Professional Documents
Culture Documents
Service Lifecycle
London: TSO
Published by TSO (The Stationery Office) and available from:
Online
www.tsoshop.co.uk
TSO Shops
16 Arthur Street, Belfast BT1 4GD
028 9023 8451 Fax 028 9023 5401
71 Lothian Road, Edinburgh EH3 9AZ
0870 606 5566 Fax 0870 606 5588
Published with the permission of the Office of Government Commerce on behalf of the Controller of Her Majesty’s Stationery Office.
© Crown Copyright 2007
This is a Crown copyright value added product, reuse of which requires a Click-Use Licence for value added material issued by OPSI.
Applications to reuse, reproduce or republish material in this publication should be sent to OPSI, Information Policy Team, St Clements House, 2-16 Colegate,
Norwich, NR3 1BQ, Tel No (01603) 621000 Fax No (01603) 723000, E-mail: hmsolicensing@cabinet-office.x.gsi.gov.uk , or complete the application form on
the OPSI website http://www.opsi.gov.uk/click-use/value-added-licence-information/index.htm
OPSI, in consultation with Office of Government Commerce (OGC), may then prepare a Value Added Licence based on standard terms tailored to your
particular requirements including payment terms
The OGC logo ® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom
ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries
The swirl logo ™ is a Trade Mark of the Office of Government Commerce
First published 2007
ISBN 9780113310616
Printed in the United Kingdom for The Stationery Office
N5635491 c60 08/07
| iii
Contents
List of figures vi 2.7 ITIL conformance or compliance – practice
adaptation 13
OGC’s foreword ix
3 The ITIL Service Management
Chief Architect’s foreword x Lifecycle – core of practice 17
3.1 Functions and Processes across
the lifecycle 20
Preface xi
1.3 The ITIL value proposition 4 4.3 Service Provider types – matching
need to capability 27
1.4 The ITIL service management
practices 4 4.4 Services as assets – value creation 28
Acronyms 173
Glossary 177
Index 227
vi |
List of figures
Figure 2.1 The Deming Quality Cycle Figure 6.1 The Service Transition process
Figure 3.1 The ITIL Service Lifecycle Figure 6.2 Normal Change Model
Figure 3.2 Process architecture Figure 6.3 Service Asset and Configuration
Management – interfaces to the lifecycle
Figure 3.3 Continual feedback loop
Figure 6.4 Example of a release package
Figure 4.1 Service Provider capabilities and resources
Figure 6.5 Service testing and validation
Figure 4.2 Actionable components of service definitions
in terms of utility Figure 7.1 The Event Management process
Figure 4.3 Service Portfolio Figure 7.2 The Incident Management process flow
Figure 4.4 Elements of a Service Portfolio and Service Figure 7.3 The Problem Management process flow
Catalogue
Figure 7.4 Single monitor control loop
Figure 4.5 Service Portfolio management
Figure 7.5 Complex monitor control loop
Figure 4.6 Business impact and ROI outcome
Figure 7.6 ITSM monitor control loop
Figure 5.1 Design dependencies
Figure 7.7 Role of Application Management in the
Figure 5.2 Service Catalogue elements application lifecycle
Figure 5.3 The Service Level Management process Figure 8.1 Continual Service Improvement model
Figure 5.4 Component-based Service Level Package Figure 8.2 Seven-step Improvement Process
Figure 5.5 Capacity Management elements Figure 8.3 Number of incident tickets opened over time
Figure 5.6 The Availability Management process Figure 8.4 Service reporting process
Figure 5.7 Relationship between levels of availability Figure 10.1 Service Management Model element types
and overall costs
Figure 10.2 Service Lifecycle governance and operational
Figure 5.8 Service Continuity lifecycle elements
Figure 5.9 IT Security Management process Figure 10.3 Typical Type I Service Provider interactions
Figure 5.10 Supplier Management – roles and interfaces Figure 10.4 Type II Service Provider interactions
Figure 10.5 Type III Service Provider interactions
Figure 10.6 Basic Service Management Model process
elements
List of figures | vii
List of tables
Table 2.1 Roles and core guides
Table 4.1 Factors in strategic assessment
Table 4.2 Types of sourcing structures
Table 4.3 Example of increased Service Potential
Table 4.4 Basic organizational structures for types of
service strategies
Table 5.1 Delivery model options
Table 8.1 Service metric examples
| ix
OGC’s foreword
As co-founder of the ITIL concept and leader of its early
development, I’m delighted by the positive impact it has
made on companies and organizations around the world.
What began as a UK government initiative to set out an
efficient, successful and reliable approach to service
management is now a global endeavour, with
publications, training and support tools available in various
languages. Of course, successful growth doesn’t happen
by chance and ITIL has proven itself many times over
through the benefits it brings to the businesses that
embed its practices.
Since its creation in the late 1980s, ITIL has been
developed to keep up to date with a constantly changing
service management environment. Here in the latest
version, I am pleased to see a top-quality product.
Consultation with experts on a global scale brings you
leading practices, identified through experience and
brought together with the skills and expertise of our
publishing partner, The Stationery Office (TSO).
I believe ITIL will continue to play an important role within
government as an effective standard framework for
delivery. However, the real value in ITIL is that its benefits
are available to every organization, large or small, with a
genuine desire to deliver a high-performing service
provision. May your organization be one of those!
John Stewart
Office of Government Commerce
x |
Sharon Taylor
Chief Architect, ITIL Service Management Practices
| xi
Preface
Life-cycle (noun) – The various stages through which a Adulthood – where we hone our skills and perform within
living thing passes (Kernerman English Multilingual expected societal parameters. We strive to improve our
Dictionary) capabilities continually and define our value. By this time,
we have built a complex network of relationships and
The very term ‘lifecycle’ is used to describe the evolution
dependencies to others. The world we live in has become
of many living things in this world from their creation to
far more complex than in childhood and managing our
expiration. The time between creation and expiration is
lives more challenging.
the ‘journey’.
If you replace the human metaphor above with the
We need only look at our own life journeys to see a living
lifecycle of service management, you will see many
example.
similarities. This is because the ITIL Service Lifecycle
Creation – the first part of our journey. As an embryo represents the same evolution – from creation to
develops, its life blueprint is being established through the expiration – and the stages in the ITIL Service Lifecycle are
architecture of its DNA. The embryo’s genetic structure will what fall in between.
dictate its capability, propensity for immunity or
We often forget that services are living things. They
vulnerability to disease, and certain personality
require sustenance to survive, they must continually adapt
characteristics it will carry throughout life.
and evolve with changing needs of the business, and they
Childhood – the formative stage. We are influenced by our will pass through various stages over their lifetime.
exposure to the world around us and can influence our
Services are constrained by their genetic blueprint – risks,
life blueprint in how we manifest and integrate ourselves
financial investment, culture and economics – but should
with the world around us. Our understanding of our
evolve to influence their value through interaction,
needs, both for growth and creativity, are our
evolution, dependencies and relationships, and to exploit
‘requirements’ that allow us to create value for ourselves
these for positive outcomes.
and those who come into contact with us.
This book will take you through these Service Lifecycle
stages and show how to apply the knowledge contained
in the ITIL core lifecycle publications.
Introduction 1
| 3
1 Introduction
1.1 A HISTORICAL PERSPECTIVE OF IT the itSMF has members worldwide as ITIL’s popularity
SERVICE MANAGEMENT AND ITIL continues to grow.
IT service management (ITSM) evolved naturally as services A formal standard for ITSM, The British Standard 15000,
became underpinned in time by the developing largely based on ITIL practices, was established and
technology. In its early years, IT was mainly focused on followed by various national standards in numerous
application development – all the new possibilities countries. Since then the ISO 20000:2005 Standard was
seeming to be ends in themselves. Harnessing the introduced and gained rapid recognition globally.
apparent benefits of these new technologies meant ITIL’s next revision began in the mid 1990s, until 2004.
concentrating on delivering the created applications as a Version 2 of ITIL, as it is commonly referred to, was a more
part of a larger service offering, supporting the business targeted product – with nine books – explicitly bridging
itself. the gap between technology and business, and with
During the 1980s, as the practice of service management guidance focused strongly on the processes required to
grew, so too did the dependency of the business. Meeting deliver effective services to the business customer.
the business need called for a more radical refocus for an
IT service approach and the ‘IT help desk’ emerged to deal 1.2 ITIL TODAY
with the frequency of issues suffered by those trying to
use IT services in delivery of their business. In 2004, the OGC began the second major refresh initiative
of ITIL, in recognition of the massive advancements in
At the same time, the UK government, fuelled by a need technology and emerging challenges for IT service
for finding efficiencies, set out to document how the best providers. New technology architectures, virtualization and
and most successful organizations approached service outsourcing became a mainstay of IT and the process-
management. By the late 1980s and early 1990s, they had based approach of ITIL needed to be revamped to address
produced a series of books documenting an approach to service management challenges.
the IT service management needed to support business
users. This library of practice was entitled the IT After twenty years ITIL remains the most recognized
Infrastructure Library – ITIL to its friends. framework for ITSM in the world. While it has evolved and
changed its breadth and depth, it preserves the
The original Library grew to over 40 books, and started a fundamental concepts of leading practice.
chain reaction of interest in the UK IT service community.
The term ‘IT service management’ had not been coined at 1.2.1 Why is ITIL so successful?
this point, but became a common term around the mid
ITIL is intentionally composed of a common sense
1990s as the popularity of ITIL grew. In 1991, a user forum,
approach to service management – do what works. And
the IT Information Management Forum (ITIMF), was
what works is adapting a common framework of practices
created to bring ITIL users together to exchange ideas and
that unite all areas of IT service provision toward a single
learn from each other, and would eventually change its
aim – delivering value to the business. The following list
name to the IT Service Management Forum (itSMF). Today,
4 | Introduction
defines the key characteristics of ITIL that contribute to its customer needs, but from predicting them through
global success: preparation, analysis and examining customer usage
patterns.
Non-proprietary – ITIL service management practices
are applicable in any IT organization because they are The next significant characteristic is the systematic use of
not based on any particular technology platform, or service management practices that are responsive,
industry type. ITIL is owned by the UK government and consistent and measurable, and define the provider’s
not tied to any commercial proprietary practice or quality in the eyes of their customers. These practices
solution provide stability and predictability, and permeate the
Non-prescriptive – ITIL offers robust, mature and service provider’s culture.
time-tested practices that have applicability to all types The final characteristic is the provider’s ability to
of service organizations. It continues to be useful and continuously analyse and fine tune service provision to
relevant in public and private sectors, internal and maintain stable, reliable yet adaptive and responsive
external service providers, small, medium and large services that allow the customer to focus on their business
enterprise, and within any technical environment without concern for IT service reliability.
Best practice – ITIL service management practices
represent the learning experiences and thought In these situations you see a trusted partnership between
leadership of the world’s best in class service providers the customer and the service provider. They share risk and
reward and evolve together. Each knows they play a role
Good practice – Not every practice in ITIL can be
in the success of the other.
considered ‘best practice’, and for good reason. For
many, a blend of common, good and best practices As a service provider, this is what you want to achieve. As
are what give meaning and achievability to ITSM. In a customer, this is what you want in a service provider.
some respects, best practices are the flavour of the
Take a moment look around at the industry high-
day. All best practices become common practices over
performing service providers. You’ll see that most use ITIL
time, being replaced by new best practices.
Service Management practices. This isn’t coincidence at all.
1.3 THE ITIL VALUE PROPOSITION 1.4 THE ITIL SERVICE MANAGEMENT
All high-performing service providers share similar PRACTICES
characteristics. This is not coincidence. There are specific
When we turn on a water tap, we expect to see water flow
capabilities inherent in their success that they demonstrate
from it. When we press down a light switch, we expect to
consistently. A core capability is their strategy. If you were
see light fill the room. Not so many years ago these very
to ask a high-achieving service provider what makes them
basic things were not as reliable as they are today. We
distinctive from their competitors, they would tell you that
know instinctively that the advances in technology have
it is their intrinsic understanding of how they provide
made them reliable enough to be considered a utility. But
value to their customers. They understand the customer’s
it isn’t just the technology that makes the services reliable.
business objectives and the role they play in enabling
It is how they are managed. This is service management!
those objectives to be met. A closer look would reveal that
their ability to do this does not come from reacting to
Introduction | 5
The use of IT today has become the utility of business. community of individuals and organizations in the public
Simply having the best technology will not ensure it and private sectors fosters its growth and maturity. Formal
provides utility-like reliability. Professional, responsive, schemes exist for the education, training and certification
value-driven service management is what brings this of practising organizations, and individuals influence its
quality of service to the business. quality. Industry best practices, academic research and
formal standards contribute to its intellectual capital and
The objective of the ITIL Service Management practice
draw from it.
framework is to provide services to business customers
that are fit for purpose, stable and that are so reliable, the The origins of service management are in traditional
business views them as a trusted utility. service businesses such as airlines, banks, hotels and
phone companies. Its practice has grown with the
ITIL offers best practice guidance applicable to all types of
adoption by IT organizations of a service-oriented
organizations who provide services to a business. Each
approach to managing IT applications, infrastructure and
publication addresses capabilities having direct impact on
processes. Solutions to business problems and support for
a service provider’s performance. The structure of the core
business models, strategies and operations are increasingly
practice takes form in a Service Lifecycle. It is iterative and
in the form of services. The popularity of shared services
multidimensional. It ensures organizations are set up to
and outsourcing has contributed to the increase in the
leverage capabilities in one area for learning and
number of organizations who are service providers,
improvements in others. The core is expected to provide
including internal organizational units. This in turn has
structure, stability and strength to service management
strengthened the practice of service management and at
capabilities with durable principles, methods and tools.
the same time imposed greater challenges upon it.
This serves to protect investments and provide the
necessary basis for measurement, learning and Definition of a service
improvement. A ‘service’ is a means of delivering value to customers
by facilitating outcomes customers want to achieve
The guidance in ITIL can be adapted for use in various
without the ownership of specific costs and risks.
business environments and organizational strategies. The
complementary guidance provides flexibility to implement There are a variety of contexts in which the definition of
the core in a diverse range of environments. Practitioners a service can be expanded upon, but as a basic
can select complementary guidance as needed to provide concept, service is the means of delivering value, and
traction for the core in a given business context, much like no matter how your organization chooses to define a
tyres are selected based on the type of automobile, service, this must be at the heart of what defines a
purpose and road conditions. This is to increase the service.
durability and portability of knowledge assets and to
protect investments in service management capabilities.
1.6 NAVIGATING THE ITIL SERVICE
MANAGEMENT LIFECYCLE
1.5 WHAT IS A SERVICE?
Before discussing the principles of ITIL service
Service management is more than just a set of capabilities. management practices, it is helpful to understand the
It is also a professional practice supported by an extensive overall content structure and how topics areas are
body of knowledge, experience and skills. A global
6 | Introduction
organized within each of the books that together Lifecycle processes and activities
comprise the practices. The Service Lifecycle stages rely on processes to execute
The ITIL service management practices are comprised of each element of the practice in a consistent, measurable,
three main sets of products and services: repeatable way. Each core publication identifies the
processes it makes use of, how they integrate with the
ITIL service management practices – core guidance
other stages of the lifecycle, and the activities needed to
ITIL service management practices – complementary carry them out.
guidance
ITIL web support services. Supporting organization structures and roles
Each publication identifies the organizational roles and
1.6.1 ITIL service management practices – responsibilities that should be considered to manage the
core guidance Service Lifecycle. These roles are provided as a guideline
The core set consists of six publications: and can be combined to fit into a variety of organization
structures. Suggestions for optimal organization structures
Introduction to ITIL Service Management Practices
are also provided.
