1
IT Service Management
PV203
Vladimír Vágner
12.03.2024
2
2
What shall we discuss
today?
IT Service
Management
-
frameworks
2
This is how the typical IT environement looked like many years ago when the
applications were tailor made and the IT support had to focus on almost all aspects
of the IT delivery. However “single point of contact" (SPOC) in most case did work.
3
3
Becky: “Application XYZ is not
responding”
or
“Where is my report?!”
Becky
End User of IT Service
Over the time the management of IT starts to become much complicatedd and
difficult to be managed properly
4
4
A typical interaction between the help desk and the business
departments in many organisations can be like this:
Finance Department: ‘Hello. Our finance server is not working. Can you fix it?’
HelpDesk: “Which one?”
‘The one that we use in our department. It’s a black system with a green keyboard.’
‘I had a look at it, but the hard disk is dead and we will have to replace it. I will call the
vendor and arrange for a replacement if possible.’
‘What about our data?’
‘I’m afraid we can’t recover the data. The disk is dead and we have not been backing up the data of
that server, because nobody told us to. Finance did not approve the purchase of a tape drive for this
machine.’
‘Oh no. We have our entire payroll, purchasing, billing, sales and other important financial
data for the entire company on that machine. Five years of data!’
‘Unfortunately there is nothing we can do. Please excuse me, I have to go and attend another call.’
Enviromment and related services from diffwerewnt vendors/departments resulted
often into unsolvable situations
5
5
Becky: “Application XYZ is not
responding”
or
“Network is slow!”
Becky
End User of IT Service
LAN Provider:
“LAN is OK” Middleware Provider:
“No utilization issues”
Host Provider: “No
performance
problem”
Server Provider: “No
server problem”
WAN Provider:
“No WAN issues”
Chaos
6
6
IT Service Management (ITSM) is a vital element of IT, but it's also sometimes
misunderstood and unappreciated. The simple truth is that every business of any
size continues to have a timeless business need for IT Service Management (ITSM)
both today and well into the future. The business simply can’t perform consistently
without a healthy ITSM capability.
However, there has been so much development of tools, technologies, and best
practices around ITSM, that it can be confusing to distinguish the many discussions
that involve ITSM.
In this discussion, we will look at the core of ITSM and the value it continues to
deliver to the organization.
Understanding the framework of ITSM improves our clarity and appreciation for
this vital element of both IT and the business as a whole. It will help us best
leverage the unique value ITSM can deliver.
Here we will look at four elements for the framework of ITSM and how each can
benefit the organization and why all of this is so vital to every organization.
It All Starts With Great Service
At the heart of ITSM lies the delivery of services. This includes the timeless need to
fix a machine that is not working properly, answering the many questions that arise
daily, providing support for new employee setup, delivering and configuring mobile
devices for workers, managing passwords, and much, much more. It helps to think in
7
7
The Information Technology (IT) departments in many organizations were
previously focused on the production of software applications, and in the
late 1980s it started to change to a service mode of operation.
For IT Service Management (ITSM), the main focus was changed from the
development of IT applications, but rather on the management of IT
services.
“The first, and most obvious, the service quality is the critical
success factor ”1 1982
terms of the many needs employees have in order to be productive, and that many
of those needs bring us back to IT and to ITSM.
And the fact is, when the ITSM team is delivering great service, every employee can
work more productively and, in turn, service customers better.
This connection is important to understand: the linkage of the ITSM organization to
every employee and then to every customer. This linkage is vital to business today,
and due to our dependency on technology, more critical than ever. We sometimes
get distracted by the many interesting and extensive frameworks including ITIL,
COBIT, ISO, DevOps and Agile, but make no mistake—these do not great ITSM make.
Yes, the right framework can certainly help with structure and operating models, but
the core of ITSM is and must always remain about delivering great service to real
people.
Quality services enabled by ITSM is a great boost to IT and to the business.
The Hub of IT
The processes and principles of ITSM are unique in that they connect the assets of
the IT infrastructure to the people of the organization. We can think of this as
bringing the assets of IT to life through the services that are the heartbeat of the
business.
These connections are often direct in that every person in the business will utilize
assets in some form, including smart phones, laptops, tablets and desktop
computers to perform their work every day. This connection between people and
technology is now vital to every business and this dependency is only
growing. These technologies are simply how we do our work every day.
Think for a moment about the dependency our employees have on smartphones,
email, and internet access to name a few examples. These resources are
fundamental to every business of any size, and in order for these systems to operate
in a reliable manner, IT is working around the clock to ensure everything is working
as expected.
Taking this a step further, the processes of ITSM are at the heart of the daily
operations and health of each system. When everything is working correctly,
everybody is happy and these systems are simply taken for granted. But if the
organization loses internet access or the email server goes down, there is an
immediate and significant impact to the business. If we look closely, we can see that
some of the fundamentals of Agile are very closely related to this hub and spoke
model for IT and ITSM.
The many connections of technologies to people and then to customers brings to
our attention the tremendous value of ITSM and the role ITSM plays in keeping
the business running.
Process Strategy and Operations
Behind every service that is delivered by ITSM, there is a business process, process
strategy, and process model. Yes, we love our processes in IT and nowhere is that
more clear than in the domain of ITSM.
Incident Management, Problem Management, Change Management, Release
Management and Configuration Management are just a few processes that lie at the
core of ITSM and with each there is an important strategy that governs the process
itself and then the process model and how it operates every day. Because most
7
organizations today utilize an ITSM software application to support operations, it is
important we have the process strategy and design right or we won’t be able to run
ITSM processes successfully.
For every business process, there is a connection to an IT and ITSM process that
then enables the business to operate effectively.
Why It all Matters
So, why does all of this matter and why should we care about ITSM? That is a great
question and that brings us back to the fundamental connection of technology to
services to our people.
The modern business has a remarkable and inescapable dependency on technology,
and when technology is working for our people, anything is possible. But when
technology is not deployed properly and for-purpose, everything becomes more
difficult. In some cases, the business becomes paralyzed.
Virtually every element of business today relies on software and/or hardware to
perform our daily tasks, and the good people of ITSM help ensure these tools and
technologies are performing exactly as they should. Even better, the next ten years
of ITSM will bring a new model for personalized service and a focus on bringing new
innovations to the business that will help bring business performance to the next
level.
