IT Service Management Based on ITIL® 2011 Edition E-Book

IT Service Management based on ITIL® 2011 Edition

Colophon

Title:

IT Service Management based on ITIL

®

2011 Edition

Author:

Pierre Bernard

Reviewers (Dutch edition):

Bert Boesjes (Sogeti Nederland)Dick Pondman (Leaneraz)René Visser (Pink Elephant)

Publisher:

Van Haren Publishing, Zaltbommel,

www.vanharen.net

Design & layout:

CO2 Premedia, Amersfoort

NUR code:

981 / 123

ISBN Hard copy:

978 94 018 0017 4

ISBN eBook:

978 94 018 0556 8

ISBN ePub:

978 94 018 0557 5

Edition:

First edition, first impression, October 2014

Copyright:

© Van Haren Publishing, 2012, 2014

Copyright © AXELOS Limited 2011. Reproduced under license from AXELOS: cover diagram and following diagrams in the internals of this publication:

Any ITIL core book 1.1, 2.2

Continual Service Improvement 2.4, 2.8, 3.1, 3.4, 3.5, 4.1, 5.6

Continual Service Improvement (2007) 5.6, A.3

Service Design 3.2, 4.1, 4.10, 4.13, 4.14, 4.16, 4.17, 4.2, 4.20, 4.21, 4.24, 4.25, 4.27, 4.6, 4.8, 4.9

Service Operation 4.2, 4.3, 4.6, 4.7, 4.9, 5.2, 5.3, 5.4, 6.1, 6.2, 6.4, 6.6

Service Strategy 2.6, 4.14, 4.15, 4.18, 4.2, 4.25, 4.3, 4.41, 4.42, 4.43, 5.5

Service Transition 1.2, 4.1, 4.19, 4.2, 4.28, 4.31, 4.33, 4.35, 4.37, 4.5, 4.6, 4.7, 5.6, 6.3

All rights reserved. No part of this publication may be reproduced in any form by print, photo print, microfilm or any other means without written permission by the publisher.

Although this publication has been composed with much care, neither author, nor editor, nor publisher can accept any liability for damage caused by possible errors and/or incompleteness in this publication.

TRADEMARK NOTICES

ITIL®, M_o_R®, and PRINCE2® are a registered trade mark of AXELOS Limited.

The ITIL Swirl logo™ is a trade mark of AXELOS Limited.

1   INTRODUCTION

1.1   Background

1.2   Why this book

1.3   Organizations involved in ITIL

1.4   Differences from previous editions

1.5   Structure of this book

1.6   How to use this book

PART 1   THE ITIL SERVICE LIFECYCLE

2   INTRODUCTION TO SERVICE MANAGEMENT AND THE SERVICE LIFECYCLE

2.1   Basic Concepts

2.2   Functions and processes

2.3   Governance and management systems

2.4   Organizational maturity

2.5   Benefits and risks of ITSM frameworks

2.6   The Service Lifecycle

3   FUNCTIONS

3.1   IT Operations Management

3.2   Service Desk

3.3   Technical Management

3.4   Application Management

PART 2   PROCESSES IN THE LIFECYCLE PHASES

4   SERVICE STRATEGY PHASE

4.1   Introduction to Service Strategy

4.2   Strategy Management for IT Services

4.3   Service Portfolio Management

4.4   Financial Management for IT Services

4.5   Demand Management

4.6   Business Relationship Management

5   SERVICE DESIGN PHASE

5.1   Introduction to Service Design

5.2   Design aspects

5.3   Design activities

5.4   Basic concepts of Service Design

5.5   Design Coordination

5.6   Service Catalogue Management

5.7   Service Level Management

5.8   Capacity Management

5.9   Availability Management

5.10 IT Service Continuity Management

5.11 Information Security Management

5.12 Supplier Management

5.13 Organization

5.14 Methods, techniques and tools

5.15 Implementation considerations

6   SERVICE TRANSITION PHASE

6.1   Introduction to Service Transition

6.2   Basic concepts

6.3   Transition Planning & Support

6.4   Change Management

6.5   Service Asset & Configuration Management (SACM)

6.6   Release & Deployment Management

6.7   Service Validation & Testing

6.8   Change Evaluation

6.9   Knowledge Management

6.10 Organization

6.11 Methods, technology and tools

6.12 Implementation

7   SERVICE OPERATION PHASE

7.1   Introduction to Service Operation

7.2   Monitoring and control

7.3   Event Management

7.4   Incident Management

7.5   Request Fulfilment

7.6   Problem Management

7.7   Access Management

7.8   Implementation

7.9   Service Operation organization

8   CONTINUAL SERVICE IMPROVEMENT PHASE

8.1   Introduction to Continual Service Improvement

8.2   Basic concepts

8.3   CSI activities

8.4   CSI 7-step improvement process

8.5   Organization

8.6   Methods, techniques and tools

8.7   Implementation

ANNEX A REFERENCES

ANNEX B DIFFERENCES BETWEEN ITIL V3 AND ITIL 2011 EDITION

B.1 ITIL Service Strategy updates

B.2 ITIL Service Design updates

B.3 ITIL Service Transition update

B.4 ITIL Service Operation updates

B.5 ITIL Continual Service Improvement update

Index

The aim of this book is to provide an easy to read and easy to use introduction to the broad library of ITIL core books and to support the understanding and the further distribution of ITIL as a popular industry framework. The previous editions of this book, based on ITIL V2 and ITIL V3, have gained a worldwide reputation as an easy access training aid, used by many IT professionals as study guidance for the ITIL Foundation and ITIL Intermediate (lifecycle and capability) exams. This book is a certainly a true successor, aiming at the same target groups.

