it service management objectives itil is a best practice framework used ….. to align it services...
TRANSCRIPT
IT Service Management Objectives
ITIL is a Best Practice Framework used …..
To align IT services with the current and future needs of
the business and its Customers
To develop the quality of the IT services delivered
To reduce the long term cost of service provision
Integrated into Office of Government Commerce (OGC) and
British Standards Institute (BSI) guidance
Why Service Management
Increasing IT visibility and Reliance
Increasing demand from Business to deliver effective IT
solutions/services (Cost Effective)
Increasing complexity of IT infrastructure and processes
Increasing competition
Increasing pressure to realise return on investment
Considerations
Do not be over ambitious
Consider what elements already exist, are in use and effective
Identify what can be re-used or needs to be developed
Adapt the guidelines to meet your requirements
Process Improvement Stages
Process improvement definition
Communication
Planning
Implementation
Review and Audit
ITIL Service Management
Service Support Day to day operational support of IT services
Service Delivery Long term planning and improvement of IT service provision
Key Definitions:
Customer: recipient of a service: usually the Customer management has responsibility for the funding of the service.
Provider: the unit responsible for the provision of IT service.
Supplier: a third party responsible for supplying or supporting underpinning elements of the IT service.
User: the person using the service on a daily basis.
IT Service Management Overview
BUSINESS (Customer)
User User User
SD
IM
PROBLEM
CH REL
CONFIGURATION
SLM
AM CM
IT SCM
FINANCE
SERVICESUPPORT
SERVICEDELIVERY
SPOC
SLA
SPOC Single Point of ContactSD Service DeskIM Incident MngtCH Change MngtREL Release Mngt
SLA Service Level AgreementSLM Service Level MngtAM Availability MngtCM Capacity MngtIT SCM IT Service Continuity Mngt
Service Support Process Model
Configuration Management
Release Management
Change Management
Problem Management
Incident Management
Business, Customers or Users
Releases
Changes
Management Tools
Incidents Incidents Service Desk
ProblemsKnown Errors
CI’sRelationships
ReleasesChangesIncidents
DifficultiesQueriesEnquiries
CommunicationsUpdatesWorkarounds
C M D B
CommunicationsUpdates Reports
Capacity PlanCDBTargets/ThresholdsCapacity ReportsSchedulesAudit Reports
Service Delivery Process Model
Business, Customers and Users
QueriesEnquiries
SLA’s, SLR’s, OLA’sService ReportsService CatalogueSIPException ReportsAudit Reports
Service LevelManagement
IT Continuity PlansBIA & Risk AnalysisControl CentresDR ContactsReportsAudit Reports
IT Service ContinuityManagement
RequirementsTargetsAchievements
Financial PlanTypes & ModelsCosts & ChargesReportsBudgets & ForecastsAudit Report
Availability PlanDesign CriteriaTargets/ThresholdsReportsAudit Reports
Financial Management for IT Services
CapacityManagement
AvailabilityManagement
Alerts & ExceptionsChanges
ManagementTools
Service Level Management
FinancialManagementfor IT services
Capacity Management
Availability Management
IT Service ContinuityManagement
IncidentManagement Problem Management
Change Management
Configuration Management
Release Management
ITInfrastructure
ITInfrastructure
securitysecurity
Service DeskService Desk
ITIL Service Management
Service Desk
Goal: To provide a single point of contact for Customers To facilitate the restoration of normal operational service with
minimal business impact on the Customer within agreed service levels and business priorities.
Activities: Receive all calls and e-mails on incidents Incident recording (including RFC’s) Incident Classification Incident Prioritization Incident Escalation Search for Work Around Update the customer and IT group on progress
Contd…
Activities: Perform communication activities for the other ITIL
processes (e.g.Release notifications, change schedules, SLM-reports)
Perform daily CMDB verification Report to Management, Process Managers and customers
(through SLM) on Service Desk performance Benefits:
Improved Customer Service perception and satisfaction Increased accessibility through a single point of contact,
communication, and information Better-quality and quicker turnaround of customer requests Improved teamwork and communication
Contd…
Service Desk
Benefits Enhanced focus and a proactive approach to Service
provision A reduced negative business impact Better managed infrastructure and control Improved usage of IT support resources and increased
productivity of business personnel More meaningful management information to support
decisions.
