Category Archives: ITIL

The Most-Advanced Itil V3 Guide Available

Download (PPT, 2.36MB)


store.theartofservice.com/itil.html
CSI – Introduction

ITIL v3

Purpose of CSI

The primary purpose of CSI is to continually align and realign IT services to

the charging business needs by identifying and implementing improvements

to IT services that support business processes. These improvement

activities support the lifecycle approach through Service Strategy, Service

Design, Service Transition and Service Operation. In effect, CSI is about

looking for ways to improve process effectiveness, efficiency as well as cost

effectiveness.

Consider the following saying about measurement and management:

You can not manage what you can not control

You can not control what you can not measure

You can not measure what you can not define.

CSI Objectives

Review analyze and make recommendations on improvement opportunities in each lifecycle phase

Review and analyze Service Level Achievement results

Identify and implement individual activities to improve IT service quality and improve the efficiency and effectiveness of enabling ITSM processes

Improve cost of effectiveness of delivering IT services without sacrificing customer satisfaction

Ensure applicable quality management methods are used to support continual improvement activities.

CSI Scope

There are 3 main areas in CSI that need to be addressed:

Overall health of ITSM as a discipline

Continual alignment of the portfolio of IT services with the current and future business needs

Maturity of the enabling IT processes for each service in a continual service lifecycle model.

To implement CSI successfully it is important to understand the

different activities that can be applied to CSI.

CSI Approach

Value to the business

There are 4 commonly used terms when discussing service

improvement outcomes:

Improvements

Benefits

ROI (Return on Investment)

VOI (Value on Investment).

Justification

To justify any improvement, the IT organization should compare costs

and revenue. The difficulty in doing this, however, is that while the

costs are relatively easy to measure the increase in revenue as a

direct result of the Service Improvement Plan (SIP) is more difficult to

quantify.

Understanding the organization’s target and current situation should

form the basis of the Business Case for a SIP. A stakeholder

assessment and a goal-setting exercise will help focus on the results

and aims.

Benefits

Benefits must be clearly identified to help justify the effort involved in

gathering, analyzing and acting on improvement data. It is important

to:

Consider both direct and indirect benefits.

Identify the benefits for each group of stakeholder at every level in

the organization.

Define the benefits in clear measurable way.

Benefits

Other benefits that will be realized by implementing CSI within an

organization:

Business/customer benefits

Financial benefits

Innovation benefits

IT organization internal benefits

Cost

A Service Improvement Plan (SIP), just like any other major plan, will

have cost associated with executing its activities:

Staff resources trained in the right skill sets to support ITSM processes

Tools for monitoring, gathering, processing, analyzing and presenting data

Ongoing internal/external assessment or benchmarking studies

Service Improvements either to services or service management process

Management time to review, recommend and monitor CSI progress

Communication and awareness campaigns to change behaviors and ultimately culture

Training and development on CSI activities.

Interfaces to other lifecycle practices.

CSI & Service Strategy

Service improvement opportunities could be driven by external

factors such as new security or regulatory requirements, new

strategies due to mergers or acquisitions, changes in

technology infrastructure or even new business services to be

introduced. Feedback from the other lifecycle phases will also

be important.

CSI & Service Design

Design takes the strategy described in the first phase and

transforms it through the design phase into deliverable IT

services. Service Design is also responsible for designing a

management information framework that defines the need for:

Critical Success Factors (CSF’s)

Key Performance Indicators (KPI’s)

Activity Metrics for both the services and the ITSM processes.

CSI & Service Transition

As new strategies and design are introduced this provides an

excellent opportunity for continual improvement. Service

Transition is also responsible for defining the actual CSF’s,

KPI’s and activity metrics, creating the reports and

implementing the required automation to monitor and report on

the services and ITSM processes.

CSI & Service Operation

Every technology component and process activity should have

defined inputs and outputs that can be monitored. The results

of the monitoring can then be compared against the norms,

targets or establishes Service Level Agreements. When a

deviation is identified, between expected and actual

deliverables, a service improvement opportunity Is created.

