INTRODUCTION TOIT SERVICE MANAGEMENT ( ITIL V2)

IT Service Management Objectives

ITIL is a Best Practice Framework used …..

To align IT services with the current and future needs of

the business and its Customers

To develop the quality of the IT services delivered

To reduce the long term cost of service provision

Integrated into Office of Government Commerce (OGC) and

British Standards Institute (BSI) guidance

Why Service Management

Increasing IT visibility and Reliance

Increasing demand from Business to deliver effective IT

solutions/services (Cost Effective)

Increasing complexity of IT infrastructure and processes

Increasing competition

Increasing pressure to realise return on investment

Considerations

Do not be over ambitious

Consider what elements already exist, are in use and effective

Identify what can be re-used or needs to be developed

Adapt the guidelines to meet your requirements

Process Improvement Model

Process Improvement Stages

Process improvement definition

Communication

Planning

Implementation

Review and Audit

ITIL Service Management

Service Support Day to day operational support of IT services

Service Delivery Long term planning and improvement of IT service provision

Key Definitions:

Customer: recipient of a service: usually the Customer management has responsibility for the funding of the service.

Provider: the unit responsible for the provision of IT service.

Supplier: a third party responsible for supplying or supporting underpinning elements of the IT service.

User: the person using the service on a daily basis.

IT Service Management Overview

BUSINESS (Customer)

User User User

SD

IM

PROBLEM

CH REL

CONFIGURATION

SLM

AM CM

IT SCM

FINANCE

SERVICESUPPORT

SERVICEDELIVERY

SPOC

SLA

SPOC Single Point of ContactSD Service DeskIM Incident MngtCH Change MngtREL Release Mngt

SLA Service Level AgreementSLM Service Level MngtAM Availability MngtCM Capacity MngtIT SCM IT Service Continuity Mngt

Service Support Process Model

Configuration Management

Release Management

Change Management

Problem Management

Incident Management

Business, Customers or Users

Releases

Changes

Management Tools

Incidents Incidents Service Desk

ProblemsKnown Errors

CI’sRelationships

ReleasesChangesIncidents

DifficultiesQueriesEnquiries

CommunicationsUpdatesWorkarounds

C M D B

CommunicationsUpdates Reports

Capacity PlanCDBTargets/ThresholdsCapacity ReportsSchedulesAudit Reports

Service Delivery Process Model

Business, Customers and Users

QueriesEnquiries

SLA’s, SLR’s, OLA’sService ReportsService CatalogueSIPException ReportsAudit Reports

Service LevelManagement

IT Continuity PlansBIA & Risk AnalysisControl CentresDR ContactsReportsAudit Reports

IT Service ContinuityManagement

RequirementsTargetsAchievements

Financial PlanTypes & ModelsCosts & ChargesReportsBudgets & ForecastsAudit Report

Availability PlanDesign CriteriaTargets/ThresholdsReportsAudit Reports

Financial Management for IT Services

CapacityManagement

AvailabilityManagement

Alerts & ExceptionsChanges

ManagementTools

Service Desk

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Service Level Management

FinancialManagementfor IT services

Capacity Management

Availability Management

IT Service ContinuityManagement

IncidentManagement Problem Management

Change Management

Configuration Management

Release Management

ITInfrastructure

ITInfrastructure

securitysecurity

Service DeskService Desk

ITIL Service Management

Service Desk

Goal: To provide a single point of contact for Customers To facilitate the restoration of normal operational service with

minimal business impact on the Customer within agreed service levels and business priorities.

Activities: Receive all calls and e-mails on incidents Incident recording (including RFC’s) Incident Classification Incident Prioritization Incident Escalation Search for Work Around Update the customer and IT group on progress

Contd…

Activities: Perform communication activities for the other ITIL

processes (e.g.Release notifications, change schedules, SLM-reports)

Perform daily CMDB verification Report to Management, Process Managers and customers

(through SLM) on Service Desk performance Benefits:

Improved Customer Service perception and satisfaction Increased accessibility through a single point of contact,

communication, and information Better-quality and quicker turnaround of customer requests Improved teamwork and communication

Contd…

Service Desk

Benefits Enhanced focus and a proactive approach to Service

provision A reduced negative business impact Better managed infrastructure and control Improved usage of IT support resources and increased

productivity of business personnel More meaningful management information to support

decisions.

