itil یتامدقم میهافم و ینابم :هدنروآدگ ای هدنیون…بانی...itil...
TRANSCRIPT
عنوان دوره آموزشی:
ITILمبانی و مفاهیم مقدماتی
نویسنده یا گردآورنده:
نویده خدائی
مدرک و رشته تحصیلی گردآورنده :
لیسانس مهندسی فناوری اطالعات فوق
تاریخ نگارش:
96پاییز
3
گروه هدف
کارشناسان فناوری اطالعات
اهداف آموزشی
آشنایی با چارچوب کتابخانه زیرساخت فناوری اطالعات
آموزش اجرای متد و شكل
حضوری غیر
ارزشیابی شیوه
مون کتبیآز
4
فهرست مطالب
ITILای بر مقدمه .1
ITILو فرایندهای اجزاء .2
Service Strategyشرح و توضیح مفاهیم مطرح در فرایند تدوین استراتژی و سبد خدمات . .3
Service Designشرح و توضیح مفاهیم مطرح در فرایند طراحی خدمات . .4
Service Transitionند شرح و توضیح مفاهیم مطرح در فرای .5
Service Operationبرداری از خدمات . شرح و توضیح مفاهیم مطرح در فرایند بهره .6
Continual service improvementشرح و توضیح مفاهیم مطرح در فرایند بهبود مستمر . .7
ITIL(Why ITIL® Is Important?)اهمیت .8
5
ITILای بر مقدمه .1
(Information Technology Infrastructure Library) فناوری اطالعات یک چارچوب راهنما برای مدیران (IT )
به مدیران ITILو بهینه سازی نمایند. مدیریت می باشد تا بتوانند زیرساختهای فناوری اطالعات را در سازمان خود
این امکان را می دهد تا از سطح خدمات ارائه شده در سازمان اطمینان حاصل نموده و بتوانند زیرساختهای مورد
1HMSOوسیله به 1995تا 1989های بین سال ITILنیاز را بر طبق یک برنامه از پیش تعیین شده تهیه نمایند.
های ابتدایی از آن به هلند و انگلستان محدود بود.در انگلستان منتشر شد. استفاده
های ارائه خدمت فناوری هایی بود که تمامی زمینهجلدی از کتاب 31ای شامل مجموعه ITILنسخه ابتدایی
داد.اطالعات را پوشش می
یک استاندارد ITIL ، اما واقعیت این است کهدانست IT را یک استاندارد در حوزه ITIL به زبان ساده می توان
است که سازمان ها و شرکت های دولتی مرتبط ( best practice ) یک سری تجربه موفق ITIL نیست . در واقع
دولت انگلستان برای سازمان دهی .برای مدیریت کارهایشان از آن استفاده می کنند در دولت انگلستان ، IT با
می IT ارائه کرده که با انجام آنها شرکت ها و سازمان های حوزه الگوهایی ، یک سری ITبا فعالیت های مرتبط
. توانند بهتر به نتیجه برسند
این تجربیات موفق مورد تایید بزرگترین مراجع انگلیس است و در نشر آنها تقریبا مهمترین شرکت ها و سازمان
ها با ارائه راه حل های موفقی که در برخورد با مسایل مختلف های دولتی انگلیس شرکت داشته اند . این شرکت
را ارائه خود داشتند و نهایتا با ترکیب آنها و مشخص کردن بهترین ها یکسری تجربه موفق IT و مدیریت حوزه
.شناخته می شود Information Technology Infrastructure Library یا ITIL کردند که امروزه به نام
یک استاندارد نیست ( ارائه شده که در هر نسخه ITIL دقت کنید کهسه نسخه از این تجربه موفق ) تا کنون
را دربر می گیرد و امروزه IT تمام موارد مدیریتی یک شرکت .بهبودهایی نسبت به نسخه قبل انجام شده است
رعایت آن هستند . برای نمونه که در کشور انگلستان مشغول به کار هستند ، ) موظف ( به IT همه شرکت های
ضروری Service Desk یا Help Desk این تجربه موفق نشان داده که برای ارتباط با مشتری ، داشتن یک برنامه
است. اقدام کرده Help Desk است و قاعدتا همین تجربه موفق به ارائه یک برنامه
را نشان می دهد. ITILسیرتکاملی 1شکل
1 www.hmso.gov.uk
6
ITILسیر تکاملی -1شکل
می شوند: تدوین و طراحی سطح سه در برتر تجارب این
بررسی و مرور به نیاز که فعالیتهایی و جاری خدمات بلندمدت اهداف سطح این در :استراتژیک سطح
.می گیرد قرار بازنگری مورد دارند
در باشند نیاز مورد فعالیتها تهیه و تدارك برای راهنما عنوان به که مشخصی فعالیتهای :تاکتیکی سطح
.می گیرند قرار بازنگری مورد سطح این
صورت سطح این در نهایی کاربران و مشتریان از پشتیبانی برای جاری فعالیتهای اجرای :عملیاتی سطح
این رد استراتژیک اهداف که است آن نشان دهنده سطح این در فعالیتها موفقیت آمیز اجرای می پذیرد.
.است شده پشتیبانی خوبی به سطح
ITIL, formally an acronym for Information Technology Infrastructure Library, is a set of
detailed practices for IT service management (ITSM) that focuses on aligning IT services with
the needs of business. In its current form (known as ITIL 2011), ITIL is published as a series
of five core volumes, each of which covers a different ITSM lifecycle stage. Although ITIL
underpins ISO/IEC 20000 (previously BS 15000), the International Service Management
Standard for IT service management, there are some differences between the ISO 20000
standard and the ITIL framework.
ITIL describes processes, procedures, tasks, and checklists which are not organization-specific,
but can be applied by an organization for establishing integration with the organization's
strategy, delivering value, and maintaining a minimum level of competency. It allows the
organization to establish a baseline from which it can plan, implement, and measure. It is used
to demonstrate compliance and to measure improvement. (It is to be noted that there is no
formal independent 3rd Party Compliance Assessment available for ITIL compliance in an
organisation, Certification in ITIL is only available to individuals and relates to their
knowledge of the 5 books)
7
Since July 2013, ITIL has been owned by AXELOS, a joint venture between Capita and the
UK Cabinet Office. AXELOS licenses organisations to use the ITIL intellectual property,
accredits licensed examination institutes, and manages updates to the framework.
Organizations that wish to implement ITIL internally do not require this license.
Responding to growing dependence on IT, the UK Government's Central Computer and
Telecommunications Agency (CCTA) in the 1980s developed a set of recommendations. It
recognized that, without standard practices, government agencies and private sector contracts had
started independently creating their own IT management practices.
The IT Infrastructure Library originated as a collection of books, each covering a specific practice
within IT service management. ITIL was built around a process model-based view of controlling
and managing operations often credited to W. Edwards Deming and his plan-do-check-act (PDCA)
cycle.
After the initial publication in 1989–96, the number of books quickly grew within ITIL Version 1
to more than 30 volumes.
In 2000/2001, to make ITIL more accessible (and affordable), ITIL Version 2 consolidated the
publications into nine logical "sets" that grouped related process-guidelines to match different
aspects of IT management, applications and services. The Service Management sets (Service
Support and Service Delivery) were by far the most widely used, circulated, and understood of the
ITIL Version 2 publications.
In April 2001, the CCTA was merged into the OGC, an office of the UK Treasury.
In 2006, the ITIL Version 2 glossary was published.
In May 2007, this organization issued ITIL Version 3 (also known as the ITIL Refresh
Project) consisting of 26 processes and functions, now grouped into only 5 volumes,
arranged around the concept of Service lifecycle structure. ITIL Version 3 is now known
as ITIL 2007 Edition.
In 2009, the OGC officially announced that ITIL Version 2 certification would be
withdrawn and launched a major consultation as per how to proceed.
In July 2011, the 2011 edition of ITIL was published, providing an update to the version
published in 2007. The OGC is no longer listed as the owner of ITIL, following the
consolidation of OGC into the Cabinet Office.
Overview of ITIL 2007 edition
ITIL 2007 edition (previously known as ITIL Version 3) is an extension of ITIL Version 2 and
fully replaced it following the completion of the withdrawal period on 30 June 2011. ITIL 2007
provides a more holistic perspective on the full life cycle of services, covering the entire IT
organization and all supporting components needed to deliver services to the customer, whereas
ITIL Version 2 focused on specific activities directly related to service delivery and support.
Most of the ITIL Version 2 activities remained untouched in 2007, but some significant changes
in terminology were introduced in order to facilitate the expansion.
8
Changes and characteristics of the 2011 edition of ITIL
A summary of changes has been published by the UK Government. In line with the 2007 edition,
the 2011 edition consists of five core publications – Service Strategy, Service Design, Service
Transition, Service Operation, and Continual Service Improvement. ITIL 2011 is an update to the
ITIL framework that addresses significant additional guidance with the definition of formal
processes which were previously implied but not identified, as well as correction of errors and
inconsistencies.
Twenty-six processes are listed in ITIL 2011 edition and described below, along with which core
publication provides the main content for each process.
ITIL 2007 has five volumes, published in May 2007, and updated in July 2011 as ITIL 2011 for
consistency:
1. ITIL Service Strategy: understands organizational objectives and customer needs.
2. ITIL Service Design: turns the service strategy into a plan for delivering the business objectives.
3. ITIL Service Transition: develops and improves capabilities for introducing new services into
supported environments.
4. ITIL Service Operation: manages services in supported environments.
5. ITIL Continual Service Improvement: achieves services incremental and large-scale
improvements.
Due to the similarity between ITIL v3 of 2007 and ITIL 2011, no bridge examinations for ITIL
v3 certification holders were created or made available for ITIL 2011 certification.
9
ITILو فرایندهای اجزاء .2
ITIL v3 این فرایندها را نشان می دهد؛ که عبارتند از: 2شکل .شامل پنج فرایند کلیدی است
( استراتژی سرویسService Strategy)
( طراحی سرویسService Design)
( انتقال سرویسService Transition)
( عملیات سرویسService Operation)
بهبود مداوم سرویس (Continual Service Improvement)
ITILفرایندهای -2شکل
10
Service Strategyشرح و توضیح مفاهیم مطرح در فرایند تدوین استراتژی و سبد خدمات . .3
ترونیکی الک خدماتکنندگان گیری سطح باالی تشکیالت فناوری اطالعات و ارائهاستراتژی سرویس رویکرد و جهت
شود و از سه عنصر ارائه خدمت باکیفیترا برای فراهم کردن یک سرویس الکترونیکی باکیفیت باال را شامل می
شود. در کتابخانه زیرساخت فناوری اطالعات، یل میباال، افزایش سودآوری اقتصادی و افزایش رضایت مشتری تشک
انداز، کننده چشماستراتژی سرویس یک مرحله از چرخه حیات یک سرویس است. استراتژی سرویس مشخص
ها به منظور تحقق دهنده سرویس نیازمند اجرایی کردن آنها و الگوهایی است که یک ارائهموقعیت، برنامه
زمان است. استراتژی سرویس شامل فرآیندهای مدیریت استراتژی برای سرویس وکار یک ساهای کسبخروجی
ت.وکار اسفاوا، مدیریت سبد سرویس، مدیریت مالی برای سرویس فاوا، مدیریت تقاضا و مدیریت روابط کسب
های خشتواند به تنهایی و بدون سایر بقرار گرفته اما نمی ITIL استراتژی سرویس در مرکز )هسته( چرخه زندگی
(best practices) برای ایجاد تجربیات موفق(framework) ایجاد شود. این بخش دربرگیرنده یک زیربنا IT ساختار
در اثر توسعه بلند مدت استراتژی سرویس است.
Service Strategy سیسرو کیفراهم کردن یرا برا یکیو ارائه کنندگان خدمات الکترون سیسرو یاستراتژ
که شامل سه مورد ردیگ یباال را در بر م التیتشک یسطح باال یریو جهت گ کردیرو IT تیفیک اب یکیالکترون
:است
تیفیارائه خدمات با ک
یاقتصاد یسود آور شیافزا
یمشتر تیرضا شیافزا
ه ب یو اقتصاد ی، فرهنگ یاجتماع یبه فاکتور ها دیبا سیسرو تیریمده ک س،یسرو ینکته: در مرحله استراتژ
:دهدیپاسخ م ریز یبه سواالت کل سیسرو یطور همزمان توجه کند استراتژ
؟ میچگونه ارائه ده دیرا با یسیچه سرو
؟ میرا ارائه ده سیسرو نیا دیچرا با
ه گرفتشکل ،دهنده خدمت در آن قرار داردسازمانی که ارائهتواند مجزا از استراتژی و فرهنگاستراتژی خدمت نمی
دهنده خدمت در یک سازمان ممکن است منحصراً برای ارائه خدمت به یک واحد خاص از د. ارائهو یا دوام یاب
دهنده خدمت خارج سازمانی عنوان یک ارائهوکار و یا ممکن است بهوکار، ارائه خدمت به چندین واحد کسبکسب
11
و ارزش کافی برای مشتریانبایست شده میرسانی نماید. استراتژی پذیرفتهوکار خارجی خدمتبه چندین کسب
دهنده خدمت را پوشش دهند.تمامی ذینفعان خدمت تأمین نماید. درواقع باید اهداف استراتژیک ارائه
بایست استراتژی خدمتش بر اساس شناخت کند، میدهنده خدمت در آن فعالیت میای که ارائهنظر از زمینهقطع
کند و یک دیدگاه کلی از اینکه چگونه یک ای که انتخاب میبهروشنی از وجود رقابت باشد، آگاهی از هر جن
دهندگان خدمت نیاز به استراتژی خدمت دارند.دهنده خدمت، خود را متفاوت از رقبا جلوه دهد. تمامی ارائهارائه
قرارگرفته است. استراتژی خدمت شروع به ITILروست که مبحث استراتژی خدمت در مرکز چرخه عمر ازاین
ها در انجام کار و رشد نماید تا به آندهندگان خدمات فناوری اطالعات و مشتریانشان میهنمایی تمامی ارائهرا
مثال فهم و درك دقیق:عنوانوسیله ساخت یک استراتژی واضح کمک نماید. بهبلندمدت به
.خدماتی که باید ارائه دهند
بایست به او ارائه شود.کسی که خدمات می
بایست بازارهای داخلی و خارجی را برای خدماتشان توسعه دهند؟چگونه می
شده توسط شما یا چگونگی انجام آن رقابت بالقوه و جاری در این بازارها و اهدافی که ارزش کار انجام
توسط شما را متمایز سازد.
سپاری را دهندگان خدمت تصمیمات خدمتچگونه مشتریان با توجه به استفاده از انواع مختلف ارائه
اتخاذ خواهند نمود؟
چگونه دید و کنترل بر ایجاد ارزش از طریق مدیریت مالی ایجاد خواهد شد؟
های خدمت و امکانات گذاری استراتژیک در داراییسازی سرمایهوکار قوی برای ایمنچگونه موارد کسب
مدیریت خدمت ایجاد خواهد شد؟
کند.را تعریف می ITILمبحث استراتژی خدمت چند مفهوم کلیدی
استراتژی Pچهار
چشم( اندازPerspective.تصور و راه مشخص :)
( جایگاهPositionمبنا و اساسی که ارائه :).دهنده در آن رقابت خواهد کرد
( برنامهPlanارائه :)یابی به تصورات خود.دهنده چگونگی دست
( الگوPatternراه بنیادین انجام کارها :)- ها و اقدامات در طول زمانخص در تصمیمالگوهای مش
12
رقابت و بازار
دهنده خدمتی تحت نیروهای رقابتی قرار دارد.هر ارائه
د. کنندهندگان خدمت و مشتریان در یک و یا بیش از یک بازار داخلی یا خارجی فعالیت میتمامی ارائه
قبایش( از پویایی بازار، مشتریانیبایست برای دستیابی به درك بهتر )نسبت به ردهنده خدمت میارائه
که در آن بازار حضور دارند، ترکیب عوامل اصلی موفقیت مختص آن بازار، تالش نماید.
ارزش خدمت
شده و در قالب ترکیب دو مؤلفه زیر بیان وکار درك شده توسط مشتری تعریفارزش خدمت در قالب نتایج کسب
شود:می
نماید.ها دریافت میپشتیبانی از نتایج و یا حذف محدودیتتسهیل خدمت: آنچه مشتری در قالب
خدمت: چگونگی ارائه خدمت و انطباق آن برای استفاده، ازلحاظ قابلیت دسترسی، ظرفیت، استمرار و تضمین
ایمنی.
مدیریت تقاضا
ه است، دصورت ضعیف مدیریت شهای بحرانی مدیریت خدمت است. تقاضایی که بهمدیریت تقاضا یکی از زمینه
دهندگان خدمت است. ظرفیت مازاد بدون اینکه ارزشی ای برای ارائهبه علت عدم اطمینان در تقاضا، منبع مخاطره
شود.ای برای بازیابی هزینه است( ایجاد کرده باشد، باعث تولید هزینه می)که پایه
ی انجام آن است. در سطح ها براهدف از مدیریت تقاضا درك و فهم تقاضای خدمت مشتری و تدارك ظرفیت
وکار و مشخصات کاربرشده در حوزه الگوهای فعالیت کسبهای انجامتواند شامل تحلیل فعالیتاستراتژیک می
منظور ترغیب مشتریان به استفاده آن خدمات های متغیر بهتواند شامل ارائه قیمتباشد. در سطح تاکتیکی می
ر باشد.های شلوغی کمتفناوری اطالعات در زمان
منظور رفع نیازهای الگوی ( سطح تسهیالت و وارانتی بسته خدمت را تعریف نموده و به2SLPبسته سطح خدمت )
وکار طراحی شده است.فعالیت کسب
ITIL Service Strategy provides best-practice guidance for the service strategy stage of the ITIL
2 service level package
13
service lifecycle. Although this publication can be read in isolation, it is recommended that it is
used in conjunction with the other core ITIL publications.
The purpose of the service strategy stage of the service lifecycle is to define the perspective,
position, plans and patterns that a service provider needs to be able to execute to meet an
organization’s business outcomes.
The objectives of service strategy include providing:
An understanding of what strategy is
A clear identification of the definition of services and the customers who use them
The ability to define how value is created and delivered
A means to identify opportunities to provide services and how to exploit them
A clear service provision model, that articulates how services will be delivered and
funded, and to whom they will be delivered and for what purpose
The means to understand the organizational capability required to deliver the strategy
Documentation and coordination of how service assets are used to deliver services, and
how to optimize their performance
Processes that define the strategy of the organization, which services will achieve the
strategy, what level of investment will be required, at what levels of demand, and the
means to ensure a working relationship exists between the customer and service provider.
The reader should be able to understand the most important practices related to defining
and executing a service strategy within a service provider organization.
ITIL Service Strategy starts by defining and discussing the generic principles and processes of
service management, and these generic principles are then applied consistently to the management
of IT services.
This publication is intended for use by both internal and external service providers, and includes
guidance for organizations which are required to offer IT services as a profitable business, as well
as those which are required to offer IT services to other business units within the same organization
– at no profit.
Two aspects of strategy are covered in ITIL Service Strategy:
Defining a strategy whereby a service provider will deliver services to meet a customer’s
business outcomes
Defining a strategy for how to manage those services.
ITIL Service Strategy provides access to proven best practice based on the skill and knowledge of
experienced industry practitioners in adopting a standardized and controlled approach to service
management. Although this publication can be used and applied in isolation, it is recommended
that it is used in conjunction with the other core ITIL publications. All of the core publications
need to be read to fully appreciate and understand the overall lifecycle of services and IT service
management.
Selecting and adopting the best practice as recommended in this publication will assist
organizations in delivering significant benefits. Adopting and implementing standard and
consistent approaches for service strategy will:
Support the ability to link activities performed by the service provider to outcomes that
are critical to internal or external customers. As a result, the service provider will be seen
to be contributing to the value (and not just the costs) of the organization.
14
Enable the service provider to have a clear understanding of what types and levels of
service will make its customers successful and then organize itself optimally to deliver
and support those services. The service provider will achieve this through a process of
defining strategies and services, ensuring a consistent, repeatable approach to defining
how value will be built and delivered that is accessible to all stakeholders.
Enable the service provider to respond quickly and effectively to changes in the business
environment, ensuring increased competitive advantage over time.
Support the creation and maintenance of a portfolio of quantified services that will enable
the business to achieve positive return on its investment in services.
Facilitate functional and transparent communication between the customer and the service
provider, so that both have a consistent understanding of what is required and how it will
be delivered.
Provide the means for the service provider to organize itself so that it can provide services
in an efficient and effective manner.
At the center of the service lifecycle is service strategy. Value creation begins here with
understanding organizational objectives and customer needs. Every organizational asset including
people, processes and products should support the strategy.
ITIL Service Strategy (this publication) provides guidance on how to view service management
not only as an organizational capability but as a strategic asset. It describes the principles
underpinning the practice of service management which are useful for developing service
management policies, guidelines and processes across the ITIL service lifecycle.
Topics covered in ITIL Service Strategy include the development of market spaces, characteristics
of internal and external provider types, service assets, the service portfolio and implementation of
strategy through the service lifecycle. Business relationship management, demand management,
financial management, organizational development and strategic risks are among the other major
topics. Organizations should use ITIL Service Strategy to set objectives and expectations of
performance towards serving customers and market spaces, and to identify, select and prioritize
opportunities.
Service strategy is about ensuring that organizations are in a position to handle the costs and risks
associated with their service portfolios, and are set up not just for operational effectiveness but for
distinctive performance.
Organizations already practising ITIL can use ITIL Service Strategy to guide a strategic review of
their ITIL-based service management capabilities and to improve the alignment between those
capabilities and their business strategies. ITIL Service Strategy will encourage readers to stop and
think about why something is to be done before thinking of how.
Services and service management
Services
Services are a means of delivering value to customers by facilitating the outcomes customers
want to achieve without the ownership of specific costs and risks. Services facilitate outcomes by
enhancing the performance of associated tasks and reducing the effect of constraints. These
constraints may include regulation, lack of funding or capacity, or technology limitations. The end
result is an increase in the probability of desired outcomes.
While some services enhance performance of tasks, others have a more direct impact – they
perform the task itself.
15
The preceding paragraph is not just a definition, as it is a recurring pattern found in a wide range
of services. Patterns are useful for managing complexity, costs, flexibility and variety. They are
generic structures useful to make an idea applicable in a wide range of environments and situations.
In each instance the pattern is applied with variations that make the idea effective,
economical or simply useful in that particular case. An outcome-based definition of service moves
IT organizations beyond business–IT alignment towards business–IT integration. Internal dialogue
and discussion on the meaning of services is an elementary step towards alignment and
integration with a customer’s business.
Customer outcomes become the ultimate concern of business relationship managers instead of the
gathering of requirements, which is necessary but not sufficient. Requirements are generated for
internal coordination and control only after customer outcomes are well understood.
Customers seek outcomes but do not wish to have accountability or ownership of all the associated
costs and risks. All services must have a budget when they go live and this must be managed. The
service cost is reflected in financial terms such as return on investment (ROI) and total cost of
ownership (TCO). The customer will only be exposed to the overall cost or price of a service,
which will include all the provider’s costs and risk mitigation measures (and any profit margin if
appropriate). The customer can then judge the value of a service based on a comparison of cost or
price and reliability with the desired outcome.
Customer satisfaction is also important. Customers need to be satisfied with the level of service
and feel confident in the ability of the service provider to continue providing that level of service
– or even improving it over time. The difficulty is that customer expectations keep shifting, and a
service provider that does not track this will soon find itself losing business. ITIL Service Strategy
is helpful in understanding how this happens, and how a service provider can adapt its services to
meet the changing customer environment.
Services can be discussed in terms of how they relate to one another and their customers, and can
be classified as core, enabling or enhancing.