All or Nothing?

At this stage it is easy to assume that all aspects of CSI must

be in place before measurements and data gathering can

begin. However, this is not the case.

Measure now

Analyze now

Begin reviews of lessons learned now

Make incremental improvements now.

Don’t wait, improvements can start now!

store.theartofservice.com/itil.html

Feel The Power Of Itil Service Management

Download (PPT, 698KB)


store.theartofservice.com/itil.html
ITIL Service Management

Service Management?= The Objective Tree =

Security Management?= Activities: securing information =

Security

ensure such a level of security, that the agreed availability of the infrastructure is not compromised.

study the security demand

study the security possibilities

security regarding 3rd parties (e.g. suppliers)

study the risks of security

draw up a security strategy

Security Management?= Activities: securing information =

CRAMM: analysis of risks

Security Management?= the basics =

CIA

Confidentiality

protecting information against unauthorised use

Integrity

accuracy and completeness of information

Availability

information is available at any moment within the agreed timeframe

Security Baseline

the basic level of security

these standard security measures are listed in the Service Catalogue

Security Management?= Activities: securing information =

the?process?model

Security Management?= Activities: securing information =

Steering: policy and organisation of securing information

Policy

develop and implement policy

awareness campaign: the goal, the common principles and the importance placed on security

determine the sub processes

determine responsibilities and authorities

determine the relationships with other ITIL-processes

how to deal with security incidents

Security Management?= Activities: securing information =

Steering: policy and organisation of securing information

Organisation

set up organisation structure and management frame

allocate responsibilities and authorities

choose tools (for e.g. risk analysis)

implement the “Taskforce Information Security” TIS

coordination of securing information (and providing specialist advice)

ensure independent audits (EDP-audits)

ensure information security in 3rd party contracts

ensure physical and logical access security regarding 3rd parties

Security Management?= Activities: securing information =

Planning

draw up the security paragraph in the SLA together with SLM

record in OLAs / SPAs as security plan per

– organisation-unit? – IT platform? – application? – network? – …

draw up security paragraphs in underpinning contracts

the security plan per organisation-unit within the organisation of the external IT service provider

Security Management?= Activities: securing information =

Implementation

classification and managing IT resources

input for maintenance of CI’s in the CMDB

staff security

screening

security statements / agreements

training

security awareness

how to deal with security incidents

how to deal with flaws in security

disciplinary measures

Security Management?= Activities: securing information =

Implementation

managing security

allocation of responsibilities and authorities

written manuals / guidelines

house rules

guidelines for security during the full lifecycle ?(development – test – acceptance – operation – phase out)

implementation of contingency provisions

handling and securing data carriers

access security

implementation of the policy of securing information

maintenance of access rights of customers and applications

maintenance of security measures in networks?(firewalls, dial-in facilities, bridges, routers, …)

Security Management?= Activities: securing information =

Evaluation (audit & evaluation)

self assessments

are mainly carried out by the business processes themselves

internal audits

by internal EDP-auditors

external audits

by external (independent) EDP-auditors

verification of the security policy

verification of security plans

evaluate security incidents

detect and react to unwanted use of IT resources

Security Management?= Activities: securing information =

Maintenance

of both the SLA (the security paragraph) as well as the OLAs

is based on the results of the sub process “Evaluate” and insight in changing risks

proposes changes to be carried out:

in the sub process “Plan”

in the regular SLA maintenance

the changes go through Change Management !!!