Van Haren Publishing has been publishing supporting material on ITIL since 2002 and have been very fortunate in gaining the expertise and support of many global industry experts in authoring and reviewing the material. Over this period ITIL has developed from a set of simple processes into a framework that reflects the increasing trends for organizations to work within large enterprise environments across national borders. However it is also clear that many of our readers fall into either of the following two broad categories: those starting their careers within IT service management and those involved with the execution of processes. For these readers simple, concise overviews and explanations of the elements of the framework will be the most useful. Introductory books are very useful as reference material. In addition many organizations use multiple frameworks and methods and thus, there is a requirement for colleagues in other disciplines to understand the basics of ITIL and how it might affect and support their own operations.

Looking forward: There is no “one-size-fits-all framework” or “the mother of all methods”. Organizations around the world will continue to adopt newer technologies and service offering such as mobile computing and cloud-based services. Therefore it is paramount for the success of the IT organizations that they adopt and adapt the various elements of ITIL and other frameworks and methods to suit their innovative solutions. This title celebrates the ‘select and integrate’ approach of many around the world by presenting ITIL elements in succinct, discrete packages.

The continued publication of up-to-date material that covers the key elements of the ITIL Lifecycle approach is therefore very welcome. Like previous editions, this title benefits from the wisdom and support of many colleagues within the IT service management industry and we believe that it presents a strong, quality piece of text that will continue to prove extremely useful to students, executives and managers alike.

Acknowledgements: The format of the content of this book is based on the Dutch edition that was edited by René Visser. The role of René for improving the consistency of the text was very important to realize this English language edition.

September 2014,Pierre Bernard

■  1.1   BACKGROUND

Since the year 2000, technological developments such as smartphones, tablets, cloud services, near-field-content, Wi-Fi, and especially social media have had a tremendous effect on the world we live in. With the emergence of extremely powerful hardware, highly versatile software and super-fast networks – and their wide-spread acceptance and use – organizations worldwide have been able to develop their information-dependent products and services to a greater extent, and to bring them to the market much faster. These, as well as many other socio-economic and political developments have marked the superimposition of the information age upon the industrial age. In this “information age”, where everything is connected, the dissemination of data and information has become faster and more dynamic as well as a worldwide phenomenon.

Quoting from one of Bob Dylan’s1 songs titled “The Times They Are A-Changin” is quite appropriate here as indeed the traditional view and role of the Information Technology organization (IT) are dramatically altered based on the above. To be successful, organizations will need to be as nimble as possible in order to react to rapidly changing market demands and technologies. First, there is a movement concerning renaming IT to Information Services (IS). Second, cloud computing is becoming a more viable option and a more common solution. This is a result of organizations realizing that technology is not always one of their core competences and that outsourcing provides them with a more accurate and predictable cost structure.

Organizations should also start considering the significant impact of the arrival in the workplace of extremely technology-savvy employees. These new employees have been using technology almost since birth; they are not only the early adopters of mobile technologies but of social media as well. Information is now at their fingertips and they will expect the same in the workplace. In addition to this new generation of employees, organizations need to consider how they will handle the same demands from their existing and potential customers.

There are numerous books, whitepapers, and articles2 about the need to break down vertical business silos and shift the business model to more horizontal processes, thus “flattening” the organization. The authors of these documents are advocating that decision-making powers should be increasingly bestowed on the employees. Again, according to these various sources, an important advantage of process-oriented organizations is that processes can be designed to support a customer-oriented approach. This has made the alignment between the IT organization (responsible for supplying information) and the customer (responsible for using these information systems in their business) increasingly significant. This is usually known as Business-IT Alignment (BITA).

It is against this background that the world of IT Service Management (ITSM) has arisen and gained in popularity.

The above authors are not wrong, nor are they lacking vision; on the contrary. As organizations gained more experience with the process-oriented approach of ITSM, it became clear that these processes must be managed coherently. Moreover, it became obvious that the introduction of a process-oriented work method meant a major change for organizations that were primarily line and project-oriented. Culture and change management are crucial elements for a successful organizational design. Change management here refers to business change, as well as changes in attitudes, aptitudes, behaviors, the adoption of frameworks and methodologies adapted to suit the organizational needs.

The truth about processes and BITA is that organizations have always used processes and IT has always been part of the organization. However, we must acknowledge that processes are often conducted in isolation by a few individuals or groups. Processes are often neither shared nor documented. One of the causes for the above is that many people believe that “knowledge is power”3, as illustrated in the following two quotes:

Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.

- Kofi Annan

Knowledge is power. Information is power. The secreting or hoarding of knowledge or information may be an act of tyranny camouflaged as humility.

- Robin Morgan

In the author’s opinion, “knowledgesharingis power”.

Another important lesson learned was that the IT organization must not lose itself in a process culture. Just like the one-sided project-oriented organization, a one-sided process-oriented organization was not the optimum type of business. Balance was, as always, the magic word. In addition, it became clear that the customer-oriented approach required that an end-to-end and user-centric approach must be followed: it was of no help to the user to know that “the server was still in operation” if the information system was not available at the user’s workplace. IT services must be viewed in a larger context. The need for the recognition of the Service Lifecycle, and the management of IT services in light of that lifecycle, became a concern.

Due to the fast growing dependency of business upon information, the quality of information services in companies is being increasingly subjected to stricter internal and external requirements. The role of standards is becoming more and more important, and frameworks of “best practices” help with the development of a management system to meet these requirements. Organizations that are not in control of their processes will not be able to realize great results on the level of the Service Lifecycle and the end-to-end-management of those services. Organizations that do not have their internal organization in order will also not achieve great results. For these reasons, all these aspects are handled alongside each other in the course of this book.