Core services deliver the basic outcomes desired by one or more customers. They represent the
value that the customer wants and for which they are willing to pay. Core services anchor the value
proposition for the customer and provide the basis for their continued utilization and satisfaction.
Enabling services are services that are needed in order for a core service to be delivered. Enabling
services may or may not be visible to the customer,but the customer does not perceive them as
services in their own right. They are ‘basic factors’ which enable the customer to receive the
‘real’(core) service.
Enhancing services are services that are added to a core service to make it more exciting or enticing
to the customer. Enhancing services are not essential to the delivery of a core service, and are
added to a core service as ‘excitement’ factors, which will encourage customers to use the core
service more (or to choose the core service provided by one company over those of its
competitors).
Services may be as simple as allowing a user to complete a single transaction, but most services
are complex. They consist of a range of deliverables and functionality. If each individual aspect of
these complex services were defined independently, the service provider would soon find it
impossible to track and record all services.
Most service providers will follow a strategy where they can deliver a set of more generic services
to a broad range of customers, thus achieving economies of scale and competing on the basis of
price and a certain amount of flexibility. One way of achieving this is by using service packages.
A service package is a collection of two or more services that have been combined to offer a
16
solution to a specific type of customer need or to underpin specific business outcomes. A service
package can consist of a combination of core services, enabling services and enhancing services.
Where a service or service package needs to be differentiated for different types of customer, one
or more components of the package can be changed, or offered at different levels of utility and
warranty, to create service options. These different service options can then be offered to
customers and are sometimes called service level packages.
Service management
When we turn on a water tap, we expect to see water flow from it. When we turn on a light switch,
we expect to see light fill the room. Not so many years ago, these very basic things were not as
reliable as they are today. We know instinctively that the advances in technology have made them
reliable enough to be considered a utility. But it isn’t just the technology that makes the services
reliable. It is how they are managed. The use of IT today has become the utility of business.
Business today wants IT services that behave like other utilities such as water, electricity or the
telephone. Simply having the best technology will not ensure that IT provides utilitylike reliability.
Professional, responsive, valuedriven service management is what brings this quality of service to
the business.
Service management is a set of specialized organizational capabilities for providing value to
customers in the form of services. The more mature a service provider’s capabilities are, the greater
is their ability to consistently produce quality services that meet the needs of the customer in a
timely and cost-effective manner. The act of transforming capabilities and resources into valuable
services is at the core of service management. Without these capabilities, a service organization is
merely a bundle of resources that by itself has relatively low intrinsic value for customers.
Organizational capabilities are shaped by the challenges they are expected to overcome. An
example of this is provided by Toyota in the 1950s when it developed unique capabilities to
overcome the challenge of smaller scale and financial capital compared to its American rivals.
Toyota developed new capabilities in production engineering, operations management and
managing suppliers to compensate for its inability to afford large inventories, make components,
produce raw materials or own the companies that produced them (Magretta, 2002).
Service management capabilities are similarly influenced by the following challenges that
distinguish services from other systems of value creation, such as manufacturing, mining and
agriculture:
Intangible nature of the output and intermediate products of service processes: they are
difficult to measure, control and validate (or prove).
Demand is tightly coupled with the customer’s assets: users and other customer assets such
as processes, applications, documents and transactions arrive with demand and stimulate
service production.
High level of contact for producers and consumers of services: there is little or no buffer
between the service provider’s creation of the service and the customer’s consumption of
that service.
The perishable nature of service output and service capacity: there is value for the customer
from assurance on the continued supply of consistent quality. Providers need to secure a
steady supply of demand from customers.
Service management is more than just a set of capabilities. It is also a professional practice
supported by an extensive body of knowledge, experience and skills. A global community of
17
individuals and organizations in the public and private sectors fosters its growth and maturity.
Formal schemes exist for the education, training and certification of practising organizations, and
individuals influence its quality. Industry best practices, academic research and formal standards
contribute to and draw from its intellectual capital. The origins of service management are in
traditional service businesses such as airlines, banks, hotels and phone companies. Its practice has
grown with the adoption by IT organizations of a service oriented approach to managing IT
applications,
infrastructure and processes. Solutions to business problems and support for business models,
strategies and operations are increasingly in the form of services. The popularity of shared services
and outsourcing has contributed to the increase in the number of organizations that behave as
service providers, including internal IT organizations. This in turn has strengthened the practice of
service management while at the same time imposed greater challenges.
Strategy ‘The essence of strategy is choosing what not to do.’ (Porter, 1996)
Case study: security services
At some time in 2001, a global network security services provider lost a major customer due to
quality concerns materially affecting revenues and profits. Senior executives demanded that
something be done – either cut costs or find a replacement customer.
While a replacement customer was sought, service operations dutifully reduced costs. Service
quality was impacted, prompting three recently acquired customers to depart – further negatively
affecting revenues and profits.
Senior executives again demanded that something be done – either cut costs or find replacement
customers.
Solution
Surprisingly, the solution was to suspend new sales. The chief information officer (CIO)
understood that:
Service operations were caught in a vicious cycle with disastrous long-term consequences
Customers were leaving due to a strategic weakness. Customers differentiated the value of
security services through service quality. Strategies based on cost and technology were
incorrect.
By re-focusing staff and budget on service operations, the organization repaired and rebuilt its
distinctive quality capabilities for remaining customers. Customer churn was halted.
The solution, while painful in the short term, allowed the provider to break the vicious cycle
and pave a long-term strategy for regaining customers. The counter-intuitive breakthrough
was based on (a) a big picture view of services, and (b) the precept of superior performance
versus competing alternatives.
At the most simple level, a strategy is a plan that outlines how an organization will meet a designed
set of objectives. As will be seen in this publication, strategies are rarely as simple as a single plan.
A strategy is a complex set of planning activities in which an organization seeks to move from one
situation to another in response to a number of internal and external variables.
A service strategy specifically defines how a service provider will use services to achieve the
business outcomes of its customers, thereby enabling the service provider (whether internal or
external) to meet its objectives. ITIL Service Strategy outlines the concepts necessary to define a
successful service strategy, but specifically focuses on defining an IT service strategy.
An IT strategy focuses on how an organization intends to use and organize technology to meet its
business objectives. An IT strategy typically includes an IT service strategy.
Fundamental aspects of strategy
18
Carl von Clausewitz remarked, ‘Everything in strategy is very simple, but that does not mean
that everything is very easy’. Strategic thought and action can be difficult for the following
reasons:
Defining and executing even a simple strategy involves complex issues such as
organizational impact, uncertainty and conflicting priorities and objectives. Experience and
codes of practice alone are often not enough to deal with these.
They involve using complex analysis models to analyse current patterns, project future
trends and then estimate the probability of each trend becoming reality.
They focus on all factors regarding the organization and its environment and the
interactions between them. The scope of even simple strategies can appear to be
intimidating, but it is still important to take these areas into account.
Since strategists are dealing with uncertainty, they may spend significant effort
investigating the underlying principles of the strategy, only to find that there is so much
uncertainty that they have to fall back on basic theory.
Using theory to support strategy
Theory is often discounted because of associations with the abstract or impractical. Theory,
however, is the basis of best practice. Engineers use theory to solve practical problems. Investment
banks use portfolio theory to validate investments. Key methods of Six Sigma are based on the
theories of probability and statistics. Managers rely on mental models that will assure them that
they will indeed achieve desired outcomes. Trouble occurs when they use the wrong mental model
for the problem at hand. What appears as unfixable or random often looks that way because of a
misunderstanding of a process or system. Without underlying principles, it is not possible to
explain why a perfectly good solution fails in one instance after tremendous success in another.
Strategy must enable service providers to deliver value
A good business model describes the means of fulfilling an organization’s objectives. However,
without a strategy that in some way makes a service provider uniquely valuable to the customer,
there is little to prevent alternatives from displacing the provider, degrading its mission or
entering its market space. A service strategy therefore defines a unique approach for delivering
better value. The need for having a service strategy is not limited to service providers who are
commercial enterprises. Internal service providers need just as much to have a clear perspective,
positioning and plans to ensure they remain relevant to the business strategies of their
enterprises.
Customers continually seek to improve their business models and strategies. They want
solutions that break through performance barriers – and achieve higher quality of outcomes in
business processes with little or no increase in cost.
Such solutions are usually made available through innovative products and services. If such
solutions are not available within a customer’s existing span of control, service contracts or value
network, they are compelled to look elsewhere.
Service providers should not take for granted their position and role within their customer’s plans
even though they have the advantage of being incumbents. The value of services from a customer’s
perspective may change over time due to conditions, events and factors outside a provider’s
control. A strategic view of service management means a carefully considered approach to the
relationships with customers and a state of readiness in dealing with the uncertainties in the value
that defines that relationship.
A basic approach to deciding a strategy
19
Imagine you have been given responsibility for an IT organization. This organization could be
internal or external, commercial or not-for-profit. How would you go about deciding on a strategy
to serve customers?
Firstly, acknowledge that there exist other organizations whose aim is to compete with your
organization. Even government agencies are subject to competitive forces. While the value they
create can sometimes be difficult to define and measure, these forces demand that an organization
should perform its mission better than the alternatives as efficiently as possible.
Secondly, decide on an objective or end-state that differentiates the value of what you do, or how
you do it, so that customers do not perceive greater value could be generated from any other
alternative. The form of value may be monetary, as in higher profits or lower expenses, or social,
as in saving lives or collecting taxes. The differentiation can come in the form of barriers to entry,
such as your organization’s know-how of your customer’s business or the broadness of your
service offerings.
Or it may be in the form of raising switching costs, such as lower cost structures generated through
specialization or service sourcing. Either way, it is a means of doing better by being different. This
is often expressed in the vision and mission – which are important in articulating how the service
provider differentiates itself and provides unique value to its customers.
The basic premise of service strategy is that service providers must meet objectives defined in
terms of
their customers’ business outcomes while subject to a system of constraints. In a world of
constrained
resources and capabilities, they must hold their positions against competing alternatives. By
understanding the trade-offs involved in its strategic choices, such as services to offer or markets
to serve, an organization can better serve customers and outperform its competitors. The goal of a
service strategy can be summed up very simply: superior performance versus competing
alternatives.
IT services
An IT service is a service that is provided to one or more customers by an IT service provider. An
IT service is based on the use of information technology and supports the customer’s business
processes. It is made up of a combination of people, processes and technology.
Core, enabling and enhancing services
All services, whether internal or external, can be further classified in terms of how they relate to
one
another and their customers. To illustrate this in another context, the core services of a bank could
be providing financial capital to small and medium enterprises. Value is created for the bank’s
customers only when the bank can provide financial capital in a timely manner (after having
evaluated all the costs and risk of financing the borrower).
Enabling services could be:
Aid offered by loan officers in assessing working capital needs and collateral
The application-processing service
Flexible disbursement of loan funds
A bank account into which the borrower canelectronically transfer funds.
As basic factors, enabling services only give the provider an opportunity to serve the customer.
20
Enabling services are necessary for customers to use the core services satisfactorily. Customers
generally take such services for granted, and do not expect to be additionally charged for the value
of such services. Examples of commonly offered enabling
services are service desks, payment, registration and directory services.
In most markets, enabling services will allow the minimum requirements for operation, although
many provide the foundation for differentiation, but it is the enhancing services that will provide
the differentiation itself – the ‘excitement factor’. Examples of enhancing services are more
difficult to provide, particularly because they tend to drift over time to be subsumed into core or
enabling services. In other words, what is exciting to a customer today becomes expected if it is
always delivered.
An example is the provision of a broadband internet service in a hotel room. A few years ago
the provision of a chargeable broadband service might have been regarded as a differentiator (this
hotel offers this service, other comparative hotels do not). As more and more hotels started to offer
this service, customers came to regard it as essential – so it became an enabling service. Hotels
then started to offer ‘free’ broadband internet services – so for a time this was an enhancing service,
but that is now more common, and is quickly becoming a necessary (and thus enabling) service.
For some travellers this service has actually become part of the core, in the same way, say, as an
en-suite bathroom.
Value
The value of a service can be considered to be the level to which that service meets a customer’s
expectations. It is often measured by how much the customer is willing to pay for the service,
rather than the cost of the service or any other intrinsic attribute of the service itself.
Unlike products, services do not have much intrinsic value. The value of a service comes from
what it enables someone to do. The value of a service is not determined by the provider, but by the
person who receives it – because they decide what they will do with the service, and what type of
return they will achieve by using the service. Following this reasoning, the characteristics of
value are:
Value is defined by customers No matter how much the service provider advertises the
worth of their services, the ultimate decision about whether that service is valuable or not
rests with the customer.
Affordable mix of features It is possible to influence the customer’s perception of value
through communication and negotiation, but that still does not change the fact that the
customer will still make the final choice about what is valuable to them. A good sales
person can convince a customer to change the priorities influencing their purchase, but the
customer will select the service or product that represents the best mix of features at the
price they are willing to pay.
Achievement of objectives Customers do not always measure value in financial terms,
even though they may indicate how much they are prepared to pay for a service that helps
them to realize the desired outcome. Many services are not designed to produce revenue,
but to meet some other organizational objective, such as social responsibility programmes,
or human resource management. While commercial organizations tend to measure most
services by financial returns, government organizations tend to focus on other objectives.
For example, police might focus on reduction in crime or apprehension of criminals; social
welfare departments might focus on the amount of funding disbursed to needy families; a
mountain rescue organization might focus on the number of people warned about, or
rescued from, avalanches.
21
Value changes over time and circumstance What is valuable to a customer today might
not be valuable in two years. As each customer changes to meet the challenges of their
environment, so too do their service needs and values. For example, retail outlets might
focus on selling a higher percentage of luxury goods when the economy is good, but during
a recession they shift the focus to budget product lines and fewer luxury goods. Services
contribute value to an organization only when their value is perceived to be higher than
the cost of obtaining the service. Therefore, understanding the value of IT requires three
pieces of information:
What service(s) did IT provide? If IT is only perceived as managing a set of servers,
networks and PCs it will be very difficult for the customer to understand how these
contributed to value. In order for a customer to calculate the value of a service, they must
be able to discern a specific, discrete service and link it directly to specific business
activities and outcomes. For example, an IT organization claims that application hosting
delivers value to the business. The business, however, does not know what application
hosting is, or what applications are hosted. If the IT organization wants to communicate its
value, it must be able to identify what the customer actually perceives, and then link their
activities to that service. The service portfolio, and the service catalogue in particular, will
help IT to quantify this.
What did the service(s) achieve? The customer will identify what they were able to do
with the service, and just how important that was to them and their organization.
How much did the service(s) cost – or what is the price of the service(s)? When a
customer compares the cost or price of a service with what the service enabled them to
achieve, they will be able to judge how valuable the service actually was. If IT is unable to
determine the cost of the service, it will be very difficult for them to claim that they
delivered value, and very difficult for the customer to perceive IT as ‘valuable’.
Creating value
Calculating the value of a service can sometimes be straightforward in financial terms. For
example, a customer needs a service to support the selling of a new line of products. If the service
does what is required, and its cost does not negatively impact the profitability of the product line,
and the price remains competitive, the customer will most likely perceive it to be valuable. In
instances where the outcomes are not financial it is harder to quantify the value although it may
still be possible to qualify it. For example, a city management department needs a service to enable
them to track traffic in a city centre so that they can adjust traffic signals to improve the flow of
traffic. If the service enables them to do this, and it fits within the city’s budget, it will most likely
be perceived to be valuable.
However, there is more to value than just the function of the service and its cost. Value needs to
be defined in terms of three areas: the business outcomes achieved, the customer’s preferences and
the customer’s perception of what was delivered.
Value is defined not only strictly in terms of the customer’s business outcomes; it is also highly
dependent on customer’s perceptions and preferences. Perceptions are influenced by attributes of
a service, present or prior experiences with similar attributes and relative capability of competitors
and other peers. Perceptions are also influenced by the customer’s self-image or actual position in
the market, such as those of being an innovator, market leader and risk-taker. The value of a service
takes on many forms, and customers have preferences influenced by their perceptions.
The preferences and perceptions of customers will affect how they differentiate the value of one
offering or service provider over another. The more intangible the value, the more important
22
the definitions and differentiation of value become. Customers are reluctant to buy when there is
ambiguity in the cause-and-effect relationship between the utilization of a service and the
realization of benefits. The service providers need to provide customers with information to
influence their perception of value, by influencing perceptions, and responding to preferences.
Understanding customer perception of value
Although a service provider is not able to decide the value of a service, it is able to influence how
the value of the service is perceived by the customers. This could be based on what the customer
has heard about the service, or the fact that the customer is currently doing the activity themselves,
or some previous experience of that or a similar service.
The reference value may be vaguely defined or based on hard facts. An example of reference value
is the baseline that customers maintain on the cost of in-house functions or services (the DIY, or
do-ityourself, strategy). It is important for the service provider to understand and get a sense of
what this reference value is. This may be obtained through extensive dialogue with the customer,
prior experience with the same or a similar customer or research and analysis available in the
market.
Service providers
‘There is no such thing as a service industry. There are only industries whose service components
are greater or less than those of other industries.
Everybody is in service.’ Professor Emeritus Theodore Levitt, Harvard Business School
It is necessary to distinguish between different types of service provider. While most aspects of
service management apply equally to all types of service provider, others aspects such as
customers, contracts, competition, market spaces, revenue and strategy take on different meanings
depending on the specific type. There are three main types of service provider:
■■ Type I – internal service provider
■■ Type II – shared services unit
■■ Type III – external service provider.
For the sake of simplicity each one is defined below as if it were the only option used in a single
organization. In reality most organizations have a combination of IT service providers. In a single
organization it is possible that some IT units are dedicated to a single business unit, others provide
shared services and yet others have been outsourced.
Type I (internal service provider)
customers Type I providers are service providers that are dedicated to, and often embedded within,
an
individual business unit. The business units themselves may be part of a larger enterprise or
parent organization. Business functions such as finance, administration, logistics, human resources
and IT provide services required by various parts of the business. They are funded by overheads
and are required to operate strictly within the mandates of the business. Type I providers have the
benefit of tight coupling with their owner, avoiding certain costs and risks associated with
conducting business with external parties. Since Type I service providers are dedicated to specific
business units they are required to have an in-depth knowledge of the business and its goals,
plans and operations. They are usually highly specialized, often focusing on designing,
customizing and supporting specific applications, or on supporting a specific type of business
process.
The primary objectives of Type I providers are to achieve functional excellence and cost
effectiveness for their business units (Goold and Campbell, 2002). They specialize in serving a
relatively narrow set of business needs. Services can be highly customized and resources are
23
dedicated to providing relatively high service levels. The governance and administration of
business functions are relatively straightforward. The decision rights are restricted in terms of the
business unit’s strategies and operating models. The general managers of business units make all
key decisions such as the portfolio of services to offer, the investments in capabilities and resources
and the metrics for measuring performance and outcomes.
Type I providers operate within internal market spaces. Their growth is limited by the growth of
the business unit they belong to. Each business unit (BU) may have its own Type I provider. The
success of Type I providers is not measured in terms of revenues or profits because they tend to
operate on a cost-recovery basis with internal funding. All costs are borne by the owning business
unit or enterprise.
Each IT unit is dedicated to a single business unit, and delivers specialized services to that business
unit only. Competition for Type I providers is from providers outside the business unit, such as
corporate business functions, who wield advantages such as scale, scope and autonomy. In general,
service providers serving more than one customer face much lower risk of market failure. With
multiple sources of demand, peak demand from one source can be offset by low demand from
another. There is duplication and waste when Type I providers are replicated within the enterprise.
This is especially true when multiple business units need to use data that is maintained by other
business units. This results in duplication (in which no two data sets are the same) or complex
system integration, which often results in performance issues, and difficulties
in maintaining currency of systems. To leverage economies of scale and scope, Type I providers
are often consolidated into a corporate business function when there is a high degree of similarity
in their capabilities and resources. At this level of aggregation Type I providers balance enterprise
needs with those at the business unit level. The trade-offs can be complex and require a significant
amount of attention and control by senior executives. As such, consolidated Type providers are
more appropriate where classes of assets such as IT, R&D, marketing or manufacturing are at the
core of the organization’s competitive advantage and therefore need careful control.
Type II (shared services unit)
Functions such as finance, IT, human resources and logistics are not always at the core of an
organization’s competitive advantage. Hence, they need not be maintained at the corporate level
where they demand the attention of the chief executive’s team (Goold and Campbell, 2002).
Instead, the services of such shared functions are consolidated into an autonomous special unit
called a shared services unit (SSU).
The model in Figure 3.25 allows a more devolved governing structure under which SSUs can
focus on serving business units as direct customers. SSUs can create, grow and sustain an internal
market for their services and model themselves along the lines of service providers in the open
market. Like corporate business functions, they can leverage opportunities across the enterprise
and spread their costs and risks across a wider base. Unlike corporate business functions, they have
fewer protections under the banner of strategic value and core competence. They are subject to
comparisons with external service providers whose business practices, operating models and
strategies they must emulate and whose performance they should approximate, if not exceed.
When using the term Type II, this publication refers primarily to the IT service provider (whether
it is part of an SSU or a separate department).
Customers of Type II are business units under a corporate parent, common stakeholders and an
enterprise-level strategy. What may be sub-optimal for a particular business unit may be justified
by advantages reaped at the corporate level for which the business unit may be compensated.
Type II can offer lower prices compared to external service providers by leveraging corporate
24
advantage, internal agreements and accounting policies. With the autonomy to function like a
business unit, Type II providers can make decisions outside the constraints of business unit level
policies. They can standardize their service offerings across business units and use market-based
pricing to influence demand patterns.
A successful Type II service provider can find itself in a position where it is able to provide its
services externally as well as internally. In these cases they are both Type II and Type III service
providers. In these cases it is important to make a strategic decision to provide services both
externally and internally, and to set up the appropriate governance and management structures.
This is not just a case of delivering existing services externally.
Strategic and governance decisions include how the organization will account for the revenue,
whether the IT organization will be divided into two units (one internal and one external), how IT
will sell its services, ensuring that the original objectives of the service can still be met, while at
the same time expanding their use to external customers (e.g. who gets priority when there are
capacity issues?).
Some business units may not be satisfied with the Type II provider, either because their
expectations have not been prioritized by the overall business, or because they are dissatisfied with
some aspect of the service quality. If these business units have funding, they may attempt to
compete with theType II provider directly by creating ‘rogue’ or ‘shadow’ IT organizations within
the business unit.
This is a governance issue, and is often not enforced by the organization’s executives since the
service structure of the organization is not well understood. This should not be confused with a
formal hybrid service provider, in which Type I and II service providers co-exist within the same
organization, one focusing on shared services, and the other focusing on BU-specific applications
and services.
In a hybrid Type I and II context, a key required competency is to be able to meet competing
priorities and keep close to those departments who are not getting priority and to work with them
to set expectations and provide what services are possible within their budgets.
Industry-leading shared services units have successfully been spun off by their parents as
independent businesses competing in the external market. They become a source of revenues from
the initial charter of simply providing a cost advantage.
Type III (external service provider)
A Type III service provider is a service provider that provides IT services to external customers.
The business strategies of customers sometimes require capabilities readily available from a Type
III provider. The additional risks that Type III providers assume over Type I and Type II are
justified by increased flexibility and freedom to pursue opportunities. Type III providers can offer
competitive prices and drive down unit costs by consolidating demand.
Certain business strategies are not adequately served by internal service providers such as Type I
and Type II. Customers may pursue sourcing strategies requiring services from external providers.
The motivation may be access to knowledge, experience, scale, scope, capabilities
and resources that are either beyond the reach of the organization or outside the scope of a carefully
considered investment portfolio. Business strategies often require reductions in the asset base,
fixed costs and operational risks, or the redeployment of financial assets.
