aan 2/8/07 1ar0L Page o Sm The Official Introduction to the ITIL Service Lifecycle London: TSO.TasH-"S0-1PLA1S 29/8/07 14z0L Rage LS VO Ene: mares critae.satk Genes aera aioe See “Tso npiacrwel end oxer Accredited AGEN tine wh thepeentsoe of te Ole ot Green Commis an Scale Corto ler Nec Stoney OMe Ths be Gun ule value abel naa ane uhh ules «Chee eae fv al ial ed by OFS ppiions rts, eredus or ably mate inti yubeion shoul be srt OFS amin Pole Tay, Stare Huse 2 16 Cote Nonsch Ns Ce Ro Ov! A an Zee Ne ENS HOON Smal hmeccansngseabneeAssgs gw ue conte the aso orm cn Us CT nats peor apgoakelleaseruddet hamcelomato das tine equaent ug yen re [Tei Renee Tr ilo he OF of Gavemrant Comes inthe nies Hing and tat orties ‘ha alge “ira Tale Male of Of of GovsreneCommitce "rain the Unie Kingda fr The Slate er7a3t-msp-18tbe13 2aya/oT 14:01 Page 144 Contents List of figures List of tables 06C's foreword Chief Architect's foreword Preface 1 Introduction 11 Abistoricel perspective of IT service ‘management and ML 12 MLtoday 1.2 TheML value proposition 1.4 The MIL service management practices 15 What ls aserveer 1.6 Navigating the MIL Service Management Lifecycle 2 Core guidance topics 21 Service Strategy 22 Service Design 23. Service Tansition 24 Service Operation 25 Continual Senice improvement 26 Lifecycle qualiy control " 2 2 2 13 27 ML conformance or compliance ~ practice adaptation 28 Getting started ~ Service Lifecycle principles The ITIL Service Management Lifecycle - core of practice 4.1 Functins and Procestes across the lifecycle Service Strategy - governance and decision-making 4.1 Strategic assessment 42. Developing strategic capabilities 43. Sewice Provider types ~ matching peed te capability 44 Senices ae sets — value creation AS. Pefining the mater space 46 Sevice Portiolios 4.7 Sevice outsourcing - practical decision-making 438 Retum on investment (RO) 49 Financial Management 4.10 Increasing service potential 4.11 Organizational development 3B 7 23 25 7 az iitTashenso-uTtLA13 iv 23/0/07 14s01 wage iw 1 contents Service Design — building structural service integrity sa 52 53 sé ss 56 57 38 59 sa 512 usinese value Five aspects of Service Design Identiving service requirements Service Design models Delivery model aptione Service Catalogue Management Service Level Management Capacity Management ‘allablty Management Fr Sewvice Continuity Management Information Security Management Supplier Management Service Transition ~ preparing for change 6.) Transition Planning and Support 2 Change management 63 Asst and Configuration Management 64 Release and Deployment Management 65 Service Validation ard Testing Releases 43 4s 46 ” 4 “ 50 52 8 Cy 6s 70 73 76 8 86 8 Service Operation 7A Business value 72. Event Management 7.3. Inédent Management 74 Request Fulfilment 75 Problem Management 26 Recess Management 77 Seniee Oparation functions 78 MT Operations Management 28 pplication Management 7.10 Service Operation and project ‘management 7.41. Assessing and managing fs in Service Operation 742. Operational staff in Service Design ‘and Transition Continual Service Improvement 81 22 22 ba as 86 Purpose of CI CStobjctives Business drivers ‘eernotogy avers Sonica measurement Continual Se-vice Improvement processes Sevice reporting 91 96 101 103 108 v6 7 aa 122 122 125 125 106 128 18 128 128TasH"S0AUTLA1S 29/8/07 L420L Rage v 9 Complementary guidance 9 ML and other framewerks, practices and standards 10 The ITIL Service Management Model to4 102 103 104 105 Acronyms Glossary Index Model clement types Base elements Creating a service Strategy generation Deciding the course of action to create a new service 145 145 14s 149 151 155 155Tashenso-uTtLA13 aayaror List of figures Figure 2:1 Figure 3: Faure 32 Figure 33 Figure 4.1 Figure 4.2 Figure 4.3 Figure 4.4 Figure 45 Figure 46 Figure 5.1 Figue 5.2 Figure 5.2 Figue 5.4 Figuee 55 Figure 56 Figure 57 Figue 53 Figure 59 Figure 5.10 The Deming Quality Cycle The ML Service Lecyele Process architecture Continua feedback oop Service Provider copabiltas and resources Actionable components of service definitions in terms of utility Service Portfolio Elements of a Service Pastfolio and Service Catalogue Service Pettolio management Business impact and RO! outcome Design dependencies Service Caralogue elements The Serves Level Management procese Component asad Service Level Package Cepacity Management elements Te Avatlbility Management process Relationship botweon levels of availablity and averll costs Service Continuity lifecycle IT Security Management process Supelige Management ~ roles and interfaces Figure 6.1 Figure 6.2 Faure 63 Figure 64 Figure 65 Figure 7.1 Figure 72 Figure 73 Foun 74 Figure 7.5 Figue 7.6 Figure 7.7 Figuie 9 Figue 82 Figure 8.4 Figure a4 Figure 10:1 Figure 10.2 Figure 103, Figure 104 Figure 105 Figure 10.6 The Service Transition process ‘Normal Change Mode! Service Asset and Configuration Management - interfaces to the lifecycle aarp of a rlaare package Sewvcetesing end validation “he Event Vanagamant process the Incident Meragernent process Tow The Problem Management process Now Single moniter corre nop Complex monitor contr Ino 17S meritor contra loop Role of Agplication Management in the applicetion lifecycle Continua Service inprovament mad Seven stop Improvemant Process Number of incident tickets openad aver time Service reporting process Service Management Modal element types Sowice Lifecycle govemance and operational lermerts, ‘Typical Type | Service Provicler interactions Type Il Service Provider intereetions ‘Type Ill Service Provider interactions Basic Service Management Model process elementsTasH-"S0-1PULA1S 29/8/07 14r0L Page vis Lust of figures 1 WHT Figure 107 MIL Service Lifecycle main practice elements Figure 108 Forming and formulating a Service Strategy Figure 108 The Service Pontolio Figure 10:10 stage 1 ~ Service Svategy elements Figure 10.11 stage 2 - Design sevice solution Figure 10.12 Stage —Tarsiton the service Figure 10.13 Change Management clements Figure 10.14 Nonmel Change Management process Figure 10.15 Information flows at the Service Transition sage Figure 10.16 Stage 4 — Operate the senice Figure 10.17. The Event Management process Figure 10.18 the Incident Management process fow Figure 10.19 Information low in the Service Operation sage Figure 1020 Stage 5 ~ Continual Service Improvernent Figure 1021 Information flow within Continual Service Imprevoment Figure 1022 ntogrstedl ifecyclo obmonts How Figure 1023 Layered view of the main elements in the Service LifecycleTa3H-"S0AUTULA1S 29/8/07 L4e0L Page Vis viii i List of tables Table 21 Roles and core guices Table 41 Factors in strategie assessment Table 42. Types of sourcing structures Table43 ample of increased Service Potential Table 44 Basic evganizationa) structures for typos of service strategies Table 5.1 Dollvery model options Table 8.1 Service metic examplesTasH"S0-1TULA13 29/8/07 14301 Page ix OGC’s foreword ‘As co-founder of the ITIL conceot and leader of is early development, 'm delighted by the positive impact ithas ‘made on companies and organizations around the world ‘What began as a UX aovemment initiative to set out an efficins, successful and reliable approach to service rmanagemant knew a glabal aneloaveur, with publications, taining and support toals avaiable in various languages. Of course, successful growth docan't happen by chance and! MIL has proven itself many tines over ‘through the benefits it bangs io the businesses trat embed its practices Since its creation in the late 1980s, ITIL hes been dleveloped to Keep up to date with 9 | 13 The IML framework incorporates the Deming Quality Cycle by applying it to the Senice Lifecycle stages. This helps align the practices of MIL to the stiucture of external practices such as COBIT and ISO/IEC 20000, 2.7 ITIL CONFORMANCE OR COMPLIANCE - PRACTICE ADAPTATION ‘An imoortent aspeci of ML is the ‘open-source’ nature of its practices, Its intended and strongly recommended that organizations adapt ML practices within their own context, and entrench their own best practices within an overall Service Managemant framework. For exemple, within Sonvce Tanstion, ITIL provides a Selection of Change Management mocels for standard, normal and emergency Changes. In many’ cases, thes models as deserbed in Service Trarsition may be all you reed and they cover the range of possible change types in Plan Project Plan Do Promet Check Aud Consolidation of the level ached ie. Baseline Time Scale7asenso-urte3 23/0/07 4:01 Page 14 14 | coe guaance an organization, Within each model, a specific flow of process and procedure is provided. If in your organization, rmore steps for an emergency change make sense to mect your requirements and objectives, then you should adapt these into the generic TL Change process flow. Doing so does rot meen you ne longer conform to IML, As long es the main MTL process steos, inputs and outputs are included and the abjecives met, that is your best practice and is fit for purpese in your arganizational center. ML isa famawork en organization conforns to, net complies wih, There isa major difference between these ‘wo things and one that is often misunderstood, Conformity cloves flex ity in te adaptation of prectives “within an organizationel context while maintaiving the ‘overall ctucture of the framework. Complianes is highly spacing, often auctucd Lo 2 fra sana ana the ‘organization's practices must nimic externally defined practices. Thera is a need for both within certain contoxts, bout key'to agile service management practices is knowing which, in what blend and in what context conformance of compliznce should apply Many organizetians use MIL 2s a means to achieve ‘compliance with a formal, audited standard such as ISO/IEC 200002008. The design of ITIL is particularly Useful for this purpase since the Famework is architacted to ensure that an exganization’s service capabilies are signed and operatec using the practices that align to thse stanclards This standard set outs the key areas of compliance and requires that erganizations can dernorstate that they use the management systems and practices in these areas in ‘order to be compliant to the standard, Experts agree that ‘sdopting IIL. produces framevork best rated to achieving ISOEC 20000 certification Late in this book a list of common external frameworks, method and standards are provided that have a slid alignment to the practices of IIL and fit wel into any organization's sevice practices. 2.8 GETTING STARTED ~ SERVICE LIFECYCLE PRINCIPLES In the following chapters you will am about the key ‘concepts within the MIL Service Lifecyete. Yeu begin by ‘working your way from the cere ofthe lifecycle, Service Strategy, then ground the revolving lifesyce practices of Service Desion, Transition and Operation, fishing wiih Continual Service Improvement, Alerwerd, you should have a ela understanding af the nase concepts of the ML Sevvice Lifecycle and how the core practice publications can be userul ta you. This will help reaclers ko further examine particular areas within any of the core guidance looks that offer detailed practice information in areas that support your day-to-day sersice management role ‘The following table gives a general view of some of the more camman roles in erganizatians and the TIL sence mangement practice core guides that host the day-to-day practes, processes and activities mast related te those rales7234-MS9-18UL13 20/8/97 14201 Page 15 Table 2.1 Roles and core guides cor gueance woes | 15 ole Core guide Seevce Desk Manages Sewice Operation Incident Nanage Technical Suppor staff Service Trantion and Sense Operation Operations Management Sevnice Trarstion and Senace Operation {Charige Manager Change Regaestor Solution Development Sevice Desi ‘Testng/Production Assurance Sevice Transtion and Senaice Operation Sence Level Nanager All core publications Poplkcationinrastucure Achtect All core pubications ‘Supplier Relavenship Marogerent sevice Dasion| TT Steering/Sonernance Sevice Strategy, Senice Dein GOAT Diwctor All core publications IT sevice Manager all core pubicatens Fonte Manager All core publications NOTE te is ontromaly important to reitwate ft race cove hook ens in alton, ust as pa one pt of sie management price doos Organizations mieresed in adapting ML or further maturing theircurent IT. pace must consider the ecycle n s emtiety and the benefit al he of te cose books provide Jstas ths Invodicton Book i Not 2 subsitue for he core ary, one core guide alone nok sui 10 adopt and use the practices to thee full potentialT234-M89-1TEL-13 20/8/07 14201 Page 167234-M8D-1CL-13 20/8/97 14201 Page 187asenso-urte3 aaaror Page 19 3 The ITIL Service Management Lifecycle — core of practice “The Service Lifecyce contains fve elements as shown in Figue 31, each of which rely on sence principles, provesse roles otk) eTomiate reuite, Te See Lifecycle uses hub and spoke desig, with Savice Strategy at the hub, Sevice Design, Tanstion and Operction as he revohing Ifecyle stages and anchored bby Continual Service Improvement. Each pat of the lifecycle exes influence nn the ther and relies on the other for inputs ard feedback. inthis way a constant set of chads and balances thoughout the Swice Lifsoycle Figure 3.1 The TR. Service Lifecycle ensures that as business demand changes with business need, the services can edapt and respond effectively to Wren Atthe heart of the Service Lifecycle Is the key principle — all senices must provide measurable value to business ‘objectives and cutcomes. TIL Service Management facuset ‘an business value as is prime objective. Fach practice evolves arcund ensuring tha: everyting a service provider coas to manage IT services far the business7asenso-urte3 2a/a/oT 14:01 Page 20 20 | he ITIL Semvce Nana ment Lifecycle ‘eustomer can be measured ard quantifed in terms of, business value, This has Become extremely important today as IT organizations must operate therrselves as businesses in order to demonstrate a clea return on. investment and equate service perornance with business value to the customer. 3.1 FUNCTIONS AND PROCESSES ACROSS ‘THE LIFECYCLE 3.1.1 Functions Functions are unit of organizations specialized to pecform cetain types of work and resporsible for spectic outcomes They ore sel contained with capabilities ond resources necessary to their performance and outcomes Capeoniues elude work meurods internal (othe functions Furetiors have thee own body of knowledge. ich accumulates from experience. They prenide structure and stabity to organization. Figure 3.2 Process architecture ava, information nd kerowledge Suppliers Service contol and quality core of pracike: Functions ypiclly define roles and the associated authority nd responsibily for a specific performence and outcomes Cooxdination between functions through shared processes 's a common pattem in crganvzation design. Functions tend ‘© optimize their work methods locally to focus on assigned outcomes, Poor coordination between functions combined \with an inward focus leads to functional ils that hinder alignment and feedback critical to the success of the ‘organization as a whole. Process models help aveid this problem with functicnal hierarchies by impreving cross functional coordination and control Wel-defned processes ‘an improve preductvity within and across functions. 