Information Technology Infrastructure Library (ITIL)
Information Technology Infrastructure Library (ITIL) History, Concepts and Alignment to CobiT and ISO 20000 Objectives: 1. Learn about the history of ITIL 2. Understand ITIL’s key objectives 3. Discover all components of the ITIL Framework 4. Visit each of the core 10 ITIL SM Processes 5. Learn the importance of process interaction 6. Understand the ISO 20000 & alignment to ITIL 7. Understand the alignment to CobiT Framework 8. Learn about the future of ITIL WHAT IS ITIL? Framework for Best Practices in IT Service Management ITIL Objectives Three Key Objectives of IT Service Management: 1. Align IT Services with the Current and Future Needs of the Business and its Customers 2. Improve Quality of IT Services 3. Reduce Long-Term Costs of IT Service Provision The Deming Cycle The Deming Cycle The ITIL Library Planning to Implement Service Management The Business Perspective Security Management Service Delivery Applications Management Software Asset Management Source: OGC ICT Infrastructure Management The Technology The Business Service Support ITSM Components Service Level Management Availability Management Continuity Management security IT Service Release Management Capacity Management Financial Management IT Infrastructure for IT services Incident Management Change Management Configuration Management Problem Management • Service Support – The Service Desk – Incident Management – Problem Management – Configuration Management – Release Management – Change Management • Service Delivery – Service Level Management – Availability Management – IT Service Continuity Management – Capacity Management – Financial Management for IT Services The Service Desk The Service Desk Goals To act as the single point of contact between the User and IT Service Management and track status of all customer interactions To handle Incidents and requests, and provide an interface for other activities such as Change, Problem, Configuration, Release, Service Level, and IT Service Continuity Management Inputs to the Service Desk Information The Service Desk Why a Service Desk? Essentials • The Service Desk is more than just a Help Desk • The first and single point of contact • High quality support to meet business goals • Help identify costs of IT services • Proactive support and communication of changes • Increase user perception and satisfaction • Identification of business opportunities • Identification of Training Opportunities The Service Desk Responsibilities The Service Desk Activities • Receive and record all calls from users • Provide first-line support (using knowledge resources) • Refer to second-line support where necessary • Monitoring and escalation of incidents • Keep users informed on status and progress • Provide interface between ITSM disciplines • Produce measurements and metrics Incident Management Incident Management Goals To restore normal service operation as quickly as possible with minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained Incident definition Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of that service Work-around definition A method of avoiding an Incident or Problem either by employing a temporary fix or technique so the user is no longer reliant on a Configuration Item (CI) that is known to cause failure Incident Management The Incident Life Cycle – the monitoring and tracking of Incidents Activities Including Impact and Urgency selection Yes No Note. This is not Problem Closure Categorization Incident Management Activities •Service affected (and possibly by association the affected SLA) •User perception of failure in terms of the User’s inability to do something –Batch job output has not been received –I can’t print, connect to a server or access an application •Category and details of CI thought to be at fault •Category and details of CI eventually found to be at fault •The fault in the CI, the quick fix and the action taken, etc. Impact, Urgency & Priority Incident Management Definitions Impact Urgency Priority A measure of the business criticality of an incident or problem (e.g. numbers affected, magnitude) A measure of the speed with which an incident or problem requires resolution (i.e. how much delay will the resolution bear) The order in which an incident or problem needs to be resolved, based on impact and urgency Incident Management Illustrative Example Payroll Application: System run once per month to run payroll Failure of payroll server Impact Urgency Priority High: will effect all employees Low : Payroll not run for 3 weeks Low (at the moment) High: will effect all employees High : Fix needed before 06:00 tomorrow morning High (first week in month) Failure in payroll server (last week of month) Bank Teller Application: System used by cashiers in bank to transact on accounts Impact Urgency Priority One Branch teller application performing poorly Medium : one branch out of 150 High : Queues beginning to form High Router Interface down Low : Cashiers and customers not impacted due to redundancy in network Med : Router needs to be re-booted to restore network redundancy Med Incident Management Escalation Definitions Hierarchical escalation would typically include authorization, resources and/or cost Hierarchical (authority) Functional (competence) Functional escalation might include specialist groups e.g. Unix Group Functional Escalation Incident Management Activities The use of support teams is important in efficient incident resolution. • First line support deals with the communication to the user, resolution of known incidents (e.g. password resets)… • …allowing the second and subsequent levels to focus on resolving assigned incidents. Problem Management Problem Management Goals To minimize the adverse effect on the business of Incidents and Problems caused by errors in the infrastructure, and to proactively prevent the occurrence of Incidents, Problems and Errors. Problem definition Unknown cause of one or more incidents Known Error definition An Incident