ITSM Gap Analysis at XYZ Telecom
An Insight
XYZ Telecom Confidential
Contents
PREAMBLE ASSESSMENT OBJECTIVE ASSESSMENT SUMMARY ASSESSMENT PARTICIPANTS APPROACH ASSUMPTIONSIDENTIFIED STRENGTHS OF XYZ TELECOM IT KEY FINDINGS
STATUS OF ITSM IN XYZ TELECOM OVERALL PROCESS ALIGNMENT LEVELS PROCESS AREA WISE GAPS
RECOMMENDATIONS ROADMAP
THE PDCA MODEL REFERENCES
Preamble
• The IT at XYZ Telecom offers IT Services, namely The IT Service Desk, IT Infrastructure management, and Application management to their customers (various departments within XYZ Telecom) from the facility at Academic City Dubai, UAE.
Background
• Being a quality conscious organization, XYZ Telecom IT thrives to ensure that the IT Services delivered by them are aligned to best practices and global standards in IT Service management.
Approach
• This report contains the structured representation of the findings from this assessment and the recommendation on the way forward.
XYZ Telecom Confidential
Assessment Objective
The objective of this gap analysis is to assess the current the practices within XYZ Telecom IT Department with respect to:
• Specified and implied needs of XYZ IT department • Global best practices in IT Service Management
The Assessment mainly takes the ITIL framework as the basis for the assessment, so that this forms the foundation for XYZ Telecom IT for working towards certifying the IT Service Management practices as per the international standard.
Assessment Summary
• The assessment was conducted over a period of 30 calendar days starting from 31st of March 2011 till 30th of April, 2011.
Assessment
Duration:
• All assessment related activities were carried out from the XYZ Telecom IT facility at Academic city Dubai, UAE
Assessment
Location:
• All observations made during the assessment were documented, reviewed and agreed with the project manager of XYZ Telecom IT to ensure there is no mismatch of what the consultant understood from the information gathered.
Assessment
Validation:
• Interviews with relevant stakeholders in XYZ Telecom
• Review of the Self Assessment questionnaire filled out by the XYZ staff • Review of process/procedure documents and plans showing the intent • Review of records and other evidences
Assessment Method:
XYZ Telecom Confidential
Assessment - Participants
Assessment Participants: Following are the participants from XYZ Telecom IT who
were involved in the assessment -
6
Jassim Juma– Operations Section Head
Osman Farah – Application Section Representative Fouad Saleh – Project Manager
Ayman Al Sayed – Project team member
Yasser Ramadan – Representation from Systems Md Aziz – Representation from Network
Muneer Ahmed – Representation from Vendor Tamer Elahi – Representation from DBA
XYZ Telecom Confidential
Assumptions
The assessment is based on the information made available
to the consultant through interviews and review of documents and
records. A full fledged audit of the operations was not the intention
of the exercise.
It is assumed that all information provided by the various
participants in the assessment exercise are authentic and complete.
It is also assumed that XYZ Telecom is going apply for
ISO/IEC 20000 certification at a later stage
Identified Strengths of XYZ Telecom IT
Help Desk has been established as a SPOC (single point of contact) for XYZ Telecom IT users
The benefits and the need for process improvement has been identified by XYZ Telecom IT
Sr. Management at XYZ Telecom IT is committed on improving it service delivery
Very low staff attrition rate, hence minimal changes in project core members Comparatively well carried out Incident, Supplier and Financial Management Tools, resources and funds allocated/planned for improving Service Management
XYZ Telecom Confidential
Key Findings
Service Desk is established as SPOC (single point of contact) for all the users, however this gets bypassed at times
Very limited awareness on IT Service management best practices among XYZ Telecom staff
Polices related to IT are not defined, documented and communicated
Document control procedures are currently unavailable
Minutes of any meetings in IT are not consistently recorded and
followed up
Documented evidence of IT planning is not available, but planning is
done annually
Status of the ITSM Processes
Status of the ITSM Processes in XYZ Telecom :
Process Existing But Insufficient Documentation Non- Existent Processes Information Security Management Configuration Management Release Management Problem Management
Change Management Availability and Continuity Management Supplier Management Capacity Management
Budgeting and Accounting Service Level Management
Incident Management Business Relationship Management Service Reporting
XYZ Telecom Confidential
Overall Process Alignment Levels – illustrative
The method of calculation of each level is givenbelow:
Each process area has specific number of questions. Based on the information given during the assessment and after reviewing certain evidences, alignment levels are determined. If the alignment level of a process area is less than 50% then it is considered to be at Level-1. If it is equal to or more than 50% and below 90%, then the alignment it is considered to be at Level-2. If it is 90% or above then the alignment level is considered to be as Level-3 Incident Management Problem Management Change Management Configuration Management Release Management
Business relationship Management Supplier relationship Management
Process Area Compliance Level
Level 1 Level 2 Level 3
Service Level Management Service Reporting
Information Security Management Budgeting and Accounting for IT Capacity Management
Availability and Continuity Management
12
Level 1 Major Deviation from the standard requirement
Level 2 Some controls in place
Process Area Wise Gaps -
illustrative
.