■  1.2   WHY THIS BOOK

This book has been developed for all those responsible for setting up and delivering the information services. Additionally, it contains a lot of useful information for those who are responsible for strategic information issues. This is supported by both the description of the Service Lifecycle, as documented in ITIL and by the description of the processes that are associated with it. The ITIL core books are very extensive: almost 2000 pages. These ITIL core books can be used for a thorough study of contemporary best practices of ITSM. This book provides the reader with an easy-to-read comprehensive introduction to the broad library of ITIL core books. And finally, the contents of this book cover the specifications for the ITIL Foundation exam from AXELOS; this book has proven useful in preparing for this exam.

In 2007 Version 3 of the ITIL framework was published. This version offered a new concept or ITSM. Additional to the processes approach the concept of the lifecycle approach was introduced with ITIL V3. In 2011 a second edition of ITIL V3 was published. This new ITIL 2011 Edition is comprised mostly of cosmetic, grammatical, and syntactic modifications.

ITIL offers a systematic approach to the delivery of quality of IT services. It provides a detailed description of most of the important processes for an IT organization, and includes information about procedures, tasks, roles, and responsibilities. These can be used as a basis for tailoring the framework to the needs of individual organizations.

Over the years, ITIL has become much more than a series of useful books about ITSM. The framework for the “best practice” in ITSM is promoted and further developed and influenced by advisors, educators, trainers, and suppliers. These suppliers include a wide variety of technological solutions such as hardware, software, and cloud computing products. Since the 1990s, ITIL has grown from a theoretical framework to the de facto approach and philosophy shared by the people who work with it in practice.

Being an extended framework of best practices for ITSM itself, the advantages and disadvantages of frameworks in general, described in Section 2.6, are also applicable to ITIL. Of course, ITIL was developed because of the advantages mentioned earlier. Many of the pointers from “best practices” are intended to avoid potential problems or, if they do occur after all, to solve them.

ITIL examinations

For the new 2011 Edition of ITIL, the syllabuses for all qualifications have been updated. The most significant changes relate to new/modified section numbers as well as improved wording and/or clarification for some learning objectives and section details.

At the publication date of this book, well over 2 million people worldwide have achieved one or more levels of ITIL certification.

There are four qualification levels relating to the ITIL framework. They are:

■   Foundation Level

■   Intermediate Level (Lifecycle Stream & Capability Stream)

■   ITIL Expert

■   ITIL Master

For more information about the ITIL V3 Qualification Scheme, please visit

http://www.itil-officialsite.com.

■  1.3   ORGANIZATIONS INVOLVED IN ITIL

Cabinet Office and AXELOS

Initially ITIL was a product of CCTA, a UK government organization. In 2001 CCTA was incorporated by the Office of Government Commerce (OGC) who became the new owner of ITIL. As a result, the UK Government became the owner of the Intellectual Property Rights (IPR), including the copyrights and trademark rights, of ITIL. Since June 2010 the operational and control tasks were in the hands of the Cabinet Office.

On 1 July 2013 a new organization was created for the further development and exploitation of ITIL and the PPM portfolio (including PRINCE2): AXELOS. This Limited company is a joint venture of the Cabinet Office and Capita PLC. As a result, this joint venture became the new owner of ITIL and the PPM portfolio. The UK government holds 49 percent of the shares of AXELOS while Capita PLC holds the remaining 51 percent.

itSMF

The target group for this publication is anyone who is involved or interested in ITSM. A professional organization, working on the development of the ITSM field, has been created especially for this target group.

In 1991 the Information Technology Service Management Forum (itSMF), originally known as the Information Technology Infrastructure Management Forum (ITIMF), was set up as a UK association. In 1994, a sister-association was established in the Netherlands, following the UK example. Since then, independent itSMF organizations have been set up in nearly fifty countries, spread across the globe, and the number of “chapters” continues to grow. All itSMF organizations operate under the umbrella organization, itSMF International (itSMF-I).

The itSMF is aimed at the entire professional area of ITSM. It promotes the exchange of information and experiences that IT organizations can use to improve their service provision. The itSMF is also involved in the use and quality of the various standards and methods that are important in the field. One of these is ITIL. The itSMF-I contributes to the promotion of the role of ITIL.

Certification, examination, and accreditation

AXELOS is responsible for managing the ITIL copyrights, the certification of the ITIL examinations and the accreditation of examination institutes. AXELOS is also responsible for the publication of the ITIL certification system and for the official ITIL publications (manuals).

In 2014 AXELOS has accredited seven Exam Institutes (EIs) for the distribution around the globe of the ITIL exams:

■   BCS-ISEB CERT-IT,

■   CSME, DANSK IT,

■   DF Certifiering AB,

■   EXIN,

■   LCS (Loyalist Certification Services),

■   PEOPLECERT Group,

■   TÜV SÜD Akademie.

For more information, see www.itil-officialsite.com.

■  1.4   DIFFERENCES FROM PREVIOUS EDITIONS

Previous editions of this book have played a key role in the distribution of ideas on ITSM and ITIL for many years. The title has been translated into thirteen languages and is recognized as the most practical introduction to the leading “best practices” in this field. Earlier editions of this book focused on the content of three books from the ITIL series (Version 2): Service Support, Service Delivery, and Security Management, and placed them in a broader context of quality management.

The main difference between ITIL Version 2 and 3 lies in the Service Lifecycle, introduced in Version 3. Where the scope of Version 2 focused on single practices, clustered in Delivery, Support, and Security Management, the scope in Version 3 takes the entire Service Lifecycle into account.

