• No results found

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

N/A
N/A
Protected

Academic year: 2021

Share "ITIL: What is it? How does ITIL link to COBIT and ISO 17799?"

Copied!
66
0
0

Loading.... (view fulltext now)

Full text

(1)

ITIL: What is it?

(2)

2

The IT Infrastructure Library

A set of books comprising an IT service

management Best Practices framework

An industry of products, services, and

organizations

Unique: consistent, comprehensive,

non-proprietary

Created by and for the British

government, later expanded for use in all organizations

Gives a detailed description of important

IT practices, with comprehensive checklists, tasks, procedures and

responsibilities. And can be tailored to any IT organization.

(3)

Create a set of comprehensive,

consistent and coherent codes of Best Practice for quality IT service

management, promoting business effectiveness in the use of IT

Encourage the private sector to

develop services and products

(training, consultancy and tools) that support ITIL®

Provide an approach based on the best

(4)

4

Codes of practice for Quality

management of IT Services and

Infrastructure

ITIL® has its own definition for key

terms

Quality means “matched to business

needs and user requirements as these evolve"

(5)

Why use ITIL

®

?

IT service providers use ITIL® concepts

and practices to:

Increase satisfaction of customers / users with

IT services

Enhance communication with customersAchieve higher reliability in mission-critical

systems and infrastructure

(6)

6

(7)

ITIL, not just tools & processes

Culture, Attitudes Beliefs & Skills

(8)

8

The Office of Government Commerce created ITIL® in

the late 1980’s; still own it today.

The National Exam Institute for Informatics (Netherlands). Current ITIL ® examination

caretakers. Contracted in 1995 by the OGC to maintain and develop ITIL®. In 2004, the

OGC transferred the

responsibility of managing EXIN to the itSMF.

(9)

The Information Systems Examination Board (UK). Part of the British Computer Society.

The National Exam Institute for Informatics (Netherlands). Contracted since 1995 to maintain ITIL‘s examination and certification process.

Loyalist College in Canada

Loyalist and Prometric (Sylvan) in the USA

(10)

10

EXIN and ISEB provide certification testing at

Foundation, Practitioner, and Manager levels

Training is typically 2-3 days for Foundation, 2-3 days for Practitioner, 10 days for Manager

Deeper understanding of all eleven ITIL® service

management modules

Service Manager

Deep understanding of one of the ITIL® service

management modules

Practitioner

Basic understanding of all eleven ITIL® service

management modules

Foundation

(11)
(12)

12

ITIL - 7 Core volumes

The Business Perspective

Covers a range of issues concerned with understanding and

improving IT service provision, as an integral part of an overall business requirement for high quality IS management.

Planning to Implement Service Management

Discusses the key issues of planning and implementing IT service

management.

It explains the steps required for implementation and improvement

(13)

ITIL - 7 Core volumes

Information & Communications Technology (ICT) Infrastructure

Management

Covers all aspects of ICT infrastructure from the identification of

business requirements through the tendering process, to the testing, installation, deployment, and ongoing support and maintenance of the ICT components and IT services.

Network Service ManagementOperations Management

Management of Local ProcessorsComputer Installation and AcceptanceSystems Management.

Applications Management

Discusses software development using a life cycle approach and

(14)

14

ITIL - 7 Core volumes

Security Management

Details the process of planning and managing a defined level of

security on information and ICT services, including all aspects associated with the reaction to security incidents.

Service Support

Is concerned with ensuring that the Customer has access to the

appropriate services to support the business functions.