In today’s market this is only possible through the strategic use of technology. The
business and technology are now inseparable. This focus on real business results and
the value we deliver to customers are quickly becoming the new focus of the ITSM
organization—success with this new value focus will separate the new market
leaders from all the others.
Great service, healthy processes, and reliable technologies are only the beginning.
They are very much a springboard to the next decade of ITSM which will be
focused on business results and delivering value to customers. This is only possible
with a healthy ITSM framework—the key to the new generation of ITSM solutions
and the new model for IT.
From ITSM Understanding the Framework and Why It’s Important, Kevin J. Smith,
April 04, 2019 @ivanti Blog
7
Enterprises operating in dynamic environments need to improve their performance
and maintain competitive advantage. Adopting practices in industry-wide use can
help to improve capability. The term ‘best practice’ generally refers to the ‘best
possible way of doing something’. As a concept, it was first raised as long ago as
1919, but it was popularized in the 1980s through Tom Peters’ books on business
management.
The idea behind best practice is that one creates a specification for what is accepted
by a wide community as being the best approach for any given situation. Then, one
can compare actual job performance against these best practices and determine
whether the job performance was lacking in quality somehow. Alternatively, the
specification for best practices may need updating to include lessons learned from
the job performance being graded. Enterprises should not be trying to ‘implement’
any specific best practice, but adapting and adopting it to suit their specific
requirements. In doing this, they may also draw upon other sources of good practice,
such as public standards and frameworks, or the proprietary knowledge of
individuals and other enterprises. More recently, the ITIL framework has offered a
supplementary list
8
ITIL is not a standard in
the formal sense but a
framework which is a
source of good practice in
service management. The
standard for IT service
management (ITSM) is
ISO/IEC 20000, which is
aligned with, but not
dependent on, ITIL.
The objective of the ITIL
service management
framework is to provide
guidance applicable to all
types of organisations that
provide IT services to
businesses, irrespective of
their size, complexity, or
whether they are
commercial service
providers or internal
divisions of a business.
Enterprises operating in
dynamic environments
need to improve their
performance and maintain
competitive advantage.
Adopting practices in
industry-wide use can help
to improve capability.
8
1972: IBM starts research on quality service delivery called Information
Systems Management Architecture (ISMA).
1980: IBM publishes Volume I of the IBM Management series titled "A
management System for the Information Business", first public edition of
ISMA.
1986: CCTA authorizes a program to develop a common set of operational
guidance with the objective of increasing efficiencies in Government IT.
1988: "Government Infrastructure Management Method (GITMM)", is
formalized and issued as 'guidelines' for Government IT operations in the UK
focused on Service Level Management. Same year, the development team
was expanded and work continued on Cost, Capacity, and Availability.
1989: GITMM title is inadequate. It is not a method, (last M), and it should
lose its G letter in order to be marketable out of government. Renamed to
ITIL.
1989: First 'ITIL' book published, Service Level Management, then Help
9
V3 updated
‘11
ITIL 2011 books grew
57% in weight and 46%
in number of pages due
to rewrite and redesign
(larger font).
Desk (incorporating the concepts of Incident Management), Contingency
Planning, and Change Management. Books had 50-70 pages.
1990: Problem Management, Configuration Management and Cost
Management for IT Services published.
1991: Published - Software Control & Distribution, on 89 pages.
1992: Availability Management, 69 pages.
1996: (July) First ITIL Service Manager class delivered in US by US company,
ITSMI, 16 attended, 10 candidates, nine passes, one distinction, first US
company authorized as an ITIL accredited course provider - ITSMI.
1997: Customer focused update to the Service Level Management book, 106
pages.
1997: ITIMF legally becomes what we know today as the IT Service
Management Forum (itSMF UK).
2000: Service Support V2 published, 306 pages.
2001: Service Delivery V2 published, 376 pages.
2001: CCTA became a part of the Office of Government Commerce (OGC)
2002: Application Management, 158 pages, Planning to Implement IT
Service Management, 208 pages and ICT Infrastructure Management, 283
pages, published.
2003: Software Asset Management, 146 pages, published.
2004: Business Perspective: The IS View on Delivering Services to the
Business, published, 180 pages.
2006: (June) ITIL Glossary V2 published
2006: (June) APM Group Limited announced as preferred bidder of ITIL
accreditation & certification program, over the itSMF International (expectant
winner)
2007: (May) ITIL V3 five core books published.
2011: (July) ITIL 2011 update published.
Let's analyse this timeline a bit:
ITIL V1 was rather similar to IBM's ISMA, especially in support/delivery
9
domain. Core ITIL V2 books did not differ much from ITIL V1. Only a few
processes were altered slightly, but the focus and perspective was pretty
much unchanged. And this process lasted for some 20 years.
ITIL V3 approximately doubled the scope, almost tripled the number of
processes and functions and introduced a few new dimensions and
perspectives. We have the first set of core books now, but a lot of time will be
needed to develop all the complementary books, to groom and mature the
training materials and to polish best implementation practices.
ITIL 2011 books grew 57% in weight and 46% in number of pages due to
rewrite and redesign (larger font).
It all started under Margaret Thatcher, the prime minister of United Kingdom during
the eighties. The cost of IT in the government agencies was not in control with
disparate processes ruling the roost.
Central Computer and Telecoms Agency (CCTA) was commissioned to bring down
the cost and streamline processes across agencies. It took CCTA 4 years and 8 billion
pounds to come up with a set of best practices, it was called Government
Information Technology Infrastructure Management Method (GITIMM), conceptually
similar to ITIL®. Consultants who were taken on board this project visited a number
of private institutions (including IBM) to understand their processes, and how they
performed their IT related activities. The processes and activities were passed
through a sieve, and the best sets of processes were retained to give birth to ITIL®.
GITIMM, throughout the eighties and early nineties evolved to become ITIL® v1
which consisted of over 30 books.
In 2000, the United Kingdom's Office of Government Commerce (OGC) took over
CCTA, and a year later ITIL® v2 was released. V2 sub divided ITIL® as service support
and service delivery. Maintenance of services came under service support while
putting up a new service or modifying it came under service delivery. This version
consisted of 8 volumes.
The subsequent version - ITIL® v3 was published in May 2007, and it provides a
holistic view of services. It covers the entire lifecycle of a service – from the nascent
stages of strategies through design, transition to live environment and support when
services are active.