Competitive business environments often require customers to have flexible and lean structures.
In such cases it is better to buy services rather than own and operate the assets necessary to
execute certain business functions and processes. For such customers, Type III is the best choice
for a given set of services.
25
The experience of Type III providers is often not limited to any one enterprise or market. The
breadth and depth of such experience is often the single most distinctive source of value for
customers. The breadth comes from serving multiple types of customer or market. The depth
comes from serving multiples of the same type.
From a certain perspective, Type III providers are operating under an extended large-scale shared
services model. They assume a greater level of risk from their customers compared to Type I and
Type II. But their capabilities and resources are shared by their customers – some of whom may
be rivals. This means that rival customers have access to the same bundle of assets, thereby
diminishing any competitive advantage those assets bestowed. At the same time, Type III service
providers have greater freedom to select the business they want to be in. They are able to define
their portfolio of services as narrowly or as broadly as they wish, and to decide not to offer certain
type of service, or engage with certain types of customer. This allows them to be more agile and
allows them to turn away business that might be risky. A further aspect of Type III service
providers also needs to be noted. Many Type III service providers provide specific capabilities or
activities that are used by a Type I or II service provider to support their services. For example, an
IT organization may engage server administration services, so that they can focus on managing the
applications.
26
Service Designشرح و توضیح مفاهیم مطرح در فرایند طراحی خدمات . .4
به مجموعه فعالیتهایی که برای برنامه ریزی و سازماندهی منابع انسانی، ارتباطات، زیرساخت و همچنین بخشهای
ه شود، ئانجام می شود تا آن خدمت با کیفیت باالتر و قدرت تعامل بهتر با مشتری ارا” خدمت“تشکیل دهنده یک
طراحی خدمات گفته می شود.
به عبارت ساده تر، طراحی خدمات، فعالیتهایی برجسته ای است که در پروسه پیاده سازی خدمات، مشتری را در
مرکز قرار دهد و تمامی ارزشهای خدمات به او ختم شود.
مات به تجسم کردن، طراحی خدمات عملکرد و فرم خدمات را از دیدگاه مشتریان نشان می دهد. طراحان خد
قاعده مند کردن و طرح ریزی راه حل هایی برای مشکالتی می پردازند که لزوما در دنیای امروز وجود ندارد. آنها
به مشاهده و تفسیر نیازها و الگوهای رفتاری می پردازند و در نهایت آنها را تبدیل به خدماتی امکان پذیر برای
آینده می کنند.
یه نگاه می شود، طراحی خدمات جایگزین سنت طراحی محصول و طراحی تعاملی شده و توانایی وقتی از این زاو
این را دارد که روش های طراحی خالق و تحلیلی اثبات شده را به دنیای قوانین خدمات انتقال دهد. به طور خاص
طراحی تعاملی می شوند. ارتباط نزدیکی بین ابعاد و تعامل و تجربه وجود دارد که سرچشمه ی به وجود آمدن
فرآیندها، قوانین کند و شامل طراحی معماری،تبعیت می (Best Practice) از تجربیات موفق IT طراحی سرویس
(Policies)است.های تجاری آینده، مستندات و درنظر گرفتن نیازمندی
بر مبنای میل او که یک قدم هدف از طراحی خدمات این است که بتوانیم خدمت را مطابق با خواسته مشتری و
فراتر از نیاز اوست ارائه دهیم که در نتیجه خدمات ارائه شده مشتری پسندتر، رقابتی تر و دقیقا مطابق میل
مشتری خواهد شد.
خدمات همه جا وجود دارند. لحظه ای به زندگی روزمره خود نگاهی بکنید. خواهید دید که همین اینترنتی که با
مثالهایی همه …، نوعی سرویس است. پزشک، حمل و نقل عمومی، خدمات بانکی، رستوران و آن مشغول هستید
نمی را آنها گاهی ما که اند فراگرفته را ما روزمره زندگی ای اندازه به خدمات این. هستند سرویس یا خدمت از
جامعه نیاز به جهتو با همچنان اما خوردند می شکست مشتری رضایت کسب در خدمات این از برخی. بینیم
از ارائه دهندگان خدمات مختلف در دنیا گمان %80د. یک تحقیق نشان می دهد که هستن دهی خدمت مشغول
می کنند که بهترین تجربه و بهترین خدمت را در اختیار مشتریان خود قرار میدهند و این در حالیست که طبق
27
یت مشتری می شوند. همین مسئله می تواند گواهی بر از انان موفق به جلب رضا %8نظرسنجی ها و آمار، فقط
.باشد ”دیزاین سرویس –طراحی خدمات “نیاز به
خدمت می تواند هرچیزی باشد که در نهایت منجر به رسیدن مشتری به هدفش شود
.طراحی خدمات می تواند هر فعالیتی باشد که در نهایت منجر به رسیدن مشتری به آنچه که در نظر داشته شود
این فعالیت ها می تواند طراحی مجدد منوی یک رستوران، ایرادیابی نحوه خدمات دهی یک بانک یا ایجاد یک
روش خالقانه برای کوتاه کردن مسیر درخواست یک تاکسی سرویس باشد.
یابد.شود، یا خدمت موجود بهبود میدر طراحی خدمات، یا خدمتی جدید خلق می
مانی به کار می آید که یک سازمان تصمیم داشته باشد یکی از راههای ارائه خدمت به طور عمده طراحی خدمات ز
ایدش دیگر، نگاهی در یا و. دهد ارتقا …به مشتریان خود را از قبیل وب سایت، قبوض پرداختی، مرکز تلفن و
ی جدید خلق شتریان خود را بهبود بخشد. پس یا خدمتم از قشر یک به خدمات ارائه روش بخواهد سازمان یک
یابد.می شود و یا خدمتی که هم اکنون وجود دارد بهبود می
یک طراح خدمات تمام تالش خود را در جهت افزایش رضایتمندی مشتری انجام میدهد. در این میان وی از
می ( و درك متقابلuser researchابزارهای گوناگونی بهره میگیرد اما بیشترین استفاده را از تحقیقات مشتری )
برد. استفاده کننده از خدمات در تمامی مراحل طراحی خدمت در مرکز قرار دارد و برنامه ها و فرایندها حول
محور آن می چرخند.
تمامی این برنامه ها در نهایت منجر به افزایش رضایتمندی مشتری و در نتیجه موفقیت یک سازمان می شود.
وکار است. نقش و یک عامل مهم در فرایند تغییر کسب طراحی خدمت یک مرحله از کل چرخه عمر خدمت
توان به شکل زیر تعریف کرد:وکار را میطراحی خدمت در فرایند تغییر کسب
منظور رفع ها، فرایندها، سیاستها و مستندات، بهطراحی مناسب و نوآورانه خدمات فناوری اطالعات، شامل معماری
وکار.نیازهای توافق شده جاری و آینده کسب
عبارتند از: های اصلی و اهداف طراحی خدمتمانآر
وکارمنظور رسیدن به نتایج توافق شده کسبطراحی خدمات به
طراحی فرایندهایی برای پشتیبانی چرخه عمر خدمت
28
شناسایی و مدیریت مخاطرات
صورتری اطالعات بههای کاربردی و منابع داده اطالعات و قابلیت فناوها، محیط، برنامهطراحی زیرساخت
ایمن و منعطف
گیریهای اندازهطراحی معیارها و روش
منظور ها و مدارك بهها، چارچوبها، استانداردها، معماریها، فرایندها، سیاستتولید و نگهداری برنامه
پشتیبانی کردن راهکارهای فناوری اطالعات کیفی
ها و قابلیت در فناوری اطالعاتتوسعه مهارت
به بهبود کلی در کیفیت خدمت فناوری اطالعاتکمک
یابد که وکار آغاز و با توسعه یک راهکار خدمت پایان میهای کسبای از نیازمندیطراحی خدمت با مجموعه
ال برای تحویل به مرحله انتق وکار و ارائه بسته طراحی خدمت بهای کسمنظور دستیابی به نتایج و نیازمندیبه
است. خدمت، طراحی شده
فرد طراحی خدمت عبارتند از:نج زمینه منحصربهپ
راهکارهای خدمت تغییریافته یا جدید
های مدریت خدمت بخصوص سبد خدمتابزارها و سیستم
های مدیریتهای تکنولوژی و سیستممعماری
هاها و قابلیتفرایندها، نقش
های ها و فرآیندیکپارچگی در تمامی فعالیتمنظور تضمین ثبات و بایست یک روش جامع بهدر طراحی خدمت می
وکار انتها به انتها مرتبط با عملکرد و کیفیت، به تأیید برسد. طراحی خدمت خوب به فناوری اطالعات، ارائه کسب
طراحی بستگی دارد: Pاثربخشی و کارایی در استفاده از چهار
( افرادPeopleافراد، مهارت :)شود.ات فناوری اطالعات گنجانده میها در تدارك خدمها و صالحیت
( محصوالتProductsتکنولوژی و سیستم :) های مدیریتی در تحویل خدمات فناوری اطالعات استفاده
شود.می
( فرایندهاProcessesفرایندها، نقش :)شود.ها در تدارك خدمات فناوری اطالعات گنجانده میها و فعالیت
( همکارانPartners،فروشندگان :) کنندگان تدارك خدمت فناوری اطالعات را همکاری سازندگان و تأمین
کنند.و پشتیبانی می
29
3SCMمدیریت کاتالوگ خدمت
وسیله سازمانوکار بهشده به کسبکاتالوگ خدمت منبع مرکزی اطالعات در مورد خدمات فناوری اطالعات تحویل
توانند یک تصویر دقیق و مداوم آن خدمات وکار میهای کسبکند. تضمین اینکه حوزهارائه دهنده تعبیه می
ها را ببینند.فناوری اطالعات در دسترس، جزئیات و وضعیت آن
هدف از مدیریت کاتالوگ خدمت، ارائه یک منبع اطالعات منفرد و مداوم در مورد تمامی خدمات توافق شده است
دسترس ها به آن تأیید شده است قابلترسی آنطور وسیعی برای کسانی که دسو تضمین اینکه خدمت مذکور به
است.
وکار در کاتالوگ خدمت قرار دارد. ورودی اصلی این اطالعات از سبد خدمت و کسب SCMاطالعات کلیدی فرایند
شود.وکار یا مدیریت سطح خدمت حاصل میاز طریق فرایندهای مدیریت ارتباط کسب
4SLMمدیریت سطح خدمت
SLM کند و سپس نظر، توافق و مستند میوکار تبادلناوری اطالعات مناسب را با کسباهداف خدمات ف
نماید.شده با سطح خدمت توافق شده تهیه و کنترلی میهایی در خصوص مقایسه خدمات تحویلگزارش
ای وها با یک شیوه حرفهتضمین این موضوع است که تمام خدمات عملیاتی و کارایی آن SLMهدف از فرایند
های تولیدشده نیازهای مشتریان و گیری شده و خدمات و گزارشپایدار در کل سازمان فناوری اطالعات اندازه
وکار پوشش داده است.کسب
(، توافقنامه سطح عملیاتی 5SLAشامل توافقنامه سطح خدمت ) SLMشده توسط فرایند اطالعات اصلی تهیه6OLA های پشتیبانی، همچنین دیگر توافقنامه( تولید برنامه بهبود خدمتSIP)7 .و برنامه کیفیت خدمت است
8مدیریت ظرفیت
ها در طی چرخه عمر خدمت است. یک عامل وکار، خدمات و مؤلفهمدیریت ظرفیت شامل مدیریت ظرفیت کسب
کلیدی موفقیت در مدیریت ظرفیت، اطمینان از توجه به آن در مرحله طراحی است.
3 service catalog management 4 service level management 5 service level agreement 6 operational level agreement 7 service improvement plan 8 capacity management
30
یک نقطه توجه و مدیریت برای تمامی مسائل مرتبط با عملکرد و ظرفیت، در ارتباط هدف مدیریت ظرفیت ارائه
وکار است.با منابع و خدمات و تطبیق دادن ظرفیت فناوری اطالعات با تقاضاهای توافق شده کسب
اساس موفقیت فرایند مدیریت ظرفیت است. اطالعات موجود در 9(CMISسیستم اطالعاتی مدیریت ظرفیت )
CMIS های فنی و مدیریتی از جمله برنامه وسیله زیر فرایندهای مدیریت ظرفیت برای تهیه و تدارك گزارشبه
شوند.ظرفیت ذخیره و تحلیل می
10پذیریمدیریت دسترس
ری، در پذیپذیری ارائه یک نقطه توجه و مدیریت برای تمامی مسائل، مرتبط با دسترسهدف از مدیریت دسترس
ده آمدستها بهپذیری در تمامی زمینهها و منابع، تضمین این موضوع که اهداف دسترسمؤلفهارتباط با خدمات،
وکار از طریق روشی های توافق شده جاری و آینده کسبگیری شده است و اینکه از اهداف با نیازمندیو اندازه
صرفه تطبیق داده شده و یا فراتر رفته است.بهمقرون
طور کنشی سازی مستمر برسد و بهبایست در دو سطح پیوسته اتفاق بیفتد و به بهینهپذیری میمدیریت دسترس
پذیری خدمات فناوری اطالعات و سازمان پشتیبانی آن را بهبود بخشد. دو جنبه کلیدی مطرح است:دسترس
از عدم ها، رویدادها و مشکالت ناشیگیری، تحلیل و مدیریت اتفاقهای واکنشی: نظارت، اندازهفعالیت
دسترس پذیری خدمت.
پذیری.ریزی، طراحی، پیشنهاد و بهبود کنشی )پیشبینانه( دسترسهای کنشی: برنامهفعالیت
دمت پذیری و خبایست قابلیت دسترسی، قابلیت اطمینان، نگهداشتپذیری میهای مدیریت دسترسفعالیت
وکار را هایی که وظایف حیاتی کسبعالیتخصوص فپذیری در هر دو سطح خدمت و اجزاء مدنظر قرار دهد به
کند.پشتیبانی می
11(ITSCMمدیریت مستمر خدمات فناوری اطالعات )
وکار است، فناوری اطالعات مستمر و با گونه که تکنولوژی جزء اصلی بسیاری از فرایندهای کسبهمان
یابی های بازات کاهش مخاطره و گزینهوکار مهم است. این مهم با تعریف اقدامپذیری باال برای حیات کسبدسترس
های بازیابی ضروری است به شرطی که کارا باقی بماند.دستیابی است. نگهداشت مداوم قابلیتقابل
9 capacity management Information System 10 accessibility management 11 IT Service Continuity Management
31
نیازها، منظور تطبیقهای بازیابی مستمر در خدمات فناوری اطالعات بهنگهداشت قابلیت ITSCMهدف از
ت.وکار توافق شده اساحتیاجات و محدوده کسب
ITSCM های بازیابی و بار برنامهمنظور تضمین اینکه، برای یکیک سری از اقدامات در طول چرخه عمر است به
بق نگه وکار منطهای کسبوکار و اولویتهای استمرار کسبهای مذکور با برنامهیافته باشند، برنامهاستمرار توسعه
شوند.داشته می
12(ISMمدیریت امنیت اطالعات )
ISM ای از بایست در چارچوب کل ساختار حاکمیت شرکت مورد توجه قرار گیرد. حاکمیت شرکت مجموعهمی
مدیره با هدف ارائه هدایت استراتژیک، تضمین دستیابی هاست که توسط مدیریت ارشد و هیئتها و شیوهمسئولیت
شود.بع یکپارچه به کار گرفته میبه اهداف، اثبات مدیریت مناسب مخاطرات و تأیید استفاده اثربخش آن منا
وکار است و تضمین این موضوع که امنیت تطبیق امنیت فناوری اطالعات با امنیت کسب ISMهدف فرایند
صورت اثربخشی مدیریت شده است. به طوری که:های مدیریت خدمت بهاطالعات در تمامی خدمت و فعالیت
پذیری(.ستفاده هستند )دسترسااطالعات در زمان موردنیاز در دسترس و قابل
مشاهده و آشکار شده است )محرمانگی(.اطالعات تنها برای کسی که اجازه دانستن آن را دارد قابل
صورت کامل و دقیق در برابر اصالح غیرمجاز حفاظت شده است )یکپارچگی(.اطالعات به
ر شود )صحت و عدم انکار(تواند تأیید اعتباوکار، همچنین تبادل اطالعات میهای کسبتراکنش.
ISM های پشتیبانی در یک سیستم اطالعات مدیریت ای از کنترلبایست یک سیاست کلی را همراه با مجموعهمی
وکار مطابقت داده شده است، حفظ و اجرا نماید.های کسبها و استراتژییکپارچه که با سیاستمنیت ا
کنندهمدیریت تأمین
ها آن شده توسطکنندگان و خدمات ارائهکننده این موضوع است که تأمینده تضمینکننفرایند مدیریت تأمین
شوند.وکار مدیریت میمنظور پشتیبانی اهداف خدمت فناوری اطالعات و انتظارات کسببه
12 information security management
32
کنندگان کنندگان و تضمین اینکه تأمینکننده کسب ارزش در قالب پول از تأمینهدف از فرایند مدیریت تأمین
ها با رعایت تمامی مفاد و شرایط اقدام کنند.راستای اهداف مندرج در قراردادها و توافقنامه در
ایست بکنندگان و قراردادها است و میکننده یک منبع حیاتی اطالعات در مورد تأمینپایگاه داده قرارداد و تأمین
خدمات مربوطه باشد.کنندگان، قراردادها و شامل تمامی اطالعات الزم برای مدیریت تأمین
های کلیدی مرحله طراحی خدمتفعالیت
اند.وضوح مستند شدهوکار و تضمین اینکه بههای کسبآوری، تحلیل و مهندسی نیازمندیجمع
های خدمت مناسب.گیریطراحی و توسعه راهکارها، تکنولوژی، فرایندها، اطالعات و اندازه
ا و مدارك مربوط به طراحی خدمت.های فرایندهتولید و بازنگری تمامی طرح
ریزی و طراحی.های برنامهها و فعالیتتعامل با دیگر نقش
ها.تولید و حفظ مدارك طراحی و سیاست
.مدیریت مخاطره تمامی فرایندهای طراحی و خدمات
های فناوری اطالعاتا و استراتژیهتطبیق با تمامی شرکت و سیاست.
The objectives of service design
The main objective of the service design stage can be defined as:
The design of appropriate and innovative IT services, including their architectures,
processes, policies and documentation, to meet current and future agreed business
requirements.
There are five individual aspects of service design. These are:
..New or changed services
..Service management systems and tools, especially the service portfolio, including the
service catalogue
..Technology architecture and management systems
..The processes required
..Measurement methods and metrics
The service design stage of the lifecycle starts with a set of new or changed business
requirements and ends with the development of a service solution designed to meet the
documented needs of the business. This developed solution is then passed to service transition
to evaluate, build, test and deploy the new or changed service.
Other objectives include:
..Design services to satisfy business objectives, based on the quality, compliance, risk and
security requirements, delivering more effective and efficient IT and organisation solutions
and services aligned to organisational needs
33
..Design services that can be easily and efficiently developed and enhanced within appropriate
timescales and costs and, wherever possible, reduce, minimise or constrain the long term
costs of service provision
..Design efficient and effective processes for the design, transition, operation and improvement
of high quality IT services, together with the supporting tools, systems and information,
especially the service portfolio, to manage services through their lifecycle
..Design secure and resilient IT infrastructures, environments, applications and data/information
resources, and capability, that meet the current and future needs of the organisation
..Design measurement methods and metrics for assessing the effectiveness and efficiency of the
design processes and their deliverables
..Produce and maintain IT plans, processes, policies, architectures, frameworks and documents
for the design of quality IT solutions, to meet current and future agreed organisation needs
..Assist in the development of policies and standards in all areas of design
..Develop the skills and capability within IT by moving strategy and design activities into
operational tasks, making effective and efficient use of all IT service resources
..Contribute to the improvement of the overall quality of IT service within the imposed design
constraints, especially by reducing the need for reworking and enhancing services, once
they have been implemented in the live environment
Value to the organisation of service design
..Agreeing service targets across the whole organisation, ensuring critical business processes
receive most attention
..Measuring IT quality in these business terms, reporting what is relevant to users (e.g. customer
satisfaction, business value)
..Appropriate mapping of the IT infrastructure to the business processes
..Providing end to end business focused performance monitoring and measurement
..Periodic reporting against targets
Reduced Total Cost of Ownership (TCO)
..Improved quality of service
..Improved consistency of service
..Easier implementation of new or changed services
..Improved service alignment
..More effective service performance
..Improved IT governance
..More effective service management and IT process
..Improved information and decision making
The four Ps of service design ITIL, in particular service design, is built primarily upon the four Ps.
34
In order to deliver the benefits of service management and ITIL, these 4 Ps need to overlap each
other, a popular misconception is that 1 P will fix all the rest, and many organisations believe
this is the product. There has to be a balance of all 4 Ps to ensure the right mix for the
appropriate design.
Many designs, plans and projects fail through a lack of preparation and management. The
implementation of ITIL service management as a practice is about preparing and planning the
effective and efficient use of the four Ps: the People, the Processes, the Products (services,
technology and tools) and the Partners (suppliers, manufacturers and vendors).
Service design processes
..Service level management
..Capacity management
..Availability management
..IT service continuity management
..Information security management
..Service catalogue management
..Supplier management
Service level management
Why have service level management?
As organisations become increasingly dependent on IT, they demand a higher quality of service.
By creating an IT service management strategy, organisations are able to maximise end user
productivity, improve operational effectiveness and enhance overall business performance.
Additionally, the effort creates a forum for communication between the IS organisation and the
business units. Also an ITSM strategy provides the basis for integrating IT measurement into
operational and strategic IT management. In most cases, however, service management is not
well defined or not defined at all.
35
Service level management principles form the basis on how to contribute to an ITSM culture to
ensure that the right services with the appropriate quality are delivered, at the right cost to end
users.
Although Service Level Management (SLM) is focused heavily on CSI, this process also plays a
major part in the service design book, especially its involvement in service catalogue
management and supplier management.
The objectives of service level management
To maintain and improve IT service quality, through a constant cycle of agreeing, monitoring
and reporting upon IT service achievements and instigation of actions to eradicate poor service –
in line with business or cost justification. Through these methods, a better relationship between
IT and its customers/users can be developed.
..Define, document, agree, monitor, measure, report and review the level of IT services
provided
..Provide and improve the relationship and communication with the business/customer
..Ensure that specific and measurable targets are developed for all IT services
..Monitor and improve customer satisfaction
..Ensure that IT and the customers have a clear and unambiguous understanding of the level of
service to be delivered
..Ensure that improvements to the levels of service are implemented wherever the service is failing,
and the that these improvements are cost justified .
36
The activities of service level management
Identification
..Analysing current services and service level requirements
..Recording the current service provision in a service catalogue
Definition
Matching and customising (with the customer) of the right service provision against the right
costs:
..Service catalogue
..Demands of the customer (service level requirements)
Agreement (defining and signing SLAs)
..Service Level Agreements, supported by: Operational Level Agreements (OLA’s) and
underpinning contracts
Monitoring
..Measuring the actual service levels against the agreed service levels
Reporting
..Reporting on the service provision (to the customer and the IT organisation)
Evaluation (review)
..Evaluate the service provision with the customer
37
..Match and customise: adjust service provision if required? (service improvement
plan/programme, service quality plan)
..Match and customise: adjust SLA if required?
The Terminology of service level management
SLR (Service Level Requirements)
..Detailed recording of the customers’ needs
..Blueprint for defining, adapting and revising of services
Service spec sheets (service specifications)
..Connection between functionality (externally/customer focused) and technicalities
(internally/IT organisation focused)
Service catalogue
Service level management must ensure that a service catalogue is produced, maintained and
contains accurate information on all operational services and those ready for deployment. A
service catalogue is a written statement of all current and available IT services, default levels and
options.