Types of Service Desks Local Central Virtual
Service Desks is a function not a Process
Service Desk
Inputs and Outputs
Email/VoiceRequests
Service Desk
External Service Support
TelephoneRequests
Internet/Browser Requests
Fax RequestsHardwaree/Application Events
Product SupportSales &Marketing
Contract Support
Internal Service Support
Management Information & Monitoring
Service Desk
Desktop Support
Network Support
ApplicationSupport System &
Operations Support
Third Party Support
User 1 User 2 User 3
First Line Support
Structures: Local Service Desk
Centralized Service Desk
Desktop Support Network
SupportApplicationSupport
System &Operations Support
Third Party Support
CustomerSite 1
CustomerSite 2
CustomerSite 3
First Line Support
Second line support
Structures: Centralized Service Desk
Goal - Primary Objective
To restore normal service operation as quickly as possible with minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained
Why Incident Management
Ensure the best use of resource to support the business Develop and maintain meaningful records relating to incidents Devise and apply a consistent approach to all incidents reported
Incident Definition
An incident is an event which is not part of the standard operation of a service and which causes, or may cause an interruption to, or a reduction in the quality of that service
Impact, Urgency & Priority
IMPACT
The likely effect the incident will have on the business (e.g. numbers affected, magnitude)
URGENCY
Assessment of the speed with which an incident or problem requires resolution (i.e. how much delay will the resolution bear)
PRIORITY
the relative sequence in which an incident or problem needs to be resolved, based on impact and urgency
Escalation
2nd LineSupport Team
3rd LineSupport Team
Service DeskManager
Service DeskSupport Team
3rd LineManager
2nd LineManager
IT ServiceManager
Functional (competence)
Hie
rarc
hic
al
(au
tho
rity
)
Relationships
Relationship between incidents, Problem and Known Errors
Error in infrastructure
Incident
Problem
Known Error
RFC
Structural Resolution
Handling of Major Incidents
Major incidents occur when there is extreme impact to the Users. Problem Management should be notified to arrange a formal meeting. The Service Desk will ensure Incident records are maintained with all actions and decisions.
Reduced business impact of Incidents by timely resolution
Improved monitoring of performance against targets
Elimination of lost Incidents and Service Requests
More accurate CMDB information
Improved User satisfaction
Less disruption to both IT support staff and Users
Benefits
Possible Problems
Lack of Management commitment
Lack of agreed Customer service levels
Lack of knowledge or resources for resolving incidents
Poorly integrated processes
Unsuitable software tools
Users and IT staff bypassing the process
Goal – Primary Objective
To minimise the adverse effect on the business of Incidents and Problems caused by errors in the infrastructure and to proactively prevent the occurrence of Incidents, Problems and Errors
Why Problem Management
Resolve Problems quickly and effectively Ensure resources are prioritised to resolve Problems Proactively identify and resolve Problems and Known Errors
thus minimising Incident occurrence / recurrence Improve the productivity of support staff
Problems & Known Errors
A Problem is the unknown underlying cause of one or more Incidents. It will become a Known Error when the root cause is known and a temporary work around or a permanent alternative has been identified
Service Desk – IM – PM (PC) (EC) - CM
PM
User
IncidentDB
ProblemDB
Known ErrorDB
Business Case to FIX
RaiseRFC
ERROR CONTROL
PR
OB
LE
M C
ON
TR
OL
Known Error
One or More Incidents withUnknown Underlying cause
Root Cause Known and Temp or Perm Fix found
STOP
NO
YES
Change Management
RRS
Incident
PM
PM
SD/IM
IM
Activities
Problem Control
Error Control
Major Incident Support
Management Information
Major Problem Reviews
Proactive Problem Prevention
Proactive Activities
Trend Analysis Post-Change occurrence of particular Problems Recurring Problems per type or per component Training, documentation issues
Preventative Action Raising RFC to prevent occurrence/recurrence Initiate education and training Ensure adherence to procedures Initiate process improvement Provide feedback to testing, training and documentation
Reduction in volume of Incidents
Improved IT service quality
Better first time fix rate at service desk
Permanent solutions
Improved organisation learning and awareness
Benefits
Goal – Primary Objective
To provide a logical model of the IT infrastructure by identifying,
controlling, maintaining and verifying the versions of ALL
Configuration Items in existence.