A major difference between v3 and its predecessors is the inclusion of a continuous
improvement phase in the former. This phases stresses on the need for continuous
improvement throughout the lifecycle of a service – which makes ITIL® much
stronger than what it was envisioned to be.
ITIL® v3 further reduced the number of books to 5, called as the core volumes.
Sometime last year, there were talks of ITIL® v4, but it turned out to be hoax in the
end.
9
Apart from the ISO/IEC 20000 standard, ITIL is also complementary to many other
standards, frameworks and approaches. No one of these items will provide
everything that an enterprise will wish to use in developing and managing their
business. The secret is to draw on them for their insight and guidance as
appropriate. Among the many such complementary approaches are:
Balanced scorecard: A management tool developed by Dr Robert Kaplan and Dr
David Norton. A balanced scorecard enables a strategy to be broken down into key
performance indicators (KPIs). Performance against the KPIs is used to demonstrate
how well the strategy is being achieved. A balanced scorecard has four major areas,
each of which are considered at different levels of detail throughout the
organisation.
COBIT: Control OBjectives for Information and related Technology provides guidance
and best practice for the management of IT processes. COBIT is published by the IT
Governance Institute.
CMMI-SVC: Capability Maturity Model Integration is a process improvement
approach that gives organisations the essential elements for effective process
improvement. CMMI-SVC is a variant aimed at service establishment, management
and delivery.
EFQM: The European Foundation for Quality Management is a framework for
organisational management systems.
eSCM–SP: eSourcing Capability Model for Service Providers is a framework to help IT
service providers develop their IT service management capabilities from a service
sourcing perspective.
ISO 9000: A generic quality management standard, with which ISO/IEC 20000 is
aligned.
ISO/IEC 19770: Software Asset Management standard, which is aligned with ISO/IEC
20000.
ISO/IEC 27001: ISO Specification for Information Security Management. The
corresponding code of practice is ISO/IEC 17799.
Lean: a production practice centred around creating more value with less work.
PRINCE2: The standard UK government methodology for project management.
SOX: the Sarbanes–Oxley framework for corporate governance.
Six Sigma: a business management strategy, initially implemented by Motorola,
which today enjoys widespread application in many sectors of industry.
9
10
One of the most common questions we hear from people that are new to the world of IT service mana
The most basic answer is that ITSM is the actual practice, or professional discipline, of managing IT ope
That's what we're doing in this week's blog post. We'll talk about how IT has changed from its earliest d
What Is ITSM?
To begin, the ITIL 2011 glossary provides a good definition of ITSM as "The implementation and manag
To help put this into context, let's look at how the role of IT within organizations has transformed over
In the early days of information technology, IT departments were seen as necessary along with the asso
Reactive IT departments had mixed perceptions within organizations—as you rely on IT to keep things
Today, IT organizations have evolved in the way they deliver value to the organization. The ITSM paradi
ITSM Delivers IT as a Service
Today, ITSM is a professional discipline that encompasses all of the activities and duties involved in des
The concept of delivering IT as a service has significant implications for how IT organizations are percei
ITSM Processes and Automation Drive Organizational Efficiency
The goal of ITSM is to effectively design, build, deliver, and manage IT services for the organization, but
ITSM professionals engage in strategy generation to ensure that the goals of IT are aligned with the goa
ITSM professionals understand the need for continuous improvement—they may track certain metrics
ITSM professionals understand the need to plan and design services effectively, ensuring that they can
ITSM professionals understand the importance of streamlined communication between the business (u
ITSM professionals understand the need to drive efficiency through automation and self-service—they
ITSM professionals understand the need to minimize business interruptions—they may follow a formal
ITSM is what happens when IT departments focus on their relationship with the business, align their ac
What Is ITIL?
In the 1980s, the United Kingdom experienced a growing dependency on IT throughout its department
ITIL began as an acronym for the "Information Technology Infrastructure Library" which was published
A minimum set of ITIL best practices are contained in ISO 20000 Part 11. This is used by organizations t
ITILv3 (2011 Edition) Lifecycle approach
ITIL Processes Reflect Best Practices for ITSM
We can understand ITIL as a regularly updated set of best practices for ITSM. For IT
organizations that want to adopt the paradigm of IT as a service, the ITIL
framework provides a set of processes and best practices that can be implemented
by the IT organization to help provide better services to users, meet goals for service
capacity and availability, and ensure that the actions of the IT organization
effectively support the business objectives of the organization.
While ITSM is a professional discipline that concerns itself with the effective design,
deployment, and management of IT services, ITIL is a framework that IT
professionals can use to implement best practices for ITSM within their
organizations and move towards a more effective IT organization that delivers
exceptional value to the enterprise.
10
11
1
1
W
11
hat Is the ITSM ITIL Framework?
Under ITIL 2011, the discipline of ITSM is broken down into five stages, each corresponding to one stage of the IT service
lifecycle. The five stages of the IT service lifecycle are service strategy, service design, service transition, service operation, and
continual service improvement. Each stage is covered is one of the five ITIL books, and each is comprised of many processes
and sub-processes that together form the set of best practices for managing that stage of the service life cycle:
Service Strategy: Service strategy entails the development of a strategy for the IT organization to serve its customers, typically
the business to which it belongs. Service strategy begins with assessing the needs of the business and customers, then
determines what services the IT organization will offer and what capabilities it should develop to meet the needs of the
organization.
Service Design: Service design includes the creation, design, and modification of new and existing IT services. In this stage, IT
organizations design new services for the organization and implement changes to existing services.
Service Transition: Once a service has been designed, the next step is for it to be built and deployed. This development of
capabilities and deployment happens in the service transition stage. ITIL's Service Transition book also includes processes for
ensuring that changes to existing services are executed in a coordinated fashion that minimizes business interruptions.
Service Operation: Service Operation is an important stage of the ITIL life cycle whose goal is to ensure that services offered by
the IT organization are delivered effectively and efficiently. Service Operation includes all four functions associated with ITIL:
Technical Management, Application Management, IT Operations Management, and the service desk.
Continual Service Improvement (CSI): The goal of continual service improvement is to ensure that the organization captures
data, information and knowledge from its successes and failures, and uses them to continually improve the efficiency of its
processes and service offerings.