SLA (Service Level Agreement)
The written agreement between the provider and the customer (organisation representative).
Service level achievements
The service levels that are realised.
SIP (Service Improvement Plan)
This is a formal plan or program that is developed when the IT service provider is not currently
delivering a service that meets the legitimate Service Level Requirements (SLR’s) of the
business representative or when greater cost effectiveness is achievable. The SIP should include
clear milestones, which will enable the business representative to judge whether or not timely
progress is being made.
SQP (Service Quality Plan) – not specifically an SLM term, but strategically linked
This plan underlies the service strategy, detailing the internal targets to be achieved within an
agreed period, typically one to two years, to improve agreed service levels and the business
perception of service quality:
..Management information for steering the IT organisation
..Process parameters of the service management processes and the operational management
..Key performance indicators:
zzIncident management – resolution times for levels of impact
zzChange management – processing times and costs of routine changes
OLA (Operational Level Agreement)
A written agreement with another internal IT department to support the SLA.
UC (Underpinning Contract)
A written agreement with an external IT supplier.
38
Capacity management
Why have capacity management?
Every application makes its own demands on the IT environment. Some are unavoidable, such as
the continuing spread of applications for Enterprise Resource Planning (ERP), supply chain
management or human resources management. Also, new applications are emerging (e.g. those
employing multimedia content) that will impact IT with their heavy demands for bandwidth.
Finally, additional applications are required to support the growing IT infrastructure of an
organisation (e.g. remote storage of back up data).
Failure to consider these issues will lead to negative effects on the business, as the capacity of the
IT environment simply does not match the requirements of the business.
..Balancing costs and supply against demand
..Balancing costs against resources needed
The objectives of capacity management
The capacity management process understands the business requirements (the required service
delivery), the organisation’s operation (the current service delivery) and the IT infrastructure (the
means of service delivery). It ensures that all the current and future capacity and performance
aspects of the business requirements are provided cost effectively.
The activities of capacity management
Business capacity management: This sub-process is responsible for ensuring that the future
business requirements for IT services are considered, planned and implemented in a timely fashion.
This can be achieved by using the existing data on the current resource utilisation by the various
services to trend, forecast or model the future requirements. These future requirements come from
business plans outlining new services, improvements and growth in existing services, development
plans etc.
Service capacity management: The focus of this sub-process is the management of the
performance of the live, operational IT services used by the customers. It is responsible for
ensuring that the performance of all services, as detailed in the targets in the SLAs and SLRs, are
monitored and measured, and that the collected data is recorded, analysed and reported. As
necessary, action is taken to ensure that the performance of the services meets the business
requirements. This is performed by staff with knowledge of all the areas of technology used in the
delivery of end to end service, and often involves seeking advice from the specialists involved in
resource capacity management.
Component capacity management: The focus in this sub-process is the management of the
individual components of the IT infrastructure. It is responsible for ensuring that all
components within the IT infrastructure that have finite resource are monitored and measured,
and that the collected data is recorded, analysed and reported. As necessary, action must be
taken to manage the available resource to ensure that the IT services that it supports meet the
business requirements.
39
Iterative activities (performance management)
..Analysis
..Tuning – Modifications made for better utilisations of current infrastructure (under the control
of change management)
..Implementation
..Monitoring
Other capacity activities
..Demand management – Aims to influence the use of capacity, perhaps by incentive or penalty,
in circumstances where unmanaged demand is likely to exceed the ability to deliver.
Demand management is achieved by assigning resources according to priorities.
..Application sizing – Determining the service level, resource and cost implications of any new
application or any major addition or enhancement to an existing application.
..Modelling – A set of tools and techniques used to predict the performance of a specified system
under a given volume and variety of work. Modelling is used to predict the availability and
performance of services.
..Capacity management database – Used by all activities in the process for storage of capacity
data e.g. technical, business, financial, service and utilization data.
..Capacity plan – development and maintenance – the capacity plan predicts demand for IT
services and outlines the resources needed to meet this. It will contain costed possible scenarios
for IT services together with a recommended option.
40
Availability management
Why have availability management?
Gartner research shows that people and/or process failures directly cause an average of 80% of
mission critical application service downtime. The other 20% is caused by technology failure,
environmental failure or a disaster. The complexity of today’s IT infrastructure and applications
makes high availability systems management difficult. Applications requiring high levels of
availability must be managed with operational disciplines (including network monitoring,
systems management activities etc.) to avoid unnecessary and potentially devastating outages.
The objectives of availability management
To optimise the capability of the IT infrastructure, services and supporting organisation to
deliver a cost effective and sustained level of availability that enables the business to satisfy its
organisation’s objectives.
The activities of availability management
Proactive activities
..Ensure that appropriate design and planning of availability takes place for all new services
..Planning, design and improvement of availability
..Providing cost effective availability improvements that can deliver business and customer
benefits
..Ensuring agreed level of availability is provided
..Produce and maintain an availability plan
Reactive activities
..Monitoring, measuring, analysis and management of all events, incidents and problems
involving unavailability
..Continually optimise and improve availability of IT infrastructure services
..Assisting security and ITSCM in the assessment and management of risk
41
..Attending CAB as required
Determining availability requirements
Input from service level management. The Service Level Manager discusses with the client what
their needs for service are (service level requirements). Based on these requirements, the
Availability Manager can determine the availability requirements.
Determining vital business functions (VBF’s)
Some organisation’s processes are more critical than others. IT systems that support VBFs
should have higher availability expectations and the appropriate systems and support to achieve
and sustain these higher levels at critical times which have been agreed and documented in the
SLA.
Business impact analysis
A formal analysis of the affect on the business, if a specific set of IT services are not available. It
will also identify the minimum set of services that an organisation will require to continue
operating.
..Risk analysis management (input for IT service continuity management) – this activity
involves trying to identify the impact to the business of service unavailability. It is part of
our risk analysis and risk management activities. The outcomes of these activities are
utilised in various processes: availability management, IT service continuity management
and information security management.
Defining availability, reliability and maintainability targets
Input for Service Level Agreements (SLAs) and other contracts. Based on the first three steps,
we are now ready to create the achievable and sustainable availability targets. In order to do
this, we need to get input from all technical areas within the IT group. (as well as suppliers).
Monitoring and trend analysis
..MTBF (Mean Time between Failures)
..MTBSI (Mean Time between System Incidents)
..MTRS (Mean Time to Restore Services)
..Planned downtime, unscheduled downtime, extended (excess) downtime
..Frequent (scheduled) backups
Root cause analysis of low availability
..Relationship with the problem management process
Producing and maintaining an availability plan – This plan has to be updated at least once
every year!
Reporting
The techniques of availability management
..SOA – Service Outage Analysis
..SPOF Analysis – Single Point of Failure Analysis
..CFIA – Component Failure Impact Analysis
..TOP – Technical Observation Post
..CRAMM – CCTA Risk Analysis Management Method
42
..FTA – Fault Tree Analysis
The terminology of availability management
Availability: Key indicator of the service provided. It should be defined in the Service Level
Agreement.
Reliability: Reliability of the service is made up out of the reliability of service components and
the resilience of the IT infrastructure.
Serviceability: Contractual arrangements with third parties in regards to maintenance.
Maintainability: The ability of the IT group to maintain the IT infrastructure in operational state
and available according to the agreed service levels.
Security: Confidentiality, Integrity and Availability (CIA) of data.
Resilience: The ability of individual components to absorb or be flexible in times of stress.
Availability relationship with other processes
The connection between incident management (detection), problem management (diagnosis),
change management (repair time) and availability management is shown in the following
diagram:
The following metrics are commonly used in availability management:
..Mean Time to Restore Services – MTTRS: average time between the occurrence of a fault and
service recovery (or the downtime)
..Mean Time Between Failures – MTBF: mean time between the recovery from one incident and
the occurrence of the next incident
..Mean Time Between System Incidents – MTBSI: mean time between the occurrences of two
consecutive incidents. The MTBSI = MTTR + MTBF
The ratio of MTBF to MTBSI shows if there are many minor faults or just a few major faults.
Availability reports may include the following metrics:
..Rate of availability (or unavailability) in terms of MTRS, MTBF and MTBSI
..Over all uptime and downtime, number of faults
43
..Additional information about faults which actually, or potentially, result in a higher than
agreed unavailability
IT service continuity management
Why have IT service continuity management?
As technology is a core component of most business processes, continued or high availability of
IT is critical to the survival of the organisation as a whole. This is achieved by introducing risk
reduction measures and recovery options. Like all elements of ITSM, successful implementation
of ITSCM can only be achieved with senior management commitment and the support of all
members of the organisation. Ongoing maintenance of the recovery capability is essential if it is
to remain effective. The purpose of ITSCM is to maintain the necessary ongoing recovery
capability within the IT services and their supporting components.
The objectives of IT service continuity management
The objective for ITSCM is to support the overall business continuity management process by
ensuring that the required IT technical and services facilities (including computer systems,
networks, applications, telecommunications, technical support and service desk) can be
recovered within required, and agreed, business timescales.
The activities of IT service continuity management
The diagram, on the previous page, shows the four stages of ITSCM, incorporating each of the
activities that take place to ensure that IT organisations are as prepared and organised as possible
in the event of a disaster situation. Stage 1 is really an activity that has to be done by the business,
so IT can figure out what it is that BCM do? The IT organisation has to provide details with how
44
they will support this BCM by the continuation of delivery of IT services in times of crisis and
disaster.
Two of the major data sources for ITSCM are developed within requirement and strategy,
including business impact analysis and risk assessment.
Stage 1: initiation
..Link with business continuity plan
..Policy setting
..Terms of reference and scope
..Allocate resources
Stage 2: requirements and strategy
..Input from availability management and security management (risk assessment)
..Business impact analysis
..Discuss recovery options (link to SLM)
Stage 3: implementation
..Write continuity plans, including:
zzEmergency response plan
zzDamage assessment plan
zzSalvage plan
zzCrisis management and PR plan
..Implement standby arrangements
..Implement recovery options
..Test the plans
..Develop and implement procedures and working instructions
Stage 4: operational management
..Link ITSCM to change management to keep plans and recovery options up to date
..IT staff need to be aware and trained to use the plans
..Continuous improvement of the process through review and testing
Risk analysis technique
Risk Analysis and Management Method (CRAMM) – a phased approach:
..Identify components
..Analyse the threats
..Assess the vulnerabilities
..Evaluate threats and vulnerabilities to provide an estimate of the risks
The terminology of IT service continuity management
Recovery options:
Do nothing: sometimes the business can function without this service.
Manual work around: administrative actions, takes lot of resource to enter data back into
systems.
45
Reciprocal arrangements: agree to use the infrastructure of another organisation, especially
for batch processing.
Gradual recovery (cold standby): an empty room available (in house or outsourced service),
mobile or fixed, where IT infrastructure can be rebuilt. (Takes longer than 72 hours to recover).
Intermediate recovery (warm standby): a contract with a third party/supplier recovery
organisation to use their infrastructure in a contingency situation. Backup tapes should be
available at the crisis site at all times. (Takes 24 to 72 hours to recover).
Fast recovery (hot standby): this option (sometimes referred to as hot standby) provides for fast
recovery and restoration of services, and is sometimes provided as an extension to the
intermediate recovery provided by a third party recovery provider.
Where there is a need for a fast restoration of a service, it is possible to rent floor space at the
recovery site and install servers or systems with application systems and communications already
available, and data mirrored from the operational servers. In the event of a system failure, the
customers can then recover and switch over to the backup facility with little loss of service. (This
typically involves the re-establishment of the critical systems and services within a 24 hour
period).
Immediate recovery (also known as hot standby): a full duplication of system (minus
components) for instantaneous recovery. This option (also often referred to as hot standby,
mirroring, and load balancing or split site) provides for immediate restoration of services, with
no loss of service. For business critical services, organisations requiring continuous operation
will provide their own facilities within the organisation, but not on the same site as the normal
operations. Sufficient IT equipment will be dual located in either an owned or hosted location
to run the complete service from either location in the event of loss of one facility, with no loss
of service to the customer. The second site can then be recovered whilst the service is provided
from the single operable location. This is an expensive option, but may be justified for critical
business processes or VBFs where non-availability for a short period could result in a
significant impact, or where it would not be appropriate to be running IT services on a third
party’s premises for security or other reasons. The facility needs to be located separately and
far enough away from the home site, that it will not be affected by a disaster affecting that
location. However, these mirrored servers and sites options should be implemented in close
liaison with availability management, as they support services with high levels of availability.
Information security management
Why have information security management?
ISM needs to be considered within the overall corporate governance framework. Corporate
governance is the set of responsibilities and practices exercised by the board and executive
management, with the goal of providing strategic direction, ensuring the objectives are achieved,
ascertaining the risks are being managed appropriately and verifying that the enterprise’s
resources are used effectively. Information security is a management activity within the
corporate governance framework, which provides the strategic direction for security activities
and ensures objectives are achieved. It further ensures that the information security risks are
appropriately managed and that enterprise information resources are used responsibly. The
46
purpose of ISM is to provide a focus for all aspects of IT security and manage all IT security
activities.
The term information is used as a general term and includes data stores, databases and metadata.
The objective of information security is to protect the interests of those relying on information,
and the systems and communications that deliver the information, from harm resulting from
failures of availability, confidentiality and integrity.
The objectives of information security management
The goal of the information security management process is to align IT security with
organisation security and ensure that information security is effectively managed in all service
and service management activities.
Security objectives in most organisations are met when:
..Information is available and usable when required, and the systems that provide it can
appropriately resist attacks and recover from or prevent failures availability
..Information is observed by, or disclosed, to only those who have a right to know
(confidentiality)
..Information is complete, accurate and protected against unauthorised modification (integrity)
..Business transactions, as well as information exchanges between partners, can be trusted
(authenticity and non-repudiation)
Security controls
Preventive
..Preventing security incidents from occurring
Reductive
..Taking action to reduce the damage caused by security incidents
Detective
..Detecting security incidents quickly
Repressive
..Preventing further occurrences of a specific security incident
Corrective
..Having tested plans to recover from security incidents
The activities of information security management
..Production, review and revision of an overall information security policy and a set of
supporting specific policies
..Communication, implementation and enforcement of the security policies
..Assessment and clarification of all information assets and documentation
..Implementation, review, revision and improvement of a set of security controls and risk
assessment and responses
..Monitoring and management of all security breaches and major security incidents
..Schedule and completion of security reviews, audits and penetration tests
48
This must be followed by everyone!
Information security management terminology
Confidentiality – protecting information against unauthorised access and use.
Integrity – accuracy, completeness and timeliness of the information.
Availability – the information should be accessible at any agreed time. This depends on the
continuity provided by the information processing systems.
Security baseline – The security level adopted by the IT organisation for its own security, and
from the point of view of good due diligence.
Security incident – any incident that may interfere with achieving the SLA security requirements;
materialisation of a threat.
Verifiability – ability to verify that information is used correctly and that security measures are
effective.
Security baseline – the security level adopted by the IT organisation for its own security and from
the point of view of good due diligence.
Information security management relationship with other ITIL processes
..Information security management sets policy for all other processes
..Availability management performs risk assessment for Confidentiality, Integrity and
Availability (CIA) on Data. Security management uses this information for IT security
..Change management and release management implement changes regarding security
measures and security policy
..Service level management has security measures as part of a service catalogue, SLAs and
other SLM documents
..Access management helps to protect the confidentiality, integrity and availability (CIA) of assets;
therefore it is the execution of policies and actions defined in information security and availability
management
Supplier management
Why have supplier management?
The supplier management process ensures that suppliers and the services they provide are managed
to support IT service targets and organisation expectations.
It is essential that supplier management processes and planning are involved in all stages of the
service lifecycle, from strategy and design, through transition and operation, to improvement. The
complex organisation demands require the complete breadth of skills and capability to support
provision of a comprehensive set of IT services to a business. Therefore, the use of value networks
and the suppliers (and the services they provide) are an integral part of any end to end solution.
Suppliers and the management of suppliers and partners are essential to the provision of quality IT
services.
The purpose of the supplier management process is to obtain value for money from suppliers and
to ensure that suppliers perform to the targets contained within their contracts.
The objectives of supplier management
49
The goal of the supplier management process is to manage suppliers and the services they
supply, to provide seamless quality of IT service to the organisation, ensuring value for money is
obtained.
The main objectives of the supplier management are to:
..Obtain value for money from suppliers and contracts
..Work with SLM to ensure UCs support and are aligned with business needs, SLRs and SLAs
..Negotiate and agree UCs and manage through their lifecycle
..Manage supplier relationships and performance
..Maintain a supplier policy and a Supplier and Contract Database (SCD)
The activities of supplier management
All supplier management process activity should be driven by service strategy and policy. In order
to achieve consistency and effectiveness in the implementation of the policy, a Supplier and
Contract Database (SCD) should be established.
Ideally, the SCD should form an integrated element of the larger service knowledge management
system, recording all suppliers and contract details, together with the types of service, products etc
provided by each supplier, and all the other information and relationships with other associated
CIs.
This will also contribute to the information held in the service portfolio and service catalogue. The
information within the SCD will provide a complete set of reference information for all supplier
management procedures and activities.
50
Although supplier management is firmly placed within the service design Phase of the lifecycle,
some of the activities are carried out in the other lifecycle phases too.
..Supplier categorisation and maintenance of the SCD (occurs within the service design phase)
..Evaluation and setup of new Suppliers and contracts (occurs within the service design phase)
..Establishing new suppliers (occurs within the service transition phase)
..Supplier and contract management and performance (occurs within the service operation
phase)
..Contract renewal and termination (occurs within the service operation phase)
The terminology of supplier management
UC: Underpinning Contract.
SCD: Supplier and Contract Database.
SLR: Service Level Requirements.
SLA: Service Level Agreement.
SSIP: Supplier Service Improvement Plans – used to record all improvement actions and plans
agreed between suppliers and service providers.
Supplier service reports: feedback gathered from all individuals that deal directly with
suppliers. Results are collated and reviewed by supplier management, to ensure consistency in
quality of service provided by suppliers in all areas. These can also be published in league tables
to encourage competition between suppliers.
Shared risk and reward: e.g. agreeing how investment costs and resultant efficiency benefits
are shared, or how risks and rewards from fluctuations in material costs are shared.
Supplier and contract review meetings: all details are recorded in meeting minutes.
Supplier and contract performance reports: used as input for the supplier and contract review
meetings to manage the quality of the service provided by suppliers and partners. This should
include information on shared risk, when appropriate.
Service catalogue management
51
Why have service catalogue management?
This process ensures that a service catalogue is produced, maintained and contains accurate
information on all operational services and those being developed.
The purpose of service catalogue management is to provide a single source of consistent
information on all of the agreed services, and ensure that it is widely available to those who are
approved to access it.
The objectives of service catalogue management
..To ensure that a service catalogue is produced and maintained, containing accurate
information on all operational services and those being prepared to be run operationally
..To manage the information contained within the service catalogue, and to ensure that it is
accurate and reflects the current details, status, interfaces and dependencies of all services
that are being run, or being prepared to run, in the live environment
The value to the business of a service catalogue
The service catalogue provides a central source of information on the IT services delivered by
the service provider. This ensures that all areas of the organisation can view an accurate,
consistent picture of the IT services, their details and their status. It contains a customer facing
view of the IT services in use, how they are intended to be used, the organisation processes they
enable, and the levels and quality of service the customer can expect for each service.
The activities of service catalogue management
The service catalogue management activities should include:
..Definition of the service
..Production and maintenance of an accurate service catalogue
..Interfaces, dependencies and consistency between the service catalogue and service portfolio
..Interfaces and dependencies between all services and supporting services within the service
catalogue and the CMS
..Interfaces and dependencies between all services, and supporting components and
Configuration Items (CIs) within the Service Catalogue and the CMS
The service catalogue has two aspects:
Business service catalogue: contains details of all the IT service delivered to the customer,
together with relationships to the business units and the business process that rely on the IT
services. This is the customer view of the service catalogue.
Technical service catalogue: contains details of all the IT service delivered to the customer,
together with relationships to the supporting services, shared services, components and
configuration items necessary to support the provision of the service to the business. This should
underpin the business service catalogue and not form part of the customer view.
The terminology of service catalogue management
SLA: Service Level Agreements
SLR: Service Level Requirements
OLA: Operational Level Agreements
BIA: Business Impact Analysis
CI: Configuration Items
52
Service Transitionشرح و توضیح مفاهیم مطرح در فرایند .5
نقش انتقال خدمت، تحویل دارند. عملیاتی شود که نیاز تجاریهایی مربوط میانتقال سرویس به تحویل سرویس
وکار به کاربرد عملیاتی است. انتقال خدمت این کار را از طریق دریافت بسته طراحی خدمت خدمت موردنیاز کسب
حله طراحی خدمت و تحویل تمامی عناصر موردنیاز برای انجام و پشتیبانی خدمت مستمر به مرحله عملیاتی از مر
وکار در خالل طراحی تغییر نماید آنگاه ممکن های کسبرساند. چنانچه شرایط، مفروضات یا نیازمندیبه انجام می
ل خدمت موردنیاز باشیم.منظور تحویاست نیازمند تغییراتی در حین مرحله انتقال خدمت به
ر ها دهای کاربردی و چگونگی استفاده از آنفقط برنامههای خدمت و نهسازی تمام جنبهانتقال خدمت روی پیاده
شرایط نرمال تمرکز دارد. این موضوع مستلزم تضمین این نکته است که خدمت بتواند در شرایط بد و غیرطبیعی
خرابی و خطاهای موجود پشتیبانی ارائه نماید. این موضوع مستلزم شناخت بینی عمل کند و در برابرقابل پیش
کافی از موارد زیر است:
گیرد.شده و یا توسط او مورد قضاوت قرار میوکار بالقوه و کسی که ارزش به او تحویلارزش کسب
هاکننده، مشتری و دیگر زمینهشناسایی تمام ذینفعان در بین تأمین
بردی و انطباقی طراحی خدمت، شامل چیدمان تغییرات طراحی که در خالل انتقال نیاز به های کاربرنامه
آن احساس شده است.
های کلیدیمسئولیت
ای که استفاده کارا و اثربخش از خدمات جدیداً تغییریافته را ریزی شدههای پایهوسیله مسئولیتانتقال خدمت به
ی این فرایند عبارتند از:های کلیدیتشود. مسئولکند، پشتیبانی میتسهیل می
منظور انتقال اثربخش یک خدمت که برای دانستن ها بهنامهفهم تمامی خدمات، تسهیالت و ضمانت
وکار )تسهیالت( و تضمین این موضوع های رفع شده کسبماهیت و هدفش ازلحاظ نتایج و یا محدودیت
ها(.امهنکه خدمات عمومی تحویل داده خواهد شد )ضمانت
سازی تمامی تغییرات موردنیاز، انسجام و جامعیت ایجاد یک سیاست رسمی و چارچوب معمول برای پیاده
ها نادیده گرفته نشده و بنابراین باعث شکست خدمت کنند که خدمات، ذینفعان، دیگر فرصتتضمین می
نشده است.
53
ل دیگر، ها و عوامد از فرایندها، سیستمگیری و استفاده مجدپشتیبانی از تبادل دانش، پشتیبان تصمیم
شود، تضمین دانش مناسب در های مربوطه ارائه میانتقال خدمت اثربخش با مشارکت تمام قسمت
استفاده مجدد در شرایط مشابه آینده است.دسترس است و کاری که به انجام رسیده قابل
نانه( و تعیین احتیاجات محتمل دوره صورت فعال بوده )پیشبیبینی و مدیریت دوره اصالحات بهپیش
امل صورت کصورت منطقی انجام و بهکه عواملی از یک خدمت نیازمند تنظیم باشند، بهاصالحات، هنگامی
مستندسازی خواهد شد.