The goal is to keep all IT Infrastructure current
Make sure changes have been properly logged and documented
To maintain accurate topology of existing CIs
Account for ALL IT assets (when it was purchased, manufacturer, model, cost incurred, depreciation information etc) (IMACD) Installed, moved, added, changed, deleted
Provide accurate information to support other Service Management processes (Incident, Problem, Change, Release, Continuity, capacity, availability, finance, security)
Provide a sound basis for all other Service Management disciplines
Verify records against the infrastructure and to correct exceptions
Why Configuration Management?
Configuration Items (CIs)
Component of an infrastructure that is (or is to be) under the control of Configuration Management
Configuration Management Database (CMDB)
A database that contains all relevant details of each CI and details of the important relationships between CIs throughout its life cycle
Base Level
The lowest level at which CIs are uniquely identified
Baseline – A SNAPSHOT
The configuration of a product or system established at a specific point in time, capturing both structure and details version
Key Considerations
Types of CIs
CI Types
Hardware (Servers, desktops, file systems, disks, network components, firewall components, printers etc.)
Software (MS Office or any other application)
Documentation Processes and Procedures Technical documentation Diagrams/Charts
IT Staff NOT USERS
Planning Strategy, policy, scope, objective, roles & responsibilities Configuration Management processes, activities and procedures CMDB, Relationships with other processes Tools and resource requirements
Identification Selection, identification and labelling of all CIs based on the scope
Control Authorised additions, modifications and removal of CIs
Status Accounting The reporting of all current and life cycle data of each CI Ordered,
Tested, Operational, Maintenance, Archive…….
Verification & Auditing Reviews and audits to verify physical existence of CIs is up to
date
Reporting Document, Analyse and Improve
5 Activities of Configuration Management
Slide 42
Attributes
Attributes- Unique Identifier- CI Type ID- Service ID- Name- Version Number- Model / type identification- Place / location- License - Supplier- CI History- Status- Relationships- Variants (alternative)
Relationships
Relationships
- ..is a parent/child of..
- ..is a version of..
- ..is connected to..
- ..applies to..(e.g. documentation)
- ..is used for.. (CI’s related to service)
- ..is a variant of.. (MS Dictionary English vs. Dutch)
Any others that are meaningful and useful to the organisation can be used
Benefits
Provides accurate information on CIs and their documentation to support
all other Service Management disciplines
Contributes to faster trouble shooting and change process
Facilitates adherence to legal and contractual obligations and provide
better control over H/W & S/W
Improves security by controlling the versions of CIs in use
Enhance planning for procurement and expenditure
Support for capacity and availability management
Is a foundation for IT continuity management
Overall helps provide IT services in a timely and cost effective manner
Challenges
Cost and effort to design, implement & maintain CMDB
Wrong identification of scope and CI details
Effects of sudden changes and tight schedules
Users and customers bypassing the process
Setting up Configuration Management
The planning process for setting up could take up to 6 months. Actual implementation may take much longer, but the benefits of Configuration Management should outweigh the cost
Why Change???
Problems can be identified from incidents. When a problem is defined, diagnosis takes place to find the root cause of the problem, and then a change request is entered to correct the problem
Objectives
To ensure that changes are recorded and then evaluated, authorized, prioritized, planned, tested, implemented, documented and reviewed in a controlled manner.
Respond to business and IT requests to align services with business needs.
Minimize impact of implementing changes, implement changes successfully.
Record all changes Use standard processes Reduce cost to business and increase value to business by
optimizing.
