Information Technology Infrastructure Library (ITIL)
History, Concepts and Alignment to CobiT and ISO 20000 Thursday, October 12, 2006
Today’s Objectives:
1. Learn about the history of ITIL 2. Understand ITIL’s key objectives 3. Discover all components of the ITIL Framework 4. Visit each of the core 10 ITIL SM Processes
5. Learn the importance of process interaction
6. Understand the ISO 20000 & alignment to ITIL 7. Understand the alignment to CobiT Framework
8. Learn about the future of ITIL
Dalibor Petrovic, I.S.P.
Consulting Manager, IT Strategy and Management, Deloitte
- Certified ITIL Service Manager - EXIN International Exam Marker for ITIL Service Manager Certifications - Certified CobiT Professional - Certified ISO 20000 Internal Auditor - Chair of itSMF Northern Alberta
WHAT IS ITIL?
Framework for Best Books A Library of Practices in Defined Common Sense IT Service Management
Origins:
• British Government’s effort to improve IT management
• Developed by the CCTA in the late 1980’s • Originally, a library of over 40 books that documented various IT Service areas, processes and standards • Today, a library of 8 books, under the auspices of OGC
ITIL Objectives
Three Key Objectives of IT Service Management:
1. Align IT Services with the Current and Future Needs of the Business and its Customers 2. Improve Quality of IT Services 3. Reduce Long-Term Costs of IT Service Provision
In the beginning…
…there was Deming!
The Deming Cycle
The Deming Cycle
The ITIL Library
Planning to Implement Service Management
Service Support
The Business Perspective
The Technology
Source: OGC
The Business
Security Management Service Delivery
Applications Management
ICT Infrastructure Management
Software Asset Management
ITSM Components
IT Service
security
Service Level Management Availability Management Capacity Management Financial Management
for IT services
Continuity Management
Release Management
IT Infrastructure
Change Management Configuration Management
Incident Management
Problem Management
• Service Support – The Service Desk – Incident Management – Problem Management – Configuration Management – Release Management – Change Management
• Service Delivery – Service Level Management – Availability Management – IT Service Continuity Management – Capacity Management – Financial Management for IT Services
The Service Desk
Goals
The Service Desk
To To
act as the single point of contact between the User and IT Service Management and track status of all customer interactions handle Incidents and requests, and provide an interface for other activities such as Change, Problem, Configuration, Release, Service Level, and IT Service Continuity Management
Inputs to the Service Desk
Information
The Service Desk
Why a Service Desk?
Essentials
The Service Desk
• The Service Desk is more than just a Help Desk • The first and single point of contact
• High quality support to meet business goals
• Help identify costs of IT services • Proactive support and communication of changes • Increase user perception and satisfaction • Identification of business opportunities
• Identification of Training Opportunities
Responsibilities
Activities
The Service Desk
• Receive and record all calls from users • Provide first-line support (using knowledge resources) • Refer to second-line support where necessary
• Monitoring and escalation of incidents
• Keep users informed on status and progress • Provide interface between ITSM disciplines • Produce measurements and metrics
Incident Management
Goals
Incident Management
To restore normal service operation as quickly as possible with
minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained Incident definition Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of that service Work-around definition A method of avoiding an Incident or Problem either by employing a temporary fix or technique so the user is no longer reliant on a Configuration Item (CI) that is known to cause failure
Incident Management
The Incident Life Cycle – the monitoring and tracking of Incidents
Activities
Including Impact and Urgency selection
Yes
No
Note. This is not Problem Closure
Categorization
Activities
Incident Management
•Service affected (and possibly by association the affected SLA)
•User perception of failure in terms of the User’s inability to do something
–Batch job output has not been received
–I can’t print, connect to a server or access an application
•Category and details of CI thought to be at fault •Category and details of CI eventually found to be at fault •The fault in the CI, the quick fix and the action taken, etc.
Impact, Urgency & Priority
Definitions
Incident Management
Impact Urgency
A measure of the business criticality of an incident or problem (e.g. numbers affected, magnitude) A measure of the speed with which an incident or problem requires resolution (i.e. how much delay will the resolution bear) The order in which an incident or problem needs to be resolved, based on impact and urgency
Priority
Incident Management
Illustrative Example
Payroll Application: System run once per month to run payroll
Impact
Failure of payroll server (first week in month) Failure in payroll server (last week of month) High: will effect all employees High: will effect all employees
Urgency
Low : Payroll not run for 3 weeks High : Fix needed before 06:00 tomorrow morning
Priority
Low (at the moment) High
Bank Teller Application: System used by cashiers in bank to transact on accounts
Impact
One Branch teller application performing poorly Router Interface down Medium : one branch out of 150 Low : Cashiers and customers not impacted due to redundancy in network
Urgency
High : Queues beginning to form Med : Router needs to be re-booted to restore network redundancy
Priority
High Med
Escalation
Definitions
Incident Management
Hierarchical escalation would typically include authorization, resources and/or cost
Functional escalation might include specialist groups e.g. Unix Group
Hierarchical (authority) Functional (competence)
Functional Escalation
Activities
Incident Management
The use of support teams is important in efficient incident resolution.
