ITSM Foundation Course Material

IT Service Management

Welcome & Administration

• Structure of the training

• ISO/IEC 20000 certification and course outline • Examination format

•

Welcome & Administration

•

Introduction to IT Service Management

•

Content of ISO/IEC 20000, section 1-5 - basics

Scope

Terms and definitions

Requirements for a management system

Planning and implementing service management

Planning and implementing new or changed services

•

Content of ISO/IEC 20000, section 6-10

–

IT

Service Management Processes:

Resolution Process Control Process Release Process

Service Delivery Process Relationship Process

•

Classification and Preview

ISO/IEC 20000 certification

Related practices and standards

ISO/IEC 20000 Qualification Program

Co nte nt of ISO /I EC 20 00 0 -1 an d ISO /I EC 20 00 0 -2

Examination Format

Already available in English, Dutch, French,

Portuguese, Japanese, Chinese, German, Italian,

Latin-American Spanish and European Spanish.

This is a closed book exam. No materials are permitted

in the examination room.

Duration: 1 hour

Number of questions: 40

Multiple-choice with

four options: A, B, C or D and

a single answer

Score minimum of 65 percent (26 of 40) to pass the

exam.

BEST

PRACTICE according to …

Goal of this slide set

•

Preparation for an ISO/IEC 20000 Foundation Exam

according to specifications from EXIN and TÜV SÜD

Akademie.

Notations used in this slide set:

Course Material

Blue background Definitions according to ISO/IEC 20000

Minimum requirements of ISO/IEC 20000-1

ISO/IEC 20000-2 recommendation

A best practice, but no ISO/IEC 20000

requirement or recommendation

Introduction to IT Service

Management

• Motivation of process-oriented IT Service Management • Background, History

• Basic principles

Learning target of this section

•

IT Services and their elements (1.2.1, 1.2.2)

•

IT Service Management: Concept, Benefit, Risks

(1.3.1, 1.3.2)

•

Process orientation: Concept, Benefit (1.4.1)

•

Process control and measurement (1.4.2)

•

Roles of IT Service Management (1.4.3)

•

Quality, Quality of Service (1.1.1, 1.1.2, 1.2.3)

•

Principles of quality management and setup of a

quality management system (1.1.3)

•

ISO/IEC 20000: Purpose, Benefit, History, Owner

(2.3.1, 2.3.2)

Motivation of Process Orientation

• Availability is the most essential service parameter of enterprise services.

• Availability is determined by

frequency and duration of service failure.

• About 80% of failures are a

consequence of people and process issues.

• Duration of failures heavily depends on non-technical factors. Operator Errors Application Failures [Gartner 1999]

Causes of service failure

Technology

What is ISO/IEC 20000?

•

ISO/IEC 20000 is a worldwide standard that

describes the implementation of an integrated

process approach for the delivery of IT

services.

•

A set of minimum requirements to audit an

organization for effective IT Service

Management.

•

Owner:

ISO (International Organization for Standardization) IEC (International Electro-technical Commission

Developed by JTC 1 / SC 7)

History: from BS 15000 to ISO/IEC 20000

•

BS 15000:

Direct predecessor of ISO/IEC 20000

Developed by BSI (British Standards Institution)

•

1995, 1998: Code of practice (non-certifiable)

PD 0005 A Code of Practice for Service Management

•

2000: First release of the standard

BS 15000: 2000 Specification for Service Management

PD 0015: 2000 IT Service Management Self-Assessment Workbook

•

2002, 2003: Second release

BS 15000-1: 2002 Specification for Service Management

BS 15000-2: 2003 Code of Practice for Service Management

PD 0015: 2002 IT Service Management Self-Assessment Workbook

•

2004: Adoption in other countries

Australia: AS8018

ISO/IEC 20000: Development and Parts

• Date of Publication: December 15, 2005 - Developed using a

fast-track approach by adoption of BS 15000 during 14 months

• Changes to BS 15000

Formally 450 changes (renumbering, etc.)

In terms of content, just slight differences (sole terms, etc.)

• No other official publications by ISO/IEC but increasing number of secondary publications by BSI (BIP 0030-0039, BIP 0015)

• Two Parts:

ISO/IEC 20000-1:

Information Technology Service Management – Part 1: Specification

ISO/IEC 20000-2:

Information Technology Service Management – Part 2: Code of Practice

Requirements -

shall

Recommendations -

Context of ISO/IEC 20000

Basics:

IT Service Management (e.g. ITIL® _{, MOF, CobiT)}

& Quality Management (e.g. ISO 9000) ISO/IEC 20000-2 ISO/IEC 20000-1 SHALL/MUST-HAVE‟s  Minimum Requirements  Check lists SHOULD-HAVE‟s  Enhancement of Part 1  Recommendations

Related Standards – Overview

ITIL® V2 ITIL® V3 CobiT MOF ISO/IEC 20000 ISO 9000 CMM CMMI ISO/IEC 15504 Software Engineering

Maturity Degree Model

IT Management Framework Quality Management standard / methodology BS 15000 Six Sigma Adoption of concepts Predecessor Legend ISO/IEC 27000 (since CobiT V4)

Basic Principles and Concepts

•

Process

Processes in general Business Processes IT Processes

•

Service

•

Process Management

•

Process Assessment

What is a Process?

