Assessment Method
– Making IT Services Visible –
Global Services Operations Division NEC Corporation
i
Table of Contents
1. Introduction ... 1
2. Making IT Services Visible ... 1
3. Assessment Method ... 2
3.1 Operations Assessment ... 2
3.2 Security Assessment ... 4
3.3 Characteristics of the Assessment Method ... 4
4. Applying the Assessment Method... 6
4.1 GIM Implementation Process... 6
4.2 Service Proposal Example... 6
1. Introduction
NEC has promoted an approach and implementation
methodology called GIM1 (Global IT Management) as a
framework for IT governance within global companies.
In a nutshell, GIM is a means of maintaining and managing the quality of IT services while the company’s business operations are expanded globally.
A key element for success with GIM is setting management goals. For the organization to successfully promote GIM, management criteria and accompanying goals must be set. By defining goals, the impact of IT expenditures—an area that is often difficult to see—can be debated and performance can be managed. Moreover, it is crucial that management goals be set in a quantitative manner using numerical values.
NEC has developed a unique assessment method for quantitatively grasping the state of IT services and has successfully used this method with many clients to gain a grasp of their IT services.
This assessment method includes an operations assessment intended for general IT services operations and a security assessment targeting information security.
This paper gives an outline of this assessment method and its characteristics and presents the merits of the GIM approach using this same assessment method.
1 Refer to the white paper “Global IT Management.”
2. Making IT Services Visible
To quantitatively set goals and grasp the actual state of IT services, it is helpful to use a method for numerically expressing the results from evaluation of capabilities in services and management. In other words, an assessment method is critical to making the IT services “visible.”
By evaluating the actual state of IT services and employing an assessment method for quantifying the results, the following merits may be enjoyed.
Understanding the State of IT Services
When IT services can be evaluated and expressed in a numerical manner, the current state of the IT services can be more easily grasped.
Aligning Goals between Business and IT Services It is critically important that the goals for the business and those for IT services are well-aligned. By numerically expressing the results of the IT services evaluation, it becomes easier to set goals and have them match up with business goals.
Continuously Measuring the Quality of IT Services Numerically expressing the results of the IT services evaluation allows service quality to be captured continuously within the IT service PDCA cycle (see Figure 1).
Continuous Improvement of IT Services
When the current state of IT services is expressed numerically, it becomes easy to set ultimate goals and
evaluate, study, and develop measures for
2 Set or adjust goals Set or adjust goals Monitor, measure, & review Monitor, measure, & review Implement Implement Improve Improve Plan Do Check Act Set or adjust goals Set or adjust goals Monitor, measure, & review Monitor, measure, & review Implement Implement Improve Improve Plan Do Check Act
Figure 1: PDCA Cycle for IT Services
In the context of IT services, the PDCA (Plan → Do → Check → Act) cycle is conducted as follows:
Plan:
When commencing a PDCA cycle for IT services, use the assessment method to gain an accurate understanding of the current state of the IT services and then set goals to be attained or maintained.
While the PDCA cycle is ongoing, use the assessment method to gain a grasp of IT services and then review goals in light of the evaluation and analysis results.
Do:
Engage in the provision of IT services with the aim of attaining or maintaining set goals.
Check:
Monitor and measure the current state of IT services and review results.
Act:
Based on the results from the above review, consider areas for improvement and take steps to modify processes or add resources as needed.
3. Assessment Method
The assessment method developed by NEC include an operations assessment intended for general IT services operations and a security assessment intended for information security. Each of these assessment methods is introduced below.
3.1 Operations Assessment
NEC has drawn from the ITIL®2 Service Management
Self Assessment (hereafter, ITIL assessment) to create a method for evaluating, analyzing, and making operations management capabilities of IT services visible.
The ITIL assessment is a tool for measuring the maturity
level of IT services management that itSMF3 developed
based on ITIL V2. Through simple Yes/No questions, the organization’s IT services management is compared to ITIL best practices to understand its level of maturity. By doing this, problems with the current state of IT services management can be clearly identified.
The use of such an assessment method enables a quantitative evaluation of IT services management that conforms to ITIL, a global standard.
(1) Evaluation Method
The ITIL assessment can be used to discover the maturity level of IT services management, but the operations assessment not only provides the maturity level, it also expresses the evaluation results on a 100 point scale.
2 Information Technology Infrastructure Library:
A collection of best practices for IT services management.
ITIL® is a Registered Trade Mark of the Office of
Government Commerce in the United Kingdom and other countries.
3 IT Service Management Forum:
A non-profit organization, based in the United Kingdom, that promotes the widespread adoption of IT services management. In 2003, itSMF Japan was established to act as a chapter within Japan.