Service Delivery

Looks at what service the business requires of the provider in order

(15)
(16)

16

(17)
(18)

18

Service Desk Goals

To support business activities

and drive service improvement

To be primary point of contactTo manage the Incident

lifecycle

To manage service requestsTo maintain ownership of a

(19)

To provide a single point of contact

for Customers

To be a Customer interface for ITTo improve incident response

performance

Improving service levels

To facilitate the restoration of

normal operational service, quickly as possible, with minimal business impact on the Customer within

agreed service levels and business priorities

(20)
(21)

Incident Management Goals

Restore normal service operation

as quickly as possible within

Service Level Agreements (SLA) limits

Minimize the adverse impact on

business operations

 Ensuring that the best possible

levels of service quality and availability are maintained

 Maintain and apply a consistent

(22)

22

Return to the normal service level

as defined in the Service Level Agreement as soon as possible

with the smallest possible impact on the

business activities

 Keep effective records of incidents to:

measure and improve the process

Provide appropriate information to other

services management processes

Report on incident progress

(23)
(24)

24

Problem Management Goals

Stabilize IT services through:

Minimizing the consequences of incidents

by identifying trusted quick fixes

Identifying and removing the root causes

of potential incidents

Identifying and managing Known Errors

To improve the quality of services

(25)

To reduce both the number

and severity of Incidents and Problems on the business that are caused by errors within the IT Infrastructure.

Problem Management Objectives

What’s causing

(26)

26

Incident Management Cycle

Change Request Known Error Problem Incident Event Progression Problem

Service Desk Management Change

Management

Resolution Resolution Resolution

Problem Control

Problems

Known Error from Release Management

(27)
(28)

28

Change Management Goals

Ensure that standardized methods

and procedures are used for efficient and prompt handling of all Changes

Minimize the impact of

Change-related incidents upon service quality

Improve the day-to-day operations of

the organization

Maintain a balance between the need

(29)

Standard methods and procedures

are used

Changes be dealt with quickly, with

the lowest impact on service quality

All changes are traceable

Change Management Objectives

(30)
(31)

Release Management Goals

Plan and oversee the successful rollout of

software and related hardware

Ensure that hardware and software being

changed is traceable, secure and that only correct, authorised and tested versions are installed

Communicate and manage expectations

of the customer during the planning and rollout of new releases

Agree on the exact content and rollout

plan for the release, through liaison with Change Management

Implement new software releases or

hardware into the operational

environment using the controlling

(32)

32

Safeguard all software, hardware

& related items

Ensure that only tested / correct

versions of authorized software and hardware are in use

Right software / hardware, right

time, right place

Redundant hardware, software

identified for Request For Change

Release Management Objectives

(33)
(34)

34

Configuration Management Goals

To enable control of the infrastructure and

services by monitoring, maintaining and verifying information on:

All resources needed to deliver servicesConfiguration Item status and historyConfiguration Item relationships

Provide accurate information on the IT

infrastructure for all the other Service

Management processes & IT Management

To assist with impact assessment of

proposed changes

Verify the configuration records against the

(35)

Keeping reliable records of details

of IT Assets and services provided by the organization

All Resources needed to deliver

Services

Configuration Items (CI) Status and

History

Configuration Item Relationships

Providing accurate information and

documentation to support the other Service Management processes

Configuration Management Objectives

(36)

36 Service Relationship Related Incidents Related Problems Related Changes Operational State - Current - Historical Capacity Management SLA Management Incident Management Availability Management Change Management Problem Management Configuration items Inventory

Asset Financial & Contract

Physical Attributes HW-SW Asset status Stockrooms Locations License Cost Invoice Reconciliation Capitalization

Chargeback Info. Warranty

Vendor Information Lease Contract Capacity - Current - Historical Availability Configuration Management IT Service Continuity Management Release Management Total Cost of Ownership IT Financial Management Depreciation TCO Lease mgmt Vendor mgmt SW licence mgmt Warranty mgmt Contract mgmt Service chargebacks

Configuration Management Database (CMDB)

Complete record of all CI’s associated with the IT infrastructure: versions, location, documentation, components, services and the relationships between them

HW, SW, Network, Documents, people, organization

Relationships : Peer-to-peer, parent-child, free-form relations Product catalogue Service catalogue

CGI Integrated IT Service Management

ERP Financial Procurement HR System mgmt Remote access Auto-discovery tool Auto-recovery tool Monitoring Metering (HW-SW usage) DSL Definitive Software Library DHL: Definitive Hardware library

CI relationships include the usage, the ownership, the service relationships, etc.