• First line support deals with the communication to the user, resolution of known incidents (e.g. password resets)… • …allowing the second and subsequent levels to focus on resolving assigned incidents.
Problem Management
Goals
Problem Management
To minimize the adverse effect on the business of Incidents and Problems caused by errors in the infrastructure, and to proactively prevent the occurrence of Incidents, Problems and Errors. Problem definition Unknown cause of one or more incidents Known Error definition An Incident or Problem for which the root cause is known and for which a temporary work around or permanent alternative has been identified
Problem Flow
Information
Problem Management
Incidents
Service Desk
Problem
Known Error
Change Process
Configuration Management
Goals
Configueration Management
Enabling control of the infrastructure by monitoring and maintaining information on:
Configuration CI CI
Items (CI) needed to deliver services
status and history
relationships
CIs (monetary or service)
Valuable
Providing information on the IT infrastructure to all other processes and to IT Management
Configuration Management
Definitions
Configueration Management
• Configuration Item (CI) – a component of an IT infrastructure which is (or is to be) under the control of Configuration Management and therefore subject to formal change control
• Configuration Management Database (CMDB) – a database which contains details of the attributes and history of each CI and the relationships between CIs • Baseline – a snapshot of the state of a CI and its components or related CIs, frozen in time for a particular purpose, such as: – The ability to return a service to a trusted state if a change goes wrong – A specification for copying the CI or for a roll-out – The minimum CIs needed to maintain vital Business Functions after a disaster
Major CI Types
Definitions
Configueration Management
Users, Customers, Who, Where, What Skills, Characteristics, Experience, Roles
CI Relationships and Attributes
Activities
Desktop Device #1 Desktop Device #2
Configueration Management
Cable #1 Cable #3
Cable #2
Ethernet
Disk #1 Power Server Disk #2
Printer #1
Relationships
System Software
Is connected to Is a copy of Is part of
Printer #2 Application A Application B
Attributes
Owner, status, location, serial #, version, supplier, etc.
Change Management
Goals
Change Management
Process of controlling changes to the infrastructure or any other aspect of services, in a controlled manner, enabling approved changes with minimum disruption.
Change Management ensures that standardized methods and procedures are used for the efficient and prompt handling of all Changes, in order to minimize the adverse impact of any Change-related incidents upon service quality. Changes can arise as a result of Problems, Known Errors and their resolution, but many Changes can come from proactively seeking business benefits such as reducing costs or improving services
Change Management
Definitions
Change Management
•Change – a deliberate action that alters the form, fit or function of Configuration Item (CI) such as an addition, modification, movement, or deletion that impacts the IT infrastructure •Request for Change (RFC) – a means of proposing a change to any component of an IT infrastructure or any aspect of an IT service •Forward Schedule of Change (FSC) – a schedule that contains details of all the changes approved for implementation and their proposed implementation date
Change Management
Definitions
Change Management
•Standard Change – a Change that is recurrent, has been proceduralized to follow a pre-defined, relatively risk free path and where Change Management and budgetary authority is effectively give in advance •Service Request – a request, usually made through a Service Desk, for a Standard Change
–Example: providing access to services for a new member of staff or relocating a few PCs
Release Management
Goals
Release Management
Release Management takes a holistic view of a Change to an IT service and should ensure that all aspects of a Release, both technical and non-technical, are considered together
• Good resource planning and management are essential to package and distribute a Release successfully. • The focus of Release Management is the protection of the live environment and its services through the use of formal procedures and checks.
Service Support Process Model
Management Tools & IT Infrastructure
Incident Management Problem Management
• Service Support – The Service Desk – Incident Management – Problem Management – Configuration Management – Release Management – Change Management
• Service Delivery – Service Level Management – Availability Management – IT Service Continuity Management – Capacity Management – Financial Management for IT Services
Service Level Management
Goals
Service Level Management
To maintain and gradually improve business aligned IT service quality, through a constant cycle of defining, agreeing, monitoring, reporting and IT service achievements and through instigating actions to eradicate unacceptable levels of service Service Level Management manages and improves the agreed level of service between two parties • The provider who may be an internal service department or the external organisation that provides an outsourced service
• The receiver of the servers i.e. the customer who pays the bill.