های انتقال خدمت در چرخه عمر خدمت.اطمینان از مشارکت انتقال خدمت و نیازمندی
رخی از فرایندهای مهم در انتقال خدمت در تمامی فرایندهای چرخه عمر در مجموعه فرایندهای انتقال خدمت، ب
ها تأثیرگذارند. بانی در کل مراحل چرخه عمر دارند و در آنهستند، نقش ورودی و مالحظات کنترلی و دیده
اند:مجموع فرایندهای چرخه عمر عبارت
مدیریت تغییر
دارایی خدمت و مدیریت پیکربندی
مدیریت دانش
ند از:نحصر به این مرحله نیستند عبارتندهایی که روی انتقال خدمت تمرکز دارند ولی مفرای
ریزی و پشتیبانی انتقالبرنامه
مدیریت توسعه و نسخه
تست و تأیید اعتبار خدمت
ارزیابی
مدیریت تغییر
وزدار، ابی، مجشده ذخیره، ارزیکننده این موضوع است که تغییرات طی یک روش کنترلمدیریت تغییر تضمین
سازی، مستند و بازبینی شده باشد.ریزی، آزمون، پیادهبندی، برنامهاولویت
های استانداردشده برای اعمال سریع و کارای هدف از فرایند مدیریت تغییر تضمین این موضوع است که روش
کلیه شده است و تمام تغییرات استفاده شده است، تمامی این تغییرات در سیستم مدیریت پیکربندی ضبط
دهد.فرایند تمامی تغییرات خدمت را نشان میاین اند.شدهوکار بهینهمخاطرات کسب
54
ریزی شده یا پشتیبانی شده و تغییر خدمت اضافه کردن، تغییر یا حذف یک خدمت یا جزء خدمت مجاز، برنامه
مستندات مربوطه است.
ست و برای تمامی سطوح مدیریت خدمت )استراتژیکی، تاکتیکی بنابراین مدیریت تغییر مربوط به تمام چرخه عمر ا
شود.و عملیاتی( به کار برده می
ر پی تر تغییرات را دتر و سریعسازی دقیقمدیریت تغییر، کاهش در خطاهای خدمات جدید یا تغییریافته و پیاده
وکار ه بیشترین سود را برای کسبها و منابع محدود روی تغییراتی کشود سرمایهدارد. مدیریت تغییر باعث می
دارند، تمرکز داده شوند.
13(SACMمدیریت پیکربندی و دارایی خدمت )
SACM ها که زیرساخت یک سازمان را تشکیل ها و ارتباط آنوسیله ارائه اطالعات دقیق و کنترل تمامی داراییبه
کند.وکار را پشتیبانی میدهد، کسبمی
( حفاظت و تضمین Clهای پیکربندی )های خدمت و بخشرل و حسابداری داراییشناسایی، کنت SACMهدف از
یکپارچگی آن در چرخه عمر خدمت است.
های مشترك دهندگان داخلی و خارجی که داراییهای فناوری اطالعات و ارائههمچنین به دارایی SACMحوزه
نیازمند به کنترل دارند تعمیم داده شده است.
نیازمند استفاده از سیستم پشتیبانی است SACMهای بزرگ و پیچیده ری اطالعات و زیرساختبرای خدمات فناو
شود.شناخته می 14(CMSعنوان سیستم مدیریت پیکربندی )که به
مدیریت دانش
هدف از مدیریت دانش تضمین این موضوع است که فرد درست با دانش درست، در زمان درست خدمات موردنیاز
نماید؛ که خود باعث موارد زیر است:حویل و پشتیبانی میوکار را تکسب
خدمات کاراتر با کیفیتی بهبودیافته
13 service asset and configuration management 14 configuration management system
55
شدهفهم واضح و متداول از ارزش خدمت ارائه
اطالعات مرتبط که همیشه در دسترس باشد.
–استفاده لغیرقاب –های خام خرد( قرار دارد که داده –دانش –اطالعات –در قلب مدیریت دانش ساختار )داده
کند. این موضوع با سیستم مدیریت دانش خدمت، نگهداری اطالعات و دانش های باارزش تبدیل میرا به دارایی
شود.های پیکربندی و دارایی تبیین میو خرد حاصل از داده
ریزی و پشتیبانی انتقالبرنامه
از: است ریزی و پشتیبانی انتقال عبارتهدف برنامه
های استراتژی خدمت که در طراحی منظور تضمین اینکه نیازمندیو هماهنگی منابع بهریزی برنامه
خدمت گنجانده شده است به نحو اثربخشی در عملیات خدمت قابل تشخیص باشد.
های انتقالشناسایی، مدیریت و کنترل مخاطرات خرابی و اختالل در فعالیت
ی از منظور مدیریت حجم زیاددهنده خدمت را بهد توانایی یک ارائهتوانریزی و پشتیبانی انتقال اثربخش میبرنامه
توجهی بهبود بخشد.طور قابلها بر پایه مشتری بهتغییر و نسخه
مدیریت توسعه و نسخه
منظور تولید و ایجاد های خدمات بهآوری و جاگذاری تمام جنبههدف از فرایند مدیریت توسعه و نسخه، جمع
خدمات جدید یا تغییریافته است. استفاده اثربخش آن
وکار را با انجام تغییرات با سرعت، خطر و هزینه بهینه و ارائه توجهی از کسبتوسعه و نسخه اثربخش، ارزش قابل
استفاده و مفید، موجب خواهد شد.وکار قابلسازی سازگار، مناسب و قابل ممیزی از خدمات کسبیک پیاده
ی، منظور استفاده عملیاتسازی خدمات جدیداً تغییریافته را بهآوری و پیادهحل جمعمدیریت توسعه و نسخه کل مرا
دهد.ریزی نسخه تا پشتیبانی از حیات اولیه، پوشش میاز برنامه
اعتبارسنجی و آزمون خدمت
56
یچگونگی استفاده آن و روشی که ساخته شده است. تمام –آزمون موفق به فهم کلی نگرانه خدمت بستگی دارد
وکار ممکن نیاز به آزمون مناسب دارند، تأمین اعتبارسنجی موردنیاز کسب –شده داخلی یا خریداری –خدمات
دستیابی باشد.وکار توافق شده، قابلاست از محدوده کاملی از شرایط مورد انتظار تا حد مخاطره کسب
از این موضوع است که خدمت جدیداً ایمشاهدههدف کلیدی از آزمون و اعتبارسنجی خدمت ارائه نمونه قابل
کند.های توافق شده، پشتیبانی می SLAوکار، شامل های کسبتغییریافته از نیازمندی
تفصیل بیان شده، شامل ها که در بسته طراحی خدمت بهنامهخدمات آشکارا و واضح در برابر تسهیالت و ضمانت
گیرد.وکار مورد آزمایش قرار میلیت استفاده و رگرسیون کسبپذیری، استمرار، امنیت، قابآزمون عملکرد، دسترس
ارزیابی
وکار برای انتقال خدمت موفق، مهم است و این موضوع به اطمینان از اطمینان از مفید بودن خدمت برای کسب
یابد.های سنجش و معیارهای مناسب، تعمیم میوسیله ایجاد تکنیکاستمرار خدمت به
پردازد:نتقال خدمت توجه دارد، به موارد مرتبط به موارد ذیل میارزیابی به ورودی ا
وکار واقعیهای کسبطراحی خدمت و خود روش انتقال و تناسب خدمت جدید یا تغییریافته با عملیات و محیط
مورد انتظار و پیش رو
های عملیاتی مرحله انتقال خدمتفعالیت
تقال تری از انها کاربرد گستردهعملیاتی تمرکز دارد. این فعالیت هایانتقال خدمت همچنین روی برخی از فعالیت
خدمت داشته و به شرح زیر هستند:
شده در مدیریت خدمت فناوری اطالعاتمدیریت ارتباطات و توافقات انجام
مدیریت تغییر سازمانی و ذینفعان
مدیریت ذینفعان
های کلیدیسازمان انتقال خدمت و نقش
های کلیدیشها و نقمسئولیت
57
دهی شوند، بایست برای انجام کارا و اثربخش کارها سازماندهنده انتقال خدمت در یک سازمان میافراد ارائه
بینی نیست که یک سازمان نوعی گروه جداگانه از افراد های متنوعی برای ارائه این کار وجود دارد. قابل پیشگزینه
بدین –ها مورداستفاده قرار دهد ا در مقابل، روندی از تجربه و مهارترا برای ایفای این نقش در نظر بگیرد و ی
.معنی که افراد در مراحل مختلف چرخه عمر مشارکت نمایند
The goals of service transition
“Aligning the new or changed service with the organisational requirements and
organisational operations”
..Plan and manage the capacity and resources required to package, build, test and deploy a
release into production
..Provide a consistent and rigorous framework for evaluating the service capability and risk
profile before a new or changed service is released
..Establish and maintain the integrity of all identified service assets and configurations
..Provide good quality knowledge and information to expedite effective decisions about
promoting a release
..Provide efficient, repeatable build and installation mechanisms to deploy releases to test and
production
..Ensure that the service can be managed, operated and supported in accordance with service
design
Other objectives include:
..Align the new or changed service with the organisation requirements and business operations
..Ensure that customers/users can use the new or changed service in a way that maximises
value to the organisation operations
..Plan and manage resources so that transitions come in on time, cost and quality
..Ensure minimum impact on current services
..Increase customer, user and service support satisfaction
Value to the organisation/business of service transition
Creates value for the business by improving:
..The ability to adapt quickly to new requirements
..The success rate of changes and releases for the organisation
..The predictions of service levels and warranties for new and changed services
..Confidence in the degree of compliance with the organisation requirements during change
..Clarity of plans so the business can link their organisation change plans to transition plans
All the above give competitive edge and help the agility and flexibility and the organisation.
The scope of service transition
58
The scope of service transition includes the management and coordination of the processes,
systems and functions to package, build, test and deploy a release into production and establish
the service specified in the customer and stakeholder requirements.
The following activities are excluded from the scope of service transition best practices:
..Minor modifications to the production services and environment, for example, replacement of
a failed PC or printer, installation of standard software on a PC or server, new user
..Ongoing continual service improvements that do not significantly impact the services or service
provider’s capability to deliver the services, for example, request fulfilment activities driven
from service operations
Service transition processes
..Knowledge management
..Change management
..Release and deployment management
..IT service asset and configuration management
..Service validation and testing
Knowledge management
Why have knowledge management?
An organisations ability to deliver a quality service or process rests, to a significant extent, on its
ability to respond to circumstances. To enable this to happen, those involved must have a sound
understanding of the situation, the options, consequences and benefits. An example of this
knowledge in the service transition phase may include:
..Identity of stakeholders
..Acceptable risk levels and performance expectations
..Available resource and timescales
The quality and relevance of the knowledge rests in turn on the accessibility, quality and
continued relevance of the underpinning data and information available to service staff.
The objectives of knowledge management
“The goal of knowledge management is to enable organisations to improve the quality of
management decision-making by ensuring that reliable and secure information and data is
available throughout the service lifecycle”
The primary purpose is to improve efficiency by reducing the need to rediscover knowledge.
This is achieved by:
..Enabling the service provider to be more efficient and improve the quality of the service,
reduce costs, increase satisfaction
..Ensuring staff have a clear and shared understanding of the value that their services provide
to customers and how they are realised
..Ensuring that, as required, service provider staff have adequate information on –
Who is currently using the service they are providing
The current states of consumption
Service delivery constraints
59
Difficulties faced by customers, realising the expected benefits from services
The above diagram is a very simplified illustration of the relationship of the three levels, with data
being gathered within the CMDB, and feeding through the CMS into the SKMS as information to
support the informed decision making process.
Value to the organisation of knowledge management
Knowledge management is especially significant within service transition since relevant and
appropriate knowledge is one of the key service elements being transitioned. Examples where
successful transition rests on appropriate knowledge management include:
..User, service desk, support staff and supplier understanding of the new or changed service,
including knowledge of errors signed off before deployment, to facilitate their roles within
that service
..Awareness of the use of the service, and the discontinuation of previous versions
..Establishment of the acceptable risk and confidence levels associated with the transition, e.g.
measuring, understanding and acting correctly on results of testing and other assurance
results
Effective knowledge management is a powerful asset for people in all roles across all stages of
the service lifecycle. It is an excellent method for individuals and teams to share data,
information and knowledge about all facets of an IT service. The creation of a single system for
knowledge management is recommended.
The activities of knowledge management
Knowledge identification capture and maintenance – Specifically knowledge management
will identify and plan for the capture of relevant knowledge and the consequential information
and data that will support it.
Knowledge transfer – This is the activity through which one unit (e.g. group or department) is
affected by the experiences of another. The form of knowledge transfer must suit those who will
use it, examples of criteria/examples that can be used are:
..Learning styles
..Knowledge visualisation
..Driving behaviour
..Seminars, webinars and advertising
..Journals and newsletters
60
The transfer of knowledge can be observed through changes in the knowledge or performance or
recipients, and at an individual or unit level.
Data and information management – Knowledge rests on the management of the information
and data that underpins it. For this process to be efficient it requires answers to some key input
questions, such as how the data and information will be used, what conditions will need to be
monitored, what data is available, what are the associated costs, legislative and requirements etc.
Establishing data and information requirements – Often, data and information is collected
with no clear understanding of how it will be used and this can be costly. Efficiency and
effectiveness are delivered by establishing the requirements for information.
Establishing data and information management procedures – When the requirements have
been set up, data and information management to support knowledge management can be
established. This will include, defining procedures required to maintain the data and information,
procedures for access, storage (including backup and recovery), retrieval, rights and
responsibilities etc.
Evaluation and improvement – As with all processes, the capture and use of data and
information to support knowledge management and decision making requires attention to
ongoing improvement.
The service improvement plan, produced by the Service Level Manager, will use the following
relevant input:
..Measurements of the use made of the data transactions
..Evaluate usefulness of the data and information
..Identification of any data or information (or registered users) that is no longer to the
organisation’s knowledge requirements
The terminology of knowledge management
SKMS: Service knowledge management System
CMS: Configuration Management System
KEDB: Known Error Database
DML: Definitive Media Library. The secure library in which the definitive authorised versions
of all media CIs are stored and protected. The DML should include definitive copies of
purchased software (along with license documents or information), as well as software
developed on site
Change management
Why have change management?
Change is inevitable, and the rate of change in technology is increasing and the organisation’s
processes and business models constantly have to adapt to the economic climate, competitive
pressures, and the opportunity to create through change and innovation. Change management, as
a discipline in distributed computing is usually somewhat lacking. Yet, change management for
IT operations is critical to improving availability, performance and throughput. Strong operational
change management reduces errors, as well as planned and unplanned downtime.
Changes arise for a variety of reasons:
..Proactively, e.g. seeking organisational benefits such as reducing costs or improving services
or increasing the ease and effectiveness of support
61
..Reactively as a means of resolving errors and adapting to changing circumstances
Changes should be managed to:
..Optimise risk exposure (supporting the risk profile required by the organisation)
..Minimise the severity of any impact and disruption
..Be successful at the first attempt
Such an approach will deliver direct financial benefit for the organisation by delivering early
realisation of benefits (or removal of risk), with a saving of money and time.
To make an appropriate response to all requests for change entails a considered approach to
assessment of risk and business continuity, change impact, resource requirements, change
authorisation and especially to the realisable organisation benefit. This considered approach is
essential to maintain the required balance between the need for change and the impact of the
change.
The objectives of change management
The goal of the change management process is to ensure that standardised methods and
procedures are used for efficient and prompt handling of all changes, in order to minimise the
impact of change related Incidents upon service quality, and consequently to improve the day to
day operations of the organisation.
Other objectives include:
..Respond to changing business requirements
..Minimise impact/risk of implementing changes
..Ensure all changes are approved at the appropriate level with the business and IT
..Implement changes successfully
..Implement changes in times that meet business needs
..Use standard processes to record all changes
Not every change is an improvement, but every improvement is a change!
The scope of change management
Addition, modification or removal of:
..Any service or configuration Item or associated documentation
Including
..Strategic, tactical and operational changes
Excluding
..Business strategy and process
..Anything documented as out of scope
The activities of change management
Activities undertaken will involve:
..Change logging and filtering/acceptance
Does the RFC (request for change) have enough, quality, information
Unique identification number
Filter out impractical RFCs and provide feedback to issuer
62
..Managing changes and the change process
zzPrioritise RFCs (based on risk assessment)
zzCategorise RFCs (e.g. minor, significant or major impact)
..Chairing the CAB (Change Advisory Board) and the ECAB (Emergency Change Advisory
Board)
zzAssess all RFCs (but not all during the meeting!! CAB is a consulting body)
zzImpact and resource assessment
zzApproval based on financial, business and technical criteria
zzThe Forward Schedule of Change (FSC)
..Coordinate the change
zzSupported by release management, change management coordinates the building,
testing and implementation of the change
..Reviewing and closing RFCs
..Management reporting
Emergency changes follow the same steps, but usually in a different order. The ECAB approves
an emergency change immediately and the building, testing and implementation are done before
the paperwork, which is usually completed retrospectively, but don’t forget the documentation!
63
The value to the organisation of change management
..Prioritising and responding to organisation and customer/user change proposals
..Implementing changes that meet the customers’ agreed service requirements while
optimising costs
..Contributing to meet governance, legal, contractual and regulatory requirements
..Reducing failed changes and therefore service disruption, defects and rework
..Delivering change promptly to meet business timescales
..Tracking changes through the service lifecycle
..Contributing to better estimations of the quality, time and cost of change
..Assessing the risks associated with the transition of services
..Aiding productivity of staff through minimising disruptions due to high levels of unplanned
or emergency change and hence maximising service availability
..Reducing the Mean Time to Restore Service (MTRS), via quicker and more successful
implementations of corrective changes
The terminology of change management
Normal change
A change that follows all of the steps of the change process.
Standard change
A pre-approved change that is low risk, relatively common and follows a procedure or work
instruction, e.g. password reset or provision of standard equipment to a new employee. RFC’s
are not required to implement a standard change, and they are logged and tracked using a
different mechanism, such as a service request.
Emergency change
A change that must be introduced as soon as possible. e.g. to resolve a major incident or
implement a security patch. The change management process will normally have a specific
procedure for handling emergency changes.
Requests for change
Every change to the IT Infrastructure has to go through change management. A Request for
Change (RFC) is formally issued for every change request.
The Change Manager
Responsible for the change management process.
Change Advisory Board (CAB)
A dynamic group of people (depending on the change) that approve changes with medium to
high priority, risk and impact.
CAB/EC
CAB Emergency Committee approves and authorises changes with high urgency, risk and
impact.
Change models
Some organisations use change models prior to implementation to estimate the impact of the
change. Change management and capacity management work together on this.
64
FSC
The Forward Schedule of Change (FSC) contains details of all approved changes and their
proposed implementation date.
Release and deployment management
Why have release and deployment management
The goal of release and deployment management is to deploy releases into production and enable
effective use of the service in order to deliver value to the organisation/customer/user.
The objectives of release and deployment management
The objective of release and deployment management is to build, test and deliver the capability
to provide the services specified by service design. This includes the processes, systems and
functions to package, build, test and deploy a release into production and prepare for service
operation.
Other objectives include:
..To provide clear and comprehensive plans enabling change projects to align their activities
..To ensure that the hardware and software being changed is traceable, secure and that only
correct, authorised and tested versions are installed
..To ensure that master copies of all software are secured in the Definitive Media Library
(DML)
..To ensure that release packages are built, installed, tested and deployed efficiently
..To ensure that skills and knowledge are transferred to operations and support staff
..To ensure that new or changed services meet the utility, warranty and service levels
..Minimise unpredicted impact
..To communicate and manage expectations of the customer during the planning and rollout of
new releases
The scope of release and deployment management
The scope of release and deployment management includes the processes, systems and functions
to package, build, and test and deploy a release into production and establish the service
specified in the service design package before final handover to service operations.
The value to the organisation of release and deployment management
Effective release and deployment management enables the service provider to add value to the
organisation by:
..Delivering change, faster and at optimum cost and minimised risk
..Assuring that customers and users can use the new or changed service in a way that supports
the organisation goals
..Improving consistency in implementation approach across the organisation change, service
teams, suppliers and customers
Release and deployment management activities
..Release policy and planning
..Release design, build and configuration
..Release testing and acceptance
65
..Deployment and planning
..Extensive testing to predefined acceptance criteria
..Sign off of the release for implementation
..Communication, preparation and training
..Audits of hardware and software prior to and following the implementation of changes
..Installation of new or upgraded hardware
..Storage of controlled software in both centralised and distributed systems
..Release, deployment and the installation of software
Release units
A release unit describes the portion of a service or IT infrastructure that is normally released
together according to the organisation’s release policy. The unit may vary, depending on the
type(s) or item(s) of service asset or service component, such as software and hardware.
The objective is to decide the most appropriate release unit level for each service asset or
component. An organisation may, for example, decide that the release unit for critical applications
is the complete application in order to ensure that testing is comprehensive. The same organisation
may decide that a more appropriate release unit for a website is at the page level.
The following factors should be taken into account when deciding the appropriate level for
release units:
..The ease and amount of change necessary to release and deploy a release unit
..The amount of resources and time needed to build, test, distribute and implement a release
unit
..The complexity of interfaces between the proposed unit and the rest of the services and IT
infrastructure
Release and deployment options
Big bang – The new or changed service is deployed to all user areas in one operation. This will
often be used when introducing an application change and consistency of service across the
organisation is considered important.
Phased – The service is deployed to a part of the user base initially, and then this operation is
repeated for subsequent parts of the user base via a scheduled rollout plan.
Push – Is used where the service component is deployed from the centre and pushed out to the
target locations.
Pull – Used for software releases, where the software is made available in a central location, but
users are free to pull the software down to their own location at a time of their choosing or when
a workstation restarts.
Automation – Helps to ensure repeatability and consistency. The time required to provide a well
designed and efficient automated mechanism may not always be available or viable.
Manual – Important to monitor and measure the impact of many repeated manual activities, as
they are likely to be inefficient and error prone.
The terminology of release and deployment management
Release – A collection of authorised changes to an IT service.
Release unit – The portion of the IT infrastructure that is released together, e.g. major release:
major roll out of new hardware and/or software; minor release: a few minor improvements and
66
fixes to known errors. Emergency fix: a temporary or permanent quick fix for a problem or
known error.
Definitive Spares (DS) – (previously known as DHS) Physical storage of all spare IT
components and assemblies maintained at the same level as within the live environment. These
can then be used when needed for additional systems or in the recovery from incidents (details
are recorded in the CMDB, controlled by release management).
Definitive Media Library (DML) – (previously known as the DSL) the secure library in which
the definitive authorised versions of all media CIs are stored and protected. The DML should
include definitive copies of purchased software (along with license documents or information) as
well as software developed on site.
CMDB – Configuration Management Database.
Service asset and configuration management
Why have service asset and configuration management
This process ensures the integrity of service assets and configurations in order to support the
effective and efficient management of the IT organisation.
The main reason for configuration management is to gather the information needed (in a non-
duplicated manner) about the IT components and how they relate to each other. The reason for
this is to ensure that the relevant information is available for all the other processes to ensure that
detailed impact and risk analysis can take place.