Table 1: Maturity Level Definitions Level 1 (Prerequisites) Level 1 (Prerequisites) Level 1.5 (Management Intent) Level 1.5 (Management Intent) Level 2 (Process Capability) Level 2 (Process Capability) Level 2.5 (Internal Integration) Level 2.5 (Internal Integration) Level 3 (Products) Level 3 (Products) Level 3.5 (Quality Control) Level 3.5 (Quality Control) Level 4.5 (External Integration) Level 4.5 (External Integration) Level 4 (Management Information) Level 4 (Management Information) Level 5 (Customer Interface) Level 5 (Customer Interface)
Examines whether the minimum level of prerequisite items are available to support the process activities.
Examines whether the minimum level of prerequisite items are available to support the process activities.
Examines organisational policy statements, business objectives (or similar evidence of intent) providing both purpose and guidance in the transformation or use of the prerequisite items.
Examines organisational policy statements, business objectives (or similar evidence of intent) providing both purpose and guidance in the transformation or use of the prerequisite items.
Examines the activities being carried out. The questions are aimed at identifying whether a minimum set of activities are being performed. Examines the activities being carried out. The questions are aimed at identifying whether a minimum set of activities are being performed.
Examines whether the activities are integrated sufficiently in order to fulfill the process intent.
Examines whether the activities are integrated sufficiently in order to fulfill the process intent.
Examines the actual output of the process to enquire whether all the relevant products are being produced.
Examines the actual output of the process to enquire whether all the relevant products are being produced.
Examines the review and verification of the process output to ensure that it is in keeping with the quality intent.
Examines the review and verification of the process output to ensure that it is in keeping with the quality intent.
Examines whether all the external interfaces and relationships between the discrete process and other processes have been established within the organization.
Examines whether all the external interfaces and relationships between the discrete process and other processes have been established within the organization.
Examines whether timely information produced from the process in order to support necessary management decisions.
Examines whether timely information produced from the process in order to support necessary management decisions.
Examines whether the processes are optimized towards meeting the needs of the customer.
Examines whether the processes are optimized towards meeting the needs of the customer.
Level 1 (Prerequisites) Level 1 (Prerequisites) Level 1.5 (Management Intent) Level 1.5 (Management Intent) Level 2 (Process Capability) Level 2 (Process Capability) Level 2.5 (Internal Integration) Level 2.5 (Internal Integration) Level 3 (Products) Level 3 (Products) Level 3.5 (Quality Control) Level 3.5 (Quality Control) Level 4.5 (External Integration) Level 4.5 (External Integration) Level 4 (Management Information) Level 4 (Management Information) Level 5 (Customer Interface) Level 5 (Customer Interface)
Examines whether the minimum level of prerequisite items are available to support the process activities.
Examines whether the minimum level of prerequisite items are available to support the process activities.
Examines organisational policy statements, business objectives (or similar evidence of intent) providing both purpose and guidance in the transformation or use of the prerequisite items.
Examines organisational policy statements, business objectives (or similar evidence of intent) providing both purpose and guidance in the transformation or use of the prerequisite items.
Examines the activities being carried out. The questions are aimed at identifying whether a minimum set of activities are being performed. Examines the activities being carried out. The questions are aimed at identifying whether a minimum set of activities are being performed.
Examines whether the activities are integrated sufficiently in order to fulfill the process intent.
Examines whether the activities are integrated sufficiently in order to fulfill the process intent.
Examines the actual output of the process to enquire whether all the relevant products are being produced.
Examines the actual output of the process to enquire whether all the relevant products are being produced.
Examines the review and verification of the process output to ensure that it is in keeping with the quality intent.
Examines the review and verification of the process output to ensure that it is in keeping with the quality intent.
Examines whether all the external interfaces and relationships between the discrete process and other processes have been established within the organization.
Examines whether all the external interfaces and relationships between the discrete process and other processes have been established within the organization.
Examines whether timely information produced from the process in order to support necessary management decisions.
Examines whether timely information produced from the process in order to support necessary management decisions.
Examines whether the processes are optimized towards meeting the needs of the customer.
Examines whether the processes are optimized towards meeting the needs of the customer.
Maturity levels are defined (see Table 1) based on the ITIL assessment.
The 100 point scale method developed by NEC places weight on each question based on ITIL assessments, IT operations assessments performed by NEC, and cumulative data gained therein.
(2) Evaluation Criteria
The ITIL assessment’s evaluation items were adopted as is, and presented in question format. The questions fall into the 10 processes and 1 function categories of ITIL V2. Service Support Incident Management Problem Management Configuration Management Change Management Release Management Service Desk Service Delivery
Service Level Management IT Service Financial Management Capacity Management
IT Services Continuity Management Availability Management
Figure 2 shows questions for Service Desk, Incident Management, and Problem Management for maturity level 3.