Change Management (AIMS)
The main aims of Change Management are :
Minimal disruption of services
Reduction in back-out activities
Economic utilization of resources involved in the change
Change Management
Change Management Terminology
Change
The addition, modification or removal of CIs (i.e. change password, adding user, adding a new nfs, removing a job from cron)
Request for Change (RFC)
Form used to record details of a request for a change and is sent as an input to Change Management by the Change Requestor
Forward Schedule of Changes (FSC)
schedule that contains details of all the forthcoming Changes
Types of Change
Basic Change Priority: Based on Impact+Urgency
High, Medium, Low … (Urgent?) Category: Based on business impact
Minor, Significant, Major
Urgent ChangeA change that needs to be implemented more quickly(e.g hw replacement – memory board, hd,nic)
Standard ChangeAn accepted solution to an identifiable and relatively common set of requirements (e.g. set up of User profile, Password reset)
Change Management
Request for Change ( RFC)
It is a formal document sent to Change Management by the Change Requestor requesting for a change.
Every RFC runs through a number of stages before the change can be implemented
Change Control Process – Basic (normal)
Change Manager
Filters requestsStart
Change Manager
Allocates initial priority
Change Manager
Decide category and/or use of
standard model
Implement change using appropriate Standard
Change model
Change Builder
Builds Change, devises back-out &
testing plans
Independent tester
Tests Changes
Change Manager
Co-ordinates Change
implementation
Change Manager
Change review
Closed
Change Manager
Approves / rejects and schedules
Changes, reports action to CAB
Change Manager
Circulates RFCs to CAB members
Change Manager
Circulates RFCs to Board members
minormajor significant
Senior management / board level
Approve / reject Changes
(Financial / Technical / Business)
Senior management / board level
Approve / reject Changes
(Financial / Technical / Business)
Change Control Process – Urgent
Change Manager
Filters requestsStart
Change Manager
Allocates initial priority
Change Manager
Calls CAB or CAB / EC meeting
CAB or CAB / EC
Quickly assesses impact resources
and urgency
Independent tester
Urgent testing
Change Manager
Co-ordinates Change
implementation
Change Manager
Ensures records are brought up to date
Change Manager
Review Change
Closed
Change Builder
Builds Change, devises back-out &
testing plans
Change Management
What the CAB discusses (7 R of change):
Who RAISED the change? What is the REASON for the change? What is the RETURN required from the change? What are the RISKS involved in the change? What RESOURCES are required to deliver the change? Who is RESPONSIBLE for the build, test and implementation of
the change? What is the RELATIONSHIP between this change and other
change?
Change Management
Change Approval Process:
Financial approval Indicates costs are within budgetary limits or cost-benefit
criteria are met
Technical approval Assurance that the Change is feasible, sensible and can be
performed without serious interruptions to the business
Customer approval To ensure that business managers are satisfied with the
proposals and accept any impact to their requirements
Change Management
Change Advisory Board (CAB)
RFCs are circulated to selected members Mandatory assessment of RFC Optional attendance at CAB meeting Meetings held on a regular basis
CAB / Emergency Committee (EC) Responsibility for impact assessment of urgent changes
Change Management
Change Review
All implemented changes must be reviewed to establish whether:
The change has had the desired effect and met its objectives
There have been no unexpected or undesirable side-effects
The resources used to implement the change were as planned
Change Advisory Board (CAB) The CAB is an advisory board that reviews RFCs and determines
and provides detail of likely impact
CAB participants include :
Customers/users affected by the change
Representatives of Service Management areas
Application development teams
Change Management
The benefits of Change Management are:
increased visibility and better communication of changes to both
business and service support staff
reduced adverse impact of change from improved business, technical
impact and risk assessment
improved productivity of users through less disruption and higher
quality of service
better assessment of the cost of proposed change
ability to absorb large number of changes
reduction in the number of incidents and problems caused by changes
Change Management - Benefits
Goal – Primary Objective
To take an holistic (Overall) view of a Change to an IT service and ensure that all aspects of a release, both technical and non-technical are considered together
Why Release Management
Manage large or critical hardware roll-outs
Manage major software roll-outs
Bundling or batching related sets of changes
Control the release of authorised CIs into the supported environment
Release Policy
A release policy document should be produced to clarify the roles and responsibilities for Release Management. There may be one document per organisation or an umbrella set of guidelines and specific details for each supported service
Goal
RM’s hands-on working group for Change Management
Manage release planning and policy, design, building and
configuration
Campaign for acceptance, plan he eventual rollout plan
Conduct extensive testing and Auditing
Preparation, installation, training
Storage, Release, Distribution, installation of software.