■  1.5   STRUCTURE OF THIS BOOK

This book starts with an introduction on the backgrounds and general principles of ITSM and the context for ITIL (Chapter 1). It describes the parties involved in the development of best practices and standards for ITSM, and the basic premises and standards that are used.

The body of the book is set up in two large parts: Part 1 deals with the Service Lifecycle and the four functions in ITIL, Part 2 deals with the individual processes that are described in ITIL.

Part 1, consisting of Chapters 2 and 3, introduces the Service Lifecycle, in the context of ITSM and IT Governance. It discusses principles of organizational maturity, and the benefits and risks of following a service management framework. The section introduces and discusses the functions involved in service management good practices. This enables the reader to better relate the processes in Part 2, and their related concepts and activities, back to the “people aspect” of ITSM.

In Part 2, consisting of Chapters 4 to 8, each of the phases in the Service Lifecycle are discussed in detail, following the structure of the ITIL core books: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. These chapters provide a detailed view on the characteristics of the Service Lifecycle, its structure and its elements. The main points of each phase are presented in a consistent way to aid readability and clarity.

Each of these processes is described in an identical manner, in terms of:

1.   Introduction (containing: Goal, Objectives, Scope, Value for the business)

2.   Activities, methods and techniques

3.   Management information

4.   Interfaces

5.   Triggers

6.   Inputs

7.   Outputs

8.   Critical Success Factors

9.   Metrics

10. Challenges

11. Risks

The Appendices provide useful sources for the reader. Appendix A is a reference list of the sources used in this book is provided. Appendix B offers an overview of the most important differences between ITIL V3 (2007) and ITIL 2011 Edition.

■  1.6   HOW TO USE THIS BOOK

Readers who are primarily interested in the Service Lifecycle can focus on Part 1 of the book, and pick whatever they need on functions and processes from Part 2.

Readers who are primarily interested in the functions and processes and are not ready for a lifecycle approach yet, or who prefer a process approach, can read the introductory chapters, and then focus on the functions and processes of their interest.

Readers who want a thorough introduction to ITIL, exploring its scope and main characteristics, can read Part 1 on the Lifecycle, and add as many of the processes from Part 2 as required.

This book aims to provide support to a variety of approaches to ITSM based on ITIL.

This book covers all exams specs for the ITIL Foundation exam and is therefore a useful tool when preparing for this exam. However, this book covers more subjects than the exam specs. If a reader intends to study only the subject of the exam specs, he should best rely on the Preparation Guide (ITIL Foundation Syllabus), available through:

http://www.itil-officialsite.com/Qualifications/ITILQualificationLevels/ITILFoundation.aspx.

Additionally this book offers a useful support when preparing for the ITIL Intermediate examination (lifecycle and capability exams).

The official ITIL Glossary, the official list of all ITIL terminology, is available via the product page for this book on www.vanharen.net.

_______

1   Bob Dylan – American singer, songwriter, musician (1941 - )

2   See Appendix A for some examples

3   Attributed to Sir Frances Bacon (Viscount of Saint Alban, 1561 – 1626)

■  2.1   BASIC CONCEPTS

The information provision role and system have grown and changed since the launch of ITIL Version 2 (in 2000/02). IT supports and is part of an increasing number of goods and services. In the business world, the information provision role has changed as well: the role of the IT organization role is no longer just supporting, but has become the baseline for the creation of business value.

ITIL intends to include and provide insight into the new role of IT in all its complexity and dynamics. To that end, a new service management approach has been chosen that does not center on processes, but focuses on the Service Lifecycle.

Before describing the Service Lifecycle, we first need to explain some basic concepts.

2.1.1   Best practice

ITIL is presented as a best practice. This is an approach or method that has proven itself in practice. These good practices can be a solid backing for organizations that want to improve their IT services. In such cases, the best thing to do is to select a generic standard or method that is accessible to everyone – ITIL®, COBIT®, CMMI®, PRINCE2®, and ISO/IEC 20000®, for example. One of the benefits of these freely accessible generic standards is that they can be applied to a number of real-life environments and situations.

2.1.2   Service

A service is about creating value for the customer. ITIL defines a service as follows:

The above definition is not very useful when trying to provide additional details. Table 2.1 provides further explanation about the above definition.

Table 2.1 Definition of key terms in the “service” definition

Mean:

The actual “

physical

” product the customer can actually see, touch, or use.

Value:

The customer defines value based on the desired business outcomes by the customer, their preferences, and their perceptions.

Outcome:

The business activity or result to be used by the business or delivered to the external customer.

Specific costs:

The customer does not want to worry about all costs relating to the end-to-end provision of the service. The customer prefers to consider IT as a utility, which is a more predictable expense.

Specific risks:

The IT organization takes on most of the risks on behalf of the customer, allowing the latter to focus on their core business competences.

Outcomes are possible from the performance of tasks, and they are limited by a number of constraints. Services enhance performance and reduce the pressure of constraints.

IT service

IT services are offered by IT service providers. ITIL’s definition of an IT service is:

Three groups of services

ITIL makes a distinction between three groups of client oriented services: core, enabling and enhancing (see Table 2.2).

A service provider may decide to offer a custom (unique) service to a small group of customers. The cost price for this will be very high because of the development costs and specific resources required. The market for these services will therefore be very limited. Therefore many service providers follow the strategy that enables them to deliver the more generic service to a large group of customers. Bundling these services into one group will result in an economy of scale. In this way the service providers are able to offer a variety of service packages to their customers. A service package is a collection of two or more services that have been combined to help deliver specific business outcomes. It is also possible that a service or service package is offered in different levels of utility (fitness for purpose) and warranty (fitness for use). For example as bronze, silver or gold service level packages.