Do problem management reports comment on the results of proactive problem management?
27
Are requests for change raised on the basis of problem analysis? 26
Are problem records updated on resolution of a problem? 25
Are standard reports concerning problems produced regularly? *24
Problem Management
Are management reviews held to highlight escalated incident details? 26
Is a workload analysis produced to help determine staffing levels? 25
Are reports regularly produced for all the teams contributing to the incident resolution process, concerning incident status?
24
Are resolved and closed incident records updated and clearly communicated to the Service Desk, customers and other parties?
*23
Are requests for changes produced, if necessary, for incident resolution? *22
Are incident records maintained for all reported incidents (including resolution and/or workaround)?
*21
Incident Management
Do management review Service Desk's recommendations for service improvements? 30
Are weekly management reviews held to highlight service availability, customer satisfaction and major incident areas?
29
Is a workload analysis produced to help determine staffing levels? 28
Are reports regularly produced for all the teams contributing to the service provision process, concerning types of customer contacts?
27
Are the service offered by the Service Desk clearly defined for customers and other parties?
*26
Are standard pro-forma's available for capturing customer/user details and identification?
*25
Is a single source of customer/user and supplier details maintained? *24
Service Desk
Do problem management reports comment on the results of proactive problem management?
27
Are requests for change raised on the basis of problem analysis? 26
Are problem records updated on resolution of a problem? 25
Are standard reports concerning problems produced regularly? *24
Problem Management
Are management reviews held to highlight escalated incident details? 26
Is a workload analysis produced to help determine staffing levels? 25
Are reports regularly produced for all the teams contributing to the incident resolution process, concerning incident status?
24
Are resolved and closed incident records updated and clearly communicated to the Service Desk, customers and other parties?
*23
Are requests for changes produced, if necessary, for incident resolution? *22
Are incident records maintained for all reported incidents (including resolution and/or workaround)?
*21
Incident Management
Do management review Service Desk's recommendations for service improvements? 30
Are weekly management reviews held to highlight service availability, customer satisfaction and major incident areas?
29
Is a workload analysis produced to help determine staffing levels? 28
Are reports regularly produced for all the teams contributing to the service provision process, concerning types of customer contacts?
27
Are the service offered by the Service Desk clearly defined for customers and other parties?
*26
Are standard pro-forma's available for capturing customer/user details and identification?
*25
Is a single source of customer/user and supplier details maintained? *24
Service Desk
Figure 2: Examples of Questions
(3) Assumptions
Among the above processes, IT Services Financial
Management and IT Services Continuity
Management are highly dependent on the
organization or group being assessed so it is important to check the following:
The existence of a management system. If absent, when can it be launched or started?
The skill and maturity of IT services management personnel.
(4) Scoring Method
When conducting an evaluation using the ITIL assessment, each question is answered as either Yes or No. The operations assessment, though, is evaluated on the following 4 levels of attainment. Excellent
An operational structure based on ITIL exists and is optimally managed.
Good
While not adequate, an effective structure exists and is managed.
4 Fair
A structure of sorts exits, but has not been standardized and is not adequately managed. Poor
No operational structure to speak of exists.
A weighted score is given to the results of each question and the total points are calculated with each of the 10 processes and 1 capability having 100 points. For example, if every question received a score of Excellent, a perfect score of 100 would be earned, but if all were Poor, a score of 0 would result.
3.2 Security Assessment
The security assessment was developed by NEC to assess the security capabilities within the IT services operational context.
The ITIL assessment is based on Service Support and Service Delivery of ITIL V2, so the operations assessment developed using ITIL assessment as a reference includes no security questions or evaluation measures.
As a result, NEC created its own evaluation items, using JIS Q 27001 (ISO/IEC 27001) as a reference. Evaluation falls into the following four categories:
Security management Server-based system Client PCs
IP network, other
In a fashion similar to the operations assessment, each area is scored on a 100 point scale covering 4 levels of achievement.
3.3 Characteristics of the Assessment
Method
The assessment method has the following characteristics:
(1) Creating Evaluation Criteria
In order to avoid disparity in evaluation results between evaluators, evaluation criteria were created (see Table 2).
Table 2: Example of Evaluation Criteria (Service Desk)
No; never. Yes; it is notified of limited changes. Yes; it is notified of almost all
changes. Yes; it is notified of all changes immediately. 18 Is the Service Desk notified of new services or changes to existing services?
1 8
No; never. Yes; a survey is conducted but less than once a year. Yes; a survey is conducted once a year.
Yes; a survey is conducted more than twice a year. 17 Are customer satisfaction surveys carried out by the Service Desk? 1
7
No; never. Yes; it is conducted for a limited operation matter. Yes; it is conducted for almost all subjects.