The objectives of service asset and configuration management
..Account for all the IT assets and configurations within the organisation and its services
..Provide accurate information on configurations and their documentation to support all the
other service management processes
..Provide a sound basis for incident management, problem management, change management
and release management
..Verify the configuration records against the infrastructure and correct any exceptions
..Plan, identify, control, record, report, audit and verify service assets and configuration items
..Account for manage and protect the integrity of service assets and configuration items
throughout their lifecycle
..Provide accurate information to support business and service management
..Ensure the integrity of those items by creating and maintaining an accurate Configuration
Management System (CMS) as part of the Service knowledge management System (SKMS)
The value to the organisation of service asset and configuration management
Optimising the performance of service assets and configurations improves the overall service
performance and optimises the costs and risks caused by poorly managed assets, e.g. service
outages, fines, correct licence fees and failed audits. SACM provides visibility of accurate
representations of a service, release or environment that enables:
..Better forecasting and planning of changes
..Changes and releases to be assessed, planned and delivered successfully
..Incidents and problems to be resolved within the service level targets
..Service levels and warranties to be delivered
67
..Better adherence to standards, legal and regulatory obligations
..More business opportunities as able to demonstrate control of assets and services
..Changes to be traceable from requirements
The activities of service assets and configuration management
Configuration management planning
A configuration management plan should define:
..The purpose, scope and objectives of configuration management
..Related policies, standards and processes that are specific to the support group
..Configuration Management roles and responsibilities
..CI (Configuration Item) naming conventions
..The schedule and procedures for performing Configuration Management activities:
configuration identification, control, status accounting, configuration audit and
verification
..Interface control with third parties, e.g. Change Management, suppliers
..Configuration management systems design, including scope and key interfaces
Configuration identification
..CIs are the components used to deliver a service. The CIs include software, documentation
and SLA’s
..Also identify the relationship between CI’s and the attributes for every CI
Control of CI’s
The objective of configuration control is to ensure that only authorized and identifiable CI’s are
recorded in the CMDB upon receipt.
Configuration status accounting
..Status reports should be produced on a regular basis, listing, for all CI’s under control,
their current version and change history. Status accounting reports on the current,
previous and planned states of the CI’s should include:
Unique identifiers of constituent CI’s and their current status, e.g. under development,
under test, live
Configuration baselines, releases and their status
Latest software item versions and their status for a system baseline/application
The person responsible for status change, e.g. from under test to live
Change history/audit trail
Open problems/RFC’sU
Configuration verification and audit
..Service desk staff, while registering incidents, can do daily verification
..Configuration audits should be considered at the following times:
Shortly after implementation of a new configuration management system
Before and after major changes to the IT infrastructure
Before a software release or installation to ensure that the environment is as expected
68
Following recovery from disasters and after a return to normal (this audit should be
included in contingency plans)
At random intervals
..In response to the detection of any unauthorised CI’s
..At regular intervals
Configuration Management Database (CMDB)
..Backup, administration, housekeeping
Service validation and testing
Why have service validation and testing?
The goal of service validation and testing is to assure that a service will provide value to
organisation.
The underlying concept to which service validation contributes is quality assurance –
establishing that the service design and release will deliver a new or changed service or service
offering that is fit for the purpose and fit for use. Testing is a vital area within service
management and has often been the unseen underlying cause of what was taken to be
inefficient service management processes.
If services are not tested sufficiently then their introduction into the operational environment
will bring rise in:
..Incidents – failures in service elements and mismatches between what was wanted and what
was delivered impact on business support
..Service desk calls for assistance – services that are not functioning as intended are inherently
less intuitive causing higher support requirements
..Problems and errors – that are harder to diagnose in the live environment
..Costs – since errors are more expensive to fix in production than if found in testing
..Services – that are not used effectively by the users to deliver the desired value
The objectives of service validation and testing
The objectives are:
..Provide confidence that a release will create a new or changed service or service offerings
that deliver the expected outcomes and value for the customers within the projected costs,
capacity and constraints
..Validate that a service is fit for purpose – it will deliver the required performance with
desired constraints removed
..Assure a service is fit for use – it meets certain specifications under the specified terms and
conditions of use
..Confirm that the customer and stakeholder requirements for the new or changed service are
correctly defined, and remedy any errors or variances early in the service lifecycle as this is
considerably cheaper than fixing errors in production
The value to the organisation of service validation and testing
Service failures can harm the organisation and can result in outcomes such as:
..loss of reputation
69
..loss of money
..loss of time
The key value to the business and customers from service testing and validation is in terms of the
established degree of confidence that a new or changed service will deliver the value and
outcomes required of it and understanding the risks. Successful testing depends on all parties
understanding that it cannot give, indeed should not give, any guarantees but provides a
measured degree of confidence. The required degree of confidence varies depending on the
customer’s business requirements and pressures of an organisation.
The V model
The V Model concept of establishing acceptance requirements against the requirements and
design can apply, with each iterative design being considered for the degree of integrity and
competence that would justify release to the customer for trail and assessment.
The left hand side represents the specification of the service requirements down to the detailed
service design.
The right hand side focuses on the validation and test activities that are performed against the
specifications defined on the left hand side, there is direct involvement by the equivalent party on
the right hand side.
It shows that service validation and acceptance test planning should start with the definition of
service requirements, e.g. customers who sign off the agreed service requirements will also
sign off the service acceptance criteria and test plan.
The terminology of service validation and testing
Validation
70
The activity that ensures a new or changed IT service, process, plan or other deliverable meets
the needs of the business. Validation ensures that business requirements are met even though
these may have changed since the original design phase.
Acceptance
Formal agreement that an IT service, process, plan or other deliverable is complete, accurate
reliable and meets its specified requirements. Acceptance is usually preceded by evaluation or
testing and is often required before proceeding to the next stage of a project or process.
Test
The activity that verifies that a CI, IT service, process etc., meets its specification or agreed
requirements.
Evaluation
Responsible for assessing a new or changes IT service to ensure that risks have been managed
and to help determine whether to proceed with the change.
Fit for purpose
Describes whether the process, CI, IT service etc., is capable of meeting its objectives or service
levels.
Fit for use
Meets certain specifications under the specified terms and conditions of use.
71
Service Operationبرداری از خدمات . رح و توضیح مفاهیم مطرح در فرایند بهرهش .6
اند. کامال تحویل شده (value)ها و مقادیر عملیات سرویس بخشی از چرخه زندگی است، وقتی که سرویس
Service) و برقراری تعادل بین سرویس اطمینان بخش (Problems)مشکالت (Monitoring) همچنین ردگیری
reliability) است.و هزینه و غیره قابل ذکر و توجه
ی کاربران ها، برای هردو( سرویسagreed levelsتجربه موفق در گروی نائل شدن به تحویل سطوح موردپذیرش )
شود که برای دریافت یک سرویس بهایی را پرداخت کرده به کسی گفته می« مشتری»هاست )که نهایی و مشتری
( گفتگو کرده باشند(. عملیات SLA’s – Service Level Agreementنامه سطح سرویس )باشند و در مورد، توافق
اند. همچنین ردگیری شده( کامالً تحویلvalueیر )ها و مقادکه سرویسسرویس بخشی از چرخه زندگی است، وقتی
(Monitoring( مشکالت )Problemsو برقراری تعادل بین سرویس اطمینان )( بخشService reliability و )
این فرایند شامل موضوعات زیر است: ذکر و توجه است.هزینه و غیره قابل
زینه و برقراری تعادل بین اهداف برخوردی، مانند اطمینان، ه… (Balancing Confilicting Goals)
( مدیریت رخدادهاEvent Management)
( مدیریت وقایعIncident Management)
( مدیریت مشکالتProblem Management)
( تکمیل رخدادهاEvent Fulfillment)
مدیریت دارایی( هاAsset Management)
( سرویس خدماتService Desk)
مدیریت برنامه و ( تکنیکیTechnical and Application Management)
های کلیدی و مسئولیت کارکنان درگیر در عملیات سرویس )نقشkey roles and responsibilities for
staff engaging in Service Operationشوند.( می
های کاربردی، برنامه هدف از انجام خدمت ارائه سطوح توافق شده خدمت به کاربران و مشتریان و مدیریت
تنها در خالل این مرحله از چرخه عمر است که تکنولوژی و زیرساختی است که ارائه خدمات را پشتیبانی کند.
کنند و این مسئولیت افراد درگیر در انجام خدمت است که وکار منتقل میطور واقعی ارزش را به کسبخدمات به
د.از انتقال این ارزش اطمینان حاصل نماین
:شودبرای انجام خدمت بسیار مهم است که تناقض بین اهداف متعادل
72
وکاردیدگاه فناوری اطالعات داخلی در برابر دیدگاه کسب
)ثبات در برابر پاسخگویی )واکنش
کیفیت خدمت در برابر هزینه خدمت
های واکنشی در برابر کنشیفعالیت
مثال تمرکز بیش از حد روی یک جنبه عنوانل را حفظ کنند، بهبایست تعادبرای هریک از این تناقضات، افراد می
.می شوداز این تناقضات منتج به ارائه ضعیف خدمت
های حیاتی که دانند. سالمت عملیاتی عالمتها توجه به سالمت عملیاتی خدمات را مفید میبسیاری از سازمان
ها در محدوده نرمال باشند سیستم یا ه این عالمتکند. چنانچوکار شناسایی میبرای اجرای وظایف حیاتی کسب
ای که سازد تا روی زمینهخدمت سالمت هستند. این موضوع منجر به کاهش هزینه نظارت شده و افراد را قادر می
شوند، تمرکز کنند.منجر به موفقیت خدمت می
فرایند مدیریت رویداد
پیکربندی یا خدمت فناوری اطالعات دارای اهمیت یک رویداد، تغییر حالتی است که برای مدیریت یک بخش
.اندکنند و منجر به ثبت یک رخداد شدهدرستی عمل نمیدهد که بعضی چیزها بهیک رویداد نشان می است.
ست،اتفاقهامدیریت رویداد بستگی به نظارت دارد اما با آن متفاوت است. مدیریت رویداد ایجاد و تشخیص
ویداد دهی به یک رپاسخ کند.بررسی می ،اجزاء را حتی زمانی که رویدادی اتفاق نیفتاده که نظارت وضعیتدرحالی
ممکن است اتوماتیک بوده و یا دستی باشد.
فرایند انجام درخواست
یک درخواست خدمت، درخواست یک کاربر است برای اطالعات، راهنمایی یا برای یک تغییر استاندارد و یا برای
مت فناوری اطالعات.دسترسی به یک خد
این دارد را درخواست و دریافت نمایند، هدف از انجام درخواست این است که کاربران را قادر سازد خدمات استان
ها را برای کاربران و مشتریان تهیه های دستیابی به آناطالعات خدمات و روش. خدمات را تأمین و ارائه نماید
آوری نماید.نظرات را جمع ها واطالعات عمومی، شکایت. و نماید
73
بایست شامل تاییدات قبل از انجام درخواست آوری و پیگیری شود. فرایند میبایست جمعها میتمامی درخواست
باشد.
فرایند مدیریت دسترسی
منظور دسترسی به یک خدمت یا گروهی از خدمات، هدف از فرایند مدیریت دسترسی ارائه اجازه برای کاربران به
مدیریت دسترسی به مدیریت محرمانگی، شود.که از دسترسی کاربران فاقد مجوز جلوگیری مییدرحال
مدیریت دسترسی با هویت )اطالعات کند.پذیری و یکپارچگی داده و مالکیت معنوی کمک میدسترس
کند(. ارائه میکند( و حقوق )تنظیماتی که دسترسی به داده و خدمات را فردی که یک چیز را متمایز میمنحصربه
فرایند شامل تأیید هویت و حق، اعطای دسترسی به خدمات، ثبت و ردیابی دسترسی و برداشتن یا تعریف حقوق
کند.ها )ی کاربران( تغییر میکه وضعیت یا نقشهنگامی
فرایند مدیریت مشکل
شده نیست و فرآینداختهمشکل یک علت از یک یا چند رخداداست. علت معموالً در زمان ایجاد سابقه مشکل شن
مدیریت مشکل مسئول تحقیقات بیشتر است.
اهداف کلیدی مدیریت مشکل جلوگیری از وقوع رخدادها و مشکالت، حذف تکرار رخدادها و حداقل نمودن اثر
ها شد.توان مانع آنرخدادهایی که نمی
سازی راهکار است. مدیریت مشکل دهمدیریت مشکل شامل تشخیص علل رخدادها، تعیین راهکار و اطمینان از پیا
کند.ها و راهکارهای مناسب را حفظ میاطالعات پیرامون مشکالت و راه حل
ها و درخواست حلشوند، اما هدف درك علل، مستندسازی راهبندی میمشکالت با روشی مشابه رخدادها گروه
شده مستند می شوند تا ده خطای شناختهها در یک پایگاه داحلمنظور حل دائمی مشکالت است. راهتغییر به
کارایی و اثربخشی مدیریت رخداد را بهبود بخشد.
های معمول انجام خدمتفعالیت
داده شده قبلی نیست. این فعالیتها به شرح انجام خدمت شامل تعدادی فعالیت است که جزو پنج فرایند توضیح
زیر هستند:
74
جزای پیکربندی و اتخاذ اقدام اصالحی مناسبکنترل و نظارت: شناسایی وضعیت خدمات و ا
مدیریت کنسول / پل عملیات: یک نقطه هماهنگی مرکزی برای نظارت و مدیریت خدمات
های داده، واسط افزار، خدمات دایرکتوری، مرکز داده / ابزار و مدیریت زیرساخت: ذخیره، پایگاه…
تغییر، پیکربندی، نسخه و توسعه، دسترس های عملیاتی فرایندها از دیگر مراحل چرخه عمر:زمینه
…پذیری، ظرفیت، دانش، مدیریت استمرار خدمت و
نماید. معموالً پیشخوانفرد تماس برای تمام کاربران خدمت ارائه میپیشخوان خدمت یک نقطه مرکزی منحصربه
کند و یک رابط می های دسترسی را ذخیره و مدیریتهای خدمت و درخواستخدمت تمامی رخدادها، درخواست
دهد.های دیگر انجام خدمت ارائه میکاربری برای تمام فرایندهای و فعالیت
های خاص پیشخوان خدمت شامل موارد زیر است:مسئولیت
هابندی آنبندی و اولویتها، گروهثبت تمامی رخدادها و درخواست
تحقیق و تشخیص اولیه
که رضایت کاربر نحویها بهوفصل آنافزایش متناسب و حل ها،مدیریت چرخه عمر رخدادها و درخواست
جلب شود.
هارسانی به کاربران در خصوص وضعیت خدمات، رخدادها و درخواستاطالع
که برخی از آنها عبارتند از: های خدمت وجود دارددهی پیشخوانهای فراوانی برای ساختاردهی و سازمانراه
زیکی نزدیک به کاربران است.صورت فیپیشخوان خدمت محلی: به
ها سروکار داشته دهد افراد کمتری با حجم بیشتری از درخواستپیشخوان خدمت متمرکز: اجازه می
باشند.
های مختلف حضور دارند ولی از دید کاربران مانند یک تیم به پیشخوان خدمت مجازی: افراد در مکان
رسند.نظر می
های دیگری که در وسیله انتقال تماس به محلمانی مختلف بههای زهای خدمت در محدودهپیشخوان
کنند.ساعته خدمت ارائه می 24ساعت کاری هستند، پوشش
ITIL benefits within service operation
..Scalability – ITIL can be adapted for any size of organisation.
..Reduction in costs – ITIL has proven its value in reducing the overall cost of managing
services.
75
..Improved quality – ITIL helps improve the quality of IT services through sound
management practices.
..Alignment to standards – ITIL is well aligned to the ISO/IEC 20000 Standard for Service
Management.
..Return on Investment (ROI) – ITIL helps IT organisations demonstrate their return on
investment and measurable value to the business. This helps establish a business case for new
or continuing investment in IT.
..Seamless sourcing partnerships – outsourcing, often with multiple service providers, is
increasingly common today and ITIL is widely practised among industry service providers so
offers a common practice base for improved service chain management.
Considering cultural change
A small part of the implementation of service operation will be about process design. Most of the
challenge lies in cultural change and personal motivation of staff to use the end to end processes
as the better way to do deliver service.
Any change leads to feelings of vulnerability and loss of control. These feelings generally
manifest themselves through feelings of resistance. The most important thing in this stage of the
ITIL implementation is to keep the focus on the reason why your organisation needs ITIL service
management in the first place.
Some implementation pointers for implementing service operation
DO:
..Perform a feasibility study first
..Use what is already good in the organisation
..Take it slowly and concentrate on small steps and quick wins
..Appoint a strong project manager with end to end focus to drive the implementation
programme
..Keep in mind organisation change management issues
..Keep communicating WHY your organization needs this
..Measure your successes continuously
..Enjoy the milestones and share them with the IT group
DON’T:
..Try to mature all the processes at the same time
..Start with a tool
..Start without management commitment and/or budget
..ITILISE your organisation – it’s a philosophy, not an executable application
..Forget to adopt and adapt
..Rush; take your time to do it well
..Go on without a reason
..Ignore the positive activities already in place
76
The objectives of service operation
The main objective of service operation is to coordinate and carry out the activities and processes
required to deliver and manage services at agreed levels to business users and customers.
Service operation is also responsible for ongoing management of the technology that is used to
deliver and support services.
Well designed and well implemented processes will be of little value if day to day operation of
those processes is not properly conducted, controlled and managed; nor will service
improvements be possible if day to day activities to monitor performance, assess metrics and
gather data are not systematically conducted during service operation.
Other objectives include:
..Responsive stable services
..Robust end to end operational practices
..Business as usual – day to day
..Execution of processes and services
..Responsive and operational validation
..Realising value
..Achieving service excellence
Value to the organisation of service operation
The operation of service is where these plans, designs and optimisations are executed and
measured. From a customer viewpoint, service operation is where actual value is seen.
The scope of service operation
Services
All activities associated with operational services regardless of whether they are executed by the
service provider, a third party supplier or by users and customers.
Service management processes
Operational aspects of all processes whatever part of the lifecycle they originate from (e.g.
operational aspects of capacity and availability management).
Technology
Management of the technology delivering the services.
People
The people managing the services, processes and technology.
Achieving balance in service operation
Conflict arises because constant, agreed levels of service need to be delivered in a continually
evolving technical and organisational environment. Getting the balance wrong can mean services
are too expensive, unable to meet business requirements, or unable to respond in good time.
Potential areas of conflict are:
..Internal IT vs. external business views
77
..Stability vs. responsiveness
..Quality of service vs. cost of service
..Reactive vs. proactive
Service operation processes
There are five:
..Request fulfilment
..Incident management
..Problem management
..Access management
..Event management
Request fulfilment
Why have request fulfilment?
Request fulfilment is the process for dealing with service requests via the Service Desk, using a
process similar but separate to that of incident management. Request fulfilment records/tables
are linked, where necessary, to the incident or problem record(s) that initiated the need for the
request.
For a service request, it is normal for some prerequisites to be defined and met (e.g. needs to be
proven, repeatable, pre-approved and documented as a procedure).
These are viewed as standard changes – procurement, HR and other business units may assist/be
involved.
The objectives of request fulfilment
Request fulfilment is the process of dealing with service requests from the users.
78
The objectives of the request fulfilment process are:
..To provide a channel for users to request and receive standard services for which a
predefined approval qualification process exists
..To provide information to users and customers about the availability of services and the
procedure for obtaining them
..To source and deliver the components of requested standard services (e.g. licences and
software media)
..To assist with general information, complaints or comments
The scope of request fulfilment
The process needed to fulfil a request will vary depending upon exactly what is being requested
but can usually be broken down into a set of activities that have to be performed.
Requests can be handled through the incident management processes (and tools) – with service
requests being handled as a particular type of incident (using a high level categorisation system
to identify service requests). However, there is a significant difference – an incident is an
unplanned event whereas a service request is usually something that can and should be planned.
Where large numbers of service requests have to be handled, and where the actions to be taken to
fulfil those requests are specialised, it may be appropriate to handle service requests as a
completely separate work stream and to record and manage them as a separate record type.
The value to the organisation of request fulfilment
The value of request fulfilment is to provide quick and effective access to standard services,
which business staff can use to improve their productivity or the quality of organisation services
and products.
Request fulfilment effectively reduces the bureaucracy involved in requesting and receiving
access to existing or new services, thereby reducing the cost of providing these services.
The activities of request fulfilment
Menu selection – request fulfilment offers great opportunities for self help practices, where users
can generate a service request using technology links into service management tools. Ideally, users
should be offered a menu selection via a web interface, so that they can select and input details of
service requests from a predefined list.
Financial approval – one important step that is likely to be needed when dealing with a service
request is that of financial approval. Most requests will have some form of financial implication,
regardless of the type of commercial arrangements in place. The cost of fulfilling the request must
first be established. It may be possible to agree fixed prices for standard requests – and prior
approval for such requests may be given as part of the organisation’s overall annual financial
management. In all other cases, an estimate of the cost must be produced and submitted to the user
for financial approval. If approval is given, in addition to fulfilling the request, the process must
also include charging for the work done – if charging is in place.
Other approval – in some cases further approval may be needed – such as compliance related, or
wider business approval. Request fulfilment must have the ability to define and check such
approvals where needed.
79
Fulfilment – the actual fulfilment activity will depend upon the nature of the service request. Some
simpler requests may be completed by the Service Desk, acting as the first line of support, while
others have to be forwarded to specialist groups and/or suppliers for fulfilment. The Service Desk
will monitor and chase progress and keep users informed throughout, regardless of the actual
fulfilment source.
Closure – when the service request has been fulfilled it must be referred back to the Service
Desk for closure – the Service Desk will check that the user is satisfied with the outcome.
Incident management
Why have incident management?
Incident management is highly visible to the organisation, and it is therefore easier to demonstrate
its value than in most areas of service operation. For this reason, incident management is often one
of the first processes to be implemented in service management projects. The added benefit of
doing this is that incident management can be used to highlight other areas that need attention,
thereby providing a justification for implementing other ITIL processes.
The objectives of incident management
To restore normal service operation as quickly as possible and minimise the adverse impact of
the Incident on business operations, thus ensuring that the best possible levels of service quality
and availability are maintained.
Normal service operation is defined here as service operation within Service Level Agreement
limits.
The scope of incident management
Incident management includes any event which disrupts, or which could disrupt, a service. This
includes events which are communicated directly by users, either through the Service Desk or
through an interface from event management to incident management tools.
Incidents can also be reported and/or logged by technical staff (if, for example, they notice
something untoward with a hardware or network component they may report or log an incident
and refer it to the Service Desk). This does not mean, however, that all events are Incidents.
Many classes of event are not related to disruptions at all, but are indicators of normal operation
or are simply informational (see event management).
The value to the organisation of incident management
..The ability to detect and resolve Incidents which results in lower downtime for the
organisation, which in turn means higher availability of the service.
..The ability to align IT activity to real time business priorities. This is because incident
management includes the capability to identify business priorities and dynamically allocate
resources as necessary.
80
..The ability to identify potential improvements to services. This happens as a result of
understanding what constitutes an incident and also from being in contact with the activities
of business operational staff.
..The Service Desk can, during its handling of incidents, identify additional service or training
requirements found in IT or the business.
The activities of incident management
Incident identification and logging (Service Desk responsibility)
..Record basic details of the incident
..Alert specialist support group(s) as necessary
Categorisation, prioritisation and initial diagnosis
..Categorise incidents
..Assign impact and urgency, and thereby define priority
..Match against known errors and problems
..Inform problem management of the existence of new problems and of unmatched or multiple
incidents
..Assess related configuration details (daily verification)
..Provide initial support (assess Incident details, find quick resolution)
..Close the incident or route it to a specialist support group, and inform the user(s)
Investigation and diagnosis
..Assess the incident details
..Collect and analyse all related information, and resolve, (including any work around) or route
to online support
..Escalate (functionally or hierarchically) where necessary
Resolution and recovery
..Resolve the incident using the solution/work around or, alternatively, raise a request for
change (RFC) (including a check for resolution)
..Take recovery actions
Incident closure (Service Desk responsibility)
..When the Incident has been resolved, the Service Desk should ensure that:
Details of the action taken to resolve the incident are concise and readable
Classification is complete and accurate according to root cause
Resolution/action is agreed with the customer – verbally or, preferably, by email or in
writing
..All details applicable to the incident are recorded, such that:
The customer/user is satisfied
Cost centre project codes are allocated
The time spent on the incident is recorded
81
The person, date and time of closure are recorded
Note – service requests and major incidents have their own process
The incident management process diagram
The terminology of incident management
Incident – unplanned interruption to or reduction in quality of IT service
Functional escalation – escalation across IT to subject matter experts
Hierarchical escalation – involves more senior levels of management – usually for decision
making
Work around – a temporary fix for the incident
A major incident – an Incident which has high impact on the organisation and for which a
separate process exists
Problem management
Why have problem management?
