MATERIAL DO CURSO

ITIL FOUNDATION

- Janeiro 2004 -

Material do Curso de ITIL

Índice
Introduction ............................................................................................................................ 7 IT Service Management........................................................................................................ 10 IT Service Management – Background ............................................................................ 10 Services and Quality..................................................................................................... 12 Quality Assurance ........................................................................................................ 14 ISO-9000 ...................................................................................................................... 16 Organizational Maturity ............................................................................................... 17 CMM ............................................................................................................................ 18 Organization and Policies................................................................................................. 19 Vision, objectives and policies ..................................................................................... 19 Planning Horizon.......................................................................................................... 21 Culture .......................................................................................................................... 22 Human Resource Management..................................................................................... 23 IT Customer Relationship Management....................................................................... 24 Processes........................................................................................................................... 26 Processes and departments ........................................................................................... 27 IT Service Management................................................................................................ 27 Introduction to ITIL.............................................................................................................. 28 Background....................................................................................................................... 28 Advantages to the Customer/End User: ....................................................................... 29 Advantages to the IT Organization: ............................................................................. 30 Potential disadvantages: ............................................................................................... 30 Organizations................................................................................................................ 31 OGC (CCTA) ............................................................................................................... 31 ITSMF .......................................................................................................................... 31 EXIN and ISEB ............................................................................................................ 32 The ITIL Books ................................................................................................................ 33 ITIL (IT Infrastructure Library) ................................................................................... 33 Business Perspective .................................................................................................... 34 Service Delivery ........................................................................................................... 36 Service Support ............................................................................................................ 38 IT Infrastructure Management...................................................................................... 40 Applications Management............................................................................................ 42 Management and Organization..................................................................................... 42 Planning and Implementation....................................................................................... 43 Service Desk ......................................................................................................................... 45 Introduction ...................................................................................................................... 45 Objective........................................................................................................................... 45 Process Description .......................................................................................................... 45 Activities........................................................................................................................... 46 Activities....................................................................................................................... 46 Incident control............................................................................................................. 47 Roles ................................................................................................................................. 48 Relationships .................................................................................................................... 48 -2-

Material do Curso de ITIL Benefits............................................................................................................................. 49 Summary....................................................................................................................... 50 Common Problems ........................................................................................................... 51 Metrics .............................................................................................................................. 52 Service Desk Structure - Best Practice ............................................................................. 53 Structure of a Service Desk .......................................................................................... 53 Centralised Service Desk.............................................................................................. 55 Virtual Service Desk..................................................................................................... 55 Essential Terms ................................................................................................................ 57 Incident Management ........................................................................................................... 58 Introduction ...................................................................................................................... 58 Objective........................................................................................................................... 58 Process Description .......................................................................................................... 59 Activities........................................................................................................................... 60 Incident detection and recording .................................................................................. 60 Classification and initial support .................................................................................. 60 Investigation and diagnosis .......................................................................................... 61 Resolution and recovery ............................................................................................... 62 Incident closure ............................................................................................................ 62 Incident ownership, monitoring, tracking and communication.................................... 62 Roles ................................................................................................................................. 62 Relationships .................................................................................................................... 63 Benefits............................................................................................................................. 64 Common Problems ........................................................................................................... 65 Metrics .............................................................................................................................. 66 • Number of Incidents per time period.................................................................... 66 • Number of Incidents per category ........................................................................ 66 • Number of Incidents per priority level ................................................................. 66 • Incident resolution performance against service levels........................................ 66 • Number of closed Incidents per time period ........................................................ 66 Best practice ..................................................................................................................... 66 Incident Management tools: ......................................................................................... 66 Different types of escalation......................................................................................... 67 Essential Terms ................................................................................................................ 68 Problem Management........................................................................................................... 68 Introduction ...................................................................................................................... 68 Objective........................................................................................................................... 69 Process Description .......................................................................................................... 70 Activities........................................................................................................................... 72 Problem Control ........................................................................................................... 72 Error Control ................................................................................................................ 74 Proactive Problem Management................................................................................... 74 Completion of Major Problem reviews ........................................................................ 75 Roles ................................................................................................................................. 75 Relationships .................................................................................................................... 76 Benefits............................................................................................................................. 77

-3-

............................................... 105 Objective............................................................................................. 104 Release Management............................................................................................................................................................................................. 99 Relationships .......................................................... 93 Introduction ......................................................................... 102 Best practices............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 104 Essential Terms ............... 92 Configuration Management....................... 79 Best practices............................................................................................................................................................................................................................................................................................................................................................ 87 Change Manager........................................................................................................................................... 96 Identification: .............. 85 Accepting (Rejecting). 91 Best practices....................................................................................... 98 Roles ..................................................................... 100 Common Problems ............................................................................................................................... 103 Interesting Websites ................................. 96 Planning:.............................................................................................................................. 85 Planning ...................................................... 88 Benefits...................................................................................................................................... 106 Process Description .................................. 102 Key performance indicators ................................................................................................................................................................................................................................... 93 Objective.................................................................................... 90 Metrics ..................................................................... 86 Evaluating................................. 81 Introduction ................................................................................................................................................................................................. 86 Roles .................................................................................................................................................................................................... 94 Activities................................................................................. 83 Activities.................... 90 Common Problems ...................... 91 Essential Terms .......................................................................................................................... 98 Verification and audit ............................... 80 Essential Terms .............................................................................................. 93 Process Description ......................................................................................... 97 Status accounting..... 78 Metrics ...... 88 Change Advisory Board/Emergency Committee (CAB/EC) .................... 82 Objective.... 103 The CMDB ...................................... 85 Recording ............................................................ 83 Process Description ...........................................................Material do Curso de ITIL Common Problems ..................................................................................................................................................... 88 Change Advisory Board (CAB) ............................................................................................................................................................................................................................................................... 85 Coordination ............................................................................................................................................................................................................................................................................................................................................................................................. 88 Relationships .................................................................................. 107 -4- .................................................................................................................................................................................................................................................................................................................................................................................................. 105 Introduction ............................................... 101 Metrics ............................................................... 99 Benefits............................................................................................................................................................................................................ 85 Classifying.

........................................................................................................................................................................................................................................................................................................................... 130 Metrics .......................................... 147 Essentials (terminology) ...................... 118 Introduction ... 132 Best practices................................................................................................................................................. 138 Roles ............................. 112 Relationships ...................................................................................................................................................................................................................................................................................................................................... 120 Process Description ................................. 108 Roles .......................... 113 Benefits........................................................................................................................................................................................................................................................................................... 162 Objective...................................................................................................................................................... 156 Benefits............................. 165 Roles .......................................................................................... 147 Availability Management .............................................................. 149 Introduction .......................Material do Curso de ITIL Activities.......................................... 116 Interesting web sites ..................................................................................................................................................................... 115 Best practices.................................. 115 Metrics .............................................. 133 Financial Management .............................................. 134 Introduction ............................................................................................................................... 149 Objective................................................................................................. 159 Metrics ......................................................................................................................................................................................................................................................................................................................................................................................................................... 128 Common Problems ................................................................................................................................................................................................................................................ 121 Activities.......................................................... 160 Capacity Management ......................... 132 Essentials (terminology) ...................................................................................... 123 Roles .............................................................. 149 Process Description ....................................................................................................... 163 Activities................................................................................................................................................................... 167 -5- ............................................... 146 Best practices................................................. 144 Benefits......................................................... 114 Common Problems ............................................................ 156 Relationships ....................................... 126 Benefits................................................ 160 Best practices........................................................................................................................................................................................................................................ 162 Introduction .......................................................................................................................................................... 153 Roles ................................... 150 Activities............................................................................................................................................................................................................................................................... 144 Common Problems .............................................................................................................................................................................................................................................................................................................................. 117 Essential Terms .............................................................................. 134 Objective................................................................................................ 145 Metrics .................................................... 143 Relationships ................................................................................................................................................ 119 Objective....... 137 Activities......................................................................................................................................................................... 136 Process Description ............................................................................................................................................................................................................................................................. 158 Common Problems ..............................................

.................................... 196 Metrics ................... 190 Objective......................................................................................................................................................................... 187 Best practices.................................................................................................................................................. 196 Best practices.................. 192 Activities................ 172 Best practices............................................................... 171 Metrics .. 175 Introduction ......................................................................... 183 Common Problems ...................................................................Material do Curso de ITIL Relationships ................................................................................................................................. 187 Essentials (terminology) ..................................................... 176 Process Description ...................................................................................................................................... 198 Further reading ....................................................................................... 199 -6- ... 195 Common Problems ................................................................................................................................................................. 168 Benefits............................................................................... 194 Relationships .................................................... 186 Metrics ............................................................................................................................................... 197 Essentials (terminology) ....................................... 191 Process Description ............................................................................................................................................................. 198 Conclusion ....................................................................................................................................................................................................................................................................................................................................................... 175 Objective...................................................................................................................................... 193 Roles ...................... 174 IT Service Continuity Mgt.................................................................................................................................................................. 190 Introduction ................................................................................... 178 Roles ............................................. 170 Common Problems ...................................................................................................................................................................................................................................................................................................................................................... 182 Relationships ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 176 Activities.................................................................................................................. 194 Benefits................................. 173 Essentials (terminology) ... 188 Security Management ...............................

Traditional hierarchical organizations often find it difficult to respond to rapidly changing markets. The changes are most evident in the various business processes of any organization. etc.Material do Curso de ITIL Introduction In recent decades IT developments have changed the way that most businesses operate. IT Service Management operating & tactical processes were developed against this background . These developments are responsible for the transition from the industrial to the information age. everything has become faster and more dynamic. Administration prints and sends the material to the client and ensures that there is an action against the sales person to follow up the proposal. Marketing generates leads and sends through to Sales. All of these business processes rely a great deal on computer based tools and the underlying technology. Examples of business processes are "the sales process" (eg. organizations can bring their products and services to markets faster than ever before.where the process is paramount and the focus moves away from the "silo" departmental or functional structure. etc. The emphasis is now on horizontal processes. Since the introduction of the PC. -7- . and therefore there is now a trend towards less hierarchical and more flexible organizations. Sales develops relationships and prepares proposals. LAN.). client/server technology and the Internet. In the information age. and decision-making authority is increasingly granted to personnel at a lower level.

Material do Curso de ITIL In the 1980s. The aim was to develop a framework/methodology/approach that was vendor/supplier independent. Microsoft do not try and conceal their proprietary framework has it's basis in ITIL. This course is the electronic version of this missing text. is extend ITIL and create a series of other processes and specific concepts. If you are not certain then the term "good practice" may be a safer option to use. the quality of the IT services provided to the British government lead the CCTA (Central Computer and Telecommunications Agency as it was referred to . procedures and responsibilities which can be tailored to any IT organization. The organization can grow and mature with them. The course is beneficial for anyone involved in IT Service Management. A number of other IT Service Management frameworks have been developed on the basis of ITIL. with comprehensive checklists. Where possible. Special note: The most widely known "other frameworks" that have been based on ITIL is the Microsoft Operations Framework. This is one of the reasons why ITIL has become the de facto standard for describing a number of fundamental processes in IT Service Management.now the Office of Government Commerce. but effective introductory textbook. This resulted in the Information Technology Infrastructure Library™ (ITIL). OGC) was instructed to develop an approach for efficient and financially effective use of IT resources by ministries and other British public sector organizations. generally by commercial organizations. these practices have been defined as processes covering the major activities of IT service organizations. ITIL is often referred to as Best Practice. -8- . The ITIL framework provides a detailed description of a number of important IT practices. They in fact praise ITIL as an excellent starting point for organizations with Microsoft Environments. The broader adoption of ITIL has been hampered by the lack of a basic. What Microsoft have done however. Note: The term "best practice" will often spark heated debate among some IT professionals. although the relatively new term of "good practice" is starting to be widely used. tasks. The broad subject area covered by the ITIL publications makes it useful to refer to them regularly and to use them to set new improvement objectives for the IT organization. ITIL v1 grew from a collection of best practices observed in the IT service industry. The ITIL material claims that it is Best Practice.

processes and policies. additional material and contributions from ITIL professionals are welcome. When writing this Course we aimed to incorporate current developments in the field. the ITIL books do not always describe the latest developments. We have set tests throughout the material to ensure that you are getting the best value for the money you pay. That work was based on management summaries and descriptions in official ITIL publications. without substantially diverting from the ITIL publications. Therefore the course can be used both to prepare for the official ITIL Service Management Foundation exam and as a general introduction to the broader area of IT Service Management. developed as an introduction to IT Service Management. In chapter 2 ‘IT Service Management’ it does however address. Before you begin: Thank you for making the choice to study with us. -9- . We like to get the stories about how this learning exercise helped you to make significant improvements in your own IT Service Management challenges. relevant matters in IT Service Management.Material do Curso de ITIL This edition of this Course is based upon The Art of Service's Course material. This course is prepared and supported by experienced and fully qualified IT Service Managers. in terms of quality. Given the rapid changes in this field. We hope to hear from you in the future. This course does not address the planning and implementation of ITIL processes. new developments. We know that you will enjoy the journey you are about to begin. This is because ITIL is primarily a collection of best practices taken from a variety of people in a wide cross section of industry. in a more general way. You can ask for help and explanations at any time. They will be discussed by the editors and where appropriate incorporated into new editions. Given the desire for a broad consensus in the ITIL field.

Security has it's Security system and the Library has a Library system (hopefully all share a common repository of student information. Starting at the top of the tree.Material do Curso de ITIL IT Service Management IT Service Management – Background In this section we will look at services. Getting this right earns everyone a medal! . quality and services which influenced the development of the discipline. Library (to provide required book lists). Failure to meet the overall objectives means that the organization ceases to function (no matter how well the IT department is run). It is at this layer that IT professionals must consider how they need to manage all the infrastructure (including hardware. An example of a business process is the "enrollment process" in a University. Increased market share. the most important consideration for any business is that the Organization's Objectives are met (eg. software.) in order to make the required Services available. tools. etc. The next branch of the Objective Tree is Service Management. In order for the organization's objectives to be met. All these topics provide the background for the development of a systematic approach to IT Service Management. etc. lower costs and higher customer satisfaction). but they all exist for a different reason). Each of these business processes needs a variety of services (IT Service Provision in our Objective Tree) in order to work. Familiarity with these terms also helps to understand the links between the various elements of the IT Infrastructure Library (ITIL). The "enrollment process" involves Admissions (to capture basic student details). there must be a series of business departments working together in Business Processes. policy and process management. In our University example the Admissions department has a Student system. The IT Service Management processes described in this course (also referred to as IT Management) are best understood against the background of the concepts about organizations. Security (to issue id-card). to the Business Processes so that the Organization Objectives can be met. ITIL is by far the best known description of IT Service Management and is therefore used as the foundation for this Course. organization. quality. The Objective Tree The objective tree is used to help all members of the organization understand the benefits of ITSM.10 - .

This section also discusses the coordination between the business processes of a company and the IT activities. and policies and discusses issues such as planning. The section on process management looks at the control of IT service processes.Material do Curso de ITIL This chapter introduces the following subjects: • The section on the provision of services and quality addresses the relationship between the quality experienced by the customer's organizational end users. The section on organization and policies addresses concepts such as vision. • • . corporate culture and Human Resource Management. and quality management by the provider of the IT services.11 - . objectives.

In a restaurant. both depend largely on their personal experiences and expectations. the manufacturer will try to deliver a fairly constant quality. In contrast to the manufacturing process. in which the provider and customer participate simultaneously. The provision of IT services refers to the full management of the IT infrastructure. The quality of a service depends to some extent on the way in which the service provider and the customer interact. usefulness for the task and robustness. They now have to consider the quality of the services they provide and focus on the relationship with their customers. Customers will generally use the following questions to assess the quality of the service: • Does the service align with my expectations? • Can I expect a similar service the next time? • Is the service provided at a reasonable cost? Whether or not the service fulfils the expectations depends primarily on how effectively the deliverables were agreed on in the first place. However. Furthermore. Hardware. The process of providing a service is a combination of production and use. even more so than on how well the supplier provides the service. tools and relationships. we normally assess the quality such as the appearance. services are provided through interaction with the customer. software. the customer has few opportunities to influence the product quality. Services cannot be assessed in advance.Material do Curso de ITIL Services and Quality Organizations are often highly dependent on their IT services and expect the services not only to support the organization. but only when they are provided. customer and provider can still makes changes when the services are being delivered. manufacture. the high expectations customers on IT Services tend to change significantly over time (usually in downgrading of expectations). In a shop. By effectively controlling the production plant. A continuing dialogue with the customer is essential to refine the services and to ensure that both the customer and the supplier know what is expected of the service.12 - . but also to present new options achieve the objectives of the organization. In this example. and ask if everything is all right when serving a new course. How the customer perceives the service and what the provider thinks they supply. The perception of the customer is essential in the provision of services. Before buying a product in a shop. IT to of a Providers of IT services can no longer afford to focus on technology. sales and consumption of the product are quite separate. . This is because the product is produced in a factory. the waiter will first explain the menu.

The quality of a service refers to the extent to which the service fulfils the requirements and expectations of the customer. To be able to provide quality. and the current market rates for comparable services. a restaurant will have to purchase fresh ingredients. A customer will be dissatisfied about a service provider who occasionally exceeds the expectations but disappoints at other times. At this stage the service provider has to be aware of the costs they incur. if the customer should be provided with more information. but also consistent quality. This experience with customers is then used to improve future customer contact. the overall quality is the result of the quality of a number of component processes that together form the overall service. when providing a service. or if the price should be changed. Reasonable costs may be considered as a derived requirement. the more quickly the guests can be served. These component processes formed a chain. the supplier should continuously assess how the service is perceived and what the customer expects in the future. the chefs will have to work together to provide consistent results. Effective coordination of the component processes requires not only high quality at each stage. Providing a constant high quality also means that the component activities have to be coordinated: the more efficiently the kitchen operates. the next step is to agree on what it may cost. Quality is the totality of characteristics of a product or service that bear on its ability to satisfy stated and implied needs (ISO-8402). The results of the assessment can be used to determine if the service should be modified. A restaurant will only be awarded three Michelin Stars when it manages to provide the same high quality over an extended period. This does not often happen: there are changes among the waiting staff. and hopefully there are no major differences in style among the waiting staff.Material do Curso de ITIL The waiter actively coordinates supply and demand throughout the meal. Therefore. Providing a constant quality is one of the most important. Once it has been agreed on what is to be expected of the service. For example. Another customer may well consider what one customer considers normal as a special requirement. and chefs leave to open their own restaurants. . Eventually a customer will get used to something considered special at the start. but also one of the most difficult aspects of the service industry. a series of linked activities. a successful approach may not last.13 - .

Quality assurance is a policy matter within the organization. • Act: Adjust the plans based on information gathered while checking. the activities of supplying products and services must be divided into processes. Quality management is the responsibility of everyone working in the organization providing the service. when. and eventually the services provided by the organization as a whole. The quality of the product or service depends largely on the way in which these activities are organized. using what? • Do: Implementation of the planned activities. It must be clear who is responsible in the organization and what authority they have to change plans and procedures. The model assumes that to provide appropriate quality. • Check: Determine if the activities provided the expected result. not for only for each of the activities. Quality management also means continuously looking for opportunities to improve the organization and implementing quality improvement activities. Deming’s quality life cycle provides a simple and effective model to address quality. Every employee has to be aware of how their contribution to the organization affects the quality of the work provided by their colleagues. It is the whole of the measures and procedures.14 - .Material do Curso de ITIL Quality Assurance Supplying products or services requires activities. the following steps must be undertaken repeatedly: • Plan: Who should do what. which the organization uses to ensure that the services . but also for each of the processes. To be able to make use of this life-cycle approach. how. each with their own plans and opportunities for conducting checks.

’ ‘Managers should learn to take responsibility and provide leadership’ ‘Improve constantly. continue to fulfill the expectations of the customer and the relevant agreements.’ ‘The key to quality is to reduce variance. However. but because of the Depression his ideas were not accepted in the US. Quality assurance ensures that improvements resulting from quality management are maintained.15 - .’ ‘The transformation is everybody's job.Material do Curso de ITIL provided. define. Dr. Some of Deming’s typical statements: • • • • • • • • • ‘The customer is the most important part of the production line.’ . assess and improve quality systems.’ ‘Break down barriers between departments. procedures and resources for implementing quality management. A quality system is the organizational structure related to responsibilities. The ISO 9000 series of standards is often used to develop. the profit comes from returning customers and those who praise your product or service to friends and acquaintances.’ ‘Institute a vigorous program of education and self-improvement.’ ‘It is not enough to have satisfied customers. He had developed theories about the best possible use of expertise and creativity in organizations in the United States in the 1930s. his optimization methods were successfully adopted in Japan.’ ‘Institute training on the job. Edward Deming was an American statistician brought to Japan by general Douglas MacArthur after the Second World War to help rebuild the destroyed economy.

customer complaints are recorded. • • • • the management regularly assesses the operation of the quality system. puts even greater emphasis than the previous standard on the ability of an organization to learn from experience and to implement continuous quality improvement. the supplier controls the production processes and can improve them. ISO-9000-2000.Material do Curso de ITIL ISO-9000 Some organizations require their suppliers to hold an ISO 9001 or ISO 9002 certificate. . An ISO certificate does not provide an absolute guarantee about the quality of the service provided. and used to improve the service where possible. ISO is the International Standards Organization. The new ISO 9000 series of standards. A quality system that complies with the ISO standard testifies that the supplier has taken measures to be able to provide the quality required by their customers. dealt with in a reasonable time.16 - . the suppliers’ procedures are documented and communicated to those affected by them. however. it does indicate that the supplier takes quality assurance seriously and is prepared to discuss it. and uses the results of internal audits to implement improvement measures where necessary. Such a certificate proves that the supplier has an adequate quality system whose effectiveness is regularly assessed by an independent auditor.

policies).17 - . The causes of a mismatch between the service provided and the customer’s requirements are often related to the way in which the IT organization is managed. with the support of the European Commission. The EFQM identifies nine areas. Based on the outcomes from "result areas" actions are taken (strategy. continuing improvement of all aspects relevant to the business. It identifies the major areas to be considered when managing an organization. The EFQM ‘Model of Business Excellence’. These actions serve to underpin the planning (e. In 1988 fourteen large European companies. The European Foundation for Quality Management (EFQM) model can be useful in determining the maturity of an organization. . A permanent quality improvement focus demands a certain degree of maturity of the organization. the structure of the processes). employee satisfaction and appreciation by society. generally known simply as the EFQM model. and performance results. that should lead to the desired results. is widely accepted as the major strategic framework for managing an organization aimed at the balanced. Deming’s Quality Life-Cycle is incorporated in the EFQM model.Material do Curso de ITIL Organizational Maturity Experience with improving the quality of IT services has shown that it is rarely sufficient to simply define current practices. aimed at excelling in customer satisfaction.g. The objective of the EFQM is to promote Total Quality Management. set up the European Foundation for Quality Management.

or to develop new technology or services. then these will have to be considered to prevent a mismatch in the approach. or to adjust the communication in line with the lower level. Managed . Defined .the processes occur ad hoc. CMM In the IT industry. When assessing the maturity of an organization. For further information: http://www. The Software Engineering Institute (SEI) of Carnegie Mellon University developed this process improvement method.org.the organization measures the results and consciously uses them to improve the quality of its services. Maturity models based on the CMM levels of maturity have also been developed for IT Service Management. Specifically.18 - .the organization consciously optimizes the design of its processes to improve the quality of its services. Optimising . If there are large differences in maturity between the supplier and the customer.the processes have been documented. methods and mutual expectations. . CMM is concerned with improving the maturity of a software creation processes.the processes have been designed such that the service quality should be repeatable. this affects the communication between the customer and the supplier. the process maturity improvement process is best known in the context of the Capability Maturity Model (CMM). and to operate at that level. • • • • Repeatable . we cannot restrict ourselves to the service provider. standardised and integrated.Material do Curso de ITIL Over 600 European businesses and research organizations have now joined the EFQM. CMM includes the following levels: Initial . It is advisable to bring both organizations to the same level of development. The level of maturity of the customer is also important.efqm.