Yes; it is conducted for all subjects. 16
Has a study of the workload mix been conducted to determine the required staff levels, skill type and the associated costs of the Service Desk?
1 6
No; neither. It provides management information, bur doesn't make recommendations for service improvement. Yes; it does based on its necessity.
Yes; it always does so. 15
Does the Service Desk provide management information and make recommendations for service improvement?
1 5
No; not at all. Yes; status updates are provided on a limited incident closures. Yes; status updates are provided on
the alsmost all incident closures. Yes; status updates are provided on
the all incident closures. 14
Does the Service Desk provide a status update to the customer on the closure of incidents?
1 4
No; no information about SLA changes is informed to the customers. Yes; but a limited SLA change is informed to the customers. Yes; almost all SLA changes are
informed to the customers. Yes; all SLA changes are informed
to the customers. 13 Does the Service Desk communicate planned and short-term changes of service levels to customers?
1 3
No; it does not. Yes; it does so but of a limited
request. Yes; it does so of almost all requests. Yes; it does so of all requests. *12
Does the Service Desk make an initial assessment of all requests received, attempting to resolve appropriate requests or referring them to someone who can, based on agreed service levels? *
1 2
No; not at all. Yes; it provides information but on a limited requests. Yes; it provides information on
almost all requests. Yes; it provides information on any
request. *11 Does the Service Desk provide the customer/user with information on service availability, an incident number or reference for use in follow-up communications, and progress follow-updates on any request being managed by the service team?
* 1 1
No; none of them have it. Yes; but only a limited operators
has it. Yes; almost all the operators have it.
Yes; all the operators have it. *10
Do Service Desk operators have a procedure or strategy for obtaining the required information from customers whilst call handling? *
1 0
No; not at all. Yes; but for only limited functions Yes; for almost all the functions
Yes; for all the functions *9
Have the functions of the Service Desk been agreed? *
9
Level 2 Level 2
No; it has not been conducted for more than a year. Yes; more than once a year, but
only to a limited number of customers Yes; more than once a year to almost all customers and users. Yes; more than once a year to all
customers and users. 8
Has an education and/or training programme been conducted for customers and users in the use of the Service Desk and its benefits 8
No; it is not recognized as so. No; it is recognized by a limited
number of customers and users. Yes; It is disseminated, but not to
all customers and users. Yes; it is well disseminated.
7 Has the purpose and benefits of the Service Desk been disseminated within the organisation?
7
No; not at all. Yes; it is partly recognized.
Yes; it is mostly recognized. Yes; it is well recognized.
6 Is the Service Desk perceived as a strategic function by Senior Managers?
6
No; there are no budget and resource available. No; it covers only 30% of
requirements. No; it covers only 70% of
requirements. Yes; there is.
*5 Is there sufficient management commitment, budget provision and resource available for the effective operation of the Service Desk? *
5
No; not at all. Yes; those are partly identified. Yes; almost all are identified and
understood. Yes; all needs are identified and understood. *4 Is the business need for a Service Desk clearly identified and understood?
* 4
Level 1.5 Level 1.5
No; not at all. Yes; but it is a limited number of planned changes to be informed. Yes; almost all changes are
informed. Yes; it always does so.
3 Does the Service Desk provide information to customers regarding planned changes?
3
No; it is not recognized as so. No; it is recognized by a limited
number of customers and users. Yes; It is disseminated, but not to
all customers and users. Yes; it is well dissminated.
2 Is the Service Desk the recognised point of contact for all
customer/user queries? 2
No; the service desk function is not available.
No; one division acts for a service desk
Yes; but it is able to cope with not all functions. Yes; the service desk meets the all business requirements from customers. *1 Does a Service Desk exist which manages, co-ordinates and resolves incidents reported by customers?
* 1 Level 1 Level 1 Poor Fair Good Excellent No. Confirmed Item N o. No; never. Yes; it is notified of limited changes. Yes; it is notified of almost all
changes. Yes; it is notified of all changes immediately. 18 Is the Service Desk notified of new services or changes to existing services?
1 8
No; never. Yes; a survey is conducted but less than once a year. Yes; a survey is conducted once a year.
Yes; a survey is conducted more than twice a year. 17 Are customer satisfaction surveys carried out by the Service Desk? 1
7
No; never. Yes; it is conducted for a limited operation matter. Yes; it is conducted for almost all subjects.
Yes; it is conducted for all subjects. 16
Has a study of the workload mix been conducted to determine the required staff levels, skill type and the associated costs of the Service Desk?
1 6
No; neither. It provides management information, bur doesn't make recommendations for service improvement. Yes; it does based on its necessity.
Yes; it always does so. 15
Does the Service Desk provide management information and make recommendations for service improvement?