•Hammer, Champy (Reengineering the Corporation):

“A business process is a bundle of activities, which requires one or several inputs and which creates

value for the customer.”

•Office of Government Commerce (ITIL® Version 3):

“A structured set of Activities designed to accomplish a specific Objective. (…)“

•DIN/ISO (ISO 9000):

“A business process is a collection of interrelated resources and activities, that transform inputs into outputs. Resources could be personnel, buildings, machinery, technology and methodology.“

Management‟s Process Orientation

Processes control and impact on …

• individuals’ behavior

• employment of technology

• usage of information/knowledge

•  Processes make results of activities predictable

•  Process Orientation as a Management Paradigm

Activity Activity Activity Outpu t Outpu t Output Input Inp ut Inpu t

Domain 1

Domain 2

Domain 3

Process Assessment

Critical Success Factors

Meet all critical conditions to achieve success

– What are the basic conditions of the process? – Does the process operate effectively?

 Qualitative consideration

Key Performance Indicators

Metrics reflect the degree of target achievement

– Calculation based on parameter values measured during process execution

– Does the process actually operate (now, last month, last quarter, etc.) effectively and efficiently?

 Quantitative consideration



What is a Service?

Definition according to ITIL

®

Version 3

(goal-oriented)

•

A means of delivering value to customers by facilitating

outcomes customers want to achieve without the

ownership of specific costs and risks.

Model-based Definition (technology-oriented)

•

Target – A view of all components and

management-relevant aspects of a service.

Components of an IT Service

Information System:

-

People, Processes, Technology, Partners

-

Used to manage information

Support:

-

Changes, system restoration in case of failure

-

Maintenance

-

To ensure performance according to the agreed

requirements

Quality:

-

Availability, Capacity, Performance, Security

Scalability, Adjustability, Portability

-

Quality attributes of the information system to be

specified and agreed upon

ITSM: Basic Relationships

• Business Processes are

supported by IT Services.

• Delivering IT Services is the key task of an IT provider.

• Customers of the IT provider are basically organizations that are involved in business processes.

• Users use IT Services to carry out day-to-day activities.

• ITSM Frameworks describe Best

Practices of IT Service Management. Manage- ment IT Service Business Process supports IT Provider Customer is responsible delivers ITSM Best Practice use User

Process-oriented ITSM: Objectives and Benefit

•

Objectives: Management of IT Services for

Fulfillment of Business Requirements

•

Benefit:

– Effectiveness and efficiency of workflows will be increased.

– IT Management will be placed on a stable foundation by focusing on business objectives and customer

orientation.

– Improved external communication, competitive advantage.

– Improved communication, Knowledge Management – Output is more predictable and comprehensible.

– Less failures and resultant faults.

– Better management of risks (reduced insurance rates, compliance requirements)

Process-oriented ITSM: Risks

•

Bureaucratic procedures, more paperwork.

•

Lower effectiveness and efficiency, if…

– The staff is not aware of processes and measures and personnel do not accept the system.

– Senior Management only pays lip-service to the system.

– Important work is done outside of the system and process is not complied with.

Roles in Process Management

Sets of responsibilities, activities and authorities

granted to a person or team

•

Per process:

- Process owner is responsible for process results.

- Process manager is responsible for realization of the process, day-to-day control and management.

- Process operatives (professionals) are responsible for defined activities.

Results assessed based upon agreed performance

indicators.

Role of Tools

Automated support aids in the performance of tasks/activities

Purpose:

•

Increased efficiency = cost reduction

•

Provide evidence of the process activities performed

Examples:

-

Monitoring tools

-

Software distribution tools

-

Service Management / workflow tools

-

Remote infrastructure management tools

Service Quality

“Quality of Service is a measure that indicates the overall effect of service performance that determines the

degree of satisfaction of a user of the service. The

measure is derived from the ability of the resources to provide different levels of services. The measure can be both quantitative and qualitative.”

• Quality of service is a critical part of customer and end user satisfaction

• Measure of the ability of a service to provide the intended value to a customer

• Specific to the individual customer; quality metrics should be defined from the customer’s perspective

Quality Policy

The Quality Policy recognizes that there is always the

potential to increase effectiveness and efficiency

(continual improvement).

The Quality Policy determines the general quality goals of an

organization.

•

The Quality Policy however does not cover:

Legal Requirements

Customer specific requirements in quality (cp. SLA’s) Requirements of ISO/IEC 20000

Relationship between IT Services and Quality

•

A service is provided through the interaction of the

provider with customers and users; quality of the service

depends upon this interaction.

•

Quality is a measure of the extent to which the service

fulfills the requirements and expectations of the

customer.

•

Customer perception of quality is largely based on

expectations:

Common language/terminology required to ensure effective dialogue.