(this publication)
Service Strategy
Technology considerations
Service Design
ITIL service management practices gain momentum when
Service Transition
the right type of technical automation is applied. Each
Service Operation
lifecycle publication makes recommendations on the areas
Continual Service Improvement. to focus technology automation on, and the basic
A common structure across all the core guidance requirements a service provider will want to consider
publications helps to easily find references between when choosing service management tools.
volumes and where to look for similar guidance topics
within each stage of the lifecycle: Practice implementation
For organizations new to ITIL, or those wishing to improve
Practice fundamentals their practice maturity and service capability, each
This section of each core publication sets out the business publication outlines the best ways to implement the ITIL
case argument of the need for viewing service Service Lifecycle stage.
management in a lifecycle context and an overview of the
practices in that stage of the lifecycle that contributes to Challenges, risks and critical success factors
it. It briefly outlines the context for the practices that These are always present in any organization. Each
follow and how they contribute to business value. publication highlights the common challenges, risks and
success factors that most organizations experience and
Practice principles how to overcome them.
Practice principles are the policies and governance aspects
of that lifecycle stage that anchor the tactical processes
and activities to achieving their objectives.
Introduction | 7
Complementary guidance
There are many external methods, practices and
frameworks that align well to ITIL practices. Each
publication provides a list of these and how they
integrate into the ITIL Service Lifecycle, when they are
useful and how.
ve ervi
nt
I
pro l S
nu vem
Im inua
al
nt
rvi
Co
e
ce
how.
We es
b Su vic
pport Ser 2.2 SERVICE DESIGN
‘If you build it, they will come’ is a saying from a famous
2.1 SERVICE STRATEGY 1989 Hollywood movie, Field of Dreams. But if you build it
and it doesn’t provide value, they will soon leave!
At the core of the Service Lifecycle is Service Strategy.
For services to provide true value to the business, they
Service Strategy provides guidance on how to view service
must be designed with the business objectives in mind.
management not only as an organizational capability but
Service Design is the stage in the lifecycle that turns
as a strategic asset. Guidance is provided on the principles
Service Strategy into the blueprint for delivering the
underpinning the practice of service management which
business objectives.
are useful for developing service management policies,
guidelines and processes across the ITIL Service Lifecycle. Service Design provides guidance for the design and
development of services and service management
Topics covered in Service Strategy include the
practices. It covers design principles and methods for
development of service markets, characteristics of internal
converting strategic objectives into portfolios of services
and external provider types, service assets, the service
and service assets. The scope of Service Design is not
portfolio and implementation of strategy through the
limited to new services. It includes the changes and
Service Lifecycle. Financial Management, Demand
improvements necessary to increase or maintain value to
Management, Organizational Development and Strategic
customers over the lifecycle of services, the continuity of
Risks are among other major topics.
services, achievement of service levels, and conformance
Organizations should use Service Strategy guidance to set to standards and regulations. It guides organizations on
objectives and expectations of performance towards
12 | Core guidance topics
with service strategy, design and transition. A closed-loop The ITIL framework incorporates the Deming Quality Cycle
feedback system, based on the Plan-Do-Check-Act (PDCA) by applying it to the Service Lifecycle stages. This helps
model (see section 2.6), is established and capable of align the practices of ITIL to the structure of external
receiving inputs for improvements from any planning practices such as COBIT and ISO/IEC 20000.
perspective.
Guidance on Service Measurement, demonstrating value 2.7 ITIL CONFORMANCE OR COMPLIANCE –
with metrics, developing baselines and maturity PRACTICE ADAPTATION
assessments are among the key topics.
An important aspect of ITIL is the ‘open-source’ nature of
its practices. It is intended and strongly recommended
2.6 LIFECYCLE QUALITY CONTROL that organizations adapt ITIL practices within their own
Consistent with the structures adopted by high-performing context, and entrench their own best practices within an
businesses today and standards bodies around the world, overall Service Management framework.
the ITIL Service Lifecycle approach embraces and enhances For example, within Service Transition, ITIL provides a
the interpretation of the Deming Quality Cycle (Figure 2.1) selection of Change Management models for standard,
of Plan-Do-Check-Act. You will see this quality cycle used normal and emergency Changes. In many cases, these
in the structure of the practices in each of the core guides. models as described in Service Transition may be all you
need and they cover the range of possible change types in
ACT PLAN
Business
IT
Alignment
CHECK DO
Effective Quality
Improvement
Time Scale
14 | Core guidance topics
an organization. Within each model, a specific flow of practices of ITIL and fit well into any organization’s service
process and procedure is provided. If in your organization, practices.
more steps for an emergency change make sense to meet
your requirements and objectives, then you should adapt
2.8 GETTING STARTED – SERVICE LIFECYCLE
these into the generic ITIL Change process flow. Doing so
does not mean you no longer conform to ITIL. As long as PRINCIPLES
the main ITIL process steps, inputs and outputs are In the following chapters you will learn about the key
included and the objectives met, that is your best practice concepts within the ITIL Service Lifecycle. You begin by
and is fit for purpose in your organizational context. working your way from the core of the lifecycle, Service
ITIL is a framework an organization conforms to, not Strategy, then around the revolving lifecycle practices of
complies with. There is a major difference between these Service Design, Transition and Operation, finishing with
two things and one that is often misunderstood. Continual Service Improvement. Afterward, you should
have a clear understanding of the basic concepts of the
Conformity allows flexibility in the adaptation of practices ITIL Service Lifecycle and how the core practice
within an organizational context while maintaining the publications can be useful to you. This will help readers to
overall structure of the framework. Compliance is highly further examine particular areas within any of the core
specific, often audited to a formal standard and the guidance books that offer detailed practice information in
organization’s practices must mimic externally defined areas that support your day-to-day service management
practices. There is a need for both within certain contexts, role.
but a key to agile service management practices is
knowing which, in what blend and in what context The following table gives a general view of some of the
conformance or compliance should apply. more common roles in organizations and the ITIL service
management practice core guides that host the day-to-day
Many organizations use ITIL as a means to achieve practices, processes and activities most related to those
compliance with a formal, audited standard such as roles.
ISO/IEC 20000:2005. The design of ITIL is particularly
useful for this purpose since the framework is architected
to ensure that an organization’s service capabilities are
designed and operated using the practices that align to
these standards.
This standard set outs the key areas of compliance and
requires that organizations can demonstrate that they use
the management systems and practices in these areas in
order to be compliant to the standard. Experts agree that
adopting ITIL produces a framework best suited to
achieving ISO/IEC 20000 certification. Later in this book a
list of common external frameworks, method and
standards are provided that have a solid alignment to the
Core guidance topics | 15
Service
Transition
Service Strategy
Service Service
Design Operation
Continual
Service Improvement
20 | The ITIL Service Management Lifecycle – core of practice
customer can be measured and quantified in terms of Functions typically define roles and the associated authority
business value. This has become extremely important and responsibility for a specific performance and outcomes.
today as IT organizations must operate themselves as Coordination between functions through shared processes
businesses in order to demonstrate a clear return on is a common pattern in organization design. Functions tend
investment and equate service performance with business to optimize their work methods locally to focus on assigned
value to the customer. outcomes. Poor coordination between functions combined
with an inward focus leads to functional silos that hinder
alignment and feedback critical to the success of the
3.1 FUNCTIONS AND PROCESSES ACROSS
organization as a whole. Process models help avoid this
THE LIFECYCLE problem with functional hierarchies by improving cross-
functional coordination and control. Well-defined processes
3.1.1 Functions can improve productivity within and across functions.
Functions are units of organizations specialized to perform
certain types of work and responsible for specific 3.1.2 Processes
outcomes. They are self-contained with capabilities and Processes are examples of closed-loop systems because
resources necessary to their performance and outcomes. they provide change and transformation towards a goal,
Capabilities include work methods internal to the and use feedback for self-reinforcing and self-corrective
functions. Functions have their own body of knowledge, action (Figure 3.2). It is important to consider the entire
which accumulates from experience. They provide process or how one process fits into another.
structure and stability to organizations.
Data,
information Process
and
knowledge
Suppliers Activity 1
Desired
Activity 2 outcome
Customer
Activity 3
Trigger
The ITIL Service Management Lifecycle – core of practice | 21
Process definitions describe actions, dependencies and The combination of multiple perspectives allows greater
sequence. Processes have the following characteristics: flexibility and control across environments and situations.
The lifecycle approach mimics the reality of most
They are measurable and are performance driven.
organizations where effective management requires the
Managers want to measure cost, quality and other
use of multiple control perspectives. Those responsible for
variables while practitioners are concerned with
the design, development and improvement of processes
duration and productivity.
for service management can adopt a process-based
They have specific results. The reason a process exists
control perspective. For those responsible for managing
is to deliver a specific result. This result must be
agreements, contracts and services may be better served
individually identifiable and countable.
by a lifecycle-based control perspective with distinct
They deliver to customers. Every process delivers its
phases. Both these control perspectives benefit from
primary results to a customer or stakeholder. They may systems thinking. Each control perspective can reveal
be internal or external to the organization but the patterns that may not be apparent from the other.
process must meet their expectations.
They respond to a specific event. While a process may 3.1.4 Feedback throughout the Service
be ongoing or iterative, it should be traceable to a
Lifecycle
specific trigger.
The strength of the ITIL Service Lifecycle rests upon
continual feedback throughout each stage of the lifecycle.
3.1.3 Specialization and coordination across
This feedback ensures that service optimization is
the lifecycle managed from a business perspective and is measured in
Specialization and coordination are necessary in the terms of the value business derives from services at any
lifecycle approach. Feedback and control between the point in time through the Service Lifecycle. The ITIL
functions and processes within and across the elements of Service Lifecycle is non-linear in design. At every point in
the lifecycle make this possible. The dominant pattern in the Service Lifecycle, monitoring, assessment and feedback
the lifecycle is the sequential progress starting from flows between each stage of the lifecycle which drive
Service Strategy (SS) through Service Delivery (SD) – decisions about the need for minor course corrections or
Service Transition (ST) – Service Operation (SO) and back major service improvement initiatives. The following figure
to SS through Continual Service Improvement (CSI). That, illustrates some examples of the continual feedback
however, is not the only pattern of action. Every element system built into the ITIL Service Lifecycle.
of the lifecycle provides points for feedback and control.
22 | The ITIL Service Management Lifecycle – core of practice
Service Strategies
Strategies, Policies,
Standards Feedback
Lessons Learned Feedback
for Improvement Lessons Learned
for Improvement
Service Design
Service Transition
Manage the transition of a
Output new or changed service
and/or service management Feedback
process into production Lessons Learned
for Improvement
Service Operation
Day-to-day operations of
Output services and service
management processes
As the core of the ITIL Service Lifecycle, Service Strategy Defining the service market
sets the stage for developing a service provider’s core Developing service offerings
capabilities. This chapter will discuss a selection of the key Financial Management
concepts from the Service Strategy book to help aid the Service Portfolios
understanding of the role of Service Strategy in the ITIL
Demand Management
Service Lifecycle.
Service assessment
Imagine you have been given responsibility for an IT Return on investment.
organization. This organization could be internal or
external, commercial or not-for-profit. How would you go
about deciding on a strategy to serve customers? What if 4.1 STRATEGIC ASSESSMENT
you have a variety of customers, all with specific needs In crafting a service strategy, a provider should first take a
and demands? How do you define your service strategy to careful look at what it does already. It is likely there
meet all of them? already exists a core of differentiation. An established
Service Strategy provides guidance to help answer that service provider frequently lacks an understanding of its
key question. It is comprised of the following key own unique differentiators. The following questions can
concepts. help expose a service provider’s distinctive capabilities:
Value creation Which of our services or service varieties are the most
Service assets distinctive?
Service Provider types Are there services that the business or customer cannot
Service capabilities and resources easily substitute? The differentiation can come in the form
Service structures of barriers to entry, such as the organization’s know-how
26 | Service Strategy – governance and decision-making
of the customer’s business or the broadness of service Which of our customers and stakeholders are the
offerings. Or it may be in the form of raised switching most satisfied?
costs, due to lower cost structures generated through
specialization or service sourcing. It may be a particular
Which customers, channels or purchase occasions are
attribute not readily found elsewhere, such as product the most profitable?
knowledge, regulatory compliance, provisioning speeds, Again, the form of value can be monetary, social or other.
technical capabilities or global support structures.
Which of our activities in our value chain or value
Which of our services or service varieties are the most network are the most different and effective?
profitable? The answers to these questions will likely reveal patterns
The form of value may be monetary, as in higher profits or that lend insight to future strategic decisions. These
lower expenses, or social, as in saving lives or collecting decisions, and related objectives, form the basis of a
taxes. For non-profit organizations, are there services that strategic assessment.
allow the organization to perform its mission better?
Service Providers can be present in more than one market
Substitute ‘profit’ with ‘benefits realized’.
space. As part of strategic planning, Service Providers
should analyse their presence across various market
spaces. Strategic reviews include the analysis of strengths,
weaknesses, opportunities and threats in each market
space. Service Providers also analyse their business
potential based on un-served or underserved market A multi-disciplinary approach is required to answer such
spaces. This is an important aspect of leadership and questions. Technical knowledge of IT is necessary but not
direction provided by the senior management of Service sufficient. The guidance is pollinated with knowledge from
Providers. The long-term vitality of the Service Provider the disciplines such as operations management,
rests on supporting customer needs as they change or marketing, finance, information systems, organizational
grow as well exploiting new opportunities that emerge. development, systems dynamics and industrial
This analysis identifies opportunities with current and engineering. The result is a body of knowledge robust
prospective customers. It also prioritizes investments in enough to be effective across a wide range of business
service assets based on their potential to serve market environments. Some organizations are putting in place the
spaces of interest. For example, if a Service Provider has foundational elements of service management. Others are
strong capabilities and resources in service recovery, it further up the adoption curve, ready to tackle challenges
explores all those market spaces where such assets can and opportunities with higher levels of complexity and
deliver value for customers. uncertainty.
resources and IT provide services required by various often require customers to have flexible and lean
parts of the business. They are funded by overheads structures. In such cases it is better to buy services
and are required to operate strictly within the rather than own and operate the assets necessary to
mandates of the business. Type I providers have the execute certain business functions and processes. For
benefit of tight coupling with their owner-customers, such customers, Type III is the best choice for a given
avoiding certain costs and risks associated with set of services.
conducting business with external parties.
