1. business and industrial
2. business operations
3. management
4. business process

Information Technology
Infrastructure Library
(ITIL)
History, Concepts and Alignment to CobiT and ISO 20000
Objectives:
1. Learn about the history of ITIL
2. Understand ITIL’s key objectives
3. Discover all components of the ITIL Framework
4. Visit each of the core 10 ITIL SM Processes
5. Learn the importance of process interaction
6. Understand the ISO 20000 & alignment to ITIL
7. Understand the alignment to CobiT Framework
8. Learn about the future of ITIL
WHAT IS ITIL?
Framework for Best Practices in
IT Service Management
ITIL Objectives
Three Key Objectives of IT Service Management:
1. Align IT Services with the Current and Future
Needs of the Business and its Customers
2. Improve Quality of IT Services
3. Reduce Long-Term Costs of IT Service
Provision
The Deming Cycle
The Deming Cycle
The ITIL Library
Planning to Implement Service Management
The Business
Perspective
Security
Management
Service
Delivery
Applications Management
Software Asset Management
Source: OGC
ICT
Infrastructure
Management
The Technology
The Business
Service
Support
ITSM Components
Service Level
Management
Availability
Management
Continuity
Management
security
IT Service
Release
Management
Capacity
Management
Financial
Management
IT
Infrastructure
for IT services
Incident
Management
Change
Management
Configuration
Management
Problem Management
• Service Support
– The Service Desk
– Incident Management
– Problem Management
– Configuration Management
– Release Management
– Change Management
• Service Delivery
– Service Level Management
– Availability Management
– IT Service Continuity Management
– Capacity Management
– Financial Management for IT Services
The Service Desk
The Service Desk
Goals
To
act as the single point of contact between the User and IT
Service Management and track status of all customer interactions
To
handle Incidents and requests, and provide an interface for other
activities such as Change, Problem, Configuration, Release, Service
Level, and IT Service Continuity Management
Inputs to the Service Desk
Information
The Service Desk
Why a Service Desk?
Essentials
• The Service Desk is more than just a Help Desk
• The first and single point of contact
• High quality support to meet business goals
• Help identify costs of IT services
• Proactive support and communication of changes
• Increase user perception and satisfaction
• Identification of business opportunities
• Identification of Training Opportunities
The Service Desk
Responsibilities
The Service Desk
Activities
• Receive and record all calls from users
• Provide first-line support (using knowledge resources)
• Refer to second-line support where necessary
• Monitoring and escalation of incidents
• Keep users informed on status and progress
• Provide interface between ITSM disciplines
• Produce measurements and metrics
Incident Management
Incident Management
Goals
To restore normal service operation as quickly as possible with
minimum disruption to the business, thus ensuring that the
best achievable levels of availability and service are
maintained
Incident definition
Any event which is not part of the standard operation of a
service and which causes, or may cause, an interruption to, or
a reduction in, the quality of that service
Work-around definition
A method of avoiding an Incident or Problem either by
employing a temporary fix or technique so the user is no
longer reliant on a Configuration Item (CI) that is known to
cause failure
Incident Management
The Incident Life Cycle – the monitoring and
tracking of Incidents
Activities
Including Impact and Urgency
selection
Yes
No
Note. This is not Problem Closure
Categorization
Incident Management
Activities
•Service affected (and possibly by association the
affected SLA)
•User perception of failure in terms of the User’s
inability to do something
–Batch job output has not been received
–I can’t print, connect to a server or access an
application
•Category and details of CI thought to be at fault
•Category and details of CI eventually found to be
at fault
•The fault in the CI, the quick fix and the action
taken, etc.