3.1.2 Processes Processes are examples of closed-loop systems because they provide change and transformation towards a goal, and use feedback for self-einforcing and self-cortectne action (Figure 32). tis important to consider the entie process or how one process fits into another any 37asenso-urte3 2aya/oT 14:01 Page 21 Process definitions describe actions, dependencies and sequence Processes have the folloviing characteristics: |= They are measurable and are perfomance driven, Managers want to measure cost, quality and other variables while practitioners are concerned with ‘uration and productivity. |= Thoy have specficresulte The roaton 2 process euete {sto deliver a specific result. This result must be Individually identifiable and countable. |= They deliver to customers. Every process delivers its primary results 10a customer or stakeholder. They may be internal or extemal to the organization but the process must meet their expectations. ‘= They rezpond to a specifi event. While a process may tee ongoing or kerative, it should be traceable toa specific tigger. 3.1.3. Specialization and coordination across the lifecycle ‘Spedalization and coordination are necessary in the litecycle approach, Feedback and control between the functions and processes within and across the elements of the Hecycle make this possible. The dominant pattern in the Hecycle is the sequential progress stating from Servce Strategy’ (55) through Service Deliery (SD) Service Tanstion (ST) - Service Operation (SO) andl back ‘0 55 through Carinual Service Impravement (CSI. Thas, however, isnot the only paitem of action. Evety element of the lifecycle provides points for feedback and control service Wanagement Litegtle- cor oF practice 121 The combination of mutiple perspectives allows greater flexibility and contol across environments and situations Thelfecyle appreach mimics the realty of most organizations where effective management requires the se of multiple control perspectives. Those responsible fer the dotgn, dvelopmont are improvemort of procetcos for service management can adopt a process-based contol perspective. For those responsible for managing agreements, contacts and serves ray be better served bya lifecycle based conto perspective wit distinct, phases. Both these control perspectives beneft from systems thinking, Each contol perspective can reveal patams that may not be apparent from the other 3.1.4 Feedback throughout the Service Lifecycle ‘The strength of the MIL Service Lifecycle rests upon continual feedback throughout each stage of the lifecycle, This feedback ersures that service optimization is ‘managed from a business perspective and is measured in tems of the value business derives from services at any point in time through the Service Lifecycle. The Mi Service Lifecycle is non-linear in design, At every point in the Service Lifecycle, monitoring, assessment and feedback flows between each staae of the lifecycle which dive decisions ebout the need for minor course corrections or rrajor servce improvement inate. The following figure ilustrates some examples of the continual feedback systern bull into the MIL Service Liecycle,7234-mSp-18EL-13 20/8/07 14201 Page 22 a 22 | mes senice ianagement Ureqele ~ core of practice Figure 3.3 Continual feedbeck loop Fans to create and mod ences and weve management prceses Feedback Lesne Lee | {or improvement Manage the wanton of ae — ander serve management ress to preducton Service Opemtion Dey today opemtons of Services nd ence management proces Continual Service Improvement citer are embeedes i thence eye7234-M89-1TEL-13 20/8/97 14201 Page 247a3t-msp-18tbe13 2a/a/oT 14201 Page 25 4 Service Strategy - governance and decision-making et | ae ‘As the core of te ITIL Service Lifecycle, Senice Strategy sets the stage for developing a service provider's core capabilites. This chaptor will diccuss a zolection of the key concepts from the Service Strategy book to help aid the understanding of the rol of Service Stategy in the IML Service Lifecycle, Imagine you have been given responsibility for an IT organization. This organization could be intemal or extemal, commercal oF notor-profit. How Would you go about deciding on a strategy to serve customers? What if you havea variety of customers, all with specific needs, ‘and demands? How do you define your service strateqy to ‘meet all of thern? Serve Strategy provides guidance to help answer that key question. itis comprised of the flowing key concepts. = vaue creation Service assets 1& Service Provider types | Service capabilties and resources 1 Service structures The business/customess ‘jective from ‘ Requirements | Resource and Defining the service market Developing servic offerings Fioancal Management Service Portolios Demand Management Service assessment Return on investment. 4.1. STRATEGIC ASSESSMENT In crafting @ sence strategy, a provider should fist take careful look at what & does alroady. It ic ikely there already exists a core of diferentiation. An established service provider frequently lacks an understonding ofits ‘own unique differentiator. The following questions can help expose a service provider's dstinctve capabilities Which of our services oF service varieties are the most distinctive? ‘Are there services that the business or customer cannot easily substitute? The differentiation can come in the form. ‘of barrioes to entry, such 2s the organization's know-how7234-"Sp-1FEL-13 20/8/07 14201 Page 26 26 | senice strategy - governance and decision-maknig of the customer's business or the broadness of service fferngs. Orit may be in the form of raised switching cofts, due to lower cost structures generated through specialization of service sourcing. It may be a particular atribute not readily found elsewhere, such as product lnowiodge, regulatory compliance, provisioning sposds, technical capabilities or global support structures. Which of our services or service verieties are the mast proftabie? ‘The form of value may be monetary, as in higher erofts or lower expenses, or soc, asin saving lives or collecting taxes. For nenproft organizations, ave there sorvices that allow the organization to perform its mission better? Substitute ‘profit’ with benefits ealzu. Table 4.1 Factors in strategic assessment Factor Desctiption| Which of our customers and stakeholders are the most satisfied? Which customers, channels or purchase occasions are ‘the rmost profitable? ‘Again, the form of value can be monetary, social or other: Which of our ectivities in our value chain or value network are the most different and effective? ‘The answers to these questions will likely reveal oetterns that lend insicht to future strategic decisions. These decisions, and tolated objectives, foo the basis of a Service Providers car be present in mote than one rrarket space. AS part of strategic planning, Sewice Providers, should ansiyse choir presence across verious market spaces, Strategic reviews include the analysis of strengths, ‘weaknesses, opportunities an threats in each market space. Service Providers ako analyse theie business Sirengors and weaknesses he avibues OF ue orgaizauan. For eampl, rescurces rd capabues, sence ‘ually, operating leverage experience, sls, cost sructures, customer servic, qabel react, predict Inowedge, customer elatonships and $0 on Distinctive conpatencias de decuceed throughout the chapter, What mala the sarvice provider saci business o& customers? Business srategy THs is also where the discussion on custome ot nto abjecives setting ‘The perspective, postion, plans and pattems received fern a business srategy. For erarple, a Type | ard Ii ay be di services to extemal grtnes ox ver the it 5s model, 0 das part of ane busine mes begs ar i cried foward ca Success TBC HOW Wille SevIce PrO“Ger KIOW WEN I SUECESTUP Wren MUSK THOSE FACTOR DE. achieved? Threats and opportunities Includes competitive thinking, Fer exam, the sonvice pede wunerable to substitution? r,s there @ means to cutpericin competing atsratives?”7asenso-urte3 2aya/oT 14:01 Page 27 potential based on un-served or underserved market spaces, Ths is an important aspect of leaderthip and direction provided by the senior management of Service Providers. The long-ierm vtalty ofthe Service Provider rests on suppatting customer neecs as they change or grow as well exploiting new epportunities that emerge. This analysis identifies opportunities with current and prospective customers. also priritizes invastments in service accats based on their potential to serve market spaces of intowst. For example, ifa Sewvice Provider has strong capabilites and resources h sawvice recovery, it ‘explores all those market speces where such assets can deliver value for customers 4.2. DEVELOPING STRATEGIC CAPABILITIES “To operate and grow successtuly in tne ‘ong erm service providers must have the ability 10 think and act ina strategic mamer. The purpose of Sevice Strategy is to hap organizations develop such abilities. The achievernent of statecic goals or objectives recuires the use of stratagic assets, The guidance shows haw to ansform service management into a stategle asset. Readers Bonet: trom seeing the relationships between vetious services, systems or processes they manage and! the business models, strategies or ebyecives they suppor. the guidance answers questions ofthe folowing kin: = What services should we offer and to whom? = How do we differentiate ourselves from competing aitematives? How do we truly create value for our customers? How can we make a case for strategic investments? How should we define service quality? How do we efficiently allocate resources actoss a Portfoio of services? How do we resolve conflicting demands for shared. service Straiegy ~ goremnce and decision-raking 1 27 ‘Amult-diseplinary approach is required to answer such ‘questions, Technical Inowledge of Tis necessary but not sufficient. The guidance is pollinated with knowledge from lhe disciplines such as operations menagement, ‘marketing, fnance, information systems, exganizational development, systems dynamics and industrial ‘engineering. The resutis a body of knowledge robust ‘enough to be sffacive cass a wide range af business environments. Some organizations are putting in place the ‘foundational cloments af senvice management. Others are ‘urthor up the adoption curve, ready to tackle chellengas: anc opportunities with higher levels of complexity and uncertainty, 4.3 SERVICE PROVIDER TYPES - MATCHING NEED To CAPABILITY “The sim ef sarvica management iz to make available ‘opabilities and resources useful to the customer in the highly useble form of services at acceptable levels of quality, cost and risks. Sarice Providers help relax the constraints on customers of ownership and control of speciic resources, h adztion to the valve from utilizing such resources now offered as services, customers are freed to focus on what they consider to be their coe ‘competence, The relationship between customers ang Service Providers varies by specialization in ownership and Ccentrol of resources and the coordinatien of dependencies between diferent pools of resources. Service Strategy defines three broad types of Service Providers with whom a customer is likely to engage in accessing services = Type | -Intemal Service Provider Type | providers ae typicaly business functions embedded within the business units they serve, The bbusiness units themselves may be part of a laiger ‘enterprise or parent organization. Business functions such as finance, administration, logistics, human7asenso-urte3 28 21/a/o7 14:01 Page 20 | sentce strategy ~ goverranc and decistor-making resources and IT provide services required by various parts of the business. They are furded by overheads and are required to operate strltly within the mandtes of the business. Type | providers have the benefit of tight coupling with ther owner-customers, avoiding certain costs and risks atcociated with conducting busness with external parties. ‘ype I~ Shared Service Provider Business functions such as finance, fT, human rescurces {and logistics are not always atthe core of an ‘organization's competitive advantage. Hance, they need not be meintained at the corporate level where they demand the attention ofthe chief executive's tear. Instead, the services of such shared functions are Consolidated into an autonomous special unit called a charad conices init GSI) Thie meval allow a mre ddevelved governing structure under which an SSU can focus on serving business units as direct customers. ‘SSUs can create, glow and susizin an intemal market for thelr services anc model themselves along the lines of service providers in the open market, Like corporate business functions, they can leverage opporturities ‘crass the entemprise andl spread their costs and risks 2cr0ss a wider base, “ype it~ External Service Provider ‘Wpe Il providers can offer competitive prices and drve down unit costs by consolidating demand. Certain business strategies are not adequately served by intemal Sevice Providers such as Type! and Type I Customers may pursue sourcing srategies requiring services from extemal providers, The motivation may be access 10 knowledge, experience, scale, scope, ‘apatites and resources thet are ether beyond the Feach of the organization or outside the scope of & ‘aroflly considered investment portfolio, Business strategies often require reductions in the asiet base, fixed costs, operational risks or the redeployment of financial assets. Competitive businss environments ‘often require custome to have flexible and lean structures. In such cases its better to buy services rathor than own and operate the assets necessary to ‘execute certain busiress functions and processes, For such customers, Type Il is the best choice for a given 20% of sorvieos. “Teddy, is commman ta seo all hrae typos combining capabilites to manage services for a customer. The power of| this approach is in selecting the right blend and balance The Service Strategy publication provides detailed {guidance on provider types and how to decide on the Fight blend. 