Today, it is common to see all three types combining
Type II – Shared Service Provider capabilities to manage services for a customer. The power of
Business functions such as finance, IT, human resources this approach lies in selecting the right blend and balance.
and logistics are not always at the core of an The Service Strategy publication provides detailed
organization’s competitive advantage. Hence, they guidance on provider types and how to decide on the
need not be maintained at the corporate level where right blend.
they demand the attention of the chief executive’s
team. Instead, the services of such shared functions are
consolidated into an autonomous special unit called a 4.4 SERVICES AS ASSETS – VALUE
shared services unit (SSU). This model allows a more CREATION
devolved governing structure under which an SSU can A good business model describes the means of fulfilling an
focus on serving business units as direct customers. organization’s objectives. However, without a strategy that
SSUs can create, grow and sustain an internal market in some way makes a Service Provider uniquely valuable to
for their services and model themselves along the lines the customer, there is little to prevent alternatives from
of service providers in the open market. Like corporate displacing the organization, degrading its mission or
business functions, they can leverage opportunities entering its market space. A service strategy therefore
across the enterprise and spread their costs and risks defines a unique approach for delivering better value. The
across a wider base. need for having a service strategy is not limited to Service
Type III – External Service Provider Providers who are commercial enterprises. Internal Service
Type III providers can offer competitive prices and drive Providers need just as much to have a clear perspective,
down unit costs by consolidating demand. Certain positioning and plans to ensure they remain relevant to the
business strategies are not adequately served by business strategies of their enterprises.
internal Service Providers such as Type I and Type II. Service assets have two main characteristics:
Customers may pursue sourcing strategies requiring
services from external providers. The motivation may Utility is perceived by the customer from the
be access to knowledge, experience, scale, scope, attributes of the service that have a positive effect on
capabilities and resources that are either beyond the the performance of tasks associated with desired
reach of the organization or outside the scope of a business outcomes. This is fit for purpose.
carefully considered investment portfolio. Business Warranty is derived from the positive effect being
strategies often require reductions in the asset base, available when needed, in sufficient capacity or
fixed costs, operational risks or the redeployment of magnitude, and dependably in terms of continuity and
financial assets. Competitive business environments security. This is fit for use.
Service Strategy – governance and decision-making | 29
Utility is what the customer gets, and warranty is how it is responds by delivering the performance expected of a
delivered. strategic asset. The performance is rewarded with contract
renewals, new services and customers, which together
Resources and capabilities are types of assets that, when
represent a larger value of business. To handle this increase
combined in various ways, produce service utility and
in value, service management must invest further in assets
warranty. Organizations use them to create value in the
such as process, knowledge, people, applications and
form of goods and services. Resources are direct inputs for
infrastructure. Successful learning and growth enables
production. Management, organization, people and
commitments of higher service levels as service
knowledge are used to transform resources. Capabilities
management gets conditioned to handle bigger challenges.
represent an organization’s ability to coordinate, control
and deploy resources to produce value. They are typically
experience-driven, knowledge-intensive, information-based 4.5 DEFINING THE MARKET SPACE
and firmly embedded within an organization’s people,
A market space is defined by a set of business outcomes,
systems, processes and technologies.
which can be facilitated by a service. The opportunity to
Customers perceive benefits in a continued relationship, facilitate those outcomes defines a market space. The
and entrust the provider with the business of increasing following are examples of business outcomes that can be
value and also adding new customers and market spaces the bases of one or more market spaces:
to the realm of possibilities. This justifies further
Sales teams are productive with sales management
investments in service management in terms of
system on wireless computers
capabilities and resources, which have a tendency to
E-commerce website is linked to the warehouse
reinforce each other.
management system
Customers may initially trust the provider with low-value Key business applications are monitored and secure
contracts or non-critical services. Service management
A2 Organization Infrastructure A8
A3 Processes Applications A7
A4 Knowledge Information A6
People A5 People
30 | Service Strategy – governance and decision-making
Loan officers have faster access to information required services create value for customers. Services are often
on loan applicants defined in terms of resources made available for use by
Online bill payment service offers more options for customers. Service definitions lack clarity in the context in
shoppers to pay which such resources are useful, and the business
Business continuity is assured. outcomes that justify their cost from a customer’s
perspective. This problem leads to poor designs,
Each of the conditions is related to one or more categories ineffective operation and lacklustre performance in service
of customer assets, such as people, infrastructure, contracts. Service improvements are difficult when it is not
information, accounts receivables and purchase orders, clear where improvements are truly required. Customers
and can then be linked to the services that make them can understand and appreciate improvements only within
possible. the context of their own business assets, performances
Customers will prefer the one that means lower costs and and outcomes. It is therefore important the Service
risks. Service Providers create these conditions through Providers identify their market spaces by ensuring they
the services they deliver and thereby provide support for define service by business outcomes such as those
customers to achieve specific business outcomes. described above and in Figure 4.2.
A market space therefore represents a set of opportunities
for Service Providers to deliver value to a customer’s 4.6 SERVICE PORTFOLIOS
business through one or more services. This approach has The Service Portfolio (Figure 4.3) represents the
definite value for Service Providers in building strong commitments and investments made by a Service Provider
relationships with customers. Often it is not clear how across all customers and market spaces. It represents
present contractual commitments, new service governance aspect of Service Portfolio Management (SPM).
development, and ongoing service improvement Entry, progress and exit are approved only with approved
programmes initiated by Continual Service Improvement. funding and a financial plan for recovering costs or
The portfolio also includes third-party services, which are showing profit as necessary. The Portfolio should have the
an integral part of service offerings to customers. Some right mix of services in development for the market spaces
third-party services are visible to the customers while and the Service Catalogue (Figure 4.4) to secure the
others are not. financial viability of the Service Provider. The Service
Catalogue is the only part of the Portfolio that recovers
The Service Portfolio represents all the resources presently
costs or earns profits.
engaged or being released in various phases of the Service
Lifecycle. Each phase requires resources for completion of
projects, initiatives and contracts. This is a very important
Service
Improvement
Plan
Customer Market
3 Space 1
Linked by
services
Market potential
for services
Customer Market
1 Space 3
Third-party
Services
32 | Service Strategy – governance and decision-making
Description Services
Sourcing requires businesses to formally consider a management and governance, they inevitably focus on
sourcing strategy, the structure and role of the retained execution at the expense of strategic decision-making.
organization, and how decisions are made. When sourcing Both are vitally important. Further complicating matters is
services, the enterprise retains the responsibility for the the requirement of sharing decision rights with the Service
adequacy of services delivered. Therefore, the enterprise Providers. When a company places itself in a position to
retains key overall responsibility for governance. The make operational decisions on behalf of an outsourcer,
enterprise should adopt a formal governance approach in the outcomes are inevitably poor service levels and
order to create a working model for managing its contentious relationship management.
outsourced services as well as the assurance of value
Governance is invariably the weakest link in a service
delivery. This includes planning for the organizational
sourcing strategy. A few simple constructs have been
change precipitated by the sourcing strategy and a formal
shown to be effective at improving that weakness:
and verifiable description as to how decisions on services
are made. Table 4.2 describes the generic forms of service A governance body – By forming a manageably sized
sourcing structures. governance body with a clear understanding of the
service sourcing strategy, decisions can be made
Partnering with providers who are ISO/IEC 20000
without escalating to the highest levels of senior
compliant can be an important element in reducing the
management. By including representation from each
risk of service sourcing. Organizations who have achieved
Service Provider, stronger decisions can be made.
this certification are more likely to meet service levels on a
Governance domains – Domains can cover decision-
sustained basis. This credential is particularly important in
making for a specific area of the service sourcing
multi-sourced environments where a common framework
strategy. Domains can cover, for example, service
promotes better integration. Multi-sourced environments
delivery, communication, sourcing strategy or contract
require common language, integrated processes and a
management. Remember, a governance domain does
management structure between internal and external
not include the responsibility for its execution, only its
providers. ISO/IEC 20000 does not provide all of this but it
strategic decision-making.
provides a foundation on which it can be built.
Creation of a decision-rights matrix – This ties all
4.7.1 Sourcing governance three recommendations together. RACI or RASIC charts
are common forms of a decision-rights matrix.
There is a frequent misunderstanding of the definition of
‘governance’, particularly in a sourcing context. Companies
have used the word interchangeably with ‘vendor 4.8 RETURN ON INVESTMENT (ROI)
management’, ‘retained staff’ and ‘sourcing management Return on investment (ROI) is a concept for quantifying
organization’. Governance is none of these. the value of an investment. Its use and meaning are not
Management and governance are different disciplines. always precise. When dealing with financial officers, ROI
Management deals with making decisions and executing most likely means ROIC (return on invested capital), a
processes. Governance only deals with making sound measure of business performance. In service management,
decisions. It is the framework of decision rights that ROI is used as a measure of the ability to use assets to
encourages desired behaviours in the sourcing and the generate additional value. In the simplest sense, it is the
sourced organization. When companies confuse net profit of an investment divided by the net worth of
36 | Service Strategy – governance and decision-making
the assets invested. The resulting percentage is applied to While a service can be directly linked and justified through
either additional top-line revenue or the elimination of specific business imperatives, few companies can readily
bottom-line cost. identify the financial return for the specific aspects of
service management. It is often an investment that
It is not unexpected that companies seek to apply ROI in
companies must make in advance of any return.
deciding to adopt service management. ROI is appealing
because it is self-evident. The measure either meets or
does not meet a numerical criterion. The challenge is 4.9 FINANCIAL MANAGEMENT
when ROI calculations focus on the short term. The
Operational visibility, insight and superior decision-making
application of service management has different degrees
are the core capabilities brought to the enterprise through
of ROI, depending on business impact (see Figure 4.6).
the rigorous application of Financial Management. Just as
Moreover, there are often difficulties in quantifying the
business units accrue benefits through the analysis of
complexities involved in implementations.
Improved Reliability
Tangible Measure:
MTBF (Mean Time Between Failure)
Impact:
MTBF to 200 hours from 600 hours
Improved Services
Tangible Measure:
Product orders can now be placed on-line
Impact:
Product orders can be placed 24 x7
Service Strategy – governance and decision-making | 37
product mix and margin data, or customer profiles and by focusing on demand and supply variances resulting
product behaviour, a similar utility of financial data from business strategy, capacity inputs and forecasting,
continues to increase the importance of Financial rather than traditional individual line item expenditures or
Management for IT and the business as well. business cost accounts. As with planning for any other
business organization, input should be collected from all
Financial Management as a strategic tool is equally
areas of the IT organization and the business.
applicable to all three Service Provider types. Internal
service providers are increasingly asked to operate with Planning can be categorized into three main areas, each
the same levels of financial visibility and accountability as representing financial results that are required for
their business unit and external counterparts. Moreover, continued visibility and service valuation:
technology and innovation have become the core
Operating and capital planning processes are common
revenue-generating capabilities of many companies.
and fairly standardized, and involve the translation of
Financial Management provides the business and IT with IT expenditures into corporate financial systems as part
the quantification, in financial terms, of the value of IT of the corporate planning cycle. Beyond this, the
services, the value of the assets underlying the importance of this process is in communicating
provisioning of those services, and the qualification of expected changes in the funding of IT services for
operational forecasting. Talking about IT in terms of consideration by other business domains. The impact
services is the crux of changing the perception of IT and of IT services on capital planning is largely
its value to the business. Therefore, a significant portion of underestimated, but is of interest to tax and fixed-asset
Financial Management is working in tandem with IT and departments if the status of an IT asset changes.
the business to help identify, document and agree on the Demand representing the need and use of IT services.
value of the services being received, and the enablement Regulatory and environmental-related planning should
of service demand modelling and management. get its triggers from within the business. However,
Much like their business counterparts, IT organizations are Financial Management should apply the proper
increasingly incorporating Financial Management in the financial inputs to the related services value, whether
pursuit of: cost-based or value-based.
Enhanced decision-making
4.9.1 Service valuation
Speed of change
Service valuation quantifies, in financial terms, the funding
Service Portfolio Management
sought by the business and IT for services delivered, based
Financial compliance and control on the agreed value of those services. Financial
Operational control Management calculates and assigns a monetary value to a
Value capture and creation. service or service component so that they may be
disseminated across the enterprise once the business
One goal of Financial Management is to ensure proper
customer and IT identify what services are actually desired.
funding for the delivery and consumption of services.
Planning provides financial translation and qualification of Hardware and software licence costs
expected future demand for IT services. Financial Annual maintenance fees for hardware and software
Management planning departs from historical IT planning
38 | Service Strategy – governance and decision-making
Personnel resources used in the support or Fixed/variable – this segregation of costs is based
maintenance of a service on contractual commitments of time or price. The
Utilities, data centre or other facilities charges strategic issue around this classification is that the
Taxes, capital or interest charges business should seek to optimize fixed service costs
Compliance costs. and minimize the variable in order to minimize
predictability and stability
Financial Management plays a translational role between Cost units – a cost unit is the identified unit of
corporate financial systems and service management. The consumption that is accounted for a particular
result of a service-oriented accounting function is that far service or service asset.
greater detail and understanding is achieved regarding
service provisioning and consumption, and the generation 4.9.2 Variable cost dynamics
of data that feeds directly into the planning process. The
Variable cost dynamics (VCD) focuses on analysing and
functions and accounting characteristics that come into
understanding the multitude of variables that impact
play are discussed below:
service cost, how sensitive those elements are to variation,
Service recording – The assignment of a cost entry to and the related incremental value changes that result.
the appropriate service. Depending on how services
Below is a very brief list of possible variable service cost
are defined, and the granularity of the definitions,
components that could be included in such an analysis:
there may be additional sub-service components
Cost types – These are higher-level expenses Number and type of users
categories such as hardware, software, labour, Number of software licences
administration etc. These attributes assist with Cost/operating foot of data centre
reporting and analysing demand and usage of services Delivery mechanisms
and their components in commonly used financial Number and type of resources
terms Cost of adding one more storage device
Cost classifications – There are also classifications Cost of adding one more end-user license.
within services that designate the end purpose of the
cost. These include classifications such as:
Capital/operational – this classification addresses 4.10 INCREASING SERVICE POTENTIAL
different accounting methodologies that are The capabilities and resources (service assets) of a Service
required by the business and regulatory agencies Provider represent the service potential or the productive
Direct/indirect – this designation determines capacity available to customers through a set of services.
whether a cost will be assigned directly or indirectly Projects that develop or improve capabilities and resources
to a consumer or service: increase the service potential. For example,
– Direct costs are charged directly to a service implementation of a Configuration Management System
since it is the only consumer of the expense leads to improved visibility and control over the
– Indirect or shared costs are allocated across productive capacity of service assets such as networks,
multiple services since each service may storage and servers. It also helps quickly to restore such
consume a portion of the expense capacity in the event of failures or outages. There is
Service Strategy – governance and decision-making | 39
Training and certification Knowledgeable staff in control of Service Staffing of key competencies
Lifecycle Extension of Service Desk hours
Improved analysis and decisions
Implement Incident Management Better response to Service Incidents Reducing losses in resource utilization
process Prioritization of recovery activities
Develop service design process Systematic design of services Re-use of service components
Enrichment of design portfolio Fewer service failures through design
Thin-client computing Increased flexibility in work locations Standardization and control of configurations
Enhanced service continuity capabilities Centralization of administration functions
greater efficiency in the utilization of those assets and There is no one best way to organize. Elements of an
therefore service potential because of capability organizational design, such as scale, scope and structure,
improvements in Configuration Management. Similar are highly dependent on strategic objectives. Over time,
examples are given in Table 4.3. One of the key objectives an organization will likely outgrow its design. Certain
of service management is to improve the service potential organizational designs fit while others do not. The design
of its capabilities and resources. challenge is to identify and select among often distinct
choices. Thus the problem becomes much more solvable
when there is an understanding of the factors that
4.11 ORGANIZATIONAL DEVELOPMENT
generate fit and the trade-offs involved, such as control
When senior managers adopt a service management and coordination.
orientation, they are adopting a vision for the
It is common to think of organizational hierarchies in
organization. Such a vision provides a model toward
terms of functions. As the functional groups become
which staff can work. Organizational change, however, is
larger, think of them in terms of departmentalization.
not instantaneous. Senior managers often make the
A department can loosely be defined as an organizational
mistake of thinking that announcing the organizational
activity involving over 20 people. When a functional group
change is the same as making it happen.
grows to departmental size, the organization can reorient
40 | Service Strategy – governance and decision-making
the group to one of the following areas or a hybrid Certain basic structures are preferred for certain service
thereof: strategies, as shown in Table 4.4.