Formalizing ITSM Service Management Processes with ITIL
The ITIL framework offers a template for modern IT organizations to implement ITSM effectively and start delivering more
value to their organizations through effective and efficient service life cycle management for all IT services.
The ITSM paradigm emerged out of a need to align the goals of the IT organization with the needs of the business. ITSM and
the concept of IT as a service led to the rise of help and service desks—a single point of contact between the IT organization
and the business, where users could make IT related requests and report issues. ITSM grew as a professional discipline as
more organizations attempted to formalize their own best practices. Even today, organizations may have some service
management processes that are consistent with ITIL and others that aren't, or they may develop their own processes that suit
their unique circumstances.
The ITIL framework emerged in the 1980s as a set of best practices for ITSM. ITIL brought standardization and widespread use
of best practices to IT organizations around the world and it remains the leading standard for IT organizations worldwide when
it comes to effective and efficient management of the IT service life cycle. ITIL is like a playbook for ITSM—it offers guidance in
the most effective ways espoused by leading professionals around the world.
As IT organizations mature, they should move towards an ITIL-compliant model of ITSM that follows best practices to
maximize value for the organization.
ITSM Solutions for ITIL and related Compliance
ITSM software solutions exist to help organizations implement their own best practices for IT Service Management.
11
12
12 12
Why is ITIL important to …?
• Reduced disruption to IT Services
• Greater control of IT infrastructure & changes to it
• Lower IT cost – centralized & standardized services
• Connects the IT infrastructure to the business it supports so that IT investment is
focused on the highest priority business needs
• Single point of contact for end-users for incidents, service requests, and information –
reduces multiple help desks
• Vendor-neutral language to describe IT service management – helps to manage IT
support across multiple suppliers
• End-to-end integration of IT management processes
• Supports business controls compliance
RESULTS IN BETTER QUALITY, LOWER TCO, IT ALIGNMENT TO
BUSINESS, AND EASIER SOURCING
TCO – Total Cost of Ownership
13
ITIL 4 will be more discussed during next lesson
ITIL® 4 Concept
§ Introduces Service Value System
Ø Describes basic elements of the system via which the value of the product
is being created with the aim on the customer and user requirements and
experience
§ Describes model of the value creation – Service Value Chain
Ø And its 6 main activities for each process/practice
§ Does not contain processes description in the lifecycle
Ø Lists 34 management practices within 3 basic groups
Ø General Management, Service management, Technical Management
§ Bases description of 4 Dimensions on v3`s four attributes of SM
Ø Critical mission in value creation
Ø Includes important external factors to consider (economical, political,
social, etc)
14
ITIL
Qualification
System
15
15
What problems are organisations trying to solve with ITIL
• Establish baseline of process/process supporting tools/knowledge
Ø Some of them don’t have processes established in some areas –
like problem management
• Stabilize/Standardize/Centralize infrastructure
• Process/ITSM tools standardization
Ø Either across customer internal lines of business or across
suppliers
• Integration of infrastructure and application management
Ø Want to be able to improve infrastructure stability by integrating
applications & infrastructure
• Right size infrastructure to support critical business services
• Link IT investment and support to business strategies and priorities
16
16
Marrone, M. & Kolbe research in 2011
Propositions:
P1:There is a positive relationship between implemented processes and perceived
maturity of the ITIL implementation.
P2:There is a negative relationship between maturity levels of the ITIL
implementation and perceived challenges of implementation.
P3a:There is a positive relationship between maturity levels of the ITIL
implementation and perceived realized benefits.
P3b:There is a positive relationship between maturity levels of the ITIL
implementation and usage of metrics to measure the realized benefits.
P3c:There is a positive relationship between maturity levels of the ITIL
implementation and acknowledgement by the business of the realized benefits.
BUSTED or CONFIRMED?
17
17 17
Information Technology Infrastructure Library
IT Service Management ~ ITSM covers IT services,
processes, technology, and staffing and personnel practices
that contribute to the management of IT infrastructure
ITIL® represents the best practices in IT Service
Management
ü Becoming international standard
ü Adopt & Adapt to organization’s business needs
ü The Client’s business enablement is the main focus –
not the technology
The term ‘best practice’ generally refers to the ‘best possible way of doing
something’. As a concept, it was first raised as long ago as 1919, but it was
popularised in the 1980s through Tom Peters’ books on business management.The
idea behind best practice is that one creates a specification for what is accepted by a
wide community as being the best approach for any given situation. Then, one can
compare actual job performance against these best practices and determine
whether the job performance was lacking in quality somehow. Alternatively, the
specification for best practices may need updating to include lessons learned from
the job performance being graded.Enterprises should not be trying to ‘implement’
any specific best practice, but adapting and adopting it to suit their specific
requirements. In doing this, they may also draw upon other sources of good practice,
such as public standards and frameworks, or the proprietary knowledge of
individuals and other enterprises.
18
18
Summary:
The Difference Between ITIL and ITSM is - ITSM is how you
manage the services you deliver to end users, and ITIL
teaches you the best practices for ITSM.
Whether services are being provided by an internal unit of the
organization or contracted to an external agency, all services should be
driven solely by business needs and judged by the value that they
provide to the organization.
Apart from the ISO/IEC 20000 standard, ITIL is also complementary to many other
standards, frameworks and approaches. No one of these items will provide
everything that an enterprise will wish to use in developing and managing their
business. The secret is to draw on them for their insight and guidance as
appropriate. Among the many such complementary approaches are:
Balanced scorecard: A management tool developed by Dr Robert Kaplan and Dr
David Norton. A balanced scorecard enables a strategy to be broken down into key
performance indicators (KPIs). Performance against the KPIs is used to demonstrate
how well the strategy is being achieved. A balanced scorecard has four major areas,
each of which are considered at different levels of detail throughout the
organisation.
COBIT: Control OBjectives for Information and related Technology provides guidance
and best practice for the management of IT processes. COBIT is published by the IT
Governance Institute.
CMMI-SVC: Capability Maturity Model Integration is a process improvement
approach that gives organisations the essential elements for effective process
improvement. CMMI-SVC is a variant aimed at service establishment, management
and delivery.
EFQM: The European Foundation for Quality Management is a framework for
19
19
What framework or processes are you employing to support your
ITSM strategy?