Vision. The objectives of the organization describe in greater detail what it wants to accomplish. objectives and policies An organization is a form of cooperation between people. The policy of the organization is the combination of all decisions and measures taken to define and realize the objectives.19 - . Plans are usually divided into stages to provide milestones where progress can be monitored. The shared vision might be that you can make money selling or you can improve the environment. personnel can independently use the policies as their guideline. depends on a concept of why it is worth cooperating in the organization. Good objectives have five essential elements: they have to be Specific. the organization will prioritize objectives and decide how the objectives will be reached. Any organization.g. In its policies. the policies can be used to draw up an annual plan. For example because you are the best. The clearer the organization’s policies are to all stakeholders. For example. Instead of detailed procedures. from a darts club to a multinational company. The mission statement is a short. This section will discuss several important aspects of the organization and policies that are relevant to process management. You will want to build up a suitable image. the less needs to be defined about how personnel are supposed to do their work. Measurable. priorities may change over time. clear description of the objectives of the organization and the values it believes in. investors. Clearly formulated policies contribute to a flexible organization. Realistic and Time-bound (SMART). Of course. However. customers.Material do Curso de ITIL Organization and Policies We know that service quality is closely associated with the quality of an organization and its policies. Appropriate. depending on the circumstances. cheapest or most fun. Implementing policies in the form of specific activities requires planning. To communicate the vision. personnel) as an organization it has to be communicated to clients why they should do business with you. to be attractive to all stakeholders (e. which is then used to . the organization creates a Mission Statement. as all levels in the organization can respond more quickly to changing circumstances. Think of the things that stick in your mind – “Just Do It” (Nike).

the objectives of the IT department will be derived from the business objectives. there is the risk that after some time. the required resources. response speed. mission and vision of the organization. . objectives will be defined for the IT department with respect to safety. objectives or policies are forgotten. technical sophistication and so on. or BSC. and policies. The more mature an organization is. An organizational annual plan can be further developed into greater detail as departmental plans. or KPIs. We have to measure if the organization or processes fulfill the objectives. CSFs are defined for a number of areas of interest or perspectives: customers/market. business processes. tasks. If the IT department supports the interests of the business. the better it deals with such changes. for example. and there are various methods available for this. and agreements about the quality and quantity of the products or services to be delivered. quarterly plans or project plans. Where necessary. policies. planning and tasks. The specific objectives of the IT department will then be developed on the basis of this general objective. The parameters used to measure if the CSFs meet the standards are known as Key Performance Indicators (KPI). The IT department. are parameters for measuring progress relative to key objectives or Critical Success Factors (CSF) in the organization. accessibility. and even to a change in the objectives. When translating the mission of the organization into objectives.Material do Curso de ITIL develop the budgets. these can be subdivided into Performance Indicators (PI). the objectives of the organization or process are used to define Critical Success Factors (CSF). personnel/innovation and finance. Each of these plans contains a number of elements: an activity schedule. Depending on the nature of the business. In this method. Actions are allocated to personnel as tasks. The outcome of the measurements and changing circumstances can lead to modification of the processes. might have the following objective: ‘To contribute to the competitive strength of the business’. and remedial action is taken where necessary. One of the most common methods in business is the Balanced Score Card. or outsourced to external organizations. Realization of the planned activities requires action. Key performance indicators. the mission. plans. It is therefore important that at every stage we measure if the organization is still moving in the right direction.20 - .

limits the speed at which changes can be implemented.21 - . developing a technical infrastructure demands significant investment and the period over which it can be depreciated has to be considered. When planning the network and applications of a business. the IT department will have to stay ahead of the overall planning to ensure that the business has an IT infrastructure in which it can develop and grow into. Furthermore. It takes time to develop a technical infrastructure and the fact that information systems and the business depend on the technical infrastructure. support role it has fewer clear links with the substantive business activities. The figure below gives an example of the links between the various plans.Material do Curso de ITIL Planning Horizon When considering the policies and planning of an IT department. Technical infrastructure has the longest planning horizon and in its . we should be aware of the links between planning for the business as a whole and the application systems and the technical infrastructure used by the business.

which depends on the standards and values of the people in the organization. This is due to the fact that businesses value innovation in different ways. the planning cycle time has become even shorter as the cycle time for product development has also decreased. the way in which decisions are made and implemented.the quality of the deliverables (results) should be appropriate for the objective. Budgets. superiors and colleagues. It is defined by a starting date and ending date. but also between the various levels of activities and processes (strategic. cannot be changed.22 - . customers. In a stable organization. The corporate culture can have a major influence on the provision of IT services. • Costs and revenues . In that case. If the IT department is unstable. it will be difficult to adjust the IT services in line with changes in the organization. planning and progress reports all fall within this period. after which the underlying technology is considered. Terms such as ‘improved’ and ‘quicker’ are insufficient for planning purposes. Influencing the culture of an organization requires leadership in the form of a clear and consistent policies and a supportive personnel policy. Culture Organizations that want to change (for example to improve the quality of their services) will eventually be confronted with the current organizational culture.Material do Curso de ITIL The planning horizon is shorter for applications as they are designed for specific business purposes. refers to the way in which people deal with each other in the organization. suppliers. Planning should address four elements: • Time . Differences between the planning horizons occur not only between areas. then a culture that values change can pose a serious threat to the quality of its services. . based on the organization’s strategy. The organizational culture. • Quantity .the deliverables must be in proportion to the expected costs. or corporate culture. a free for all can develop where many uncontrolled changes lead to a large number of faults. Business plans.this is the easiest factor to determine. and is often divided into stages. but it can be influenced. normally cover one calendar or financial year. where the culture places little value on innovation.the objectives have to be made measurable to monitor progress. efforts and revenues. Culture. In some markets. • Quality . Application life cycle planning is primarily based on the business functions to be provided by the system. tactic and operational). and the attitude of employees to their work.

then this will affect the deployment. There are three approaches to HRM: • The hard approach sees human resources as means of production. This approach places different values on employees. For this reason. determining and developing skills (competence) and promoting mobility in the internal labor market is becoming increasingly important in organizations. It can also be used as an instrument to change the corporate culture. To reach the objectives of the organization there will have to be good inflow. their potential must be identified early and developed continuously (career development. For example. training and career development. All aspects of personnel policy have to be carefully coordinated. Some core employees are strategically more important than peripheral employees who are easily replaceable. Changes in the market and the organization (e. training policy). the same applies to personnel policy. • The integrated approach looks at the shared interests of personnel and management in an organization. . and for the rest use a pool of flexible personnel. a company might choose to permanently employ only core personnel. • Giving employees in the organization the opportunity to develop and use their skills will benefit the organization. Human Resource Management is based on two premises: • Personnel management should contribute to the objectives of the organization.g. quality and number of personnel. A variety of instruments such as recruitment and selection. motivation and reward are used. The objective of modern personnel management is to optimize the performance of all personnel in the organization. If organizations have to respond better and more quickly in an environment which changes ever more quickly. movement and outflow of personnel.Material do Curso de ITIL Human Resource Management Personnel policy plays an important and strategic role in fulfilling the long-term objectives of an organization (see also the EFQM model). the business must base its choices on the talent and potential of its employees. ambitious and prepared to invest a lot in their work. The movement of employees in the organization. which have to be organized as effectively and efficiently as possible.23 - . As the corporate strategy is determined by economic. developments in technology) lead to constant changes in the need for skills. Modern employees are highly educated. When selecting its strategy and policy. • The soft approach emphasises that making the best possible use of human potential and opportunities will benefit the business. Human Resource Management (HRM) is the major form of modern personnel management. technical and market factors.

at the strategic. and as a way to systematically develop the competence the organization needs. but also on the opportunities to develop competence. • Competence Management . . IT Customer Relationship Management The quality of IT services largely depends on good relationships with the customers of the IT organization.24 - . Instruments for quality management in personnel policy include: • Policy Deployment . and if they have had the opportunity to arrange and implement the task as they wanted. transfer expertise. The degree of empowerment determines the extent to which employees can be held responsible for the quality of the work they provide.Material do Curso de ITIL The quality of service provided by an organization benefits if the best use is made of the potential of its employees. and the control of the Service Levels can be based on Service Level Management. IT Customer Relationship Management will primarily play a supportive role. Setting up skills groups can also support the exchange of experience and encourage the development of new competence. When organizing employees. This approach charts the competence required by the processes and projects as well as the competence of the employees. new opportunities for development and career opportunities. One of the elements in customer relationships is the Service Desk. the major challenge is to ensure that there are good and effective relationships between the IT organization and the customer organization at all levels. This facilitates continuous improvement. providing information. These relationships provide the basis for making and updating agreements.this is both a method to use the competency available in an organization as effectively as possible. and learn skills. However. IT Customer Relationship Management addresses maintaining a relationship with customers and coordinating with customer organizations. • Accountability . In these areas. • Empowerment . for example appreciation. Mentors or coaches may support employees. In IT Customer Relationship Management. This could be used as a basis for assessing and rewarding employees. by organizing surveys among customers and users. If an employee has had an explanation of what is expected of them. and so forth. tactic and operational levels. for example.communicating to each employee how and to what extent their task contributes to realizing the objectives of the organization. The reward may be material (salary) or immaterial. the focus is not only on obtaining a good match between the required and available competence.which may be the result of policy deployment and empowerment. An important condition for the success of policy deployment is that it also extends to all layers of management. then they can be held accountable for it. the extent of IT Customer Relationship Management will be different at each level.giving employees the opportunity to organize and implement their task in consultation with the organization.

Change Management. then a Request for Change will be submitted. If the customer organization wants changes (expansion or modification) to the IT services that fall within the agreements laid down in the SLA. For example. . Change Management then processes the request. if the customer wants to introduce an intranet. in which the IT organization focuses on the customer and proposes IT solutions that the help the customer reach their business objectives. In most cases. The customer is the person who is authorized to conclude an agreement with the IT organization about the provision of IT services (for example a Service Level Agreement. This can provide the basis for a long-term relationship. the employee who uses IT services for their routine activities.25 - . SLA) and who is responsible for ensuring that the IT services are paid for. Service Level Management concerns agreements at the tactical level. implementation of change requests and cost all have to be agreed. The agreements with the customer about the services to be provided are then developed into service level proposals through Service Level Management.Material do Curso de ITIL The user is the person behind the PC. Given the dynamic nature of both the customer organization and the IT organization. IT Customer Relationship Management plays an important role in developing the Strategic Alignment between the IT organization and the organization purchasing the IT services. Service Desk and Incident Management all concern the operational level. with a planning horizon of approximately one year. Changes outside the current agreements are introduced into the Service Level Management process. user support. Coordination at a strategic level has a planning horizon of several years. the rate of change in both organizations should also be coordinated. this is primarily a matter of staying in touch with the customer organization. then the availability. users can contact a Service Desk for operational requests and questions. and exploring the options for linking the strategic objectives of both organizations. and to report problems. These agreements are laid down in a Service Level Agreement (SLA). with a planning horizon of months or even weeks. In practice.

We can study each process separately to optimize its performance.26 - . duplicated. In a restaurant for example. By opting for a process structure. The aim of process management is to use planning and control to ensure that all processes are effective and efficient. In most cases. we can separate responsibility for purchasing and cooking. or any existing departmental (functional) divisions. if each process complies with its process standard.Material do Curso de ITIL Processes When arranging activities into processes. we do not use the existing allocation of tasks. If the activities in the process are also carried out with the minimum required effort and cost. A process is a logically related series of activities for the benefit of a defined objective. Instead. the relevant performance indicators and standards will already be agreed. or unnecessary. This is a conscious choice. The process manager is responsible for the realization and structure of the process. which show what goes into the organization and what the result is. we look at the objective of each process and its relationships with other processes. and reports to the process owner. As well as this we can describe monitoring points in the chains to assess the quality of the products and services provided by the organization. The management of the organization can exercise control on the basis of the quality of the process as demonstrated by data from the results of each process. and report to the process manager. chefs may not have the authority to purchase anything as experience may show that they tend to spend too much on fresh ingredients that do not add value. we can often show that the certain activities in the organization are uncoordinated. The standards for the output of each process have to be defined so that the complete chain of processes meets the corporate objective/s. then the process can be called efficient. If the result of a process meets the defined standard. . The dayto-day control of the process can then be left to the process manager. A process is a series of activities carried out to convert an input into an output. The process operatives are responsible for defined activities. We end up with linked chains of processes. We can label the input and output of each of the processes with quality characteristics and standards (that is. neglected. then the process can be said to be effective. The logical combination of activities results in clear points where the quality of processes can be monitored. The process owner will assess the results based on a report of performance indicators and whether they meet the agreed standard. The process owner is responsible for the process results. These characteristics and standards provide information about the results expected of the process. what is expected to go into and what is expected to come out of the particular process).

In a process-focused approach we also have to consider the situation within an organization (policies. The objective of IT Service Management processes is to contribute to the quality of the IT services. In this chapter we have explained that processes should always have a defined objective. A procedure may include stages from different processes. ITIL. IT Service Management IT Service Management is primarily known as the process and service-focused approach of what was initially known as IT Management. A procedure defines who does what. the data and telecommunications department has to make the computer centre accessible. and if planned improvements are being implemented. A procedure is a description of logically related activities. A set of work instructions defines how one or more activities in a procedure should be carried out. capacity. A service organization will then try to match these quality aspects with the customer’s demands. such as availability. There are various ways of structuring departments. Processes are often described using procedures and work instructions. product. so that the planning and control can be improved. Quality management and process control form part of the organization and its policies. ITIL also provides a framework that allows experiences to be shared in different organizations. IT services generally depend on several departments. Processes that span several departments can monitor the quality of a service by monitoring certain aspects of quality. etc. region or discipline.Material do Curso de ITIL Without clear indicators. In this example. does not dictate how an organization should be structured.). ITIL cleverly describes the relationships between the activities in processes. it would be difficult for a process owner to determine whether the process is under control. The structure of such processes can ensure that good data is available about the provision of services. as it is a common language. size. and varies depending on the organization. Processes and departments Most businesses are organized in a hierarchy. customers or disciplines. for example by customer. They have departments. culture. and who they are carried out by.27 - . . In a hierarchical organization if there is an IT service to provide users with access to an accounting program on a central computer it will generally involve several departments. cost and stability. the best known approach to IT Service Management. which are responsible for a group of employees. the computer centre has to make the program and database accessible. which are relevant to any organization. and the PC support department has to provide users with an interface to access the application.

based on the IT infrastructure.28 - . it is supported by maintenance and operations. large or small. the operations phase expenditure amounts to about 70 to 80% of the overall time and cost. This applies to any type of organization. Over the years. This increasing dependence has resulted in a growing need for IT services of a quality corresponding to the objectives of the organization. of a high quality. in the event of fault or necessary modifications. In all cases. An IT application (sometimes referred to as an information system) only contributes to realising corporate objectives if the system is available to users and. public or private. consistent. IT Service Management addresses the provision and support of IT services tailored to the needs of the organization. ITIL was developed to disseminate IT Service Management best practices systematically and cohesively. with internal or outsourced IT services. Background ITIL was developed due to the fact that a growing number of organizations are becoming increasingly dependent on IT to help fulfill their corporate objectives. Each of these processes covers one or more tasks of the IT .Material do Curso de ITIL Introduction to ITIL This chapter describes the structure and objectives of the IT Infrastructure Library (ITIL) and the organizations that contribute to maintaining ITIL as the best practice standard for IT Service Management. and at an acceptable cost. In the overall life cycle of IT products. the emphasis has shifted from the development of IT applications to the management of IT services. ITIL offers a common framework for all the activities of the IT department. the service has to be reliable. with centralised or decentralised IT services. which provide an effective framework for further enhancement of IT Service Management. as part of the provision of services. and which meet the requirements and expectations of the customer. The approach is based on service quality and developing effective and efficient processes. These activities are divided into processes. the rest is spent on product development (or procurement). Effective and efficient IT Service Management are essential to the success of IT applications.

Advantages to the Customer/End User: • The provision of IT services becomes more customer-focused and agreements about service quality improve the relationship. such as service development. It does not claim to be a definitive list. This process approach makes it possible to describe the IT Service Management best practices independently from the actual organizational structure of the department.29 - . infrastructure management. • The services are better described. The books also explain how the processes can be formalized within an organization. in most IT organizations. • The quality and cost of the services are managed better. The structure and allocation of tasks and responsibilities between functions and departments depends on the type of organization. . ITIL presents these best practices coherently. By using a process approach. Any attempt to supplement it often leads to an interesting discussion about the advantages of disadvantages of ITIL and about the way in which organizations actually use ITIL. and how the coordination between them can be improved.Material do Curso de ITIL department. and supplying and supporting the services. ITIL primarily describes what must be included in IT Service Management to provide IT services of the required quality. and help to define the objectives and to determine the required effort. They provide a frame of reference within the organization for the relevant terminology. • Communication with the IT organization is improved by agreeing on the points of contact. Many of these best practices are clearly identifiable and are indeed used. The list below identifies some advantages and disadvantages of ITIL. and these structures often change. The ITIL books describe how these processes (which have sometimes already been identified) can be optimized. and in greater detail. The description of the process structure can help maintain the quality of IT services during and after reorganizations. to some extent.

An over ambitious introduction can lead to frustration because objectives are never met. In that case. Leaving the development of the process structures to a . becomes more efficient. • The management is more in control and changes become easier to manage. • There is no improvement due a lack of understanding about what processes should provide. for internal communication.30 - . and more focused on the corporate objectives. • ITIL provides a uniform frame of reference standardisation and identification of procedures. procedures become bureaucratic (obstacles that are avoided where possible). • If process structures become an objective in themselves. and how processes can be controlled. • An effective process structure provides a framework for the effective outsourcing of elements of the IT services. and supports the introduction of a quality management system based on the ISO-9000 series. Potential disadvantages: • The introduction can take a long time and significant effort. the service quality may be adversely affected. • Following the ITIL best practices encourages a cultural change towards providing service.Material do Curso de ITIL Advantages to the IT Organization: • The IT organization develops a clearer structure. what the performance indicators are. • A successful implementation requires the involvement and commitment of personnel at all levels in the organization. and requires a change of culture in the organization. • Improvement in the provision of services and cost reductions are not visible.

. project management. On the 1st April 2001.Material do Curso de ITIL specialist department may isolate that department in the organization and it may set a direction that is not accepted by other departments. Organizations OGC (CCTA) ITIL was originally a CCTA product. set up in November 1993. Switzerland. and Australia. was set up in the UK in 1991. Austria. CCTA was the Central Computer and Telecommunications Agency of the British government. procurement and IT Service Management). Germany. The objective of the OGC is to help its customers in the British public sector update their procurement activities and improve their services by making the best possible use of IT and other instruments. the ITIL Framework itself provides a lot of suggestions on recognizing and therefore preventing such problems. or how to solve them should they occur. The OGC publishes several series (libraries) of books written by British and international experts from a range of companies and organizations. the processes will not be done justice and the service will not be improved. the United States. • If there is insufficient investment in support tools. ‘OGC aims to modernize procurement in government. However. Belgium.’ The OGC promotes the use of ‘best practices’ in many areas (e. In 2001 it had over 500 members organizations. Additional resources and personnel may be needed if the organization is already overloaded by routine IT Service Management activities. Library consists of a number of clear and thorough ‘Codes of Practice’ to promote and provide efficient and effective IT services.g. who participate in the ITSMF International group. and deliver substantial value for money improvements. ITSMF The Information Technology Service Management Forum (ITSMF). ITIL was obviously developed to capitalize on the advantages. There are now ITSMF chapters in countries such as South Africa. which is now the new "owner" of ITIL. The Dutch ITSMF (ITSMF Netherlands) was the next chapter. both suppliers and user groups.31 - . originally known as the Information Technology Infrastructure Management Forum (ITIMF). the CCTA was amalgamated with the OGC (Office of Government Commerce). It is appropriate to recognize and acknowledged that there can be problems with an adoption of ITIL practices.

The Foundation Certificate is intended for all personnel who have to be aware of the major tasks in the IT organization.32 - . certificates have been awarded to over 30. but also the approach and philosophy shared by those using ITIL best practices in their work. Change Management and/or Service Level Management. to advise about the structure and optimization of the processes. EXIN and ISEB The Dutch foundation EXameninstituut voor INformatica (EXIN) and the UK Information Systems Examination Board (ISEB) jointly developed a professional certification system for ITIL. This was done in close cooperation with the OGC and ITSMF.com). Managers are trained to be able to control these processes. ITIL represents much more than a series of useful books on IT Service Management. To date. . and the connections between them. It organizes symposiums. such as Incident Management. ITIL has stood not just for the framework.000 IT professionals in over 30 countries. and other events about current IT Service Management subjects. EXIN and ISEB are nonprofit organizations which cooperate to offer a full range of ITIL qualifications at three levels: • Foundation Certificate in IT Service Management • Practitioner Certificate in IT Service Management • Manager Certificate in IT Service Management The certification system is based on the requirements for effectively fulfilling the relevant role within an IT organization. and to implement them. The framework of best practice in IT Service Management is promoted and further developed by consultants.Material do Curso de ITIL The itSMF promotes the exchange of information and experiences that enable IT organizations to improve the services they provide. trainers and tool suppliers. Since the 1990s. By now. After obtaining the Foundation Certificate. The association publishes a newsletter and operates a web site with information about its activities (http://www. the Practitioner and Manager exams can be taken. A range of organizations are now cooperating internationally to promote ITIL as the de facto standard in IT Service Management. Practitioners are trained to undertake specific ITIL processes or tasks in such processes. Working parties also contribute to the development of the subject.itsmf. congresses. special subject evenings.

This can significantly reduce the time required to obtain ISO certification. and input and output of each of the processes found in an IT organization. Part of the ITIL philosophy is based on quality systems. roles and activities. ITIL does not give a specific description of how these activities should be implemented. ITIL supports such quality systems with a clear description of the processes and best practices in IT Service Management. extensions and alternatives have been developed. As the name suggests it is a Library (IT Infrastructure Library). The emphasis is on an approach that has been proven in practice. with an emphasis on customer service and relationships. This section will describe the various components of the library. ITIL consisted of a large number of sets of books.Material do Curso de ITIL The ITIL community also allows for organizations involved to provide feedback so that the reality of current best practice is quickly reflected and incorporated into the ITIL theory. Ten books describing Service Support and Service Delivery were considered as the core of . which means maintaining good relationships with them and associated partners such as suppliers. such as that of the EFQM. and Total Quality frameworks. The unique aspect of ITIL is that it offers a generic framework based on the practical experience of a global infrastructure of professional users. Furthermore. some of which may be considered as IT Service Management methods in their own right. The IT organization has to fulfill "customer" requirements. instead it offers a framework for planning the most common processes. Each of the ITIL books addresses part of the overall ITIL framework. such the ISO-9000 series. This course is centred on the Service Delivery and Service Support books. ITIL is based on the need to supply high-quality services. each of which described a specific area of the maintenance and operation of IT infrastructure. We use ITIL as the description of these two books throughout the course.33 - . as this will be different in every organization. However. Originally. These alternatives often address the needs of certain groups or organizations whose specific problems are not adequately covered by ITIL. indicating the links between them and what lines of communication are necessary. ITIL defines the objectives and activities. The ITIL Books ITIL (IT Infrastructure Library) ITIL is a series of books. For the ITIL purist we acknowledge that ITIL is a library of many books. ITIL is not a method. but (depending on the circumstances) may be implemented in a number of ways.

The elements are: · The Business Perspective · Service Delivery · Service Support · ICT Infrastructure Management · Applications Management . many of the best practices to be described in the new books are also included in the current ITIL series.co.34 - . This has eliminated significant overlap and occasional inconsistencies in the earlier series and has improved cohesion. The ITIL puzzle shows the main elements addressed by the ITIL books. and one on Service Delivery. However. The Business Perspective Set. Planning to Implement Service Management In this chapter. They also support the vision of IT Service Management more thoroughly. There were approximately 40 other books on complementary subjects related to IT Service Management. we will introduce the ITIL series of publications using the main elements of the ITIL puzzle. By the end of 2002 the original set of books. should have been replaced by six new ITIL books.uk Business Perspective The ITIL books in the Business Perspective Set describe many issues related to understanding and appreciating IT services as an integrated aspect of managing a business. addresses: . and overlaps them to some extent. each on a specific aspect of IT Service Management.Material do Curso de ITIL ITIL. Each of these elements interfaces with the others. The Business Perspective Set was introduced to bridge the divide between the business and the IT organization. However. as have the books on Service Support and Service Delivery. which will eventually replace the set. Even so. one on Service Support.itil. and the Business Perspective book. certain aspects of ITIL still had a slightly dated approach. For more information www. the original series of books in the Infrastructure Library mostly approached IT Service Management from the IT perspective. from cabling to managing customer relationships. The "core" ITIL books have now been revised and published as two books.