Types of Service Desks Local Central Virtual

Service Desks is a function not a Process

Service Desk

Inputs and Outputs

Email/VoiceRequests

Service Desk

External Service Support

TelephoneRequests

Internet/Browser Requests

Fax RequestsHardwaree/Application Events

Product SupportSales &Marketing

Contract Support

Internal Service Support

Management Information & Monitoring

Service Desk

Desktop Support

Network Support

ApplicationSupport System &

Operations Support

Third Party Support

User 1 User 2 User 3

First Line Support

Structures: Local Service Desk

Centralized Service Desk

Desktop Support Network

SupportApplicationSupport

System &Operations Support

Third Party Support

CustomerSite 1

CustomerSite 2

CustomerSite 3

First Line Support

Second line support

Structures: Centralized Service Desk

Incident Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal - Primary Objective

To restore normal service operation as quickly as possible with minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained

Why Incident Management

Ensure the best use of resource to support the business Develop and maintain meaningful records relating to incidents Devise and apply a consistent approach to all incidents reported

Incident Definition

An incident is an event which is not part of the standard operation of a service and which causes, or may cause an interruption to, or a reduction in the quality of that service

Incident Lifecycle

Impact, Urgency & Priority

IMPACT

The likely effect the incident will have on the business (e.g. numbers affected, magnitude)

URGENCY

Assessment of the speed with which an incident or problem requires resolution (i.e. how much delay will the resolution bear)

PRIORITY

the relative sequence in which an incident or problem needs to be resolved, based on impact and urgency

Use of Support Teams

Escalation

2nd LineSupport Team

3rd LineSupport Team

Service DeskManager

Service DeskSupport Team

3rd LineManager

2nd LineManager

IT ServiceManager

Functional (competence)

Hie

rarc

hic

al

(au

tho

rity

)

Relationships

Relationship between incidents, Problem and Known Errors

Error in infrastructure

Incident

Problem

Known Error

RFC

Structural Resolution

Handling of Major Incidents

Major incidents occur when there is extreme impact to the Users. Problem Management should be notified to arrange a formal meeting. The Service Desk will ensure Incident records are maintained with all actions and decisions.

Reduced business impact of Incidents by timely resolution

Improved monitoring of performance against targets

Elimination of lost Incidents and Service Requests

More accurate CMDB information

Improved User satisfaction

Less disruption to both IT support staff and Users

Benefits

Possible Problems

Lack of Management commitment

Lack of agreed Customer service levels

Lack of knowledge or resources for resolving incidents

Poorly integrated processes

Unsuitable software tools

Users and IT staff bypassing the process

Problem Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal – Primary Objective

To minimise the adverse effect on the business of Incidents and Problems caused by errors in the infrastructure and to proactively prevent the occurrence of Incidents, Problems and Errors

Why Problem Management

Resolve Problems quickly and effectively Ensure resources are prioritised to resolve Problems Proactively identify and resolve Problems and Known Errors

thus minimising Incident occurrence / recurrence Improve the productivity of support staff

Problems & Known Errors

A Problem is the unknown underlying cause of one or more Incidents. It will become a Known Error when the root cause is known and a temporary work around or a permanent alternative has been identified

Service Desk – IM – PM (PC) (EC) - CM

PM

User

IncidentDB

ProblemDB

Known ErrorDB

Business Case to FIX

RaiseRFC

ERROR CONTROL

PR

OB

LE

M C

ON

TR

OL

Known Error

One or More Incidents withUnknown Underlying cause

Root Cause Known and Temp or Perm Fix found

STOP

NO

YES

Change Management

RRS

Incident

PM

PM

SD/IM

IM

Activities

Problem Control

Error Control

Major Incident Support

Management Information

Major Problem Reviews

Proactive Problem Prevention

Proactive Activities

Trend Analysis Post-Change occurrence of particular Problems Recurring Problems per type or per component Training, documentation issues

Preventative Action Raising RFC to prevent occurrence/recurrence Initiate education and training Ensure adherence to procedures Initiate process improvement Provide feedback to testing, training and documentation

Reduction in volume of Incidents

Improved IT service quality

Better first time fix rate at service desk

Permanent solutions

Improved organisation learning and awareness

Benefits

Configuration Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal – Primary Objective

To provide a logical model of the IT infrastructure by identifying,

controlling, maintaining and verifying the versions of ALL

Configuration Items in existence.