Availability Management
Goals
Availabtily Management
To optimise the capability of the IT infrastructure and supporting organisations to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives
IT Service Continuity Management
Goals
IT Service Coninuity Management
To support the overall Business Continuity Management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales
Note. IT Service Continuity Management used to be known as Disaster Recovery in the old ITIL books
Capacity Management
Goals
Capacity Management
To understand the future business requirements (the required service delivery), the organization's operations (the current delivery), and ensure that all current and future capacity and aspects of the business requirements are provided cost effectively
Financial Management
Goals
Financial Management For IT Services
To provide cost-effective stewardship of the IT assets and financial resources used in Services
Note. Financial Management of IT Services used to be known as Cost Recovery in the old ITIL books
Operations & Scheduling Surgical Team
Patient Lifecycle Medical File Develop Strategy
Filter Impact Analysis
Medical Procedure Library Medical Tools
Perform Operation /Procedure
Prioritize
Configuration Management
Release Management
Change Management
ITIL is more than a library of books
Training •Fundamentals •Practitioner •Service Manager
Qualifications: Certification at each level
Information Technology Infrastructure Library
Consultancy: Provision of IT consulting services to clients based on a de facto standard Tools: ITIL “compliance” is driving tools manufacturers itSMF: User groups providing seminars, conferences, and workshops
Consistent and predictable results, process improvement and cost saving top the list of benefits from implementing defined IT Process methods
*
* Source: Forrester Research – Stabilizing IT with Process Methodologies – May, 2005
CobiT
•What Is It? •How Does It Relate To ITIL?
COBIT and ITIL–Process Perspective
Strategic Process Control Process Execution
XY ## XY ##
COBIT
XY ##
XY ##
XY ##
ITIL
• Work instruction •2 •3 • 4,5,6…. • Work instruction •2 •3 • 4,5,6…. • Work instruction •2 •3 • 4,5,6…. • Work instruction •2 •3 • 4,5,6…. • Work instruction •2 •3 • 4,5,6….
Work Instruction
CobiT
WHAT
COBIT Control
HOW
ITIL Activities
Gartner Advisory on COBIT and ITIL
COBIT Control
WHAT
HOW
ITIL Activities
Acquire and Implement
(AI Process Domain)
Plan and Organise
(PO Process Domain)
Monitor and Evaluate
(M Process Domain)
Deliver and Support
(DS Process Domain)
Plan and Organise
Define Strategic IT Plan Determine Define Information Technological Direction Architecture Identify Automated Solutions
Acquire and Implement
Acquire and Maintain Application Software Install and Accredit Systems Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL Service Support
Service Desk Incident Problem Management Management
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Delivery
Service Level Management Financial Management Availability Capacity Management Management
Manage Projects
Manage Quality
Change Management
Release Management
Configuration Management
Continuity Management
Monitor and Evaluate
Monitor the Process Assess Internal Control Adequacy Define and Manage Service Levels Manage Third-party Services
Deliver and Support
Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Operations
Obtain Independent Assurance
Provide Independent Audit
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
Plan and Organise
Define Strategic IT Plan Determine Define Information Technological Direction Architecture Identify Automated Solutions
Acquire and Implement
Acquire and Maintain Application Software Install and Accredit Systems Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL Service Support
Service Desk Incident Problem Management Management
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Delivery
Service Level Management Financial Management Availability Capacity Management Management
Manage Projects
Manage Quality
Change Management
Release Management
Configuration Management
Continuity Management
Monitor and Evaluate
Monitor the Process Assess Internal Control Adequacy Define and Manage Service Levels Manage Third-party Services
Deliver and Support
Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Operations
Obtain Independent Assurance
Provide Independent Audit
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
Plan and Organise
Define Strategic IT Plan Determine Define Information Technological Direction Architecture Identify Automated Solutions
Acquire and Implement
Acquire and Maintain Application Software Install and Accredit Systems Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL Service Support
Service Desk Incident Problem Management Management
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Delivery
Service Level Management Financial Management Availability Capacity Management Management
Manage Projects
Manage Quality
Change Management
Release Management
Configuration Management
Continuity Management
Monitor and Evaluate
Monitor the Process Assess Internal Control Adequacy Define and Manage Service Levels Manage Third-party Services
Deliver and Support
Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Operations
Obtain Independent Assurance
Provide Independent Audit
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
Plan and Organise
Define Strategic IT Plan Determine Define Information Technological Direction Architecture Identify Automated Solutions
Acquire and Implement
Acquire and Maintain Application Software Install and Accredit Systems Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL Service Support
Service Desk Incident Problem Management Management
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Delivery
Service Level Management Financial Management Availability Capacity Management Management
Manage Projects
Manage Quality
Change Management
Release Management
Configuration Management
Continuity Management
Monitor and Evaluate
Monitor the Process Assess Internal Control Adequacy Define and Manage Service Levels Manage Third-party Services
Deliver and Support
Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Operations
Obtain Independent Assurance
Provide Independent Audit
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
ISO 20000
•What Is It? •How Does It Relate To ITIL?