The primary concerns are business like forms of cooperation that contribute to the current and future provision of IT services and fulfilling the objectives of the IT organization.35 - . the IT organization bears the ultimate responsibility for the services provided to the customer. assessing the performance of suppliers. or to investigate the range offered by various suppliers. Managing Supplier Relationships To some extent. "Managing Supplier Relationships" is similar to Customer Relationship Management.Material do Curso de ITIL • Business Continuity Management • Partnerships and outsourcing • Surviving changes • Adapting the business to radical changes Other ITIL books address some of these topics. These may be to discuss the long-term prospects of existing relationships. and determining the way in which the IT organization handles supplier contracts. However. A good relationship with suppliers is not just a matter of contractual agreements and contacts. The Facilities Management suppliers may be responsible for the operation of all or part of the IT infrastructure. The major tasks of the Managing Supplier Relationships process include selecting suppliers. . to promote communication. in addition to those in the Business Perspective Set. Managing Facilities Management "Managing Facilities Management" addresses the management of contracts between the IT organization and Facilities Management companies. Relationships with suppliers can be characterised by the nature and content of the contacts. but now covering the relationship between the IT organization and its suppliers. This book describes what measures the IT organization can take to accept responsibility for agreements about Service Levels and how to monitor the services provided by the facilities suppliers.

Material do Curso de ITIL Service Delivery
As indicated above, Service Support and Service Delivery are considered to be at the heart of the ITIL framework for IT Service Management. The ITIL book on Service Delivery describes the services the customer needs, and what is needed to provide these services. The following subjects are addressed: • Service Level Management • Financial Management for IT Services • Capacity Management • Availability Management • IT Service Continuity Management • Security Management (with reference to the ITIL book on Security Management) There is continual reference to how these areas also integrate the essential element of Client Relationship Management. The complex interrelationship between the processes described in the books on Service Support and Service Delivery is almost impossible to show in a diagram. We will briefly describe each of these areas now: IT Customer Relationship Management Most organizations appreciate the need to apply cohesion and structure to relationships within the customer organization at several levels. The IT Customer Relationship Management activities involve several processes. The Service Desk is the first point of contact for most "users". However, the "customer", who has commissioned and paid for the service, will initially contact IT Customer Relationship Management. IT Customer Relationship Management provides a bridge between the IT organization, which has traditionally taken a technical approach, and the customers who want to fulfill their business objectives. Service Level Management The objective of Service Level Management is to make clear agreements with the customer about the IT services required, and to implement these agreements. Consequently, Service Level Management needs information about the customer needs, facilities provided by the IT organization, and the financial resources available. Service Level Management addresses the service provided to the customer (Customer Focus).

- 36 -

Material do Curso de ITIL
By analysing the information needs of the customer (Information Pull) rather than what is technically feasible (Technology Push), the IT organization can improve customer satisfaction. The chapter on Service Level Management in the Delivery book describes: How, by clearly defining, a Service Level Agreement can optimize the IT services at a cost that can be justified to the customer. How the service can be monitored and discussed. Underpinning Contracts support the service with sub-suppliers/subcontractors. Financial Management for IT Services Financial Management addresses the prudent provision of IT services. For example, Financial Management provides information about the costs incurred while providing IT services. This enables a proper consideration of costs and benefits (price and performance) when deciding on changes to the IT infrastructure or IT services. The identification, allocation, forecasting and monitoring of the costs, as discussed in the chapter on Financial Management in the Service Delivery book, are all covered by the term ‘costing’. These activities support cost awareness (what cost is incurred where?) and can also be used in drawing up budgets. With respect to the revenue stream of the IT organization, this ITIL book describes various charging methods. Capacity Management Capacity Management is the process of optimising the deployment of IT resources, to support the agreements made with the customer. Capacity Management addresses resource management, performance management, demand management, modeling, capacity planning, load management and application sizing. Capacity Management promotes planning to ensure that the agreed Service Levels can also be fulfilled; now and in the future. Availability Management Availability Management is the process of ensuring the appropriate deployment of resources to support the availability of IT services agreed with the customer. Availability Management addresses issues such as optimising maintenance, and design measures to minimise the number of incidents. IT Service Continuity Management This process addresses the preparation and planning of disaster recovery measures for IT services. Other common names are Contingency Planning and Disaster Recovery Planning. The starting emphasis for IT Service Continuity Management is the requirement to safeguard the continuity of the customer organization in the event of a disaster (this means that the IT organization must be aware of the "Business Continuity Plan"). IT Service Continuity Management is the process of planning and

- 37 -

Material do Curso de ITIL
coordinating the technical, financial and management resources needed to ensure continuity of service after a "disaster", as agreed with the customer. Security Management The objective of Security Management is to protect the IT infrastructure against unauthorized use (such as unauthorized access to data). This is based on security requirements laid down in Service Level Agreements, contractual requirements, legislation, and policy. When updating the Service Delivery part of ITIL it was decided that the recently published book on Security Management did not have to be replaced. The ITIL book on Service Delivery does not address security management directly but refers to the Security Management book.

Service Support
The ITIL book on Service Support describes how a customer can get access to the appropriate services to support their business. This book covers the following subjects: • Service Desk • Incident Management • Problem Management • Configuration Management • Change Management • Release Management

- 38 -

Problem Management aims to identify the underlying cause. A Service Desk can have a broader role (for example receiving Requests for Change) and it can carry out activities belonging to several processes. and the quality of the incident records determines the effectiveness of a number of other processes. Incidents are recorded.Material do Curso de ITIL Service Desk The Service Desk is the initial point of contact with the IT organization for users. The new book on Service Support now distinguishes between the Service Desk (i.39 - . This is a classic example of when the framework needs to be interpreted sensibly. resolving and monitoring problems. Previously. and processes such as Incident Management. Submitting a Request for Change makes this improvement.e. There are clear differences and by understanding both processes the reasons become very clear. The intention of problem management is to eliminate these re-occurring incidents. as a function or organizational unit). . The major task of the Help Desk was recording. Incident Management The distinction between "incidents" and "problems" is possibly one of the best-known discussion points in the ITIL field. Once the cause of a series of re-occurring incidents has been identified (Known Errors). Problem Management If a problem is suspected within the IT infrastructure. Although the difference may be confusing there is a major advantage in that a distinction is made between the rapid return of the service (the goal of incident management) and identifying and remedying the cause of an incident (the goal of problem management) Incident Management aims to resolve the incident and restore service quickly. It may not be appropriate to educate your users that what they are experiencing is in fact an "incident". Configuration Management and Change Management. the ITIL books referred to it as the Help Desk. Problem Management is neatly split off and is not a part of solving incidents. By creating the Incident Management process in the Service Support book. A problem may be when there are multiple occurring and seemingly related incidents. a business decision is taken whether to make permanent improvements to the infrastructure to prevent new incidents. Note that your end users may still refer to what they experience as a "problem".

data communications and clients) changes are often planned on the basis of releases. and how they can be implemented with a minimum adverse impact on the IT services. planning. accepting. Problem Management and several other processes. building and testing. The main objective of Release Management is to control the distribution of hardware and software. Both hardware and software (central processing. including integration. identifying configuration items (inventory. Changes are made in consultation with the status monitoring activities of Configuration Management. the customer organization. Release Management The actual implementation of changes is often carried out through Release Management activities. Changes are implemented by following a path of definition. verification and registration). Release Management ensures that only tested and correct versions of authorized software and hardware are provided. mutual links. Release Management is closely related to Configuration Management and Change Management activities. technical operational management processes will be addressed in a new ITIL book on IT Infrastructure Management. IT Infrastructure Management Eventually. Change Management Change Management addresses the controlled implementation of changes to the IT infrastructure. implementing and evaluating. collecting and managing documentation about the IT infrastructure and providing information about the IT infrastructure to all other processes. testing and storage.Material do Curso de ITIL Configuration Management Configuration Management addresses the control of a changing IT infrastructure (standardisation and status monitoring). by effective consultation and coordination throughout the organization.40 - . The objective of the process is to determine the required changes. This book will cover: • Network Service Management • Operations Management • Management of Local Processors • Computer Installation and Acceptance • Systems Management IT Infrastructure Management also includes Environmental Management. .

Systems Management To date. but also file servers. it describes how the ITIL best practices can be applied in a network environment. A good definition of responsibilities is important to optimize the service. These include telephone systems. In essence.). . In future a new book on IT Infrastructure Management will cover it. One of the tasks of this process is to set up and maintain climate controlled computer and network rooms. These guidelines are a development/extension of the activities in the Change Management and Release Management processes. cooling. Management of Local Processors The Management of Local Processors process addresses management operations at decentralised sites.41 - . including mainframes and midrange systems. the ITIL Books have not covered Systems Management. Operations Management Computer Operations Management (Computer Operations) addresses the management of computer hardware and systems software. installation and eventual removal of large computer hardware in the IT infrastructure. LAN and WAN networks. to ensure that the agreed Service Levels are provided. etc.Material do Curso de ITIL Network Services Management The Network Services Management process addresses planning and controlling communications networks. Environmental Management Environmental Management concerns managing the environment of the IT infrastructure (power supply. This specifically includes making agreements about the activities of various processes (especially the processes to support IT services) when IT services are provided at multiple locations. Computer Installation and Acceptance Computer Installation and Acceptance primarily concerns guidelines for planning the acceptance. The ITIL book of the same title concentrates on production tasks in an environment of large computer systems. The ITIL module for Network Services Management also addresses the longterm communications needs of the organization. The objective is to support the provision of IT services at the user site.

Clearly defining the requirements and implementing a solution that meets the needs of the customer organization is paramount. A system test. is correctly installed.42 - . The relationship between the ISO standards and ITIL modules is also identified. This book describes the introduction of a quality management system (based on the ISO-9000 series of standards) in an IT organization. In every stage of the software lifecycle. there have to be agreements between those developing and those operating the IT infrastructure. operated. the Managers Set. including audits. and eventually decommissioned. The way in which software is designed. Management and Organization The ITIL series also includes some books on subjects at the strategic level. maintained. A major issue in Applications Management is effectively responding to changes in the business. tested. Quality Management for IT Services Quality Management for IT Services addresses setting up and maintaining a coherent quality system. IT Service Organization and Planning and Control for IT Services. in consultation with those responsible for software development. Software Lifecycle Support Software Lifecycle Support aims to define the approach for supporting the entire software lifecycle. and the evaluation of an existing quality management system. . This includes issues such as Software Lifecycle Support and testing IT services. built. interfaces with the rest of the IT infrastructure. installation test and acceptance test are undertaken to determine if the developed application works. Testing an IT Service for Operational Use The objective of testing an IT Service for Operational Use is to ensure that the proper operation of new or modified IT services is tested before they enter operations. based on the IT Service Management processes described in other ITIL books. Developing policies and long-term planning of IT services are specifically addressed in the books on Quality Management. introduced. Quality Management activities include defining and implementing the quality policy and managing the quality system. The selection of Software Lifecycle models can have a significant impact on the IT services. is extremely important in IT services. and offers the "users" the functions agreed with the "customer".Material do Curso de ITIL Applications Management The ITIL book on Applications Management will address the relationship between management and the software lifecycle.

And alignment is at the very heart of benefits gained in a process driven approach for IT Service Management. which may be affected by historical and political issues. A recent ITIL book is devoted to this subject. In practice. Major activities in this process include determining and defining the organizational structure and role and function descriptions. It is therefore necessary for management to commit to the improvement programme (Management Commitment). This ITIL book describes how the organization can be analysed and assessed. Lack of commitment will create resistance from the very people needed to align these processes with the business needs. In essence. Planning and Control for IT Services Planning and Control for IT Services aims to provide a coherent system of planning. the situation illustrated by this model is often obscured by the way in which important decisions are taken in organizations. . A framework is provided for dealing with organizational changes. the concept of planning and implementing changes in IT Service Management processes is shown in the process improvement model. albeit only partly.Material do Curso de ITIL IT Services Organization IT Services Organization addresses the structure of the IT organization. You should also be aware that there will generally already be processes that meet the needs of the organization. particularly in terms of tasks. and for them to understand the organizational culture. to ensure that the organization fulfils the objectives and requirements based on the business strategy and the strategy of the IT organization.43 - . This includes coordinating the planning and reporting of the various IT Service Management processes (for example in the form of annual plans and quarterly reports). Planning and Implementation There is now much experience throughout the world with planning and implementing programmes to optimize IT Service Management. reporting and control for the IT organization. authority and responsibility. based on the process descriptions in the other ITIL books.

Material do Curso de ITIL Analysing the needs of the organization and implementing the required solution could require the creation of a temporary organization. or as a series of projects in an improvement programme. If a project aims to improve the IT organization along these lines. a guideline for the structure of that organization. ITIL primarily provides a frame of reference for process structures in the IT organization and. the ITIL books recommend the adoption of PRINCE2 (Projects IN Controlled Environments) as a Project Management methodology. continue. One advantage is that it will provide the organization with clear decision points where it can decide to terminate. such as a reorganization or merger. You should be particularly wary of so-called ITIL implementation projects that have a hidden agenda. . the desired situation.44 - . it is not an organizational handbook. In most cases. to a much lesser extent. ITIL describes the best practice for improving IT Service Management. Each project is based on an analysis of the current situation. the alternatives will be compared on the basis of: • Advantages to the organization • Risks. or modify the project. In this context. A baseline measurement or health check can provide a good start for process improvements. Such an assessment of the IT Service Management processes can help identify the strengths and weaknesses of the organization. This could be considered as a one project. obstacles and potential problems • Transition costs and long-term costs • Costs of continuing the current approach Identifying the potential alternatives may well be a project in itself. After some time the measurement can be repeated to show the progress of the project or programme. then it is wise to seek out experts in this field (a good starting point is outside consultants who are certified IT Service Managers (according to the certification requirements laid down by Exin or the ISEB). You should be aware that ITIL is no magic formula. Do not expect miracles. and define clear objectives for an improvement project. and the path in between.

Furthermore. Objective The Service Desk offers "first line" support to users. the Service Desk is the central point of contact where incidents or inaccuracies in IT systems can be reported..... You have just started a complicated job. Users need help if they are not sure how to behave in a specific situation when using IT services or when they need assistance to solve a particular issue involving IT. As well.. before finding the right person to solve their problem and for IT personnel it means that they only have to deal with issues that are related to their skills or area of responsibility.. 1 hour later you still haven’t started your job….. .Material do Curso de ITIL Service Desk Introduction Here is a familiar situation. Wouldn’t it be great if you could complete this job without interruption? It is the role of the Service Desk to act as the single contact point between the customer and the IT Service Provider. They will handle all incoming calls and only direct them through to the second or third level support when necessary. the Service Desk is an important source of management information. Objectives of the Service Desk: • To provide a single point of contact for Customers • To facilitate the restoration of normal operation service with minimal business impact on the Customer within agreed service levels and business priorities Process Description The Service Desk is not regarded as a process within ITIL but as a function. For the customer the advantage is that they don’t have to ring around. The phone rings.Someone is facing computer difficulty!!! The printer is not working. You solve the issue and just when you are back into the job … Someone walks into your office asking when his or her expected upgrade will be done.. The Service Desk is the face of the IT department to the clients. which requires all your concentration.45 - .

in the form of: • • • The status of their incident Planned changes in IT Service Likely disruptions in the IT Service • Any changes or additions in the services that are provided or the service levels. To facilitate the restoration of normal operational service (with minimal business impact on the Customer) to the agreed service levels and according to the business priorities. Provide management information . The end result will be fewer angry or annoyed customers. Keep users informed by. This used to be part of the Helpdesk Process but is now included in the process called Incident Management (covered in a later module). The service provided by the Service Desk tends to be broader then just the IT part of business hence the change in name from Helpdesk (which was more IT related) into Service Desk. Businesses relies on there IT service to stay on top of the market and be competitive. Activities 1. Among the activities performed by the Service Desk are Incident recording and Incident Control. The obvious benefits in proactively providing service information is that: If the customers know before hand that a specific service (e..Material do Curso de ITIL As IT has become a greater part of business over the years the role of the Service Desk has become crucial. email) will be unavailable during the lunch hours you (a) reduce the amount of calls being received but also (b) reduce the impact of the disruption. 3.. Providing information. 2..g.46 - . These are: • • To provide a single point of contact for the customers. It plays a vital role in IT Service management as from a customer point of view the service desk is the IT Service Provider and therefore plays a critical part in how the customers perceives the IT organization as a whole. Activities The Service Desk has a number of primary responsibilities.

4. informing the customer and closing the incident a great deal of time could be saved. Think about how much time it costs to reset a password for a user and how often that is required. If by sending an email a set of actions would be started including: creating the incident. the amount of calls as a result of a change etc. the amount off calls per category. .47 - . resetting the password. The objective is to produce reports from which management can make decisions and measure performance based on agreed service levels and deliverables. Recording and controlling of incidents Incident control The Service Desk is responsible for recording all incidents and then controlling them. But also in case of a disruption in the IT Service they are likely to be the first to know. The Service desk can use different ways in recording the incidents: • • • • • Phone E-mail Internet Fax Personal visit By making use of different ways of recording incidents and even automating the solution then the workload of the service desk will be reduced and by association so will the costs. customers and management alike.Material do Curso de ITIL By logging all calls the Service desk can provide information to Management about. This makes the Service Desk an excellent First Point of contact for users. Conduct customer satisfaction analysis and surveys 5.

The Service Desk is. With some processes the link is a clearer than others. Interpersonal skills are one of the more important ones. in fact. . It has a role to provide and improve the service to the business in general. the Service Desk has a link with all processes within ITIL. whereas the traditional Help Desk tended to be more technical in nature. a powerful aid in mapping/identifying weak links in the IT infrastructure evolves. As there are different types of Service Desk models the skills required by the Service Desk staff also must be carefully analysed. If this link is supported by software. an operational aspect of the important process of Incident Management. e. The changing role is that the Service Desk is a more customer focused. incident control. This allows the Service Desk staff the to quickly solve incidents by searching on a Configuration Item. Technical skills become more important when the Service Desk becomes more skilled and aims to solve most of the incidents without rerouting them to higher levels of support.Material do Curso de ITIL Roles The new Service Desk tends to be more then the just the place to lodge calls related to IT. Incidents can be related to Configuration Items.48 - .g. The Service Desk registers and "controls" Incidents. category and/or error code and applying a previously used solution. Relationships Being the single point of contact for IT Service.

Service Desk will report to Service Level Management if IT Service is not restored within time frames and escalation procedures are properly defined and adhered to. Customers.49 - . is an item that we want to store information about.I. . In some cases the Service desk does some minor changes and so has a link with Change Management and Release Management. The user is the ultimate end user of the service provided. A C.Material do Curso de ITIL Note: A Configuration Item (or C.) is discussed in the Configuration Management process section. IT Staff and the business as a whole. Note: The difference between a Customer and a User should be explained. A Customer is the person who may often be the representative of the business for the service provided and/or the person who funds the service. Benefits The benefits from a properly implemented Service Desk flow across Users. The link between the Service Desk and Service Level Management can be illustrated as a result of the Service Desk monitoring Incident levels and reporting whether the IT service is restored within the limits defined in Service Level Agreements (SLA's).I.

All this leads to increases in Customer satisfaction ratings. with the associated improvement in perception this brings. service reliability and identification of business opportunities.50 - .Material do Curso de ITIL Benefits for the Customer • Easily defined metrics for measuring performance Benefits for Users • • • Single point for all queries Better informed Quicker turn around of request. . queries and incidents Benefits for IT staff • • • • Being able to focus more on the job Greater efficiency Better use of the skills the staff has resulting in motivated personnel Improved team work Benefits for the business • • • • Source of useful management information Internal cost savings and productivity efficiencies Meet customers business support requirements with responsiveness at all times when and wherever it is needed Better use of available resources Summary An effective Service Desk will deliver overall cost reduction and increases in staff morale.

we won't help you" versus "if you can contact the Service Desk it will mean that we properly track and fix your problem"). easy to remember phone number. • Not all parties involved are informed about the Service provided and the Service Levels agreed upon. "if you don't contact the Service Desk.Material do Curso de ITIL Common Problems There is no doubt in denying that along with any move towards improvement there will be problems and barriers to success. Recognising this in advance goes a long way to solving the problem when (not "if") it comes up. all users will become accustomed to change and eventually start to accept and see the benefits (refer to SD Benefits). low waiting times and different ways of communicating/interfacing. creating a group of "Critical Users") will also ensure that Service Desk staff realistically deal with those in highly critical roles as a top priority. In time.51 - . However. resulting in unrealistic expectations. Service levels etc are well . after hours process established. Users who wish to circumvent the proper procedure will be annoyed and cause disruption. out of office process established. If a business is only operating between 9 am and 4 pm. • Not aware what the needs of the business and/or users are. rather than "giving in". This is a simple case of communication and making sure that that all procedures. this short term problem should be ridden out. If the Service provided by the Service Desk (IT Service Provider) is not the one needed by the business or the user then it matters little that the service is perfect. This can be done politely and does not have to be used as a threat (eg. but try to go around it to the person they know. is not very useful and might result in under staffing of the Service Desk during the business hours. The Service Desk needs to be easily accessible. having a Service Desk that’s is open 24 hours a day. Processes for dealing with different levels of staff within the organization (eg. • Users do not call the Service Desk. All Customers must be redirected to the Service Desk if they try to contact someone directly. the one who helped them so well the last time.

The easiest way to begin to define what metrics are required is to look to the Service Level Agreements (SLA's) that should define the response times. This is not to say that staff will use this information against users who require service. etc. Day to day reports can provide information on Calls and Incidents. This information can be extracted from appropriate tools or from PABX records. The Service Desk as a service for users is no different in this regard. Metrics Metrics are essential in monitoring any IT Service provided.when a user is irate or stressed it is not appropriate to point out that the agreed service levels allow for a 48 hour response. Naturally. for the Service Desk from the Customer perspective.52 - . it simply means that users approach the Service Desk with realistic expectations. However. For instance. A well-marketed Service Desk is only half the job. . How long calls last. This highlights the people skills that Service Desk staff need to have. Also periodically revisiting and re-educating involved staff. It is realistic to start with a very simple set of metrics and possibly this is a better approach as it means that there is no time lost in creating a long series of reports that add no value to a customer. BEFORE issues arise. If standards are set before the Service Desk starts operating one can monitor the progress of the Service Desk. how many there are and how long the waiting time is before a call is answered. Therefore Customer satisfaction should be measured regularly. everyone's problem is critical when it happens . Involve key customers in the process of implementing the Service Desk and reap the rewards from having their support in times of crisis. even if all Service Levels are met the most important measurement for any Service organization is the perception of the Customers of the service provided. • • How many and what kinds of incidents (classifications) the Service Desk solves at first point of call. The crucial factor is in defining what it is that should be measured.Material do Curso de ITIL documented and available to all parties involved.

53 - .Best Practice Structure of a Service Desk A Service desk can be structured in one of three ways: • • • The Local Service Desk Centralised Service Desk Virtual Service Desk The "hybrid" model is also a genuine Service Desk structure that uses a combination of two or more Service Desk structures. if the organization is spread out over various locations with their own local service desks (ie multiple "local"). All Service Desk staff should follow the same processes and procedures to prevent differences between the different Service Desk operations. a high standard of process adherence should be apparent. However. Local Service Desk Very "visible" to the organization. The Service Desk is most probably in the same building or locality as the users of the IT Services. . be aware of the fact that. The advantage of this concept is the fact that Service Desk staff are very well versed with the local situation and local conditions.Material do Curso de ITIL Service Desk Structure .