Process Area: Incident Management
Alignment Percentage: 66.67% (Level-2)
Crucial Gaps observed:
• Unique identifier and periodic updates not given to users on reported incidents • Consistent procedure to handle major incidents not available
• Helpdesk is bypassed for Application related calls
• Current escalation mechanism in place to resolve incidents is not formal • Incidents not prioritized against business impact and urgency
XYZ Telecom Confidential
Process Area Wise Gaps -
illustrative
Specific Requirements of the framework and alignment details:
Incident Management
ITSM Best Practices Alignment Status
1 All incidents shall be recorded PARTIALLY ALIGNED
2 Procedures shall be adopted to manage the impact of service incidents PARTIALLY ALIGNED
3 Procedures shall define the recording, prioritization, business impact, classification,
updating, escalation, resolution and formal closure of all incidents PARTIALLY ALIGNED
4
The customer shall be kept informed of the progress of their reported incidents or service request and alerted in advance if their service levels cannot be met and an action agreed
PARTIALLY ALIGNED
5 All staff involved in incident management shall have access to relevant information such
as known errors, problem resolutions and the configuration management database NOT ALIGNED 6 Major incidents shall be classified and managed according to a defined process NOT ALIGNED
Recommendations
Immediate Actions Recommended Form a steering committee for progress reviews and escalation management of the improvement initiative
Document all Services and its details with default levels in a Service Catalogue Identify ‘service owners’ for each service from XYZ Telecom IT
Identify and document services required by XYZ Telecom IT from other departments Plan and implement availability, capacity and security monitoring tools
Identify appropriate individuals for process ownership and management
Document, review and agree on all process documentation needed by the framework Identify all the risks related to the implementation of the Service Management System Develop mitigation plans for risks that have high Risk Priority Number
XYZ Telecom Confidential
Recommendations
16
Recommended Steering Committee Composition and Responsibilities
Steering committee composition
Project Sponsor – IT director
Section Heads – Application and Operations Project Manager – XYZ Telecom
Project Manager – Consultants Customer representative(s)
High-level responsibilities of steering committee
Drive adherence of set policies and processes through formal communications to all staff
Assist in driving activities outside IT department, required by the standard
Resolve resource and fund issues that cannot be managed by project manager
Recommendations
Recommended Responsibilities of the Management Representative :
Creation, implementation and maintenance of the Service Management Policy and Service management system for XYZ Telecom IT
Create and implement document control policy, procedures and maintain master list of documents and document storage
Ensure availability of appropriate budgets and funds for service management and improvement
Definition of Roles and Responsibilities for Process Owners and Process Managers for the processes as per the framework
Creation of internal audit procedure, planning, execute audits, create internal audit reports and follow-up till closure
XYZ Telecom Confidential
Recommendations
Recommended Process Ownership and Management Groupings
Different roles with specific responsibilities to manage different process areas would be required to ensure effective implementation of the Service Management system. It may not be possible or not required to have different individuals for managing each process areas. Following are the recommended combination that could be :
Service Desk Incident Management
Service Level Management Business relationship Service Reporting Problem Management Change Management Release Management Configuration Management Availability Management Capacity Management Continuity Management Information Security Management Supplier Management Financial Management 18
Roadmap
XYZ Telecom Confidential
20
References
XYZ Telecom IT department policies, processes and procedures – Evidences ITIL best practices framework documentation