Source : 2017 Forbes Insights survey on The State of Information Technology Service Management (ITSM)
organisational management systems.
eSCM–SP: eSourcing Capability Model for Service Providers is a framework to help IT
service providers develop their IT service management capabilities from a service
sourcing perspective.
ISO 9000: A generic quality management standard, with which ISO/IEC 20000 is
aligned.
ISO/IEC 19770: Software Asset Management standard, which is aligned with ISO/IEC
20000.
ISO/IEC 27001: ISO Specification for Information Security Management. The
corresponding code of practice is ISO/IEC 17799.
Lean: a production practice centred around creating more value with less work.
PRINCE2: The standard UK government methodology for project management.
SOX: the Sarbanes–Oxley framework for corporate governance.
Six Sigma: a business management strategy, initially implemented by Motorola,
which today enjoys widespread application in many sectors of industry.
19
ISACA is an international professional association focused on IT governance. It is
known as the Information Systems Audit and Control Association, although ISACA
now goes by its acronym only
20
20
• COBIT (Control Objectives for Information and Related Technologies) is a framework created
by ISACA for information technology (IT) management and IT governance.
• Since 1996, COBIT has evolved to offer practitioners the latest knowledge, tools, and best
practices for maximizing the value of IT for businesses all over the world. COBIT 2019 is an elite
IT governance and management framework, perfect for helping you transform your IT operations
into a finely-honed and fully-optimized tool: perfectly suited at all levels for day to day
operations, long term goals, and even continuous evolution.
• COBIT 5, the previous version of COBIT, was focused on providing objectives, tools, and best
practices that were universally applicable to all IT operations.
• COBIT 2019 is focused on creating bespoke IT frameworks, specifically suited to an individual
company’s own requirements and goals.
COBIT
21
21
COBIT 2019 core model (ISACA)
COBIT 2019 also works by establishing the potential for progressive evolution. These
days, IT is constantly in flux, with businesses having to consider new technology,
legislation, practices, and so on on a regular basis.
COBIT 2019 establishes the potential for progressive evolution in IT frameworks.
With elements of digital and IT management being in constant flux, businesses must
be prepared to reexamine their chosen best practices, software, technology, and
compliance initiatives on a regular basis. This is not only for the sake of meeting the
standards set by clients but also surpassing them.
To help users cope with this, COBIT 2019 offers several methods for continuous
improvement. Firstly, it lays out the ‘COBIT Performance Management (CPM)’
system. Based on the CMMI Performance Management Scheme (and scored
between 0 and 5), this is used to gauge the overall capability of a process:
0 - Lack of any basic capability. Incomplete approach to address governance and
management purpose. May or may not be meeting the intent of any process
practices
1 - The process more or less achieves its purpose through the application of an
incomplete set of activities that can be characterized as initial or intuitive - not very
organized
2 - The process achieves its purpose through the application of a basic yet complete
set of activities that can be characterized as performed
22
22
COBIT 5 principles:
• Meeting stakeholder needs
• Covering user enterprises from end to end
• Applying a single integrated framework
• Enabling a holistic approach
• Separating governance from management
“Stakeholder - A person, group or organization that has interest or concern in an
organization”
COBIT 2019 expansion
• Provide Stakeholder Value
• Holistic Approach
• Dynamic Governance System
• Governance Distinct from Management
• Tailored to Enterprise Needs
• End to End Governance System
COBIT principles
3 - The process achieves its purpose in a much more organized way using
organizational assets. Processes typically are well defined
4 - The process achieves its purpose, is well defined, and its performance is
(quantitatively) measured
5 - The process achieves its purpose, is well defined, its performance is measured to
improve performance and continuous improvement is pursued
Level 2 refers to the basic level of capability, with any numbers below this indicating
an area for immediate improvement.
COBIT 2019 also utilizes an open-source model. This allows ISACA to collect
feedback from the worldwide community of IT governance and management
professionals. By regularly assessing this feedback, ISACA will identify areas where
the methodology can be improved, such as incorporating new best practices or
integrating new technology. As a result, COBIT 2019 users will have an edge in
adapting to new opportunities in the future.
Finally, COBIT 2019 also lists several ‘enhancing activities’. These are suggested by
ISACA to help practitioners enhance their implementation of COBIT. For example,
when first adopting COBIT, managers and stakeholders may want to consider
investing in COBIT online training.
22
nformation Technology (IT) has evolved far beyond being a mere tool for businesses
to make use of; these days, it forms the very foundations of most, if not all,
successful corporations, regardless of their industry, age or size. Failing to fully
optimize IT capabilities can leave a business static in an ever-changing and dynamic
landscape, making it highly vulnerable to competitors.
Indeed, the ‘governance’ of IT will usually branch out into virtually every aspect of an
organization, including the provision of customer services, the processes which
generate end products and even change management. This, of course, begs the
question: in a growing business with a web of activities, how does one not only keep
track of IT operations, but also make sure that they are optimized and refined?
COBIT is a leading framework for the governance and management of enterprise IT.
Created by the non-profit ISACA, COBIT was built by experts to suit the requirements
of both business executives and IT professionals. It combines enterprise governance
and management techniques, providing principles, practices, models and analytical
tools to help users consistently increase the value of, and trust in, their IT systems.
Part of COBIT’s success comes from the fact that it has been consistently updated to
meet the ever-changing needs of IT governance. For example, the latest version,
COBIT 5, is better able to integrate with other popular frameworks, standards and
resources, including VAL IT, Risk IT and ITIL.
23
2323
It's the leading framework for the governance and management of
enterprise IT.
It helps enterprises of all sizes:
§ Maintain high-quality information to support business decisions
§ Achieve strategic goals through the effective and innovative use of IT
§ Achieve operational excellence through reliable, efficient application of
technology
§ Maintain IT-related risk at an acceptable level
§ Optimize the cost of IT services and technology
§ Support compliance with relevant laws, regulations, contractual
agreements and policies
What is COBIT 5
So, what exactly does COBIT 5 do in a nutshell? It enables organizations to balance
resource usage, risk optimization and realizing benefits, helping them to improve
business outcomes and ensure that their IT systems are supporting them as much as
possible.