Material do Curso de ITIL .54 - .

easier management of the IT Service and better use of Resources. All users from the different sites contact this one Service Desk. It might be staffed in different locations at different times during a day resulting in a 24 hour Service Desk.Material do Curso de ITIL Centralised Service Desk A centralised Service Desk is a physical point in one location. Also time differences have to be taken in consideration when setting up Service Level Agreements. The issue to consider is the need for a physical engineer at the various locations to solve local incidents. This model leads to a reduction in operational costs. Virtual Service Desk Due to advanced network and telecom technologies it is now possible to have a Service Desk that has no physical location as far as the user is concerned. .55 - .

com/products/servicedesk/ http://www.itilworld.htm . This is a genuine structure as the ITIL Framework provides guidelines only for structure and is not a prescriptive solution book.com/hdicerti.com/n-america/service-support_helpdesk.htm http://www.interpromusa.56 - .co. Interesting websites: • • • • • http://openview.htm • http://www.interpromusa.uk/online_ordering/serv_supp_graphs/serv_desk.htm http://www.hp.com/The Integrated Service Desk.com/Pages/Service support/Service Desk/Service_Desk_scope.itil.pdf http://www.itil-service-support-management.Material do Curso de ITIL Virtual Service Desk Hybrid models combine two or more of these particular structures into a customised solution for a particular organization.

.Material do Curso de ITIL Essential Terms Escalation: When the time limit for resolving an incident has passed. Known error: This is the situation where a successful diagnosis of a problem has shown what the cause is and which CI is at fault. Call Each time the user contacts the service desk. Routing: An incident is deposited at the second line support because no specialist knowledge for the solution is available at the Service Desk Incident: An incident is every operational event that is not part of the standard operation of an IT service. Problem: A problem is the as yet unknown cause of the occurrence of one or more incidents. An incident influences the service delivery. although it can be small and in some cases even transparent (not noticeable) for the user. A possible solution may also be found as to how the problem can be avoided. the priority.57 - . Expert or Super user: Some organizations may use “expert” users to solve some first line support queries. The Service Desk continually informs clients about the progress of their calls. the incident escalates into a problem (depending on the priority and impact of the incident) and a different level of support (Problem Management) comes into force and this: • • Edits the problem if necessary Determines the impact on the service delivery and with that. depending on the structure of the organization. This can solve some short term people resource issues.

The Service Desk is usually the owner for this process however all support groups across an IT organization will play their part. questions about the functionality of an application or requests for advice are all regarded as Incidents that are dealt with by this process. Note: An RFC is a Request for Change and will be dealt with in the Change Management process area. The timeframes for Incident resolution should be defined in the Service Level Agreements (SLAs) that exist between the IT Department and the customer. Requests for Change are handled in a similar way as Incidents so they can also fall under Incident Management. and at a cost-effective price. A business may decide however to describe the handling of RFC’s in a special procedure in order to keep the Incidents and RFC’s separated. . It is this cost-to-speed ratio that is often forgotten when a user faces problems. The definition of how quickly is quickly should not subject to interpretation. Disruption of an IT service. Issues that are low priority during negotiations are "somehow" escalated to the status of requiring high levels of attention when the issue occurs.Material do Curso de ITIL Incident Management Introduction The Incident Management process contains activities that are aimed at restoring an IT service following a disruption. The speed of resolution will affect the cost. An RFC is the "trigger" that begins the Change Management process. Objective The objective of Incident Management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user.58 - . Often support staff will simply respond to user pressure in such situations and immediately the expectation is adjusted and anything less than immediate response to this otherwise low priority issue is considered as poor service (the IT Support dilemma!).

Material do Curso de ITIL Process Description As with every process there is an Input and an Output. The centre diamond shows the activities of Incident Management. The main input to this process are incidents. but can have other sources as well like management Information or Detection Systems. The outputs of the process are RFC’s. The Input for Incident Management mostly comes from users. management Information or infrastructure monitoring tools. This concept is illustrated in the following diagram. As shown in below Incidents can come from many sources like users. . resolved and closed Incidents.59 - . management information and communication to the customer.

How important is it and what is the impact on the business? The responsibility for this definition lies with the Service Level Management process. Records should be cross-linked to eliminate the need for re-keying data. The Service Desk is the single point of contact between service providers and users. Incident priorities and escalation procedures need to be agreed as part of the Service Level Management process and documented in SLAs. monitoring. The Service Desk (more commonly known as a Help Desk) is the primary point for recording incidents.Material do Curso de ITIL Activities The activities included in Incident Management are: • • • • • Incident detection and recording Classification and initial support Investigation and diagnosis Resolution and recovery Incident closure Incident ownership. This improves information interfaces and makes data interrogation and reporting far easier. To do this efficiently and effectively a formal approach is required. tracking and communication Incident detection and recording Throughout an Incident lifecycle specialist IT groups will handle the incident at different stages. although other IT staff can play this role as well. known error and change records.60 - . As shown incidents come from many sources. Classification and initial support Incidents should be classified according to three criteria (Priority. Information about incidents should be held in the same Service Management tool as problem. The priority with which . which will facilitate the timely restoration of service following an incident. Incident tracking is highly recommended. Impact & Urgency). Priority One of the important aspects of managing an Incident is to define its priority. on a day-to-day basis and typically the owner of the Incident Management process. or their representatives.

Impact is often measured by the number of people or systems affected. Impact 'Impact' is a measure of the business criticality of an Incident or Problem. The Service Desk should have access to tools that enable it rapidly to: o o o o o Assess the impact on users of significant equipment failures Identify users affected by equipment failure Establish contact to make them aware of the issue Give a prognosis Alert second-line (specialist) support groups. if appropriate Urgency 'Urgency' is about the necessary speed in solving an Incident of a certain impact. If the Service Desk can’t solve an Incident it will be assigned to other support levels. Investigation and diagnosis Once logged the activity of investigation and diagnosis will take place. If a user calls with an Incident and they can’t work (service stopped) then it is of greater urgency than a user calling to request a functionality change. Criteria for assigning impact should be set up in consultation with the business managers and formalised in SLAs. A high-impact Incident does not. It is important that all parties that work on the Incident keep record of their actions by updating the Incident record. partially affected. will depend upon: o o o o The impact on the business The urgency to the business The size. and therefore the amount of effort put into the resolution of and recovery from Incidents. a hardware component. and diagnose the problem. Urgency is seen as to what degree the service is affected (stopped. for example. by default.Material do Curso de ITIL Incidents need to be resolved. have to be solved immediately. scope and complexity of the Incident The resources availability for coping in the meantime and for correcting the fault. information in the Configuration Management Database (CMDB) should be assessed to detect how many users will suffer as a result of the technical failure of. .61 - . Often this equates to the extent to which an Incident can lead to degradation of agreed service levels. For example a User having operational difficulties with his workstation (impact 'high') can have the fault registered with urgency 'low' if he is leaving the office for a fortnight's holiday directly after reporting the Incident. When determining impact. functionally changed). They will then investigate the Incident using the available skills sets and tools such as a knowledge base of Known errors etc.

monitoring. These different types of escalation are covered in the Best Practices section. They will monitor the progress of the Incident in light of service levels and maintain/manage communication with the user. tracking and communication Whilst an Incident may be passed across different IT groups during investigation and diagnosis the Service Desk remain the owner of the Incident (in terms of tracking through to closure). If the Incident is not progressing appropriately then the Service Desk may trigger either a functional or hierarchical escalation. An Incident will be closed as soon as the agreed service is restored. In some cases the Incident record is closed but a Problem record is still open (Refer to Problem Management for more information about a Problem record). Incident closure For the Incident Management process to be effective it is necessary that the Incidents closure be done properly.62 - . Incident ownership.Material do Curso de ITIL Resolution and recovery Once a "work-around" or a solution to the incident is found it will be implemented. The Incident Manager role includes responsibility for: • • • • • Monitoring the effectiveness and efficiency of the process Controlling the work of the support groups Making recommendations for improvement Developing and maintaining the Incident Management system Reporting to management and other process areas . If a change is needed an RFC will be submitted to Change Management. The Incident record in the Service Desk tool should be ‘closed’ so that accurate reporting can be carried out. Roles The role of Incident Manager in most organizations is assigned to the Service Desk Manager. This step includes: o o Updating Incident details Communication with the user about solution To ensure the solution provided meets the user needs they are the only person that can give the authority to close an Incident.

I. This helps to determine the cause. routing.I. Some of these inter-process relationships are described here. Problem Management Incidents with unknown causes are routed to Problem Management where they are processed. that should be investigated. Therefore it is very important that Incident Management knows all planned changes so they can relate Incidents to a change and notify the Change Management process so that roll-back plans can be implemented if necessary. Change Management This process can be the cause of Incidents if a Change is not implemented correctly. if a user cannot access the Internet. The CMDB provides information about CI’s and the parent/child relationships between them.Material do Curso de ITIL Support roles: First line support will be done by the Service Desk and includes the recording. .63 - . resolving and closing incidents. Configuration management: Every Incident is connected to a Configuration Item (C. as will be the case when faulty equipment is replaced. On the other hand some Incidents will be solved by a Change. matching. For example.I. Work-arounds. Quick Fixes is given to Incident Management by Problem Management. diagnosis. relationships. solution and routing of an incident by tracing a fault back through the C.) stored in the CMDB.I. and recovery from incidents. Relationships Incident Management has a close relationship with other ITIL processes. by looking back through the parent/child relationships of that users PC could find that a Hub that the user connects to (parent of the child PC) is a potential C. Second and third level support is responsible for in investigation. An incident will typically involve more than one C. Known Errors. classifying.

The Service Desk will then report against these service levels. Unlike some other ITIL processes where benefits may be hard for end users to identify.Material do Curso de ITIL Service Delivery Processes Incident Management provides and gets information from all the Service Delivery processes. the benefits of good incident management will be felt by them directly. Benefits A well implemented Incident Management process will have easily visible benefits. Service Level Management. for example.64 - . For customers • • • Quick restoration of Service following an Incident Incidents are not lost or forgotten Up to date status of their Incident provided For IT Organization • Remove the problem of duplication of effort (once an Incident is solved the resolution will be easily found and can be applied to future incidents if the re- . is responsible for establishing service levels that relate to work done within the Incident Management process.

Higher user and customer satisfaction • • • For the business • • • Prioritisation . there can be some real "show stoppers". Carefully selecting the words used to convey this message can be learnt. This is where the communication skill of IT Staff must be at it's highest (and most tactful). This database will hold Known errors. Not dismissing their call as "unimportant" or "I'm busy with other people" or "You'll have to wait". incidents are the ones that jump to the front of the queue.'s (Configuration Items). This makes the determination of impact and urgency a lot faster. Realising benefits is difficult as during times of incident a lot of end users will not want to be convinced that their incident is not a high impact/high priority task and that there are other incidents demanding attention ahead of them. Critical Success factors for successful Incident Management: • A CMDB needs to be set up before Incident Management is implemented. work arounds and resolutions.I. Quicker resolution of Incidents leading (productivity gains). Defining benefits is relatively easy. . The CMDB will ideally be an electronic system. but it can be a manual system. Clear view of the status and priorities of the Incidents Possibility to measure performance against SLA’s. The CMDB is covered in the Configuration Management process chapter. Management information is provided. Resulting in the least possible impact on the business activities. Likewise. high urgency. The CMDB holds information about C.Material do Curso de ITIL occur or the resolution can be a starting point for a different but related incident). The following major obstacles if not dealt with will mean the process will be inefficient and ultimately unsuccessful.the high impact. • A knowledge database. Common Problems We know there are many benefits of a good incident management process. For instance acknowledging the frustration they are facing and providing a very brief overview of the things ahead of them in the queue.65 - . This way the person can (hopefully) understand that there are more pressing issues ahead of theirs. Note: The CMDB is the Configuration Management Data Base. This will help Incidents to be resolved much faster and with less effort.

(Preferably this tool is part of a complete Service Management tool that integrates the tools from all processes). If people start to use the tools and start to see benefits in doing so.66 - . the better. The challenge in the implementation of these tools and databases is not to let the work of setting up the system stand in the way of making progress. It is then a relatively easy task to modify behaviours to use a different tool or introduce new features/functionality as tool development or tool selection progresses. some of the more notable and useful are: • • • • • Number of Incidents per time period Number of Incidents per category Number of Incidents per priority level Incident resolution performance against service levels Number of closed Incidents per time period Best practice Incident Management tools: There are many Service Management tools on the market that now align and provide functionality to support ITIL processes. These tools have many features. which assist in automating the process such as: • • • • • Quick Call Logging (one click to log a call) Auto population of data Automated alerts from infrastructure devices and applications that automatically generate an Incident record Advanced knowledge bases Customisable reporting . Any ITIL process can be started in a very simple form. The biggest challenge facing IT professionals is that it takes "discipline" to use the tools and procedures. The sooner the discipline of logging information. searching for solutions rather than reworking solutions can begin. then so the proper "habits" are formed. Metrics Many metrics can be obtained from this process.Material do Curso de ITIL • An Incident Management tool to record and monitor Incidents easily.

uk/online_ordering/serv_supp_graphs/incident_mngt.com/publications/practices.67 - .com/Pages/Service support/Incident management/Incident_mgmt. the physical escalation of an incident usually takes place because of either a lack of expertise at a specific level or due to service levels being breached. Incident life Cycle The following diagram shows the activities throughout the Incident Management process and the status that each activity can be set at. when the service desk identifies early that there is the likelihood of a breach and escalates manually rather than waiting for the time lapse).itil.itil-service-support-management.Material do Curso de ITIL Different types of escalation In a functional escalation environment.co.com/au/resources/whitepapers/pdf/WorldCom_White_P aper_On_eCRM.helpdeskinst.htm http://www1.htm . Hierarchical escalation occurs usually more proactively (e. Interesting Websites • • • • http://www.worldcom.asp http://www.g.pdf http://www. Throughout the activities the continual issue surrounding ownership. monitoring and tracking must also be considered.

These should be made known to Incident Management so that they can be passed to the user until the permanent fix is implemented. "Re-boot your PC". the document is printed and the Incident closed. with the same great incident support.Material do Curso de ITIL • http://tools2manage-it.com/serv_mgt.68 - . We have learnt that an incident is a deviation from standard operation. On the third day the user does not call again. A few minutes later another users calls . they just re-boot their PC and start to live with the issue. The first incident that was fixed by re-booting the PC should have been passed to Problem Management. This means that users can face many incidents and a lot of the time they will face the same incident many times. No matter how well things are running. “I can’t access the Internet”.the Service Desk captures the call and gives great Incident Management support : "re-boot your PC and see if that fixes it". All of a sudden we have a plague of PC re-booting users !!! So how do we avoid the plague? By introducing Problem Management. The next day the same user calls with the same incident. the service delivery will be troubled by disruptions that cannot always be avoided. It is any situation where something does not work and the specific details are not known." An incident is often simply a user requesting help for something that is not working. The user is happy. Work around It is possible for Problem Management to identify “work-around” in the investigation of problems. Even with the most reliable IT. Then they start to tell other users . “I can’t send email”. Problem Management Introduction Problems have a tendancy to always happen !!. For example “I can’t see my network drive”. It does. The Service Desk investigates the incident and sees that the print queue has the status ‘On Hold’.php Essential Terms Incident "Any event that deviates from the (expected) standard operation of a system. The Service Desk releases the queue. A user calls with an "incident" .just re-boot your PC that'll fix it. An example where Problem Management can make a difference: In an organization a user calls the Service Desk with the complaint that his document is not printing.

In the mean time users print their documents over and over again as they think they’ve done something wrong. As this is a different person answering the phone he investigates the Incident and sees that the queue is on Hold. releases the queue and the incident is closed. the document is printed and Incident is closed. The following slide says this in a different way but also introduces the crucial element of proactive problem management. would be found and implemented. The releasing of the queue by the Service Desk would be used as a workaround to restore the IT service in the event of the printer facing a similar issue in the future. If Problem Management were in place a problem would have been identified and recorded. Problem Management plays an important role in the detection and repair of problems to prevent their reoccurrence..Material do Curso de ITIL the Service Desk … Their document is not printing . . Objective The objective of Problem Management is to minimise the total impact of problems on the organization. to reconfigure the printer so the queue is automatically released.. The next day users still call with the same problem.69 - . The solution. the document still not printing … The Service Desk releases the queue when applicable. The stream of Incidents regarding this printer would cease. The "Known Error" related to this problem would be found in the configuration of the Printer.

. From the general incidents. but more importantly recognizes the value of proactive problem management. they call and say "I can't save to my H: drive" or "I can't print or surf the web". For example users will call a Help Desk and say. Known Error: A Known Error is the final step in the root cause analysis process. IT staff then piece all these incidents together and identify that we are facing a "network problem". “when the root cause of the problem is known”. It is a general description of something that has gone wrong. “I can’t access the Internet”. “I can’t see my network drive”. “I can’t print”. A Known Error can be defined as. Users don't call saying I have a "network problem". Incidents: An incident is defined as a deviation from the standard expected operation of a service. These three areas are key things to understand in this "root cause analysis". The basic principle is starting with many possibilities and narrowing down to a final root cause. The ITIL Framework doesn't prescribe what a process area should be called and Root Cause Analysis is fine. A problem is then a more specific definition.70 - . Root Cause Analysis is typically a reactionary exercise. The process focuses on finding patterns between incidents. It is not known what the exact cause is at this stage. They expected to be able to do these things yet could not. In our network problem example it is where the faulty equipment or system has been identified. This is the second stage of "root cause analysis"/problem management. Problem: A problem is the “unknown underlying cause of one or more incidents”. problems and known errors. Root cause analysis has taken us closer to finding the root cause but not completely. so these are "incidents". ITIL's Problem Management caters for reactive work. more investigation will uncover an underlying cause of these incidents. However. Note: "Root Cause analysis" is often used interchangeably with Problem Management. We use Root cause analysis interchangeably with Problem Management.Material do Curso de ITIL Process Description The Problem Management process is focused on finding weaknesses in the IT infrastructure and through the use of Change Management removing them so that future disruptions do not occur. A “network problem” is a good example of a problem definition in this case.

I.Material do Curso de ITIL This is the end of the root cause analysis process. Following the above example the Known error would be “Router x is faulty”. The process of Problem Management requires the following inputs: • • • • Incident records and details about Incidents Known Errors Information about C. The following diagram illustrates this flow. The outputs of the process are: • • • • RFC’s (Request for Change) to start the change process to solve the Known Errors. Change Management provides information about recent changes that may be part of identifying the known error). Management Information Work arounds Known Errors .71 - . Service Level Management provides information about required timeframes. From the above we see the initial general issues being faced through to the final definition of the root cause.’s from the CMDB Information from other processes (eg.

The following picture summarises this.Material do Curso de ITIL • Update Problem records and solved problems records if the known error is solved.72 - . The center diamond highlights the Problem Management activities which we will look at in the next module. Activities The ITIL Problem Management has four primary activities as follows: • • • • Problem Control Error Control Proactive Problem management Completion of Major Problem Reviews Problem Control The Main activities within Problem Control are: • Identification and recording of Problems o Some problems can be identified by processes outside Problem Management (eg. Capacity Management). .

This step is vastly different from Incident Management investigation where the focus is "rapid restoration" of service. priority).I. effort and cost that goes into fixing problems must be weighed up against the benefits of doing so. Classification of problems is similar to Incident classification (impact. If costs outweigh benefits a simple Problem record can be created that links all affected C. . • Classification of Problems o This activity centres on understanding what the impact on agreed service levels is of the problem.'s. urgency.73 - . RFC's and Incidents.Material do Curso de ITIL o It is also wise to note that the time. • Investigation and diagnosis of Problems o This is the step where we get to understand what it is that is causing the problem.

These problems are then passed off to Problem and Error Control procedures. . Targeting preventative action • Trend analysis can lead to identifying general problem areas.74 - .Material do Curso de ITIL Error Control Error Control is the process in which the Known Errors are researched and corrected. The activity includes: • • Trend analysis • Using data to highlight potentially weak components. The request for change comes from this sub-activity and is submitted to Change Management and then following approval the change is actioned. ! Proactive Problem Management focuses the analysis of data gathered from other processes and the goal is to define “Problems”. Proactive Problem Management The best problems are the ones that never happen. as if they had happened.

Material do Curso de ITIL The aim of proactive Problem Management is to redirect efforts away from always being reactive, to proactively preventing incidents occurring in the first place.

Completion of Major Problem reviews At the end of a major problem cycle, there should be a review to learn:
1. What things were done right? 2. What things should we have done differently? 3. What lessons do we take away from solving this problem?

Roles
Problem Manager role
The role of Problem Manager is responsible for: • • • • • • • Developing and maintaining Problem Control and Error Control Assessing the efficiency and effectiveness of Problem Control and Error Control Providing management information Managing Problem Management personnel Obtaining the resources for the required activities Developing and improving Problem Control and Error Control systems Analysing and evaluating the effectiveness of Proactive Problem Management

Problem Support role
The Problem Support team is responsible for: • • • • • • Identification of Problems Investigation of Problems leading to the Known Errors Monitoring the Process of eliminating Known Errors Raise RFC’s when necessary Identify trends Communicate Work arounds and quick fixes to Incident Management

- 75 -

Material do Curso de ITIL

Relationships

The Problem Management process has a close connection with the following ITIL processes" Incident Management: A very close and obvious link as we have learnt. Problem management aims to solve the root cause for the Incidents that are recorded by Incident Management. It is important that Incident Control provides accurate information so that Problem Control can solve the Known Errors easier. Problem management will supply Incident Management with workarounds and quick fixes where possible. Change Management: If Problem Management finds the solution to a Known Error they have to submit a RFC for the Change. Change Management is responsible for the implementation of the Change. When it is implemented they, together with Problem Management, review the Problem to verify that it is solved by the Change. This is called a Post Implementation Review after which Problem Management can close the problem record. Configuration Management: The information that is provided by Configuration Management is important in diagnosing problems. It includes information about C.I.’s and relationships with other C.I.’s. Other processes: Service Level management, Configuration Management and Availability management all provide Problem Management with information, which help to define and determine the impact of problems. In return Problem Management provide these and the other process with relevant information, for example, to SLM if a problem causes a IT Service to operate outside the Agreed Service levels or to Capacity Management if a certain hard disk is the cause of a Problem.

- 76 -

Material do Curso de ITIL

Benefits
Problem Management improves the IT service quality by resolving the root cause of incident(s). This leads to lower amounts of Incidents - benefiting users, customers, the organization and the IT department: Advantages are: • • • • • • Better quality of IT Service Management Reliable IT Service results in a better reputation of the IT service Ability to learn from the past IT staff will be more productive Higher resolution rate for Incidents at the Service Desk first time around Less Incidents

- 77 -

2.78 - . 1. Known Errors are not communicated to Service Desk/Incident Management 3. The following slide raise these and other points of attention that have to be considered. . No Commitment from Management 4. Unrealistic expectations of the Problem Management process.Material do Curso de ITIL Common Problems Common problems for Problem Management include: Incident Management and Problem Management don’t have well defined interfaces with each other.

Material do Curso de ITIL Metrics Successful Problem Management can be measured by: • • • Reduction in Incidents because the underlying causes are removed The time that is needed to resolve Problems The other costs that are incurred associated with the resolution Within Problem management there is lot that can be measured.79 - . Some examples are: • • • Time spent per organizational unit fixing problems Number of RFC's raised Ratio of proactive to reactive problem management . It depends on the scope of Problem management as to what is relevant.

multi-platform systems. cheap but complex software packages. Aggressive. in the vain hope that it will go away. a high-pressure area for IT.Material do Curso de ITIL Best practices Considerations for Problem Management. recurring problems eliminated. and all to be delivered with a sensitive 'customer care' attitude. The variety. and quality of expertise. running costs. Otherwise IT will simply grind to a halt. . The result? Support functions will soon dwarf the rest of IT in terms of number of personnel.80 - . multi-site. grid locked and unable to function. Why? Increases in user demand have led to vast numbers of PCs. and all needing the same high levels of technical support. resources re-allocated. is even worse. If we don't find a lateral solution for managing it. and difficulties anticipated and addressed before they become problems. effective and financially viable Problem Management is an integral step in achieving this. This increasing workload is threatening the whole stability of IT. demand will simply continue to grow at its present rate. all in addition to the traditional mainframe systems. Demand must be managed down. And ignoring the problem. volume and difficulty of problems facing Support teams today compared to the "early days" (those of a decade ago) seem child's play. distributed Client/Server networks. complexity.