Impact, Urgency & Priority
Incident Management
Definitions
Impact
Urgency
Priority
A measure of the business criticality of an
incident or problem (e.g. numbers
affected, magnitude)
A measure of the speed with which an
incident or problem requires resolution
(i.e. how much delay will the resolution
bear)
The order in which an incident or
problem needs to be resolved, based on
impact and urgency
Incident Management
Illustrative Example
Payroll Application: System run once per month to run payroll
Failure of payroll
server
Impact
Urgency
Priority
High: will effect all
employees
Low : Payroll not run
for 3 weeks
Low (at the
moment)
High: will effect all
employees
High : Fix needed
before 06:00
tomorrow morning
High
(first week in month)
Failure in payroll
server (last week of
month)
Bank Teller Application: System used by cashiers in bank to transact
on accounts
Impact
Urgency
Priority
One Branch teller
application
performing poorly
Medium : one branch
out of 150
High : Queues
beginning to form
High
Router Interface down
Low : Cashiers and
customers not
impacted due to
redundancy in
network
Med : Router needs to
be re-booted to
restore network
redundancy
Med
Incident Management
Escalation
Definitions
Hierarchical escalation would typically include authorization,
resources and/or cost
Hierarchical (authority)
Functional (competence)
Functional escalation might include specialist groups e.g. Unix Group
Functional Escalation
Incident Management
Activities
The use of support
teams is important
in efficient incident
resolution.
• First line support
deals with the
communication to
the user, resolution
of known incidents
(e.g. password
resets)…
• …allowing the
second and
subsequent levels
to focus on
resolving assigned
incidents.
Problem Management
Problem Management
Goals
To minimize the adverse effect on the business of Incidents and
Problems caused by errors in the infrastructure, and to
proactively prevent the occurrence of Incidents, Problems and
Errors.
Problem definition
Unknown cause of one or more incidents
Known Error definition
An Incident or Problem for which the root cause is
known and for which a temporary work around or
permanent alternative has been identified
Problem Flow
Problem Management
Information
Incidents
Service Desk
Problem
Known Error
Change Process
Configueration Management
Configuration Management
Goals

Enabling control of the infrastructure by monitoring and maintaining
information on:
Configuration
CI
status and history
CI
relationships
Valuable

Items (CI) needed to deliver services
CIs (monetary or service)
Providing information on the IT infrastructure to all other processes and to
IT Management
Configueration Management
Configuration Management
Definitions
• Configuration Item (CI) – a component of an IT infrastructure
which is (or is to be) under the control of Configuration
Management and therefore subject to formal change control
• Configuration Management Database (CMDB) – a database
which contains details of the attributes and history of each CI and
the relationships between CIs
• Baseline – a snapshot of the state of a CI and its components or
related CIs, frozen in time for a particular purpose, such as:
– The ability to return a service to a trusted state if a change goes
wrong
– A specification for copying the CI or for a roll-out
– The minimum CIs needed to maintain vital Business Functions
after a disaster
Configueration Management
Major CI Types
Definitions
Documentation
People
Users, Customers,
Who, Where, What
Skills, Characteristics,
Experience, Roles
Hardware
Computers, Computer
components, Network
components & cables
(LAN, WAN),
Telephones, Switches
Designs; Reports;
Agreements; Contracts;
Procedures; Plans; Process
Descriptions; Minutes;
Records; Events (Incident,
Problems, Change Records);
Proposals; Quotations
What, Where,
Most Important
Services
Desktop Support,
E-mail, Service Desk,
Payroll, Finance,
Production Support
Data Files
Environment
Accommodation; Light,
Heat, Power; Utility
Services (Electricity,
Gas, Water, Oil); Office
Equipment; Furniture;
Plant & Machinery
Software
Network Mgmt Systems;
In-house applications; O/S;
Utilities (scheduling, B/R);
Packages; Office systems;
Web Management
Configueration Management
CI Relationships and Attributes
Activities
Desktop Device #1
Desktop Device #2
Cable #1
Ethernet
Cable #2
Cable #3
Disk #1
Printer #1
Power
Server
Disk #2
Relationships
System Software
Is connected to
Is a copy of
Is part of
Printer #2
Application A
Application B
Attributes
Owner, status,
location, serial #,
version, supplier, etc.