Expectations need to be clearly defined.

Supplier should continually assess how service is being

experienced and what the customer expects in the future.

Principles of Quality Management

ISO/IEC 20000 is predicated on basic principles of

Quality Management as defined in ISO 9000

e.g.

Principles of Quality Management (QM):

Customer focus

Leadership

Involvement of people Process approach

System approach to management Continual improvement

Factual approach to decision making

Strategy

Process

QUALITY

MANAGEMENT SYSTEM

Objective of a Quality Management System

Requirements for a Management System (Sec 3) Senior Management Buy-In Right People Competent, aware and trained

Right products Right Suppliers

Right Documents that are managed Good communication

Steps to Establish a Quality Management System

•

Identify customer’s requirements and expectations.

•

Define and assign required resources to achieve the

committed quality goals.

•

Launch procedures to measure effectiveness and

efficiency.

Summary

ISO/IEC 20000

•

Worldwide Standard

•

Process-Oriented Approach for IT Service

Management

•

Based on:

Best Practices in IT Service Management (as per description in ITIL® e.g.)

Principles of Quality Management (as per description in ISO 9000 e.g.)

•

Consists of two parts:

ISO/IEC 20000-1: Specification

ISO/IEC 20000-2: Code of Practice Structure of both parts is identical.

Basic Structure ISO/IEC 20000

Release Management

Business Relationship Management Supplier Management

Budgeting & Accounting for IT services Information Security Management Service Level Management

Service Reporting Capacity Management

Service Continuity & Availability Management Incident Management Problem Management Configuration Management Change Management [9] Control Processes [10] Release Process [8] Resolution Processes [7] Relationship Processes [4] Planning & Implementing Service Management

[3] Management System

[5] Planning & Implementing new or changed Services [1] Scope

[2] Terms and Definitions

•

What is IT Service Management?

•

What is a Management Process?

•

What is ISO/IEC 20000?

Content?

Structure?

Processes and process clusters? History?

Relationship to ITSM Frameworks?

•

What is the advantage of process-oriented

management?

•

What are the risks?

Content of ISO/IEC 20000 Part 1:

Basics

(section 1 - 5)

[4] Planning & Implementing SM [3] Management System

[5] Planning & Implementing new or changed Services [1] Scope

[2] Terms and Definitions

Management responsibility Documentation requirements

Competencies, awareness & training Plan, Do, Check, Act

Section 1: Scope

[4] Planning & Implementing SM [3] Management System

[5] Planning & Implementing new or changed Services [1] Scope

[2] Terms and Definitions

Management responsibility Documentation requirements

Competencies, awareness & training Plan, Do, Check, Act

Objective

Learning target of this section

•

Applicability and Scope of the Standards

(2.2.1)

•

Usefulness and benefit of a certification

(2.2.2)

•

Difference of ISO/IEC 20000-1 and ISO/IEC

20000-2 (2.3.3)

Scope: Description ISO/IEC 20000

What is the common advantage of ISO/IEC

20000?

•

ISO/IEC 20000 defines requirements for Service providers.

•

ISO/IEC 20000 sets up a basis of standardized terminology

for IT Service Management.

•

ISO/IEC 20000 is applicable ...

• in a bid context

• securing consistency in a supply chain approach • as IT Service Management benchmarking

• as basis for an independent assessment

• to prove capability in meeting customer requirements • improving service

Scope: Description ISO/IEC 20000

What is the purpose of the respective parts of

ISO/IEC?

ISO/IEC 20000-1: Requirements for service providers intending to offer managed services with acceptable quality levels

ISO/IEC 20000-2: Additional guidelines for auditors and service providers

Where is ISO/IEC 20000 not suitable?

Section 2: Terms and Definitions

[4] Planning & Implementing SM [3] Management System

[5] Planning & Implementing new or changed Services [1] Scope

[2] Terms and Definitions

Management responsibility Documentation requirements

Competencies, awareness & training Plan, Do, Check, Act

Objective

Learning target of this section

•

Terms and Definitions according to

Terms and Definitions: Overview

•

Availability (6.3)

•

Baseline (9.1)

•

Change Record (9.2)

•

Configuration Item

(9.1)

•

Configuration

Management

Database (9.1)

•

Document

•

Incident (8.2)

•

Problem (8.3)

•

Record

•

Release (10.1)

•

Request for Change (9.2)

•

Service Desk

•

Service Level Agreement

(6.1)

•

Service Management

•

Service Provider

Grey highlighted terms: Definitions - see the following slides

Documents and Records

Document

•

Information and its supported medium.

Record

(objective evidence)

•

A record is a document which shows what

kind of results are being achieved or how well

activities are being performed.

Service …

Service Desk

•

Interface function for communication of provider and

user, which covers the bigger part of the first level

support.

Service Management

•

Management of IT Services in order to support and

meet business requirements.

Service Provider

•

Supplier of IT Services (target object of ISO/IEC

20000 certification).