ISO 20000: Basic Concepts
• Quality standard for IT Service Management Formal specification defined requirements for an organization to deliver managed services to acceptable quality to customers • BS 15000 fast-tracked to become IS0 20000 • ITIL forms the basis of the standard • Standard = a list of criteria that needs to be met The standard versus the framework • Standard = audit & certify against. Makes ITIL alive • Framework = best practice that the standard is based on
ISO 20000
Capacity Management Availability and Continuity
SERVICE DELIVERY
Service Level Management Service Reporting
Information Security Management Budgeting and ICT Accounting for Infrastructure IT Services
Management
The Business Service Perspective
CONTROL
Configuration Management Change Management
RELEASE
Release Management
RELATIONSHIP
Business Relationship Management Supplier Relationship Management
Objective:
To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner
Requirement examples:
• All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor • Requests for changes shall be assessed for their risk, impact and business benefit • All changes shall be reviewed for success and any actions taken after implementation
Example: Change Management
Code of Practice: Objective + Detailed Best Practices Objective (Sub-process: 8.2.2): Closing and reviewing the change request Detailed Best Practice: • All changes should be reviewed for success or failure after implementation and any improvements recorded • A post-implementation review should be undertaken for major changes to check that: – a) the change met its objectives; – b) the customers are happy with the results; – c) there have been no unexpected side effects • Any nonconformity should be recorded and actioned • Any weaknesses or deficiencies identified in a review of the change control process should be fed in to service improvement plans
ITIL Future – from this…. … to this: ITIL V.3
Planning to Implement Service Management
Service Service
Strategy
Design
Service Operation Transition Support
Service
Service
Continuous Service
The Technology The Technology
Improvmt
The Business The Business
The Business Perspective
LIFECYCLESecurity PERSPECTIVE Management
ICT Infrastructure Management
Service Pocket Guides
Delivery
Case Studies
ITIL Practice Working Templates Applications Management Governance Methods Certification-based Study Aids Software Asset Management Executive Introduction to IT Service Management
Various non-proprietary frameworks and methods exist to help IT organizations become more process centric and improve the quality of the services delivered
ITIL
What is it?
The IT Infrastructure Library is a customizable framework of best practises that promote quality IT service, build on a process-model view of controlling and managing operations. ITIL was originally developed by the UK government and has since matured into an internationally recognized standard.
CMM
The Capability Maturity Model is a method of evaluating and measuring the maturity of the software development process. Recent revisions (CMMI) provide guidance for improving organization process and manage the development, acquisition and maintenance of products and service
CobiT
Control OBjectives for Information and related Technology is a framework for information security and provides generally accepted IT control objectives to assist in developing appropriate IT governance and control
Six Sigma
A data driven quality management program to control variations and thereby achieve high levels of quality.
ISO 2000
A standard concerned primarily with the quality of IT Service Management. It provides the basis to fulfill customer requirements, regulatory requirements, enhance customer satisfaction, and pursue continual improvement
Focus IT Specific How it fits
IT Operations – IT Service Management Yes Define and implement processes
Development Yes Determine extent of process maturity
Governance and Control Yes Provide process controls
Process Improvement No Improve processes
Processes Consistency Yes Certify processes are being followed
Frameworks and Methodologies
ISO20000
CobiT
CMMi SIX SIGMA
Governance
ITIL Business Process Models
In summary:
ITIL is: • The international de-facto Best Practice for IT Service Management • Process Approach to improving Quality, Efficiency and Effectiveness • Service focused IT management, viewed from the perspective of IT customers and users • Evolving, vendor-neutral, non-proprietary framework
• CobiT complementary, Certifiable through ISO20000
• DEFINED COMMON SENSE