4.4 SERVICES AS ASSETS - VALUE CREATION A good buisinass model describes the mans offing an ‘organization's objectives. However, without a strategy that in some way makes a Service Provider uniquely valuable to the cistorrer, there 6 litle to prevent alternatives from clsplacing the erganization, decracing its mission or entering its market space. A service strategy therefore defines a unique approach for ceering better value. The need for having a sevice stratagy isnot limited ta Service Providers wno ate commesciat enterprises. iiemnal Service Providers need just as much to have a clear perspective, pesitioning and plans to ensure they remain relevant to the business strategies oftheir enterprises. Service assets have two main characteristics: © Utlity is perceived by the customer from the attributes of the savice that have a postive effect on the performance of tasks associated with dested ‘business cuteomes Ths ft for purpose. © Warranty is derived from the positive effect being avalable when needed, in sufficient capacity or magnitude, nd dependably in terms of continuity and security. This is fitfor use.7asenso-urte3 21/a/07 14:01 Page 29 Utility is what the customer gets, and warrenty is how it i delivered. Resources and capabilities are types of assets that, when ‘combined in various ways, produce service utility and ‘warranty. Organizations use them to create value in the fox of goods and services. Resources ae direct inputs for production. Managemant, arganization, people and knowledge are used to transform resources. Capsblities represent an organization's ability to coordinate, centro! and deploy resources to procuce value. Ihey a typicaly cexperience-criven knowedge-ivensle,tformalion-baved and firmly embedded uithin an organization's people, systems, processes and technologies Customers perceive benefits in a continued relationship, and entrust the provider with the business of increasing value and also aaing new custorness arti market spaces, to the realm of possibilities This justifies further investments in service management in terms of ‘capabilites and resources, which have a tendency to reinforce each other. Customers may intially trust the provider with low-value ‘contacts oF non-critical senices. Service management Figure 4.1 Service Provider capabiities and resources sence siategy ~ governance and decisionmaking | 29 responds by delivering the performance expected of 2 strategic asset. The performance is rewarded with contract renewals, now sorvces and customers, which together represent a larger value of business. To handle this increase In value, service management must invest further in assets such as process, knowledge, people, applications and infrastructure, Successful leaming and growth enables comrritments of higher service levels as service management gets conditioned to handle bigger challenges. 4.3 DEFINING THE MARKET SPACE ‘A market spaca is definad by a sat of businass outcomas,, Which can be facilitated by a service. The opportunity to facilitae those outcomes defines a market space, The following are exampies of business outcornes that can be ‘ne tases oF ene or more markes spaces 1 Sales teams ate productve with ssles management system on wireless computers Ecommerce website is inked to the warehouse management system 1 Kay business applications are monitored and secure Capabilities Resources a1 | Management Fancal casita ro 22 | Organtzation Infrestucure 16 8 Processes Aplications a n Knontedge Information te People People7asenso-urte3 21/8/07 14:01 Page 30 30 | sence srategy ~ govermarce and decision-making 1 Loan officers have faster access to information required (on foan applicants Online bil payment service offers more eptions for shoppess to pay Business continuity is assured, Each ofthe conditions is elated to one or more categories of customer esscts auch ao peoplerinfeadueture, Information, accounts racelvables ane purchase orcers, and can then be linked to the services that make them possble Customers will profer the one that means lower costs and Fisks Service Froviders areate these conditons through the services thoy deliver and thereby provide support for customers to achieve specific business outcomes, erases yoace Ihonofer raprosanls a wal of appeinition for Service Providers to deliver value to a customers business through one of more services. This approach has defirte value for Service Provider in building stiong relationships with customers, Often its not clear how services create value for customers. Services are often defined in terms of resources mace availabe for use by castomers. Service defintions lack clarity in the context in \hich such resources are useful, and the business outcames that justiy their cost from a customer's perspective. This problem leads to poor designs, ineffective operation and lacklustre performance in service contracts. Service improvements are cffcult when 't snot cloar where imaravements are truly required, Customers can understand and appreciate improvements only within the context of their own business assets, pevormances, and oucorre, I is therefore important the Servive Providers identify ther market spaces by encuting they define service by business autcomes such as thase described above and in Figure 4.2. 4.6 SERVICE PORTFOLIOS The Service Portfolio (Figure 4.3) represents the Commitments and investments made by a Service Provider ‘across all customers and market spaces It represents Figure 4.2 Actionable components of service definitions in terms of utility Tawra oe z 5 eee oy eared oe? aa car evieg denne E cena on os aes oa sate eee: Outcomes supported) (Conatrains removed)7a3t-msp-18tbe13 2aya/oT 14:01 Page 91 present contrectual commitments, new service development, and ongoing service improvemert programmes initiated by Continual Service Improvement. “The pontollo also includes third-party services, which are ‘an integral part of service offerings to customers. Some ‘third-party services are visible to the customers while others are not ‘The Service Portfolio represents all the resources presently engaged or being released in various phases of the Service Lifecycle. Each phase requires resources for completion of projects iniizives and contacts This is a very important Figure 4.3 Service Portfolio Senice Strategy — guvemance and dsciston-maang } 31 ‘governance aspect of Service Portfolio Management (SPM). Enty, progress and exit are approved only with approved funding and a financial plan for recovering costs or showing promt as necessary. The Portillo should have the right mix of services in development for the market spaces ‘and the Service Catalogue (Figure 4.4) to secure the financial viability of the Senice Provider. The Service ‘Gaalogue is the only part ofthe Portfolo that recovers costs or eams profits,7234-nSp-18EL-13 20/8/07 146201 Page 32 a 32 | senice strategy ~ govemance and decison-makng Figure 4.4 Elements of a Service Portfolio and Service Catelogue ite think of Pt as a dynamic and ongoing process set, it should include the fllowina work methods: 1 Define inventory services, ensure busines cases and validate portfolio data {= Analyse: minimize ponfoli value align and prioritize and bance supply and demand 1 Approve: raze proposed ponfelo, authorize sevices and resources 1 Charter: commuricate decsons, allocate resources ‘el chtor avn7asenso-urte3 2aya/oT 14:01 Page 93 Figure 4.5 Service Portfolio management Service Strategy on) + Business Case ( “Value Proposition b+) Proaizaton Js2)\ Authorization Communication ui) fesource alocator OU 4.6.1 Service Pipeline ‘The Service Pipeline consists of sevices under development for a given maiket space or customer. “These services are to be phased into operation by Service “Tansition after completion of design, development and testing. The Pipeline represents the Service Provider's {growth and strategic outlook forthe future. The general health of the provider is reflected in the Pipeline. It also reflects the extent tn which new service eomraphs and ideas for improvement are being fed by Service Stetegy, Service Design and Continual Sewice Improvement, Good Financial management i: necescay to ensure adequate funding for the Pipeline Service strategy ance and decsionmeing | 33 46.2 Service Catalogue “The Service Catalogue is the subset of the Service Portfolio Visible to customers tt consists of services presently active inthe Service Cperation phase and these approved to be readily ofered to curent or prospective customers. tems can enter tne Service Catalogue only ater cue agence has been performed on related costs and risks. Resources ate engaged to fully support active senices. ‘The Service Catalogue Is useful in developing suitable solutions for customers from one or more services. Items in the Service Catalogue can be configured and suitably pced to ful a particular need. The Service Catalogue is {an important tool for Service Strategy because it's the vial projection of the Service Providers actual and. present capabilites. Many customers are only interested in ‘what the provider can commit now, rather thane Future: 4.7 SERVICE OUTSOURCING - PRACTICAL DECISION-MAKING [service stategy should enhance an organization's special strengths and core competencies. Each component should reinforce the other. Change any one and you have 2 different model. As organizations seek to improve their performance, they shoul! consider which competencies are essential and know when to extend therr capabilties by partnering in areas both inside and outside their enterprise Outsourcing is the moving of a value-creating activity that ‘wes performed inside the organization to outside the ‘organization where itis performed by another company. What prompts an organization to outsource an activity is. the same logic that determines whether an organization makes or buys inputs, Namely, does the extra value _generaied from perferming an activity inside the ‘organization outweigh the costs of managing it? This decision can change overtime,7234-wSp-18EL-13 20/8/07 14201 Page 34 34 | serice sirateyy — guvemarce and decision raking ‘Table 4.2 Types of sourcing structures Soureing structure Intemal (ype 1 Description “The ovision and delivery of sences by internal af. Does not tical inlide standardization of service delvery across business units Pravies be most contol bul ao the mest rated in era of sake, Shared serves (ype t) ‘An interral ousness unit. Tpically operaes is prot an loss, anda chargeback mechanism. IF cost recewery i not wed, ther ti internal not shared services Lower costs than Interna with a similar degree of conttel.Imoxoved standardization but lites in teers of scale Full service ousourang ‘single corwract with @ Sngle sence Provger. Iypcally invoves sgricant asset vaste. Provides improved scale but limited in terns of besin-lass capabilities, Delvery rks are higher than prime, consortium or selective outsourcing as Seitching 16 an alternative i cifcut Prime A single Conuact with @ shgle Senke Provider who manages service delveny but engages rrultiple providers to do so. The contact stipulates fat the pete vendor vl leveraye the capabilities cf other best in class Service Proves. Capabilities and isk ae inproved frm sngle-vendor ousouring but complenty 5 cried, Consortium ‘A collection of Service Providers explicitly selected by the sence recipient. Al Providers ae required to corre together and present a unifiec’ mansgerrent interac. Fulfil a need that cnnot be sited by ary single wonder outsuscer, Provides best ‘class capablties with gee’ coniol than prime, Risk is invoouced Inthe form of provcces forcecta collaborate wat competitors Selective outsourcing ‘A collection of Service Prowcers explicitly selected and manayed ty the senvce recipent, This isthe most dificult tuctue te manage. The service recpient isthe service integrator, responsible for gaps or cross-provicer disputes The term ‘co-scurcng res to a special case of selective outsouting. In ths variant, the serice recipient mainains an femal o shared services snuctize ard combines with extemal provides. The sewvice ecipiet isthe service integrator7asenso-urte3 2aya/oT 14201 Page 95 Sourcing requires businesses to formally consider a sourcing strategy, the structure and role ofthe retained ‘organization, and how decisions are made, When sourcing services, the enterprise retains the responsibly for the adequacy of services delivered, Therefore, the enterprise retains key overall esponsibility for governance, The enterprise should adopt a formal governance approach in ‘order to create working model for managing its ‘outsourced services as well as the assurance of value dlvery. This includes planning for the organizational ‘change precipitated by the sourcing strategy and a formal and verifiable description as to how decisions on services fare made. Table 4.2 desribes the generic forms of service sourcing structures. Partnering with providers who are ISONIC 20000 comaliant can be an important element in reducing the risk of sewice sourcing. Organizations whe have achieved this certification are more likely to meet service levels on a sustained bass. This credential is particularly important in ‘muli-sourced environments where a common framework promotes better integration. Muti-sourced environments Fequite common language, integrated processes ard a ‘management structure between intemal and external providers ISQMEC 20000 does not provide al of ths but it ‘provides a foundation on which it can be but 4.7.1 Sourcing governance “There isa frequent misunderstanding of the definition of ‘governance’, particularly in a sourcing context, Companies have used the word interchangeably with ‘vendor management, ‘retained staff and ‘sourcing management organization’. Govemance is none of these. Management and goverance are different disciplines. ‘Management deals with making decisions and executing processes. Govemance only deal with making zound decisions It isthe framework of decision rights that encourages desired behaviours in the sourcing and the sourced ergarization, When companias confuse Service strategy ance and decsionmeing | 35 ‘management and governance, they inevitably focus on ‘execution at the expanse of strategie decision-making, Both are vitally important, Futher complicating matters i {the requirement of sharing decison rights with the Service| Providers. When a company places itsef in a position to rake operational decisions on behalf of an outsourcer, the outcomes are inevitably poor service levels and Contentious relationship manegement. Govemance is invariably the weakest link in a service sourcing strategy. A few simple constructs have been shown to be effective at improving that weakness: | A governance body - By forming manaqeably sized ‘governance body with a car undesstanding of the service sourcing strategy, decisions can be made without escalating to the highest levels of senior ‘managemert. By including representation from each Senice Provider, stronger decisions can be made. | Governance domains ~ Domains can caver decision- ‘making for a specific area ofthe service sourcing strategy. Domains can cover, for example, service delivery, communication, sourcing strategy or contract management, Remember, a governance domain does not include the responsibilty for its execution, ony its strategic decision-making, © Creation of a decision-rights matrix - This ties al three recommendations together. RACI or RASIC charts are comman forms of a dacision-rights matrix. 