Function – preferred for specialization, the pooling of Service strategies are executed by delivering and
resources and reducing duplication supporting the contract portfolio in a given market space.
Product – preferred for servicing businesses with Contracts specify the terms and conditions under which
strategies of diverse and new products, usually value is delivered to customer through services. From an
manufacturing businesses operational point of view this translates into specific levels
Market space or customer – preferred for organizing of utility and warranty for every service. Since every service
around market structures. Provides differentiation in is mapped to one or more market spaces, it follows that
the form of increased knowledge of and response to the design of a service is related to categories of customer
customer preferences assets and the service models. These are the basic inputs
Geography – the use of geography depends on the for service design.
industry. By providing services in close geographical There is much more depth in Service Strategy than
proximity, travel and distribution costs are minimized depicted in the preceding pages. As the core of the ITIL
while local knowledge is leveraged Service Lifecycle, Service Strategy is a prime component in
Process – preferred for an end-to-end coverage of a a good service management practice. The key concepts
process. have been outlined in this book to provide a basic
understanding and illustrate the enormous benefits a
Service SDPs
Design Standards
Architectures
Solution
Designs
Following on from Service Strategy, Service Design is the The Service Design publication provides a greater level of
next stage in the ITIL Service Lifecycle. While the lifecycle detail on these and also on application and infrastructure
is not entirely linear, we will portray each stage from a design principles.
logical progression. The key concepts of Service Design
The main purpose of the Service Design stage of the
revolve around the five design aspects and the design of
lifecycle is the design of new or changed service for
services, service processes and service capabilities to meet
introduction into the live environment. It is important that
business demand. The primary topics that will be
a holistic approach to all aspects of design is adopted and
discussed here are not the entire spectrum of Service
that when changing or amending any of the individual
Design, but the main elements that illustrate the
elements of design all other aspects are considered. Thus
objectives of this stage in the Service Lifecycle:
when designing and developing a new application, this
Aspects of Service Design shouldn’t be done in isolation, but should also consider
Service Catalogue Management the impact on the overall service, the management
Service Requirements systems and tools (e.g. the Service Portfolio and
Service Design Models Catalogue), the architectures, the technology, the Service
Management processes and the necessary measurements
Capacity Management
and metrics. This will ensure that not only the functional
Availability Management
elements are addressed by the design, but also that all of
Service Level Management.
46 | Service Design – building structural service integrity
the management and operational requirements are Improved IT governance: assists with the
addressed as a fundamental part of the design and are not implementation and communication of a set of
added as an afterthought. controls for effective governance of IT
The main aim of Service Design is the design of new or More effective service management and IT
changed services. The requirements for these new services processes: processes will be designed with optimal
are extracted from the Service Portfolio and each quality and cost-effectiveness
requirement is analysed, documented and agreed and a Improved information and decision-making: more
solution design is produced that is then compared with comprehensive and effective measurements and
the strategies and constraints from Service Strategy to metrics will enable better decision-making and
ensure that it conforms to corporate and IT policies. continual improvement of service management
practices in the design stage of the Service Lifecycle.
The following benefits are as a result of good Service 1 The design of the services, including all of the
Design practice: functional requirements, resources and capabilities
needed and agreed
Reduced total cost of ownership (TCO): cost of
ownership can only be minimized if all aspects of 2 The design of service management systems and tools,
services, processes and technology are designed especially the Service Portfolio, for the management
properly and implemented against the design and control of services through their lifecycle
Improved quality of service: both service and 3 The design of the technology architectures and
operational quality will be enhanced management systems required to provide the services
Improved consistency of service: as services are
4 The design of the processes needed to design,
designed within the corporate strategy, architectures
transition, operate and improve the services, the
and constraints
architectures and the processes themselves
Easier implementation of new or changed services:
as there is integrated and full Service Design, and the 5 The design of the measurement methods and metrics
production of comprehensives Service Design Packages of the services, the architectures and their constituent
Improved service alignment: involvement from the components and the processes.
conception of the service ensuring that new or A results-driven approach should be adopted for each of
changed services match business needs, with services the above five aspects. In each, the desired business
designed to meet Service Level Requirements outcomes and planned results should be defined so that
More effective service performance: with what is delivered meets the expectation of the customers
incorporation and recognition of Capacity, Financial, and users. Thus this structured approach should be
Availability and IT Service Continuity plans adopted within each of the five aspects to deliver quality,
Service Design – building structural service integrity | 47
repeatable consistency and continual improvement The externally supported services and components and
throughout the organization. There are no situations their associated Underpinning Contracts (UCs), which
within IT service provision with either internal or external will often have their own related agreements and/or
service providers where there are no processes in the schedules
Service Design area. All IT Service Provider organizations The performance measurements and metrics required
already have some elements of their approach to these The legislated or required security levels.
five aspects in place, no matter how basic. Before starting
on the implementation of the improvement of activities The relationships and dependencies between these
and processes a review should be conducted of what elements are illustrated in Figure 5.1.
elements are in place and working successfully. Many The design needs to be holistic, and the main problem
Service Provider organizations already have mature today is that organizations often only focus on the
processes in place for designing IT services and solutions. functional requirements. A design or architecture by very
definition needs to consider all aspects. It is not a smaller
5.3 IDENTIFYING SERVICE REQUIREMENTS organization that combines these aspects, it is a sensible
one.
Service Design must consider all elements of the service by
taking a holistic approach to the design of a new service. The design process activities are:
This approach should consider the service and its Requirements collection, analysis and engineering to
constituent components and their inter-relationships, ensure that business requirements are clearly
ensuring that the services delivered meet the functionality documented and agreed
and quality of service expected by the business in all areas: Design of appropriate services, technology, processes,
The scalability of the service to meet future information and process measurements to meet
requirements, in support of the long-term business business requirements
objectives Review and revision of all processes and documents
The business processes and business units supported involved in Service Design, including designs, plans,
by the service architectures and policies
The IT service and the agreed business functionality Liaison with all other design and planning activities
and requirements and roles, e.g. solution design
The service itself and its Service Level Requirement Production and maintenance of IT policies and design
(SLR) or Service Level Agreement (SLA) documents, including designs, plans, architectures and
The technology components used to deploy and policies
deliver the service, including the infrastructure, the Revision of all design documents and planning for the
environment, the data and the applications deployment and implementation of IT strategies using
The internally supported services and components and roadmaps, programmes and project plans
their associated Operational Level Agreements (OLAs) Risk assessment and management of all design
processes and deliverables
Ensuring alignment with all corporate and IT strategies
and policies.
48 | Service Design – building structural service integrity
E F G IT Services
B C D
SLAs Service A
IT
Service Design
Services
Support teams
Suppliers
5.5 DELIVERY MODEL OPTIONS disadvantages, but all require some level of adaptation
and customization for the situation at hand. Table 5.1 lists
Although the readiness assessment determines the gap
the main categories of sourcing strategies with a short
between the current and desired capabilities, an IT
abstract for each. Delivery practices tend to fall into one of
organization should not necessarily try to bridge that gap
these categories or some variant of them.
by itself. There are many different delivery strategies that
can be used. Each one has its own set of advantages and
5.6 SERVICE CATALOGUE MANAGEMENT Interfaces and dependencies between all services and
supporting services within the Service Catalogue and
Over the years, organizations’ IT infrastructures have
the CMS
grown and developed, and there may not always be a
Interfaces and dependencies between all services, and
clear picture of all the services currently being provided or
supporting components and Configuration Items (CIs)
the customers of each service. In order to establish an
within the Service Catalogue and the CMS.
accurate picture, it is recommended that an IT Service
Portfolio containing a Service Catalogue is produced and When initially completed, the Service Catalogue may
maintained to provide a central accurate set of consist of a matrix, table or spreadsheet. Many
information on all services and to develop a service- organizations integrate and maintain their Portfolio and
focused culture. Catalogue as part of their CMS. By defining each service as
a CI and, where appropriate, relating these to form a
In the preceding chapter, we learned about the Service
service hierarchy, the organization is able to relate events
Portfolio and its constituent elements. Among them is the
such as Incidents and RFCs to the services affected, thus
Service Catalogue.
providing the basis for service monitoring and reporting
The objective of Service Catalogue Management is to using an integrated tool (e.g. ‘list or give the number of
manage the information contained within the Service Incidents affecting this particular service’). It is therefore
Catalogue and to ensure that it is accurate and reflects the essential that changes within the Service Portfolio and
current details, status, interfaces and dependencies of all Service Catalogue are subject to the Change Management
services that are being run or being prepared to run in the process.
live environment.
The Service Catalogue can also be used for other Service
The Service Catalogue provides business value as a central Management purposes (e.g. for performing a Business
source of information on the IT services delivered by the Impact Analysis (BIA) as part of IT Service Continuity
service provider organization. This ensures that all areas of Planning, or as a starting place for redistributing
the business can view an accurate, consistent picture of workloads, as part of Capacity Management). The cost and
the IT services, their details and their status. It contains a effort of producing and maintaining the catalogue, with its
customer-facing view of the IT services in use, how they relationships to the underpinning technology components,
are intended to be used, the business processes they is therefore easily justifiable. If done in conjunction with
enable, and the levels and quality of service the customer prioritization of the BIA, then it is possible to ensure that
can expect of each service. the most important services are covered first.
Service Catalogue Management activities should include: The Service Catalogue has two aspects:
Definition of the service Business Service Catalogue: containing details of all
Production and maintenance of an accurate Service of the IT services delivered to the customer, together
Catalogue with relationships to the business units and the
Interfaces, dependencies and consistency between the business processes that rely on the IT services. This is
Service Catalogue and Service Portfolio the customer view of the Service Catalogue
Service Design – building structural service integrity | 51
Technical Service Catalogue: containing details of all Interfacing with the business and IT Service Continuity
the IT services delivered to the customer, together with Management on the dependencies of business units
relationships to the supporting services, shared and their business processes with the supporting IT
services, components and CIs necessary to support the services, contained within the Business Service
provision of the service to the business. This should Catalogue
underpin the Business Service Catalogue and not form Interfacing with support teams, Suppliers and
part of the customer view. Configuration Management on interfaces and
The key activities within the Service Catalogue dependencies between IT services and the supporting
Management process should include: services, components and CIs contained within the
Technical Service Catalogue
Agreeing and documenting a service definition with all Interfacing with Business Relationship Management
relevant parties and Service Level Management to ensure that the
Interfacing with Service Portfolio Management to agree information is aligned to the business and business
the contents of the Service Portfolio and Service process.
Catalogue
The Service Catalogue forms an integral part of the overall
Producing and maintaining a Service Catalogue and its
Service Portfolio and is a key, customer-facing view of the
contents, in conjunction with the Service Portfolio
services on offer. It establishes the expectations of value
and potential that customers can expect from their IT
Support
Hardware Software Applications Data
Services
52 | Service Design – building structural service integrity
service provider(s). The Service Design core publication Monitor and improve customer satisfaction with the
contains detailed guidance on the construction and quality of service delivered
management of a Service Catalogue. Ensure that IT and the customers have a clear and
unambiguous expectation of the level of service to be
5.7 SERVICE LEVEL MANAGEMENT delivered
Ensure that proactive measures to improve the levels
Service Level Management (SLM) negotiates, agrees and of service delivered are implemented wherever it is
documents appropriate IT service targets with cost-justifiable to do so.
representatives of the business, and then monitors and
produces reports on the Service Provider’s ability to deliver The key activities within the SLM process should include:
the agreed level of service. SLM is a vital process for every Determine, negotiate, document and agree
IT Service Provider organization in that it is responsible for requirements for new or changed services in SLRs, and
agreeing and documenting service level targets and manage and review them through the Service Lifecycle
responsibilities within Service Level Agreements (SLAs) and into SLAs for operational services
Service Level Requirements (SLRs), for every activity within Monitor and measure service performance
IT. If these targets are appropriate and accurately reflect achievements of all operational services against targets
the requirements of the business, then the service within SLAs
delivered by the Service Providers will align with business
Collate, measure and improve customer satisfaction
requirements and meet the expectations of the customers
Produce service reports
and users in terms of service quality. If the targets are not
Conduct service review and instigate improvements
aligned with business needs, then Service Provider
activities and service levels will not be aligned with within an overall Service Improvement
business expectations and problems will develop. Programme/Plan (SIP)
Review and revise SLAs, service scope OLAs, contracts
The SLA is effectively a level of assurance or warranty with and any other underpinning agreements
regard to the level of service quality delivered by the
Develop and document contacts and relationships with
Service Provider for each of the services delivered to the
the business, customers and stakeholders
business. The success of SLM is very dependent on the
Develop, maintain and operate procedures for logging,
quality of the Service Portfolio and the Service Catalogue
actioning and resolving all complaints, and for logging
and their contents, because they provide the necessary
and distributing compliments
information on the services to be managed within the SLM
Log and manage all complaints and compliments
process.
Provide the appropriate management information to
The objectives of SLM are to: aid performance management and demonstrate service
Define, document, agree, monitor, measure, report and achievement
review the level of IT services provided Make available and maintain up-to-date SLM
Provide and improve the relationship and document templates and standards.
communication with the business and customers
Ensure that specific and measurable targets are
developed for all IT services
Service Design – building structural service integrity | 53
G
D F
Service A B C Document
SLR(s) SLA(s) SLA(s)
standards &
templates
Determine, Monitor service Conduct service
document & agree performance against review & instigate
requirements for new SLA & produce service improvements within Assist with the
services SLRs & make reports an overall SIP Service Catalogue
SLAs & maintain document
templates
Develop contacts
Collate, measure
& relationships,
& improve
record & manage Service
customer
complaints & Catalogue
satisfaction
compliments Service
Reports
There are a number of potential options, including the Service level: covering all SLM issues relevant to the
following. specific service, in relation to a specific customer
group (one for each service covered by the SLA).