The goal is to keep all IT Infrastructure current

Make sure changes have been properly logged and documented

To maintain accurate topology of existing CIs

Account for ALL IT assets (when it was purchased, manufacturer, model, cost incurred, depreciation information etc) (IMACD) Installed, moved, added, changed, deleted

Provide accurate information to support other Service Management processes (Incident, Problem, Change, Release, Continuity, capacity, availability, finance, security)

Provide a sound basis for all other Service Management disciplines

Verify records against the infrastructure and to correct exceptions

Why Configuration Management?

Configuration Items (CIs)

Component of an infrastructure that is (or is to be) under the control of Configuration Management

Configuration Management Database (CMDB)

A database that contains all relevant details of each CI and details of the important relationships between CIs throughout its life cycle

Base Level

The lowest level at which CIs are uniquely identified

Baseline – A SNAPSHOT

The configuration of a product or system established at a specific point in time, capturing both structure and details version

Key Considerations

Types of CIs

CI Types

Hardware (Servers, desktops, file systems, disks, network components, firewall components, printers etc.)

Software (MS Office or any other application)

Documentation Processes and Procedures Technical documentation Diagrams/Charts

IT Staff NOT USERS

Planning Strategy, policy, scope, objective, roles & responsibilities Configuration Management processes, activities and procedures CMDB, Relationships with other processes Tools and resource requirements

Identification Selection, identification and labelling of all CIs based on the scope

Control Authorised additions, modifications and removal of CIs

Status Accounting The reporting of all current and life cycle data of each CI Ordered,

Tested, Operational, Maintenance, Archive…….

Verification & Auditing Reviews and audits to verify physical existence of CIs is up to

date

Reporting Document, Analyse and Improve

5 Activities of Configuration Management

Slide 42

Attributes

Attributes- Unique Identifier- CI Type ID- Service ID- Name- Version Number- Model / type identification- Place / location- License - Supplier- CI History- Status- Relationships- Variants (alternative)

Configuration Management Database (CMDB)

Relationships

Relationships

- ..is a parent/child of..

- ..is a version of..

- ..is connected to..

- ..applies to..(e.g. documentation)

- ..is used for.. (CI’s related to service)

- ..is a variant of.. (MS Dictionary English vs. Dutch)

Any others that are meaningful and useful to the organisation can be used

Interaction with other processes

Benefits

Provides accurate information on CIs and their documentation to support

all other Service Management disciplines

Contributes to faster trouble shooting and change process

Facilitates adherence to legal and contractual obligations and provide

better control over H/W & S/W

Improves security by controlling the versions of CIs in use

Enhance planning for procurement and expenditure

Support for capacity and availability management

Is a foundation for IT continuity management

Overall helps provide IT services in a timely and cost effective manner

Challenges

Cost and effort to design, implement & maintain CMDB

Wrong identification of scope and CI details

Effects of sudden changes and tight schedules

Users and customers bypassing the process

Setting up Configuration Management

The planning process for setting up could take up to 6 months. Actual implementation may take much longer, but the benefits of Configuration Management should outweigh the cost

Change Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Why Change???

Problems can be identified from incidents. When a problem is defined, diagnosis takes place to find the root cause of the problem, and then a change request is entered to correct the problem

Objectives

To ensure that changes are recorded and then evaluated, authorized, prioritized, planned, tested, implemented, documented and reviewed in a controlled manner.

Respond to business and IT requests to align services with business needs.

Minimize impact of implementing changes, implement changes successfully.

Record all changes Use standard processes Reduce cost to business and increase value to business by

optimizing.