1 5
No; not at all. Yes; status updates are provided on a limited incident closures. Yes; status updates are provided on
the alsmost all incident closures. Yes; status updates are provided on
the all incident closures. 14
Does the Service Desk provide a status update to the customer on the closure of incidents?
1 4
No; no information about SLA changes is informed to the customers. Yes; but a limited SLA change is informed to the customers. Yes; almost all SLA changes are
informed to the customers. Yes; all SLA changes are informed
to the customers. 13 Does the Service Desk communicate planned and short-term changes of service levels to customers?
1 3
No; it does not. Yes; it does so but of a limited
request. Yes; it does so of almost all requests. Yes; it does so of all requests. *12
Does the Service Desk make an initial assessment of all requests received, attempting to resolve appropriate requests or referring them to someone who can, based on agreed service levels? *
1 2
No; not at all. Yes; it provides information but on a limited requests. Yes; it provides information on
almost all requests. Yes; it provides information on any
request. *11 Does the Service Desk provide the customer/user with information on service availability, an incident number or reference for use in follow-up communications, and progress follow-updates on any request being managed by the service team?
* 1 1
No; none of them have it. Yes; but only a limited operators
has it. Yes; almost all the operators have it.
Yes; all the operators have it. *10
Do Service Desk operators have a procedure or strategy for obtaining the required information from customers whilst call handling? *
1 0
No; not at all. Yes; but for only limited functions Yes; for almost all the functions
Yes; for all the functions *9
Have the functions of the Service Desk been agreed? *
9
Level 2 Level 2
No; it has not been conducted for more than a year. Yes; more than once a year, but
only to a limited number of customers Yes; more than once a year to almost all customers and users. Yes; more than once a year to all
customers and users. 8
Has an education and/or training programme been conducted for customers and users in the use of the Service Desk and its benefits 8
No; it is not recognized as so. No; it is recognized by a limited
number of customers and users. Yes; It is disseminated, but not to
all customers and users. Yes; it is well disseminated.
7 Has the purpose and benefits of the Service Desk been disseminated within the organisation?
7
No; not at all. Yes; it is partly recognized.
Yes; it is mostly recognized. Yes; it is well recognized.
6 Is the Service Desk perceived as a strategic function by Senior Managers?
6
No; there are no budget and resource available. No; it covers only 30% of
requirements. No; it covers only 70% of
requirements. Yes; there is.
*5 Is there sufficient management commitment, budget provision and resource available for the effective operation of the Service Desk? *
5
No; not at all. Yes; those are partly identified. Yes; almost all are identified and
understood. Yes; all needs are identified and understood. *4 Is the business need for a Service Desk clearly identified and understood?
* 4
Level 1.5 Level 1.5
No; not at all. Yes; but it is a limited number of planned changes to be informed. Yes; almost all changes are
informed. Yes; it always does so.
3 Does the Service Desk provide information to customers regarding planned changes?
3
No; it is not recognized as so. No; it is recognized by a limited
number of customers and users. Yes; It is disseminated, but not to
all customers and users. Yes; it is well dissminated.
2 Is the Service Desk the recognised point of contact for all
customer/user queries? 2
No; the service desk function is not available.
No; one division acts for a service desk
Yes; but it is able to cope with not all functions. Yes; the service desk meets the all business requirements from customers. *1 Does a Service Desk exist which manages, co-ordinates and resolves incidents reported by customers?
* 1 Level 1 Level 1 Poor Fair Good Excellent No. Confirmed Item N o.
T his t yp e o f a sse ss me nt sho uld be co nd uc te d b y a p e r so n who ha s a hig h le ve l o f ed uc a tio n a nd tr a inin g a nd who ha s d e ep e xp er ie nc e . E ve n so , re sults ma y va r y b e ca use po ints a war d ed or sco r ing cr ite ria d iffe r a mo n g tho se p er fo r ming t he a sse ss me nt.
To mini miz e va r ia nc e s in sco r ing, we ha ve cr e a ted the e va lua tio n cr iter ia .
Sinc e e a c h q ue stio n is e va lua te d, this no t o nly a llo ws e a c h o f the 1 0 pr oc e sse s a nd 1 func tio n to b e e va lua ted , b ut the le ve l o f a tta in me nt fo r e a c h in divid ua l q ue stio n c a n a lso b e a sc er ta ine d. T his a llo ws o ne to stud y in a co nc r ete wa y the issue s
sur ro und ing e a c h q ue stio n a nd the
co rr e spo nd ing a r ea s fo r imp r o ve me nt.
(2 ) 100 Po int Sc ore
I n ad d itio n to the ma tur it y le ve l
e va lua tio n, we ha ve a d op ted a 10 0 p o int sco r ing s yste m.