Change Management
Change Management
Goals
Process of controlling changes to the infrastructure or any
other aspect of services, in a controlled manner, enabling
approved changes with minimum disruption.

Change Management ensures that standardized methods and
procedures are used for the efficient and prompt handling of all
Changes, in order to minimize the adverse impact of any
Change-related incidents upon service quality.

Changes can arise as a result of Problems, Known Errors and their
resolution, but many Changes can come from proactively seeking
business benefits such as reducing costs or improving services
Change Management
Change Management
Definitions
•Change – a deliberate action that alters the
form, fit or function of Configuration Item (CI)
such as an addition, modification, movement, or
deletion that impacts the IT infrastructure
•Request for Change (RFC) – a means of
proposing a change to any component of an IT
infrastructure or any aspect of an IT service
•Forward Schedule of Change (FSC) – a
schedule that contains details of all the changes
approved for implementation and their proposed
implementation date
Change Management
Change Management
Definitions
•Standard Change – a Change that is recurrent,
has been proceduralized to follow a pre-defined,
relatively risk free path and where Change
Management and budgetary authority is
effectively give in advance
•Service Request – a request, usually made
through a Service Desk, for a Standard Change
–Example: providing access to services for a new
member of staff or relocating a few PCs
Release Management
Release Management
Goals
Release Management takes a holistic view of a Change to an
IT service and should ensure that all aspects of a Release, both
technical and non-technical, are considered together
• Good resource planning and management are
essential to package and distribute a Release
successfully.
• The focus of Release Management is the
protection of the live environment and its services
through the use of formal procedures and checks.
Service Support Process Model
Management
Tools & IT
Infrastructure
Incidents
Service
Desk
Incident
Management
Enquiries,
Communications,
Workarounds,
Updates
Changes
Problem
Management
Services
Reports,
Incidents,
Statistics,
Audit Reports
Users /
Customers
Releases
Change
Management
Problem
Statistics,
Trend Analysis,
Problem
Reports,
Problem
Reviews,
Diagnostic
Aids,
Audit Reports
Incidents
Release
Management
Change
Schedule,
CAB Minutes,
Change
Statistics,
Change
Reviews,
Audit Reports
Problems,
Known Errors
Release
Schedule,
Release
Statistics,
Release
Reviews,
Source Library,
Testing
Standards,
Audit Reports
Changes
Configuration
Management
CMDB Reports,
CMDB Statistics,
Policy/Standards,
Audit Reports
Releases
Configuration Management Database
CI Relationships
• Service Support
– The Service Desk
– Incident Management
– Problem Management
– Configuration Management
– Release Management
– Change Management
• Service Delivery
– Service Level Management
– Availability Management
– IT Service Continuity
Management
– Capacity Management
– Financial Management for IT
Services
Service Level Management
Service Level Management
Goals
To maintain and gradually improve business aligned IT service
quality, through a constant cycle of defining, agreeing,
monitoring, reporting and IT service achievements and through
instigating actions to eradicate unacceptable levels of service
Service Level Management manages and
improves the agreed level of service
between two parties
• The provider who may be an internal
service department or the external
organisation that provides an outsourced
service
• The receiver of the servers i.e. the
customer who pays the bill.
Availability Management
Availabtily Management
Goals
To optimise the capability of the IT infrastructure and supporting
organisations to deliver a cost effective and sustained level of
availability that enables the business to satisfy its objectives
IT Service Coninuity Management
IT Service Continuity Management
Goals
To support the overall Business Continuity Management
process by ensuring that the required IT technical services and
facilities can be recovered within required and agreed business
time-scales
Note. IT Service Continuity Management used to be known as Disaster Recovery in the old ITIL books
Capacity Management
Capacity Management
Goals
To understand the future business requirements (the required
service delivery), the organization's operations (the current
delivery), and ensure that all current and future capacity and
aspects of the business requirements are provided cost
effectively
Financial Management
Financial Management For IT Services
Goals
To provide cost-effective stewardship of the IT assets and
financial resources used in Services
Note. Financial Management of IT Services used to be known as Cost Recovery in the old ITIL books
Participants in IT Service Management
Sr. IT
Mgt
Sr.