or Problem for which the root cause is known and for which a temporary work around or permanent alternative has been identified Problem Flow Problem Management Information Incidents Service Desk Problem Known Error Change Process Configueration Management Configuration Management Goals Enabling control of the infrastructure by monitoring and maintaining information on: Configuration CI status and history CI relationships Valuable Items (CI) needed to deliver services CIs (monetary or service) Providing information on the IT infrastructure to all other processes and to IT Management Configueration Management Configuration Management Definitions • Configuration Item (CI) – a component of an IT infrastructure which is (or is to be) under the control of Configuration Management and therefore subject to formal change control • Configuration Management Database (CMDB) – a database which contains details of the attributes and history of each CI and the relationships between CIs • Baseline – a snapshot of the state of a CI and its components or related CIs, frozen in time for a particular purpose, such as: – The ability to return a service to a trusted state if a change goes wrong – A specification for copying the CI or for a roll-out – The minimum CIs needed to maintain vital Business Functions after a disaster Configueration Management Major CI Types Definitions Documentation People Users, Customers, Who, Where, What Skills, Characteristics, Experience, Roles Hardware Computers, Computer components, Network components & cables (LAN, WAN), Telephones, Switches Designs; Reports; Agreements; Contracts; Procedures; Plans; Process Descriptions; Minutes; Records; Events (Incident, Problems, Change Records); Proposals; Quotations What, Where, Most Important Services Desktop Support, E-mail, Service Desk, Payroll, Finance, Production Support Data Files Environment Accommodation; Light, Heat, Power; Utility Services (Electricity, Gas, Water, Oil); Office Equipment; Furniture; Plant & Machinery Software Network Mgmt Systems; In-house applications; O/S; Utilities (scheduling, B/R); Packages; Office systems; Web Management Configueration Management CI Relationships and Attributes Activities Desktop Device #1 Desktop Device #2 Cable #1 Ethernet Cable #2 Cable #3 Disk #1 Printer #1 Power Server Disk #2 Relationships System Software Is connected to Is a copy of Is part of Printer #2 Application A Application B Attributes Owner, status, location, serial #, version, supplier, etc. Change Management Change Management Goals Process of controlling changes to the infrastructure or any other aspect of services, in a controlled manner, enabling approved changes with minimum disruption. Change Management ensures that standardized methods and procedures are used for the efficient and prompt handling of all Changes, in order to minimize the adverse impact of any Change-related incidents upon service quality. Changes can arise as a result of Problems, Known Errors and their resolution, but many Changes can come from proactively seeking business benefits such as reducing costs or improving services Change Management Change Management Definitions •Change – a deliberate action that alters the form, fit or function of Configuration Item (CI) such as an addition, modification, movement, or deletion that impacts the IT infrastructure •Request for Change (RFC) – a means of proposing a change to any component of an IT infrastructure or any aspect of an IT service •Forward Schedule of Change (FSC) – a schedule that contains details of all the changes approved for implementation and their proposed implementation date Change Management Change Management Definitions •Standard Change – a Change that is recurrent, has been proceduralized to follow a pre-defined, relatively risk free path and where Change Management and budgetary authority is effectively give in advance •Service Request – a request, usually made through a Service Desk, for a Standard Change –Example: providing access to services for a new member of staff or relocating a few PCs Release Management Release Management Goals Release Management takes a holistic view of a Change to an IT service and should ensure that all aspects of a Release, both technical and non-technical, are considered together • Good resource planning and management are essential to package and distribute a Release successfully. • The focus of Release Management is the protection of the live environment and its services through the use of formal procedures and checks. Service Support Process Model Management Tools & IT Infrastructure Incidents Service Desk Incident Management Enquiries, Communications, Workarounds, Updates Changes Problem Management Services Reports, Incidents, Statistics, Audit Reports Users / Customers Releases Change Management Problem Statistics, Trend Analysis, Problem Reports, Problem Reviews, Diagnostic Aids, Audit Reports Incidents Release Management Change Schedule, CAB Minutes, Change Statistics, Change Reviews, Audit Reports Problems, Known Errors Release Schedule, Release Statistics, Release Reviews, Source Library, Testing Standards, Audit Reports Changes Configuration Management CMDB Reports, CMDB Statistics, Policy/Standards, Audit Reports Releases Configuration Management Database CI Relationships • Service Support – The Service Desk – Incident Management – Problem Management – Configuration Management – Release Management – Change Management • Service Delivery – Service Level Management – Availability Management – IT Service Continuity Management – Capacity Management – Financial Management for IT Services Service Level Management Service Level Management Goals To maintain and gradually improve business aligned IT service quality, through a constant cycle of defining, agreeing, monitoring, reporting and IT service achievements and through instigating actions to eradicate unacceptable levels of service Service Level Management manages and improves the agreed level of service between two parties • The provider who