusines

sProcess Models

Governance

In summary:

ITIL is:

• The international de-facto Best Practice for IT Service Management

• Process Approach to improving Quality, Efficiency and Effectiveness

• Service focused IT management, viewed from the perspective of IT customers and users

• Evolving, vendor-neutral, non-proprietary framework

• CobiT complementary, Certifiable through ISO20000

• DEFINED COMMON SENSE

information technology infrastructure library (itil) history, concepts and alignment to cobit and...

Documents

service management slide

service provision

service work

service desk information

service desk essentials

service desk activities

services slide

future of itil slide