Service Desk

Service Desk – Objectives

•

To ensure availability of the IT provider

•

Single Point of Contact (SPOC) for Users

Tasks -

•

To take over tasks of service support (e.g. particularly

within Incident Management Process)

•

Communication to users

Service Desk is a Core Definition, but not part of the ISO/IEC 20000 requirements.

BEST

Requirements for a Management System

[4] Planning & Implementing SM

[3] Management System

[5] Planning & Implementing new or changed Services [1] Scope

[2] Terms and Definitions

Management responsibility Documentation requirements

Competencies, awareness & training Plan, Do, Check, Act

Objective:

To provide a management system enabling the effective

management of all IT Services.

Learning target of this section

•

Objective and purpose of a management system

(3.1.1)

•

Management responsibilities (3.1.2, 4.1.1)

•

Documentation requirements (3.1.3, 4.1.2)

Management Systems

What is a management system?

A possible definition: A management system is the

framework of processes, tools and resources

(personnel and machinery) used to plan,

execute, document and continually improve

management tasks in a target-oriented,

customer-oriented and quality-oriented way.

•

Important Aspects:

•

Quality (cp. Quality Management)

•

Management responsibilities

•

Documentation

Management Responsibilities

Management shall:

• prove commitment to development, implementation and

improvement of service management capabilities by appropriate leadership behavior and appropriate

measures;

• establish policy, objectives and plans;

• communicate the importance of meeting the objectives and

the need for continual improvement;

• ensure that customer requirements are determined and are

met;

• appoint a member of management responsible for the

Management Responsibilities (continued)

Management shall: (continued)

• determine and provide resources (e.g. personnel) for

Service Management;

• manage risks to the organization and services;

• conduct reviews of service management at planned

Management Responsibilities (continued)

Furthermore, Senior Management should:

• require and support the implementation of service

management processes;

• assign an executive position to the senior responsible

owner of IT Service Management ;

• provide management representatives with required

resources for continual or project-related improvement;

• allocate a decision-making group to the management

representatives with sufficient authority to define guidelines and make decisions.

Documentation

Documentation and records shall be provided to

support effective planning, operation and control.

•

Including at least:

• Documentation of Service Management guidelines and plans

• Documentation of Service Level Agreements

• Documentation of processes required by ISO/IEC 20000 • Records required by ISO/IEC 20000

Procedures and responsibilities shall be established

for the creation, review, approval, maintenance,

Documentation: Best Practices

•

Senior responsible owner should ensure evidence is

available for audit, such as:

• Policies and plans

• Service documentation • Procedures

• Processes

• Process control records

•

Documents should be in a medium suitable for their purpose.

•

Documents should be protected from damage due to

circumstances (e.g. environmental conditions, computer

disasters).

Competence, Awareness & Training

•

All roles and responsibilities in combination with the

required competencies shall be defined.

•

Competencies and training needs shall be determined

and managed:

• Maintain appropriate records of qualifications,

experience, skills and trainings

• Arrange for training and further education

• Control effectiveness of qualification and training

•

Management shall ensure that staff are aware of the

relevance and importance of their activities and how

they contribute to the achievement of service

Section 4: Planning and Implementing SM

Objective

•

Planning and

Implementing IT

Service Management

using Deming’s

Quality Circle.

PLAN [4.1] Plan Service Management DO [4.2] Implement Service Management CHECK [4.3] Monitor, Measure and Review ACT [4.4] Continual Improvement

[4] Planning & Implementing SM

[3] Management System

[5] Planning & Implementing new or changed Services [1] Scope

[2] Terms and Definitions

Management responsibility Documentation requirements

Competencies, awareness & training Plan, Do, Check, Act

Learning target of this section

•

Objective and purpose of the section Planning and

Implementing IT Service Management (3.1.5)

•

Plan-Do-Check-Act methodology for Service

Management Processes (1.5.1, 3.1.6, 3.1.8)

•

Principles of a Service Management Plan (3.1.7)

•

Internal and external audits (4.1.5, 4.1.6)

Continual Improvement

1.

Necessary in order to improve the performance of the

organization and increase customer satisfaction.

2.

Needs to be a permanent objective of the organiation.

3.

Continual activity which keeps the wheel of the PDCA

cycle turning.

4.

Ensures improvement activities at all levels are aligned to

the organization’s strategy.

5.

Increases flexibility to act quickly on opportunities.

6.

Applying the principle leads to a company culture and

organization-wide approach to continual improvement.

7.

Leads to more business in the mid-term by actively

improving the relationship with customers.

Deming‟s Quality Circle – PDCA

•

Process model of quality management according

to W. Edwards Deming

•

Cyclical optimization of quality leads to continual

improvement

•

Plan-Do-Check-Act is applicable to all processes

defined in ISO/IEC 20000

time

matu

Business Requirements Customer Requirements Request for new/changed services Other processes (e.g. business, supplier, customer) Other teams (e.g. Security, IT Operations) Management of Services Management Responsibility PLAN Plan Service Management ACT Continual Improvement DO Implement Service Management CHECK monitor, measure and review Service Desk Business results Customer satisfaction New/changed Services

Team and people satisfaction

Other processes (e.g. business, supplier, customer)

Section 4.1: Plan Service Management

Objective "Plan"

To plan the implementation and delivery of service

management.