Mgt
Tactical
Service Level
Management
Customers
Operational
Service Desk
Users
IT
The Business
Strategic
Service
Delivery
Service
Support
ITIL is more than a library of books
Training
•Fundamentals
•Practitioner
•Service Manager
Qualifications:
Certification at each
level
Information Technology Infrastructure Library
Consultancy:
Provision of IT
consulting services to
clients based on a de
facto standard
Tools: ITIL
“compliance” is
driving tools
manufacturers
itSMF: User groups
providing seminars,
conferences, and
workshops
Consistent and predictable results, process
improvement and cost saving top the list of
benefits from implementing defined IT Process
methods
*
* Source: Forrester Research – Stabilizing IT with Process Methodologies – May, 2005
CobiT
•What Is It?
•How Does It Relate To ITIL?
COBIT and ITIL–Process Perspective
Strategic
Process Control
XY
XY
##
##
XY
XY
XY
##
##
##
• Work instruction
•2
•3
• 4,5,6….
• Work instruction
•2
•3
• 4,5,6….
ITIL
Process Execution
Work Instruction
COBIT
• Work instruction
•2
•3
• 4,5,6….
• Work instruction
•2
•3
• 4,5,6….
• Work instruction
•2
•3
• 4,5,6….
CobiT
WHAT
COBIT
Control
HOW
ITIL
Activities
Gartner Advisory on COBIT and ITIL
COBIT
Control
WHAT
ITIL
Activities
HOW
Acquire and Implement
(AI Process Domain)
Plan and
Organise
(PO Process Domain)
Monitor and
Evaluate
(M Process Domain)
Deliver and Support
(DS Process Domain)
Acquire and Implement
Plan and Organise
Define
Strategic
IT Plan
Determine
Define
Information Technological
Direction
Architecture
Define IT
Organisation
and
Relationships
Manage IT
Investment
Manage
Human
Resource
Ensure
Compliance
with External
Standards
Identify
Automated
Solutions
Acquire and
Maintain
Application
Software
Communicate
Aims and
Direction
Manage
Projects
Assess
Risks
Manage
Quality
Obtain
Independent
Assurance
Assess
Internal
Control
Adequacy
Provide
Independent
Audit
Manage
Change
Acquire and
Maintain
Technology
Infrastructure
Develop and
Maintain
IT
Procedures
ITIL
Service Support
Service
Desk
Change
Management
Service Delivery
Incident
Problem
Management Management
Service
Level
Management
Availability
Capacity
Management Management
Release
Management
Financial
Management
Continuity
Management
Monitor and Evaluate
Monitor
the
Process
Install and
Accredit
Systems
Configuration
Management
Deliver and Support
Define and
Manage
Service
Levels
Manage
Third-party
Services
Manage
Performance
and Capacity
Ensure
Continuous
Service
Ensure
System
Security
Identify
and Allocate
Costs
Educate
and
Train Users
Assist and
Advise
IT
Customers
Manage
Configuration
Manage
Problems and
Incidents
Manage
Data
Manage
Facilities
Manage
Operations
Acquire and Implement
Plan and Organise
Define
Strategic
IT Plan
Determine
Define
Information Technological
Direction
Architecture
Define IT
Organisation
and
Relationships
Manage IT
Investment
Manage
Human
Resource
Ensure
Compliance
with External
Standards
Identify
Automated
Solutions
Acquire and
Maintain
Application
Software
Communicate
Aims and
Direction
Manage
Projects
Assess
Risks
Manage
Quality
Obtain
Independent
Assurance
Assess
Internal
Control
Adequacy
Provide
Independent
Audit
Manage
Change
Acquire and
Maintain
Technology
Infrastructure
Develop and
Maintain
IT
Procedures
ITIL