This kind of flexibility can also help organizations to:
• Adapt to user demands
• Conform to industry regulations and compliance initiatives
• Manage risks and security
• Maximize the value of intellectual property
• Make sure IT is capable of supporting major changes
As you can probably tell by now, enterprise IT is an enormous subject. Very few tools
cover it in such depth as COBIT 5, making it an excellent investment for any
organization serious about optimizing its use of IT.
How Does COBIT 5 Work?
To start off, it is worth getting a key piece of information out of the way: COBIT 5 is
not a cheat sheet, but a generic tool. That is not to say that it is not unique or
comprehensive; rather, the tools and practices offered by COBIT 5 are flexible
enough to be used by enterprises regardless of their size or immediate goals. At the
same time, there is a lot to learn, and not all of COBIT 5’s methodology will be
relevant for everyone.
The COBIT 5 framework itself consists of a process reference model, a series of
governance and management practices, a common language and a set of enabler
tools to support organizational governance. Combined, each of these features
guides those making decisions on how to best utilize information to meet corporate
objectives.
• Process model - This helps organizations to understand the nature of activities
which relate to IT, as well as how to organize them in such a way that means they
can be reliably performed. The model also defines strategies and processes for
the benefit of corporate stakeholders, making it clear what they should do, how
they are organized and who should be involved.
• Practices - COBIT provides guidance on how each process should be performed,
without having to go into too much technical detail. Rather, it simply outlines
what needs to be done in order to make sure that each process works to an
appropriate level.
• Common language - Any decent framework will offer a specific set of terms
which practitioners can use to communicate with one another. In the case of
COBIT, its terminology helps business executives to discuss IT-related goals,
objectives and results with complete clarity, even if they are not fully IT-literate.
• Enabler tools - While all of the above sounds nice in theory, COBIT will not do you
much good if you do not check to make sure that it is being applied correctly in
practice! The framework’s ‘capability maturity techniques’ help users to check
whether their processes are working at the required level for each given situation.
They also enable practitioners to set clear objectives for IT, then monitor the
progress towards them via simple metrics.
23
The style used by COBIT 5 for governing and managing IT is based on five ‘principles’:
1. Meeting stakeholder needs
2. Covering user enterprises from end to end
3. Applying a single integrated framework
4. Enabling a holistic approach
5. Separating governance from management
Combined, these principles enable organizations to build completely holistic
frameworks. These frameworks, in turn, will be based on seven ‘enablers’.
§ People, policies and frameworks
§ Processes
§ Organizational structures
§ Culture, ethics and behavior
§ Information
§ Services, infrastructure and applications
§ People, skills and competencies
This may sound like a lot, but that only goes to show just how broad a subject you
are dealing with!
Finally, COBIT 5 is able to integrate with a number of compatible best-practice
frameworks and standards, including ITIL, ISO 20,000 and ISO 27,001. It can be
highly useful to take an integrated approach when implementing an IT governance
framework. For example, you may choose to pick segments from different
frameworks in order to create a system which best meets the unique needs of your
organization.
Remember, it should be a strong prerogative of organizations to ensure that IT assets
support business goals. Without enough perspective, fluidity and control, an
organization may not be fully optimized or compliant in its actions - and it may not
even realize it!
23
24
COBIT is a set of practices for top management to understand
how they should approach their enterprise IT.
And ITIL is a roadmap of exactly what should be done to
organize IT employees' daily processes
25
25
ISO 20000
says what you
need to do,
while
ITIL tells you
how to do it.
26
2626
ISO 20000
ISO 20000 is the international standard for IT Service Management (ITSM), published by ISO (the
International Organization for Standardization), and ICE (the International Electoral Commission).
To become an international standard, ISO 20000 had to be agreed upon by a majority of member
countries, which means it is accepted by a majority of countries worldwide.
The standard describes a set of management processes designed to help you deliver more effective
IT services (both to those within your business and to your customers). ISO 20000 gives you the
methodology and the framework to help you manage your ITSM, while allowing you to prove your
company follows best practice. With the requirements of the standard you will achieve best
practice, helping to improve your delivery of IT services. And ISO 20000 is applicable to any
company size and any industry.
ISO 20000 helps organizations benchmark how they deliver managed services, measure service
levels and assess their performance. It is broadly aligned with, and draws strongly on, ITIL®.
27
27
ISO20000 is IT Service
Management System Standard
that specifies ISO2000
certification requirements for
the service provider to plan,
establish and maintain ISO
20000 controls for an effective
Service Management System
within an organization.
28
28
ITIL provides advice on best
practices in IT service management,
including options that may be
adopted and adapted by
organisations according to business
need, local circumstances and the
maturity of the service provider.
ISO 20000 sets the standards that
service management processes
should aim for.
29
The Business Process Framework (eTOM) is a critical component of the Open Digital
Framework, TM Forum’s blueprint for enabling successful business transformation.
It is a comprehensive, industry-agreed, multi-layered view of the key business
processes required to run an efficient, effective and agile digital enterprise.
All of the Open Digital Framework, including the Business Process Framework, is
created and evolved by industry leaders and practitioners in TM Forum’s member
driven collaboratgion community.
It is a hierarchical catalog of the key business processes required to run a servicefocused
business. At the conceptual level, the framework has three major areas,
reflecting major focuses within typical enterprises:
• Strategy, Infrastructure and Product
• Operations
• Enterprise Management
6 things you can do with the Business Process Framework
1. Create a common language for use across departments, systems, external
30
3030
It is a hierarchical catalog of the key business processes required to run a service-focused business. At the
conceptual level, the framework has three major areas, reflecting major focuses within typical enterprises:
• Strategy, Infrastructure and Product
• Operations
• Enterprise Management
Business Process Framework (eTOM)
The business process framework is an operating model framework for telecom service provider in the telecommunications industry.[1
The model describes the required business processes of service provider, and defines key elements and how they should interact1.
1. Wikipedia
2. TM Forum
The Business Process Framework is a reference framework or model for categorizing all the
business activities that a service provider will use. It is intended to deliver reusable process
elements to enable the construction of best practice or implementation of specific process
flows for a wide variety of purposes.2
partners and suppliers, reducing cost and risk of system implementation,
integration and procurement.
2. Adopt a standard structure, terminology and classification scheme for business
processes to simplify internal operations and maximize opportunities to partner
within and across industries.