Security Management?= Activities: securing information =

Reporting

on sub process “Plan”

degree of confirmation to SLAs (including CPIs on security)

status of (and possible problems with):? – OLAs / SPAs? – Underpinning Contracts? – security year plans / action plans

on sub process “Implementation”

status accounting

regarding the implementation of securing information

regarding the awareness campaign on securing information

account of security incidents and the reactions

trend analysis regarding security incidents

Security Management?= Activities: securing information =

Reporting

on sub process “Evaluation”

results of audits, reviews and internal assessments

warnings about and identification of new threats

specific reports

with the individual customer agreed SLA-reports

procedures regarding communication in special (unforseen) situations

Security Management ?= Costs, Points of Attention, Advantages =

Costs

P ersonnel

carrying out of the risk-analysis, draw up and maintenance of the security plan, management of (supporting) contracts, …

A ccommodation

also physical storage of process documents, …

S oftware tools for analysis, contract management, security plans,

H ardware implementation costs of security equipment, test costs, …

E ducation

ITIL Master Class / ITSM-Practitioner, …

P rocedures

designing & managing Security Management, documentation, instruction sets, …

Security Management ?= Costs, Points of Attention, Advantages =

Points of Attention

commitment of the organisation and the management

security measures constrain (long fought) privileges

no security incidents = tendency to decrease budget

attitude and awareness

“real” security is often new to the organisation

integrate security procedures in daily routine

controllability

have right actions been taken (and have the right procedures been followed)?

have the right decisions been made?

is the authority of decision makers verifiable?

Security Management ?= Costs, Points of Attention, Advantages =

Points of Attention

Change Management

in assessing a change no slackening may occur regarding (a basic level of) security

too high ambition

don’t do everything at once

implementation of organisational measures is harder than implementation of technical measures

lack of detection mechanisms

“new” applications (e.g. internet) run the risk, under the influence of short “time to market” and desired low development costs, of being not capable of “intrusion detection”

Security Management ?= Costs, Points of Attention, Advantages =

Advantages

pro-active approach of the organisation

optimal security measures

ensuring a technically reliable information flow

internal importance: ?- availability in time of accurate and complete information

external importance: ?- adequate provision of information leads to mature services? and/or products for the external market?- support for the continuity of the organisation

Security Management ?= Functionally Oriented vs. Process Driven =

ITIL Service Management?= “webbing” =

store.theartofservice.com/itil.html

Break Out Of The Itil Model Mold

Download (PPT, 1.27MB)


store.theartofservice.com/itil.html
IT Service Management

An Introduction

IT – Business alignment

?

Aligning IT strategy with business strategy

Meeting business and user needs

Coping with change

Dealing with senior management

Managing costs, budgets and resources

Keeping up with technology

Recruiting and retaining staff

Time and resource management

Infrastructure management

Maintaining skills and knowledge

Parties Involved

Training & Certification

ITIL Model

ITIL Service Management

Participants in the ITIL Framework

The Service Support Set?= Interconnection between the processes =

The Service Delivery Set?= Interconnection between the processes =

More information:

Email: service@itilsurvival.com

Affiliate Programs available

Templates, toolkits, documents: www.itilsurvival.com

E-Learning: www.itsm-learning.com

E-Learning (Corporate): www.itilcollege.com

Books and Publications: www.lulu.com/itilpublications

Browse the Store: www.itsmdirect.com

Now featuring at: www.management-survival.com

store.theartofservice.com/itil.html

The New Best Thing Itil It Service Management

Download (PPT, 2.09MB)


store.theartofservice.com/itil.html
ITIL – IT Service Management

An overview program for IT Service Management

good practices

What is ITSM & what’s the Value?

Good Practice

Organizations can benchmark themselves against peers and seek

to close gaps in capabilites by adopting ‘good practices’ in wide

industry use.

There are several sources for good practices including:

Public frameworks

Standards

Proprietary knowledge of organizations and individuals.

Business and IT Alignment

ITIL Model – V3

V3 Qualification Scheme Structure

V2-V3 Bridging Options

Service Lifecycle Objective

Service Lifecycle, Processes & Functions

How does the Service Lifecycle work?

What are services?

What Are Processes?

Generic Process

Functions

Process Owner vs. Service Owner

RACI Model

Service Provider Types

Type 1

Internal Service

Provider

store.theartofservice.com/itil.html