Failure to halt the recurrence of incidents or understand the root cause of major incidents leads to
lost time, loss of productivity and frustrated users.
82
Effective problem management halts the recurrence of incidents and has benefits to the
individual and the organisation as a whole as it improves availability (up time) and user
productivity.
The objectives of problem management
The objective of problem management is to minimise the adverse impact of incidents and
problems on the business that are caused by errors within the IT infrastructure, and to prevent
recurrence of incidents related to these errors.
The scope of problem management
Problem management includes the activities required to diagnose the root cause of incidents and
to determine the resolution to the problems. It is also responsible for ensuring that the resolution
is implemented through the appropriate control procedures (change management).
Problem management will also maintain information about problems and the appropriate work
arounds and resolutions, so that the organisation is able to reduce the number and impact of
Incidents over time. In this respect problem management has a strong interface with knowledge
management, and tools such as the Known Error Database will be used for both. The Known
Error Database is a hugely effective tool at the Service Desk and is used in early resolution of
incidents.
Although incident and problem management are separate processes, they are closely related and
will typically use the same tools, and may use similar categorisation, impact and priority coding
systems. This will ensure effective communication when dealing with related incidents and
problems.
The value to the organisation of problem management
Problem management works together with incident management and change management to
ensure that IT service availability and quality are increased.
When incidents are resolved, information about the resolution is recorded. Over time, this
information is used to speed up the resolution time and identify permanent solutions, reducing
the number and resolution time of incidents. This results in less down time and less disruption to
business critical systems.
Additional value from problem management is derived from the following:
..Higher availability of IT services
..Higher productivity of business and IT staff
..Reduced expenditure on work arounds or fixes that do not work
..Reduction in cost of effort in fire fighting or resolving repeat incidents
The activities of problem management
Problem Management consists of two major processes:
..Reactive problem management – generally executed as part of service operation
..Proactive problem management – initiated in service operation, but generally driven as part
of continual service improvement
The reactive activities are:
83
Problem detection and problem logging
..Use incident guidelines for problem identification
..Other processes (e.g. availability, security) could log problems prior to incident occurring
Problem categorisation and prioritisation
..Categorise the problem by IT functional area
..Assess urgency and impact to assign priority
Problem investigation and diagnosis
..Assign to IT functional area for further investigation
Workarounds and raising a known error record
..In cases where a work around is found, it is important that the problem record remains open,
and details of the work around are documented within the problem record
..As soon as the diagnosis is complete, and particularly where a work around has been found
(even though it may not be a permanent resolution), a known error record must be raised
and placed in the Known Error Database, so that, if further incidents or problems arise, they
can be identified and the service restored more quickly
Problem resolution
..Problem record closed when known error located and work around identified
Problem closure
..Problem record closed when known error located and work around identified
The proactive activities are:
Major problem review and errors detected in the development environment
After every major problem, and while memories are still fresh, a review should be conducted to
learn any lessons for the future. Specifically the review should examine:
..Those things that were done correctly
..Those things that were done wrongly
..What could be done better in the future
..How to prevent recurrence
..Whether there has been any third party responsibility and whether follow up actions are
needed
Such reviews can be used as part of training and awareness activities for staff – any lessons
learned should be documented in appropriate procedures, working instructions, diagnostic scripts
or known error records.
Tracking and monitoring
The Service Desk Manager owns/is accountable for ALL incidents. Tracking and monitoring
takes place throughout all of the other activities.
84
Trend analysis
..Review reports from other processes (e.g. incident management, availability management,
change management)
..Identify recurring problems or training opportunities.
Targeting preventative action
..Perform a cost benefit analysis of all costs associated with prevention.
..Target specific areas taking up most attention.
The terminology of problem management
Problem – unknown, underlying cause of incident(s)
Known error – known, underlying cause of incident(s) and a work around identified
Work around – temporary resolution
Proactive problem management – removal of current/potential errors before they cause
problems
Access management
Why have access management?
Access management is the process of granting authorised users the right to use a service, while
preventing access to non-authorised users. It is, therefore, the execution of policies and actions
defined in information security and availability management.
The objectives of access management
..Protecting Confidentiality, Integrity and Availability (CIA), sometimes know as Rights
Management or Identity Management (removing access when people change roles or jobs
and regularly auditing access permissions to ensure they are correct)
..Security incidents and problems related to access management will be discreetly recorded
The scope of access management
Access management is effectively the execution of both availability and information security
management, in that it enables the organisation to manage the confidentiality, availability and
integrity of the organisation’s data and intellectual property.
Access management ensures that users are given the right to use a service, but it does not ensure
that this access is available at all agreed times – this is provided by availability management.
Access management can be initiated by a service request through the Service Desk.
The value to the organisation of access management
Access management provides the following value:
..Controlled access to services ensures that the organisation is able to maintain more
effectively the confidentiality of its information
..Employees have the right level of access to execute their jobs effectively
85
..There is less likelihood of errors being made in data entry or in the use of a critical service by
an unskilled user (e.g. production control systems)
..The ability to audit use of services and to trace the abuse of services
..The ability more easily to revoke access rights when needed – an important security
consideration
..May be needed for regulatory compliance
The activities of access management
Requesting access – access can be requested using one or any number of mechanisms, for
example:
..A standard request
..A request for change
..A service request (submitted via the request fulfilment system)
..Executing a pre-authorised script or option
..Rules for requesting access are normally documented as part of the service catalogue
Verification – access management needs to verify every request for access to an IT service from
two perspectives:
..That the user requesting access is who they say they are
..That they have a legitimate requirement for that service
Providing rights – access management does not decide who has access to which IT services.
access management executes the policies and regulations defined during service strategy and
service design. Access management enforces decisions to restrict or provide access, rather than
making the decision. As soon as a user is verified, access management will provide that user with
rights to use the requested service. In most cases this will result in a request to every team or
department involved in supporting that service to take the necessary action. Ideally, these tasks
should be automated.
Monitoring identity status – as users work in the organisation, their roles change as do their
needs to access services, e.g. job changes, promotions/demotions, resignation or death. Access
management should understand and document the typical user lifecycle for each type of user and
use it to automate the process. Access management tools should provide features that enable a
user to be moved from one state to another or from one group to another, easily and with an audit
trail.
Logging and tracking access – access management should not only respond to requests. It is
also responsible for ensuring that the rights that have been provided are being properly used.
Information security management plays a vital role in detecting unauthorized access and
comparing it with the rights that were provided by access management. Access management may
also be required to provide a record of access for specific services during forensic investigations.
If a user is suspected of breaches of policy, inappropriate use of resources, or fraudulent use of
data, access management may be required to provide evidence of dates, times and even content
of that user’s access to specific services.
Removing or restricting rights – Just as access management provides rights to use a service, it
is also responsible for revoking those rights. Again, this is not a decision that it makes on its
86
own. Access management will execute the decisions and policies made during service strategy
and design and also decisions made by managers within the organisation. Removing access is
usually done in the following circumstances:
..Death
..Resignation
..Dismissal
..User has changed roles etc.
The terminology of access management
Access – refers to the level and the extent of a service’s functionality or data to which a user is
entitled.
Identity – refers to the information about the user that distinguishes them as an individual and
which verifies their status within the organisation. By definition, the identity of a user is unique
to that user.
Rights – (also called privileges) refer to the actual settings whereby a user is provided access to
a service or group of services. Typical rights, or level of access, include read, write, execute,
change and delete.
Service or service groups – most users do not use only one service, and users performing a
similar set of activities will use a similar set of services. Instead of providing access to each
service for each user separately, it is more efficient to be able to grant each user, access to the
whole set of services that they are entitled to use at the same time.
Directory services – refers to a specific type of tool that is used to manage access and rights.
Event management
Why have event management?
An event can be defined as any detectable or discernable occurrence that has significance for the
management of the IT infrastructure or the delivery of IT service, and evaluation of the impact a
deviation might cause to the service. Events are typically notifications created by an IT service,
configuration item or monitoring tool. Effective service operation is dependent on knowing the
status of the infrastructure and detecting any deviation from normal or expected operation. This
is provided by good monitoring and control systems, which are based on two types of tools:
..Active monitoring tools that poll key configuration items to determine their status and
availability. Any expectations will generate an alert that needs to be communicated to the
appropriate tool or team for action
..Passive monitoring tools that detect and correlate operational alerts or communications
generated by configuration items
The objectives of event management
To provide the entry point for the execution of many service operation processes and activities.
In addition, it provides a way of comparing actual performance and behaviour against design
standards and Service Level Agreements.
Other objectives:
..Provides the ability to detect, interpret and initiate appropriate action for events
87
..Is the basis for operational monitoring and control and the entry point for many service
operation activities
..Provides operational information as well as warnings and exceptions to aid automation
..Supports continual service improvement activities of service assurance and reporting
“A change of state that has significance for the management of a configuration item or IT
service”
The scope of event management
Event management can be applied to any aspect of service management that needs to be
controlled and which can be automated. These include:
..Configuration Items:
Some configuration items will be included because they need to stay in a constant
state
Some configuration items will be included because their status needs to change
frequently and event management can be used to automate this and update the
configuration management system
..Environmental conditions (e.g. fire and smoke detection)
..Software licence monitoring for usage to ensure optimum/legal licence utilisation and
allocation
..Security (e.g. intrusion detection)
..Normal activity (e.g. tracking the use of an application or the performance of a server)
The value to the organisation of event management
Event management’s value to the organisation is generally indirect; however, it is possible to
determine the basis for its value as follows:
88
..Event management provides mechanisms for early detection of incidents. In many cases, it is
possible for the incident to be detected and assigned to the appropriate group for action
before any actual service outage occurs.
..Event management makes it possible for some types of automated activity to be monitored by
exception – thus removing the need for expensive and resource – intensive, real time
monitoring, while reducing down time.
..When integrated into other service management processes (such as, for example, availability
or capacity management), event management can signal status changes or exceptions that
allow the appropriate person or team to respond promptly, thus improving the performance
of the process. This, in turn, will allow the business to benefit from more effective and
more efficient service management overall.
..Event management provides a basis for automated operations, thus increasing efficiencies
and allowing expensive human resources to be used for more innovative work, such as
designing new or improved functionality or defining new ways in which the business can
exploit technology for increased competitive advantage.
The activities of event management
Event occurs – events occur continuously, but not all of them are detected or registered. It is
therefore important that everybody involved in designing, developing, managing and supporting
IT services and the IT infrastructure that they run on understands what types of event need to be
detected.
Event notification – most configuration items are designed to communicate certain information
about themselves in one of two ways:
..A device is interrogated by a management tool, which collects certain targeted data. This is
often referred to as polling.
..The configuration item generates a notification when certain conditions are met. The ability
to produce these notifications has to be designed and built into the configuration item, for
example, a programming hook inserted into an application.
Event detection – once an event notification has been generated, it will be detected by an agent
running on the same system, or transmitted directly to a management tool specifically designed
to read and interpret the meaning of the event.
Event filtering – the purpose of filtering is to decide whether to communicate the event to a
management tool or to ignore it. If ignored, the event will usually be recorded in a log file on
the device, but no further action will be taken.
Significance of events – every organisation will have its own categorisation of the significance
of an event, but it is suggested that at least these three broad categories be represented:
..Informational: this refers to an event that does not require any action and does not represent
an exception. They are typically stored in the system or service log files and kept for a
predetermined period
..Warning: a warning is an event that is generated when a service or device is approaching a
threshold warnings are intended to notify the appropriate person, process or tool so that the
situation can be checked and appropriate action taken to avoid an exception
..Exception: an exception means that a service or device is currently operating abnormally.
Typically this means that an Operating Level Agreement or Service Level Agreement has
89
been breached and the business has been impacted. Exceptions could represent a total
failure, impaired functionality or degraded performance.
Event correlation – if an event is significant, a decision has to be made about exactly what the
significance is and what actions need to be taken to deal with it. It is here that the meaning of the
event is determined.
Trigger – if the correlation activity recognises an event, a response will be required. The
mechanism used to initiate that response is also called a trigger. There are many different types
of triggers, each designed specifically for the task it has to initiate. Some examples:
..Incident triggers that generate a record in the incident management system
..Change triggers that generate an request for change
..A trigger resulting from an approved request for change that has been implemented but
caused the event, or from an authorised change that has been detected
..Scripts that execute specific actions
..Paging systems that will notify a person or team of an event
..Database triggers that restrict access of a user to specific records or fields, or that create or
delete entries in the database
Response selection – at this point of the process, there are a number of response options
available:
..Event logged – there will be a record of the event and any subsequent actions.
..Auto response – some events are understood well enough that the appropriate response has
already been defined and automated. This is normally a result of good design or previous
experience (within problem management). The trigger will initiate the action and then
evaluate whether it was completed successfully. If not, an incident or problem record will
be created. Examples of auto responses include: rebooting a device, restarting a service,
locking a device or application to protect it against unauthorised access.
..Alert and human intervention – if the event requires human intervention, it will need to be
escalated. The purpose of the alert is to ensure that the person with the skills appropriate to
deal with the event is notified. The alert will contain all the information necessary for the
person to determine the appropriate action.
..Incident, problem or change? Some events will represent a situation where the appropriate
response will need to be handled through the incident, problem or change management
process.
..Open a request for change.
..Open an incident record – as with a request for change an incident can be created as soon as
an exception is detected, or when the correlation engine determines that a specific type or
combination of events represents an incident.
..Open or link to a problem record – it is rare for a problem record to be opened without related
incidents. In most cases this step refers to linking an incident to an existing problem record.
This will assist the problem management teams to reassess the severity and impact of the
problem, and may result in a changed priority to an outstanding problem.
..Special types of incident – in some cases an event will indicate an exception that does not
directly impact any IT service, e.g. unauthorized entry to a data centre. In this case the incident
will be logged using an incident model that is appropriate for this type of exception, e.g. a
security incident. The incident should be escalated to the group that manages that type of
90
incident. As there is no outage, the incident model used should reflect that this was an
operational issue rather than a service issue. These incidents should not be used to calculate
downtime, and can in fact be used to demonstrate how proactive IT has been in making services
available.
Review actions – as thousands of events are generated on a daily basis, it is not possible to
review every one. However, it is important to check that any significant events or exceptions
have been handled appropriately, or to track trends or counts of event types, etc. In many cases
this can be done automatically.
Close event – Some events will remain open until a certain action takes place, for example, an
event that is linked to an open incident. However, most events are not opened or closed.
Informational events are simply logged and then used as input to other processes, such as backup
and storage management. Auto response events will typically be closed by the generation of a
second event. For example, a device generates an event and is rebooted through auto response –
as soon as that device is successfully back online, it generates an event that effectively closes the
loop and clears the first event.
The event management process
The terminology of event management
Event – a change of state that has significance for the management of a configuration item or IT
service.
91
Trigger – an indication that some action or response to an event may be needed.
Alert – a warning that a threshold has been reached or something has been changed. (An event
has occurred).
Service operation functions
..Service Desk (see separate documents)
..Technical management
..Applications management
..IT operations management
The technical management function
Why have a technical management function?
As the custodian of technical knowledge and expertise related to managing the IT infrastructure,
the technical management function provides detailed technical skills and resources needed to
support the ongoing operation of the IT infrastructure. Technical management also plays an
important role in providing the actual resources to support the IT service management lifecycle,
and ensures resources are effectively trained and deployed to design, build, transition, operate
and improve the technology to deliver and support IT services.
92
The objectives of the technical management function?
Help plan, implement and maintain a stable technical infrastructure to support the organisation’s
business processes through:
..Well designed and highly resilient, cost effective topology
..The use of adequate technical skills to maintain the technical infrastructure in optimum
condition
..Swift use of technical skills to speedily diagnose and resolve any technical failures that occur
Technical management groups:
..Act as guardians of technical knowledge and expertise relating to the Infrastructure
..Hold knowledge of designing, testing, building, managing and improving IT services
..Provide resources to assist in IT service management lifecycle
..Ensure these resources are trained and deployed to design, build, transition operate and
improve the technology to support IT
..Design a resilient, cost effective infrastructure configuration
..Maintain the infrastructure
..Provide support during technical failures
93
The activities of the technical management function
In all but the smallest organisations, where a single, combined team may suffice, separate teams
will be needed for each type of infrastructure being used. In many organisations the technical
management teams are also responsible for the daily operation of a subset of the IT
infrastructure.
Technical management will provide guidance to IT operations about how best to carry out the
ongoing operational management of technology. This will partly be provided during the service
design process, but there will also be everyday communication with IT operations, as they seek
to achieve stability and optimum performance.
The technical management function will be made up of specialist technical architects and
designers (primarily involved during the service design phase) and specialist maintenance and
support staff (primarily involved in the service operation phase).
Technical teams are usually aligned to the technology they manage and can include operational
activities.
Examples:
..Mainframe management
..Server management
..Internet/web management
..Network management
..Database administration
..Desktop support
.Middleware
..Storage
The application management function
Why have the application management function?
Application management is responsible for managing applications throughout their lifecycle.
By supporting and maintaining operational applications, applications management plays an
important role in the design, testing and improvement of applications that form part of IT services.
94
Applications management supports the business processes by:
..Identifying functional and manageability requirements
..Assisting in design and deployment
..Providing ongoing support and improvement
Objectives are achieved by:
..Good design of resilient and cost effective applications
..Functionality to meet the business requirements
..Technical skills being available to ensure applications perform optimally and any incidents
are resolved in good time
The objectives of the application management function
Application management ensures that resources are effectively trained and deployed to design,
build, and transition, operate and improve the technology required to deliver and support IT
services.
By performing this role, application management is able to ensure that the organisation has
access to the right type and level of human resources to manage applications, and therefore meets
95
business objectives. This starts in service strategy and is expanded in service design, tested in
service transition and refined in continual service improvement.
Application management:
..Is responsible for applications throughout their lifecycle
..Ensures appropriate roles – Applications Managers/Team Leaders, Applications
Analysts/Architects
..Ensures availability of functionality
..Maintains operational applications
..Provides support during application failures
The activities of the application management function
While most application management teams are dedicated to specific applications or sets of
applications, there are a number of activities which they have in common, for example:
..Identifying the knowledge and expertise required to manage and operate applications in the
delivery of IT services
..Initiating training programs to develop and refine the skills in the appropriate application
management resources and maintaining records for these resources
..Recruiting or contracting resources with skills that cannot be developed internally, or where
there are insufficient numbers of staff to perform the required activities
..Designing and delivering end user training
..Researching and developing solutions that can help expand the service portfolio
..Ensuring all system documentation is up to date and complete and that relevant staff are
familiar with the contents etc.
The IT operations management function
Why have the IT operations management function
IT operations is the function responsible for the daily operational activities needed to manage the
IT infrastructure. This is done according to the performance standards defined during service
design.
In some organisations this is a single, centralised team, while in others some activities and staff
are centralised and some are provided by distributed and specialized departments.
The objectives of IT operations management
..Responsible for the day to day running of the IT infrastructure
..As per performance standards created in service design
..Maintaining the status quo to achieve infrastructure stability
..Identifying opportunities to improve operational performance and save costs
..Initial diagnosis and resolution of operational incidents
96
The activities of the IT operations management function
IT operations management has two unique functions, which are usually organised in the
following structure:
IT operations control: generally staffed by shifts of operators, ensures that routine operational
tasks are carried out. Also provides centralised monitoring and control activities, usually using
an Operations Bridge or Network Operations Centre, e.g. console management, job scheduling,
backup and restore etc.
Facilities management: management of the physical IT environment, usually data centres or
computer rooms. In some organisations, many physical components have been outsourced and
facilities management may include the management of the outsourcing contracts, e.g. data
centres, recovery sites, contracts etc.
97
Continual service improvementشرح و توضیح مفاهیم مطرح در فرایند بهبود مستمر . .7
، برای تغییر نیازهای تجاری، بوسیله IT هایهدف بهبود مداوم سرویس، مرتب سازی و مرتب سازی دوباره سرویس
.کنندپشتیبانی مییی است که فرآیند تجاری را IT هایتعریف و پیاده سازی بهبودها در سرویس
شود )به آن دلیل که به منظور تغییر نیازهای تجاری انجام می IT هایمرتب سازی و مرتب سازی دوباره سرویس
شود(. هدف بهبود مداوم سرویس، مرتب سازی و مرتب ثبات، باعث رو به زوال رفتن موسسه و یا تنزل آن می
یهاتجاری، بوسیله تعریف و پیاده سازی بهبودها در سرویس ، برای تغییر نیازهایIT هایسازی دوباره سرویس
IT دورنمای بهبود مداوم سرویس در بهبودها، دورنمای تجاری .کنندیی است که فرآیند تجاری را پشتیبانی می
خواهد تاثیرات فرآیندها، بازدهی و هزینه موثر کیفیت سرویس است، حتی با اینکه بهبود مداوم سرویس، می
را در تمامی طول چرخه حیاتشان بهبود ببخشد. بر اساس بهبود مدیریت، بهبود مداوم سرویس IT هایفرآیند
.باید بصورت کامال روشن و واضح، تعریف کند که چه چیزی باید کنترل و اندازه گیری شود
رو ال به پیشبهبود مداوم سرویس باید مانند سایر تجربیات موفق عمل شود. آنها نیازمند یک برنامه ریزی با
(upfront )ها براساس ها، نسبت دادن به خود، و فعالیت، آموزش و اطالع رسانی، زمان بندی مداوم، ایجاد نقش
ها، های تعریف شده، ورودیشوند. بهبود مداوم سرویس باید مانند فرآیندها با فعالیتمیزان موفقیت شناسایی می
.و زمان بندی شود ها برنامه ریزیها و گزارشها، نقشخروجی
( با حفظ ارزش برای مشتری از طریق ارزیابی مستمر و بهبود کیفیت خدمات و بلوغ CSIبهبود مستمر خدمت )
و فرایندهای مربوطه است. 15ITSMکلی چرخه عمر خدمت
CSI رحله مهای مدیریت کیفیت، مدیریت تغییر و بهبود قابلیت، کار برای بهبود هر ها و روشها، شیوهمسئولیت
نماید.های مرتبط ترکیب میدر چرخه عمر خدمت و نیز خدمات جاری، فرایندها و تکنولوژی و فعالیت
CSI ها این مفهوم فراتر از مرحله بحث نرفته است. برای بسیاری از مفهوم جدیدی نیست، اما برای بیشتر سازمان
در قالب یک پروژه مطرح CSIگذارد می وکارکه چیزی شکست خورده و اثر جدی بر کسبها، هنگامیسازمان
شود. طور کامل به دست فراموشی سپرده میکه مورد حل شد این مفهوم تا مشکل بزرگ بعدی بهشود. هنگامیمی
سازمانی جای در فرهنگ CSIبایست های گسسته با زمان محدود هنوز هم نیاز هستند، اما برای موفقیت میپروژه
لیت روتین دربیاید.صورت فعاداده شده و به
15 IT service management
98
منظور شناسایی و مدیریت بهبودهای نشان داده شده است راهی برای یک سازمان به 3که در شکل CSIمدل
وکار( جاری خود با اهداف و مقاصد بلندمدتشان شده به کسبسازی موقعیت و ارزش )ارائهوسیله شفافمناسب به
شده است کند. این مهم بر اساس استمرار انجامی( ارائه میو شناسایی فواصل موجود )بین اهداف و وضعیت جار
وکار، تکنولوژی و اطمینان از حفظ کیفیت باال را اداره کند.های کسبتا تغییرات در نیازمندی
مدل بهبود مستمر خدمات- 3شکل
برای شناسایی روند و دار، تحلیل این دادهاآوری دادهای معنیگامی مراحل موردنیاز برای جمع 7فرایند بهبود
دهد.سازی بهبودها را پوشش میها و پیادهها و توافق رو آنبندی آنمشکالت، ارائه اطالعات برای مدیریت و اولویت
( 4) شکل
99
گامی ۷فرایند بهبود مستمر -4شکل
احی خدمت است.شده در استراتژی خدمت و طرهر گام متأثر از اهداف استراتژیک، تاکتیکی و عملیاتی تعریف
شود سنجش باید آنچه – 1گام
ایست بطور کامل اهداف سازمانی را پشتیبانی نماید. میها تعریف شود که بهگیریای از اندازهبایست مجموعهمی
ها نظر از اینکه آیا در حال حاضر دادهتمرکز روی تعریف آنچه برای دستیابی کامل اهداف نیاز است، باشد صرف
ستند.در دسترس ه
تعریف آنچه می توان اندازه گیری کرد -2گام
100
توانند سنجش کنند دارند، اما تشخیص این هایی در آنچه واقعاً میها دریابند که محدودیتممکن است سازمان
های موجود و مخاطراتی که ممکنات منتج به آن شوند بسیار مفید خواهد بود.فاصله
جام طور ایدئال به آن نیاز است، انتوان سنجش کرد و آنچه بهجش شده یا میتحلیل فاصله باید بین آنچه امروز سن
وکار، مشتریان و مدیر فناوری اطالعات گزارش داده شود. تواند متعاقباً به کسبها و پیامدها میشود. این فاصله
های جدید در برخی مراحل نیاز باشد.سازیممکن است ابزارها و سفارشی
داده گردآوری – 3گام
ت بایسدهد. ترکیبی از ابزارهای نظارت و فرایندهای دستی میآوری و نظارت بر داده را پوشش میاین مرحله جمع
شده، به کار گرفته شوند.های تعریفهای موردنیاز برای سنجشآوری دادهمنظور جمعبه
فرایند، ابزار، سازمان یا است؛ بنابراین نظارت روی اثربخشی خدمت، CSIکیفیت، هدف کلیدی نظارت برای
تواند برای سطح خدمت موجود یا ( دارد. تأکید روی شناسایی بهبودهایی است که میCIهای پیکربندی )بخش
ها، اجرا شود.حلوسیله تشخیص استثناها و راهطور عمومی بهعملکرد فناوری اطالعات، به
داده پردازش – 4گام
طورمعمول تهیه یک دیدگاه انتها به انتها از عملکرد خدمات شود، بهدازش میهای خام به فرمت موردنیاز پرداده
که نظارت و شود. درحالیاست که اغلب نادیده گرفته می CSIپردازش داده یک فعالیت مهم و یا فرایندها.