3. Apply disciplined and consistent business process development enterprise-wide,
allowing for cross-organizational reuse.
4. Understand, design, develop and manage IT applications in terms of business
process requirements so applications will better meet business needs.
5. Create consistent and high-quality end-to-end process flows, eliminating gaps
and duplications in process flows.
6. Identify opportunities for cost and performance improvement through re-use of
existing processes and systems.
30
31
3131
ICT Enterprises can leverage the past experience of the IT service and
telecommunications industry in the operations space by simultaneously adopting
two of most successful approaches, ITIL and the Business Process Framework
(eTOM).
ITIL encompasses a set of “good practices” that are widely recognized and applied,
and shows how these can be orchestrated in a service management lifecycle. TM
Forum’s Business Process (eTOM) and Information (SID) Frameworks deliver a
reusable, agreed, and widely adopted service-oriented architecture, with processes
that can be linked directly with ITIL’s good practices.
32
32
Business Process Framework (eTOM)
Relationship to ITIL
TM Forum’s Business Process (eTOM) and Information (SID) Frameworks deliver a reusable, agreed, and widely adopted
service-oriented architecture, with processes that can be linked directly with ITIL’s good practices.
The MOF process model enables companies to:
• Facilitate consistent IT service management across service solutions.
• Establish a structure for IT functions, processes, and procedures.
• Represent a life-cycle approach.
Central to the MOF process model is its division into four quadrants of operational
processes and procedures, named service management functions (SMFs). The SMFs
are the foundation-level best practices and prescriptive guidance for operating and
maintaining an IT environment.
Changing Quadrant
The changing quadrant includes the service management functions (SMFs) required
to identify, review, approve, and incorporate change into a managed IT environment.
This includes changes in software, hardware, documentation, roles and
responsibilities, and also specific process and procedural changes.
Change Management
Change management is responsible for changes in technology, systems, applications,
hardware, tools, documentation, and processes, and also changes in roles and
33
33
The Microsoft Operations Framework (MOF) provides
guidance that enables organizations to achieve missioncritical
system reliability, availability, supportability, and
manageability of Microsoft products and technologies.
MOF provides operational guidance in the form of white
papers, operations guides, assessment tools, best
practices, case studies, templates, support tools, and
services. This guidance addresses the people, process,
technology, and management issues pertaining to
complex, distributed, and heterogeneous IT
environments.
Microsoft Operations Framework - MOF
responsibilities.
During the change management process, as part of designing your BizTalk Server
implementation, you can do the following:
• Determine whether the service level agreement with your partners or customers
requires a certain level of availability, uptime, and load-processing capabilities.
• Determine the best cluster configuration for the BizTalk Server databases for your
business needs. The run-time processes write to the BizTalk Management
database, MessageBox databases, Tracking Analysis Services database, BAM
Analysis database, BAM Star Schema database, BAM Primary Import database,
and BAM Archive database. Therefore, these databases are especially important if
a disaster occurs, and must have greater priority when determining what
databases to cluster. Only users or tools write to the other databases. For the
MessageBox databases, you can consider an active/active/active/passive fourserver
cluster to minimize the hardware needed.
• Determine whether to cluster the master secret server, or if manually restoring
the master secret on another Enterprise Single Sign-On server is satisfactory for
your scenario. This solution is available, but not highly available.
• Determine the number of hosts and host instances that you will need to process
your expected message load and to provide high availability.
• Create a list of the people that will be involved in the change-management
process. This list will include, but is not limited to, the domain administrator,
database administrator, infrastructure administrator, BizTalk Server administrator,
and IT operations staff.
Configuration Management
Configuration management is responsible for identifying, controlling, and tracking all
versions of software, hardware, documentation, processes, procedures, and all
other components of the IT environment under the control of change management.
During the configuration management process, you must create a detailed plan for
how you are going to implement your highly available solution for BizTalk Server. You
must also document the steps that you took to create your solution. At a high level,
the steps are:
• The domain controller creates the domain groups and accounts that you will use
in your BizTalk Server environment.
• The infrastructure administrator creates the Windows cluster for the BizTalk
Server databases and the Windows cluster for the master secret server.
• The database administrator installs and configures Microsoft SQL Server on the
Windows cluster for the BizTalk Server databases.
• The BizTalk Server administrator configures the master secret server cluster.
• The BizTalk Server administrator installs and configures BizTalk Server on the
processing, receiving, and sending servers.
• The BizTalk Server administrator creates the hosts and installs the host instances
on the appropriate servers to provide high availability or to increase capacity, or
both.
33
Operating Quadrant
The operating quadrant includes the SMFs required to monitor, control, manage, and
administer service solutions daily to achieve and maintain service levels within
predetermined parameters.
Job Scheduling
Job scheduling involves the continuous organization of jobs and processes in
the most efficient sequence, maximizing system throughput and use to meet
service level agreement requirements.
Make sure that you schedule planned downtime, such as scheduled updates,
at times when the message load is low (for example, late at night) to
minimize the potential effect on your business.
Supporting Quadrant
The supporting quadrant includes the SMFs required to identify, assign, diagnose,
track, and resolve incidents, problems, and requests within the approved
requirements that are contained in the service level agreements.
Optimizing Quadrant
The optimizing quadrant includes the SMFs that contribute to maintaining business
and IT alignment by focusing on decreasing IT costs while maintaining or improving
service levels. This includes review of outages and incidents, examination of cost
structures, staff assessments, availability and performance analysis, and capacity
forecasting.
Service Level Management
The goal of service level management is to maintain and continuously
improve the quality of IT service, through a constant cycle of negotiating and
monitoring service level requirements. The successful service level
management function causes an improvement in quality of service, greater
levels of customer productivity, and ideally, a reduction in the overall cost of
services provided.
During the service level management process, you can do the following:
Evaluate how the current environment satisfies your service level agreement
requirements.
Recommend the addition of new servers for processing, receiving, or sending
messages to meet the requirements.
If necessary, recommend creating highly available solutions for points of
failure that were not originally mitigated to meet the availability
requirements in the service level agreement.
Availability Management
The single goal of availability management is to make sure that your
customers can use a particular IT service whenever they want.
For the availability management process, you can establish mechanisms for
notifying IT personnel when a hardware failure occurs so that they can fix or
replace the hardware as quickly as possible, and mechanisms for notifying IT
33
personnel when the server load is larger than a particular threshold.