Identifies, records, controls and reports on IT components. -Standard/Basic change (pre-approved):

IMAC, - Urgent change, Planned change

(37)
(38)

38

Service Level Management Goals

Maintain and improve IT Service

quality

Constant cycle of agreeing,

monitoring and reporting upon IT service achievements

Instigation of actions to eradicate

poor service - in line with business or cost justification.

Better relationship between IT and its

(39)

Ensures that the IT services

required by the customer are continuously maintained and improved

 Achieved by agreeing, monitoring

and reporting the performance of the IT organization

(40)
(41)

Availability Management Goals

To understand the availability

requirements of the business and to plan, measure, monitor and continuously strive to improve the availability of the IT

infrastructure, services and supporting organization to ensure these

requirements are met consistently

To enable the business to satisfy its

business objectives by:

Optimizing the capability of the IT

infrastructure, services and supporting organization

Delivering a cost-effective and sustained

(42)

42

Ensure IT services are designed to

deliver the levels of availability required by the business

Provide a range of IT availability reporting

to ensure that agreed levels of

availability, reliability and maintainability are measured and monitored on an

ongoing basis

Optimize the availability of the IT

infrastructure to deliver cost effective improvements that deliver tangible benefits to the business & user

Achieve over a period of time a reduction

in the frequency and duration of incidents that impact IT availability

(43)
(44)

44

Capacity Management Goals

To determine the right, cost justifiable,

capacity of IT resources

To understand the business

requirements, current operations and IT infrastructure to ensure that the current and future capacity and

performance aspects of the business are provided cost-effectively

To understand the potential for

(45)

Consistently provide the required IT

resources:

 At the right time

At the right cost

Aligned with the current and future

business requirements

Need to understand the expected

business developments affecting customers and anticipate technical developments

Important role in determining returns

on investment and cost justification

(46)

46

Financial Management for IT Services

(47)

Financial Management Goals

To provide cost-effective stewardship

of any of the organization’s IT asset or resources used to deliver IT services

To be able to account fully for IT

service expenditures

To attribute these costs to the

services delivered to Customers and determine whether value for money is being obtained

 To assist management decisions on

(48)

48

Assist the internal IT organization with

the cost-effective management of IT resources required for the provision of IT services

 Break down the IT service costs, and

associate them with IT services

Support management decisions with

respect to IT investments

Encourage the cost aware use of IT

facilities

(49)
(50)

50

IT Service Continuity Management Goals

To support overall Business

Continuity Management

To improve the chance of business

survival by:

Reducing the service vulnerability and risk

to the business

Reducing the impact of a disaster or

major failure

Maintaining a pre-determined level of

service in the event of a disaster

To preserve high customer and user

(51)

Support the overall Business

Continuity Management by ensuring that the required IT infrastructure and IT services can be restored within

specified time limits after a disaster.

(52)

52

(53)

Control Objectives for Information and Related

Technology (COBIT)

Sponsor: Information Systems Audit and Control Association

and the IT Governance Institute

What it is: An audit-oriented set of guidelines for IT processes,

practices and controls. Geared to risk reduction, focusing on integrity, reliability and security. Addresses four domains: planning and organization, acquisition and implementation, delivery and support, and monitoring. Has six maturity levels, similar to CMM's.

Strengths: Good checklists for IT. Enables IT to address risks

not explicitly addressed by other frameworks and to pass

audits. Can work well with other frameworks, especially ITIL.