4.8 RETURN ON INVESTMENT (ROI) Return on investment (ROH is a cancept for quantifying the value ofan investment. is use ané meaning are not always precise. When dealing with financial officers, ROL most Nkely means ROIC (FEtUM On inves Apt), a measure of business performance. lh sevice management ROL is used as a measure ofthe ability to use assets to generale actitionl value. In the simplest sense, Kis the net profit of an ivesimert dhided by the net worth of|rase-nso-rrcu-13 2/8/07 1820L Page 36 36 | sence scraegy ~ goverarce and decision-making the assets invested. The resulting percentage is applied to tither addtional top-line revenue or the elimination of bottom-line cost It fs not unexpected that companies seek to apply RO! in deciding to adept service management. ROI is appealing because its sef-evident. The measure either meets or does not moot 4 numerical ertorian. The challange i ‘when RO: calculations focus on the short term. The application of service management has diferent degrees (f Roi, depending on business impact (see Figure 46). ‘Moreover, there are often dificuties in quanuifying the ccomplextis iavalved in implementations. Figure 4.6 Business impact and ROI outcome a service can be directly linked and justified through specific business imperatives, ew companies can readily lent the financial return for the specific aspects of service management. Its often an investment that ‘companies must make in advance of any retum. 4.9 FINANCIAL MANAGEMENT Operational visibly, insight and superior decision-making are the core capabilities brought to the entesprise through | the rigorous application of Financial Management. Just as business units accrue benefits through the analysis of7asenso-urte3 2aya/oT 14:01 Page 97 product mix and margin dats, or custemer profies and product behaviour, a similar utility of fnancial data ‘continues to incroase the importance of Firancial Management for IT and the business as wel. Financial Management as a strategic tool is equally applicable to al thee Service Provider types. Internal ‘sonvico providers ato incroacingly asked to opersto with the same levels of financial visibility and accountability as ‘their bushess unit and extemal counterparts. Moreover, technology and innovation have become the core revenue-generating capabililes of meny companies. Financial Management provides the business and IT with the quantification, in financial terms, of the value of IT services, the value of the assets underying the provisioning of those services, ae the qualification of ‘operational forecasting. Talking sbout IF in terms of services is the crux of changing the perception of IT and its value to the business. Therefore, asignficart potion of Financial Management is werking in tandem with FT anc the business to help identify, document and agree on the value of the services being received, and the enablement of service demand modelling and menagemert. ‘Much like the business counterparts IT organizations are increasingly incorporating Financial Management in the pursuit of Enhanced decision-making Speed of change Service Portfolio Management Financial compliance and control Operational control Value capture and creation. ‘One goal of Financial Management isto ensure proper funding for the delivery and consumption of services. Planning provides financial translation and qualification of ‘expected future demand for IT services. Financial ‘Management planning departs from historical IF planning service strategy nerce and deck by focusing on demand and supply variances resulting from business strategy, capacity inputs and forecasting, rather than traditional Individual line am expenditures ee ‘business cost accounts. As with planning for any other business organization, input should be collected from all reat of the FT organization and the business Planning can be categorized into thrae main arsas. each representing financial results that are required for continued visibility and service valuation © Operating and casita planning processes are common ‘and fay standardized, and involve the vanslation of TT expenditures into corporate financial systems as part of the corporate planning cycle. Beyond this, the Importance of this process isin communicating expected changes in the funding of IT services for corsideration by other business domains, The impact of IT services on capital planning is lgely underestimated, but is of interest to tax and fied-asset departments ifthe status ofan IT asiet changes © Demand representing the need and use of IT services. = Regulatory and environmental-elated planning should get its tiggers from within the business. However, Financial Management shoul zpply the proper finencial inputs to the related services value, whether cost-based or value-based. 49.1 Service valuation Service valuation quentifes, in financial terms, the funding sought by the business and IT for services delivered, based ‘on the agreed value of those services, nancial Management calculates and assigns a monetary value to a service or service component so that they may be disseminated across the enterprise once the business ‘custorrer and ITidentfy what services are actualy desired, = Hardware and software licence costs = Anrual mainienance fees for hardware and software7asenso-urte3 aaaror Las0L rage 38 38 governarce and decision-raking 1 Personnel resources used in the support or maintenance of a sence 1 Utiities, data centre or other facilities cherges 1 Tates, capital or interest charges © Compliance costs. Financial Nanagement plays a translational role between ‘corporate financial systenis and seivice management. The result ofa service-oriented accounting function is that far ‘greater deta and understanding Is achieved regarding service provisioning and consumption, and the generation ‘of data that feeds directly into the planning process. The functions and accounting characteristics that come into play are discussed below: 1 Service recording - The assignment of a cost entry to the appropriate sence. Depending on how services ze defined, and the granularity of the definitions, there may be aclitionelsubrservice components 1 Cost types - These ae higher-level expenses categories such as hadware, software, labour, ‘dministaton e&c. These atuibutes assist with reporting and analysing demand and usage of services and their components in commonly used financial 1 Cost classifications - There are also classifications within sevices that designate the end purpose ofthe «ost, Thete inlude casfistions such a: © CapiteVoperational - tis clastfication addresses ‘ferent accountng metnodologes that are required by the business and reguatory agencies © Directndect - this designation determines whether a cost willbe assigned directly or indirectly toa consumer or sevice ~ Direct costsare charged direct toa sevice since its the only corsumer ofthe expense ~ Indtect or shared costs are allocate across ruitiple services since each service may consume a potion ofthe expense © Fixed/variable ~ this segregetion of costs is based ‘on contractual commitments of time or price. The strategic issue around this classification is that the business should seek to optimize fixed service costs ‘and minimize the variable in order to minimize prodictabilty and stability © Cos units ~ a cost unit isthe identified unit of Consumption that is accounted for a particular service or service asset 4.9.2 Variable cost dynamics Variable cost dynamics (VCD) focuses on analysing and understanding the multitude of vanables that impact service cost how sersitive those elements are f0 vaiation, ‘and the related incremental value changes that result. Reon is 9 very brief tat of pocaible varldbte series cot ‘components that could be included in such an analysis Number and type of users Number of software licences Cost/operating foot of data cente Daivery mechanisms Number and type of resources Cost of adding one more storage device Cont af ackling one more end ser licen: 4.10 INCREASING SERVICE POTENTIAL “The capabilities and resources (service assets) ofa Service Provider represent the service potential or the productive capacty available to customers through a set of services. Projects that develop or impreve capabilites and resources increase the senvce potential For exarnple, implementation of 2 Configuettion Management Syetern leads to improved visbilty and control over the producive capacity of service assets such as networks storage and seners. It also helps quickly to restore such capacity in the event of falures or outages. There is7asenso-urte3 21/8/07 14:01 Page 99 Table 4.3 Example of increased Service Potential 39 sence sraiegy — governs and decistorrmating | Service management Invtiaave Increasing service potential from capabilites Increasing service potential Data cent cationalizetion Lover compledty ininfastctre Development of infastuctue and recmnoiogy asers {rom resources Inermeses the caoacty of Increeses eccromiss oF scale and scone Capaclky busing h service assets reining and cetification Lifecycle Khowledgeebe Saf in contol of Service Siaffrg of key vorpetencies Extersion of Sevice Desk hows Improved analysis and decisions Implernere Incident Management Prioritization of recovery Better response to Servce incidents es resource uniizaton Enichmert of desan porto Reuse of venice components service falls throu Fee! gn Thinclient computing Inceased flexibility mn wore locations Enanced sevice contuity capelites “Slandirdizaton and coro oF configura ization of admiistation functions ‘greater efficiency in the utilization of those assets and therefore service potential because of capability improvements in Configuretion Management Silay ‘examples are glen in Table 4.3, One cf the key objectves of service management is to improve the service potentia ofits capabilites and resources 4,11 ORGANIZATIONAL DEVELOPMENT when serior managers adopt a service management cofientation, they are adopting a vision for tre ganization. Such a vision provides 9 madal tawara which staff can work. Organizational change, however, i ot instantaneous. Senior managers often make the ‘mistake of thinking that announcing tho oxganizational change isthe same as making it happen, ‘There is no one best way to organize. Elements of an ‘organizational design, such as scale, scope and structure, ace highly dependent en strategie objective. Over time, an crganization wil likely outgrow is design. Certain lorgenizational designs it while others do not, The design challenge is to identify and select among often distinct chnices. Thus the problem becames much mare sabable Jwhen there is an understanding of the factors that (generate fit and the trade-offs involved, such as contra and coordination, It is common io think of orcanizational hierarchies in ‘terms of functions. As the functional groups become laiger, think of them in tame of departmentalization Addepartment can loosely be defined as an ergarizational activity invelving over 20 people. When a functional croup ‘grows ‘0 departmental siz, the organization can reorient7a3t-msp-18tbe13 2aa/o7 14401 Page 30 40 | senice siraegy ~ govemance anc decision-making the group to one ofthe following areas or @hybiid thereof 18 Function ~ preferred for specialization, the pooling of retources and reducing duplication 1 Product ~ prefered for servicing businesses with strategies of diverse and new products, usually mmanufcturing businoseoe Market space or customer — preferred for ocganizing ‘around market structures, Provides differentiation in the form of increased knowledge of and response to ‘customer preferences | Geography ~ the use of geography depends on the Indusvy. By providing services in close geographical proximity, travel and distribution costs ate minimized \while local knowledge is leveraged 1m Process ~ preferred for an encr-to-ena coverage of & process Certain basic structures are prefered for certain service strategies, as shown in Table 4.4. Service strategies are executed by delivering and supporting the contract portfolio ina given marketspace Contacts specty the terms and conditions under which value is delivered te customer through services. From an operational point of view this translates into tate a project ' T°: i ae ‘> Business Impact Analysis ' A Regan $ fk osesonent § rina) | sd >IT Service Continuity Strategy ; | | eee a ots 5 Develop plas eae plas and "ars ¢ememp| plementation procedures: > Orgntatn Paring 3 T 3 resting satay ' Prsraceioneren eee ‘onooing $ even and aude i > Change Management, 5.11 INFORMATION SECURITY MANAGEMENT ‘Across the world, organizations create value through the intelectual property they own and use to deliver products fond vervices, Protecting intellect! capital isa pritrany need for business and is increasingly legisated by lew. The technology torlay offers us unlimited potential to create, ‘gather and amass vast quantities of information. A service provider's responsible to ensure that they can guarantee the business information is protected from intrusion, theft, loss and unauthorized access. Information secunty is a management activity within the corporate governance framework, which provides the strategic direction for security acivities and ensures objectives are achieved. It further ensures that that the information security risks are approprately managed and enterprise infermnation resources are used responsibly. The purpose of ISM 6 to provide a focus forall aspect of security and manage all IT security activities. ‘The tem ‘information’ is used as a general term and Includes data ctoros, databacae and matadata. The ‘objective of information securty isto protect the interests ‘of those relying on information, and the systems and ‘communications that deliver the information, from harm resulting rem failures of availabilty, confidentiality and integrity For most organizations, the security objective is met wher 1 Information is avellable and usable when required, and the systems that provide it can appropriately resist attacks and recover fom or prevent failures (availabilty) 1 Information i observed by or dzclosed ta only theca ‘who have a ight to know (confidentiality)7asenso-urte3 