Table 2.2 Three types of customer related services

Core services

Delivers the basic outcomes desired by one or more customers. E.g.: the service

“Document processing”

would enable clients to create, read, change, and store documents.

Enabling services

Services required for the successful delivery of a core service. E.g.: downloading and automatic installation of updates.

Enhancing services

Services added to a core service to make it more appealing or enticing to the customer. E.g.: the printing of documents on a professional color printer for high quality brochures.

Utility and warranty of a service

From the customer’s point of view, value is subjective. Although, at its core, value consists of achieving business objectives, it is influenced by the customer’s perceptions and preferences. From a service provider point of view, the value of a service is created by combining two primary elements: utility (fitness for purpose) and warranty (fitness for use). These two elements work together to achieve the desired outcomes upon which the customer and the business base their perceptions of a service.

Utility is the functionality offered by a product or service to meet a particular need. Utility can be summarized as “what the service does”, or “fit for purpose”. Utility refers to those aspects of a service that contribute to tasks associated with achieving outcomes: the removal of constraints and an increase in performance.

Warranty is an assurance that a product or service will meet its agreed requirements. Warranty refers to the ability of a service to be available when needed, to provide the required capacity, and to provide the required reliability in terms of continuity and security. Warranty can be summarized as “how the service is delivered” or “fit for use”.

Figure 2.1   Services are designed, built, and delivered with both utility and warranty

(source: AXELOS)

2.1.3   Service management

In order to offer and provide services, the service provider must effectively and efficiently manage the entire lifecycle of the services. Transforming the service provider’s capabilities and resources into valuable services is the core of service management. Service management is also a professional practice supported by an extensive body of knowledge, experience, and skills.

ITIL defines service management as:

2.1.4   ITSM

An IT organization is, by definition, a service provider. It uses the principles of service management to ensure the successful delivery of the outcomes desired by the customers.

Table 2.3 ITSM and IT service providers

ITSM

ITSM is performed by IT service providers through an appropriate mix of people, process, and information technology.

IT service provider

A service provider that provides IT services to internal or external customers

The IT service provider must utilize ITSM effectively and efficiently. By managing IT from the business perspective (as opposed to simply being a technology broker) the service provider will generate higher organizational performance and create greater value.

2.1.5   Service providers

There are three main types of service provider. Although almost all aspects of service management apply equally to all types of service provider, there are certain aspects that take on different meanings depending on the type of provider. These aspects include terms such as customers, contracts, competition, market spaces, revenue, and strategy.

Table 2.4 Service provider types

Type IInternal service provider

An internal service provider that is embedded within a business unit.

Type IIShared services unit

An internal service provider that provides shared IT services to more than one business unit

Type IIIExternal service provider

A service provider that provides IT services to external customers

2.1.6   Stakeholders in service management

A stakeholder is an individual or a group that has a vested interest in an organization, project, service, etc. Of interest to the stakeholders are such service management deliverables as activities, targets, resources, etc.

Table 2.5 Stakeholders

Customers

Those who buy goods or services.

Users

Those who use the service on a day-to-day basis.

Suppliers

Third parties responsible for supplying goods or services that are required to deliver IT services

Internal customers

These are customers who work for the same organization as the IT service provider.

External customers

These are customers who work for a different organization from the IT service provider.

2.1.7   Assets, resources, and capabilities

The use of assets forms the basis for the relationship between service providers and their customers. Each relationship involves an interaction between the assets of each party.

Table 2.6 Assets

Asset

Any resource or capability. Assets of a service provider include anything that could contribute to the delivery of a service. Assets can be one of the following types: management, organization, process, knowledge, people, information, applications, infrastructure, and financial capital.

Customer asset

Any resource or capability used by a customer to achieve a business outcome

Service asset

Any resource or capability used by a service provider to deliver services to a customer.

Resources and capabilities are two types of asset used by both service providers and customers. Resources are direct inputs for production; they are “consumed” or “modified”. According to ITIL the most important resources are: financial capital, applications, infrastructure, information, and people. Capabilities represent an organization’s ability to coordinate, control, and deploy the resources. According to ITIL the capabilities of an organization are found in people, knowledge, processes, organization, and management.

■  2.2   FUNCTIONS AND PROCESSES

2.2.1   Functions

ITIL defines service management as a set of specialized organizational capabilities that have been developed by an organization. Using these capabilities a IT service provider is able to provide value to customers in the form of services. These capabilities are taking shape as functions and processes. Well implemented functions and processes enable an IT service provider to manage services throughout their entire lifecycle.

It is of the utmost importance for anyone in an organization, especially in the IT organization, to understand the difference between a function and a process.

A poor coordination between functions combined with an inward focus leads to the rise of “silos”. This does not benefit the success of the organization. Processes run through the hierarchical structure of functions; functions often share many processes. This is how processes contribute to an ever improved coordination between functions.

Table 2.7 Organizational structure breakdown

Group

A group is a number of people who are similar in some way

Team

A team is a more formal type of group. These are people who work together to achieve a common objective, but not necessarily in the same organizational structure

Department

Departments are formal hierarchical, organizational-reporting structures which exist to perform a specific set of defined activities on an on-going basis

Division

A division refers to a number of departments that have been grouped together, often by geography or product line

According to ITIL four important functions are required in the design, testing, deployment and improvement of IT services:

1.   Service Desk

2.   IT Operations Management

3.   Technical Management and

4.   Application Management

These functions will be described in Chapter 3. Additional to these four functions ITIL contains 26 processes. These processes will be described in Chapter 4 to 8.