Service-based SLA
This is where an SLA covers one service for all the The wording of SLAs should be clear and concise and
customers of that service – for example, an SLA may leave no room for ambiguity. There is normally no need
be established for an organization’s e-mail service, for agreements to be couched in legal terminology, and
covering all of the customers of that service. Where plain language aids a common understanding. It is often
common levels of service are provided across all areas helpful to have an independent person, who has not been
of the business, e.g. e-mail or telephony, the service- involved with the drafting, to do a final read-through. This
based SLA can be an efficient approach to use. often throws up potential ambiguities and difficulties that
Multiple classes of service, e.g. gold, silver and bronze, can then be addressed and clarified. For this reason alone,
can also be used to increase the effectiveness of it is recommended that all SLAs contain a glossary,
service-based SLAs. defining any terms and providing clarity for any areas of
ambiguity.
Customer-based SLA
This is an agreement with an individual customer 5.7.1 Service Level Requirements
group covering all the services they use. For example,
This is one of the earliest activities within the Service
agreements may be reached with an organization’s
Design stage of the Service Lifecycle. Once the Service
finance department covering, say, the finance system,
Catalogue has been produced and the SLA structure has
the accounting system, the payroll system, the billing
been agreed, a first SLR must be drafted. It is advisable to
system, the procurement system, and any other IT
involve customers from the outset, but rather than going
systems that they use. Customers often prefer such an
along with a blank sheet to start with, it may be better to
agreement, as all of their requirements are covered in a
produce a first outline draft of the performance targets
single document. Only one signatory is normally
and the management and operational requirements, as a
required, which simplifies this issue.
starting point for more detailed and in-depth discussion.
Multi-level SLA Be careful, though, not to go too far and appear to be
Some organizations have chosen to adopt a multi-level presenting the customer with a fait accompli.
SLA structure. For example, a three-layer structure as
It cannot be overstressed how difficult this activity of
follows:
determining the initial targets for inclusion with an SLR or
Corporate level: covering all the generic SLM issues SLA is. All of the other processes need to be consulted for
appropriate to every customer throughout the their opinion on what are realistic targets that can be
organization. These issues are likely to be less achieved, such as Incident Management on incident
volatile, so updates are less frequently required targets. The Capacity and Availability Management
Customer level: covering all SLM issues relevant to processes will be of particular value in determining
the particular customer group or business unit, appropriate service availability and performance targets.
regardless of the service being used
Service Design – building structural service integrity | 55
5.7.2 Monitoring service level performance SLAs are just documents, and in themselves do not
Nothing should be included in an SLA unless it can be materially alter the quality of service being provided
effectively monitored and measured at a commonly (though they may affect behaviour and help engender an
agreed point. The importance of this cannot be appropriate service culture, which can have an immediate
overstressed, as inclusion of items that cannot be beneficial effect, and make longer-term improvements
effectively monitored almost always results in disputes and possible). A degree of patience is therefore needed and
eventual loss of faith in the SLM process. A lot of should be built into expectations.
organizations have discovered this the hard way and as a
result have absorbed heavy costs, both in a financial sense 5.7.3 Key performance indicators
as well as in terms of negative impacts on their credibility. Key performance indicators (KPIs) and metrics can be used
to judge the efficiency and effectiveness of the SLM
It is essential that monitoring matches the customer’s true
activities and the progress of the SIP. These metrics should
perception of the service. Unfortunately this is often very
be developed from the service, customer and business
difficult to achieve. For example, monitoring of individual
perspective and should cover both subjective and
components, such as the network or server, does not
objective measurements such as the following.
guarantee that the service will be available so far as the
customer is concerned. Where multiple services are Objective:
delivered to a single workstation, it is probably more Number or percentage of service targets being met
effective to record only downtime against the service the Number and severity of service breaches
user was trying to access at the time (though this needs Number of services with up-to-date SLAs
to be agreed with the customers). Number of services with timely reports and active
service reviews
There are a number of important soft issues that cannot
Subjective:
be monitored by mechanistic or procedural means, such
as customers’ overall feelings (these need not necessarily Improvements in customer satisfaction.
match the hard monitoring). For example, even when Practising SLM can achieve a high trust factor between the
there have been a number of reported service failures, business and the service provider. It establishes a pattern
customers may still feel positive about things, because of quality and service management practices,
they may feel satisfied that appropriate actions are being demonstrated through reporting and interaction with the
taken to improve things. Of course, the opposite may customer over time, that can instil a sense of trust and
apply, and customers may feel dissatisfied with some expectation from the business, which in turn engenders
issues (e.g. the manner of some staff on the Service Desk) loyalty. No service provider should underestimate how
when few or no SLA targets have been broken. important SLM is. The Service Design core publication
From the outset, it is wise to try to manage customers’ offers detailed guidance in SLM.
expectations. This means setting proper expectations and
appropriate targets in the first place, and putting a 5.8 CAPACITY MANAGEMENT
systematic process in place to manage expectations going
Capacity Management is a process that extends across the
forward, as satisfaction = perception – expectation (where
Service Lifecycle. A key success factor in managing
a zero or positive score indicates a satisfied customer).
capacity is ensuring it is considered during the Service
56 | Service Design – building structural service integrity
Design stage. It is for this reason that the Capacity cost-effective and timely manner. Capacity Management is
Management Process is included in this book. Capacity essentially a balancing act:
Management is supported initially in Service Strategy
Balancing costs against resources needed: the need to
where the decisions and analysis of business requirements
ensure that processing Capacity that is purchased is
and customer outcomes influencing the development of
not only cost-justifiable in terms of business need, but
patterns of business activity (PBA), levels of service (LOS)
also makes the most efficient use of those resources
and service level packages (SLPs) are identified. This
Balancing supply against demand: the need to ensure
provides the predictive and ongoing capacity indicators
that the available supply of IT processing power
needed to align capacity to demand. An example of a
matches the demands made on it by the business,
component-based SLP is illustrated in Figure 5.4.
both now and in the future; it may also be necessary
Capacity Management ensures that the capacity and to manage or influence the demand for a particular
performance of the IT services and systems match the resource.
evolving agreed demands of the business in the most
Hardware
security token Notebook PC 3G Wireless Phone Desktop Phone Office Fax
Data Wireless
encryption Standard Dial-tone
E-mail Voice &
service Data
Service Components
The objectives of Capacity Management are to: Producing a Capacity Plan that enables the Service
Provider to continue to provide services of the quality
Produce and maintain an appropriate and up-to-date
defined in SLAs and that covers a sufficient planning
Capacity Plan, which reflects the current and future
timeframe to meet future service levels required as
needs of the business
defined in the Service Portfolio and SLRs
Provide advice and guidance to all other areas of the
Assistance with the identification and resolution of any
business and IT on all capacity- and performance-
Incidents and Problems associated with service or
related issues
component performance
Ensure that service performance achievements meet or
The proactive improvement of service or component
exceed all of their agreed performance targets, by
performance wherever it is cost-justifiable and meets
managing the performance and capacity of both
the needs of the business.
services and resources
Assist with the diagnosis and resolution of The elements of Capacity Management are illustrated in
performance- and capacity-related incidents and Figure 5.5.
problems
Assess the impact of all changes on the Capacity Plan, 5.8.1 Business Capacity Management
and the performance and capacity of all services and This sub-process translates business needs and plans into
resources requirements for service and IT infrastructure, ensuring that
Ensure that proactive measures to improve the the future business requirements for IT services are
performance of services are implemented wherever it quantified, designed, planned and implemented in a timely
is cost-justifiable to do so. fashion. This can be achieved by using the existing data on
the current resource utilization by the various services and
The Capacity Management process should include:
resources to trend, forecast, model or predict future
Monitoring patterns of business activity and service requirements. These future requirements come from the
level plans through performance, utilization and Service Strategy and Service Portfolio detailing new
throughput of IT services and the supporting processes and service requirements, changes, improvements
infrastructure, environmental, data and applications and also the growth in the already existing services.
components and the production of regular and ad hoc
reports on service and component capacity and 5.8.2 Service Capacity Management
performance The focus of this sub-process is the management, control
Undertaking tuning activities to make the most and prediction of the end-to-end performance and
efficient use of existing IT resources capacity of the live, operational IT services usage and
Understanding the agreed current and future demands workloads. It ensures that the performance of all services,
being made by the customer for IT resources and as detailed in service targets within SLAs and SLRs, is
producing forecasts for future requirements monitored and measured, and that the collected data is
Influencing demand management, perhaps in recorded, analysed and reported. Wherever necessary,
conjunction with Financial Management proactive and reactive action should be instigated, to
ensure that the performance of all services meets their
agreed business targets. This is performed by staff with
58 | Service Design – building structural service integrity
knowledge of all the areas of technology used in the Business Capacity Management to determine what
delivery of end-to-end service, and often involves seeking infrastructure components or upgrades to components
advice from the specialists involved in Resource Capacity are needed, and when
Management. Wherever possible, automated thresholds The Capacity Plan: used by all areas of the business
should be used to manage all operational services to and IT management and is acted on by the IT Service
ensure that situations where service targets are breached Provider and senior management of the organization
or threatened are rapidly identified and cost-effective to plan the capacity of the IT infrastructure, it also
actions to reduce or avoid their potential impact provides planning input to many other areas of IT and
implemented. the business. It contains information on the current
usage of service and components and plans for the
5.8.3 Component Capacity Management development of IT capacity to meet the needs in the
The focus in this sub-process is the management, control growth of both existing service and any agreed new
and prediction of the performance, utilization and capacity services. The Capacity Plan should be actively used as a
of individual IT technology components. It ensures that all basis of decision-making. Too often Capacity Plans are
components within the IT infrastructure that have finite created and never referred to or used
resource are monitored and measured, and that the Service performance information and reports: used
collected data is recorded, analysed and reported. Again, by many other processes. For example, the Capacity
wherever possible, automated thresholds should be Management process assists Service Level Management
implemented to manage all components, to ensure that with the reporting and reviewing of service
situations where service targets are breached or performance and the development of new SLRs or
threatened by component usage or performance are changes to existing SLAs. It also assists the Financial
rapidly identified, and cost-effective actions to reduce or Management process by identifying when money
avoid their potential impact are implemented. needs to be budgeted for IT infrastructure upgrades, or
the purchase of new components
There are many similar activities that are performed by
Workload analysis and reports: used by IT operations
each of the above sub-processes, but each sub-process
has a very different focus. Business Capacity Management to assess and implement changes in conjunction with
is focused on the current and future business Capacity Management to schedule or re-schedule
requirements, while Service Capacity Management is when services or workloads are run, to ensure that the
focused on the delivery of the existing services that most effective and efficient use is made of the
support the business, and Component Capacity available resources
Management is focused on the IT infrastructure that Ad hoc capacity and performance reports: used by
underpins service provision. all areas of Capacity Management, IT and the business
to analyse and resolve service and performance issues
The Capacity Management Information System
Forecasts and predictive reports: used by all areas to
(CMIS): holds the information needed by all
analyse, predict and forecast particular business and IT
sub-processes within Capacity Management. For
scenarios and their potential solutions
example, the data monitored and collected as part of
Resource and Service Capacity Management is used in Thresholds, alerts and events.
Service Design – building structural service integrity | 59
Service Portfolio
Business
requirements
Capacity &
performance
reports
IT service
SLA/SLR Improve current service
design
& component capacity
Capacity Management
Information System
Service Assess, agree & (CMIS)
Capacity Management document new
requirements & capacity
Component
Capacity Management Plan new capacity
Forecasts
Capacity Plan
Capacity
Management
Tools
60 | Service Design – building structural service integrity
Additional detailed guidance can be found in the Service The Availability Management process should include:
Design publication.
Monitoring of all aspects of availability, reliability and
maintainability of IT services and the supporting
5.9 AVAILABILITY MANAGEMENT components, with appropriate events, alarms and
escalation, with automated scripts for recovery
Availability Management is the window of service quality
Maintenance of a set of methods, techniques and
to a business customer. A Service Provider who does not
apply solid practices to AM and who cannot offer reliable, calculations for all availability measurements, metrics
stable service availability will never have a customer’s and reporting
loyalty. Assistance with risk assessment and management
activities
The objectives of Availability Management are to:
Collection of measurements, analysis and production of
Produce and maintain an appropriate and up-to-date regular and ad hoc reports on service and component
Availability Plan that reflects the current and future availability
needs of the business Understanding the agreed current and future demands
Provide advice and guidance to all other areas of the of the business for IT services and their availability
business and IT on all availability-related issues Influencing the design of services and components to
Ensure that service availability achievements meet or align with business needs
exceed all of their agreed targets, by managing service- Producing an Availability Plan that enables the Service
and resource-related availability performance Provider to continue to provide and improve services
Assist with the diagnosis and resolution of availability- in line with availability targets defined in SLAs and to
related Incidents and Problems plan and forecast future availability levels required as
Assess the impact of all changes on the Availability defined in SLRs
Plan and the performance and capacity of all services Maintaining a schedule of tests for all resilient and
and resources failover components and mechanisms
Ensure that proactive measures to improve the Assistance with the identification and resolution of any
availability of services are implemented wherever it is Incidents and Problems associated with service or
cost-justifiable to do so. component unavailability
Availability Management should ensure the agreed level of Proactive improvement of service or component
availability is provided. The measurement and monitoring availability wherever it is cost-justifiable and meets the
of IT availability is a key activity to ensure availability levels needs of the business.
are being met consistently. Availability Management
should look to continually optimize and proactively
improve the availability of the IT infrastructure, the services
and the supporting organization, in order to provide cost-
effective availability improvements that can deliver
business and customer benefits.
Service Design – building structural service integrity | 61
The Availability Management process (Figure 5.6) has two 5.9.1 Identifying vital business functions
key elements:
The term ‘vital business function’ (VBF) is used to reflect
Reactive activities: the reactive aspect of Availability the business-critical elements of the business process
Management involves the monitoring, measuring, supported by an IT service. The service may also support
analysis and management of all events, Incidents and less critical business functions and processes. It is
Problems involving unavailability. These activities are important that the VBFs are recognized and documented
principally involved within operational roles to provide the appropriate business alignment and focus.
Proactive activities: the proactive activities of
Availability Management involve the proactive 5.9.2 Designing for availability
planning, design and improvement of availability. The level of availability required by the business influences
These activities are principally involved within design the overall cost of the IT service provided. In general, the
and planning roles. higher the level of availability required by the business the
Availability Management is completed at two higher the cost. These costs are not just the procurement
interconnected levels: of the base IT technology and services required to
underpin the IT infrastructure. Additional costs are incurred
Service availability: involves all aspects of service
in providing the appropriate service management
availability and unavailability and the impact of processes, systems management tools and high availability
component availability, or the potential impact of solutions required to meet the more stringent availability
component unavailability on service availability requirements. The greatest level of availability should be
Component availability: involves all aspects of included in the design of those services supporting the
component availability and unavailability. most critical of the VBFs.
A guiding principle of Availability Management is to When considering how the availability requirements of the
recognize that it is still possible to gain customer business are to be met, it is important to ensure that the
satisfaction even when things go wrong. One approach to level of availability to be provided for an IT service is at
help achieve this requires Availability Management to the level actually required and is affordable and cost-
ensure that the duration of any Incident is minimized to justifiable to the business (Figure 5.7).
enable normal business operations to resume as quickly as
is possible. An aim of Availability Management is to ensure
the duration and impact from Incidents impacting IT
services are minimized, to enable business operations to
resume as quickly as is possible. The analysis of the
‘expanded incident lifecycle’ enables the total IT service
downtime for any given Incident to be broken down and
mapped against the major stages that all Incidents
progress through (the lifecycle). Availability Management
should work closely with Incident Management and
Problem Management in the analysis of all Incidents
causing unavailability.