2a/a/oT 14:01 Page 67 |= Information is complete, accurate and protected ‘against unautherized modification (integrity) ‘Business transactions as well as information exchanges between enterprises, or with partners, can be trusted (authenticty and non-epudiation). Prioritization of confidentiality, integrity and avalabilty snuct be conidared in tha content of butinace anc business processes. The primary guide to defining what must be protected and the level of protection has co come, from the business. To be effective, security mist address entire business processes from end to end and cover the physical and technical aspects. Only within the context of business needs and risks can management define security. ISM activites should be focused on and etiven by an ‘overall Information Security Policy and a set of Underpinning spesttic secunty polices. ine policy shoud have the full support of top exocutive IT management and ideally the support and commitment of top executive business management. The policy should cover all areas of ‘security, ne appropriate, maet the needs ofthe business ‘and should include: {An overall Information Securty Policy Use and misuse of IT assets policy Jan aecoes control policy AA password control policy An e-mail policy ‘An intemet policy ‘An ani-viras policy ’n information classfication policy Adocument classification policy A remote access policy A policy with regard to supolier access of TT services. information and comporents, = An asset depos policy. These policies should be widely available to all customers and users and their compliance should be refered to in all sence Design — buldng suciral service megity 1 67 SLRs, SLAS, contracts ard agreements. The polices should be autharized by top executive management within the buses and T, and compliance to them should be endorsed on a regular basis All seccurty pelicies should be reviewed and where necessary revised on at least an Annual bass “Te five laments within an formation Secu Management Sytem (SMS) Famewor ac Control The objectives ofthe con element ofthe IMS ae to: 1 Exablsh 9 management framework t nine ané manage inforration secur inte orgonization f Estbish an organization stucture to prepare approve and implement the information security policy 1 Alecate responses {© Establish anc control docimetation © Phan The objective ofthe plan element ofthe ISNS ito devise and recommend the appropiate security measures, based on an understanding ofthe requirements of the organization. ‘The requiementa willbe gthered fom such sources 4 business and senice risk, plans and strategies, LAS and OLAS and the legal, moral and ethical respensbities for information security. Other factors, suchas the amount of funding avallable and the prevaling organizaton cuture and atthudes to securty, must be considered. ‘The lnformation Security Policy defines the orgarization’s ttitude and stance on security matters This should be on organization document, rot just appicable tothe If Service Provider. Responsibility forthe upkeep of the document rest with the Information secunty Manager7asenso-urte3 2a/a/o7 14:01 Page 60 66 | sence Design — buluing siuctural sevice megnty = Implement “The objective of the implementation element of the IMS is to ersure that appropriate procedures, tools and controls are n place to underpin the tnformation Security Policy ‘Amongst the measures are: © Accountability for assets ~ Configuration Management and the CMS are invaluable here '© Information claisification ~ information and repostories should be classified according to the sensitivity and the impact of disclosure ‘The successful implementation of the security controls ‘and measures is dependent on a number of factors: © The determination of a dear and agreed policy integrated with the needs of the business © Security procedures that are justified, appropriate and supported by senior rranagement Effective masketing and education in security requirements f@ A mechanism for improvernent = Evaluation The objectives ofthe evaluation element of the ISMS ‘© Supenise and check compliance with the security oiicy and security requirements in SLAs and OLAS © Carry out regular audits of the technical security of T systems ‘© Provide information to external auditors and regulators, if required The objectives ofthis maintain element ofthe ISNS are to: 12 emprove on ceeuty agreements ae specified in, for example, SLAs and OLAS ‘Improve the implementation cf security measures and controls © This should be achieved using a POCA (Plan-Do- CCheci-Act} cycle, which is a formal approach suggested! by ISO 27001 for the establishment of the ISMS or Framework. This cycle s described in mote detal in the Continual Service Improvement publication. Security mossuros can be used at a specific stage in the prevention and handling of security incidents, as illustrated in Figure 59, Security incklents are not solely caused by technical threats ~ statistics show that, for example, the lage majotty stem fom human entors intended or not) (r procedural errors, and often have implications in other fields such as safety, legal or health. ‘The Following stages can be identified. At the start there Is a risk that a threat will materialize. A threat can be anything that otsrupts the business process or nas negative impact on the business. When a threat ‘materializes, we speak of a security incident. Ths security incident may result in damage (to information or to assets) that has to be repaired or otherwise corrected. Suitable measures can be selected for each of these stages. The choice of measures will depend on the importance attached to the infermetion: | Preventive: security measures are used to prevent a security incident from occurring. The best-krown ‘example of preventive measures isthe allocation of _&cess rights to a limited group of authorized people. ‘The further requirernents associated with this measure include the control of access rights (granting, maintenance and withdrawal of rights), authorization {identiying who is allowed access to which information and using which tools, identfiation and authentication {confirming who is seeking access) and ‘access control (ensuring that only authorzed personnel cen gain acces)7a3t-msp-18tbe13 2a/a/oT 14201 Page 69 Figure 5.9 IT Security Management process = Reductive furtier measures can be taken in advance ‘0 minimize any possible damage that may occur Familiar examples of teductive measures are making regular backups and the development, testing and maintenance of contingency plans Detective: if 2 security incident occurs it is important to discover it as soon as possible - detection. A familar ‘example ofthis is monitoring, linked to an alert procedure. Another example is vinus-checking software Repressive: measures are then used to counteract any Continuation or repetition ofthe security incident. For ‘example, an account or network address is temporarly blocked after numerous ‘aed attempts to log on or the retention of a card when multiple attempts are ‘made with a wrong PIN numaer service Design — building simcural servce imegrty 1 69 | Conective: damage is repelred as fer a5 possible using ccomective measures. For example, corrective measures Include restoring the backup, or retuming to a previous stable situation (roll-back, tack-out). Fallback can also been seen as a corective measure “The documentation of all contols should be maintained torreflect accurately their operation, maintenance and their ‘method of operation. 15M faces many challenges in establishing an appropriste Information Security Policy with an effective supporting ‘process ang controls, One of the biggest challenges isto ‘encure that there ie adequate support from the business, business security and senior management. If these are not availabe, it will be impossible to establish an effective ISM process If there ix senior IT management support, but7asenso-urte3 2a/a/o7 14201 Page 70 TO { sesvce Design ~ butidng siructura’ service imegrly there is no support from the business, IT security controls and risk assessment will be severely limited in what they ‘ean achieve because of this lack of support from the business. ICs pointless Implementing securly policies, procedures and controls in ITif these cannot be enforced throughout the business. The major use of IT services and assetsis outside of I, and so are the majority of security ‘threats and ris. In some orgarizations the business perception is thet security i an IT responsibility, and therefore the business assumes that IT wil be responsible for all aspects of fF security and that IT services will be adequately protected. However, without the commitment and sunpoet of the business and business personnel, money invested in expensive security contiols and procedures will be largely ‘wasted and they will mostly be ineffective Refer to the Service Design core publication for further guidance and detaied practices on Information Security Management. 5.12 SUPPLIER MANAGEMENT ‘The Supplier Management process ensures that suppliers and the services they provide are managed to suppott IT service targets and busines expectations. The ain ofthis section i to raise awareness of the business context of ‘working with partners and suppliers, and how this work can best be drected toward realizing business benef for the organization, Its essential that Supplier Management proceases end planning are involved in all stages ofthe Service Lifecycle, {rom strategy and design, through transition and operation, ‘0 improvement. The complex business demands require the complete breadth of sks and capably to support provsion of a comprehensive set of T services to a business, therefore the use of value networks and the suppliers and the services they provide are an integal part of ary end:to-end solution. Suppliers and the management of suppliers and partners are essential to the provision of quality FT services (soe Figure §.10). The main objectives of the Supplier Management process are © Obtain value for money from supplier and contracts |© Ensure that underpinning contracts and agreements ‘with suppliers are aligned to business needs, and support and align with agreed targets in SLRE and SLAs, in conjunction with SLM |= Manage relationships with suppliers ‘Manage supplier performance | Negotiate anc agree contracts with suppliers and manage them through ther lifecycle |= Maintain a suppliet policy and a supporting supplier and contract datatase (CD. The Supplier Management process should include: |= Implementation and enforcement of the supplier policy Maintenance of an SCD |© Supplier and contract categorization and risk Supplier and contract evaluation and selection Development, negotiation and agreement of contracts ‘Contract review, renewal and termination Management of suppliers and suppler performance ‘Agreement and implementation of service and supplier Improvement plans Maintenance of standard contrects, terms and conditions| = Management of contractual dispute resolution = Management of subcontracted suppliers. FT supplier management often has to ceemply with ‘organizational o: corporate standards, quideines and requirements, paticuarly those of corporate eg, finance and purchasing,7a3t-msp-18tbe13 2aya/oT 14201 Page TL Figure 5.10 Supplier Management - roles and interfaces Service Provider Supplier Mgt. Process Owner Service Design — building svuciural service megnty Finance @ Purchasing Contacts Manager Legal Supplier — Satisaction surveys also play an impertant role in revealing how well supplier service levels ae aligned to business needs. A survey may reveal instances where there is disatisfaction with the service, yet the supplier is apparently performing well against ts targets (and vice versa). This may happen whare service lavels ae inappropriately detined and should result in a review of the contracts, agreements and targets Some service providers publish supper league tables based on their survey results stimulating competition between suppliers, For those significant supplier relationships in which the business has a direct interest, both the business (in conjunction with the procurement department) and vi have establshed the objectives for the relationship, and Cefnec the benefits they expect to realze. This forms a 'major part ofthe business case for entering into the reationship. These benefits must be linked and complementary, and ‘must be measured and rranaged. Where the business is seeking improvemsents in customer service, then if ‘upplie relationships contributing to those customer services must be able to demonstrate improved service in their own doman, and how much this has contibuted to improved customer service. 