Table 2.8 The four functions in ITIL

Service Desk

This function acts as the single point of contact and communication to the users and a point of coordination for IT groups and processes

IT Operations Management

This function executes the daily operational activities needed to manage IT services and the supporting IT infrastructure. Consists of two sub-functions; IT operations control and facilities management.

Technical Management

This function provides detailed technical skills and resources needed to support the on-going operation of IT services and the management of the IT infrastructure.

Application Management

Is responsible for managing applications throughout their lifecycle. The Application Management function supports and maintains operational applications.

2.2.2   Processes

Processes comprise groups of activities executed for a specific goal. ITIL’s definition of a process is:

The characteristics of these processes are described in Table 2.9.

People and tools execute the activities of processes. Employees, related to a specific function, will execute the day to day activities within various processes. Service Desk personnel may be involved in processes such as Incident Management, Problem Management, Request Fulfilment, and Change Management.

Table 2.9 The four characteristics of processes

Measurability

Processes are designed for a specific target. They are measurable because it is possible to set specific targets related to the process performance and measure against them: i.e.: they are performance-oriented.

Specific results

The reason a process exists is to deliver a specific result. This result must be delivered at the right moment and at the right quality level.

Customers and/or stakeholders

Every process delivers its primary results to a customer or stakeholder.

Responsiveness to specific triggers

They respond to an identified trigger. A process is indeed continual and iterative, but it is always originating from a certain identified trigger.

For some people, it may be difficult to differentiate between a function and a process. The difficulty arises when an organization already has a group of people called by the name of a process. This group is usually dedicated primarily to the execution of what appears to be a single process. However, every group of people is involved in the execution of process activities.

In themselves, processes do nothing. People (and tools) execute the activities of various processes. Based on the above definitions, a function (group of people) performs the activities of various processes. A good example of a function is the Service Desk; a good example of a process is Change Management.

A poor coordination between functions combined with an inward focus leads to the rise of “silos”. This does not benefit the success of the organization. Processes run through the hierarchical structure of functions; functions often share many processes. This is how processes contribute to an ever-improved coordination between functions.

When arranging activities into processes, we look at the objective of the process and the relationships with other processes. A process is a series of activities carried out to convert input into an output, and ultimately into an outcome. The input is concerned with the resources being used in the process. The (reported) output describes the immediate results of the process, while the outcome indicates the long-term results of the process (in terms of meaningful effect). Through control activities, we can associate the input and output of each of the processes with policies and standards to provide information about the results to be obtained by the process. Control regulates the input and the throughput in case the throughput or output parameters are not compliant with these standards and policies. This produces chains of processes that show the input that goes into the organization and what the result is, and it also monitors points in the chains in order to check the quality of the products and services provided by the organization on specific points in the chains.

The standards for the output of each process have to be defined, in such a way that the complete chain of processes in the process model meets the corporate objective. If the output of a process meets the defined requirements, then the process is effective in transforming its input into its output. To be really effective, the outcome should be taken into consideration rather than merely focusing on the output. If the activities in the process are also carried out with the minimum required effort and cost, then the process is efficient. It is the task of process management to use planning and control to ensure that processes are executed in an effective and efficient way.

When a person performs an activity within a certain process, he/she does this as part of a specific role. Roles are often confused with job titles. However, they are not the same. Each organization must define appropriate job titles and job descriptions to suit their needs. Individuals holding these job titles can perform one or more of the required roles.

2.2.3   Roles and responsibilities

Highly performing organizations are able to take the right decisions fast and accurately and execute them successfully. To achieve this, it is crucial that the roles and responsibilities of the process are clearly defined.

The RACI model is one of many useful model in achieving this. RACI is an acronym for the four most important roles:

■   Responsible – the person who is responsible for completing the task

■   Accountable – the only person who is accountable for each task

■   Consulted – people who give advice

■   Informed – people who must be kept in the loop regarding the progress of the project

In establishing a RACI system, the following steps are necessary:

■   Identify activities and processes

■   Identify and define functional roles

■   Conduct meetings and delegate the RACI-codes

■   Identify gaps and potential overlaps

■   Distribute the RACI chart and build in feedback

■   Ensure that the allocations are followed

Figure 2.2   Sample of filled out RACI model

In establishing a RACI system, the following steps are necessary:

■   Identify activities and processes

■   Identify and define functional roles

■   Conduct meetings and delegate the RACI codes

■   Identify gaps and potential overlaps

■   Distribute the RACI chart and build in feedback

■   Ensure that the allocations are followed

ITIL distinguishes three generic process roles: process owner, process manager, and process practitioner.

The process owner is responsible for defining the process goals, the strategy related to the process, the guidelines for the process output, the performance indicators, availability of the required resources and the process results.

The process manager is responsible for the realization and structure of the process, and reports to the process owner. He/she is responsible for the operational management of the process. The responsibilities of a process manager are: planning and coordination of all activities that have to be achieved, and the monitoring and reporting of the process.

The process practitioners are responsible for correctly completing specific activities within the process.

The management of the organization can provide control based on the process quality of the process as demonstrated by data from the results of each process. In most cases, the relevant performance indicators and standards will already be agreed upon. In this case the process manager can do the day-to-day control of the process. The process owner will assess the results based on a report of performance indicators and checks whether the results meet the agreed standard. Without clear indicators, it would be difficult for a process owner to determine whether the process is under control, and if planned improvements are being implemented.

Processes are often described using procedures and work instructions.

A process is defined as a logically related series of activities executed to meet the goals of a defined objective. Processes are composed of two kinds of activities: the activities to realize the goal (operational activities concerned with the throughput), and the activities to manage these (control activities). The control activities make sure the operational activities (the workflow) are performed in time, in the right order, etc. (For example, in the processing of changes it is always ensured that a test is performed before a release is taken into production and not afterwards.)