62 | Service Design – building structural service integrity
Reactive activities
Monitor, measure,
analyse report & review Availability
service & Management
component availability Information
System (AMIS)
Special
solutions
with
redundancy
High
availability
design
Costs
Effective
Service
Management
Systems
Management
Base products,
technology and
components
Availability
To identify the underlying causes of service interruption business) and involve resources from many technical and
to users process areas. The use of the SFA approach:
To assess the effectiveness of the IT support Provides the ability to deliver enhanced levels of
organization and key processes availability without major cost
To produce reports detailing the major findings and Provides the business with visible commitment from
recommendations the IT support organization
To ensure availability improvements derived from SFA- Develops in-house skills and competencies to avoid
driven activities are measured. expensive consultancy assignments related to
SFA initiatives should use input from all areas and all availability improvement
processes including, most importantly, the business and Encourages cross-functional team working and breaks
users. Each SFA assignment should have a recognized barriers between teams and is an enabler to lateral
sponsor(s) (ideally, joint sponsorship from the IT and thinking, challenging traditional thoughts and
providing innovative and often inexpensive solutions
64 | Service Design – building structural service integrity
5.11 INFORMATION SECURITY MANAGEMENT purpose of ISM is to provide a focus for all aspects of IT
security and manage all IT security activities.
Across the world, organizations create value through the
intellectual property they own and use to deliver products The term ‘information’ is used as a general term and
and services. Protecting intellectual capital is a primary includes data stores, databases and metadata. The
need for business and is increasingly legislated by law. The objective of information security is to protect the interests
technology today offers us unlimited potential to create, of those relying on information, and the systems and
gather and amass vast quantities of information. A service communications that deliver the information, from harm
provider is responsible to ensure that they can guarantee resulting from failures of availability, confidentiality and
the business information is protected from intrusion, theft, integrity.
loss and unauthorized access. For most organizations, the security objective is met when:
Information security is a management activity within the Information is available and usable when required, and
corporate governance framework, which provides the the systems that provide it can appropriately resist
strategic direction for security activities and ensures attacks and recover from or prevent failures
objectives are achieved. It further ensures that that the (availability)
information security risks are appropriately managed and
Information is observed by or disclosed to only those
enterprise information resources are used responsibly. The
who have a right to know (confidentiality)
Service Design – building structural service integrity | 67
Information is complete, accurate and protected SLRs, SLAs, contracts and agreements. The policies should
against unauthorized modification (integrity) be authorized by top executive management within the
Business transactions as well as information exchanges business and IT, and compliance to them should be
between enterprises, or with partners, can be trusted endorsed on a regular basis. All security policies should be
(authenticity and non-repudiation). reviewed and where necessary revised on at least an
annual basis.
Prioritization of confidentiality, integrity and availability
must be considered in the context of business and The five elements within an Information Security
business processes. The primary guide to defining what Management System (ISMS) framework are:
must be protected and the level of protection has to come Control
from the business. To be effective, security must address
The objectives of the control element of the ISMS are
entire business processes from end to end and cover the
to:
physical and technical aspects. Only within the context of
Establish a management framework to initiate and
business needs and risks can management define security.
manage information security in the organization
ISM activities should be focused on and driven by an Establish an organization structure to prepare,
overall Information Security Policy and a set of approve and implement the information security
underpinning specific security policies. The policy should policy
have the full support of top executive IT management and Allocate responsibilities
ideally the support and commitment of top executive Establish and control documentation
business management. The policy should cover all areas of
Plan
security, be appropriate, meet the needs of the business
and should include: The objective of the plan element of the ISMS is to
devise and recommend the appropriate security
An overall Information Security Policy measures, based on an understanding of the
Use and misuse of IT assets policy requirements of the organization.
An access control policy The requirements will be gathered from such sources
A password control policy as business and service risk, plans and strategies, SLAs
An e-mail policy and OLAs and the legal, moral and ethical
An internet policy responsibilities for information security. Other factors,
An anti-virus policy such as the amount of funding available and the
prevailing organization culture and attitudes to
An information classification policy
security, must be considered.
A document classification policy
The Information Security Policy defines the
A remote access policy
organization’s attitude and stance on security matters.
A policy with regard to supplier access of IT services,
This should be an organization-wide document, not
information and components just applicable to the IT Service Provider. Responsibility
An asset disposal policy. for the upkeep of the document rests with the
These policies should be widely available to all customers Information Security Manager
and users and their compliance should be referred to in all
68 | Service Design – building structural service integrity
Assess and
categorise
Communicate, information assets,
implement and Monitor and risks and
enforce adherence manage security vulnerabilities
to all security incidents and
policies breaches
Regularly
assess, review
and report security
risks and threats
Impose and
Report, review review risk
and reduce security security controls,
breaches and review and
major incidents implement
risk mitigation
Information
Security Information Security reports Security Security risks
Management Security Policy(s) and information controls and responses
System (ISMS)
Reductive: further measures can be taken in advance Corrective: damage is repaired as far as possible using
to minimize any possible damage that may occur. corrective measures. For example, corrective measures
Familiar examples of reductive measures are making include restoring the backup, or returning to a
regular backups and the development, testing and previous stable situation (roll-back, back-out). Fallback
maintenance of contingency plans can also been seen as a corrective measure.
Detective: if a security incident occurs, it is important The documentation of all controls should be maintained
to discover it as soon as possible – detection. A familiar to reflect accurately their operation, maintenance and their
example of this is monitoring, linked to an alert method of operation.
procedure. Another example is virus-checking software
Repressive: measures are then used to counteract any ISM faces many challenges in establishing an appropriate
continuation or repetition of the security incident. For Information Security Policy with an effective supporting
example, an account or network address is temporarily process and controls. One of the biggest challenges is to
blocked after numerous failed attempts to log on or ensure that there is adequate support from the business,
the retention of a card when multiple attempts are business security and senior management. If these are not
made with a wrong PIN number available, it will be impossible to establish an effective ISM
process. If there is senior IT management support, but
70 | Service Design – building structural service integrity
there is no support from the business, IT security controls of suppliers and partners are essential to the provision of
and risk assessment will be severely limited in what they quality IT services (see Figure 5.10).
can achieve because of this lack of support from the
The main objectives of the Supplier Management process
business. It is pointless implementing security policies,
are to:
procedures and controls in IT if these cannot be enforced
throughout the business. The major use of IT services and Obtain value for money from supplier and contracts
assets is outside of IT, and so are the majority of security Ensure that underpinning contracts and agreements
threats and risks. with suppliers are aligned to business needs, and
support and align with agreed targets in SLRs and
In some organizations the business perception is that
SLAs, in conjunction with SLM
security is an IT responsibility, and therefore the business
Manage relationships with suppliers
assumes that IT will be responsible for all aspects of IT
security and that IT services will be adequately protected. Manage supplier performance
However, without the commitment and support of the Negotiate and agree contracts with suppliers and
business and business personnel, money invested in manage them through their lifecycle
expensive security controls and procedures will be largely Maintain a supplier policy and a supporting supplier
wasted and they will mostly be ineffective. and contract database (SCD).
Refer to the Service Design core publication for further The Supplier Management process should include:
guidance and detailed practices on Information Security
Implementation and enforcement of the supplier policy
Management.
Maintenance of an SCD
Supplier and contract categorization and risk
5.12 SUPPLIER MANAGEMENT assessment
The Supplier Management process ensures that suppliers Supplier and contract evaluation and selection
and the services they provide are managed to support IT Development, negotiation and agreement of contracts
service targets and business expectations. The aim of this Contract review, renewal and termination
section is to raise awareness of the business context of Management of suppliers and supplier performance
working with partners and suppliers, and how this work Agreement and implementation of service and supplier
can best be directed toward realizing business benefit for improvement plans
the organization. Maintenance of standard contracts, terms and
It is essential that Supplier Management processes and conditions
planning are involved in all stages of the Service Lifecycle, Management of contractual dispute resolution
from strategy and design, through transition and operation, Management of sub-contracted suppliers.
to improvement. The complex business demands require
IT supplier management often has to comply with
the complete breadth of skills and capability to support
organizational or corporate standards, guidelines and
provision of a comprehensive set of IT services to a
requirements, particularly those of corporate legal, finance
business, therefore the use of value networks and the
and purchasing.
suppliers and the services they provide are an integral part
of any end-to-end solution. Suppliers and the management
Service Design – building structural service integrity | 71
Service Provider
Supplier Mgt. Finance &
Process Owner Purchasing
Contracts
Manager
Legal
Supplier 6
Supplier 5
Supplier 4
Supplier 3
Supplier 2
Supplier 1 Sub-contracted
Supplier 2
Sub-contracted
Supplier 1
Satisfaction surveys also play an important role in conjunction with the procurement department) and IT will
revealing how well supplier service levels are aligned to have established their objectives for the relationship, and
business needs. A survey may reveal instances where there defined the benefits they expect to realize. This forms a
is dissatisfaction with the service, yet the supplier is major part of the business case for entering into the
apparently performing well against its targets (and vice relationship.
versa). This may happen where service levels are
These benefits must be linked and complementary, and
inappropriately defined and should result in a review of
must be measured and managed. Where the business is
the contracts, agreements and targets. Some service
seeking improvements in customer service, then IT
providers publish supplier league tables based on their
supplier relationships contributing to those customer
survey results stimulating competition between suppliers.
services must be able to demonstrate improved service in
For those significant supplier relationships in which the their own domain, and how much this has contributed to
business has a direct interest, both the business (in improved customer service.
72 | Service Design – building structural service integrity
Service SDPs
Design Standards
Architectures
Solution
Designs
Service
Transition SKMS
Tested
Transition Solutions
Plans
In the IT world, many business innovations are achieved In this chapter we will discuss a few of the key concepts
through project initiatives that involve IT. In the end, within Service Transition:
whether these are minor operational improvements or
Transition Planning
major transformational events, they all produce change. In
Asset and Configuration Management
the preceding chapter we looked at creating and
Release and Deployment Management
improving services through the design stage of the
lifecycle. Now we must ensure that what is planned to be Change Management
implemented will achieve the expected objectives. It is at Testing and Validation.
this point the knowledge that has been generated and The purpose of Service Transition is to:
that will be needed to manage services once in the live
environment, must be managed and shared across the Plan and manage the capacity and resources required
organization. This is done through Service Transition. to package, build, test and deploy a release into
production and establish the service specified in the
customer and stakeholder requirements
76 | Service Transition – preparing for change
Provide a consistent and rigorous framework for The predictions of service levels and warranties for new
evaluating the service capability and risk profile before and changed services
a new or changed service is released or deployed Confidence in the degree of compliance with business
Establish and maintain the integrity of all identified and governance requirements during change
service assets and configurations as they evolve The variation of actual against estimated and approved
through the Service Transition stage resource plans and budgets
Provide good-quality knowledge and information so The productivity of business and customer staff
that Change and Release and Deployment because of better planning and use of new and
Management can expedite effective decisions about changed services
promoting a release through the test environments Timely cancellation or changes to maintenance
and into production contracts for hardware and software when components
Provide efficient repeatable build and installation are disposed or decommissioned
mechanisms that can be used to deploy releases to the Understanding of the level of risk during and after
test and production environments and be rebuilt if change, e.g. service outage, disruption and re-work.
required to restore service
The processes covered in Service Transition (see Figure 6.1)
Ensure that the service can be managed, operated and
are:
supported in accordance with the requirements and
constraints specified within the Service Design. Transition Planning and Support
Change Management
Effective Service Transition can significantly improve a
Service Provider’s ability to handle high volumes of Service Asset and Configuration Management
change and releases across its customer base. It enables Release and Deployment Management
the Service Provider to: Service Validation and Testing
BL BL BL BL BL BL BL
E1 E2 E3
Focus of activity ITIL process in this Point to Evaluate the Service Design
E
related to Other ITIL core publication that supports
service publication the whole
transition service life cycle
Point to capture Baseline
BL
Ensure that all parties adopt the common framework it in a Service Design Package (SDP). The SDP includes the
of standard re-usable processes and supporting following information that is required by the Service
systems in order to improve the effectiveness and Transition team:
efficiency of the integrated planning and coordination
Applicable service packages (e.g. Core Service Package,
activities
Service Level Package)
Provide clear and comprehensive plans that enable the
Service specifications
customer and business change projects to align their
Service models
activities with the Service Transition plans.
Architectural design required to deliver the new or
The organization should decide the most appropriate changed Service including constraints
approach to Service Transition based on the size and Definition and design of each release package
nature of the core and supporting services, the number
Detailed design of how the service components will be
and frequency of releases required, and any special needs
assembled and integrated into a release package
of the users – for example, if a phased rollout is usually
Release and deployment plans
required over an extended period of time.
Service Acceptance Criteria.
The Service Transition strategy defines the overall
approach to organizing Service Transition and allocating 6.1.1 Planning an individual Service
resources. The aspects to consider are:
Transition
Purpose, goals and objectives of Service Transition The release and deployment activities should be planned
Context, e.g. service customer, contract portfolios in stages as details of the deployment might not be
Scope – inclusions and exclusions known in detail initially. Each Service Transition plan
Applicable standards, agreements, legal, regulatory and should be developed from a proven Service Transition
contractual requirements model wherever possible. Although Service Design
Organizations and stakeholders involved in transition provides the initial plan, the planner will allocate specific
Framework for Service Transition resources to the activities and modify the plan to fit in
with any new circumstances, e.g. a test specialist may
Criteria
have left the organization.
Identification of requirements and content of the new
or changed service A Service Transition plan describes the tasks and activities
People required to release and deploy a release into the test
Approach environments and into production, including:
Deliverables from transition activities including Work environment and infrastructure for the Service
mandatory and optional documentation for each stage Transition
Schedule of milestones Schedule of milestones, handover and delivery dates
Financial requirements – budgets and funding. Activities and tasks to be performed
Service Design will – in collaboration with customers, Staffing, resource requirements, budgets and
external and internal suppliers and other relevant timescales at each stage
stakeholders – develop the Service Design and document Issues and risks to be managed
Service Transition – preparing for change | 79
Lead times and contingency. responsibilities such as operations or through a team
brought together for the purpose. Elements of the
Allocating resources to each activity and factoring in
deployment may be delivered through external suppliers,
resource availability will enable the Service Transition
and suppliers may deliver the bulk of the deployment
planner to work out whether the transition can be
effort, for example in the implementation of an off-the-
deployed by the required date. If resources are not
shelf system such as an ITSM support tool.
available, it may be necessary to review other transition
commitments and consider changing priorities. Such Significant deployments will be complex projects in their
changes need to be discussed with Change and Release own right. The steps to consider in planning include the
Management as this may affect other changes that may be range of elements comprising that service, e.g. people,
dependents or prerequisites of the release. application, hardware, software, documentation and
knowledge. This means that the deployment will contain
6.1.2 Integrated planning sub-deployments for each type of element comprising the
Good planning and management are essential to deploy a service.
release across distributed environments and locations into
production successfully. An integrated set of transition 6.1.4 Reviewing the plans
plans should be maintained that are linked to lower-level The planning role should quality review all Service
plans such as release, build and test plans. These plans Transition, release and deployment plans. Wherever
should be integrated with the change schedule, release possible, lead times should include an element of
and deployment plans. Establishing good-quality plans at contingency and be based on experience rather than
the outset enables Service Transition to manage and merely supplier assertion. This applies even more for
coordinate the Service Transition resources, e.g. resource internal suppliers where there is no formal contract. Lead
allocation, utilization, budgeting and accounting. times will typically vary seasonally and they should be
factored into planning, especially for long timeframe
An overarching Service Transition plan should include the
transitions, where the lead times may vary between stages
milestone activities to acquire the release components,
of a transition, or between different user locations.
package the release, build, test, deploy, evaluate and
proactively improve the service through early life support. Before starting the release or deployment, the Service
It will also include the activities to build and maintain the Transition planning role should verify the plans and ask
services and IT infrastructure, systems and environments appropriate questions such as:
and the measurement system to support the transition
Are these Service Transition and release plans up to
activities.
date?