7”723b-mSp-18EL-13 20/8/07 14620L Page 72 TZ { sence Design — building structure! seraice megny Strong, trusted relationships with suppliers are an integral eernent of successful service managernent and enhance the value of any service provider to the business. ‘The Service Design took contains all the details to guide yu through Supplier Management and achieve this level Of relationships with supplies.7234-M89-1TEL-13 20/8/97 14201 Page 74ra3t-nsp-18tb-13 21/8/07 14201 Page 75 6 Service Transition — preparing for change =a In the IT world, many business innovations are achieved ‘through project intiatives that involve IT. ln the end, ‘whether these are minor operational improvements or _majer transformational events, they all preduce change. In the preceding chapter we looked at creating and Improving services through the design stage of the lifecycle. Now we must ensure that what is planned to be implemented will achieve the expected objectives. is this point the knowledge that has bean generated and that will be needed to manage services orce in the live environment, must be managed and shared across the organization. Tis is done throuch Service Transition ‘The business/customers In this chapter we will discuss a few of the key concepts \wethin Service Tansitin: Transition Planning ‘Asset and Configuration Managemert Release and Deployment Management ‘Change Management = Testing and validation. “The purpose af Service Transition is tae = Plan and manage the capacity and resources required: to package, build, test and deploy a release into production and estabish the service specified In the customer and stakeholder tequicements7asenso-urte3 21/a/o7 14:01 Page 76 76 | serve trarskion — prepanng for change 1 Provide a consistent and rigorous framework for evaluating the service capability and risk orofie before a new or changed service & released or deployed 1 Establish and maintain the integrity of all ideritiee service assets and corfigumtions as they evolve ‘hough the Service Tansiton sage 1 Provide good-quality knowledge and information so that Change and Release and Depioyment Nanagement can expedite effective decisions about Promoting a release through the tet environments and into production '= Provide efcient repeatable build and instalation ‘mechanisms that can be used to deploy releases to the test and production envconments and be rebuit i required to restore service 1m Ensure that the service ean be managed. operated and supported in accordance with the requirements and constants specified within the Service Design. Effective Service Tansttion can significantly improve a Service Provider's ability to handle high volumes of change and releases across its customer base. it enables the Service Provider to: '& Align the new or changed sevice with the customer's business requirements and business operations |= Ensure that customers ard users can use the new or ‘chanced service in a way that minimizes value to the business operations. ‘Specifically, Service Transition ads value to the business by improving: | The ability to adapt quickly to new requirements and market developments (‘competitive edge’) | Transition management of mergers, de-mercers, ‘acquisitions and transfer of services 1m The success rate of changes and releases for the business | The predictions of sence levels and warranties for new and changed services, © Confidence in the degree of compliance with business and governance requirements during change |= The vatiation of actual against estirated and approved, resource plans and budgets 18 The productivity of business and customer staff because of better planning and use of new and changed servicos |= Timely cancelation or changes to maintenance contracts for harcivare and software when components are disposed or decommissioned | Understanding ofthe level of risk during and after change, e.. sevice outage, disuption ard rework, “The processes covered in Service Transition (see Figure 6.1) ‘= Tranztion Planning and Support = Change Management '& Service Asset and Corfiguration Management '& Release and Deployment Management Service Validation and Testing = Evaluation = Knoviledge Management. 6.1 TRANSITION PLANNING AND SUPPORT ‘The goal of Tanstion Planning and Support are to: 1 Plan and coordinate the resources to ensure that the requirements of Service Strategy encoded in Service Design are effectivey relized in Service Operations | dently, manage and control the sks of fature and disruption across trensition activities. ‘The objectives of Transition Planning and Suppor are to: 1 Plan and cocidinete the resources to establish successfully 2 new or changed service into production within the pradicted cost, quality and time estimates|restereocieas 2070/07 L4sOL age 17 o sence Tanstton preparing or crnge 177 Se Sy Foun tty I pce is Pont Was te Srvc De ‘elite ‘per ML coe LY _iblaton that supports ce, pn Beene Sere eg wy Pon to ape Bsn eure7asenso-urte3 2a/a/oT 14:01 Page 78 76 | servce transkion — preparng for change 1 Ensure that all parties adopt the common framework of standard re-usable processes and supporting systems in order to improve the effectiveness and efficiency ofthe integated planning and coordination activities 1 Provide clear and comprehensive plans that enable the customer and business change projects to align their activites with the Service Transition pans. ‘The organization should deckle the most appropriate approach to Service Transition based on the size and nature of the core and supperting services, the number and frequency of releases required, and any special needs ofthe users —for example, ifa phased rollout is usually required over an extended period of time. ‘The Service Transition strategy defines the overall ‘approach to erganizing Service iranstion and allocating resourcos. The aspacts to centidor ao: '& Purpese, goals and objectives of Service Tansition Context, 2g. service customer, contract portolios Scope - inclusions and exclusions ‘Applicable standards, agreernents, legal, regulatory and contractual requirements Organizations and stakeholders involved in transition Framework for service Wansition Grteria Wentiication of requirements and content of the new or changed senice People ‘Approach © Deliverables from transition activites including ‘mandatory and optional documentation for each stage herbie of milstones | Francial requirements ~ budgets and funding, Service Design will - in collaboration with customess, {extemal and intemal suppliers and otrer relevant stakeholders ~ develop the Service Design and document kin @ Service Design Package (SDP). The SOP includes the following information that is required by the Service “anstion tear: © Applicable service packages (29. Core Service Package Service Level Package) 1 Service specifications = Service models © Architectural design tequited to deliver the new ot changed Service including constraints © Definition and design of each release package © Detailed design of how the service components wil be assembled and integrated into a release paclage '& Rolease and deployment plans 1 Service Acceptance Criteria, 6.1.1 Planning an individual Service Transition ‘The release and deployment activities should be planned in stages as details ofthe deployment might not be known in detail initally. Each Service Transtion plan ‘should be developed from a proven Serves Transition ‘mode! wherever possible. Although Service Design Provides the intial plan, the planner will atocate specifi resources to tha aetitls and medify the plan t0 At in ‘with any new circumstances, eg. test specialit may have left the orgerization. ‘A Service Tarsition plan describes the tasks and activites required to release and deploy a relesse into the test environments and into production, including: 1§ Work enviconrrent and infastuctue for the Senice Transtion 1 Schodula of miectones, handover and delivery dates 1 Activites and tasks to be performed Stafing, resource requirements, budgets and timescales at each stoge 1 Issuas and risks to be managed7asenso-urte3 2a/a/oT 14201 Page 79 Lead times andl contingency. Allocating resources to each activity and factoring in resource availabilty will enable the Service Transition planner to work out whether the transition can be deployed by the required date If resources are not available, it may be necessary to review other transition, commitments and consider changing priors. Such ‘changes need to be discussed with Change and Release ‘Management as this may affect other changes that may be dependents o” prerequisites ofthe release 6.1.2 Integrated planning Good planning and management are essential to deploy a release across distibuted environments and lations into production successfully An integrated set of transion plans such as release, build and test plans. These plans shouldbe integrated with the change schedule, ease andl deployment plons, Establishing good quality plans at the outset enables Senice Fanstion to manage and coordinate the Senice Transition rescurces, eg, resource allocation, utiization, budgeting and accountings ‘an exrarching Service Tanstion plan should inca the milestone activities to acquire the release comconents, package the release, build, test, deploy, evaluate and proectivey improve the sevice through early life support It wil also include the activities to build and maintain the senvces and IT infastructure, systems and environments and the measurement system to support the transtion ectiities. 6.1.3 Adopting programme and project management best practices Its best practice to manage several releases and deployments as a programme, with each significant deployment run as a project The actual deploymert may be carted out by dedicated staffas part of brcader semice Transition — prepart responsiilties such as operations or through a team brought together forthe purpose. Elements of the deployment may be delivered through excernal supplies, and suppliers may deliver the buk of the deployment ‘effort, for example in the implementation of an off-the- sholfsystom auch as an ITSM cupport too Significant doplayments willbe comploe projects in thote ‘own right, The steps to consider in planning include the range of elements comprising that service, eg. people, application, hardware, software, documentation and knowledge, This means that the deployment will contain stb-deployments for each type of element comprising the service 6.1.4 Reviewing the plans “The planning role should qualty revicn all Sn: “Tansition, lease and deployment lars. Wherever possible, lead times should include an element of contingency and be based on experience rather than rmerely supplier assertion. This apples even more for internal suppliers where there is rc formal contrect. Lead times will typically very seasonally and shey should be factored into plenning, especialy for long timeframe transitions, where the lead times may vary between stages of a tansition, oF beawvesn diferent user locations Before starting the release or deployment, the Service TTansiton planning role should verify the plans and ask appropriate questions such a: 1 Ace these Service Transition and release plans upto date? 1 Have the plans been agreed and authorized by all relevart parties, eg. customers, users, operations and suppor stat? © Do the plans include the release dates and deliverables ‘and refer to related Change Requests, Known Exros and Problems?7asenso-urte3 21/a/o7 14:01 Page 90 6 | senice Transition - prepanrg for change 1© Have the impacts on costs, organizational. technical ‘and commercial aspects been considered? '& Have the risks to the overal services and operations capability been assessed? = Hes there been a compatiilty check to ensure that the Configuration items that are to be released are compatible with each othe: and with Corfiguration Items in the target environments? ‘= ave circumstances changed such that the approach ‘needs amending? | Were the rules and guidance on how to apply it relevant for current service and release packages? "= Do the poople who need to use It understand and hhave the requiste skills to use it? | Is the service release within the SDP and scope of what the transition model adrecces? | Has the Service Design atered significantly such that it is no tonger appropriate? |= Have potential changes in business orcumstances been identified? Proper planning of service transiton and support wil reduce the need for comective measures during and after release iio lve operation. Refer io the Service Transivion core publication fo full details on the Transition Planning and Support process. 6.2 CHANGE MANAGEMENT The purpose of the Change Management process is to ceraure that: | Standardized methocs and procedures are used for efficent and prompt handling ofall changes |= Ai changes to Service Rezste anc Configuration terse ae recorded in the configuration management system | verall business skis optimized. The goals of Change Management are te: '= Respond to the customer's changing business requirements while minimizing value and reducing incidents, disuption and rework 1B Respond to the business and IT requests for change that will align the services with the business needs Reliability ané business continuity ae essential fr the suceass and survival of any organization, Service and infrastructure changes can have a negative impact on the business through service distuption and delay in identifying business requirements, but Change ‘Management enables the service provider to add value to the business by: '= Prioritzing and responding to business and customer change proposals |= Implementing changes that meet the customer’ agreed service requirements while optimizing costs = Contributing to meet governance, legal, controctual ‘and regulatory requirements | Reducing failed changes and therefore service aruption, defects and rework | Delivering change oromptly to meet business timescales "= Tracking changes through the Sewice ufecycle and to the assets of ts customers Contributing to better estimations of the quality time and cost of change: '& Assessing the rsks associated with the transtion of services (intreduction or disposal) = Aiding productivity of aff through minimizing disruptions due to high levels of unplanned or Emergency Change and hence minimizing service avalabilty "= Reducing the mean time to restore service (MTRS), via uicker and more successful implementations of conective changes7asenso-urte3 2aya/o7 14:01 Page 01 1 Laising with the business change process to identify ‘opportunites for business improvement. Policies thet support Change Management include: = Creating a culture of Change Management across the ‘organization where thereis zero tolerance for unauthorized change = Aig € Chonge Management process with business, roject and stakeholder change management processes Priorzation of change, eg. innovation vs preventive 5 detective vs corrective change = Establishing accountability and responsibilities for changes through the Service Lifecycle Segregation of duty contiols xtablshing a single focal point for changes in order to ‘minimize the probability of conflicting changes and potential disruption to the production environment © Preventing people who are not authorized to make a change from having access to the production |= Integration with other service management processes to establish traceability of change, detect unauthorized change and identify change-elated incidents = Chance windows ~ enforcement and authorization for exceptions 1 Performance and rsk evaluation of all changes that Impact service capability 1B Performance measutes forthe process, 2g. efficiency and effectiveness. the sek 6.2.1 The seven Rs of Change Management ‘The following questions must be answered for al changes ‘Wheat this information, the irapect asseserient cannic ‘be compieted, and the balance of risk and benefit to the live service will not be understood. This could result in the change not delivering all the possible or expecied sence Transiion business benefits or even having a detrimental, Unetpected effect on the live service. Who RAISED the change? |What isthe REASON for the change? What is the RETURN required from the change? What are the RISKS involved in the change? What resources are REQUIRED to collver the change? Who is RESPONSIBLE for the build test and implementation of the change? What is the RELATIONSHP between this change and other changes? “The Request for Change (RFC) is a key information source and the catalyst forthe change activitios of Create and record Feview ‘esezt and evahiate Authorize Plan Coordinate Review Close, Each RFC will follow a selected Change Model that is appropriate for the nature and type of change. Change Models are pre-established process flaws with the necessary steps to satis’y the type of change and level of authorization nooded to properly