Processes and departments

Most businesses are hierarchically organized. There are departments that are responsible for the activities of a group of employees. There are various ways of structuring departments, such as by customer, product, region, or discipline. IT services generally depend on several departments, customers, or disciplines. For example, if there is an IT service to provide users with access to an accounting program on a central computer, this will involve several disciplines. The computer center has to make the program and database accessible, the data and telecommunications department has to make the computer center accessible, and the PC support team has to provide users with an interface to access the application.

Processes should span several departments (teams) in order to adequately measure the end-to-end quality of a service by monitoring the utility and warranty aspects of the service. These aspects include the removal of constraints on the enhancement of performance, availability, capacity, continuity, security, as well as costs and stability. A service organization will try to match these quality aspects with the customer’s demands. The structure of such processes can ensure that good information is available about the provision of services, so that the planning and control of services can be improved.

Processes, projects, programs and portfolios

Activities can be managed from a process perspective, from an organizational hierarchy (line) perspective, from a project perspective, or from any combination of these three. Organizations that tend to apply just one of these management systems often miss the benefits of the others. The practical choice often depends upon history, culture, available skills and competences, and personal preferences.

There are no “hard and fast laws” for the way an organization should combine processes, projects, and programs. However, it is recommended that a common understanding of processes, projects, programs, and even portfolios is created. The following definitions may be used:

Process

A process is a structured set of activities designed to accomplish a defined objective.

Project

A project is a temporary organization, with people and other assets required to achieve an objective.

Program

A program consists of a number of projects and activities that are planned and managed together to achieve an overall set of related objectives.

Portfolio

A portfolio is a set of projects and/or programs, which are not necessarily related, brought together for the sake of control, coordination, and optimization of the portfolio in its totality.

The most elementary difference between a process and a project is the one-off character of a project, versus the continuous character of the process. If a project has achieved its objectives, it means the end of the project. Processes can be run many times, both in parallel and in sequence. The nature of a process is aimed at its repeatable character: processes are defined only in case of a repeatable string of activities that are important enough to be standardized and optimized.

Projects are aimed at changing a situation A into a situation B. This can involve a simple string of activities, but it can also be a very complex series of activities. Other elements of importance for projects include money, time, quality, organization, and information.

2.2.4   Organizational culture and behavior

Organizational culture is the set of shared values and norms that control the interactions between a service provider and all stakeholders, including customers, users, suppliers, internal personnel etc. An organization’s values are desired modes of behavior that affect its culture. Examples of organizational values include high standards, customer care, respecting tradition and authority, acting cautiously and conservatively, and being frugal.

Constraints such as governance, standards, values, capabilities, resources, and ethics play a significant role in shaping and/or influencing the culture and behavior of an organization. The management structure and styles may impact positively, or negatively, the organizational culture. Organizational structures and management styles are also contributing factors to the behavior of people, process, products, and partners.

Adopting service management practices and adapting them to suit the organization will affect the culture and it is important to prepare people with effective communication plans, policies, procedures, education, training, coaching, and mentoring to achieve the desired the new attitudes and behaviors.

While improving the quality of their services, organizations will eventually be confronted with their current organizational culture. The organization will have to identify and address any changes to this culture as a consequence of the overall improvement initiative. The organizational culture, or corporate culture, refers to the way in which people deal with each other in the organization; the way in which decisions are made and implemented; and the attitude of employees to their work, customers, service providers, superiors, and colleagues.

Culture, which depends on the standards and values of the people in the organization, cannot be controlled, but it can be influenced. Influencing the culture of an organization requires leadership in the form of a clear and consistent policy, as well as a supportive personnel policy.

■  2.3   GOVERNANCE AND MANAGEMENT SYSTEMS

2.3.1    Governance

With the growing role of information, information services, and ITSM, so do the management requirements for the IT organization grow. These requirements focus on two aspects. The first is compliance with internal and external policies, laws, and regulations. The second is the provision of benefits (value-add proposition) for the stakeholders of the organization. A definition for IT governance receiving much support is the one by Wim van Grembergen:

IT governance works to apply a consistent, managed approach at all levels of the organization. This starts by setting a clear strategy that defines the policies whereby the strategy will be achieved. The policies define boundaries: what is in or out of scope of organizational operations.

The International Organization for Standardization (ISO®) introduced in 2008 a standard for IT governance: ISO/IEC 38500:2008.

2.3.2   Management systems

The ITIL definition for a system is:

Systems should be self-regulating for agility and timeliness. In order to accomplish this, the relationships of all components within the system must influence one another for the sake of the whole. Key components of the system are the structure and processes that work together.

Feedback and learning are two key aspects in the performance of systems; they turn processes, functions, and organizations into dynamic systems. Feedback can lead to learning and growth, not only within a process, but also within an organization in its entirety.

Within a process, for instance, the feedback about the performance of one cycle is, in its turn, input for the next process cycle. Within organizations, there can be feedback between processes, functions, and lifecycle phases. Behind this feedback is the common goal: the customer’s objectives.

A service provider can deliver many benefits by understanding the structure, the relationships between components and the effects of changes over time.

Examples of these benefits:

■   Adaptability to the ever-fluctuating needs of customers and markets

■   Sustainable performance

■   Defined approach to managing services, risks, costs, and value

■   Effective and efficient service management

■   Reduced conflict between processes and personnel

■   Reduced duplication and bureaucracy

A well-organized management system is a prerequisite to realizing these benefits.