may be an internal service department or the external organisation that provides an outsourced service • The receiver of the servers i.e. the customer who pays the bill. Availability Management Availabtily Management Goals To optimise the capability of the IT infrastructure and supporting organisations to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives IT Service Coninuity Management IT Service Continuity Management Goals To support the overall Business Continuity Management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales Note. IT Service Continuity Management used to be known as Disaster Recovery in the old ITIL books Capacity Management Capacity Management Goals To understand the future business requirements (the required service delivery), the organization's operations (the current delivery), and ensure that all current and future capacity and aspects of the business requirements are provided cost effectively Financial Management Financial Management For IT Services Goals To provide cost-effective stewardship of the IT assets and financial resources used in Services Note. Financial Management of IT Services used to be known as Cost Recovery in the old ITIL books Participants in IT Service Management Sr. IT Mgt Sr. Mgt Tactical Service Level Management Customers Operational Service Desk Users IT The Business Strategic Service Delivery Service Support ITIL is more than a library of books Training •Fundamentals •Practitioner •Service Manager Qualifications: Certification at each level Information Technology Infrastructure Library Consultancy: Provision of IT consulting services to clients based on a de facto standard Tools: ITIL “compliance” is driving tools manufacturers itSMF: User groups providing seminars, conferences, and workshops Consistent and predictable results, process improvement and cost saving top the list of benefits from implementing defined IT Process methods * * Source: Forrester Research – Stabilizing IT with Process Methodologies – May, 2005 CobiT •What Is It? •How Does It Relate To ITIL? COBIT and ITIL–Process Perspective Strategic Process Control XY XY ## ## XY XY XY ## ## ## • Work instruction •2 •3 • 4,5,6…. • Work instruction •2 •3 • 4,5,6…. ITIL Process Execution Work Instruction COBIT • Work instruction •2 •3 • 4,5,6…. • Work instruction •2 •3 • 4,5,6…. • Work instruction •2 •3 • 4,5,6…. CobiT WHAT COBIT Control HOW ITIL Activities Gartner Advisory on COBIT and ITIL COBIT Control WHAT ITIL Activities HOW Acquire and Implement (AI Process Domain) Plan and Organise (PO Process Domain) Monitor and Evaluate (M Process Domain) Deliver and Support (DS Process Domain) Acquire and Implement Plan and Organise Define Strategic IT Plan Determine Define Information Technological Direction Architecture Define IT Organisation and Relationships Manage IT Investment Manage Human Resource Ensure Compliance with External Standards Identify Automated Solutions Acquire and Maintain Application Software Communicate Aims and Direction Manage Projects Assess Risks Manage Quality Obtain Independent Assurance Assess Internal Control Adequacy Provide Independent Audit Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures ITIL Service Support Service Desk Change Management Service Delivery Incident Problem Management Management Service Level Management Availability Capacity Management Management Release Management Financial Management Continuity Management Monitor and Evaluate Monitor the Process Install and Accredit Systems Configuration Management Deliver and Support Define and Manage Service Levels Manage Third-party Services Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Educate and Train Users Assist and Advise IT Customers Manage Configuration Manage Problems and Incidents Manage Data Manage Facilities Manage Operations Acquire and Implement Plan and Organise Define Strategic IT Plan Determine Define Information Technological Direction Architecture Define IT Organisation and Relationships Manage IT Investment Manage Human Resource Ensure Compliance with External Standards Identify Automated Solutions Acquire and Maintain Application Software Communicate Aims and Direction Manage Projects Assess Risks Manage Quality Obtain Independent Assurance Assess Internal Control Adequacy Provide Independent Audit Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures ITIL Service Support Service Desk Change Management Service Delivery Incident Problem Management Management Service Level Management Availability Capacity Management Management Release Management Financial Management Continuity Management Monitor and Evaluate Monitor the Process Install and Accredit Systems Configuration Management Deliver and Support Define and Manage Service Levels Manage Third-party Services Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Educate and Train Users Assist and Advise IT Customers Manage Configuration Manage Problems and Incidents Manage Data Manage Facilities Manage Operations Acquire and Implement Plan and Organise Define Strategic IT Plan Determine Define Information Technological Direction Architecture Define IT Organisation and Relationships Manage IT Investment Manage Human Resource Ensure Compliance with External Standards Identify Automated Solutions Acquire and Maintain Application Software Communicate Aims and Direction Manage Projects Assess Risks Manage Quality Obtain Independent Assurance Assess Internal Control Adequacy Provide Independent Audit Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures ITIL Service Support Service Desk Change Management Service Delivery Incident Problem Management Management Service Level Management Availability Capacity Management Management Release Management Financial Management Continuity Management Monitor and Evaluate Monitor the Process Install and Accredit Systems Configuration Management Deliver and Support Define and Manage Service Levels Manage Third-party Services Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Educate and Train Users Assist and Advise IT