I n the 10 0 po int sc or ing e va lua tio n, e a c h q ue stio n is we ighte d fo r i mpo r ta nc e whe r e the su m o f the e va lua tio n r e sults ad d s up to 1 00 .
B y e va lua tin g o n a 10 0 po int sc a le , it be co me s e a s y to und er sta nd the we a k ar e a s
fo r e a c h ma na ge m e nt d iscip line .
Co nse q ue ntly, go a ls for e ac h c a n b e mo r e e a sily se t.
(3 ) A n Inde x of GIM P ro mo tio n
T he G I M e ffo r t is no t e a sil y ac c o mp lishe d in a sin gle p a ss. I t is a multi -p ha se , co ntinuo u s e ffo r t co mp r ised o f a multit ud e o f e va lua tio n ite ms t h a t a r e subj ec t to i mp ro ve me nt.
I n o rd e r to i mp ro ve we a k ne sse s e xp o sed b y the a sse ss me nt re sults, wha t a r ea s will be i mp ro ve d a t wha t p ha se c a n b e d ete r mi ne d ba se d o n the e va lua tio n ite ms sc o r ing a nd
q ue stio n e va lua tio n r e sults. Mo r eo ve r,
go a ls for ea c h p ha se c a n be se t in mo r e co nc r e te ter ms.
I n o ther wo rd s, the e va lu a tio n r e sults fr o m the a sse ss me nt me tho d c a n b e e ffe c tive l y e mp lo ye d a s ma na ge me n t go a ls a nd a s a n ind e x to e va lua te the pr o mo tio n o f G I M.
(4 ) I mple me nt a t io n of t he P D C A Cy c le
T he P D CA c yc le fo r I T ser vic e s c a n b e mo r e e ffic ie ntl y a nd e ffe c tive ly a p p lie d.
Le ve r a ging t he se a ss e ss me nt me t ho d s
ma ke s it p o ssib le to me a sur e the q ua lity o f IT ser vic e s o n a co nti nua l b a sis a nd to q ua ntita tive ly gr a sp the i mp a c t o f IT
se r vice s ma na ge me nt a nd a re a s o f
6
4.
Applying
the
Assessment
Method
4.1 GIM Implementation Process
Ba se d o n N E C’s e xp er ie nc e i mp le me nting IT se r vice s ma na ge me nt o n a glob a l le ve l, we pro po se a 4 -p ha se G I M imp le me nta tio n pr o ce ss be gin ning wit h ga inin g a gra sp o f the c ur r e nt sta te o f a ffa ir s. T his GI M imp le me nta tio n pro c e ss is p ar tic ular l y e ffe c tive whe n e xe c ute d in the co nte xt o f a pr oje c t str uc tur e .
G ra s p c u rr en t s ta te G ra s p c u rr e n t s ta te S e t in c re m e n ta l m anage m en t goa ls S e t in c re m en ta l m anage m en t goa ls P lan and e x e c u te P la n and e x e c u te E v a lua te a n d im p ro v e E v a lu a te an d im p ro v e
PDCA
Figur e 3 : GI M I mp le me n ta tio n P ro c e ssI n a n ac tua l GI M p ro mo tio n, the fir st thing is to c o nd uc t a n a sse ss me nt to d isco ve r the c urr e nt sta te o f IT se r vice s. B a sed o n the re sults o f tha t a sse ss m e nt, imp r o ve me nts a r e the n u nd er ta ke n. B ut the pr ob le m o f c o st ma y o fte n ma ke a tta in me nt o f ulti ma te go a ls diffic ult to p ur sue in o ne fe ll s wo o p .
As suc h, i mp r o ve me nts ar e o fte n p ur sue d in a p ha sed ap pr oa c h. For e xa mp le , the e ffor t ma y be sp lit into thre e p ha se s, a s p r e se nted b y t he G IM I mp le me nta tio n P ro c e ss sho wn a b o ve.
Grasp the Current State
To ga in a c lea r gra sp o f the c urr e nt sta te o f IT, we e mp lo y t wo a sse s s me nt me tho d s, o ne fo r ge ne ra l IT ser vic e s o p er a tio ns a nd a no ther fo r info r ma tio n se c urity.
Set Incremental Management Goals
U sing the r e sults fr o m the a b o ve
a sse ss me nts, we the n e nte r the pr oc e ss o f se tting go a ls. We ma y se t go als usi ng a n inc re me nta l a pp ro a c h, fo r e xa mp le :
In phase 1, set goals to achieve minimum
le ve ls o f p er fo r ma n c e fo r e a c h
ma na ge me nt ar e a in do ma ins like
pr iva c y, se c ur ity, a nd co mp lia nc e
po lic ie s.
In phase 2, set goals to strengthen ne t wo r k se c ur ity.