Table 2.10 ISO Management systems aligned with ITSM

ISO 9001

Quality management system

ISO 14000

Environmental management system

ISO/IEC 20000

Service management system

ISO/IEC 27001

Information security management system

ISO/IEC 19770

Management system for software asset management

ISO/IEC 31000

Risk management

ISO/IEC 38500

Corporate governance of information technology

Developing and maintaining a quality system which complies with the requirements of the ISO 9000 (ISO 9000: 2000®) series can be considered a tool for the organization to reach and maintain the system-focused (or “managed” in IT Service CMM) level of maturity. These ISO standards emphasize the definition, description, and design of processes. For ITSM organizations, a specific ISO standard was produced: the ISO/IEC 20000 (see Figure 2.3).

Figure 2.3   Overview of the ISO/IEC: 20000 service management system

■  2.4   ORGANIZATIONAL MATURITY

From the moment Richard Nolan introduced his “staged model” for the application of IT in organizations in 1973 many people have used stepwise improvement models. These models were quickly recognized as suitable instruments for quality improvement programs, thereby helping organizations to climb up the maturity ladder.

Dozens of variations on the theme can easily be found, ranging from trades such as software development, acquisition, systems engineering, software testing, website development, data warehousing and security engineering, to service desks and knowledge management. Obviously the Kaizen principle (improvement works best in smaller steps) was one that appealed to many people.

After Nolan’s staged model in 1973, the most appealing application of this modeling was found when the Software Engineering Institute (SEI) of Carnegie Mellon University, USA, published its Software Capability Maturity Model (SW-CMM®). The CMM® was copied and applied in most of the cases mentioned above, making CMM something of a standard in maturity modeling. The CMM was later followed by newer editions, including CMMI® (CMM Integration).

2.4.1   Maturity model: CMMI

In the IT industry the most common approach for measuring and improving the process maturity is the Capability Maturity Model Integration (CMMI).

The CMMI staged representation model defines five maturity levels, each a layer in the base for the next phase in the on-going process improvement, designated by the numbers 1 through 5 (Table 2.11).

Table 2.11 CMMI Capability levels

1. Initial

Processes are ad hoc and chaotic

2. Managed

The projects of the organization have ensured that processes are planned and executed in accordance with policy

3. Defined

Processes are well characterized and understood, and are described in standards, procedures, tools and methods

4. Quantitatively managed

The organization and projects establish quantitative objectives for quality and process performance, and use them as criteria in managing processes

5. Optimizing

Focuses on continually improving process performance through incremental and innovative process and technological improvements

■  2.5   BENEFITS AND RISKS OF ITSM FRAMEWORKS

Benefits to the customer/user:

■   The provision of IT services becomes more customer-focused and agreements about service quality improve the relationship.

■   The services are described better, in customer language, and in more detail.

■   Managing service quality, availability, and reliability and service costs is improved.

■   Communication with the IT organization is improved by agreeing contact points.

Benefits to the IT organization:

■   The IT organization develops a clearer structure, becomes more efficient, and is more focused on the corporate objectives.

■   The IT organization is more in control of the infrastructure and services it has responsibility for, and changes become easier to manage.

■   An effective process structure provides a framework for the effective outsourcing of elements of the IT services.

■   Following best practices encourages a cultural change towards providing services, and supports the introduction of quality management systems based on the ISO 9000 series or on ISO/IEC 20000.

■   Frameworks can provide coherent frames of reference for internal communication and communication with suppliers, and for the standardization and identification of procedures.

Potential problems/mistakes:

■   The introduction of ITSM can take a long time and require significant effort, and may require a change of culture in the organization; an overambitious introduction can lead to frustration because the objectives are never met.

■   If process structures become an objective in themselves, the service quality may be adversely affected; in this scenario, unnecessary or over-engineered procedures are seen as bureaucratic obstacles, which are to be avoided where possible.

■   There is no improvement in IT services due to a fundamental lack of understanding about what the relevant processes should provide, what the appropriate performance indicators are, and how processes can be controlled.

■   Improvements in the provision of services and cost reductions are insufficiently visible, because no baseline data was available for comparison and/or the wrong targets were identified.

■   A successful implementation requires the involvement and commitment of personnel at all levels in the organization.

■   If there is insufficient investment in appropriate training and support tools, justice will not be done to the processes and the service will not be improved.

■  2.6   THE SERVICE LIFECYCLE

ITIL approaches service management from the lifecycle of a service. The Service Lifecycle is an organization model providing insight into:

■   The way service management is structured

■   The way the various lifecycle components are linked to each other

■   The impact that changes in one component will have on other components and on the entire lifecycle system

The Service Lifecycle consists of five phases: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. See Table 2.12.

Table 2.12 The five stages of the Service Lifecycle

Service Strategy

The phase of defining the guidelines for creating business value and achieving and maintaining a strategic advantage

Service Design

The phase of designing and developing appropriate IT services, including architecture, processes, policy and documents, in order to meet current and future business requirements

Service Transition

The phase of planning and managing the realization of new and modified services according to customer specifications

Service Operation

The phase of managing and fulfilling all activities required to provide and support services, in order to ensure value for the customer and the service provider

Continual Service Improvement

The phase of continual improvement of the effectiveness and efficiency of IT services against business requirements

Service Strategy is the axis of the Service Lifecycle (Figure 2.4) that “binds” all other phases. This phase defines perspective, position, plans, patterns, and policies. The phases Service Design, Service Transition, and Service Operation transform the strategy into reality; their continual theme is adjustment and change. The Continual Service Improvement phase stands for learning and improving, and embraces all phases. This phase analyses and initiates improvement programs and projects, and prioritizes them based on the strategic objectives of the organization.