81 - .co. Key success factors in Problem Management: • • • Automated registration of incidents with correct classification.com http://www. Interesting Websites • • • • http://www. The Kepner-Tregoe link is an interesting one.uk/online_ordering/serv_supp_graphs/problem_mngt. KT Analysis is a long serving tool that can be very useful in carrying out the Problem Management process activities.itilworld.htm Essential Terms Work Around: A "quick-fix" solution to an incident. which will produce an acceptable outcome for a limited period.com/n-america/service-support_probmanage.kepner-tregoe. Proactive Problem Management: Activities aimed at removal of errors while the errors are in a state of inactivity. Depending on the size of the operation.itil.Material do Curso de ITIL Note: the following web links provide some additional research material.htm http://www. Setting attainable objectives of the Process. Good inter-process co-operation (especially Incident and Change).htm http://www. not even treating this as a full time role.itil-service-support-management.com/Pages/Service support/Problem management/Problem_mgmt. .

along with the known business cost of the lost hours of productivity and still considers finding another role ! . with the system functionality.” Mild panic quickly escalates to all out concern as no-one really knows what has happened. You can hear a pin drop ! He thinks he may have caused the problem. Only trouble is no-one seems to have kept a copy of the configuration prior to the change. When he hears the story he turns red and tells them about the change they made the night before. etc. At the end of the day the problem is fixed and the figures for last year are back. They look into it and it seems it is the problem so the staffer is asked to roll-back the change. Proper planning and control ensures the implementation of change can take place without interrupting the operational IT service delivery. It is Monday July 1st. They all individually try and solve the incident of each user by investigating the software etc. it's just that the reports are all blank ! By now the IT Director is looking for some answers from his staff.” “All figures for last year are lost.82 - . lots of heavier than normal requests on systems. Nothing seems to be wrong. Lots of reports being run.” “I can’t find any details of last year. He's had a late start as he worked back last night. He has to report to the business manager on what has happened and why should he keep his job ! Then one of the Service Desk staff strolls in. For many organizations it is the time of the year to close out and get final figures for the previous 12 months. So. lots of printing. “My report is not showing any figures. End of financial year. Many problems in the quality of IT Service Support emerge from changes in existing IT systems.Material do Curso de ITIL Change Management Introduction As organizations become more dependent on IT services and technology changes rapidly succeed one another. Things start to go back to normal at the Service Desk … But the IT Director stills feels the wrath of the business people. He notices the panic and asks what is wrong. the need for proper management and control of change grows with it. Imagine then a Service Desk where the phones start ringing at the start of the day. The ITIL Change Management process is designed to act as a planning and control process. the only way to solve this issue is to correct the problem in the change.

Changes in reality often lead to (implementation) problems. The change wouldn’t be scheduled prior to such an important day in this organization because of the risks involved. Breaking this negative spiral is an important task for Change Management. The Change would have been tested properly so the whole issue might have been avoided. Remember.83 - .. The goal also build an internal understanding of the "how and why" for the process (how = standardised methods and procedures. why = to minimise impact). "Not every Change is an improvement but every improvement requires a change" Process Description The common trigger for Change Management is a Request for Change (RFC).. which in turn leads to more problems. Objective For an effective and efficient IT service delivery it is necessary to have the capability to implement many changes correctly.. The created problems are subsequently resolved by the implementation of a change.. A proper roll-back would be in place resulting in a quicker solution of the problem. "Assuring that standardised methods and procedures are in use for the efficient and timely implementation of all changes. ITIL's goal statement for Change Management is.. . with ITIL Change Management in place: • • • • The Service Desk would have known about a change being done the night before so they could have made the connection between problem and change a lot earlier. in order to minimise the impact of change related problems on the quality of the IT service delivery".Material do Curso de ITIL This is a situation that you want to avoid and with a good Change Management process it is possible! In our example. RFC's come from within the IT organization as well as from the Customers.

The output of the process includes reports regarding the changes.I. Other inputs for the process is CMDB information about the affected Configuration Items (C. that can be used for unforeseen (non-urgent) changes. triggers for Release Management to release. Change records can be held in the CMDB. If the Configuration Management process is to track details of hard disks and floppy drives. develop or implement new software or hardware and Change Advisory Board (CAB) agenda and planned actions. which allows them to be "linked" to affected CI's or Configuration Items. then replacing a hard disk counts as a change (albeit a "minor change"). The FSC documents known change events or agreed windows of change. triggers for Configuration Management to change the CMDB.84 - . The Scope of Change Management is determined along with defining the scope of Configuration Management. Note: The CMDB (Configuration Management Data Base) is discussed in the Configuration Management chapter. This schedule is drawn up in advance in agreement with the customer. . This vital information contributes to the assessment that the Change Management process has to make about the impact (potential or otherwise) or a proposed change.’s) and the relationships that exist between the affected CI's.Material do Curso de ITIL Another trigger for change can be the Forward Schedule of Changes (FSC).

as the scope can change and therefore the need for information needed from the CMDB can change as well.85 - . Classifying In this stage the RFC will be categorised and a prioritised. if appropriate. frustration and "by-passing" the process. Any rejection should always be communicated and explained. For example minor changes. The FSC will consist of: . it is the responsibility of Change Management to make sure all Changes are recorded correctly. Planning The change will be planned and put on the Forward Schedule of Change (FSC). A reason for the rejection of an RFC might be that it is incomplete or illogical. To do so. that the change requestor is not aware of. It is not necessary that not all changes are controlled by the Change Management process. The Change Advisory Board (CAB) meets to review the FSC. would lead to increased workload. such as resetting a password etc can be done by the Service Desk (following set procedures) but doesn’t need to be controlled by Change Management. The priority is derived form the urgency and the impact of the change.Material do Curso de ITIL Determining the scope is a dynamic activity. along with knowledge that the Change Management process may have from other process areas. Reviewing the scope on a regular basis is important. Accepting (Rejecting) At this stage RFC’s will be reviewed and accepted or rejected. Accepted RFC's then be classified. Activities The Change Management process includes the following activities: • • • • • • • Recording Accepting Classifying Planning Co-ordination of activities Implementing Evaluating Recording Although this activity is not carried out by Change Management itself. The category depends on the impact the change has and the resources needed to do the change.

people. and budget . . but it co-ordinates the activities to ensure progress is made.Indication of consequences for other changes . Change Management doesn't do this work. what lessons can be learnt). tested and implemented.Advice on whether the change should be a go or no-go Coordination If approved the change must be built.Material do Curso de ITIL .Planning in time. Change Management will also verify that a back out plan has also been developed and submitted for approval. Evaluating Each change (except minor standard changes) should be evaluated to see if the changes had the desired effect. The effort put into a post change evaluation will be dependant on the size of the change and the impact it had on the organization (good or bad.86 - .

Material do Curso de ITIL Roles .87 - .

accepting and classifying them. Closure of RFC's Authorisation. The CAB assess and plans the major changes. it's cost and it's urgency). coordinating (with all parties) and the implementation of the Changes. The CAB can have an element of flexibility so if there are no changes on the Agenda that effect a specific business perhaps they don’t have to be present at the CAB Meeting. to obtain authority for Changes to proceed (the level of authority required will depend on the impact that the change is expected to have. . after advice from the CAB or the CAB/EC Where appropriate. Relationships The Change Management process depends on the accuracy of the configuration data to ensure the full impact of making changes is known. To issue the FSC's (Forward Schedule of Changes) via the Service Desk Change Advisory Board (CAB) This board should to be made up of representatives from all areas within IT and representatives from business units. Planning.Material do Curso de ITIL Change Manager The Change Manger is responsible for: • • • • • • Processing of the RFC’s. including filtering. Change Advisory Board/Emergency Committee (CAB/EC) A sub-set of the CAB that can meet at short notice to consider Emergency changes. Release Management and Change Management. There is a very close relationship between Configuration Management.88 - . The following diagram illustrates some of the major process relationships.

SLA's). Also the Problem Management process can submit RFC’s to solve Known Errors and sometimes this can cause a snow-ball effect. software. Note: SLA's (Service Level Agreements) are discussed in the Service Level Management process. if the Configuration Management process is unable to explain what the affected components will be as a result of the change (including hardware. . So when a change is proposed to a component the linked SLA can be investigated to determine if the change will breach the SLA. The others processes are also linked to Change Management in the sense that they either request changes (Availability Management) or they will be consulted to determine the impact of changes (IT Service Continuity Management. Service Level Management and Capacity Management).Material do Curso de ITIL Advising the Service Desk of changes is crucial. via the Service Desk. It is possible to store information about an SLA in the Configuration Management Database (CMDB).89 - . Changes are nearly always first "discovered" in the Incident Management process. By doing this relationships can be created between hardware or software components and the SLA.

The customer is the one paying for the service. Through structured planning. .90 - . low risk changes can be covered by creating a change request that is open-ended and approved. Increase in productivity of the user because of a reduction of service interruptions. the affected parties listed and the RFC is closed. Remember that low impact. Change Management is a highly visible process. Increase in productivity of IT staff (less time lost of fixing changes). both within the IT Department and the business users and business customers.Material do Curso de ITIL Benefits Change Management is one of the ITIL processes that can often be not really liked. Note: The distinction between Customer and User is straightforward. we have to acknowledge the inherent problems as well. it would be almost essential that the same tool be used as the Configuration Management Data Base. For example. Tool Selection You need an appropriate tool to support the Change Management process. As an IT support person if you are told to implement the change without following the process. Discipline is required to adhere to the process. but if the need arises it is a simpler process Collection of management information is possible on changes. a single tool will be able to accommodate the activities of a number of ITIL processes. Ideally. With Change Management. The User is the ultimate end-user of the service. no-one will be affected". Provided the change is documented. Common Problems Along with the benefits of the any process. ask for the directive in writing. hard disk archiving. The concrete advantages of Change Management are: • • • • • • Less impact of changes on the quality of the IT service delivery and the Service Level Agreements (SLA's). IT Staff have a tendancy to think that "it's only a small change. reviewed and re-opened on a periodic basis then there is no need to create a seperate RFC every time the change is required. It is in these situations that most damage is often done. the cost of a change can be estimated more accurately Fewer changes need to be reversed. that way there can be no mis-understanding when problems come up.

itil. Commitment IT staff might be reluctant to follow procedures because Change Management will be involved in so many aspects.h tm http://www.infra.atlsysguild. Start simple and build up complexity if it's (a) necessary and (b) valueadding. Interesting websites • • • • • • http://www.uk/online_ordering/serv_supp_graphs/sschange.com/Pages/Service%20support/Change%20management/Change_mgmt.itil-service-supportmanagement.htm http://www.htm http://www.itilworld.au/TuDelft. Measurement allows baseline setting and targets to be set for improvement.com.asp http://www. Change Management is no different in this regard and the following indicators are common for measuring this process. Metrics The beauty of all ITIL processes is that they can be measured. • • • • • • • • Number of Incidents recorded as a result of a change Time taken to implement a change successfully Number of Changes that required a roll-back Number of Urgent/Emergency changes Number of RFC's submitted for consideration RFC rejection count Change back-log Changes by business unit/areas/department Best practices The following list of sites provide some excellent background reading on Change Management.91 - .htm http://www.microsoft.asp?url=/technet/itsolutions/ecomm erce/maintain/operate/rmdotcom.Material do Curso de ITIL Defining the Scope If the changes that are controlled by Change Management are too wide (eg it includes password rests) the workload will become to high and people will try to bypass the process.com/ .com/technet/treeview/default.co.com/n-america/service-support_changeman. It is important to make the IT Staff aware of the positive effect the Change Management process will have on the IT Service as a whole. It is also necessary to ensure that the team designing the process do not over engineer a solution.

which contains all the planned changes for a certain period of time. which are individually recorded.guild.com/GuildSite/Robs/Template. Service Request Fully defined and approved changes.co.co.zip http://www.92 - .Material do Curso de ITIL • • • http://www.uk/SpecTemplate8.rtf.demon.uk/SpecTemplate8.atlsysguild.demon. who assess the change requests. but not individually assessed by Change Management. CAB Representative group of stakeholders. Forward Schedule of Change (FSC) A change schedule.html Essential Terms Change Change to a system or service.guild. These changes are made routinely. Request for Change (RFC) All requests for modification of the managed infrastructure that are not Service Requests.. The Change Advisory Board advises the change manager on whether the change should be accepted or rejected. .pdf http://www.

's) (IT Assets) within the IT infrastructure. • . It is.Material do Curso de ITIL Configuration Management Introduction Through the storage and management of data regarding the IT infrastructure the Configuration Management process gives the IT organization greater control over all the IT assets. controlling. Objective The main objectives of the Configuration Management process are to: • provide IT Management with greater control over the C. the more important Configuration Management becomes.'s.I. provide accurate information to other ITIL processes. necessary to keep a register of all Configuration Items (C.I.s (IT Assets) of the organization.I.93 - . therefore. maintaining and verifying the versions of all C. Configuration Management aims to provide a "logical model" of the IT infrastructure by identifying. The more dependent on their IT systems organizations become.

Configuration Management defines relationships between all C. Note: The keyword in the following slide that defines the difference between asset management and configuration management is "relationships". Note: In the earlier Change Management process chapter we discussed the importance of getting accurate information from the Configuration Management process. Traditional asset management provides a list of items (typically hardware and software).'s. Reminder Note: . Configuation Management is considered central and supportive to the other ITIL processes by providing information about the IT Infrastructure.94 - . Process Description The Configuration Management Process could almost be considered as a pivotal process for all other (especially the Service Support) processes.Material do Curso de ITIL • create and maintain a reliable Configuration Management Database (CMDB).I.

Populating the CMDB can be a costly and lengthy exercise depending on the scope of IT infrastructure that is to be managed and the depth of detail about each item required (automated tools can play a large part here). The Outputs of the Process are reports to IT management and also the constant availability of Information that can be supplied from the CMDB to other processes. Capacity. Financial. The process starts with the design. populating and implementing of the CMDB (Configuration Management Data Base) It is the responsibility of Configuration Management to maintain the CMDB. Problem. Change. Release Service Delivery processes = Service Level Management. Configuration. Continuity o Service Desk is a function and Security Management has an active part in all processes. A major input into the Process is from Change Management either requesting information about items that will be affected or advising the status of changed items. . Availability.Material do Curso de ITIL • • Service Support processes = Incident.95 - .

I. objectives.balanced against the business requirements. . network card and memory details. This combination affects the level of detail and how many C. The decision about the level of detail required should depend upon how the information will be used. scope. Scope: The scope of the process must be decided. For example is a PC considered enough detail or is it necessary to capture the hard disk. in this case these of the process. This essentially answers the question: the process? For example some IT phone systems. while too little detail defeats the purpose of the process and does not contribute towards good decision making. at what cost . What will and will not be included within organizations will manage the PABX and infrastructure items would be within the scope CI Level: The CI Level refers to the amount of detail that will be captured for each CI.'s will be specified. procedures and interaction expected with other processes.96 - . It is the task of the Configuration Manager to determine what can be achieved. policies.Material do Curso de ITIL Activities The activities of the Configuration Management process are: • • • • • Planning Identification Control Status accounting Verification and Audit Planning: This includes setting up the process "boundaries" like the goal. A lot of detail requires extra work to keep updated.

Note: The attributes of a C.I. that include common contact numbers (eg. Labeling techniques include visible labels.I.I. Note: The labeling of IT Infrastructure can be incorporated into the Security Management process. At the time of gathering this data each CI should be labeled for reference and control purposes. Values are the quantifiable measurement of attributes (eg. C. level and attributes decided upon.97 - . Service Desk).Material do Curso de ITIL Identification: The identification activity involves the gathering of all C. information within the scope of the process. processor type. the attributes of a Personal Computer can be hard disk size. processor speed. are the "things" about that C. Operating system version). C. information is gathered either manually and/or by the use of automated tools. the value of a hard disk size can be 3Gig or 8Gig.I.I. the value of a processor speed can be 1 GigaHertz or 10 GigaHertz) . reference numbers and even hidden labeling (security paint that shows up under "black lights" and microchip identifiers that are not visible to the human eye). that we want to record (eg. The information gathered will be governed by the scope.

’s are recorded correctly. Under repair. On order. We can start to see the very strong relationship that Change and Configuration Management share. Procedures need to be set up so that all changes are always documented. Note: The gathering of data can take several weeks or months. Status levels can be defined as part of the planning process (eg. Status accounting Status accounting is the activity that records the current and historical states of a C. Verification and audit By conducting regular audits an organization can verify that all C. is traceable.I.I. so every change to a C.I. Control Before the CMDB is populated control procedures should be in place. Out of order.98 - . . Retired). for example with authorized RFC’s. In use. It is vital that changes to the CMDB and the CI’s within are only made with the proper authorisation.Material do Curso de ITIL Before gathering any information control procedures and the Change Management process should be in place so that after information is gathered and populated into the CMDB changes to the infrastructure don’t make it redundant.

The degree of audit will again need to take into consideration the value that will be derived from the audit and the size (and therefore cost) of doing the audit. have the closest relationship to Configuration Management and could even be considered as an integral part of it. the IT infrastructure forms the foundation of the IT organization. Other times for audits can be after disasters. Change Management and Release Management however. Note: In small organizations the role of the Configuration Manager and the Change manager can be combined. major changes and following a predefined timetable. implement procedures for interaction with other processes and take responsibility for the planning and population of the CMDB. The flow chart shows the relationships between the 3 processes and how the flows between the processes occur at every stage. The Configuration Librarian is the person who controls access to master copies of software and documentation. accuracy. Like any librarian the focus is on physical items.Material do Curso de ITIL The first audit should be held right after the CMDB has been implemented to be make sure it is a correct representation of the actually IT infrastructure. spot audit checks are all feasible strategies to "get a feeling" about the level of C. Partial audits. . All processes within ITIL therefore have links with Configuration Management or retrieve information from the Configuration Management Database. Roles The Configuration Manager will assist in determining the scope and level of detail required in the process.99 - . These items will be held in the "definitive software library" (DSL).I. Relationships As indicated.

Material do Curso de ITIL Benefits Some of the benefits that come from implementing Configuration Management include: • ability to provide Information to the other processes about C. . is and who’s responsible for it. efficient and effective Problem management efficient and effective processing of Changes as an insurance that legal obligations are being met optimal support on security issues • • • • • • The following slide restates some of these benefits and introduces some new ones.I.’s and the relationships that exist between them. contribution to IT Service Continuity planning control of the IT Infrastructure.100 - . Knowing where a C.I.

Otherwise the overall reliability of the CMDB is compromised. Emergency changes often happen outside normal hours of operation. There may be no authorized person to record the changes in the CMDB. if the level of detail is not detailed enough parts of a C.101 - .I. Commitment: There needs to be a firm commitment from Management to implement this process. can be changed without anyone knowing. Failing to do so might result in a non-reliable CMDB and an ineffective process. money and effort to maintain. However. as it can be a high activity process. If the level is too deep too much information is recorded which will take to much time. This can be combated through a solid procedure of post-change updating. • • • . Discipline is required from IT Staff to ensure that changes to the infrastructure follow the appropriate steps to keep the CMDB accurate. Urgent Changes.Material do Curso de ITIL Common Problems Problems that can prevent an effective implementation of Configuration Management are: • Level of detail for the CI’s is not right. This can result in increased incidents and problems due to the difficulty in tracing the faulty component. Interaction with other processes. As Configuration Management relies on Change and Release Management to a large degree it is wise to implement these processes at the same time.

incorrect data in the CMDB. To measure the effectiveness of Configuration management. or poor version control The time a change takes from start to finish Software licences that have been wasted or not put into use • • • . Number of unauthorized C. There needs to be a process in place that secures the validity of the CMDB.I. C. The targets can be changed over time to ensure improvement of the process.102 - . • • Result of audits. For example users who can purchase software themselves via the Internet may create incidents that are difficult to solve due to unknown configuration changes (the typical "I didn't change anything !!") Metrics Key performance indicators The measurement of the Configuration Management process has many potential KPI's that can be analysed. realistic targets should be set.’s.I.’s not in use Number of changes that due to wrong Configuration information cause incidents or problems RFC’s that were not completed successfully because of poor impact assessment.Material do Curso de ITIL • Control.

List of C.'s List of C. Information that can be gathered from a CMDB include: • • • • • • Information about C..I.. o SLA "Provision of Banking Services" o SLA "Provision of Banking Services" relies on Server 2 relies on Printer 9 affects Customer 11 affects Customer 12 ..'s.. Note: Examples of "relationships" that can be defined are: • • • Relies on. Changes...I. In most cases the CMDB is based on database technologies. • • • • Best practices The CMDB Most organizations already use some sort of CMDB. Problems.I. The CMDB can aid as a support tool in the creation and on-going maintenance of legal contracts.s affected by a scheduled a Change All Requests for Change relating to one C. o SLA "Provision of Banking Services" o SLA "Provision of Banking Services" Is part of. List of change and problem records associated with a C.I. The history of a particular C.I.I. Reduction in Incidents and problems over time and the change in impact they have on the business Improvement in the time needed to resolve Incident and Problems that can’t be fixed immediately The number of changes to the CMDB per month because of identified errors in the CMDB. Time needed to record a C. Known Errors. A CMDB also contains information on relationships between Incidents. Releases and C.103 - ..'s affected by a Problem. o Hard disk 12 is part of Server 2 Affects.Material do Curso de ITIL Other Indicators could include: • The amount of calls per month that are solved whilst the User is on the phone using information from the CMDB. which makes gathering information more user friendly.I... in a spreadsheet or paper based.I.

itilworld. type. Configuration item (CI): The IT infrastructure is built from components. many organizations choose to include staff into their CMDB as soon as the organization is mature enough to handle this).. manuals. not from the software that is being used in the production environment.htm Essential Terms IT infrastructure: All parts of importance to the provision of IT services.com/n-america/service-support_configman.104 - .uk/online_ordering/serv_supp_graphs/ssconfiguration. o Banking system is linked to Admin system Had . is called configuration item (C.. A C.I. Every component of the infrastructure. for instance.itil. Examples of this are: identification number. user. however. version. supplier. (according to ITIL. is not a C. o Printer 9 had RFC 0013 applied o Printer 9 had RFC 0035 applied An additional bonus is the use of the CMDB to cover the legal aspects associated with the maintenance of licences and contracts.htm http://www.com/Pages/Service support/Configuration management/Configuration_mgmt. procedures. Attribute: An attribute is a characteristic that is recorded about a C. software.. network and components. These include: hardware.itil-service-support-management. depreciation. a PC as well as a monitor.I. may have any form of complexity or size and may vary from a complete mainframe to.. status. organization etc etc. documentation.. etc. colour. Staff.). The Definitive Software Library (DSL) is a storage place where all software versions are kept secure. keyboard or a floppy disk drive.. size. serial number. The DSL is plays an important part in the Release management process and is discussed in more detail in that chapter. manager.. Interesting Websites • • • http://www. Values: .Material do Curso de ITIL • • Is linked to. New releases will be built on copies of the software from the DSL. cooling. airconditioning. under the management of the IT organization.htm http://www. price.co.I.I.

External forces often drive the demand to get the latest hardware of software into production as businesses strive to be first to market or to help them gain a competitive edge. Asset Management: The difference between Asset Management and Configuration Management is that Asset Management has a list of assets and Configuration Management has a database with relationships between C. "10". The "Catch 22" however is that there in an ever increasing pressure to “have the release sooner”. . Configuration baseline A Configuration baseline is the configuration of a product or system established at a specific point in time.I.Material do Curso de ITIL A value is the quantifiable part of an attribute. "critical") Links/Relations: All relationships are normally recorded in a hierarchical structure (such as a parentchild relation). the release of new software and hardware into the business must be closely controlled.105 - . (examples of values are "red". It serves as reference for further activities.’s are tracked from procurement to disposal. which captures both the structure and details of a configuration.’s are only changed with the appropriate documentation and that C.I. Other relationships are "is linked to" or "is used by". Configuration Control: Ensures C. Quite often however a poor release strategy leads to the very thing that others in the IT organization are working hard to avoid.I. downtime and loss of infrastructure stability. "E9".I. as it will deliver immediate “benefits” to the organization.s.s in the CMDB. These relationships should be made between C. Release Management Introduction With the increasing complexity of systems and a greater need for IT organizations to provide a stable environment.