In phase 3, set goals to strengthen inte gr a ted sec ur ity, inc l ud ing a mo ve to thin c lie nts fo r P Cs.
Plan and Execute
N e xt p ut to ge the r a p la n for a n y wo r k tha t must b e und e rta ke n to p r o mo te G I M. W ha t is i mpo r ta nt he r e is the co or dina tio n wit h op er a tio na l fie ld gr o up s , foc usin g o n tho se o ver se a s.
Evaluate and Improve
GIM implementation is not over once the project is complete. It is important to strive for ever-higher levels and adapt to changes in the management environment or IT environment. Approaching the task as a PDCA cycle, whether it is on the phase or project level, or from one fiscal year to the next, is essential.
4.2 Service Proposal Example
Le t’s use a c o ncr e te e xa mp le to intr od uc e ho w
we mi ght use the a sse ss me nt me t hod
(op e r atio ns a sse ss me nt) o n a ser vic e pr opo sa l.
(1 ) Pro po sa l Su mma r y
Ass u me N E C is ma ki n g a p ro po sa l fo r de skto p se r vic e s to Clie nt A.
(2 ) Pro po sa l P ha se & Pro po sa l M o de l
T he pr op o sa l invo lve s the intr od uc tio n o f se r vice s o ver thr ee p ha se s, fo llo wing the G IM i mp le me nta tio n pr oc e ss ( se e sec tio n 4.1) . 80 Evaluation Result 60 40
Phase 1 Phase 2 Phase 3
Continuous Improvement 80 Evaluation Result 60 40
Phase 1 Phase 2 Phase 3
Continuous Improvement
Figur e 4 : I nc r e me nta l I mpro ve me nt
For p ha se 1, we pr e se n t a thr e e se r vic e le ve l mo d e l ( pr e mi u m, r e co mme nd e d , a nd va lue ) so tha t o ur c lie nt ca n e a sil y co mp a re a nd stud y the c o nte nt o f ea c h.
(3 ) Co nt e nt of t he Pro po sa l
T he d iffer e nc e s in se r vic e co nte nt fo r ea c h p ha se a nd pr op o sa l mo de l a r e sho wn in Tab le 3 .
Tab le 3 : Pr op o sal P ha se a nd Se r vic e Co nte nt (E xa mp le )
Thin Client,
Integrated ID Management, Authority Management
Phase 3
PC Health Check, PC Usage Log Collection, Illegal Access Prevention, Traceability
Phase 2
•Operational Service •Help desk
•OS/AP License Management •PC Encryption
•Operational Service •Help desk
•Information Literacy Education •Asset Management
•OS/AP License Management •PC Encryption •Operational Service •Help desk Client PC Service Value model Phase 1 Service Proposal phase Recommended model Premium model Thin Client, Integrated ID Management, Authority Management Phase 3
PC Health Check, PC Usage Log Collection, Illegal Access Prevention, Traceability
Phase 2
•Operational Service •Help desk
•OS/AP License Management •PC Encryption
•Operational Service •Help desk
•Information Literacy Education •Asset Management
•OS/AP License Management •PC Encryption •Operational Service •Help desk Client PC Service Value model Phase 1 Service Proposal phase Recommended model Premium model
I n p ha se 1 , the se r vic e c o nte nt d iffe r s a cc or d ing to the pr op o sa l mo d e l. N E C ca n
pro po se the op ti ma l so lutio n, ta king into a cc o unt the c lie nt’s ser vic e ne ed s a nd b ud ge t. T his a llo ws the c lie nt to stud y a nd e va lua te the c o st-b e ne fit o f e a c h ser vic e pro po sa l in a co nc r e te a nd q ua ntita tive wa y.
(4 ) C urre nt Sta t us R e sult s a nd Go a l Se tt ing
U sing t he a sse ss me nt me t ho d, we t he n co nd uc t a n a ud it o f the c lie nt’s IT
se r vice s. Fro m the re sults o f tha t
a sse ss me nt, we e stab lish go a ls
co rr e spo nd ing to e a c h o f the thr e e p ha se s ( see Ta ble 4 ) .
For p ha se 1, we se t go a ls for e ac h o f the
thr ee p ro po sa l mo de ls ( pr e miu m,
re c o mme nd e d, a nd va lue ) .
U sing the sa me a sse ss me nt me t ho d a nd ap pr oa c h, we t he n e s tima te go a ls fo r p ha se s 2 a nd 3 , a ssu min g tha t the co nte nt o f ser vic e s pr op o sed fo r p ha se 1 will b e full y r e a lize d .