Change Management (AIMS)

The main aims of Change Management are :

Minimal disruption of services

Reduction in back-out activities

Economic utilization of resources involved in the change

Change Management

Change Management Terminology

Change

The addition, modification or removal of CIs (i.e. change password, adding user, adding a new nfs, removing a job from cron)

Request for Change (RFC)

Form used to record details of a request for a change and is sent as an input to Change Management by the Change Requestor

Forward Schedule of Changes (FSC)

schedule that contains details of all the forthcoming Changes

Types of Change

Basic Change Priority: Based on Impact+Urgency

High, Medium, Low … (Urgent?) Category: Based on business impact

Minor, Significant, Major

Urgent ChangeA change that needs to be implemented more quickly(e.g hw replacement – memory board, hd,nic)

Standard ChangeAn accepted solution to an identifiable and relatively common set of requirements (e.g. set up of User profile, Password reset)

Request for Change ( RFC) - Contents

Change Management

Request for Change ( RFC)

It is a formal document sent to Change Management by the Change Requestor requesting for a change.

Every RFC runs through a number of stages before the change can be implemented

Change Control Process – Basic (normal)

Change Manager

Filters requestsStart

Change Manager

Allocates initial priority

Change Manager

Decide category and/or use of

standard model

Implement change using appropriate Standard

Change model

Change Builder

Builds Change, devises back-out &

testing plans

Independent tester

Tests Changes

Change Manager

Co-ordinates Change

implementation

Change Manager

Change review

Closed

Change Manager

Approves / rejects and schedules

Changes, reports action to CAB

Change Manager

Circulates RFCs to CAB members

Change Manager

Circulates RFCs to Board members

minormajor significant

Senior management / board level

Approve / reject Changes

(Financial / Technical / Business)

Senior management / board level

Approve / reject Changes

(Financial / Technical / Business)

Change Control Process – Urgent

Change Manager

Filters requestsStart

Change Manager

Allocates initial priority

Change Manager

Calls CAB or CAB / EC meeting

CAB or CAB / EC

Quickly assesses impact resources

and urgency

Independent tester

Urgent testing

Change Manager

Co-ordinates Change

implementation

Change Manager

Ensures records are brought up to date

Change Manager

Review Change

Closed

Change Builder

Builds Change, devises back-out &

testing plans

Change Management

What the CAB discusses (7 R of change):

Who RAISED the change? What is the REASON for the change? What is the RETURN required from the change? What are the RISKS involved in the change? What RESOURCES are required to deliver the change? Who is RESPONSIBLE for the build, test and implementation of

the change? What is the RELATIONSHIP between this change and other

change?

Change Management

Change Approval Process:

Financial approval Indicates costs are within budgetary limits or cost-benefit

criteria are met

Technical approval Assurance that the Change is feasible, sensible and can be

performed without serious interruptions to the business

Customer approval To ensure that business managers are satisfied with the

proposals and accept any impact to their requirements

Change Management

Change Advisory Board (CAB)

RFCs are circulated to selected members Mandatory assessment of RFC Optional attendance at CAB meeting Meetings held on a regular basis

CAB / Emergency Committee (EC) Responsibility for impact assessment of urgent changes

Change Management

Change Review

All implemented changes must be reviewed to establish whether:

The change has had the desired effect and met its objectives

There have been no unexpected or undesirable side-effects

The resources used to implement the change were as planned

Change Advisory Board (CAB) The CAB is an advisory board that reviews RFCs and determines

and provides detail of likely impact

CAB participants include :

Customers/users affected by the change

Representatives of Service Management areas

Application development teams

Change Management

The benefits of Change Management are:

increased visibility and better communication of changes to both

business and service support staff

reduced adverse impact of change from improved business, technical

impact and risk assessment

improved productivity of users through less disruption and higher

quality of service

better assessment of the cost of proposed change

ability to absorb large number of changes

reduction in the number of incidents and problems caused by changes

Change Management - Benefits

Release Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal – Primary Objective

To take an holistic (Overall) view of a Change to an IT service and ensure that all aspects of a release, both technical and non-technical are considered together

Why Release Management

Manage large or critical hardware roll-outs

Manage major software roll-outs

Bundling or batching related sets of changes

Control the release of authorised CIs into the supported environment

Release Policy

A release policy document should be produced to clarify the roles and responsibilities for Release Management. There may be one document per organisation or an umbrella set of guidelines and specific details for each supported service

Goal

RM’s hands-on working group for Change Management

Manage release planning and policy, design, building and

configuration

Campaign for acceptance, plan he eventual rollout plan

Conduct extensive testing and Auditing

Preparation, installation, training

Storage, Release, Distribution, installation of software.