Responsibilities of Release Management
Release Policy
Release Planning
Develop or purchase software
Build / configure release
Fit for purpose testing
Release acceptance
Roll out planning
Communication preparation & training
Distribution & installation
Configuration Management Database (CMDB)andDefinitive Software Library (DSL)
Controlled Test Environment Live Environment
RELEASE MANAGEMENT
DevelopmentEnvironment
Terminology
Definitive Software Library (DSL)
Definitive Software Library – where ALL authorised versions of software are stored and protected. A Physical library or storage repository where master copies of software versions are kept. This one logical store may consist of one or more physical software libraries or file stores.
Definitive Hardware Store (DHS)
Definitive Hardware Store – An area set aside for the secure storage of definitive hardware spares.
Types of Release
Delta, Full and Package
Definitions
Release: a collection of authorised Changes to an IT Service
Release Unit: the portion of the IT infrastructure that is normally released together
Roll-out: deliver, install and commission an integrated set of new or changed CIs across logical or physical parts of an organisation
Types of Release
DeltaOnly those CI’s that have actually changed since last releaseare included.V1.1 V2.2, v2.5, Vn.n
FullAll components of the Release are built, tested, distributed andimplemented together (whether they have changed or not).Version v1, v2, v3.0, .. Vn
PackageIndividual Releases both Full and Delta are grouped together toform a Package for release.V1.1.1 V2.2.3, v2.5.1, V N.N.n
RM Development Environment
Release Policy
Release Planning
Design or Develop Software
Purchase Software (Hardware)
RM Controlled Testing Environment
Build and Configure (With back-out plan)
Fit for purpose Test
Release acceptance
Rollout planning
Communication, preparation and Training
Build Management
Software and Hardware components for release should be assembled
in a controlled, reproducible manner.
Build Management becomes the responsibility of Release management
from the controlled test environment on wards.
Back out plans should be devised and tested as part of the release.
Change Management allows CMDB to remain accurate.
Without Configuration data change impacts are not accurately
assessable.
Without Change and Configuration Management, Releases will not be
controllable.
Possible Problems
Resistance from Staff to new procedures
Circumvention of procedures
Unclear ownership and role acceptance
Lack of understanding of release contents
Reluctance to back out of a failing release.
Benefits
Improved service quality from greater success rate for releases
and minimal disruption to the business
Greater ability to cope with high levels of Change
Assurance that hardware and software in live use is of known
quality, reducing the chance of illegal, wrong or unauthorised
software being in use
Better expectation setting for Business and Service staff
Goal – Primary Objective
To optimise the capability of the IT infrastructure and supporting organisations to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives
Principles
Availability is at the core of business & end user satisfaction
When things go wrong, it is still possible to achieve business & end user satisfaction
Improving availability begins when it is understood how IT services integrate with and support the business
Why Availability Management
To ensure services are available when the customer needs them Influences Business Demand Cost required to meet demand
Complexity of IT Infrastructure Levels of Redundancy Reliability of the Infrastructure Level of Maintenance
Processes and procedures used by Services Human Factors
Skill sets
Responsibilities
Determine availability requirements in business terms
Predict and design for expected levels of availability
Optimise availability through monitoring and reporting
Produce Availability Plan – Long term for proactive improvement
Ensure SLAs are met and monitor OLA/UC availability obligations
Manage Service Outage Analysis (SOA)
Produce and maintain: Component Failure Impact Analysis (CFIA) Fault Tree Analysis (FTA)
Considerations
Availability Reliability
Maintainability Serviceability
Resilience
- Related to Resource Capacity Management
Security
- Confidentiality, Integrity, Availability (CIA)
Managed through OLAs
Managed through UCs
ITAMM – IT Availability Metrics Model
Range of metrics and perspectives that should be considered when establishing Measurement and Reporting
Measurements need to be meaningful and add value
Consider WHAT you measure and HOW you report it
Expanded Incident ‘lifecycle’
Incident Detection Diagnosis Repair Recovery Restoration Incident
DOWNTIME or MeanTime To Repair (M)TTR
UPTIME or MeanTime Between Failures (M)TBF
Time between system incidents (M)TBSI
Time
Calculating Availability
% Availability =
Further considerations: Components in series or parallel Weighting per number of users affected Weighting per criticality period
AST - DT
ASTX 100
Measuring Availability
Measurements need to be meaningful and add value to the IT and business organisation.