Customers Manage Configuration Manage Problems and Incidents Manage Data Manage Facilities Manage Operations Acquire and Implement Plan and Organise Define Strategic IT Plan Determine Define Information Technological Direction Architecture Define IT Organisation and Relationships Manage IT Investment Manage Human Resource Ensure Compliance with External Standards Identify Automated Solutions Acquire and Maintain Application Software Communicate Aims and Direction Manage Projects Assess Risks Manage Quality Obtain Independent Assurance Assess Internal Control Adequacy Provide Independent Audit Manage Change Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures ITIL Service Support Service Desk Change Management Service Delivery Incident Problem Management Management Service Level Management Availability Capacity Management Management Release Management Financial Management Continuity Management Monitor and Evaluate Monitor the Process Install and Accredit Systems Configuration Management Deliver and Support Define and Manage Service Levels Manage Third-party Services Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Educate and Train Users Assist and Advise IT Customers Manage Configuration Manage Problems and Incidents Manage Data Manage Facilities Manage Operations ISO 20000 •What Is It? •How Does It Relate To ITIL? ISO 20000: Basic Concepts • Quality standard for IT Service Management Formal specification defined requirements for an organization to deliver managed services to acceptable quality to customers • BS 15000 fast-tracked to become IS0 20000 • ITIL forms the basis of the standard • Standard = a list of criteria that needs to be met The standard versus the framework • Standard = audit & certify against. Makes ITIL alive • Framework = best practice that the standard is based on ISO 20000 Capacity Management SERVICE DELIVERY Service Level Management Service Reporting Availability and The Business Service Perspective CONTROL Continuity Configuration Management RELEASE Release Management Change Management RESOLUTION Incident Management Problem Management Source: itSMF International Information Security Management Budgeting and ICT Accounting for Infrastructure IT Services Management RELATIONSHIP Business Relationship Management Supplier Relationship Management Example: Change Management Specifications: Objective + Requirements Objective: To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner Requirement examples: • All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor • Requests for changes shall be assessed for their risk, impact and business benefit • All changes shall be reviewed for success and any actions taken after implementation Example: Change Management Code of Practice: Objective + Detailed Best Practices Objective (Sub-process: 8.2.2): Closing and reviewing the change request Detailed Best Practice: • All changes should be reviewed for success or failure after implementation and any improvements recorded • A post-implementation review should be undertaken for major changes to check that: – a) the change met its objectives; – b) the customers are happy with the results; – c) there have been no unexpected side effects • Any nonconformity should be recorded and actioned • Any weaknesses or deficiencies identified in a review of the change control process should be fed in to service improvement plans ITIL Future – from this…. … to this: ITIL V.3 Planning to Implement Service Management Service Strategy Design The Business The Business Perspective Service Service Service Operation Transition Support LIFECYCLESecurity PERSPECTIVE Management Service Pocket Guides Delivery Continuous Service Improvmt ICT Infrastructure Management Case Studies ITIL Practice Working Templates Applications Management Governance Methods Certification-based Study Aids Software Asset Executive Introduction to ITManagement Service Management The Technology Service Various non-proprietary frameworks and methods exist to help IT organizations become more process centric and improve the quality of the services delivered What is it? Focus IT Specific How it fits ITIL CMM CobiT Six Sigma ISO 2000 The IT Infrastructure Library is a customizable framework of best practises that promote quality IT service, build on a process-model view of controlling and managing operations. ITIL was originally developed by the UK government and has since matured into an internationally recognized standard. The Capability Maturity Model is a method of evaluating and measuring the maturity of the software development process. Recent revisions (CMMI) provide guidance for improving organization process and manage the development, acquisition and maintenance of products and service Control OBjectives for Information and related Technology is a framework for information security and provides generally accepted IT control objectives to assist in developing appropriate IT governance and control A data driven quality management program to control variations and thereby achieve high levels of quality. A standard concerned primarily with the quality of IT Service Management. It provides the basis to fulfill customer requirements, regulatory requirements, enhance customer satisfaction, and pursue continual improvement IT Operations – IT Service Management Development Governance and Control Process Improvement Processes Consistency Yes Yes Yes No Yes Define and implement processes Determine extent of process maturity Provide process controls Improve processes Certify processes are being followed Frameworks and Methodologies ISO20000 CobiT SIX SIGMA CMMi Governance ITIL Business Process Models In summary: ITIL is: • The international de-facto Best Practice for IT Service Management • Process Approach to improving Quality, Efficiency and Effectiveness • Service focused IT management, viewed from the perspective of IT customers and users • Evolving, vendor-neutral, non-proprietary framework • CobiT complementary, Certifiable through ISO20000 • DEFINED COMMON SENSE
© Copyright 2024