Responsibilities of Release Management

Release Policy

Release Planning

Develop or purchase software

Build / configure release

Fit for purpose testing

Release acceptance

Roll out planning

Communication preparation & training

Distribution & installation

Configuration Management Database (CMDB)andDefinitive Software Library (DSL)

Controlled Test Environment Live Environment

RELEASE MANAGEMENT

DevelopmentEnvironment

Terminology

Definitive Software Library (DSL)

Definitive Software Library – where ALL authorised versions of software are stored and protected. A Physical library or storage repository where master copies of software versions are kept. This one logical store may consist of one or more physical software libraries or file stores.

Definitive Hardware Store (DHS)

Definitive Hardware Store – An area set aside for the secure storage of definitive hardware spares.

Types of Release

Delta, Full and Package

Definitions

Release: a collection of authorised Changes to an IT Service

Release Unit: the portion of the IT infrastructure that is normally released together

Roll-out: deliver, install and commission an integrated set of new or changed CIs across logical or physical parts of an organisation

Types of Release

DeltaOnly those CI’s that have actually changed since last releaseare included.V1.1 V2.2, v2.5, Vn.n

FullAll components of the Release are built, tested, distributed andimplemented together (whether they have changed or not).Version v1, v2, v3.0, .. Vn

PackageIndividual Releases both Full and Delta are grouped together toform a Package for release.V1.1.1 V2.2.3, v2.5.1, V N.N.n

RM Process

RM Development Environment

Release Policy

Release Planning

Design or Develop Software

Purchase Software (Hardware)

RM Controlled Testing Environment

Build and Configure (With back-out plan)

Fit for purpose Test

Release acceptance

Rollout planning

Communication, preparation and Training

RM Live Environment

Release Distribution

Installation

Cost and Potential Problems

Build Management

Software and Hardware components for release should be assembled

in a controlled, reproducible manner.

Build Management becomes the responsibility of Release management

from the controlled test environment on wards.

Back out plans should be devised and tested as part of the release.

Change Management allows CMDB to remain accurate.

Without Configuration data change impacts are not accurately

assessable.

Without Change and Configuration Management, Releases will not be

controllable.

Possible Problems

Resistance from Staff to new procedures

Circumvention of procedures

Unclear ownership and role acceptance

Lack of understanding of release contents

Reluctance to back out of a failing release.

Benefits

Improved service quality from greater success rate for releases

and minimal disruption to the business

Greater ability to cope with high levels of Change

Assurance that hardware and software in live use is of known

quality, reducing the chance of illegal, wrong or unauthorised

software being in use

Better expectation setting for Business and Service staff

Availability Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal – Primary Objective

To optimise the capability of the IT infrastructure and supporting organisations to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives

Principles

Availability is at the core of business & end user satisfaction

When things go wrong, it is still possible to achieve business & end user satisfaction

Improving availability begins when it is understood how IT services integrate with and support the business

Why Availability Management

To ensure services are available when the customer needs them Influences Business Demand Cost required to meet demand

Complexity of IT Infrastructure Levels of Redundancy Reliability of the Infrastructure Level of Maintenance

Processes and procedures used by Services Human Factors

Skill sets

Responsibilities

Determine availability requirements in business terms

Predict and design for expected levels of availability

Optimise availability through monitoring and reporting

Produce Availability Plan – Long term for proactive improvement

Ensure SLAs are met and monitor OLA/UC availability obligations

Manage Service Outage Analysis (SOA)

Produce and maintain: Component Failure Impact Analysis (CFIA) Fault Tree Analysis (FTA)

Considerations

Availability Reliability

Maintainability Serviceability

Resilience

- Related to Resource Capacity Management

Security

- Confidentiality, Integrity, Availability (CIA)

Managed through OLAs

Managed through UCs

ITAMM – IT Availability Metrics Model

Range of metrics and perspectives that should be considered when establishing Measurement and Reporting

Measurements need to be meaningful and add value

Consider WHAT you measure and HOW you report it

Expanded Incident ‘lifecycle’

Incident Detection Diagnosis Repair Recovery Restoration Incident

DOWNTIME or MeanTime To Repair (M)TTR

UPTIME or MeanTime Between Failures (M)TBF

Time between system incidents (M)TBSI

Time

Calculating Availability

% Availability =

Further considerations: Components in series or parallel Weighting per number of users affected Weighting per criticality period

AST - DT

ASTX 100

Measuring Availability

Measurements need to be meaningful and add value to the IT and business organisation.