Service Support
Service
Desk
Change
Management
Service Delivery
Incident
Problem
Management Management
Service
Level
Management
Availability
Capacity
Management Management
Release
Management
Financial
Management
Continuity
Management
Monitor and Evaluate
Monitor
the
Process
Install and
Accredit
Systems
Configuration
Management
Deliver and Support
Define and
Manage
Service
Levels
Manage
Third-party
Services
Manage
Performance
and Capacity
Ensure
Continuous
Service
Ensure
System
Security
Identify
and Allocate
Costs
Educate
and
Train Users
Assist and
Advise
IT
Customers
Manage
Configuration
Manage
Problems and
Incidents
Manage
Data
Manage
Facilities
Manage
Operations
Acquire and Implement
Plan and Organise
Define
Strategic
IT Plan
Determine
Define
Information Technological
Direction
Architecture
Define IT
Organisation
and
Relationships
Manage IT
Investment
Manage
Human
Resource
Ensure
Compliance
with External
Standards
Identify
Automated
Solutions
Acquire and
Maintain
Application
Software
Communicate
Aims and
Direction
Manage
Projects
Assess
Risks
Manage
Quality
Obtain
Independent
Assurance
Assess
Internal
Control
Adequacy
Provide
Independent
Audit
Manage
Change
Acquire and
Maintain
Technology
Infrastructure
Develop and
Maintain
IT
Procedures
ITIL
Service Support
Service
Desk
Change
Management
Service Delivery
Incident
Problem
Management Management
Service
Level
Management
Availability
Capacity
Management Management
Release
Management
Financial
Management
Continuity
Management
Monitor and Evaluate
Monitor
the
Process
Install and
Accredit
Systems
Configuration
Management
Deliver and Support
Define and
Manage
Service
Levels
Manage
Third-party
Services
Manage
Performance
and Capacity
Ensure
Continuous
Service
Ensure
System
Security
Identify
and Allocate
Costs
Educate
and
Train Users
Assist and
Advise
IT
Customers
Manage
Configuration
Manage
Problems and
Incidents
Manage
Data
Manage
Facilities
Manage
Operations
Acquire and Implement
Plan and Organise
Define
Strategic
IT Plan
Determine
Define
Information Technological
Direction
Architecture
Define IT
Organisation
and
Relationships
Manage IT
Investment
Manage
Human
Resource
Ensure
Compliance
with External
Standards
Identify
Automated
Solutions
Acquire and
Maintain
Application
Software
Communicate
Aims and
Direction
Manage
Projects
Assess
Risks
Manage
Quality
Obtain
Independent
Assurance
Assess
Internal
Control
Adequacy
Provide
Independent
Audit
Manage
Change
Acquire and
Maintain
Technology
Infrastructure
Develop and
Maintain
IT
Procedures
ITIL
Service Support
Service
Desk
Change
Management
Service Delivery
Incident
Problem
Management Management
Service
Level
Management
Availability
Capacity
Management Management
Release
Management
Financial
Management
Continuity
Management
Monitor and Evaluate
Monitor
the
Process
Install and
Accredit
Systems
Configuration
Management
Deliver and Support
Define and
Manage
Service
Levels
Manage
Third-party
Services
Manage
Performance
and Capacity
Ensure
Continuous
Service
Ensure
System
Security
Identify
and Allocate
Costs
Educate
and
Train Users
Assist and
Advise
IT
Customers
Manage
Configuration
Manage
Problems and
Incidents
Manage
Data
Manage
Facilities
Manage
Operations
ISO 20000
•What Is It?
•How Does It Relate To ITIL?