PLAN

DO

CHECK

ACT

Planning for Service Management

•Create a plan for implementing service

management.

•The plan is called the Service Management

Plan.

•Responsibilities shall be determined and

documented to control, authorize,

communicate, operate and maintain the plans.

•All process-related plans have to be

Service Management Plan

The plans shall at a minimum define:

1.

Scope of service management

2.

Objectives and requirements to be achieved by

service management

3.

Processes to be executed

4.

Framework of roles and responsibilities

5.

Interfaces between service management

processes

Service Management Plan

The plans shall at a minimum define (continued):

6. Approach to risk management

7. Methods for interfacing with development projects

8. Resources, facilities, budget

9. Tools for process support

10.Methods to manage service quality including audit

and improving

Service Management Plan

Approaches to implementing the Service Management Plan

•

The Service Management Plan should be implemented by

considering the following issues (providing a map for directing

progress):

Required new service management processes

Changes in existing processes

Improvement of established procedures

etc.

Other possible content of the plan:

•

Appropriate tool support for processes

Service Management Plan

Events with impact on the Service Management Plan:

•

Service Improvement

•

Changed Services

•

Changes to the target-state of infrastructure

•

Changed legal/official requirements

•

Regulation or deregulation of branches

Objective "Do"

To implement the service management

objectives and plan.

PLAN

DO

CHECK

ACT

Implementing Service Management

Implementing Service Management

•

Allocation of budgets

•

Allocation of roles and responsibilities

•

Documenting and maintaining policies, plans,

procedures and definitions for each process

•

Identify and manage risks to the service

•

Managing teams (staff)

•

Managing facilities and budgets

•

Managing teams for service desk and operations

•

Reporting on progress of Service Management Plan

Objective "Check"

To monitor, measure, and review that the

service management objectives and plan are

being achieved.

PLAN

DO

CHECK

ACT

Achievement of Objectives

• Appropriate methods shall be applied for monitoring and

measuring processes to disclose achievement of targets.

• Management shall conduct reviews at planned intervals to

determine whether:

• Service management requirements conform with the Service Management Plan and requirements of

ISO/IEC 20000

• Service management requirements are effectively implemented and maintained

• An audit program shall be planned.

• Objectives of reviews, assessments and audits shall be

documented together with the results and detected resolutions.

• In case of failure to fulfill obligations and other

problematical concerns, all relevant parties shall be informed.

Characteristics of Assessments and Audits

•

Self-assessment

e.g. a department assesses its own procedures

Poor comparability, often not objective

•

First party (internal) audit

Auditing is performed by a department within the

organization

Auditor belongs to same organization, but is not

involved in audited department

•

Second party (vendor) audit

•

Third party (external) audit

Auditing is performed by an independent external

organization

In the context of standard audits mostly a registered

certified body (RCB).

Comparison: Characteristics of Assessments and Audits

Objectiveness Co sts/ ef fort Self-assessment First party (internal) audit Third party (external) audit Second party (vendor) audit

Audit Program

•

To be considered by internal audit

program:

Status and importance of the audited processes and organizations

Results of previous audits

•

Criteria, scope, frequency and methods

shall be defined in a procedure.

•

Selection of auditors shall take into

consideration:

Audit has to be objective and impartial. Auditors shall not audit their own work.

Management Review

Management Reviews should focus on:

•

Achievements compared to service objectives (e.g.

from audit results)

•

Customer satisfaction

•

Resource utilization

•

Trends

Objective "Act"

•

To improve the effectiveness and efficiency of

service delivery and management.

PLAN

DO

CHECK

ACT

Policy

•

A published policy for service improvement is

required.

•

Any non-compliance with ISO/IEC 20000 or with

service management plan shall be remedied.

•

Roles and responsibilities for service

improvement shall be defined clearly.

Management of Improvement

•All suggested service improvements shall be

evaluated, documented, prioritized and

authorized. Monitoring these activities shall be

planned.

•A specific process is required for continually

identifying, measuring, reporting and managing

improvement. This encompasses:

Improvements concerning individual processes that can be implemented by process owner’s means Organization-wide or cross-process improvements

Activities to be carried out

• Information shall be recorded and analyzed as

a baseline and a benchmark against the

provider’s capability in managing services and

service management processes.

• Identify, plan, and implement improvements.

• Consultation with all involved parties.

• Set a goal for improvements regarding quality,

costs, resources.

Activities to be carried out

•

Consider relevant requests for improvement

of all services and management processes.

•

Measure, report and communicate service

improvements.

•

Revise service management policies,

processes, procedures and plans where

necessary.

•

Ensure that all approved actions are

delivered and that they achieve their

intended objectives.