Have the plans been agreed and authorized by all
6.1.3 Adopting programme and project
relevant parties, e.g. customers, users, operations and
management best practices support staff?
It is best practice to manage several releases and Do the plans include the release dates and deliverables
deployments as a programme, with each significant and refer to related Change Requests, Known Errors
deployment run as a project. The actual deployment may and Problems?
be carried out by dedicated staff, as part of broader
80 | Service Transition – preparing for change
Have the impacts on costs, organizational, technical The goals of Change Management are to:
and commercial aspects been considered?
Respond to the customer’s changing business
Have the risks to the overall services and operations requirements while minimizing value and reducing
capability been assessed? incidents, disruption and re-work
Has there been a compatibility check to ensure that Respond to the business and IT requests for change
the Configuration Items that are to be released are that will align the services with the business needs.
compatible with each other and with Configuration
Items in the target environments? Reliability and business continuity are essential for the
Have circumstances changed such that the approach success and survival of any organization. Service and
needs amending? infrastructure changes can have a negative impact on the
business through service disruption and delay in
Were the rules and guidance on how to apply it
identifying business requirements, but Change
relevant for current service and release packages?
Management enables the service provider to add value to
Do the people who need to use it understand and
the business by:
have the requisite skills to use it?
Is the service release within the SDP and scope of what Prioritizing and responding to business and customer
the transition model addresses? change proposals
Has the Service Design altered significantly such that it Implementing changes that meet the customers’
is no longer appropriate? agreed service requirements while optimizing costs
Have potential changes in business circumstances been Contributing to meet governance, legal, contractual
identified? and regulatory requirements
Reducing failed changes and therefore service
Proper planning of service transition and support will
disruption, defects and re-work
reduce the need for corrective measures during and after
Delivering change promptly to meet business
release into live operation. Refer to the Service Transition
timescales
core publication for full details on the Transition Planning
Tracking changes through the Service Lifecycle and to
and Support process.
the assets of its customers
Contributing to better estimations of the quality, time
6.2 CHANGE MANAGEMENT and cost of change
The purpose of the Change Management process is to Assessing the risks associated with the transition of
ensure that: services (introduction or disposal)
Standardized methods and procedures are used for Aiding productivity of staff through minimizing
efficient and prompt handling of all changes disruptions due to high levels of unplanned or
Emergency Change and hence minimizing service
All changes to Service Assets and Configuration Items
availability
are recorded in the configuration management system
Reducing the mean time to restore service (MTRS), via
Overall business risk is optimized.
quicker and more successful implementations of
corrective changes
Service Transition – preparing for change | 81
Liaising with the business change process to identify business benefits or even having a detrimental,
opportunities for business improvement. unexpected effect on the live service.
Policies that support Change Management include: Who RAISED the change?
Creating a culture of Change Management across the What is the REASON for the change?
organization where there is zero tolerance for What is the RETURN required from the change?
unauthorized change What are the RISKS involved in the change?
Aligning the service Change Management process with What resources are REQUIRED to deliver the change?
business, project and stakeholder change management Who is RESPONSIBLE for the build, test and
processes implementation of the change?
Prioritization of change, e.g. innovation vs preventive What is the RELATIONSHIP between this change and
vs detective vs corrective change other changes?
Establishing accountability and responsibilities for
changes through the Service Lifecycle The Request for Change (RFC) is a key information source
and the catalyst for the change activities of:
Segregation of duty controls
Establishing a single focal point for changes in order to Create and record
minimize the probability of conflicting changes and Review
potential disruption to the production environment Assess and evaluate
Preventing people who are not authorized to make a Authorize
change from having access to the production Plan
environment Coordinate
Integration with other service management processes Review
to establish traceability of change, detect unauthorized
Close.
change and identify change-related incidents
Change windows – enforcement and authorization for Each RFC will follow a selected Change Model that is
exceptions appropriate for the nature and type of change. Change
Performance and risk evaluation of all changes that Models are pre-established process flows with the
impact service capability necessary steps to satisfy the type of change and level of
authorization needed to properly assess risk and impact.
Performance measures for the process, e.g. efficiency
and effectiveness. Three basic Change Models are included in Service
Transitions which can be adapted to suit individual
6.2.1 The seven Rs of Change Management organizational circumstances and need.
The following questions must be answered for all changes. Standard Change Model – Used for pre-authorized
Without this information, the impact assessment cannot repetitive, low-risk, well-tested changes. Often these
be completed, and the balance of risk and benefit to the will be the model used for service operational
live service will not be understood. This could result in the maintenance changes
change not delivering all the possible or expected
82 | Service Transition – preparing for change
Normal Change Model – The full model for changes Emergency Change Model – A model reserved only
that must go through assessment, authorization and for highly critical changes needed to restore failed high
Change Advisory Board (CAB) agreement before availability or widespread service failure, or that will
implementation prevent such a failure from imminently occurring.
Figure 6.2 depicts the high-level flow of a Normal Change
Model.
Create
RFC
Change
proposal
(optional)
Record the
RFC
Initiator
requested
Review
RFC
Change
Plan updates
Change
Management scheduled Work orders
Co-ordinate change
implementation*
Change
Management implemented
6.2.2 Change Advisory Board on one another. If one system fails, the others will
The CAB is a body that exists to support the authorization eventually succumb, unless provided additional life-
of changes and to assist Change Management in the supporting intervention. Services are systems with similar
assessment and prioritization of changes. As and when a levels of interdependency. These are service assets which
CAB is convened, members should be chosen who are have configurations specific to the functions they perform
capable of ensuring that all changes within the scope of and, ultimately, the service they collectively deliver.
the CAB are adequately assessed from both a business and No organization can be fully efficient or effective unless it
a technical viewpoint. manages its assets well, particularly those assets that are
The CAB may be asked to consider and recommend the vital to the running of the customer’s or organization’s
adoption or rejection of changes appropriate for higher business. This process manages the service assets in order
level authorization and then recommendations will be to support the other service management processes.
submitted to the appropriate change authority. The goal of optimizing the performance of service assets
To achieve this, the CAB needs to include people with a and configurations improves the overall service
clear understanding across the whole range of stakeholder performance and optimizes the costs and risks caused by
needs. The Change Manager will normally chair the CAB poorly managed assets, e.g. service outages, fines, correct
and potential members include: licence fees and failed audits.
complexity, size and type, ranging from an entire service Internal CIs comprising those delivered by individual
or system including all hardware, software, documentation projects, including tangible (data centre) and
and support staff to a single software module or a minor intangible assets such as software that are required to
hardware component. CIs may be grouped and managed deliver and maintain the service and infrastructure
together, e.g. a set of components may be grouped into a External CIs such as external customer requirements
release. CIs should be selected using established selection and agreements, releases from suppliers or sub-
criteria, grouped, classified and identified in such a way contractors and external services
that they are manageable and traceable throughout the Interface CIs that are required to deliver the end-to-
Service Lifecycle. end service across a Service Provider Interface (SPI).
There will be a variety of CIs; the following categories may
help to identify them. 6.3.2 Configuration Management System
To manage large and complex IT services and
Service Lifecycle CIs such as the Business Case,
infrastructures, Service Asset and Configuration
service management plans, Service Lifecycle plans,
Management (SACM) requires the use of a supporting
Service Design Package, release and change plans, and
system known as the Configuration Management System
test plans. They provide a picture of the Service
(CMS).
Provider’s services, how these services will be
delivered, what benefits are expected, at what cost, The CMS holds all the information for CIs within the
and when they will be realized designated scope. Some of these items will have related
Service CIs such as: specifications or files that contain the contents of the item,
Service capability assets: management, e.g. software, document or photograph. For example, a
organization, processes, knowledge, people Service CI will include the details such as supplier, cost,
Service resource assets: financial capital, systems, purchase date and renewal date for licences and
applications, information, data, infrastructure and maintenance contracts and the related documentation
facilities, people such as SLAs and underpinning contracts.
Service model The CMS is also used for a wide range of purposes; for
Service package example asset data held in the CMS may be made
Release package available to external financial asset management systems
Service acceptance criteria to perform specific asset management process reporting
Organization CIs – some documentation will define outside configuration management.
the characteristics of a CI whereas other
documentation will be a CI in its own right and need The CMS maintains the relationships between all service
to be controlled, e.g. the organization’s business components and any related incidents, problems, known
strategy or other policies that are internal to the errors, change and release documentation and may also
organization but independent of the Service Provider. contain corporate data about employees, suppliers,
Regulatory or statutory requirements also form external locations and business units, customers and users.
products that need to be tracked, as do products
shared between more than one group
Service Transition – preparing for change | 85
Attributes for Configuration Items CI information is critical for responsive service provision
Attributes describe the characteristics of a CI that are and assists in areas such as:
valuable to record and which will support SACM and the Service Desk – impact of service failure, SLA targets
ITSM processes it supports. associated to the service that the CI(s) are supporting,
The SACM plan references the configuration information owner and technical support information, recent
and data architecture. This includes the attributes to be changes to the CI to aid in Incident triage
recorded for each type of asset or CI. Typical attributes Event Management – trending of events logged
include: against CI for possible service stability issues
Incident Management – logging of faults against CIs
Unique identifier
and ability to see upstream and downstream impacts
CI type
Financial Management – asset and replacement
Name/description
lifecycle information, contributing the service valuation
Version (e.g. file, build, baseline, release) activities
Location Availability and Continuity – identification of point of
Supply date failure vulnerability through CI relationship and
Licence details, e.g. expiry date redundancy information in the CMS
Owner/custodian Service Level Management – identifying dependencies
Status and relationships of components that contribute to an
Supplier/source end-to-end service
Related document masters Change Management – identification of impact of
Related software masters changes to services.
Historical data, e.g. audit trail
Relationship type
Applicable SLA.
Figure 6.3 Service Asset and Configuration Management – interfaces to the lifecycle
Planning, management
resources, time
Management support
Working relationships
Resources, facilities, CMS and
tools
Training and Guidance
Policy, Standards,
Strategy, Control Configuration
Management
Service Portfolio, Management Plan,
and Planning
Customer Portfolio, Contract
Contract Portfolio,
Contract requirements CI Identification,
Requirements naming, labelling,
Design, Configuration data and
Maintenance, Identification documentation
Release, Baseline and Release
Deployment, Id
Operations plans
Configuration Updated RFC,
RFC/ Control updated CI
change to
CI Status
Status Record/Report
Accounting and Configuration
Change and information and
Configuration Reporting
Performance
Records and
Documentation
Verification Action items
Physical CIs, and Audit Confidence
Test results in service
Audit/discovery and
Feedback infrastructure
tools
complexity. At worst, it can cripple the environment and There is knowledge transfer to enable the customers
degrade the live services. and users to optimize their use of the service to
support their business activities
The goal of Release and Deployment Management is to
deploy releases into production and enable effective use Skills and knowledge are transferred to operations and
of the service in order to deliver value to the customer. support staff to enable them to effectively and
efficiently deliver, support and maintain the service
The objective of Release and Deployment Management is according to required warranties and service levels
to ensure that: There is minimal unpredicted impact on the
There are clear and comprehensive release and production services, operations and support
deployment plans that enable the customer and organization
business change projects to align their activities with Customers, users and service management staff are
these plans satisfied with the Service Transition practices and
A release package can be built, installed, tested and outputs, e.g. user documentation and training.
deployed efficiently to a deployment group or target A key to Release and Deployment Management is defining
environment successfully and on schedule the appropriate release package type for a given type of
A new or changed service and its enabling systems, release. Figure 6.4 illustrates one example of a release
technology and organization are capable of delivering package.
the agreed service requirements, i.e. utilities, warranties
and service levels
Supported by Supported by
The general aim is to decide the most appropriate release- suppliers, are installed and configured together to create
unit level for each service asset or component. An the solution as designed. Standardization facilitates the
organization may, for example, decide that the release unit integration of the different building blocks to provide a
for business critical applications is the complete working solution and service.
application in order to ensure that testing is
Automating the installation of systems and application
comprehensive. The same organization may decide that a
software onto servers and workstations reduces the
more appropriate release unit for a website is at the page
dependencies on people and streamlines the procedures.
level.
Depending on the release and deployment plans, the
The following factors should be taken into account when installation may be performed in advance (for example,
deciding the appropriate level for release units: if equipment is being replaced) or it may have to occur in
situ in the live environment.
The ease and amount of change necessary to release
and deploy a release unit The physical infrastructure elements, together with the
The amount of resources and time needed to build, environment in which they will operate, need to be tested
test, distribute and implement a release unit appropriately. Part of the testing may be to test the
The complexity of interfaces between the proposed replication of the infrastructure solution from one
unit and the rest of the services and IT infrastructure environment to another. This gives a better guarantee
The storage available in the build, test, distribution and that the rollout to the production environment will be
live environments. successful.
Test environments must be actively maintained and
6.5 SERVICE VALIDATION AND TESTING protected using service management best practices. For
any significant change to a service, the question should be
RELEASES
asked (as it is for the continued relevance of continuity
Effective build and test environment management is and capacity plans): ‘If this change goes ahead, will there
essential to ensure that the builds and tests are executed need to be a consequential change to the test data?’
in a repeatable and manageable manner. Inadequate During the build and test activities, operations and
control of these environments means that unplanned support teams need to be kept fully informed and
changes can compromise the testing activities and/or involved as the solution is built to facilitate a structured
cause significant re-work. Dedicated build environments transfer from the project to the operations team.
should be established for assembling and building the
Figure 6.5 provides an example of service testing through
components for controlled test and deployment
the Service Transition stage of the lifecycle.
environments.
There is an invisible separation between Change,
Preparation of the test environments includes building,
Configuration, Release and Deployment. Each works hand
changing or enhancing the test environments ready to
in hand to ensure minimal disruption and risk to the
receive the release.
business during service transition. The Service Transition
An IT service is, on most occasions, built from a number of core publication contains full details of each of these
technology resources or management assets. In the build important processes and guidance on how to implement
phase, these different blocks, often from different and use them.