It would be necessary to consider both what is measured and how it is reported
Benefits
Services are designed and managed to meet specified business availability requirements
Shortfalls in levels of availability are identified and corrective actions taken
Frequency and duration of IT failures is reduced Availability levels are measured to fully support Service Level
Management
BUSINESS VALUE!
Effective Availability Management will influence customer satisfaction and determine the perceived Reliability of the business on the market
Goal – Primary Objective
To understand:
The future business requirements (the required service delivery) The organisation’s operation (the current delivery) The IT infrastructure (the means of service delivery) Ensure that all current and future capacity and aspects of the business
requirements are provided cost effectively
Why Capacity Management
Monitor the performance and throughput of IT services
Tuning activities to make efficient use of resources
Understand the current demands for IT services and produce
forecasts for future requirements
Help to influence demands for IT resources
Production of a Capacity Plan predicting the IT resources needed to
achieve agreed or proposed service levels
Success Factors
Accurate business forecasts
Understanding of current and future technology
Ability to demonstrate cost effectiveness
Interaction with other Service Management processes
Ability to plan for and implement appropriate IT capacity to match
business requirements and predictions
Responsibilities of Capacity Management
Business Capacity management (BCM)
Ensuring future business requirements for IT services are considered and matched to capability
Service Capacity Management (SCM)
Managing performance of IT services delivered to customers and documented in SLAs.
Resource Capacity management (RCM)
Management of components ensuring that all resources are monitored & measured
Business Capacity Management
Planning Future Business requirements:
Requires a knowledge of…..
Existing Service Levels, SLA’s
Future service levels and SLR’s
Business Plan and Capacity Plan
Modelling Techniques Analytical Simulation Trending Base lining
Application Sizing
Service Capacity Management
Monitors and Measures services
Requires a knowledge of …..
Service Levels and SLA’s
Service throughput and performance
Tuning and demand management
Resource Capacity Management
Management of Components of IT Infrastructure
Requires a knowledge of …..
Current technology and utilisation
Future alternative technologies
Resilience of systems and services
Capacity Management Database (CDB)
Forms the basis for the production of all Capacity management reporting
May consist of many physical data stores covering: Business data Service data Technical data Financial data Utilisation data
May form part of the CMDB
SLM Thresholds
Iterative Activities – Inputs
ResourceUtilisationThresholds
CapacityManagementDB
Monitor
Implement
Tune
Analyse
SLM ExceptionReports
Iterative Activities – Outputs
ResourceUtilisationExceptionReportsCapacity
ManagementDB
Monitor
Implement
Tune
Analyse
Other Activities
Demand Management – Differential Charging and Lock out
Modelling Trend Analysis, Analytical Modelling Simulation Modelling Baseline Modelling
Application Sizing
Production of the Capacity Plan
Capacity planning is essentially a balancing act: Cost against Capacity Supply against Demand
Benefits of Capacity Management
Increased efficiently and cost savings resulting in more economic provision of IT services
Elimination of unnecessary spare capacity Elimination of panic buying Possibility for deferred expenditure Reduced risk of performance Problems and failures More confident and improved forecasting Improved awareness of capacity issues within the development cycle
Service Continuity Management
Best Practices in IT Service Management
ITInfrastructure
ITInfrastructure
Goal – Primary Objective
To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales
Why Continuity Management
Ensuring business survival by reducing the impact of a disaster or
major failure
Reducing the vulnerability and risk to the business by effective risk
analysis and risk management
Preventing the loss of Customer and User confidence
Producing IT recovery plans that are integrated with and fully
support the organisation’s overall Business Continuity Plan
Considerations
IT Service Continuity options need to be understood and the most
appropriate solution chosen in support of BCM requirements
Roles and responsibilities need to be identified and supported from
a senior level
IT recovery plans and Business Continuity plans need to be aligned
regularly reviewed, revised and tested
The Business Continuity Life-cycle Overview
Stage 1 – Initiation
Initiate Business Continuity Manager
Stage 2 – Requirements and Strategy
Stage 3 - Implementation
Stage 4 - Operational Management
Stage 2 – Requirements and Strategy
Business Impact Analysis Identification of Critical Business Processes and Speed of Recovery
Risk Assessment and Methodology Threats to Assets CRAMM – CCTA’s Risk Analysis Management Methodology (Central
Computer and Telecommunications Agency)
Business Continuity Strategy Based on Top Risks
Risk Analysis
Asset Categorise and RANK 1-10 Hardware Software People Buildings etc.