Tab le 4 : E va lua tio n Re su lts a nd Go a ls (E xa mp le ) 73 58 29 40 48 16 Release Mgt. Capacity Mgt. Availability Mgt. Service Level Mgt. Configuration Mgt. Change Mgt. Problem Mgt. Incident Mgt. Service Desk 59 34 17 20 32 14 53 36 21 29 35 17 86 64 44 44 62 13 Service Delivery 62 56 27 38 42 15 74 52 19 21 37 16 74 60 23 43 51 18 94 91 46 61 82 18 95 84 66 67 76 13 Service Support Value Recom-mended
Premium Phase 2 Phase 3
Phase 1 Current Phase Evaluation item 73 58 29 40 48 16 Release Mgt. Capacity Mgt. Availability Mgt. Service Level Mgt. Configuration Mgt. Change Mgt. Problem Mgt. Incident Mgt. Service Desk 59 34 17 20 32 14 53 36 21 29 35 17 86 64 44 44 62 13 Service Delivery 62 56 27 38 42 15 74 52 19 21 37 16 74 60 23 43 51 18 94 91 46 61 82 18 95 84 66 67 76 13 Service Support Value Recom-mended
Premium Phase 2 Phase 3
Phase 1 Current
Phase Evaluation item
(5 ) Se rv ic e Pro po sa l
I n a n a c tua l ser vic e pr op o sa l, we o fte n u se c ha rts to e xp r e ss thin gs vis ua ll y ( se e Figur e 5 ). T he nu me r ic a l va lue s o f the se go a ls a r e no t gua r a nte e d b y N E C to the c lie nt in t he Se r vic e Le ve l Agr e e me nt ( SLA) .
8 Service Support Recom-mended Service Support 16 15 16 18 18 13 40 Release Mgt. 38 Configuration Mgt. 21 Change Mgt. 43 Problem Mgt. 61 Incident Mgt. 67 Service Desk Current Recom-mended Service Support 16 15 16 18 18 13 40 Release Mgt. 38 Configuration Mgt. 21 Change Mgt. 43 Problem Mgt. 61 Incident Mgt. 67 Service Desk Current 20 29 44 Recom-mended 14 Capacity Mgt. 17 Availability Mgt. 13 Service Level Mgt. Current Service Delivery 20 29 44 Recom-mended 14 Capacity Mgt. 17 Availability Mgt. 13 Service Level Mgt. Current Service Delivery Service Delivery Change Mgt. Incident Mgt. Service Desk Problem Mgt. Release Mgt. Configuration Mgt. Availability Mgt. Capacity Mgt. Service Level Mgt. 0 20 40 60 80 100 Improved scores after Phase 1 Current scores
0 20 40 60 80 100 Improved scores after Phase 2&3 (planned)
Figur e 5 : I mp r o ve me nt P rop o sa l fo r IT Ser vic e s (E xa mp le )
5. Conclusion
T he a im o f G I M is to sha r e go a ls thr o ugho ut the orga niz a tio n a nd e v a lua te p e r for ma nc e b y b uild ing a n e n viro n me nt in whic h e ve r y p e r so n invo lve d in IT ma na ge m e nt ca n und e r sta nd the
ta sks he o r she sh o uld und er ta ke . To
a cc o mp lish t his, d e fining wh a t must b e
ma na ge d a nd se tting a c co mp a n yin g go a ls is cr itic a l.
W hile the a sse ss me nt me thod intr od uc e d he r e func tio ns a s a n e ffe c tiv e to o l to a tta in the se G IM go a ls, it c a n a lso b e app lie d b y t ho se who wis h to ga in a q ua ntita tive und er sta nd ing o f IT se r vice s a nd IT ser vic e s ma na ge me nt a nd the n se t go a ls fo r i mp ro ve me n t.
Id e ntif yi ng ma na ge me n t ite ms a nd se tting nu me r ic a l go a ls is ind ispe nsib le to GI M pro mo tio n. I n o the r wo r d s, ma kin g IT se r vic e s visib le is cr uc ia l. We ar e co nfid e nt tha t the
a sse ss me nt me tho d intro d uc ed her e c a n
co ntr ib ute gr e a tly to the pro mo tio n o f G I M a nd se r ve a s a too l to “ ma ke I T ser vic e s visib le ”.
White Paper Assessment Method – Making IT Services Visible –
GSO-LF-0011-01 Date of issue: March 30, 2011Issued by: Global Services Operations Division, System Services Operations Unit NEC Corporation
For inquiries, please contact
1753 Shimonumabe, Nakahara-ku, Kawasaki, Kanagawa, 211-8666 Japan NEC Tamagawa Solutions Center
TEL: 044-431-7184 FAX: 044-431-7049 http://www.nec.co.jp/globalservices/ (Japanese) http://www.nec.com/globalservices/ (English) ©NEC Corporation, 2011 all rights reserved