ISO 20000: Basic Concepts
• Quality standard for IT Service Management
Formal specification defined requirements for an organization
to deliver managed services to acceptable quality to customers
• BS 15000 fast-tracked to become IS0 20000
• ITIL forms the basis of the standard
• Standard = a list of criteria that needs to be met
The standard versus the framework
• Standard = audit & certify against. Makes ITIL alive
• Framework = best practice that the standard is based on
ISO 20000
Capacity
Management
SERVICE DELIVERY
Service Level Management
Service Reporting
Availability and
The Business
Service
Perspective
CONTROL
Continuity
Configuration Management
RELEASE
Release
Management
Change Management
RESOLUTION
Incident Management
Problem Management
Source: itSMF International
Information
Security
Management
Budgeting and
ICT
Accounting for
Infrastructure
IT Services
Management
RELATIONSHIP
Business Relationship
Management
Supplier Relationship
Management
Example: Change Management
Specifications: Objective + Requirements
Objective:
To ensure all changes are assessed, approved, implemented and
reviewed in a controlled manner
Requirement examples:
• All requests for change shall be recorded and classified, e.g.
urgent, emergency, major, minor
• Requests for changes shall be assessed for their risk, impact
and business benefit
• All changes shall be reviewed for success and any actions
taken after implementation
Example: Change Management
Code of Practice: Objective + Detailed Best Practices
Objective (Sub-process: 8.2.2): Closing and reviewing the
change request
Detailed Best Practice:
• All changes should be reviewed for success or failure after
implementation and any improvements recorded
• A post-implementation review should be undertaken for major
changes to check that:
– a) the change met its objectives;
– b) the customers are happy with the results;
– c) there have been no unexpected side effects
• Any nonconformity should be recorded and actioned
• Any weaknesses or deficiencies identified in a review of the
change control process should be fed in to service
improvement plans
ITIL Future – from this….
… to this: ITIL V.3
Planning to Implement Service Management
Service
Strategy
Design
The Business
The Business
Perspective
Service
Service
Service
Operation
Transition
Support
LIFECYCLESecurity
PERSPECTIVE
Management
Service
Pocket Guides
Delivery
Continuous
Service
Improvmt
ICT
Infrastructure
Management
Case Studies
ITIL Practice Working Templates
Applications Management
Governance Methods
Certification-based Study Aids
Software Asset
Executive Introduction
to ITManagement
Service Management
The Technology
Service
Various non-proprietary frameworks and methods exist to help
IT organizations become more process centric and improve the
quality of the services delivered
What is it?
Focus
IT Specific
How it fits
ITIL
CMM
CobiT
Six Sigma
ISO 2000
The IT Infrastructure
Library is a
customizable
framework
of best practises that
promote quality IT
service, build on a
process-model view
of controlling and
managing operations.
ITIL was originally
developed by the UK
government and has
since matured into
an internationally
recognized standard.
The Capability Maturity
Model is a method
of evaluating and
measuring the
maturity of the
software development
process. Recent
revisions (CMMI)
provide guidance for
improving organization
process and manage
the development,
acquisition and
maintenance of
products and service
Control OBjectives
for Information and
related Technology
is a framework for
information security
and provides
generally accepted
IT control objectives
to assist in developing
appropriate IT
governance and
control
A data driven quality
management program
to control variations
and thereby achieve
high levels of quality.
A standard concerned
primarily with the
quality of IT Service
Management. It
provides the basis to
fulfill customer
requirements,
regulatory
requirements, enhance
customer satisfaction,
and pursue continual
improvement
IT Operations – IT
Service Management
Development
Governance and
Control
Process Improvement
Processes Consistency
Yes
Yes
Yes
No
Yes
Define and implement
processes
Determine extent of
process maturity
Provide process
controls
Improve processes
Certify processes are
being followed
Frameworks and Methodologies
ISO20000
CobiT
SIX SIGMA
CMMi
Governance
ITIL
Business
Process
Models
In summary:
ITIL is:
• The international de-facto Best Practice for IT Service
Management
• Process Approach to improving Quality, Efficiency and
Effectiveness
• Service focused IT management, viewed from the
perspective of IT customers and users
• Evolving, vendor-neutral, non-proprietary framework
• CobiT complementary, Certifiable through ISO20000
• DEFINED COMMON SENSE