It would be necessary to consider both what is measured and how it is reported

Benefits

Services are designed and managed to meet specified business availability requirements

Shortfalls in levels of availability are identified and corrective actions taken

Frequency and duration of IT failures is reduced Availability levels are measured to fully support Service Level

Management

BUSINESS VALUE!

Effective Availability Management will influence customer satisfaction and determine the perceived Reliability of the business on the market

Capacity Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal – Primary Objective

To understand:

The future business requirements (the required service delivery) The organisation’s operation (the current delivery) The IT infrastructure (the means of service delivery) Ensure that all current and future capacity and aspects of the business

requirements are provided cost effectively

Why Capacity Management

Monitor the performance and throughput of IT services

Tuning activities to make efficient use of resources

Understand the current demands for IT services and produce

forecasts for future requirements

Help to influence demands for IT resources

Production of a Capacity Plan predicting the IT resources needed to

achieve agreed or proposed service levels

Success Factors

Accurate business forecasts

Understanding of current and future technology

Ability to demonstrate cost effectiveness

Interaction with other Service Management processes

Ability to plan for and implement appropriate IT capacity to match

business requirements and predictions

Responsibilities of Capacity Management

Business Capacity management (BCM)

Ensuring future business requirements for IT services are considered and matched to capability

Service Capacity Management (SCM)

Managing performance of IT services delivered to customers and documented in SLAs.

Resource Capacity management (RCM)

Management of components ensuring that all resources are monitored & measured

Business Capacity Management

Planning Future Business requirements:

Requires a knowledge of…..

Existing Service Levels, SLA’s

Future service levels and SLR’s

Business Plan and Capacity Plan

Modelling Techniques Analytical Simulation Trending Base lining

Application Sizing

Service Capacity Management

Monitors and Measures services

Requires a knowledge of …..

Service Levels and SLA’s

Service throughput and performance

Tuning and demand management

Resource Capacity Management

Management of Components of IT Infrastructure

Requires a knowledge of …..

Current technology and utilisation

Future alternative technologies

Resilience of systems and services

Capacity Management Database (CDB)

Forms the basis for the production of all Capacity management reporting

May consist of many physical data stores covering: Business data Service data Technical data Financial data Utilisation data

May form part of the CMDB

Iterative Activities – The Cycle

Monitor

Implement

Tune

Analyse

SLM Thresholds

Iterative Activities – Inputs

ResourceUtilisationThresholds

CapacityManagementDB

Monitor

Implement

Tune

Analyse

SLM ExceptionReports

Iterative Activities – Outputs

ResourceUtilisationExceptionReportsCapacity

ManagementDB

Monitor

Implement

Tune

Analyse

Other Activities

Demand Management – Differential Charging and Lock out

Modelling Trend Analysis, Analytical Modelling Simulation Modelling Baseline Modelling

Application Sizing

Production of the Capacity Plan

Capacity planning is essentially a balancing act: Cost against Capacity Supply against Demand

Benefits of Capacity Management

Increased efficiently and cost savings resulting in more economic provision of IT services

Elimination of unnecessary spare capacity Elimination of panic buying Possibility for deferred expenditure Reduced risk of performance Problems and failures More confident and improved forecasting Improved awareness of capacity issues within the development cycle

Service Continuity Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal – Primary Objective

To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales

Why Continuity Management

Ensuring business survival by reducing the impact of a disaster or

major failure

Reducing the vulnerability and risk to the business by effective risk

analysis and risk management

Preventing the loss of Customer and User confidence

Producing IT recovery plans that are integrated with and fully

support the organisation’s overall Business Continuity Plan

Considerations

IT Service Continuity options need to be understood and the most

appropriate solution chosen in support of BCM requirements

Roles and responsibilities need to be identified and supported from

a senior level

IT recovery plans and Business Continuity plans need to be aligned

regularly reviewed, revised and tested

The Business Continuity Life-cycle Overview

Stage 1 – Initiation

Initiate Business Continuity Manager

Stage 2 – Requirements and Strategy

Stage 3 - Implementation

Stage 4 - Operational Management

Stage 2 – Requirements and Strategy

Business Impact Analysis Identification of Critical Business Processes and Speed of Recovery