Section 5: Planning and Implementing Services

[4] Planning & Implementing SM [3] Management System

[5] Planning & Implementing new or changed Services

[1] Scope

[2] Terms and Definitions

Management responsibility Documentation requirements

Competencies, awareness & training Plan, Do, Check, Act

Objective:

To ensure that new services and changes to services will be

deliverable at the agreed cost and service quality.

Learning target of this section

•

Parties involved in planning new or changed services

(3.2.1)

•

Objective and purpose of planning and implementing

new or changed services (3.2.2)

•

Quality requirements for new or changed services (3.2.3)

•

Content of an implementation plan for new or changed

services (3.2.4)

•

Planning and implementation policy for new or changed

services (4.1.4)

•

Reviews for planning new or changed services (4.2.1)

Minimum Requirements

•

The costs, commercial and organizational impact of any

proposed new or changed services shall be considered by

operations and management of these services.

•

New or changed services, including closure of service,

shall be planned and authorized/approved through change

management.

•

Planning of new/changed services shall consider aspects

of funding and allocation of resources.

•

New/changed services require acceptance by service

provider before deployment to live environment.

•

Post implementation review (including target-performance

comparison) through change management process.

Implementation Plans for New/Changed Services

Implementation plans for new/changed

services comprises at least:

•

Roles and responsibilities for implementing,

operating and managing (as well at the customer and

at vendor)

•

Required changes to existing services and systems

•

Communication to the stakeholders

•

New and changed contracts and agreements

•

Manpower requirements

Implementation Plans for new/changed Services

Implementation plans for new/changed services

consists of at least (continued):

•

Processes, measures, methods, and tools to be used in

connection with the new/changed service

•

Budgets and timelines

•

Service Acceptance Criteria

•

The expected outcomes from operating the new service

expressed in measurable terms

PINCS: Involved Parties

• Roles and responsibilities related to the service need

to be defined, including activities to be performed by:

Customers

Suppliers

Service Provider

Implementation via Change Management

Skills and training requirements for:

Users

Reviews at planning new or changed services

During planning new/changed services, the

following should be reviewed:

•

Budget – Adjustment of budgeting required?

Increased financial requirements through new services?

Reduction of costs through changes or replacement of expensive services?

•

Staff – Is existing staff able to provide/support

new/changed services?

Increased headcount (e.g. at support)? Possible personnel consolidation through

new/changed services?

•

Service Levels – Impact on existing service

levels?

Reviews for planning new or changed services

During planning new/changed services the

following should be reviewed (continued):

•

SLA‟s and other commitments

Changing existing or concluding new SLA’s required? Other commitments?

•

Processes, procedures and documentation

Changing existing processes and procedures required (e.g. at support)?

Changed services require new documentation or update of existing documents?

•

Scope of Service Management

New or not yet implemented service management processes required?

Change Records of Changed Services

All changes to existing services should be

documented in relevant change records.

•

Staff training - conducted update training for

support staff

•

Move or transfer

•

Conducted user training

•

Any change-related communication

•

Changes to supporting technologies (e.g.

system components, software)

Content of ISO/IEC 20000

Part 2:

IT Service Management Processes

(section 6 - 10)

Release Management

Business Relationship Management Supplier Management Budgeting & Accounting for IT services Information Security Management Service Level Management

Service Reporting Capacity Management

Service Continuity & Availability Management Incident Management Problem Management Configuration Management Change Management [9] Control Processes [10] Release Process [8] Resolution Processes [7] Relationship Processes [6] Service Delivery Processes

Release Management

Business Relationship Management Supplier Management Budgeting & Accounting for IT services Information Security Management Service Level Management

Service Reporting Capacity Management

Service Continuity & Availability Management Incident Management Problem Management Configuration Management Change Management [9] Control Processes [10] Release Process [8] Resolution Processes [7] Relationship Processes [6] Service Delivery Processes

Section 8: Resolution Processes

About the process group

Incident and Problem Management are closely related

processes but differ in their objectives. These processes are covered in the Professional module Support of IT Services within the ISO/IEC 20000 Qualification Program.

Learning target of this section

•

Objectives and requirements within

Incident Management (3.5.1)

•

Best Practices within Incident

Management (4.5.1)

•

Objectives and requirements within

Problem Management (3.5.2)

•

Best Practices within Problem

Code of Practice

Classification Incident vs. Problem Management

•

Incident Management: Quickest possible service

recovery

•

Problem Management: Root cause identification and

resolution

Similarities and connections between Incident and

Problem Management

•

Prioritization of Incidents and Problems

•

Problem Management develops and maintains

Code of Practice

Aspects to consider scheduling Incidents and

Problems

•

Priority: Control factor resulting from

Impact Urgency

•

Staff skills

•

Competing requests for resource allocation

•

Costs of implementing the resolution

•

Approximated time to implement the resolution

Objective:

Resolve incidents as quickly as possible and minimize the

adverse impact on business operations.