Threat List and RANK 1-3 Vulnerability against Assets Matrix RANK 1-3
Risk = Asset * Threats * Vulnerability
IT Recovery Options
Do nothing
Manual back-up – revert to pen and paper
Reciprocal arrangements with another company
Gradual recovery - Cold Standby
Intermediate recovery - Warm Standby
Immediate recovery - Hot Standby
Gradual Recovery – COLD standby
Time to recovery > 72hrs
Empty Computer space
Remote
Portable
Nothing in the rooms
Requires contracts / procedures in place to set up
Intermediate Recovery – WARM standby
Time to recovery 24hrs to 72hrs
Filled Computer space
Remote
Portable
Networked Computers but with NO Data
Immediate Recovery – HOT standby
Time to recovery “within the working day” 0hrs to 8hrs
Filled Computer Space
Remote
Portable
Networked Computers with Data (but not necessarily up to date)
Benefits of Continuity Management
Management of risk and the consequent reduction of the impact of
failure
Fulfilment of regulatory requirements
Potentially lower insurance premiums
A more business focussed approach to IT continuity and recovery
Reduced business disruption during an incident
Increased customer confidence and organisational credibility
Goal – Primary Objective
To provide cost-effective stewardship (management) of (ALL) the IT assets and financial resources used in Services
Why Financial Management
Identify the actual cost of services provided
Provide accurate and vital financial information to assist in decision
making
Make Customers aware of what services actually cost TCO
Assist in the assessment and management of changes
Help influence customer behaviour
Positioning for charging
Concepts
Accounting and Budgeting (mandatory)
Understand costs involved in providing a service
Prediction of future costs
Monitor actual against predicted costs
Account for monetary spend over given period
Charging (optional)
Recovery of service costs from Customer
Operate IT Division as a business unit if required
IT Financial Cycle
Business IT Requirements IT Operational Plan
(inc. Budgets)
Financial Targets
Cost Analysis (Accounting)
Costing Models
Charges
Charging Policies
Feedback of proposed charges to business (effects behaviour)
Cost Model
COST TYPE
Transfer (Cross Charges) Hardware External Services Software People Accommodation
COST CATEGORISATION
Capital OR Operational Direct OR Indirect Fixed OR Variable
Key elements in determining the cost of a service
INDIRECT COSTS – NOT directly attributable but shared.
ABSORBED OVERHEADS – Total cost of indirect materials and expenses that are NOT passed onto the customer.
UNABSORBED OVERHEADS – Total cost of Indirect materials; wages; expenses that are apportioned and added to the cost of each service.
DIRECT COST – Directly attributable.
Charging
Based against Organisational policy on IT - overhead / break even /
profit centre
Prices should be simple, understandable, fair and realistic
Charging mechanism to support policy
Cost: Price=cost Cost plus: Price=cost +/-X%
Going rate: Price is comparable with other internal groups (internal X charge rate)
Market rate: Price matches that charged by external suppliers (open market price)
Fixed Price: Set price is agreed for a set period based on anticipated usage
Benefits
Reduced long term costs
Increased confidence in managing budgets
Accurate cost information
More efficient use of IT
Ensuring funds are available to provide service
Enables the recovery of costs
Influences customer behaviour
Allows comparison with alternative providers