standards in heanet - · pdf file• internal processes can be based on ......
TRANSCRIPT
![Page 1: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/1.jpg)
Standards in HEAnetStandards in HEAnet
“The great thing about standards is that there are so many to choose from”
Rachael Holt & Gareth Eason, HEAnetfor TF-NOC, Zürich, 2011-06-28
![Page 2: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/2.jpg)
Agenda
• Advantages of standards?• What standards?• HEAnet & standards• Hurdles & Disadvantages• Lessons learned• Next steps
![Page 3: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/3.jpg)
Who are HEAnet?
• HEAnet is Ireland's research and education network (NREN)
• Set up in 1983 as a collaborative body by the seven Irish universities and the Higher Education Authority
• Became a non-profit, limited company in 1997
• Approximately 50 staff serving 180,000+ end-users
![Page 4: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/4.jpg)
What do we do?
• Provide high quality Internet services to our members
• Enable research and learning through leading edge shared services
• Act as a representative body for the ICT education & research community
• Facilitate innovation & collaboration• Ensure value for money
![Page 5: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/5.jpg)
What do we do?
• Provide high quality Internet services to our members
• Enable research and learning through leading edge shared services
• Act as a representative body for the ICT education & research community
• Facilitate innovation & collaboration• Ensure value for money
![Page 6: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/6.jpg)
Affiliations & Representations
• IBEC – TIF/Telecoms Internet Federation• INEX/Internet Neutral Exchange• ISPAI / Internet Service Provider Association of Ireland
National
• EU funded Framework Projects• RIPE Network Co-ordination Centre (NCC)• DANTE/TERENA (37 countries)• GÉANT/NREN Consortium Policy Committee• JANET (UK) and JANET-CERT• MoU with Internet 2/ NGI
International
![Page 7: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/7.jpg)
Advantages of standards?
• Ability to collaborate• Communicate using standard
nomenclature / vocabulary• Measurability of consistency &
quality• Comparability• External verification• Auditability (client audits)
![Page 8: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/8.jpg)
Advantages of standards?
• Internal processes can be based on standards– Saves us having to write from scratch– Learn good practice from others– Good standards are maintained
• Standards are only a guide– You must write your own processes
![Page 9: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/9.jpg)
Advantages of standards?
![Page 10: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/10.jpg)
What standards?
• ISO 9000• ISO 20000• BS 7799 / ISO 17799• ITIL• OSSTMM• eTOM• DPA (& other legislation / guidelines)
![Page 11: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/11.jpg)
HEAnet viewpoint
• Standards group formed to examine:– ITIL– ISO– Other relevant standards– Recommend what HEAnet should do
• Report delivered April 2010– Examined ISO20000 & ITIL– Recommended examining ITIL first– then ISO 20000 (with some exceptions)
![Page 12: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/12.jpg)
HEAnet viewpoint
We are here
![Page 13: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/13.jpg)
Hurdles
• Staff resistance• Cost (of certification & training)• Existing procedures• Management buy-in• Complexity• Client resistance to change• Lack of perceived benefit
![Page 14: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/14.jpg)
Piecemeal approach
• ISO 17799 (BS 7799)– Used by security team– Capable of auditing client installations to
standard– Useful for client security audits
• Cannot further accredit– HEAnet staff would require additional
training & certification– Only a limited # of staff qualified.
![Page 15: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/15.jpg)
Piecemeal approach
• ISO 14064– Carbon gas emissions– Direct & Indirect– HEAnet carbon production
measured & validated (audited)
• Purpose:– 2010: Measure Carbon emissions– 2011: Reduce Carbon emissions– 2012: Continuous improvement– Green Star network project
![Page 16: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/16.jpg)
ITIL “Service Desk”
NO
C
NM
C
Thi
rd L
ine
Su p
po
rt
Se
cond
Lin
e S
upp
ort
Sup
po
rt D
esk
ITIL
Se
rvic
e D
esk
Se
rvic
e D
esk
Firs
t Lin
e S
upp
ort
Ca
ll D
esk
0
10
20
30
40
50
60
70
Most likely to fix problem
(by name alone)
Lik
elih
oo
d o
f fi x
ing
pro
ble
m (
rela
tive
)
![Page 17: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/17.jpg)
ITIL “Service Desk”
NO
C
NM
C
Thi
rd L
ine
Su p
po
rt
Se
cond
Lin
e S
upp
ort
Sup
po
rt D
esk
ITIL
Se
rvic
e D
esk
Se
rvic
e D
esk
Firs
t Lin
e S
upp
ort
Ca
ll D
esk
0
10
20
30
40
50
60
70
Most likely to fix problem
(by name alone)
Lik
elih
oo
d o
f fi x
ing
pro
ble
m (
rela
tive
)
![Page 18: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/18.jpg)
ITIL “Service Desk”
• ITIL 'Service Desk' rename abandoned
![Page 19: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/19.jpg)
Piecemeal approach
• Change management processes– Request for change in writing– Change approval process
• Continuous ServiceImprovement– Pervades all processes
& client contact– incl. SLA agreement &
requirements gathering
![Page 20: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/20.jpg)
Data Protection
• Legislation as a type of standard– HEAnet work with ISPAI, Government,
Clients, etc.
• Telecommunications (DataRetention Act) 2011– EU directive 2006/24/EC
![Page 21: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/21.jpg)
Lessons learned
• Hurdles are real!• Lots of cost (time & resource) to
implement• Management must buy in• A little at a time / piecemeal
approach works well• Staying ahead of customer needs is
vital
![Page 22: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/22.jpg)
Next steps
• Evaluate eTOM with ITIL• Evaluate ICASA• Continue ITIL 'good practice':
– Review and continuous improvement of services
– Look for other low-hanging fruit
• Review management and client 'buy‑in'• Continue sharing & learning from other
NRENs and their experiences
![Page 23: Standards in HEAnet - · PDF file• Internal processes can be based on ... –Examined ISO20000 & ITIL ... –Capable of auditing client installations to](https://reader034.vdocuments.site/reader034/viewer/2022051722/5aa4c5ed7f8b9afa758c4ead/html5/thumbnails/23.jpg)
Your next steps?
• Hurdles?• Cost (time & resource)?• Management buy in?• Piecemeal approach? Wholistic?• Customer opinions?
• What are you doing about standards?