Incident Management

Release Management

Business Relationship Management Supplier Management Budgeting & Accounting for IT services Information Security Management Service Level Management

Service Reporting Capacity Management

Service Continuity & Availability Management Incident Management Problem Management Configuration Management Change Management [9] Control Processes [10] Release Process [8] Resolution Processes [7] Relationship Processes [6] Service Delivery Processes

Fundamental terms

Incident

•

An unplanned interruption to a service or

reduction in the quality of an service.

Further Terms

•

Service Request:

Request for documentation User Request for Change

•

Escalation: procedure of forwarding an incident

Functional Escalation Hierarchical Escalation

Process

Activities:

•

Detection and Recording - description of symptoms,

creation of ticket

•

Classification and Initial Support - if possible,

resolution through first level support (Service Desk);

incident prioritization and categorization

•

Investigation and Diagnosis - find a resolution to

restore the service as quickly as possible

•

Resolution and Recovery - initiation of required

recovery measures

•

Closure - resolution documentation, user

confirmation, close ticket

BEST

Functional Escalation

Request? Detection 1st Support Resolvable? Resolution Diagnosis Resolvable? Resolution Closure Request Fulfillment Yes Yes Yes No _No No 2nd Level Support 3rd Level Support Service Desk

Co-ordination of support units

Diagnosis

Resolvable?

Resolution Yes

No

Service Requests and Incidents

The 20 GB hard disk of my notebook is too small !

I have forgotten my Wiki-Password!

The color printer in room D.2 stopped printing red!

It takes a long time to load our external web

sites!

I cannot access my emails!

Service Request for a storage upgrade

Service Request for a

cartridge change or a printer failure

Performance Incident

Service Request for a

password or account reset

Minimum Requirements

All Incidents shall be recorded.

Procedures for detection, impact analysis, prioritization, classification, escalation, resolution and closure of incidents shall be defined.

Customers shall be kept informed of the process progress and alerted BEFORE SLA is breached or at risk of being

breached.

All staff involved in incident management shall have access to relevant information such as:

 Known errors

 Problem resolutions

 Configuration Management Database (CMDB)

Code of Practice

Process closure

Prerequisite - Final closure of an incident should only take place when the initiating user has confirmed that the

service is restored.

Major incidents

Important - There should be a clear definition of what constitutes a major incident.

All major incidents should have a clearly defined responsible manager at all times.

Assessment Card Template

Section Sub

Section Requirem ent of ISO20000

8.1 Incident Managem ent

8.2 a All incidents shall be recorded

8.2 b Procedures shall be adopted to manage the impact of

service incidents

8.2 c

Procedures shall define the recording, prioritization, business impact, classification, updating, escalation, resolution and formal closure of all incidents

8.2 d

The customer shall be kept informed of the progress of their reported incidents or service request and alerted in

advance if their service levels cannot be met and an action agreed

8.2 e

All staff involved in incident management shall have access to relevant information such as know n errors, problem

resolutions and the configuration management database

8.2 f Major incidents shall be classified and managed according

Objective:

To avoid disruption by proactive and reactive analysis of the cause of potential incidents.

Problem Management

Release Management Business Relationship Management Supplier Management Budgeting & Accounting for IT services Information Security Management Service Level Management

Service Reporting Capacity Management

Service Continuity & Availability Management Incident Management Problem Management Configuration Management Change Management [9] Control Processes [10] Release Process [8] Resolution Processes [7] Relationship Processes [6] Service Delivery Processes

Fundamental terms

•

Problem

An unknown cause of one or more incidents

Additional terms:

Known Error - root cause of one or more incidents for

which work-arounds exist, if applicable.

Problem Control

Process

Sub-processes within reactive problem management

Problem control Error control

Problem Known Error

unknown cause known cause

Error Control

Request for Change

Change Management

BEST

PRACTICE according to ITIL® Version 2

Process activities within reactive problem management

Problem detection Problem logging Categorization Prioritization

Investigation and Diagnosis

Find out work-arounds, if possible Create Known Error Record

Submit request for change, if required Resolution Closure BEST PRACTICE according to ITIL® Version 3

Trend Analysis

Definition: Analysis of data of various sources to identify time-related patterns.

Examples of sources:

• Ticket system - number of similar incidents

• Monitoring tools - resource utilization peaks

Examples of time-related patterns:

• Each Monday between 7:30-9:30 p.m. noticeable accumulation of submitting network incidents

 Problem identification (reactive problem management since incidents already occured)

• Every day between 2-5 a.m. marginally high utilization of an information system

 Problem identification (proactive problem management since incidents should be avoided)

Minimum Requirements

• All identified problems shall be recorded.

• Procedures shall be adopted to identify, minimize or avoid the impact of incidents and problems. They shall define the

recording, classification, updating, escalation, resolution and closure of all problems.

• Preventive action shall be taken to reduce potential problems.

• Changes required in order to correct the underlying cause of problems shall be passed to the change management process.

Minimum Requirements

• Problem resolution shall be monitored, reviewed and reported on for effectiveness.

• Problem management shall be responsible for ensuring up-to-date information on known errors and corrected problems is available to incident management.

• Actions for improvement identified during this process shall be recorded and implemented.