Limitations: Says what to do but not how to do it. Doesn't deal

(54)

54

COBIT & ITIL Mappings

PLANNING & ORGANISATION

Quality Management for IT Services (CCTA Quality Management Library)

11. Manage Quality   10. Manage Projects   9. Assess Risks   8. Ensure Compliance with External Requirements

  7. Manage Human Resources

  6. Communicate Management Aims and Direction

Financial Management 5. Manage the Investment in Information

Technology

IT Services Organization 4. Define the IT Organization and Relationships

Determine the Technology Direction 3. Determine the Technology Direction

Security Management 2. Define the Information Architecture

Planning & control for IT Services 1. Define a Strategic Information Technology Plan

(55)

COBIT & ITIL Mappings

ACQUISITION & IMPLEMENTATION

Capacity Management; Change

Management; Security Management 5. Install and Accredit Systems

  4. Develop and Maintain Information Technology Procedures

Problem Management; Security Management; Change Management 3. Acquire and Maintain Technology

Architecture

Change Management, Availability Management

2. Acquire and Maintain Application Software

Service Level Management; Change Management; Security Management; Release Management

1. Identify Solutions

(56)

56

COBIT & ITIL Mappings

DELIVERY & SUPPORT

  13. Manage Operations

  12. Manage Facilities

Capacity Management, Release Management, Availability Management; Contingency Planning 11. Manage Data

Problem Management 10. Manage Problems and Incident

Configuration Management 9. Manage the Configuration

Incident Management (Service Desk) 8. Assisting and Advising Information

Technology Customers

Customer Liaison 7. Educate and Train Users

Financial Management 6. Identify and Allocate Costs

Security Management 5. Ensure Systems Security

Availability Management, Contingency Planning 4. Ensure Continuous Service

Capacity Management 3. Manage Performance and Capacity

Service Level Management 2. Manage Third-Party Services

Service Level Management 1. Define Service Levels

(57)

COBIT & ITIL Mappings

MONITORING

  4. Provide for Independent

Audit   3. Obtain Independent Assurance   2. Obtain Independent Assurance   1. Monitor the Process

(58)

58

(59)

ISO17799

Sponsor: British Standards Institution

What it is: ISO/IEC 17799:2000 provides information to

responsible parties for implementing information security within an organisation. It can be seen as a basis for developing

(60)

60

ISO17799 & ITIL Mappings

IT Service Continuity Management Business Continuity Management

(BCM)

Configuration Management Asset Classification and Control

Security Management Security Organization Security Management Personnel Security Security Management Compliance Security Management Physical and Environmental Security

Application Management System Development and

Maintenance

ICT Infrastructure Management Computer & Operations Management

Security Management System Access Control

(61)
(62)

62

The IT Service Management Forum. The

independent forum for ITIL® users, formed

in 1991.

Promotes exchange of information and

experience to assist IT organizations in managing the delivery of IT services.

 Chapters in the UK, Netherlands, Belgium,

Germany/Austria/Switzerland, Canada, South Africa, the USA and Australia.

 A major influencer and contributor to

Industry Best Practice and Standards worldwide.

(63)
(64)

64

About CGI

CGI is the 8th largest

independent IT services

firm in the world

We combine industry

expertise, end-to-end

services and global

(65)

CGI Contact

Steve Worth

Senior Consultant

ITSM / ITIL Centre of ExcellenceCGI

(66)

66

References

Related documents

Pada analisis sintagmatik menjelaskan tanda-tanda atau makna-makna yang muncul dalam adegan yang menayangkan kekerasan yang dilakukan oleh penokohan karakter Rudolf baik

In order to obtain a more accurate electronic energy, we performed single-point energy calculations based on the same functional, but using a larger basis set, where Mn was

Considerable achievements in modernisation of land registration systems have been made recently in European countries, including Poland, which is demonstrated

29 tells us that the ‘voice of the LORD’ is heard throughout all creation and it is The LORD to whom worship should be offered (Psalm 29:1-2); in Psalm 98:4 all the earth is called

In order to capture the notion of vagueness about the validity and scope of patents under a regime of imperfect enforcement of property rights, we introduce a notion of

…accepting the British control over the foreign policy in return for the promise that British troops, arms and money would be available to assist Mohammed

Application of the tariff interaction with logged initial income demonstrates significant impact of both linear and non-linear terms for female primary school-enrolment ratio,

This review demonstrates that: (i) channel size has a significant effect on the morphology of gas–liquid two phase flow, (ii) the most frequently identified flow patterns are