To support Change Management and Configuration Management. Spare hardware held will be dependant on a risk assessment (looking at the assets of the organization and then the threats and vulnerabilities). it is a generic term applied to all areas of infrastructure in use that contribute towards the realization of organizational objectives. They are a set of generic guidelines that. . Software comes in various forms such as source codes. Objective Release Management is the process that "protects" the live or production environment.106 - . Note: It is the use of this term Production Environment that probably provides an answer to a question that gets raised a lot regarding the ITIL framework. Protection comes in the form of formal procedures and extensive testing regarding proposed changes to software or hardware within the production environment. The relationships with Change Management and Configuration Management are key for this process as all three are very closely related. can be applied just as easily to manufacturing & engineering disciplines. libraries and executables. The framework is not a prescriptive set of processes that lack flexibility. as well as third party involvement regarding support contracts (Underpinning Contracts). Changes to the production hardware environment must flow through to the DHS. so that any held spares can be compatible with latest production hardware. Information about the software and hardware components of the IT and their relationships with one another are stored in the Configuration Management Database (CMDB). Release Management provides the physical management of software and hardware. Release Management manages the planned and applied changes to software and hardware in the IT infrastructure.Material do Curso de ITIL This process within ITIL aims to provide a structured approach to the management of releases into the infrastructure from release planning through to actual installation. These secured libraries provide the physical storage location of all software Configuration Items (CI's) (DSL) and spare parts for hardware (DHS). Release Management utilises the Definitive Software Library (DSL) and the Definitive Hardware Storage (DHS). However. other than IT ? The answer is most definitely yes. Can the (ITIL) framework be used in other business areas. Note: The use of the term "Production Environment" conjures up images of a factory or manufacturing facility. The different versions of the same software held in the DSL have been through authorisation and quality controls and are used for the construction and implementation of releases. with the right perspective. loads.

. simply because the environment is not the front line of the business.107 - . Many businesses have a very high reliance on their test centres and cannot afford uncontrolled actions. Provision for physical and secure storage of approved hardware and software items in the Definitive Hardware Store (DHS) and Definitive Software Library (DSL) Ensuring that only authorized and quality controlled software & hardware versions are used in the test and production environments. • Process Description The main components controlled under a good Release Management process include: • In-house developed applications. Note: Even the test environment can be subject to the Release Management process.Material do Curso de ITIL Objectives of Release Management process include: • • To manage. distribute and implement approved hardware and software items.

Material do Curso de ITIL • • • • • Purchased software and custom built software. securely stored. Hardware and hardware rollouts Instructions and user manuals purchase or Release Management manages all software and hardware from development until testing and the eventual migration into production. Activities The following diagram shows the activities of Release Management and their relationships with the Configuration Management Database (CMDB): . The process starts with the planning of a new release.108 - . Utility applications. be it for hardware or software and ends with a well documented. implemented new release with the lowest possible impact on the organizations day-to-day activities. Software provided by suppliers for use on specialist systems. The following diagram illustrates some of the basic before and after situations surrounding the Release Management process.

Specified in this policy will be items such as: . building and configuration of Releases Testing and signing off of new releases Planning the rollout of releases Communication.109 - .Material do Curso de ITIL In a list format the activities described in the picture include: • • • • • • Planning and describing the Release Policy of a Release The design. preparation and training Release. distribution and the installation Planning and describing the Release Policy The Release Policy will document how the organization will approach the release of new hardware and software in to the infrastructure.

What level of control and what parts of the infrastructure will be under the control of the process Naming conventions for releases • Preparation for any release requires a structured planning approach to increase the chance of success. All the actions associated with designing. in a "controlled" manner. The use of a formal project management methodology like PRINCE2 will assist in this to define items such as: • • • • • • • • • Contents of the Release A release schedule Resource requirements Roles and responsibilities Project Approach Definition of the release components Back up plan Quality plan Acceptance plan Note: PRINCE2 is an acronym for PRojects IN Controlled Environments. Like ITIL PRINCE2 is a methodology or framework.ogc.uk/prince/ The Design. not a tool for Project Management. .gov. Building and Configuration of Releases This activity within Release Management can be considered as the technical stage of the process. You can find extra information on PRINCE2 at: http://www.110 - . PRINCE2 is published by the same body that publishes ITIL (the Office of Government Commerce (OGC) in the UK). And like ITIL it is a widely accepted framework for best practice. configuration and building are completed by relevant staff.Material do Curso de ITIL • • • • The frequency of releases that is acceptable to the business A policy on how to issue emergency releases A policy on testing and subsequent release into production The scope of the Release Management process ie.

• • • . The suitability and content of the Back-Out plan will be assessed during the Change Management process. Communications to all involved (users. IT staff perform technical tests including the test of the installation (ideally the test staff will not be the build staff). IT staff) Plans for the release rollout purchases (if any) Acquiring hardware and software. Release acceptance should be performed in a controlled test environment that can be reset to known configurations of both software and hardware. At the end of this stage a Back-Out Plan should also have been created. Each of these stages should be signed off separately. Testing and Signing-Off of New Releases Lack of adequate testing is the most common cause of failure of all (changes) releases. Representatives of the Business should test for expected functionality. along with any other related CI’s. The rollout plan should include the procedures to be followed for their secure storage prior to rollout and the mechanisms to trace their deployment during the implementation.Material do Curso de ITIL Note: The term "controlled" is not intended to create an image of bureaucracy.111 - . Controlled environments are reproducible and that is the critical issue here. a test plan and a backout plan. This will include: • • • Task list and resources needed for the task A list of all the CI’s to be installed and decommissioned In case of multiple sites: action plans for the separate sites taking local differences into consideration. The output of this activity should be a release complete with instructions on its installation. These configurations should be described in the Release definitions and stored in the CMDB. This is referred to as "User Acceptance Testing" (UAT). Testing should not only be done on the release expected end result but also on the implementation activities and the back out procedure. Back-Out plans can be aimed at restoring all services to their state before any change OR to restore as close to the pre-change state as is feasible given the nature of the change. Planning the Rollout of Releases The overall release plan that was originally created must now be enhanced with detailed information on the rollout of the release.

delivery. storage. The combination of roles is permissible for certain ITIL processes. Distribution and the Installation Release Management will be responsible for the process of purchase. In smaller IT organizations the combination of the Release Manager.Material do Curso de ITIL • Scheduling meetings for managing staff and groups involved in the Release. Release Management must work closely with the other processes (mainly Change Management and Configuration Management) to maximise the success of the release. Often a release will be distributed and (in the case of software) not "go live" until a log-on script is changed and the release activated. IT staff and Managers. The Release Manager will have a good technical background and a good knowledge regarding latest utilities and support tools. Preparation and Training It is important to communicate with all parties involved in order to increase the acceptance and success of the release. transport. Following the distribution of the release installation will take place making it available to the user community. The timing of any training and/or communication must be planned in accordance with the expected actual release date. Communication.) Roles The main role within the Release Management process is that of the Release Manager. any known issues (or workarounds) that have been established during testing and generally how the new release should be supported. The CMDB should be updated with the new Release details and all old C. decommissioned. This might involve several meetings/training sessions with user groups. etc. Distribution and installation are seen as different activities. The Service Desk is a key area that must be informed about the release. The release plan should be made public in case of a large release so users know what to expect and when. This person is responsible for defining and maintaining the definition of the release policy and controlling the activities within the process. and hand-over of hardware and/or software.I. Release.112 - .s should be decommissioned and appropriately marked in the CMDB (retired. . Change Management and Configuration Management processes is realistic.

software maintenance and hardware build skills. Can you remember the term given to the group of people who approve Emergency Changes? Configuration Management needs to be informed by Release Management about every change to a Configuration Item (C. In most major organizations a representative for the Release Management process will have a representative in the Change Advisory Board (CAB).Material do Curso de ITIL Release Management staff will need to receive technical training for development. Change Management controls all the changes and determines when a new release will be implemented and what changes will be in any release. Note: The CAB is the authorising body for changes to proceed. Project Management is another essential characteristic that is evident in a Release Management environment. Relationships Release Management is very closely linked with Change Management and Configuration Management.'s that may be affected by a new release and importantly their relationship with other C.s. .I. They also need to make sure that new versions of software and hardware are being stored in the DSL or DHS.113 - .I. Release Management will use Configuration Management to get information about C.) so they can update the CMDB.I.

loads and executables) of the organization is held in a secure location (the Definitive Software Library (DSL)). • • • • • • . The impact of new hardware is tested prior to installation in the infrastructure. With end users more informed of new releases and involved in testing the new releases the risk of resistance will be reduced significantly. reducing the chance of errors.Material do Curso de ITIL Benefits Implementation of the ITIL Release Management process provides the following advantages: • Software is being released for testing and production in a controlled manner. Ability to implement many concurrent changes in the software being used in the production environment without adversely affecting the quality of the IT environment. The possibility of the use of illegal copies is dramatically reduced.114 - . The software (source. Software in remote locations can be managed effectively and economically from a central point.

Urgent fixes. Procedures need to be in place to make sure that they are dealt with correctly and don’t compromise the accuracy of the CMDB.115 - . . Bypassing of the process my cause illegal software or viruses to enter the IT Infrastructure. Testing. Regular audits can help to minimise this potential issue. A proper tests environment needs to be available in order to assess the impact and reduce the risk of a new release. DSL or DHS.Material do Curso de ITIL Common Problems In order for Release Management to be successful the following issues need to be taken in consideration as they may cause problems: • Lack of Commitment: End Users might be reluctant at first to be told by this process how to act in case of a new release. The advantage of this process needs to be communicated before the process is implemented. • • • Metrics In order to assess the effectiveness of the Release Management process a number of key performance indicators (KPI’s) should be monitored.

office automation and business applications. Proper use of the DSL for software development Compliance with all legal restrictions relating to purchased software Accurate and timely recording of all build. Full release In a full release all components of the release are updated.all software can be accounted for etc. The same analogy could be used with the word processing package as a part of the whole office automation suite.Material do Curso de ITIL Examples of possible indicators are: • • • • Releases built and implemented on schedule. For example: An update is made to the whole office automation suite including the word processing package. Only the help file module is updated whilst the rest of the program remains the same. These releases are generally implemented less frequently and therefore allow for longer periods of stability for the live environment. . spreadsheet database etc. An example of a Package Release might be an SOE (Standard Operating Environment) for a desktop PC that includes the hardware. distribution and implementation activities within the CMDB • • • Best practices Different Types of Releases ITIL defines three different release types as described. For example: In a word processing package the help file has a bug and requires an update. and within budgeted resources Number of Releases that result in a back out due to unacceptable errors Number of Incidents caused by the release Outcome of audits of the DSL and the DHS. Security .116 - . Delta release Includes only those CI’s within the release unit that have actually changed or are new since the last full or package release. Package release The Package release includes all previous delta and full releases.

com/Pages/Service support/Release management/Release_mgmt.co. Should be a replication of the live environment in order to reduce risks of the implementation.asp?url=/technet/itsolution s/ecommerce/maintain/operate/rmdotcom. Developers do not work in this area. Archiving. Each new version will cause an increased version number.com/technet/treeview/default. Production.itil-service-support-management. Where the software/hardware is in production.microsoft.htm http://www. Old release versions that are no longer in use • • • Interesting web sites • • • http://www.Material do Curso de ITIL Types of relevant environments • Development.itil.117 - .asp .htm http://www. Developers do not work in this area. Newer versions will be based on a copy of the software in the DSL.uk/online_ordering/serv_supp_graphs/release_mngt. Only here can new software be developed. Testing.

Delta Release: or partial release. accepted form. Release: A software CI introduced into the test environment and subsequently into the production environment. Package Release: combination of full releases and delta releases (helps to reduce the risk of incompatible releases. which stores in their definitive. This logical library can be physically present in several locations. distributed and implemented together. Service Level Management .118 - . Type of Releases: Full Release: all components of a release unit are built. tested. Release Unit: A Release Unit includes the CI’s that can be released together. all the versions of software configuration items that have been accepted from the developer or supplier. by changing many systems concurrently). These are spare components and assemblies that are maintained at the same level as the comparative systems within the live environment. In most cases documentation and accompanying hardware also are part of the release. Definitive Hardware Store: A physical secure storage of definitive hardware spares. only those CI's in the Release Unit that have actually changed since the last delta or full release.Material do Curso de ITIL Essential Terms Definitive Software Library: A library.

The customers say it doesn’t do what it should. The CIO is puzzled to say the least. . 2. They resolve incidents quickly and didn’t get many complaints from the users that they were aware of. He had no idea that they were doing so badly. but of no benefit as the business recently decided to outsource the company payroll activities. Over the last two years there have been numerous and major complaints about the current IT services by the business. The effort on upgrading the server is commendable. His staff have been putting in an enormous amount of effort to upgrade the server that the payroll system has been running on. The loosely defined "up and running most of the time" didn't take into account the outages during critical times. it is not working properly etc.Material do Curso de ITIL Introduction Imagine the following situation: The Managing Director (MD) announces to the Chief Information Officer (CIO) that the company is thinking about outsourcing the IT Organization. The IT Organization thinks it is delivering services of a high standard but they have no figures to back that up.119 - . The services were up and running for most of the time. How could we have done any better? See the problem? 1. They actually thought they were doing well.

Service Level Management is the process that forms the link between the IT organization and the customers. the availability required of them and their costs. It is true that SLM has more of a 'customer focus' than most other processes. SLA's allow the IT organization and the customer to come to agreement about which services are been provided. at a cost acceptable to the business. The main aim of SLM is to ensure the quality of the IT services provided. Note: There are some who feel that Service Level Management is the single most important process within ITIL. but without those other processes. Implementing Service Level Management can only be completely successful when the other ITIL processes are implemented as well. These levels would be measurable so both sides can verify if the levels are being met. By its very nature of processes within ITIL are of equal standing.120 - .Material do Curso de ITIL 3. there is nothing to see the customer about! Objective . This is a difficult argument to defend. The most widely known element of Service Level Management are Service Level Agreements (SLA's). There probably is no official procedure in place to ask for the Customers opinion or a how to make a complaint so how could they have know about the perception of the customer regarding there services? Implementing the Service Level Management process will solve the main problems in this situation.

we will be explaining them here so the process is easier to understand.Material do Curso de ITIL The Service Level Management process manages the quality of IT service delivery according to a written agreement between the users and IT department called the Service Level Agreements (SLAs). reporting and improving the current levels of service. Service Specifications The IT organization draws up the Service Specifications based on the SLR.121 - . What are the technical needs? It also will show relationships between the SLAs. . Service Level Requirements (SLR) This is a document that contains customer requirements regarding which IT services they want and the availability/performance they need for those services. This is the starting point of setting up the Service Level Agreements. monitoring. Process Description In order to understand the Service Level Management process it is necessary to understand some basic concepts that are used. This is the translation of the customer requirements into "how" the IT organization is going to provide these services. the third parties and IT the organization itself. The goal for SLM is to maintain and improve on service quality through a constant cycle of agreeing. It is strategically focused on the business and maintaining the alignment between the business and IT.

Material do Curso de ITIL
Service Level Agreement (SLA) The SLA is a document that defines agreed service levels between the customer and provider, i.e. between IT and the business. SLAs should be written in language that the business understands (clear, concise and free of jargon). SLAs should not include detailed procedure diagrams for other processes or content such as technical information that the business will not understand.

Underpinning Contracts (UPCs or UCs) With the an external supplier or third party is involved in the delivery of IT Services then a contract has to be drawn up to ensure that they provide their service within a certain agreed time, cost, level, etc. The IT organization passes through the business requirements to external suppliers. This document will be reflective of the service levels defined in SLAs. For example, if the SLA states a fix of a printer in 5 days then the UC with the third party should support this i.e. Fix printer and return to organization in 3 days. Operational Level Agreement (OLA) or Service Provisioning Agreement (SPA) Some IT services depend on other service being provided from within the IT organization. For example a service to provide a program that runs via the network depends on the availability of the network. Agreements about the availability of the network will be drawn up in an Operational Level Agreement or SPA. As with the UPC these internal "contracts" will support the SLAs in the same manner except the focus is towards the internal IT organization. Service Quality Plan (SQP) This plan will contain information about performance indicators for the IT organization to measure the Services. It will contain performance indicators for each of the processes that are implemented in the organization. It is important to also include the performance indicators in the UCs and OLAs as they contribute to the IT service as a whole. Service Catalogue This is a document that contains all the Services that are provided, a description of the service, service levels, cost of the service, the customer and the person/department responsible for the maintenance of the service. The content of a Service Catalogue will vary depending on the requirements of the IT organization. Service Specification sheets often form part of the Service Catalog. Note: Be sure to understand the principal difference between an Underpinning Contract and an Operational Level Agreement.

- 122 -

Material do Curso de ITIL

Activities

The main activities of Service Level Management consist of: • Composing a Service Catalogue

- 123 -

Material do Curso de ITIL
• Negotiating with clients over the possibilities and price of automation and drafting Securing and maintaining the Service Level Agreement (SLA).

This is done trough a continuous cycle of the following actions: • • • • • • Identifying Defining Negotiating Monitoring Reporting Reviewing

Identifying Within this activity the IT organization will need to define the services it provides within a Service Catalogue. The Service Catalogue is like a menu of services that will clarify for IT what is on offer and the components of these services. In this stage the relationship between the IT organization and the customer is built or maintained. The aim is to find out the customer requirements with regard to IT services. As part of this activity the SLR document is written documenting the customer requirements. This document should be signed off by both parties to ensure that a clear understanding is achieved by IT and the business regarding requirements.

Defining The results of this activity the first time around will be the delivering of the SLR, the service specs and the SQP. On an ongoing basis this activity will include taking the SLRs as well as the content of the Service Catalogue and defining a draft SLA that aligns both into acceptable service levels. During the creation of this document consideration of the UCs and OLAs is critical as these documents support the SLA. Later on the needs of the customer and the specs need to be verified on a regular basis as they might change. The needs of the customer might change due to a change

- 124 -

availability and support service levels other processes such as Capacity. acceptance and a signature for the following documents. Reporting The reports should show the figures about the service levels that are required and the actually measured service levels. It is not enough to define how much time a service can be unavailable. . Is it when the IT organization restored the service or when the users are aware of it? In order to monitor the performance. Monitoring If service levels cannot be measured and monitored their value is substantially reduced. one also needs to define when a service is said to be available again. Subjects that can be included are: • • Time needed to resolve Incidents Down time of the network and any other occasion where the service levels have not been met.Material do Curso de ITIL in the business procedures and the specs made need changing as a result of the changed Requirements or the introduction of advanced technology. Availability and Incident Management should be in place. • • • Service Level Agreement Underpinning Contracts Operational Level Agreements It is critical that the above documents are negotiated and signed off. These processes will manage and report on service levels reporting back to the Service Level Management process.125 - . Negotiating Once the draft SLA is formulated negotiation is carried out to gain agreement. Why set service levels if you do not know if they are being met? In order to be able to measure the service levels they need to be clear and have to be objective.

The Service Level Manger oversees the steps that result in the following official documents: • • • • • Service Level Requirements Service Specs Service Level Agreement Underpinning contract Operational Level Agreements . All major disruptions to the IT service in detail. Use of the capacity (minimum and maximum) Amount of interactions with various services Reviewing Reviewing the Service with the Customers on a regular basis will help discover opportunities to improve the IT service that is provided. With the help of a Service Improvement Plan (SIP) this can be achieved. Once the Service Level Agreements are documented is it not end of the process it is the start! It is also important to regularly review how the process itself operates and update where necessary. Roles Service Level Manager Role The Service Level Manager is responsible for the implementing of the process and maintaining or improving the Service Levels by initiating improvement actions.Material do Curso de ITIL • • • • Time needed for a change. The role requires a position that allows the person to negotiate the service levels with the customers on behalf of the IT organization.126 - .

The Service Support processes . the result of.aim to restore the services as soon as possible when there is a breach within the Service Levels.Material do Curso de ITIL • • Service Quality plan Service Improvement plan Relationships Service Level Management is at once the basis and.127 - . They provide SLM with valuable information as the customer’s perception of the Service Levels. the implementation of Service Management processes. due to the holistic approach required for Service Management.Incident and Problem and the Service Desk . . The Service Delivery processes are more focussed on keeping the services running within the parameters defined in the SLAs. They get information from SLM about the required levels and give information about the actual levels and advice about the impact of new or changed services. You can’t implement Service Level Management to a full maturity without the other nine processes and the Service Desk function. Service Level Management is related to every other module within Service Management.

Material do Curso de ITIL Note: Remember the Service Support Processes are: o o o o o Incident Management Problem Management Change Management Release Management Configuration Management Benefits Introducing Service Level Management will have the following benefits for the Business and the IT organization: • The IT service will be of a higher quality and will cause less interruption. Hence the productivity of the IT customers will improve as well. The resources of IT staff will be used more efficiently. The service provided can be measured. The IT organization will provide services that meet the expectations of the customers.128 - . • • • .

129 - .Material do Curso de ITIL • • • The perception of the IT organization will improve. The services provided by the third parties is more manageable with the underpinning contracts in place and therefore any possibility of negative influence on the IT service provided is reduced. • . Monitoring the service make it possible to identify week spots that can be improved. Cost reduction.

This must be backed with a commitment to conduct regular reviews and not simply let the agreements get outdated.130 - . There needs to be a commitment to negotiate the Service Levels required and in the drawing up Service Level Agreements.Material do Curso de ITIL Common Problems The following issues need to be addressed in order to ensure a successful Service Level Management process: • The service levels set out in the SLAs must be achievable for the IT Organization in the first place. UCs and or OLAs much be set up properly otherwise external suppliers or internal parties may inadvertently create a breach of the agreed Service Levels. The services need to be measurable and objective for IT Customers and the IT organization. • • • Note: A useful acronym when thinking about Service Level Agreements (or any contract) is SMART .

Material do Curso de ITIL • • • • • Simple Measurable Achievable Realistic Time driven .131 - .

htm .Material do Curso de ITIL Metrics The following question will help determine if the Service Level Management process is effective and efficient: • • • • • Are all services covered by SLAs? Do the services within the SLAs have the necessary UCs and or OLAs? Is there an improvement in the Service Levels? Are the actual Service Levels measured? Is the perception of the IT organization improving? Best practices Interesting websites: Assessment http://www.132 - .itil.uk/online_ordering/serv_del_graphs/servlevel_mngt.co.

availability % and opening hours of the helpdesk. Together with the service catalogue they can be input for the SLA negotiations. drafting. including the Performance Indicators for the other ITIL processes.interpromusa.com/1_researchanalysis/focus/entmgmt013002.com/SLA Challenges for ASPs.microsoft. phases and due dates for the improvement of the services SQP = Service Quality Program / Plan A document that contains all the information for the managers. Examples are: downtime.Material do Curso de ITIL White papers http://www.html More theory http://www. securing and revising a demanded and cost justified level of service delivery to the user. SIP = Service Improvement Program / Plan Actions. defining. Service Catalogue Overview of all current services as delivered by IT.gartner.asp?url=/TechNet/prodtechnol/windows2000serv/m aintain/opsguide/cfgmgtog.pdf Books http://www3. .com/technet/treeview/default. May have a price list attached. Service Level Requirements Business demands and requirements for service levels.asp Essentials (terminology) Service Level Management: The process of negotiating.133 - .

As a consequence the number of end users drastically increased and so did the total amount of money spent on IT (the IT budgets).134 - . .Material do Curso de ITIL Financial Management Introduction Over recent years modern businesses have become more and more dependent on IT to operate their business processes efficiently. All too often customers of IT organizations and senior managers often perceive that there is too much money spent on IT. Financial Management for IT Services promotes the running of IT Services as a business operation. This has. set up a charging method and give customers an idea about the quality / price relation. The slide below shows some common thoughts and remarks often heard in organizations through out the world. Organizations (the Customers and senior managers) are reluctant to spend money on improving IT services if they don’t have a clear picture of the costs involved and the benefits it has for the business. but find it very difficult to clearly explain in business language what the real costs and benefits are of the provided IT Services. therefore. The IT organization on the other hand is often under the impression that they are doing ‘a good job’. In other words. led to a demand for increasingly higher quality and cost-effectiveness of the provided services. Financial Management for IT Services can make the costs clear.

135 - .Material do Curso de ITIL .