Code of Practice

•

Communication

All processes and people involved in service support

particularly incident management should be informed of:

• Work-arounds

• Permanent fixes

Example: From Problem to Change

It takes a long time to load our external web

sites! Incident

Category: SW/Service Impact:

Highest (all users) Urgency:

Low (no SLA affected)

Problem

1. Back up log file 2. Empty log file

Failure in writing log files causes delays

Root cause

Max. file size of web server log files reached

Known Error

Install patch for web server

Resolution

Install patch T12-02 for web server on

machine pclx3

RfC

Assessment Card Template

Se ction Sub

Se ction Re quire m e nt of ISO20000

8.3 a All identif ied problems shall be recorded

8.3 b Procedures shall be adopted to identif y, minimize or avoid the impact of incidents and problems.

8.3 c Procedures shall def ine the recording, classif ication,

updating, escalation, resolution and closure of all problems

8.3 d Preventive action w ill be taken to reduce potential problems, eg. Follow ing trend analysis of incident volumes and types

8.3 e

Changes required in order to correct the underlying cause of problems shall be passed to change management

process

8.3 f Problem resolution shall be monitored, review ed and reported on f or ef f ectiveness

8.3 g

Problem management shall be responsible f or ensuring up-to-date inf ormation on know n errors and corrected

problems is available to incident management

8.3 h Actions f or improvement identif ied during this process shall be recorded and input into the service improvement plan

Revision Course

• Trend analysis is important during what activity of problem management process?

• What is the difference between a problem and an error?

• What are the sub-processes of problem management?

• How is problem management linked to change management?

• What is the next step within problem management after a change was implemented to resolve an error?

• What kind of information does problem management provide for the incident management process?

Section 9: Control Processes

About the process group

Objective:

To manage configuration information and changes effectively.

Release Management

Business Relationship Management Supplier Management Budgeting & Accounting for IT services Information Security Management Service Level Management

Service Reporting Capacity Management

Service Continuity & Availability Management Incident Management Problem Management Configuration Management Change Management [9] Control Processes [10] Release Process [8] Resolution Processes [7] Relationship Processes [6] Service Delivery Processes

Learning target of this section

Objectives and requirements of Configuration Management (3.2.5) Best Practices of Configuration Management (4.2.3)

Objectives and requirements of Change Management (3.2.6) Best Practices of Change Management (4.2.4)

Configuration Management

Objective:

To define and control the components of the service and infrastructure and maintain accurate configuration information.

Release Management

Business Relationship Management Supplier Management Budgeting & Accounting for IT services Information Security Management Service Level Management

Service Reporting Capacity Management

Service Continuity & Availability Management Incident Management Problem Management Configuration Management Change Management [9] Control Processes [10] Release Process [8] Resolution Processes [7] Relationship Processes [6] Service Delivery Processes

Fundamental terms

Configuration Item (CI)

Any IT infrastructure component or other element that is recorded and maintained by configuration management process

Configuration Management Database (CMDB) A database used to store:

• all relevant information of all CI’s • relationships with other CI’s

Fundamental terms

Additional terms

Attribute - a piece of information about a CI (e.g. asset id,

location)

Baseline - a benchmark used as a reference point.

Configuration Management System (CMS) - a set of tools and

databases that are used to manage configuration information:

• includes one or more CMDB’s  Federated CMDB

• manages relationships with other CI’s and related incidents, problems, known errors, changes, etc.

BEST

Activities

Planning of:

• CMDB targets (e.g. Which processes have to be supported? How?)

• Scope of CMDB

Identification - define types of CI‟s, name conventions, versioning

Recording and Control:

• record new CI’s

• update existing CI’s

Status Accounting - record/update lifecycle status of each CI Verification - mapping CMDB and actual situation

BEST

Planning

Identification

Recording and Control

Status Accounting

Verification

CMDB Targets, Scope

Types of CI’s, Baselines, Name conventions

New CI’s, changed CI’s

Update CI Status Difference between

CMDB and reality

BEST

Minimum Requirements

•There shall be an integrated approach to change and configuration management planning  Scope of CMDB = Scope of change management!

•Configuration management shall have an interface to financial asset accounting processes.

•There shall be a configuration management policy on

what is defined as a configuration item and its constituent components.

•The information to be recorded for each item shall be defined and shall include the relationships and

documentation necessary for effective service management.

Minimum Requirements

Configuration management shall provide the mechanisms for identifying, recording, controlling and tracking

versions of CI’s. It shall be ensured that the process meets the business needs, risk of failure and service criticality.

Configuration management shall provide information to the change management process:

• Supporting Change Management in risk and impact analysis of planned changes

Minimum Requirements

•A baseline of the appropriate configuration items shall be taken before a release to the live environment.

•Master copies of digital CI’s (software, documents) shall be controlled in secure physical or electronic libraries

(cp. release management: definitive software library) and referenced to the configuration records.

•All configuration items shall be uniquely identifiable and recorded in a CMDB to which update access shall be

strictly limited and controlled.