acces risk and impact. ‘Three basic Change Models are included in Service ‘Tarsitions which can be adapted to suit individual organizational circumstances and need, = Standard Change Model - Used for pre-authorized repetitive, low-1sh, wel-tested changes. Often these willbe the madel used for service operational maintenance changes7234-MSp-18EL-13 20/8/07 14201 Page 82 a Z| sence Transiton — preparing tor change © Normal Change Model - The full model for changes. Emergency Change Model - A model reserved only {that must go through assessment, authonzation and. {or highly citical changes needed to restore failed high, ‘Change Advisory Board (CAB) agreement before availailty or widespread service failure or that will implementation prevent such a fllure from imminently cecuriing, Figure 6.2 depicts the high-level flow of a Normal Change Model Figure 6.2 Normal Change Model é i i 2 aoe : [alta | : change i : Induces bud and test the change7asenso-urte3 2a/a/oT 14:01 Page 03 6.2.2 Change Advisory Board ‘The CAB isa body that exists to suppott the authorization Of changes and to assist Change Management in the assessment and prioritization of changes, As and when a ‘CABis convened, members should be chosen who are capable of ensuring that all changes within the scope of the CAB are adequately assessed from both a business and 2 technical viewpoint. ‘The CAB may be asked to consider and recommend the adoption or rejection of changes appropriate for higher level authorization and then recommendations will be submitted to the appropriate chenae autheriy. To achieve this the CAB needs to include people with a clear understending across the whole ange of stakeholder needs. The Change Manager will normally char the CAR and potential members include: Customers) User moneger() User group representatine(s) ‘Applications developersimaintainers Speciaitstechnical consultants Services and operations staf e.g. Service Desk test management, ITSCM, security, capacity Faclts/ofice services staff (where changes may affect movev/accommodaton and vice versa) © Contractors or third partes’ reresentatives, en outsourcing situations. ‘The Service Transition core publication contains the full ‘Change Management process, 6.3 ASSET AND CONFIGURATION MANAGEMENT Within the human body lle e number of inuicae systems, The respiratory, nevvous and circulatory systems have distinct functions, but they also have a critical dependency Senice rrensiion— prepamg for change | 83 ‘on one another. one system fai, the others wil ‘eventually succums, unless provided additional lfe- supporting Intervention. Services are systems with similar leves of interdependency. These are service assets which have configurations specific to the functions they perform and, ultimately, the sorvico they collectively deliver. No organization can be fully offciont or affective unis i manages its assets well, partculatly those sssets that are vital to the rinning of the customer's or organization's business. Ihis process manages the service asse's in order (W suppart ite othe service manager processes “The goal of optimiring the perfomance of service acsets and configurations improves the overel| service performance and eptinvizes the caste and risks used by pocily managad assets, eg. service outages, fines, correct cence ees and raned auc. Service Asset and Configuration Management (SACM) Provides visibility of accurate representations ofa service, release, or environment that enable: '© Better forecasting and planning of changes ‘= Changes and releases to be assessed, planned and delivered successfully '& Incidents and Problems to be resolved within the service level targets 1 Service levels and warranties to be delivered 1 Better adherence to standards, legal and regulatory ‘obligations (fewer nen-conformances) | Nore business opportunites as able to demonstrate control of assets and services | Changes to be traceable from requirements = Geation ofthe ability to identify the coss fora sevice 63.1 Configuration Items ‘A Configuration iter (Cl) # an asset, service component or ‘other item which is, or will be, under the control of Configuration Management. ls may vary widely7asenso-urte3 2a/a/oT 14:01 Page 84 84 | service Transition ~ preperng for crange ‘complexity, size and type, ranging from an entire service ‘© system including ail hardware, sofware, documentation ‘and support staf to a single sotware module or a minor hardware component, Cls may be grouped and managed together, eg. a set of components may be grouped into a release, Cls should be selected using established selection citerie, grouped, clasified and identified in such a way that they are manageatle and treceable thoughout the Service Lifecycle. ‘There will be a variety of Cl; the following categories may help to identity them, Service Litecyde Cis such as the Business Case, service management plans, Sevice Lifecycle plans, Service Design Package, release and change plans, and test plans. They provide @ picture of the Service Proviogr's services, now tese services will De ivered, what benefits ae expected, at what cos, and when they will be realized Service Cle cuch 26 © Service capability assets: management, ‘organization, processes, knowledge, people © Service resource assets: financial capital, systems, applications, information, data, infrastructure and faclties, people © Service model © Service package Release package Service accentance erteria = Organization CIs ~ some documentation will deine the characteristics ofa Cl whereas other documentation will be a Cl in its own right and need 10 be conuolled, eg. the organization's business strategy or other poicies that are internal to the ‘organization but independent of the Service Provider. Regulatory oF eatutory requirements ako form external products that need to be tracked, as do praducts shareé between more than one gioup | Internal Cis comprising those delvered by individual projects, including tangbble (data centrs) and Intangible assets such as software that are required to deliver and maintan the service and Infrastructure | External Cis such as external customer requirements, and agreements, releases from supplies or sub~ contractors and external services 1 Interface Cis that are required to deliver the end:to- end service acioss a Service Frovider interface (SPI 6.3.2 Configuration Management System To manage large and complex IT services and infrastructures, Sewice Asset and Coniguration "Management (SACM) requies the use of a supporting system known as the Configuration Management System (cs) The CMS holds all the information for ls within the designated scope. Some of these items will have related specications or files that contain the contents ofthe item, 2g. software, document oF photograph, For example, a Service Cll include the details such as supplier, cost, purchase date and renewal date for licences and ‘maintenance contracts and the related documentation such as SLAS and underpinning contracts. The CMS is alo used for a wide range of purposes; for example ascet data held in the CMS may be made available to external financiel asset management systems +0 perform specific asset management process reporting outside configuration management. ‘The CMS maintains the relationships between all service components and any related incidents, problems, known errs, change and release documentation and may also contain corporate data about employees, apples, locations ard business units, customers and users.7asenso-urte3 21/8/07 14201 Page 05 Attributes for Configuration Items Attributes describe the characteristics of al that are Valuable to record anc whch wil support SACM ard the ITSM processes it supports. ‘The SACM plan references the configuration information and data architecture. This includes te attributes to be recorded foreach type of ase or Cl. Type! atibutes incu: Unique identi = Guype Nemeldeseiption Vasion (efile ui, baseline, release) Location Supply date Leenee dete, eg. expiy date Owmecicusodian Status Supplien/source Related document raster Related software masters Historical data, eg, audit wail Relationship type Aoplicble tA. ‘These atrivutes will define specific functional and physical characteristics cf each type of asset and Cl e.g. size or capacity, together with any documentation or spectications. “The business value of SACM is often not recognized until the use ofthe CMS is used with other service management piocestes within the Service Lifecycle. The CMS spat of larger Service Knowledge Management System (se the Sevice rarstion cor publication) that drives the efectiveness and value of service knowledge. service Tans change | 85 Clinformation is critical for responsive service provision and assists in areas such as | Service Desk — impact of service failure, SLA targets ‘associated to the service that the Ci) a susporting, ‘owner and techrical support information, recent changes to the Cl to aid in Incident triage |= Event Management — tending of avents logged against Cl for possible service stability issues ‘= Incident Management — logging of faults against Cs ‘and ability to see upstream and downstream impacts '= Financial Management ~ asset and replacement lifecycle information, contributing the service valuation activities = Aaailabilty and Continuity ~ Identication of point of failure vulnerability through Cl relationship and redundancy information in the CMS 1 Sonica Loval Managomont ~ idontfying dopondencios and relationships of components that contribute to an ‘end-to-end senice ‘= Change Management — identication of impact of changes to services.1234-MSp-18EL-13 20/8/07 14201 Page 96 66 {service Transtion — preparing for change Figure 6.3 Service Asset and Configuration Management - interfoces to the lifecycle ono marogmenk Nonogamertsuppet retonshis sive CN and tools Posy Standards ‘Staeoy Sve Fort, esomerPorico. cons ogre | Management ed Ronin equtererts Dain, arenes, aksee Desire ‘pereans pans Feed je 6.4 RELEASE AND DEPLOYMENT MANAGEMENT treatve Release and Deployment Management practices ‘enable the Service Prover to add value to the business by: 1 Delivering change, faster and at optimum cost and iinkeiced tok 1m Assuring that customers and users can use the new of changed service in a way that supports the business goals += ofesuaton ‘Management lm Covet tentesen, rain tating ocmeraton Baling an Rose Upaac "paws i acne ceigucon, eos eon tes onence ‘wd J eteancine 2 meus (i usileconry | Improving consistency in implementation approach _across the business change and service teams, suppliers ané customers | Contributing to meeting auditable requirements for ‘waceabilty through Service Transition. \Welkplanned and implerrented release and deployment wil make a signficane diference to an organization's service Cost. A poorly designed release or deployment wil, at best, force IT personnel to spend significant amounts of time troubleshooting problems and managing7a3t-msp-18tbe13 2a/a/oT 14:01 Page 87 complexity. At wors, it can cripple the environment ard degrade the lve sewices ‘The goal of Release and Deployment Management is to deploy releases into procuction and enable effective use Of the service in order to deliver value to the customer. ‘The objective of Release and Deployment Management is to ensure mat. '= There are cloar and comprehensive reloase and ‘deployment plans that enable the customer and business change projects to slign their activities with these plans '& Arelease package can be built, installed, tested and, Ceployed efciently to adeployment group or target environment successfully and on schedule 18 Anew or changer! onvica and is enabling systems, ‘technology an¢ organization are capable of delivering the agreed senice requirements, ie. utilities, warranties and service level Figure 6.4 Example of a release package Current Baseline (as-is) Baanesrconaat Thatecure 7 Release Package Service Trensilon — preparing tor change | 87 = There is knowledge transfer to enable the customers and useis to optimize their use ofthe service to suppor thelr business activities 1 Sklls and knowledge are transfered to operations and Support staff to enable them to effectively and efficiently deliver, support and maintain the service according to required warranties and service levels | There is minimal unpredicted impact on the production services, operations and support ‘organization 1 Customers, users and service management staf are satisfied with the Service Tiansiion practices and ‘outputs, eg. user documentation and training ‘A-key to Release and Deployment Management is defining the appropiate release package type for a given type of release Figure Ge illustrates one example of @ release package. Ferien a SAPO! ARO i TAHOI Techocloar reece pecitectve7asenso-urte3 2a/a/o7 14:01 Page 98 86 | service transiion ~ prepamng for chunge ‘The general aim is to decide the most appropriate rekase- unit level for each service asset or component. An ‘erganization may, for example, decide that the releaso uni for business critical applications is the complete application in order to ensure that testing is ‘comprohonsive. The came organization may deco that 2 more appropriate release unit for a website Isat the page level. ‘The following factors should be taken inte account when deciding the appropriate level Fer release units: 1m The ease and amount of change necessary to release and deploy a release unt |= The amount of resources and time needed to build, test, distribute and implement a release unit | The complexity of interfaces between the proposed Unit and the rest ofthe services and IT infrastructure = The storage available in the build test, distibution and lie environments 6.5 SERVICE VALIDATION AND TESTING RELEASES Effective build and test environment management & essential to ensure thatthe builds and tests are executed iia repeatable and manageable manner. Inadequate contol of these envicanments means that unplannad changes can compromise the testing activities andor caus significant re-wek, Dedicates build environenents should be established for assembling and building the components for cantlled test and depleyrent environments Preparation of the test environrrents includes building, changing or enhancing the tect environmonts ready to receive the rebase, An IT service i, on most occasions, built from a number of technology resources or management assets In the build phase, these different blocks, often from cifferent suppliers are instaled and configured together to create the solution as designed. Standardization facilitates the Integration of the diferent bullding blocks to provide a working solution and service ‘Automating the installation of systems and application Software onto servers and workstations reduces the dopendencios on peoplo and