’ ‘to assist management decisions on IT investments by providing detailed business cases for Changes to IT Services. there may be additional statements that reflects the profit-making and marketing aims of the organization.136 - . .’ In a commercial environment. therefore. This awareness of costs improves the quality of all decisions made in regards to IT expenditure. Charging (notional or by sending real bills) the costs to the Customers is optional. is on understanding the costs involved in delivering IT Services (by attributing the costs to each specific IT Service and Customer).’ • The main focus of this process. but for any IT Services organization the objectives should include: • ‘to be able to account fully for the spend on IT Services and to attribute these costs to the services delivered to the organization’s Customers.Material do Curso de ITIL Objective The objective of the Financial Management for IT Services process for an in-house IT organization should be: • ‘to provide cost-effective stewardship of the IT assets and resources used in providing IT Services.

Charging (optional) Charging is the set of processes required to bill Customers for the services supplied to them. Budgeting ensures that the correct finance is available for the provision of IT Services and that during the budget period they are not over-spent. . bills are issued and revenue collected. All organizations have a periodic (e. IT Accounting and Charging: • A planning cycle (annual) where cost projections and workload forecasting form a basis for cost calculations and price setting.g. This requires sound IT Accounting and needs to be done in a simple.137 - . fair and accurate way. by service and by activity). It is in this regard more important to understand the costs than to know up to the dollar cent how much something costs. annual) round of negotiations between the business departments and the IT organization covering expenditure plans and agreed investment programs which ultimately sets the budgets for IT. Within organizations there are two distinct cycles associated with Budgeting. An operational cycle (monthly or quarterly) where costs are monitored and checked against budgets. • All these processes are discussed in more detail in the following chapter.Material do Curso de ITIL Process Description Financial Management for IT Services consists of the following three sub-processes: Budgeting (mandatory) Budgeting is the process of predicting and controlling the spending of money within the organization and consists of a periodic negotiation cycle to set budgets (usually annual) and the day-to-day monitoring of current budgets. IT Accounting (mandatory) IT Accounting is the set of processes that enable the IT organization to account fully for the way its money is spent (particularly the ability to identify costs by Customer.

which will be discussed in this chapter. The purpose and need of every expense needs to be determined. Budgeting • Determine the budget method: o Incremental budgeting Last year’s figures are used as the foundations for this year’s budget o Zero-based budgeting A fresh start: Called the Zero base.138 - . Determine the budget period • . together with the actual amount.Material do Curso de ITIL Activities Each of the three sub-processes of Financial Management for IT Services consist of a set of activities.

IT Accounting IT Accounting aims to provide the information about what the money was spent on. . Some costs might need to be estimated.Material do Curso de ITIL In most cases this will be the period of a financial (fiscal) year which can we subdivided in smaller periods. In order to understand costs we need to discuss costs in a general way. All Configuration Items necessary to deliver an IT Service to the Customer bear a certain cost.139 - . • Set up the budget Determine all the categories available and estimate the costs for the next budget period. These costs together add up to the total costs necessary for IT Service delivery. Take in consideration that demand might increase over time.

Software. Capital versus Operational costs Capital costs are costs involved with the purchasing of items that will be used over a few years and need to be depreciated. If you take a telephone service as an example the line rental costs are fixed. staff costs. A percentage of the capital cost is written off the net book value each year. desktops in three years. There are three methods of depreciation: Straight-line method. Reducing balance method. An equal amount is written off the value of the asset each year. . People. Fixed or variable costs Fixed costs are costs that stay the same regardless. (The depreciation amount is part of the total costs).g. hardware maintenance) and relate to repeating payments whose effects can be measured within a short timeframe (usually less than 12 months). For example the electricity of the IT department they are also called shared costs.140 - . Indirect costs are costs that can’t be related to a certain service. the mainframe in ten years). as they will be the same each month regardless how many calls you make. The costs for the calls are variable costs as they depend on the amount of calls are made. Depreciation methods Capital costs are depreciated over the useful live of the fixed asset (e. The main cost types are Hardware. The rent of a building is an example of fixed costs. Operational costs are those resulting from the day-to-day running of the IT Services organization (e. Transfer and External Service costs. Cost types Cost types need to be determined (they are also used in the budgeting activity). Variable costs change with the use of the service. For example the cost of a printer that is used by one department only can be seen direct costs.Material do Curso de ITIL Direct or Indirect costs. electricity. Accommodation.g. Direct costs are costs that can be assigned to specific services.

reported and charged to the customer (plus specific amounts.141 - . A Charging policy needs to be chosen: Communication of information Only the actual costs will be calculated. an amount greater than the costs incurred. if this is agreed with the customer). Before Charging can take place a few decisions need to be made regarding the Charging policy. For an in-house IT organization the aim could be to recover the costs back in a fair and simple way. . and the way the service are provided. through Charging. In most cases there already will be an accounting model in place for the rest of the business. Cost Units and Pricing. It is important to define a Cost Model that complies with the overall business accounting model. That is. Charging In a Profit Centre the objective is to recover.Material do Curso de ITIL • Depreciation by usage The Depreciation is written-off to the extent of usage during a period. But it could also be just to influence the behaviour of the Customers and end users. via Charging the IT organization can influence the demand and actual usage of IT Services.

the amount of print jobs they request. In order to be able to charge the costs to the IT customers Cost Units or chargeable items need to be set up. A good pricing system gives the client the sense that they get value for their money. but the customer doesn’t have to pay the physical dollars.142 - . These have to be clear. so they can be checked and are understood by the Customer. The price is negotiated with the customer beforehand . Rate that is also used in similar organization or other departments within the business.Material do Curso de ITIL Pricing flexibility Establish and charge the prices each year. Fixed price. Pricing moves the budget responsibility from the IT department to the user organization. Notional charging All costs are invoiced. Examples would the PC they use. This method is used to gain experience and eliminate mistakes. A pricing method (or a combination) need to be chosen: Cost price Cost price plus (to cover expenses made for R&D and overhead) Market prices. This method gives the option to influence excessive use. the price that is charged for the service on an outside market Going rate.

The main responsibilities are: • To oversee the implementation of the Financial Management for IT Services process and their sub processes (Budgeting. . IT Accounting and Charging). To work. with representatives of the organization management and the Finance Department.143 - . to develop the policies of Budgeting. are shared between both. associated with this role. IT Accounting and Charging. • • If the IT Finance Manger is from the IT organization maintaining a close relationship with the Finance Department becomes one of the responsibilities. An alternative would be that the tasks.Material do Curso de ITIL Roles The IT Finance Manager can be a person from the IT organization or the Finance department. Assist in setting up the budgets and the accounting plans. at an appropriate level.

. These strategies can realise an optimal spread of the workload within an organization. Reducing the risk of spending more money then is available. A more efficient use of IT resources throughout the organization. Increased professionalism of staff within the IT organization. together with Capacity Management and Availability Management. which will result in optimal use of resources. important information to Service Level Management about the introduced costing.Material do Curso de ITIL Relationships Financial Management for IT Services provides (depending on which pricing system has been chosen within the organization). As well as this the Financial Management process analyses which level of service delivery is technically cost realistic for the business. Higher satisfaction of Customers as they know what they are paying for.144 - . develop pricing strategies. It can also use asset and cost information from Configuration Management to analyse different scenarios of equipment (different costs for different configurations). pricing and charging strategies. The ability to verify if the actual costs compare to the estimate costs. Financial Management for IT services can. Investment decisions can be made on accurate information. Benefits The benefits of implementing the Financial Management for IT Services process include: • • • • • Increased confidence in setting and managing budgets. Divided per sub process the benefits will be: For budgeting: • • • Ability to estimate the total costs needed to run the IT organization.

or over-consumption of services in financial terms. The possibility to determine the costs of NOT making a specific investment. creating too much administrative overhead. Demonstrate under. hence influence the behaviour of the Customer. Influence the demand for the provided IT Services. IT and Business managers make better decisions. For IT Accounting: • • Availability of management information on the costs of providing IT Services. Not enough commitment from senior IT and Business management. • Cost Models that are used for IT Accounting are too detailed. • • • • • For Charging: • Providing a sound business method of balancing the shape and quantity of IT Services with the needs and resources of the Customer. Form the basis to implement Charging. which ensures that the IT Services organization runs in a cost-effective manner. Maximising the value for money of the provided IT services. Ability to accurately account for all the expenses made by the IT organization. The ability to recover IT costs in a fair manner. • .Material do Curso de ITIL • The guarantee that the money resources are available to run the IT organization within the agreed Service Levels.145 - . • • Common Problems In order for the process to work effective and efficiently the following issues should be addressed as they are typical areas that can cause problems in this process area.

Material do Curso de ITIL • Financial Management for IT Services is not in alignment with the way the overall organization manages its finances. customers agree to charges at a point in time. so that levied charges do not come as a shock. Metrics Key performance indicators to report on the process are: • • • • • Accurate cost–benefit analysis of the services provided Customers consider the charging methods reasonable The IT organization meets its financial targets The use of the services by the customer changes Timely reporting to Service Level Management .146 - . • Note: The area of Financial Management for IT Services is often glossed over. Typically. actions by users/customers to try to avoid incurring charges). it is wise to quite often ensure that your customer has had their expectations set. Charging policies are not well communicated to customers possibly causing unwanted behaviour (eg. but when the actual charges are levied the challenges begin. To offset this.

147 - .htm White paper http://www.asp Essentials (terminology) Financial Management for IT services: The implementation of Financial Management for IT services is the foundation for an . It is very unlikely that this process can be properly implemented without some specific expertise in accounting.uk/online_ordering/serv_del_graphs/financial_mngt. liquidity of assets) Note: Accountancy is a respected profession around the world.pdf More theory http://www.co.Material do Curso de ITIL Other issues that can be reported on are: • • Creditor / Debtor management Other specialised accounting measurements (eg.com/IT Cost Charging Challenges. Best practices Interesting websites: Assesment http://www.com/technet/treeview/default.interpromusa.asp?url=/TechNet/prodtechnol/wi ndows2000serv/maintain/opsguide/cfgmgtog.microsoft.itil.

This requires sound IT accounting. whether from use. pricing. or obsolescence through technological or market changes. IT Accounting: The set of processes that enables the IT organization to account fully for the way its money is spent. This can be done with a real transfer of money (Full Charging) or without (No Charging or Notional Charging). not merely a question of cost recovery but also of its impact upon the demand for the product. but other models can be developed to show the cost for each service or the cost for each location. ROI Return on investment (= average increase in profit / investment) ROCE Return on capital employed (= net profit before tax and interest / total assets less current liabilities) . Charging: The set of processes required to bill customers for the service supplied to them. TCO Total Cost of Ownership. or other category. Budgeting: The process of predicting and controlling the spending of money within the organization and consists of a periodic negotiation cycle to set budgets and the day-today monitoring of the current budgets. promotion. Deciding upon the appropriate charge/price is. a method of calculating the cost of a product or service as promoted by Gartner. activities.148 - . but is also oriented on future investments. consumption or other reduction in the useful economic life of a fixed asset. Depreciation: The measure of the wearing out. Cost Model: A framework in which all known costs can be recorded and allocated to specific Customers. place’. The calculation of Costs-by-Customers is the usual start-point if a Charging system is to be introduced. therefore. Billing: Passing on charging information to managers to make them aware of the cost of the resources used by their business. Most Cost Models are based on calculating the cost for each Customer. passage of time. Pricing: Pricing is just one element of the marketing quartet – ‘product.Material do Curso de ITIL independent IT organization. which is not only aware of costs.

Material do Curso de ITIL Availability Management Introduction Organizations are increasingly dependent on IT services. in most cases the business stops as well. . This is done by defining the requirements from the business regarding the availability of the IT services and then matching them with the possibilities of the IT organization.149 - . It is therefore vital for the IT organization to manage and control the availability of the IT Services. Objective The objective of Availability Management is to get a clear picture of business requirements regarding IT Services availability and then optimize infrastructure capabilities to align with these needs. when they are unavailable. There is also an increasing demand for 7 days per week 24 hrs a day availability of IT services.

Problems. Among the inputs are: • • The requirements regarding the availability of the business Information regarding serviceability of the CI’s reliability. Process Description Availability Management depends on a lot of inputs to be able to function well.150 - . recoverability and • Information from the other processes.Material do Curso de ITIL Or one can put it this way: To ensure the highest availability possible of the IT services as required by the business to reach its goals. SLAs and achieved service levels The outputs of the process are: . Incidents. maintainability.

Plans to improve the Availability of the IT services • • • Key terminology and actions that form the basis of this process are: Availability: The availability and flexibility of components of the infrastructure. 2001) Resilience is a key aspect of reliability Resilience is defined as: “The ability of an IT component to continue to operate even though one or more of its sub components has failed” Maintainability: The capability to maintain or restore a service or component of the infrastructure at a certain level. ST = agreed Service Time and DT = Down Time. Availability is defined as: “Availability of a IT Service or component to perform its required function at a stated instant or over a stated period’ (ITIL Service Delivery Book.Material do Curso de ITIL • Recommendation regarding the IT infrastructure to ensure the resilience of the IT infrastructure Reports about the availability of the services Procedures to ensure availability and recovery are dealt with for every new or improved IT service. This application is not easy to maintain. an application has been developed that requires daily housekeeping to ensure its operation and a highly qualified Database Administrator can only do this. whereby A .Availability.'s within the infrastructure is an important consideration as the . This is expressed in the following formula: A = (ST . Reliability is defined as: “…freedom from operational failure” (ITIL Service Delivery Book. The maintainability of C. In this case the Mean Time Between Failures (MTBF) can be used as a measuring tool. OGC.151 - . OGC. For example. Some services or indeed components of the infrastructure are easier to maintain and/or restore to service in the event of a failure.I.2001) Reliability: The reliability of components of the infrastructure.DT)/ST x 100. so that the required functionality can be delivered.

Material do Curso de ITIL speed of recovery and the ease of maintenance will impact the uptime and hence availability of services. That means that services and information is available to the right people. It can be desirable (for security reasons. These contracts will define how these external parties will perform to ensure the availability of the services they interface with. which might endanger the availability) not to make certain components of the infrastructure available. For example. It is also important to ensure that services are not so secure that it impedes that ability of the organization to use these services. integrity and availability (CIA). = Configuration Item Serviceability: Serviceability refers to the agreements that are held with third parties providing services to the IT organization. Note: Remember that C.I. Security is of great concern to most organizations these days and it is important to ensure that IT services are made available to the organization in a secure way. Underpinning Contracts within Service Level Management tie in here. logically or physically. how will they ensure resilience.152 - . . how will they maintain the infrastructure they are responsible for. Operational Level agreements (OLA's) within the Service Level Management process tie in here. Security: This is divided into confidentiality.

153 - . The Service Level Management process maintains contact with the business and will be able to provide the availability expectations to the Availability Management process. .Material do Curso de ITIL Activities The activities within the process can be divided in three main activities. The business may have unrealistic expectations with respect to availability without understanding what this means in real terms. which will be discussed in detail in the remainder of this chapter: • • • Planning Improving Measuring and reporting Planning Planning involves the following activities: Determine the Availability Requirements It is important not only to find out the requirements but also to find out if and how the IT organization can meet these requirements.

Make sure it is clear who has access to what and where. they may want 99. for their organizations infrastructure. Design When considering the design of the infrastructure the IT organization can either design for “availability” or “recovery”. Other Considerations • Security issues Define the security areas and the impact they might have on the availability of services. In this approach the infrastructure will be designed such that in the event of a service failure recovery will be as fast as possible.9% availability yet not realise that this will cost five times more than providing 98% availability. Designing for recovery can be seen as more reactive management of availability. . Designing for Availability is considered a pro-active approach to avoiding downtime in IT services. In this instance the IT organization will need to build resilience into the infrastructure and ensure that preventative maintenance can be performed to maintain services in operation. Design for Availability When the business cannot afford for particular service/s to have downtime for any length of time designing the infrastructure for availability should be the approach. In many cases building “extra availability” into the infrastructure is an expensive task that must be justified by business need.154 - . • Maintenance management This is a maintenance window that is agreed upon and known to the customers in which the IT organization can do the maintenance and repairs. This way the impact on the IT service of the maintenance and repairs will be reduced.Material do Curso de ITIL For example. Design for Recovery When the business can tolerate some downtime of services or the cost justification cannot be made for building in additional resilience into the infrastructure then designing for recovery is the appropriate approach. It is the responsibility of Service Level Management and the Availability Management process to manage expectations. Spare part for example will assist in the speedy of infrastructure components that fail. The processes (like Incident Management) need to be in place to recover as soon as possible in case of a service interruption.

Input from monitoring and other processes. will provide the basis for decisions on what “availability” measures will be put in place. SOA Systems Outage Analysis is a technique designed to provide a structured approach to identifying the underlying causes of service interruption to the user. The following are a few mentioned by the OGC: CFIA Component Failure Impact Assessment can be used to predict and evaluate the impact on IT Service arising from component failures within the IT infrastructure. You can use many ways to identify (un-) availability and potential problems. All plans must be cost justifiable and aligned with business needs. It is also important to measure and report on the perception of the customers on the availability of the IT service. Measuring and reporting This involves reporting about the availability of each service. the down times and recovery times.155 - . . FTA Fault Tree Analysis is a technique that can be used to determine the chain of events that causes a disruption to IT services.Material do Curso de ITIL Improving Developing the Availability Plan The Availability Plan will look into the future (for example 12 months) and document what measures will be put in place to ensure that the infrastructure and IT services will be available to meet business requirements. CRAMM CCTA Risk Analysis and Management Methodology can be used to identify new risks and provide appropriate countermeasures associated with any change to the business availability requirements and revised IT infrastructure design. such as Service Level Management. These reports will often go to the Service Level Management process to use in reporting comparisons (planned versus actual) on service levels back to the customer.

Incident Management and Problem Management provide a key input to ensure the appropriate corrective actions are being progressed. They implement the policies of Security Management in relation to the security of data. meets the Service Level Agreement (SLA).Material do Curso de ITIL Roles The Availability Manager The Availability Manager has a guiding role and has a general. Service Desk and Capacity Management to assist in management and planning with regard to availability. thus helping to prevent problems. The measurements and reporting of IT availability ensures that the level of availability delivered. For example they may attend Change Advisory Board meetings within Change Management. Relationships The introduction of Availability Management without the other processes in place is likely to fail. Change Management. The Availability Manager communicates their findings to the Service Level Manager and. . Using the results of this data they steer other Service Management processes in order to guarantee the agreed availability. Availability Management supports the Service Level Management process in providing measurements and reporting to support service reviews. yet sound knowledge of the IT infrastructure.156 - . makes an important contribution to the establishment of the SLAs. They will assemble and analyse data from processes like Problem Management. as without the support of the other processes it can’t deliver the agreed availability. through that.

157 - .Material do Curso de ITIL .

158 - . Other benefits include: • • • • Constant striving to improve the availability Higher Customer Satisfaction In case of a disruption corrective action will be undertaken Higher availability of the IT service .Material do Curso de ITIL Benefits The main benefit is: Optimal use of the capability of the IT Infrastructure and delivering the availability of the IT services that is according the agreed requirements of the customers.

. For Availability management they are: • Unclear requirements from the business regarding the availability expected of the IT service No official contract is drawn up to specify the agreed availability of each service.Material do Curso de ITIL Common Problems As with every process there are some issues that need to be addressed as they can make or break the success of the process. (Risk of conflict and arguments at a later stage) Commitment to the process • • The business and the IT organization must share a common understanding on the definition of availability and the definition of downtime.159 - .

co.itil.uk/online_ordering/serv_del_graphs/avail_mngt. MTBF.) Best practices Interesting websites: Assesment http://www.htm Essentials (terminology) .160 - .Material do Curso de ITIL Metrics By reporting on the following items the effectiveness and efficiency of the process can be measured: • • • • The total downtime per service Time it takes to recover from an incident The availability of the services The improvement of the availability of the IT services Note: Check the AV Essentials section for defined availability terms (eg. etc. MTTR.

Failure: The moment at which a functional unit no longer provides the required function. Mean Time To Repair (MTTR): The average period between commencement of an incident and its solution. Mean Time Between Failures (MTBF): The average period between the first moment the service is fully operational and the moment that this service is no longer operational. Mean Time to Restore Services (MTRS): The average period between the commencement of an incident and the restoration of the service delivery.Material do Curso de ITIL Down time: The total period during which an IT service is not operational within the agreed service times. Fault. .161 - . High Availability A characteristic of the IT Service that masks the effects of IT component failure to the user.

The main purpose of Capacity Management is to understand and maintain the required level of service delivery (via the appropriate capacity) . cost justified. .162 - .Material do Curso de ITIL Continuous Operation A characteristic of the IT operation that masks the effects of planned downtime to the user.at an acceptable cost. Continuous Availability A characteristic of the IT Service that minimises or masks the effects of all failures and planned downtime to the user. Capacity Management Introduction The Capacity Management process is designed to ensure that the capacity of the IT infrastructure is aligned to business needs. The Capacity plan is the core document that describes how this will take place over the coming period. Through gathering business and technical capacity data this process plans for and delivers the. capacity requirements of the business.

Process Description The Capacity Management process breaks down into three sub-processes listed below: .163 - . Capacity Management is also responsible for understanding potential advantages new technology could have and assessing its suitability for the organization.Material do Curso de ITIL Objective The main objective of Capacity Management is to understand the business’s capacity requirements and deliver against them both in the present and the future.

. Resource Capacity Management Is responsible for the management of the individual components within the infrastructure. Service Capacity Management Is responsible for ensuring that the performance of all current IT services falls within the parameters detailed as targets within SLA’s.Material do Curso de ITIL Business Capacity Management This sub process has the focus on the long term. It is responsible for ensuring that the future business requirements are taken into consideration then planned and implemented as necessary.164 - . Resource capacity management has more of a technical focus.

Material do Curso de ITIL Activities Each of the sub process mentioned before involve.165 - . to a higher or lesser degree. the following activities: • • • • • • • Iterative Activities Storage of Capacity Management Data Demand management Application Sizing Modeling Capacity Plan Reporting .

Analysis. checking if all the service levels are being met. Implementation. technical data. The capacity requirements of a new application will be understood and the infrastructure can be tuned as necessary to meet the new requirements.166 - . The plan is future oriented and covers a period of at least 12 months. User behaviour is influenced to shift workload. this plan is drafted on the basis of data from the CDB (Capacity Database). the information contained here provides the other processes with the data necessary for their analysis. Storage of Capacity Management Data The Capacity Database (CDB) is the cornerstone of the process. Capacity Plan Capacity Plan. . business and relevant information for capacity Management. Reporting for example could be (but not limited to) against the capacity metrics in SLAs. the data collected by monitoring needs to be analysed and predictions been made for the future Tuning. Demand management: Demand Management is responsible for the management or workload in the infrastructure to better utilise the current capacity rather than increasing capacity. It is used to form the basis of the reports for this process and contains technical. As well.Material do Curso de ITIL Iterative Activities The following iterative activities take place within Capacity Management: • • • • Monitoring. business data. for example to another time of the day to relieve capacity shortages. financial data. Modeling: By simulation or with assistance of mathematical models modeling allows for the prediction of future capacity requirements. Application Sizing: Application Sizing related to the assessment of the capacity requirements of applications during their planning and development. Reporting Reporting entails the reporting of capacity performance over any given period. implement the outcomes and results of the 2 previous steps to ensure optimal use of the infrastructure for now and in the future. to actual implement new capacity or changed capacity with Change Management. The results from this can be used as an input into the Capacity Plan. etc.

application and system manger. To do this.167 - . the manager must be involved in evaluating all changes. and excess demand for processing capacity.Material do Curso de ITIL Roles The Capacity Manager The main responsibilities of the capacity manager are: • • • To develop and maintain the Capacity plan Manage the process Make sure the Capacity database is up to date. . They are responsible for translating the business requirements in to required capacity to be able to meet these requirements and to optimize the performance. file storage problems. Other roles within Capacity Management are the roles of the network manager. to establish the effect on capacity and performance. The cumulative effects of single changes can often cause degraded response times. They pay particular attention to the cumulative effect of changes over a period of time. This should happen both when changes are proposed and after they are implemented.