Service Continuity Management
The objective of the service continuity management function is to make sure
that a specified IT service provides value to the customer if regularavailability
solutions fail.
During the service continuity function you must examine what highavailability
configuration to implement to make sure that you continue
providing your customers with the services they expect even when a planned
or unplanned downtime occurs. Examples of unplanned downtime are
hardware failures or acts of nature.
33
34
3434
Microsoft Operations Framework (MOF)
• MOF is an alternative framework to the Information Technology
Infrastructure Library (ITIL). Like ITIL, MOF includes guidelines for the entire
lifecycle of an IT service, from concept to retirement or replacement.
• MOF encompasses three phases and a foundation layer of the IT service
lifecycle:
• The plan phase ensures alignment with business and IT objectives, policy
compliance, financial management and reliability.
• The deliver phase covers envisioning, planning, building, stabilizing and deploying
the service.
• The operate phase keeps operations, service monitoring and control service,
customer service and problem management in line with service level agreement
(SLA) goals.
• The manage layer helps IT professionals manage governance, risk, and
compliance (GRC); change and configuration; and team service.
35
3535
Six Sigma is an effective and
adaptable measurement-based
improvement methodology which can
be used for delivering quality IT
services. The main aim of Six Sigma is
to reduce variation in processes by
offering a structure by which
organizations can constantly improve
routine IT processes and eliminate
defects, waste and cost, thereby
increasing service quality and
customer satisfaction.
Six Sigma is a quality program that, when all is
said and done, improves your customer’s
experience, lowers your costs, and builds better
leaders. — Jack Welch
Six Sigma
The Plan-do-check-act Procedure
1.Plan: Recognize an opportunity and plan a change.
2.Do: Test the change. Carry out a small-scale study.
3.Check: Review the test, analyze the results, and identify what you’ve learned.
4.Act: Take action based on what you learned in the study step. If the change did not
work, go through the cycle again with a different plan. If you were successful,
incorporate what you learned from the test into wider changes. Use what you
learned to plan new improvements, beginning the cycle again.
36
3636
Six Sigma e.g. compliments ITIL CSI with Deming’s PDCA cycle
37
3737
Whilst using both models can benefit businesses, Six Sigma and ITIL aren’t generally used together, but
rather in combination as a complimentary set of practices that can improve businesses from a number of
angles.
Six Sigma is a methodology based on formulas, calculations and the analysis of business processes in
order to improve them. Whilst Six Sigma focuses on the ‘how’ of improving processes, ITIL is more
concerned with the theory and guidelines put in place to determine the ‘what’ of the processes.
By utilizing ITIL methods, a business can determine what needs to be done in order to improve processes
and areas. Six Sigma on the other hand, can help a business work out what the cause of an issue is or
where a fault in a process lies and then ascertain how this can be fixed. However, as Six Sigma relies on
statistical analysis, it is best practice to sample process improvements on a small trial basis to ascertain
whether the benefits are scalable.
6 sigma and ITIL
Will be explained and discussed in last session
SIAM is an adaptation of ITIL that focuses on managing the delivery of services
provided by multiple suppliers.
SIAM is not a process. SIAM is a service capability and set of practices in a model and
approach that build on, elaborate, and complement every part of the ITIL practices.
Effective SIAM seeks to combine the benefits of best-of-breed based multi-sourcing
of services with the simplicity of single sourcing, minimising the risks inherent in
multi-sourced approaches and masking the supply chain complexity from the
consumers of the services. SIAM assists in the situation where policy and execution
can no longer be defined absolutely by a single authority, supporting the
development of supply chains into supply networks.
The primary focus of SIAM is on providing the necessary consistent governance,
assurance, and management of these multiple suppliers and services, whether these
suppliers are external, internal, or a combination of. It includes approaches for
supplier co-ordination, integration, collaboration, interoperability and delivery. This
creates an environment where all parties know their role, responsibilities, context
38
38
SIAM – Service Integration and Management is a new concept, based on an old
one – i.e. the need to co-ordinate and manage a number of IT suppliers in a
single ‘supply chain’. The ‘new’ element is the idea that multiple outsourced
suppliers need to be managed by one (SIAM) management layer, so that a single
service view is managed and delivered across the supply chain. This uses ITSM
concepts in a more commercially focused way and is gaining credence and
adoption.
SIAM
and are empowered to deliver – and are then also held accountable for the
outcomes.
Businesses that use or wish to use multiple suppliers to deliver integrated services
can benefit from a re-interpretation and re-focusing of core ITIL principles, methods
and techniques, adapting and augmenting them as the basis for effective SIAM. This
provides a different perspective from the situation where the majority of services
are provided from within the same organisation, and brings out ITIL's ‘multi-tenant’
capabilities.
The need for a specific SIAM approach is exacerbated by the increasing complexity
and diversity of the IT value network, supply chain, and service provider
characteristics. An example is where the overall service delivered to users is
dependent on underpinning services that are a mix of utility/commodity services
and value-added services provided by a number of different suppliers.
38
The aim of SIAM is to provide a single point of visibility and control for the service
management and delivery of all services provided by suppliers, by:
●●Taking end-to-end accountability for the performance and delivery of IT services
to the users, irrespective of the number and nature of suppliers
●●Co-ordinating delivery, integration, and interoperability across multiple services
and suppliers
●●Assuring suppliers performance
●●Ensuring that the services effectively and efficiently meet the business need
●●Providing the necessary governance over suppliers on behalf of the business.
SIAM can be provided from within the business organisation, outsourced to an
external provider, or using a combination. Effective SIAM is dependent on the
co-operation and involvement of the suppliers and the business. SIAM cannot be
imposed. Because a SIAM model includes all of these parties, moving to a SIAM
approach will involve changes to their ways of working.Many of the ITIL principles,
39
39
Internal
Service
Consumer A
Internal
Service
Consumer B
External
Service
Consumer C
SIAM
Service Integration and
Management
Service A
provided by
Internal
Supplier 1
Service B,C
provided by
external
Supplier 2
Service D,E
provided by
external
Supplier 3
SIAM
Key Concept
© Copyright : Axelos
methods and techniques can be, and have been, applied to non-IT service
landscapes.
39
40
ITIL
What shall we
talk about
next?