Risk Assessment and Methodology Threats to Assets CRAMM – CCTA’s Risk Analysis Management Methodology (Central

Computer and Telecommunications Agency)

Business Continuity Strategy Based on Top Risks

Risk Analysis

ANALYSIS

Assets Threats Vulnerabilities

MANAGEMENT

Risks

Countermeasures

Risk Analysis

Asset Categorise and RANK 1-10 Hardware Software People Buildings etc.

Threat List and RANK 1-3 Vulnerability against Assets Matrix RANK 1-3

Risk = Asset * Threats * Vulnerability

IT Recovery Options

Do nothing

Manual back-up – revert to pen and paper

Reciprocal arrangements with another company

Gradual recovery - Cold Standby

Intermediate recovery - Warm Standby

Immediate recovery - Hot Standby

Gradual Recovery – COLD standby

Time to recovery > 72hrs

Empty Computer space

Remote

Portable

Nothing in the rooms

Requires contracts / procedures in place to set up

Intermediate Recovery – WARM standby

Time to recovery 24hrs to 72hrs

Filled Computer space

Remote

Portable

Networked Computers but with NO Data

Immediate Recovery – HOT standby

Time to recovery “within the working day” 0hrs to 8hrs

Filled Computer Space

Remote

Portable

Networked Computers with Data (but not necessarily up to date)

Benefits of Continuity Management

Management of risk and the consequent reduction of the impact of

failure

Fulfilment of regulatory requirements

Potentially lower insurance premiums

A more business focussed approach to IT continuity and recovery

Reduced business disruption during an incident

Increased customer confidence and organisational credibility

Finance Management

Best Practices in IT Service Management

ITInfrastructure

ITInfrastructure

Goal – Primary Objective

To provide cost-effective stewardship (management) of (ALL) the IT assets and financial resources used in Services

Why Financial Management

Identify the actual cost of services provided

Provide accurate and vital financial information to assist in decision

making

Make Customers aware of what services actually cost TCO

Assist in the assessment and management of changes

Help influence customer behaviour

Positioning for charging

Concepts

Accounting and Budgeting (mandatory)

Understand costs involved in providing a service

Prediction of future costs

Monitor actual against predicted costs

Account for monetary spend over given period

Charging (optional)

Recovery of service costs from Customer

Operate IT Division as a business unit if required

IT Financial Cycle

Business IT Requirements IT Operational Plan

(inc. Budgets)

Financial Targets

Cost Analysis (Accounting)

Costing Models

Charges

Charging Policies

Feedback of proposed charges to business (effects behaviour)

Cost Model

COST TYPE

Transfer (Cross Charges) Hardware External Services Software People Accommodation

COST CATEGORISATION

Capital OR Operational Direct OR Indirect Fixed OR Variable

Key elements in determining the cost of a service

INDIRECT COSTS – NOT directly attributable but shared.

ABSORBED OVERHEADS – Total cost of indirect materials and expenses that are NOT passed onto the customer.

UNABSORBED OVERHEADS – Total cost of Indirect materials; wages; expenses that are apportioned and added to the cost of each service.

DIRECT COST – Directly attributable.

Charging

Based against Organisational policy on IT - overhead / break even /

profit centre

Prices should be simple, understandable, fair and realistic

Charging mechanism to support policy

Cost: Price=cost Cost plus: Price=cost +/-X%

Going rate: Price is comparable with other internal groups (internal X charge rate)

Market rate: Price matches that charged by external suppliers (open market price)

Fixed Price: Set price is agreed for a set period based on anticipated usage

Benefits

Reduced long term costs

Increased confidence in managing budgets

Accurate cost information

More efficient use of IT

Ensuring funds are available to provide service

Enables the recovery of costs

Influences customer behaviour

Allows comparison with alternative providers

www.sonata-software.com

Questions