ی آوری داده روی یک جزء زیرساختی منفرد مهم است، نکته کلیدی درك این موضوع است که اجزا، روجمع
تر تأثیرگذارند.خدمت فناوری اطالعات زیرساخت بزرگ
داده تحلیل – ۵گام
کند.تبدیل می-از رویدادهای تأثیرگذار بر سازمان -تحلیل داده، اطالعات را به دانش
منظور پاسخ به سؤاالت زیر تحلیل شوند:توانند بهشود، نتایج میکه داده به اطالعات پردازش میهنگامی
ایم؟اف رسیدهآیا به اهد
آیا روندهای واضحی وجود دارد؟
آیا اقدامات اصالحی نیاز است؟ هزینه آن چقدر است؟
اطالعات از استفاده و ارائه – ۶گام
101
تواند در فرمتی که فهمش ساده است ارائه شود و به کسانی که اطالعات را دریافت حاال دستاورد این دانش می
تراتژیک، تاکتیکی و عملیاتی اتخاذ کنند. الزم است اطالعات در سطح درست دهد تصمیمات اسکنند اجازه میمی
بایست ارزش ارائه کند، توجه به استثنائات و راه درست برای مخاطبان در نظر گرفته شده، ارائه شود. این گام می
شده اند.برای خدمت و برجسته کردن تمامی منافعی که طی یک دوره زمانی شناسایی
وکار و ترجمه معیارهای بایست بیش از پیش زمان برای فهم اهداف کسبر فناوری اطالعات میدر حال حاض
منظور بازگرداندن یک اثر در برابر این اهداف صرف نماید.فناوری اطالعات به
بایست گزارش شوند. یک اند، اخبار خوب نیز میها بر تمرکز روی عملکرد ضعیف متمایلاگرچه بیشتر گزارش
که روندهای بهبود رانشان دهد بهترین حامل بازاریابی خدمات فناوری اطالعات است. گزارش
اصالحی اقدام سازیپیاده – ۷گام
ها ها و تکنولوژیسازی، بهبود و اصالح خدمات، فرایندها و تمامی دیگر فعالیتدستاورد این دانش برای بهینه
بایست به سازمان شناسانده و ابالغ شوند.نیاز هستند می کاربرد دارد. اقدامات اصالحی که برای بهبود خدمت
CSI های خود را بر های بهبود را شناسایی خواهد کرد و یک سازمان نیاز خواهد داشت اولویتبسیاری از فرصت
های در دسترسش تعیین نماید.اساس اهداف و منابع و سرمایه
چهار دلیل اساسی برای نظارت و سنجش وجود دارد:
یق تصمیمات اتخاذشده قبلی.تصد
ترین دلیل برای نظارت و سنجش استشده. این شایعمنظور دستیابی به اهداف تعیینها بههدایت فعالیت.
.توجیه اینکه یک دوره از اقدامات موردنیاز است، با دلیل و مشاهده واقعی
.مداخله در مقطع مناسب و انجام اقدام اصالحی
همچنین دیگر CSIهای منظور پشتیبانی فعالیتآوری بهکه یک سازمان برای جمعسه نوع معیار وجود دارد
های فرایند نیاز دارد.فعالیت
های کاربردی بر اساس معیارهایی مانند کارایی، معیارهای تکنولوژیکی: اغلب همراه با اجزا و برنامه
هستند. پذیریدسترس
معیارهای فرایندی: در قالب عوامل اصلی موفقیت (CSFsو شاخص )( های کلیدی عملکردKPIs )
اند.شدهگنجانده
.معیارهای خدمت: نتایج خدمت انتها به انتها
102
الزم است یک چارچوب سنجش شوند.معیارهای اجزا/تکنولوژیکی برای محاسبه معیارهای خدمت استفاده می
آوری نماید و گزارش را تعریف و جمع های خام موردنیازخدمت یکپارچه به اجرا گذاشته شود تا معیارها و داده
دهی و تفسیر از داده را پشتیبانی کند.
گزارش خدمات
وکار توسط فناوری اطالعات تطبیق و نظارت توجه ای از داده در تحویل روزانه خدمت کیفی به کسبمقدار قابل
د منوکار عالقهار است. کسبوکشود، اما فقط زیرمجموعه کوچکی موردعالقه و دارای اهمیت واقعی برای کسبمی
به دیدن نمایشی از پیشینه عملکرد دوره گذشته است تا تجاربش را به تصویر بکشد، اما بیشتر با رویدادهایی
سروکار دارند که در ادامه به تهدید بدل شوند و چطور فناوری اطالعات قصد کاهش این تهدیدات را دارد.
اجرا کند. فناوری اطالعات نیاز دارد یک روش قابلکفایت نمی SLAندی به هایی مبنی بر نمایش پایبارائه گزارش
کار انجام داده، چگونه فناوری داده است، فناوری اطالعات چهمثال چه اتفاق رخعنوانبرای گزارش دهی بسازد، به
ئه خدمت عمل اطالعات عدم تأثیر آن را تضمین خواهد کرد و فناوری اطالعات چگونه برای بهبود عمومی ارا
کند.می
کند مفاهیمی برای فناوری اطالعات به بازار مشخصات گزارشی که روی آینده به همان شدت گذشته تمرکز می
وکار منطبق شده است.درستی با تجارب مثبت و منفی کسبدهد که پیشنهادهایش بهارائه می
های کلیدیها و نقشمسئولیت
در یک سازمان است، بیشتر جزئیات بهبود مرتبط با کار در CSIهای عالیتمسئول تمامی ف CSIکه مدیر مادامی
های چرخه عمر پیش برده شده است.هر یک از مراحل، فرایندها و فعالیت
The objectives of continual service improvement
Service improvement must focus on increasing the efficiency, maximizing the effectiveness and
optimising the cost of services and the underlying IT service management processes. The only way
to do this is to ensure that improvement opportunities are identified throughout the entire service
lifecycle.
The primary purpose of Continual Service Improvement (CSI) is to continually align and re-align
IT services to the changing business needs by identifying and implementing improvements to IT
services that support business processes.
CSI looks for ways to improve process effectiveness, efficiency and cost effectiveness.
Other objectives include:
103
..Review, analyse and make recommendations on improvement opportunities in each lifecycle
phase:
Service strategy
Service design
Service transition
Service operation
and CSI itself!
..Identify and implement individual activities to improve IT service quality and improve the
efficiency and effectiveness of enabling ITSM processes
..Improve cost effectiveness of delivering IT services without sacrificing customer satisfaction
..Ensure applicable quality management method is used
The scope of continual service improvement
There are three main areas that CSI needs to address:
The overall health of IT service management as a discipline
The continual alignment of the portfolio of IT services with the current and future business needs
The maturity of the enabling IT processes for each service in a continual service lifecycle model
The activities of continual service improvement
..Reviewing management information and trends to ensure that services are meeting agreed
service levels
..Reviewing management information and trends to ensure that the output of ITSM processes
are achieving the desired results
..Conducting maturity assessments against the process activities and roles to highlight areas of
improvement or concern
..Conducting internal audits verifying compliance
..Conducting external and internal service reviews to identify CSI opportunities
..Reviewing analysed data
..Presenting recommendations to senior management for improvement
..Helping prioritise improvement opportunities
..Leading managing and delivering cross functional and cross divisional improvement projects
..Building effective relationships with the business and IT senior managers
..Influencing all levels of management to ensure that service improvement activities are receiving
the necessary support and are resourced sufficiently to implement solutions
The Deming Cycle
“Improve constantly, and forever” (W. Edwards Deming)
W. Edwards Deming is best known for his management philosophy leading to higher quality,
increased productivity, and a more competitive position. As part of this philosophy, he
formulated 14 points of attention for managers. Some of these points are more appropriate to
service management than others. For quality improvement, he proposed the Deming Cycle or
Circle. This Cycle is particularly applicable in CSI. The four key stages of the Cycle are Plan,
Do, Check and Act, after which a phase of consolidation prevents the Circle from rolling back
104
down the hill. Our goal in using the Deming Cycle is steady, ongoing improvement. It is a
fundamental tenet of continual service improvement.
..Plan = Project plan
..Do = Project
..Check = Audit
..Act = Actions arising
105
The continual service improvement model
As the above figure shows, there are many opportunities for CSI. The figure also illustrates a
constant cycle for improvement. The improvement process can be summarised in six steps:
. Embracing the vision by understanding the high level business objectives. The vision should
align the business and IT strategies
. Assessing the current situation to obtain an accurate, unbiased snapshot of where the
organisation is right now. This baseline assessment is an analysis of the current position in
terms of the business, organisation, people, process and technology
. Understanding and agreeing on the priorities for improvement based on a deeper development
of the principles defined in the vision
. Detailing the CSI plan to achieve higher quality service provision by implementing IT service
management processes
. Verify that measurements and metrics are in place to ensure that milestones were achieved,
process compliance is high, and business objectives and priorities were met by the level of
service
. Finally, the process should ensure that the momentum for quality improvement is maintained
by assuring that changes become embedded in the organisation
106
Continual service improvement process
Why measure?
There are four reasons to monitor and measure:
To validate – monitoring and measuring to validate previous decisions
To direct – monitoring and measuring to set direction for activities in order to meet set targets. It
is the most prevalent reason for monitoring and measuring
To justify – monitoring and measuring to justify, with factual evidence or proof, that a course of
action is required
To intervene – monitoring and measuring to identify a point of intervention including
subsequent changes and corrective actions
The four basic reasons to monitor and measure lead to three key questions:
Why are we monitoring and measuring?, When do we stop? and Is anyone using the data? – To
answer these questions, it is important to identify which of the above reasons is driving the
measurement effort. Too often, measures are continued long after the need has passed. Every
time a report is produced it should be asked: Do we still need this?
..Service metrics – these metrics are the results of the end to end service –
component/technology metrics are used to produce the service metrics
..Process metrics – these metrics are captured in the form of Critical Success Factors (CSFs),
Key Performance Indicators (KPIs) and activity metrics for the service management
processes. Four key areas that KPIs can measure are quality, performance, value and
107
compliance of following the process. CSI would use these metrics as input in identifying
improvement opportunities for each process
..Technology metrics – these metrics are often associated with component and application based
metrics such as performance and availability
Define what you should measure
..At the onset of the service lifecycle, service strategy and service design should have
identified this information. CSI can then start its cycle all over again at, Where are we
now? This identifies the ideal situation for both the business and IT.
Define what you can measure
..This activity is related to the CSI activities of Where do we want to be?. By identifying the
new service level requirements of the business, the IT capabilities (identified through
service design and implemented via service transition) and the available budgets, CSI can
conduct a gap analysis to identify the opportunities for improvement as well as answering
the question, How do we get there?.
Gathering the data
..In order to properly answer the Did we get there? question, data must first be gathered
(usually through service operations). Data is gathered based on goals and objectives
identified. At this point, the data is raw and no conclusions are drawn.
108
Processing the data
..Here the data is processed in alignment with the CSFs and KPIs specified. This means that
timeframes are coordinated, unaligned data is rationalised and made consistent, and gaps
in the data are identified. The simple goal of this step is to process data from multiple
disparate sources into an apples to apples comparison. Once we have rationalised the data
we can then begin analysis.
Analysing the data
..Here the data becomes information as it is analysed to identify service gaps, trends and the
impact on business. It is the analysing step that is most often overlooked or forgotten in
the rush to present data to management.
Presenting and using the information
..Here the answer to Did we get there? is formatted and communicated in whatever way
necessary to present to the various stakeholders an accurate picture of the results of the
improvement efforts. Knowledge is presented to the business in a form and manner that
reflects their needs and assists them in determining the next steps.
Implementing corrective action
..The knowledge gained is used to optimise, improve and correct services. Managers identify
issues and present solutions. The corrective actions that need to be taken to improve the
service are communicated and explained to the organisation. Following this step the
organisation establishes a new baseline and the cycle begins anew.
109
8. Why Is ITIL Important?
ITIL is important because it’s beneficial to the organizations that follow the approaches and use
the techniques that it recommends.
There are two primary benefits that organizations receive when following ITIL. These are overall
increases in the quality and overall increase in return on the investment made in the organization’s
information technology.
There are several methods, techniques, and approaches that ITIL provides that allow organizations
to achieve the benefits of increased quality and increased return on investment of IT services.
Accountability
Accountability means being answerable for something. The lack of accountability tends to
dramatically reduce the quality of IT services that an organization produces and also has a
detrimental effect on the cost of providing services.
ITIL guides organizations in the establishment and management of clear accountabilities in an
organization.
Through clearly defined roles and responsibilities, organizations following ITIL establish who is
answerable for items that are significant in an organization.
Clearly defining accountability means that things that need to be done get done more quickly, and
are not repeatedly handed off throughout the organization. When an organization lacks
accountability, activities that are important will be delayed and the consequences of that delay are
a reduction in the overall quality of service delivered, as well as an increased cost to deliver that
service.
ITIL helps organizations define accountability in several ways. First, ITIL often uses various
“owner” roles to clearly attribute who is accountable for significant items such as IT services and
processes in an organization.
Second, ITIL encourages effective communication, which tends to minimize the number of times
a customer request is transferred throughout the organization. Third, ITIL encourages effective
knowledge transfer and establishes clear accountability for who transfers knowledge and when
they transfer it, which ensures that when customers contact the IT organization for support, the
person they contact will have the information that they need.
Boundaries
Boundaries are clear lines of demarcation. IT organizations often establish ineffective boundaries
that, in turn, degrade the quality of service that the business receives from its IT organization.
When an organization establishes and enforces clear, effective, and strong boundaries, the business
is able to focus on things that are important to the business. Because of this, there is an overall
increase in quality and return on investment that the business receives from its IT organization.
ITIL provides organizations with several important techniques for establishing, managing, and
maintaining boundaries.
First, the lifecycle approach that ITIL offers institutes several boundaries. In other words, by
logically grouping activities into strategic, design, transition, operational, and improvement
groupings, the organization is more effectively able to manage those activities.
Another concept that ITIL offers that is of great benefit to organizations is the concept of a service
portfolio.
A service portfolio is a boundary that describes the IT organization’s overall collection of services
that are of fered, potentially will be offered, or once were offered. The service portfolio provides
this by dividing an organization’s services into three logical groupings.
110
• The first grouping is the service pipeline. A service pipeline conveys an organization’s service
offerings from concept to implementation. In other words, the service pipeline represents the
organizations future service offerings.
• The second grouping is the service catalog, which represents the organization’s operational
services.
In other words, the service catalog describes the organization’s present service offerings.
• The third grouping is retired services, which represent services that an organization once offered
that for some reason are no longer in demand or do not offer an effective return on investment.
The service portfolio is a boundary that the IT organization can use to show the business what
services it currently offers, what services it potentially will offer, and what services were once
offered. The process of service portfolio management encourages that services in the service
portfolio are managed according to return on investment. This is critical because it allows the
business to make decisions based on the value of services and whether or not the IT organization
should offer those services. The service portfolio also provides methods by which an organization
can prioritize its service investments based on priority to the business.
A commonly touted benefit of ITIL is “business and IT alignment.” Often, the people promoting
that benefit fail to explain what it really means. The service portfolio is one of the key areas where
ITIL allows organizations to align with the needs of the business.
A third area where the concept of boundaries arises in ITIL is the concept of a service. A service
is something that provides value to customers, while taking away the ownership of specific cost
and risk. By following the principles of ITIL, an IT organization focuses on producing the value
that the customers want while taking on the management of cost and risk, which customers do not
want. Well-designed services define a clear boundary, which means there is an interface.
Customers that use that service clearly understand what inputs they must provide to the service as
well as the outputs they receive from the service. Customers benefit from services because they
don’t have to focus on how the service transforms the inputs they provide into the outputs that they
want. In other words, services allow customers to focus on the value that they want and not all of
the steps, components, and technology involved in creating that value.
Consistency ITIL encourages organizations to follow a process-based approach to ensure that a consistent,
predictable result is produced. Organizations that lack processes, or fail to follow processes, tend
to behave haphazardly. Haphazard organizational behavior often results in the organization
producing lower quality and higher costs services.
In other words, not following a process-based approach ensures that an organization will
disappoint its business and customers.
There are twenty-six service management processes described by ITIL. These processes are
grouped into five distinct lifecycle stages, based upon the focus on the process activities.
Organizations that follow these processes tend to produce higher quality results when compared
to organizations that do not follow those processes.
If an IT organization is consistent, then its business can depend on it. If the IT organization is
inconsistent, then the business won’t be able to depend on it and will either fail or will seek
alternative solutions. Consistency is one of the most beneficial aspects of adopting ITIL best
practices.
Other Reasons Why ITIL Is Important
111
Ability to adjust to changing business needs ITIL provides several techniques by which the organization can adapt to the changing needs of the
business.
One of those techniques is via a change management process. The change management process
that ITIL
provides is very mature. It offers the organization a way to optimize the risk associated with change
and reduce the impact of change on business operations. The benefit is that the organization
becomes more agile and flexible with respect to business needs, which tends to result in higher
quality and return on investment.
Another area where ITIL helps ensure that the organization can adjust to the changing needs of the
business is in the continual service improvement lifecycle stage. This stage identifies and manages
improvements to an IT organization’s processes, services, technology, and organization that are
beneficial to the business. In other words, only by following a process-based approach to
identifying, managing, prioritizing, and implementing improvements can the IT organization
provide the business with adequate flexibility.
ITIL also provides methods by which organizations can produce services that can be used as plug-
and-play components. These plug-and-play components can enable the business to offer new
services into existing markets and to easily expand into new markets.
Businesses that aren’t flexible, or cannot easily change, often go out of business. One only has to
look at the history of numerous organizations that in their prime commanded large shares of large
markets but, as times changed, were unable to adjust and subsequently ceased business operations.
Improved customer satisfaction IT organizations can often be a huge dissatisfier to customers. Business customers often perceive
IT organizations as bureaucratic and slow to respond. ITIL offers several techniques by which the
organization can more quickly respond to business needs and get the things that businesses want
to them more quickly.
One of those areas is the request fulfillment process. The request fulfillment process deals with
requests from customers and users and ensures that those requests are effectively managed,
controlled, and delivered.
Through the request fulfillment process, ITIL provides organizations a means to fulfill common
requests that users and customers make of the IT organization. A request fulfillment process that
manages all requests provides customers and users with a centralized means of requesting common
services, which tends to result in lower cost to provide services and in higher quality services. This
tends to result in users getting what they want more quickly and predictably, which is often a
significant satisfier.
Another area where ITIL offers improved customer satisfaction is with the incident management
process.
When an outage or a degradation of service occurs, the incident management process works to
restore service in-line with any commitments made to the business. This has an impact on cost
because incident management ensures that the services are available more often during the times
that have been committed to customers.
When IT services are available, the business is able to operate, and when the business is able to
operate, it is able to achieve its business objectives. When the business is able to accomplish its
objectives, and the IT organization has made a significant contribution to this, then the business
tends to have a higher level of satisfaction with the IT organization.
No need to reinvent the wheel
112
Organizations that follow ITIL best practices benefit from the collective experience of numerous
government agencies and public and private organizations over the last several decades.
ITIL provides numerous ready-to-use processes and techniques for delivering value to customers
in the form of services. The significant benefit of this is that the cost for organizations to adopt
ITIL is much lower than if they had to invent all of these processes and techniques on their own.
Additionally, organizations that adopt ITIL best practices can rest assured that the techniques and
methods provided have been tested in every industry and under a large variety of conditions. Thus,
ITIL provides a readymade, mature set of best practices that an organization can follow to improve
the quality of its deliverable and to improve its overall return on investment.
Summary There are numerous reasons why organizations choose to adopt ITIL and numerous benefits that
organizations receive from following ITIL best practices. Of supreme importance are the benefits
of the improved quality of deliverables received from the IT organization and increased return on
investment on IT investments.
This paper discusses several concepts and techniques that ITIL promotes, including ensuring
accountability, defining and enforcing boundaries, and conducting consistent and predictable
activities in order to produce consistent and predictable results. Furthermore, additional benefits
that ITIL provides as discussed in this paper include the agility that comes from being able to
quickly adapt to business needs and overall improved customer satisfaction. All of this is available
without the organization having to invent it from scratch, which itself is another key benefit of
adopting ITIL.
Finally, a significant point to consider is that most organizations have competitors. When an
organization’s competitors choose to follow a generally accepted set of best practices such as ITIL,
they tend to outperform their competitors in any given market. There are ideal ways of doing things
that result in higher quality and lower cost deliverables, which is fundamentally why ITIL is
important.