Material do Curso de ITIL

Relationships

Capacity Management is part of Service Delivery and is directly related to the business requirements. It is not simply about the performance of the system’s components, individually or collectively. Service Desk, Incident Management and Problem Management. These processes will provide Capacity Management with information about incidents and problems related to Capacity. Capacity Management will support the processes with solving the incidents and or problems and also provide them with information about the capacity performance. Change Management and Release Management Capacity Management activities will raise Request for Changes (RFC's) in order to ensure that the appropriate capacity is available. These are subject to the Change Management process, and implementation may affect several Configuration Items (C.I.'s), including hardware, software and documentation, and will require effective Release Management. Availability Management The link between Capacity Management and Availability Management is strong, as the availability that is needed requires a certain amount of capacity within the configuration items. Without enough capacity, you will never have enough availability. Furthermore, the values measured by Capacity Management are of importance to Availability Management in relation to availability and reliability. Service Level Management Both Capacity Management and Availability Management need to provide the service level manager with input for effective SLA negotiations. Capacity Management informs Service Level Management about the result levels that can be provided to the client. Financial Management The drafted capacity plan delivers important input for Financial Management, which on this basis can draft a very accurate investment plan capacity Management gets information in return about the available budget. IT Service Continuity Management Capacity Management provide ITSCM with the information about the minimum required Capacity needed for recovery. It is important to consider the impact (for needed capacity) of changes to the IT services on the ITSCM procedures.

- 168 -

Material do Curso de ITIL

- 169 -

Material do Curso de ITIL

Benefits

Implementation of Capacity Management offers the following benefits: • • • • • An actual overview of the current capacity in place The possibility to plan capacity in advance. Being able to estimate the impact of new applications or modifications Cost savings Better service that is in tune with the requirements of the Business.

- 170 -

Material do Curso de ITIL Common Problems Common problems that can be encountered while the process is already implemented include: • Capacity information from suppliers is not available or is too general and can be misleading for infrastructure components. If an application is poorly designed. The detail of monitoring can be to deep causing the process to be too expensive. The expectation to what Capacity Management can do is over estimated.171 - . more capacity won’t fix the problem. All too often end users and customers are interviewed at length about their expected capacity requirements. . • • • Note: This final point is important. It is not always easy to predict what future capacity is required before you build an application. It is up to the IT professionals to have built in the ability for the application to scale to match any new requirements. only to demand more as soon as the new application goes live. Information is difficult to obtain.

Incidents or Problems? Are ad hoc expenses being reduced because better planning is in place? Performance against SLAs .172 - .Material do Curso de ITIL Metrics To verify if the process is operating within it goals one should check: • • • • • • If the forecast is in line with the actual demand at that time? If the Capacity plan is correct? Are the requirements being met? Is capacity not a cause for the breach of Service Levels.

Material do Curso de ITIL Best practices Why a Capacity Plan? With cheap hardware prices. The process was reasonable because the systems were typically not mission-critical. Downing the system for upgrades becomes increasingly expensive in both time and resources.173 - . In addition. software and hardware tools. overpaying for network equipment or services and the costs of upgrading systems already in production more than justify the cost of capacity planning. Once systems are in place they become an integral part of the overall design. internal and external staff resources. capacity planning may seem unimportant. due to the interdependency between various application components. the added complexity of the environment typically requires more care. The system could then be tuned or more capacity added before all of the users had been converted to the new system. you can always upgrade later. coupled with the increase in complexity of 3-tier architecture. the potential losses incurred without capacity planning are staggering.com/ Assessment . is causing system designers to pay closer attention to capacity. Capacity planning is driven purely by financial considerations. Five years ago. The second is with Internet/Intranet at the helm. A simple guess of the capacity requirements should be sufficient. We now measure progress in "Internet years" -. This rapid change. Proper capacity planning can significantly reduce the overall cost of ownership of a system.capacityplanning. The first is the rate of technical change. Although formal capacity planning takes time. Interesting websites: http://www. Today’s systems are primarily being developed within a 3-tier architecture. there’s no time for this approach. a designer could roll out a new system with a rough estimate of capacity and performance. right? Why give this subject any more thought? There are two main issues that make capacity planning critical. Lost productivity of end users in critical business functions. Today.equivalent to about 90 days of a calendar year.

Material do Curso de ITIL http://www.com/iccm. The plan is future oriented and looks forward for a period of at least two years.html http://www. technical data.asp?r=Tutorial&s=Benchmarks&t=Standard http://www.iccmforum.htm White Papers http://www.itil.uk/online_ordering/serv_del_graphs/capacity_mngt. Workload Management The identification and registration of use of resources of each workload and the detection of peaks and patterns.174 - .interpromusa.com/iccm.asp?r=Capacity&s=CPUResource Tools http://regions. .iccmforum.com/ASPs and Application Performance Mgmt.org/regions/cmgarmw/shortarm. A plan that is drafted on the basis of data from the CDB.pdf http://www.iccmforum. etc.co. Performance Management This is the monitoring of results.asp?r=Tutorial&s=Benchmarks&t=ZiffDavis Essentials (terminology) Capacity Plan. financial data.cmg. Resource Management The optimization of the use of resources. business data.g.com/iccm. analysis of information and tuning (e. signaling of trends. by spread of workloads).

vandalism. Causes of such disasters are events like fire.175 - . that the impact of a total or partial loss of the IT Services is estimated and Continuity Plans established to ensure that the business will always be able to continue. the users cannot continue with their normal work. statistics show that disasters regularly occur.Material do Curso de ITIL IT Service Continuity Mgt Introduction There are still quite a few managers that see IT Service Continuity Management (ITSCM) as a luxury for which they do not have to allocate any resources. This trend towards dependency on IT will continue and will increasingly influence users. However. Every time the availability or performance of a service is reduced. That is why it is important. managers and decision-makers. As businesses are becoming increasingly dependent on IT.and actually establishing . the impact of the unavailability of IT Services has drastically increased.a Business Continuity Plan could have saved affected companies a lot of troubles or even their business itself. flood. . Thinking about . power failure or even terrorist attacks. burglary. lighting.

Reducing the vulnerability and risk to the business by effective risk analysis and risk management. Process Description ITSCM is concerned with managing an organization’s ability to continue to provide a pre-determined and agreed level of IT services to support the minimum business requirements. Preventing the loss of Customer and User confidence.Material do Curso de ITIL Objective The objective of the ITSCM process is to support the overall Business Continuity Management (BCM) process by ensuring that the required IT technical and services facilities can be recovered within required and agreed business time-scales.176 - . . This includes: • • • Ensuring business survival by reducing the impact of a disaster or major failure. following an interruption to the business.

the plan is of no use. ITSCM should be closely aligned with and driven by the overall BCM process. BCM manages risks to ensure that the organization can continue to operate at a specified minimum level in case of a disaster. The process can be divided in 4 stages. If the BCM process has a solid plan to evacuate part of the business process and continue to work in a separate building. One won’t work with out the other.177 - . which will be described in the next chapter in detail: • • • • Initiation Requirements and strategy Implementation Operational Management . ITSCM is focused on the IT Services and ensures that the minimum of IT Services can be provided in case of disaster. but there is no IT infrastructure ready. as a subset of this process.Material do Curso de ITIL • Producing IT recovery plans that are integrated with and fully support the organization’s overall Business Continuity Management (BCM) Plan. The same apply if you do have plans which enable the IT organization to provided the IT Service elsewhere if the business process can’t be continued because there’s is no contingency plan in place for that.

resources allocated and a project plan established. Requirements and strategy • Business Impact Analysis . The policies around BCM and ITSCM are defined.178 - . Initiation • Initiate BCM The initiation process covers the whole of the organization.Material do Curso de ITIL Activities Each of the stages has its own activities. which will be described in more detail throughout this chapter. the scope of the process and the terms of reference determined.

Risk Assessment consists of two parts: o Risk Analysis is focused on identifying the risks by analysing the vulnerabilities of and the threats to all critical assets.Material do Curso de ITIL The impact of a disaster on the business will be investigated. Questions that can be asked are: Can the business still operate in case of a disaster? For how long can it survive? Does it rely on the IT services to be able to operate? How much the organization stands to lose as a result of a disaster or other service disruption and the speed of escalation of these losses will be assess by: o o Identifying the critical business processes Identifying the potential damage or loss that may be caused to the organization as a result of a disruption to critical business processes.179 - . or the development of plans (Recovery Plans). This is an assessment of the level of threat and the extent to which an organization is vulnerable to that threat. which detail how to handle when the risk eventuates. Risk Management is about identifying countermeasures to keep those risks under control. o . • Risk Assessment This activity analyses the likelihood that a disaster or other serious service disruption will actually occur. These can either be actions to reduce the impact or likelihood of the risk.

one chooses a security method where. or brought in. The costs of such are high and if. nothing can happen. that when the availability of the IT infrastructure is restored a catch-up activity must be performed. Administrative procedures. a switch is made to administrative procedures. despite this.Material do Curso de ITIL • Business Continuity Strategy An appropriate strategy needs to be developed with contains an optimal balance of risk reduction and recovery options. Examples are the Computer Evacuation Centre or the IBM truck. The last option is only feasible for mid range systems. Gradual Recovery (Cold stand-by) permanent or portable. If the infrastructure is no longer available. Fortification strategy. no alternatives are available. This space could also be located or erected on site (Porto cabin). something does go wrong. in fact. after which the service level can be restored.180 - . This is normally an extension of the Intermediate Recovery options provided by third party suppliers. In the case of a calamity. at least o o o o o o . while the local bakery can probably afford the time involved in recovering a failed system). telephone connections and airconditioning. In case of a Recovery Plan decisions have to made on how to recover.g. to confirm in writing. This usually covers extremely critical services that can affect the survivability of the organization or. where appliances can be "brought in". The internal warm start means having an evacuation facility available within the organization. organizations make (parts of the) infrastructure available to each other. This choice can be made if a risk analysis suggests that the failure of (a part of) the IT service delivery does not irretrievably affect business. that in case of a calamity no concrete contingency plan is available. In this strategy the organization itself has a space available with infrastructure such as electricity. Intermediate Recovery (Warm stand-by) internal/external/mobile. Immediate Recovery (Hot stand-by). It may be sensible however. The options are: o No contingency. In this approach. Reciprocal agreements. a stockbroker will focus on risk reduction. Disadvantage is. hired. The actual balance will very much depend on the nature of the business and the dependency on IT Services (e. Disadvantage is reciprocal dependency and confidentiality of data. In this scenario a completely fitted evacuation facility is available.

Also stand-by procedures will have to be put in place. Implementation • Organization and implementation planning Several plans need to be set up in order to be able to Implement the ITSCM process. For example setting up an agreement with a third party to supply goods in case of a disaster without having to go through the proper channels. The plan should cover at least the following subjects: o o o o How it is going to be updated Routing list to specify which section has to go to which group? Recovery initiation Specialist sections to cover the actions and responsibilities of these sections individually. logistics.181 - . business recovery plans and procedures will work in practice. Operational Management . • Develop ITSCM plans and procedures The Recovery Plan (or Continuity plan) has to be set up. • Perform initial testing Testing is a critical part of the overall ITSCM process and is the only way of ensuring that the selected strategy.Material do Curso de ITIL such an impact that would stop the organization from making money or other significant long-term effects. recovery sites and restoration. damage assessment. emergency procedures. Sections are Administration. These plans address issues like. security. In most cases this will be done with help of the Availability process. what to do with data. personnel. IT infrastructure. recovery plans etc. stand-by arrangements. • Implement stand-by arrangements and risk reduction measure The risk reduction measures need be implemented.

• Change Management Following tests and reviews and in response to day-to-day Changes. management. training and awareness These are essential issues that need to be taken care of in order for the ITSCM process to be successful. starting with the board followed by senior management. This ensures that all staff are aware of the implications of Business Continuity and of IT Service Continuity and consider these as part of their normal working routine and budget. Roles A distinction can be made in roles and responsibilities in and outside crisis times. ITSCM must be included as part of the Change Management process to ensure that any Changes to the IT infrastructure are reflected in the contingency arrangements provided by IT or third parties. there is a need for the ITSCM plans to be updated. Different levels within this process can be defined. team leaders and their team members.182 - .Material do Curso de ITIL • Education. • Testing By testing on a regular basis not only can the effectiveness of the plan be tested but also people will know what happens. • Review and audit It is necessary to review and audit the plans on a regular basis to make sure they are still up to date. • Assurance The quality of the process is verified to assure that the business requirements can be met and that the operational management processes are working satisfactorily. The main responsibilities of the ITSCM manager include: . where the plan is and what is in it. It is vital to document the responsibilities of each and every role.

Change Management Change Management needs to make sure that the ITSCM is aware of the impact of the Changes on the Continuity and Recovery Plans. . Configuration Management Configuration Management provides information about Configuration Items that are needed in order to be able to restore the IT service after a disaster. the recovery objectives of the business can be achieved.183 - . Capacity Management Capacity Management makes sure the appropriate infrastructure can support the business requirements. Communicate and maintain awareness of ITSCM objectives within the business areas supported and the IT Service areas. Service Level Management Service Level Management provides the ITSCM process with information about the required service levels. so the plans are updated if necessary.Material do Curso de ITIL • Develop and manage the ITSCM Plan to ensure that. Maintain a comprehensive IT testing schedule. Manage the IT Service delivery during times of crisis. Ensure that all IT Service areas are prepared and able to respond to an invocation of the Continuity Plans. Availability Management Availability Management has more a supportive role and helps the ITSCM process to prevent and reduce the risk of disasters by delivering / implementing risk reduction measures. at all times. • • • • Relationships ITSCM has a close relationship with all the other ITIL processes and the business in general. The relationship with some of the processes is described in more detail.

184 - . Benefits .Material do Curso de ITIL Service Desk & Incident Management Service Desk in combination with Incident Management provides the ITSCM process with historical data (statistics).

and more aware of business impacts and priorities. possible competitive advantage and increased organizational credibility. Potentially lower insurance premiums Fulfillment of mandatory or regulatory requirements Improved relationships between the business and IT through IT becoming more business focused. Recovery will take place in less time More stable IT infrastructure and a higher availability of the IT Services • • .185 - . • In case of an actual disaster the process has the following benefits: • Reduced business disruption.Material do Curso de ITIL ITSCM supports the BCM process and delivers the required IT Infrastructure and Services to enable the business to continue to operate following a service disruption. with an ability to recover services efficiently in business priority order. Increased Customer confidence. The main benefits of implementing the ITSCM process are: • • • • Management of risk and the consequent reduction of the impact of failure.

and • • Recovery isn’t working. applications. The ITSCM is not based on the BCM. and dependencies.due to lack of testing.186 - . Overlooking critical components. . misinterpreting business impacts.Material do Curso de ITIL Common Problems A few of the problems one can encounter while implementing the ITSCM process are: • • • • Not enough resources to set up and run the process properly. Lack of awareness and support of the users and the IT personnel causing the process to fail in case of a disaster. No enough commitment from senior IT and business management.

com/iccm.iccmforum.co.com/technet/itsolutions/idc/oag/oagc20.pdf Assesment http://www.com/ http://www.microsoft.com/IT Service Continuity Mgmt.187 - .asp?r=Tutorial&s=Benchmarks&t=ZiffDavishttp://www.globalcontinuity.itil.Material do Curso de ITIL Metrics During normal operation one can report on: • • The results of testing the plan Costs of the process During/after a disaster one can report on: • • • Weaknesses in the plan Time that it took to recover versus estimate time Losses due to the disaster Best practices Interesting websites: http://www.uk/online_ordering/serv_del_graphs/itserv_cont.asp http://www.htm .disasterrecoveryw orld.interpromusa.com/ Whitepages http://www.

Typically. IT Disaster The unavailability for a longer period of time of IT Service provision which makes in necessary to switch to an alternative system and for which the actions to be taken are not part of a daily routine. Disaster Recovery Planning A series of processes that focus only upon the recovery process. these include accommodation. Gradual Recovery (Cold Stand-by) This is applicable to organizations that do not need immediate restoration of business processes an can function for a period of up to 72 hours. telecommunication and sometimes people. Business Continuity Management (BCM) . without a reestablishment of full IT facilities.188 - . as replacements should primary assets be unavailable following a business disruption. or longer. Immediate Recovery (Hot Stand-by) Provides for the immediate restoration of services following any irrecoverable incident. Intermediate Recovery (Warm Stand-by) Typically involves the re-establishment of the critical systems and services within a 2472 hour period. IT systems and networks. at least. The BCM process involves reducing the risks to an acceptable level and planning for the recovery of business processes should a risk materialise and a disruption to the business occur. which could be exploited by threats. responsibilities and actions necessary to resume business processes following a business disruption. Vulnerability A weakness of the system and its assets. Business Recovery Plans Documents describing the roles. a pre-determined minimum level. and is used by organizations that need to recover IT facilities within a predetermined time to prevent impacts to the business process. Stand-by arrangements Arrangements to have available assets which have been identified. principally in response to physical disasters that are contained within BCM.Material do Curso de ITIL Essentials (terminology) BCM is concerned with managing risks to ensure that at all times an organization can continue operating to.

Material do Curso de ITIL .189 - .

A national event would take place. The event was the life chat session with Prince Willem Alexander and his fiancé Maxima on the Internet. The following example of a different nature occurred recently in The Netherlands.190 - . In this case no harm was done but if they had bad intentions they could have easily caused a lot of damage . which would attract a lot of attention. Nimda and the Trojan Horse does ring bells about the vulnerability of our Business and the reliability of the businesses on IT services. Names as the Kournikova virus. A group of activists thought this was the time to show the country how vulnerable even the big companies are by hacking in to the systems. The main telecom provider in the Netherlands provided it and they bragged about how they could ensure the availability and the high performance of the event.Material do Curso de ITIL Security Management Introduction Everyone has heard about the impact a virus can have on a business. causing the servers to go down and so interrupting the life chat session for a period of time.

In order for companies to maintain their competitive edge. The degree to which these aspects are preserved must be based on the business requirements for security.Safeguarding the accuracy and completeness of information and processing methods. Availability– Ensuring that authorized users have access to information and associated assets when required. Objective . Integrity. complete and accessible information. Security of information refers to the preservation of: Confidentiality . According to BS 7799. This can be properly understood through accurate risk and impact analysis. business decisions must be based on accurate.Ensuring that information is accessible only to those authorized to have access. The security of Information is a key management concern in the modern. electronic business world. Security management is concerned with addressing activities that are required to maintain risks at a manageable level.Material do Curso de ITIL In both cases there is a risk of information being damaged or misused due to a breach in security or lack thereof.191 - .

The activities of Security Management are undertaken either by the process itself or by other processes under the control of Security Management. and the SLA’s. . insurance policies. To create a secure environment regardless of the external requirements Process Description The process of Security Management is a flexible one and needs to be reviewed continuously to ensure that it is still up to date. do.192 - . legislation regarding privacy. plan.Material do Curso de ITIL The objective of Security Management is twofold: • • To ensure that it complies with the external requirements of. It therefore should. check and act in a continuous cycle.

description of the sub processes. Plan This sub process will plan the security sections of the SLA’s with Service Level Management. describing the roles and responsibilities. the Security plan and the implementation thereof and selecting the tools. It also includes addressing the Security sections in the Under Pinning Contracts (UPCs) and the operational level agreements.193 - . This includes among others. .Material do Curso de ITIL Activities The following activities are part of the security management process: o o o o o o Control Plan Implement Evaluate Maintenance Reporting Control In this process the basics for the Security Process are laid out.

Maintenance The maintenance of the security aspects of the SLA’s and the maintenance of the security plan are the responsibilities of this sub process. Evaluate It is necessary to evaluate the implementation of the security measures to see if they are effective. The security manager is responsible for implementing and maintaining the process.’s. Every C. should be classified indicating the required availability. Although the responsibilities for these actions are still within the separate processes Security management provides the input for the activities. The Security Manager has close ties with the Business Information Security officer Relationships The Security Management process has links with all the ITIL processes. Each process carries out one or more of the activities of Security Management. which will determine the level of security that is required. Regular audits also need to be done to ensure that the process is working efficiently en effectively.194 - . Configuration management: The CMDB contains the information about the C. integrity and confidentiality. . Service Level Management provides information about the required service levels and receives input about the achieved levels.I.Material do Curso de ITIL Implement Implementation of all the security measures is the aim of this sub process. Reporting Main things that will be reported are: • • • • Security incidents Results of audits Performance of security tests Identification of incident trends Roles In most cases there will be only the Security Manager however in very large organization there may be more persons involved in the process.I.

. which ensure security or enhance it. Benefits Benefits of implementing Security management are: • • • Information that is vital to the business is kept secure Higher availability of the Information Quality of information that goes outside the business is increased.Material do Curso de ITIL Incident and Problem Management: Incident Management records incidents regarding a breach of security levels and the cause is investigated and resolved by Problem Management. In most cases the Security Manager will be part of the CAB. Change Management implements the changes. On the other hand they need to address the security issues for every change. Availability Management is supported by Security Management in the way that the measures to increase security result in a higher availability of the IT services.195 - .

Awareness. • Is the security aspect covered of the services in the SLA’s? . Most security issues are caused by human errors.Material do Curso de ITIL Common Problems The following issues may cause problems: • • • • • Commitment: extra rules and regulations are most likely to generate resistance rather than appealing to end users.196 - . As with every other process it is important to communicate with the organization to gain the cooperation of the business. Over time the security aspect of changes might not get as much attention as is needed. It needs to be possible to check if the security measures are working if they are there for the right reasons Changes. Attitude. Quite often this is due to complacency. Metrics The metrics of this process are similar to the ones of Service Level Management but focus on the security aspect. Verification.

197 - .com/ Also. .com/ http://www. Outsourcing security management could offer the solutions..ismanet. tools and expertise to offer the most efficient service? The decision to outsource Security Management needs to be weighed carefully as this highly debatable decision has both pros and cons. is becoming more overbearing to organizations. The key questions faced by any organization are: Should they keep the responsibilities of information security in-house? Should they develop and train their own IT staff? Should they develop their own security policies? Or Should they contract such services to an outsourcing specialist who is using the latest available technology..Material do Curso de ITIL • • • • Do the services within the SLA’s have the necessary security aspects covered in the UPC’s and or OLA’s? Is there an improvement in the Security levels? Are the actual Security Levels measured? Is the perception of the IT organization improving? Best practices http://www.To Outsource or not to outsource? The challenge to meet security requirements.. to prevent such disastrous impacts.securitymanagement.

This introduction to IT Service Management aims to provide a thorough introduction to the field. It not only provides a convenient introduction to the books in the IT .Material do Curso de ITIL Essentials (terminology) Confidentiality Ensuring that information is accessible only to those authorized to have access. Availability Ensuring that authorized users have access to information and associated assets when required Privacy Confidentiality and integrity of information relating to individuals Verifiability Being able to verify that the information is used correctly and that the security measures are effective. Organizations are now so dependent on the automation of large parts of their business processes that the quality of IT services and the synchronisation of these services with the needs of the organization are now essential to their survival. IT Service Management has developed into a field in its own right. Conclusion In recent years. Integrity Safeguarding the accuracy and completeness of information and processing methods.198 - .

but also to be used wisely in practice. Searching using any internet search engine for topics like "ITIL" and "IT Service Management" will return good results.exin-exams. This course aims to provide an effective introduction to the dynamic area of IT Service Management.com ITIL http://www.com/itsmdirect/shop/showDept.ogc.uk EXIN http://www. Instead. It is based on the latest edition of the ITIL books on Service Support and Service Delivery.gov. Also.Material do Curso de ITIL Infrastructure Library (ITIL). It contains a wealth of practical experience collected by the editorial board. and will be useful even for those not preparing for the exam. However.co. Managing Director The Art of Service Further reading There are a wide variety of topics available as additional reading in this area. and it deserves not just to be read and studied. it aims to encourage discussions and to compare the best practices with the learner's own experience. We expect that this course will fulfill a clear need.uk .itsmf. Gerard Blokdijk.com ITSMF http://www. it does not pretend to have the answers to all the questions that arise in a field so multifaceted as IT Service Management. visit the ITIL Bookstore: https://secure3.asp?dept=22 ITIL web sites OGC/CCTA http://www.itil.199 - .websitecomplete. but also serves as the first step to prepare for the Foundation Certificate exam in IT Service Management.

Sign up to vote on this title
UsefulNot useful