You might also like

• The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  

  From Everand

  The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  Mark Manson

  Rating: 4 out of 5 stars

  4/5 (5813)
• The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  

  From Everand

  The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  Brené Brown

  Rating: 4 out of 5 stars

  4/5 (1092)
• Never Split the Difference: Negotiating As If Your Life Depended On It

  

  From Everand

  Never Split the Difference: Negotiating As If Your Life Depended On It

  Chris Voss

  Rating: 4.5 out of 5 stars

  4.5/5 (844)
• • Magazines
  • Podcasts
  • Sheet music
• Principles: Life and Work

  

  From Everand

  Principles: Life and Work

  Ray Dalio

  Rating: 4 out of 5 stars

  4/5 (608)
• The Glass Castle: A Memoir

  

  From Everand

  The Glass Castle: A Memoir

  Jeannette Walls

  Rating: 4.5 out of 5 stars

  4.5/5 (1716)
• Grit: The Power of Passion and Perseverance

  

  From Everand

  Grit: The Power of Passion and Perseverance

  Angela Duckworth

  Rating: 4 out of 5 stars

  4/5 (590)
• Sing, Unburied, Sing: A Novel

  

  From Everand

  Sing, Unburied, Sing: A Novel

  Jesmyn Ward

  Rating: 4 out of 5 stars

  4/5 (1104)
• Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  

  From Everand

  Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  Margot Lee Shetterly

  Rating: 4 out of 5 stars

  4/5 (897)
• Shoe Dog: A Memoir by the Creator of Nike

  

  From Everand

  Shoe Dog: A Memoir by the Creator of Nike

  Phil Knight

  Rating: 4.5 out of 5 stars

  4.5/5 (540)
• The Perks of Being a Wallflower

  

  From Everand

  The Perks of Being a Wallflower

  Stephen Chbosky

  Rating: 4.5 out of 5 stars

  4.5/5 (2104)
• The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  

  From Everand

  The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  Ben Horowitz

  Rating: 4.5 out of 5 stars

  4.5/5 (348)
• Bad Feminist: Essays

  

  From Everand

  Bad Feminist: Essays

  Roxane Gay

  Rating: 4 out of 5 stars

  4/5 (1018)
• Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  

  From Everand

  Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  Ashlee Vance

  Rating: 4.5 out of 5 stars

  4.5/5 (474)
• Her Body and Other Parties: Stories

  

  From Everand

  Her Body and Other Parties: Stories

  Carmen Maria Machado

  Rating: 4 out of 5 stars

  4/5 (822)
• The Outsider: A Novel

  

  From Everand

  The Outsider: A Novel

  Stephen King

  Rating: 4 out of 5 stars

  4/5 (1850)
• The Emperor of All Maladies: A Biography of Cancer

  

  From Everand

  The Emperor of All Maladies: A Biography of Cancer

  Siddhartha Mukherjee

  Rating: 4.5 out of 5 stars

  4.5/5 (271)
• The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  

  From Everand

  The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  Viet Thanh Nguyen

  Rating: 4.5 out of 5 stars

  4.5/5 (122)
• Angela's Ashes: A Memoir

  

  From Everand

  Angela's Ashes: A Memoir

  Frank McCourt

  Rating: 4.5 out of 5 stars

  4.5/5 (441)
• Brooklyn: A Novel

  

  From Everand

  Brooklyn: A Novel

  Colm Tóibín

  Rating: 3.5 out of 5 stars

  3.5/5 (1947)
• The Little Book of Hygge: Danish Secrets to Happy Living

  

  From Everand

  The Little Book of Hygge: Danish Secrets to Happy Living

  Meik Wiking

  Rating: 3.5 out of 5 stars

  3.5/5 (401)
• A Man Called Ove: A Novel

  

  From Everand

  A Man Called Ove: A Novel

  Fredrik Backman

  Rating: 4.5 out of 5 stars

  4.5/5 (4610)
• The Art of Racing in the Rain: A Novel

  

  From Everand

  The Art of Racing in the Rain: A Novel

  Garth Stein

  Rating: 4 out of 5 stars

  4/5 (4203)
• Steve Jobs

  

  From Everand

  Steve Jobs

  Walter Isaacson

  Rating: 4.5 out of 5 stars

  4.5/5 (807)
• The World Is Flat 3.0: A Brief History of the Twenty-first Century

  

  From Everand

  The World Is Flat 3.0: A Brief History of the Twenty-first Century

  Thomas L. Friedman

  Rating: 3.5 out of 5 stars

  3.5/5 (2259)
• A Tree Grows in Brooklyn

  

  From Everand

  A Tree Grows in Brooklyn

  Betty Smith

  Rating: 4.5 out of 5 stars

  4.5/5 (1929)
• The Yellow House: A Memoir (2019 National Book Award Winner)

  

  From Everand

  The Yellow House: A Memoir (2019 National Book Award Winner)

  Sarah M. Broom

  Rating: 4 out of 5 stars

  4/5 (98)
• Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  

  From Everand

  Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  Gilbert King

  Rating: 4.5 out of 5 stars

  4.5/5 (266)
• Yes Please

  

  From Everand

  Yes Please

  Amy Poehler

  Rating: 4 out of 5 stars

  4/5 (1898)
• Team of Rivals: The Political Genius of Abraham Lincoln

  

  From Everand

  Team of Rivals: The Political Genius of Abraham Lincoln

  Doris Kearns Goodwin

  Rating: 4.5 out of 5 stars

  4.5/5 (234)
• A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  

  From Everand

  A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  Dave Eggers

  Rating: 3.5 out of 5 stars

  3.5/5 (231)
• The Woman in Cabin 10

  

  From Everand

  The Woman in Cabin 10

  Ruth Ware

  Rating: 3.5 out of 5 stars

  3.5/5 (2521)
• Fear: Trump in the White House

  

  From Everand

  Fear: Trump in the White House

  Bob Woodward

  Rating: 3.5 out of 5 stars

  3.5/5 (738)
• Wolf Hall: A Novel

  

  From Everand

  Wolf Hall: A Novel

  Hilary Mantel

  Rating: 4 out of 5 stars

  4/5 (3811)
• John Adams

  

  From Everand

  John Adams

  David McCullough

  Rating: 4.5 out of 5 stars

  4.5/5 (2409)
• On Fire: The (Burning) Case for a Green New Deal

  

  From Everand

  On Fire: The (Burning) Case for a Green New Deal

  Naomi Klein

  Rating: 4 out of 5 stars

  4/5 (74)
• The Light Between Oceans: A Novel

  

  From Everand

  The Light Between Oceans: A Novel

  M.L. Stedman

  Rating: 4.5 out of 5 stars

  4.5/5 (789)
• Manhattan Beach: A Novel

  

  From Everand

  Manhattan Beach: A Novel

  Jennifer Egan

  Rating: 3.5 out of 5 stars

  3.5/5 (792)
• The Constant Gardener: A Novel

  

  From Everand

  The Constant Gardener: A Novel

  John le Carré

  Rating: 3.5 out of 5 stars

  3.5/5 (104)
• The Unwinding: An Inner History of the New America

  

  From Everand

  The Unwinding: An Inner History of the New America

  George Packer

  Rating: 4 out of 5 stars

  4/5 (45)
• Rise of ISIS: A Threat We Can't Ignore

  

  From Everand

  Rise of ISIS: A Threat We Can't Ignore

  Jay Sekulow

  Rating: 3.5 out of 5 stars

  3.5/5 (137)
• Little Women

  

  From Everand

  Little Women

  Louisa May Alcott

  Rating: 4 out of 5 stars

  4/5 (104)