Service Transition – preparing for change | 89
E1 Service E3 Service
E2 Service Evaluation
Design Evaluation Acceptance Evaluation
prior to Deployment
prior to Closure
Evaluation
E1 E2 E3
Service Design
Release Packaging and Build Deployment and Early Life Support Service
Operation
and CSI
Service *SORT Pilot Pilot
Release
Test
Validate Service Design
User Test
User testing
(sampling at user locations etc)
Deployment Tests
Validation
Verification
7 Service Operation
Requirements The business/customers
Service Objectives
Strategy Resource and from
Requirements
Policies Constraints
Strategies
Service
Design SDPs
Standards
Solution Architectures
Designs
Service
Transition
Tested SKMS
Transition solutions
Plans
Service Operational
Operation services
So far, we have learned some of the key concepts of ITIL support services. Management of the infrastructure and
Service Management – Strategy, Design and Transition. the operational activities must always support this
Each of these has demonstrated how they contribute to purpose.
service quality, but it is in Service Operation that the
Well-planned and implemented processes will be to no
business customer sees the quality of the strategy, the
avail if the day-to-day operation of those processes is not
design and the transition come to life in everyday use of
properly conducted, controlled and managed. Nor will
the services.
service improvements be possible if day-to-day activities
Service Operation is the phase in the ITIL Service to monitor performance, assess metrics and gather data
Management Lifecycle that is responsible for business-as- are not systematically conducted during Service Operation.
usual activities.
The purpose of Service Operation is to coordinate and
Service Operation can be viewed as the ‘factory’ of IT. carry out the activities and processes required to deliver
This implies a closer focus on the day-to-day activities and and manage services at agreed levels to business users
infrastructure that are used to deliver services. The and customers. Service Operation is also responsible for
overriding purpose of Service Operation is to deliver and
94 | Service Operation
the ongoing management of the technology that is used evaluation of the impact a deviation might cause to the
to deliver and support services. services. Events are typically notifications created by an IT
service, Configuration Item (CI) or monitoring tool (see
Figure 7.1).
7.1 BUSINESS VALUE
Effective Service Operation is dependent on knowing the
Each stage in the ITIL Service Management Lifecycle
status of the infrastructure and detecting any deviation
provides value to business. For example, service value is
from normal or expected operation. This is provided by
modelled in Service Strategy; the cost of the service is
good monitoring and control systems, which are based on
designed, predicted and validated in Service Design and
two types of tools:
Service Transition; and measures for optimization identified
in Continual Service Improvement. The operation of Active monitoring tools that poll key CIs to determine
service is where these plans, designs and optimizations are their status and availability. Any exceptions will
executed and measured. From a customer viewpoint, generate an alert that needs to be communicated to
Service Operation is where actual value is seen. the appropriate tool or team for action
Passive monitoring tools that detect and correlate
In all stages of the ITIL Service Management Lifecycle,
there are distinct processes, functions and activities which operational alerts or communications generated by CIs.
work together to deliver the objectives of Service Event Management can be applied to any aspect of
Operation. The following sections in this chapter touch on: service management that needs to be controlled and
The processes of: which can be automated. These include:
Event
Event Notification
Generated
Event Detected
Event Filtered
Warning
Event Correlation
Trigger
Incident/
Event Logged Auto Response Alert Problem/
Incident Change? Change
Problem
Review Actions
No
Effective?
Yes
Close Event
End
96 | Service Operation
7.2.1 Value to business Incidents can also be reported and/or logged by technical
Event Management’s value to the business is generally staff (if, for example, they notice something untoward with
indirect; however it is possible to determine the basis for a hardware or network component they may report or log
its value as follows: an incident and refer it to the Service Desk).
Incident Management includes any event which disrupts, 7.3.2 Incident models
or which could disrupt, a service. This includes events
Many incidents are not new – they involve dealing with
which are communicated directly by users, either through
something that has happened before and may well
the Service Desk or through an interface from Event
happen again. For this reason, many organizations will
Management to Incident Management tools.
Service Operation | 97
find it helpful to pre-define standard Incident models – looking at Incident types/frequencies to establish trends
and apply them to appropriate Incidents when they occur. for use in Problem Management, Supplier Management
and other ITSM activities.
An Incident model is a way of pre-defining the steps that
should be taken to handle a process (in this case a process
for dealing with a particular type of incident) in an agreed
Incident prioritization
way. Support tools can then be used to manage the Prioritization can normally be determined by taking into
required process. This will ensure that standard incidents account both the urgency of the Incident (how quickly the
are handled in a pre-defined path and within pre-defined business needs a resolution) and the level of impact it is
timescales. causing. An indication of impact is often (but not always)
the number of users being affected. In some cases, and
The Incident model should include: very importantly, the loss of service to a single user can
Steps that should be taken to handle the Incident have a major business impact.
Chronological order these steps should be taken in,
with any dependences or co-processing defined Initial diagnosis
Responsibilities; who should do what If the incident has been routed via the Service Desk, the
Timescales and thresholds for completion of the Service Desk Analyst must carry out initial diagnosis,
actions typically while the user is still on the telephone – if the
Escalation procedures; who should be contacted and call is raised in this way – to try to discover the full
when symptoms of the Incident and to determine exactly what
Any necessary evidence-preservation activities has gone wrong and how to correct it. It is at this stage
(particularly relevant for security- and capacity-related that diagnostic scripts and known error information can be
incidents). most valuable in allowing earlier and accurate diagnosis.
Incident
Identification
Incident
Logging
Incident
Categorization
Yes
Service Request? To Request
Fulfilment
No
Incident
Prioritization
No
Initial
Diagnosis
Functional Functional
Yes Yes Escalation
Escalation
Needed? 2/3 Level
No Investigation
& Diagnosis
Resolution
and Recovery
Incident Closure
End
Service Operation | 99
information – but their scale and frequent, low-risk nature 7.4.1 Request models
means that they are better handled by a separate process, Some Service Requests will occur frequently and will
rather than being allowed to congest and obstruct the require handling in a consistent manner in order to meet
normal Incident and Change Management processes. agreed service levels. To assist this, many organizations will
The process needed to fulfil a request will vary depending wish to create pre-defined Service Request models (which
upon exactly what is being requested – but can usually be typically include some form of pre-approval by Change
broken down into a set of activities that have to be Management). This is similar in concept to the idea of
performed. Some organizations will be comfortable to let Incident models, but applied to Service Requests.
the Service Requests be handled through their Incident Most requests will be triggered through either a user
Management processes (and tools) – with Service Requests calling the Service Desk or a user completing some form
being handled as a particular type of Incident (using a of self-help web-based input screen to make their request.
high-level categorization system to identify those Incidents The latter will often involve a selection from a portfolio of
that are in fact Service Requests). available request types.
Note, however, that there is a significant difference here – The primary interfaces with Request Fulfilment include:
an Incident is usually an unplanned event whereas a
Service Request is usually something that can and should Service Desk/Incident Management: many Service
be planned! Requests may come in via the Service Desk and may
be initially handled through the Incident Management
Therefore, in an organization where large numbers of process. Some organizations may choose that all
Service Requests have to be handled, and where the Requests are handled via this route – but others may
actions to be taken to fulfil those requests are very varied choose to have a separate process, for reasons already
or specialized, it may be appropriate to handle Service discussed earlier in this chapter
Requests as a completely separate work stream – and to
A strong link is also needed between Request
record and manage them as a separate record type.
Fulfilment, Release, Asset and Configuration
Many Service Requests will be frequently recurring, so a Management as some requests will be for the
predefined process flow (a model) can be devised to deployment of new or upgraded components that can
include the stages needed to fulfil the request, the be automatically deployed. In such cases the release
individuals or support groups involved, target timescales can be pre-defined, built and tested but only deployed
and escalation paths. Service Requests will usually be upon request by those who want the release. Upon
satisfied by implementing a Standard Change (see the deployment, the CMS will have to be updated to
Service Transition publication for further details on reflect the change. Where appropriate, software licence
Standard Changes). The ownership of Service Requests checks/updates will also be necessary.
resides with the Service Desk, which monitors, escalates,
Where appropriate, it will be necessary to relate IT-related
dispatches and often fulfils the user request.
Service Requests to any Incidents or Problems that have
initiated the need for the Request (as would be the case
for any other type of change).
Service Operation | 101
Proactive
Event Incident Supplier or
Service Desk Problem
Management Management Contractor
Management
Problem
Detection
Problem
Logging
Categorization
Prioritization
CMS
Investigation
& Diagnosis
Workaround?
Change Yes
Management Change Needed?
No
Resolution
Closure
End
Service Operation | 103
should also be accessed and Problem-matching so that if further Incidents or Problems arise, they can be
techniques (such as keyword searches) should be used to identified and the service restored more quickly.
see if the Problem has occurred before and, if so, to find
However, in some cases it may be advantageous to raise a
the resolution.
Known Error Record even earlier in the overall process –
It is often valuable to try to recreate the failure, so as to just for information purposes, for example – even though
understand what has gone wrong, and then to try various the diagnosis may not be complete or a workaround
ways of finding the most appropriate and cost-effective found, so it is inadvisable to set a concrete procedural
resolution to the Problem. To do this effectively without point exactly when a Known Error Record must be raised.
causing further disruption to the users, a test system will It should be done as soon as it becomes useful to do so!
be necessary that mirrors the production environment.
There are many Problem analysis, diagnosis and solving
Problem resolution
techniques available and much research has been done in Ideally, as soon as a solution has been found, it should be
this area. The Service Operation publication details the applied to resolve the Problem – but in reality safeguards
types and how to use them. may be needed to ensure that this does not cause further
difficulties. If any change in functionality is required this
Workarounds will require an RFC to be raised and approved before the
resolution can be applied. If the Problem is very serious
In some cases it may be possible to find a workaround to
and an urgent fix is needed for business reasons, then an
the Incidents caused by the Problem – a temporary way of
Emergency RFC should be handled by the Emergency
overcoming the difficulties. For example, a manual
Change Advisory Board (ECAB) to facilitate this urgent
amendment may be made to an input file to allow a
action. Otherwise, the RFC should follow the established
program to complete its run successfully and allow a
Change Management process for that type of Change –
billing process to complete satisfactorily, but it is
and the resolution should be applied only when the
important that work on a permanent resolution continues
Change has been approved and scheduled for release. In
where this is justified – in this example the reason for the
the meantime, the KEDB should be used to help resolve
file becoming corrupted in the first place must be found
quickly any further occurrences of the Incidents/Problems.
and corrected to prevent this happening again.
In cases where a workaround is found, it is therefore Problem closure
important that the Problem Record remains open, and When any change has been completed (and successfully
details of the workaround are always documented within reviewed), and the resolution has been applied, the
the Problem Record. Problem Record should be formally closed – as should any
related Incident Records that are still open. A check should
Raising a Known Error Record be performed at this time to ensure that the record
As soon as the diagnosis is complete, and particularly contains a full historical description of all events – and if
where a workaround has been found (even though it may not, the record should be updated.
not yet be a permanent resolution), a Known Error Record
The status of any related Known Error Records should be
must be raised and placed in the Known Error Database –
updated to show that the resolution has been applied.
Service Operation | 105
Such reviews can be used as part of training and Access Management ensures that users are given the right
awareness activities for support staff – and any lessons to use a service, but it does not ensure that this access is
learned should be documented in appropriate procedures, available at all agreed times – this is provided by
work instructions, diagnostic scripts or Known Error Availability Management.
Records. The Problem Manager facilitates the session and Access Management is a process that is executed by all
documents any agreed actions. Technical and Application Management functions and is
usually not a separate function. However, there is likely to
Errors detected in the development environment be a single control point of coordination, usually in IT
It is rare for any new applications, systems or software Operations Management or on the Service Desk.
releases to be completely error-free. It is more likely that
Access Management can be initiated by a Service Request
during testing of such new applications, systems or
through the Service Desk.
releases, a prioritization system will be used to eradicate
the more serious faults, but it is possible that minor faults
7.6.1 Value to business
are not rectified – often because of the balance that has to
be made between delivering new functionality to the Controlled access to services ensures that the
business as quickly as possible and ensuring totally fault- organization is able to maintain more effectively the
free code or components. confidentiality of its information
Employees have the right level of access to execute
Where a decision is made to release something into the
their jobs effectively
production environment that includes known deficiencies,
There is less likelihood of errors being made in data
these should be logged as Known Errors in the KEDB,
entry or in the use of a critical service by an unskilled
together with details of workarounds or resolution
user (e.g. production control systems)
activities. There should be a formal step in the testing
The ability to audit use of services and to trace the
sign-off that ensures that this handover always takes place
abuse of services
(see Service Transition publication).
The ability more easily to revoke access rights when
needed – an important security consideration
106 | Service Operation
May be needed for regulatory compliance (e.g. SOX, Management will assess all the roles that a user plays as
HIPAA, COBIT). well as the groups that they belong to and ensure that
they provide rights to use all associated services.
7.6.2 Basic concepts Note: All data held on users will be subject to data
While each user has an individual identity, and each IT protection legislation (this exists in most geographic
service can be seen as an entity in its own right, it is often locations in some form or other) so should be handled
helpful to group them together so that they can be and protected as part of the organization’s security
managed more easily. Sometimes the terms ‘user profile’, procedures.
‘user template’ or ‘user role’ are used to describe this type
of grouping. 7.6.3 Lifecycle activities
Most organizations have a standard set of services for all Within Access Management the following lifecycle flow is
individual users, regardless of their position or job recommended:
(excluding customers – who do not have any visibility to
Requesting access
internal services and processes). These will include services
Verification
such as messaging, office automation, desktop support,
Providing rights
telephony etc. New users are automatically provided with
rights to use these services. Monitoring identity status
Logging and tracking access
However, most users also have some specialized role that
Removing or restricting rights.
they perform. For example, in addition to the standard
services, the user may also perform a marketing The Service Operation publication provides the detailed
management role, which requires that they have access to workflow for each of these activities.
some specialized marketing and financial modelling tools
and data.
7.7 SERVICE OPERATION FUNCTIONS
Some groups may have unique requirements – such as
field or home workers who may have to dial in or use 7.7.1 Monitoring and control
virtual private network (VPN) connections, with security The measurement and control of services is based on a
implications that may have to be more tightly managed. continual cycle of monitoring, reporting and subsequent
To make it easier for Access Management to provide the action. This cycle is discussed in detail in this section
appropriate rights, it uses a catalogue of all the roles in the because it is fundamental to the delivery, support and
organization and which services support each role. This improvement of services.
catalogue of roles should be compiled and maintained by It is also important to note that, although this cycle takes
Access Management in conjunction with HR and will often place during Service Operation, it provides a basis for
be automated in the directory services tools. setting strategy, designing and testing services and
In addition to playing different roles, users may also achieving meaningful improvement. It is also the basis for
belong to different groups. For example, all contractors SLM measurement. Therefore, although monitoring is
may be required to log their timesheets in a dedicated performed by Service Operation functions, it should not be
time card system, which is not used by employees. Access seen as a purely operational matter. All phases of the
Service Operation | 107
Service Lifecycle should ensure that measures and controls Closed-loop systems monitor an environment and
are clearly defined, executed and acted upon. respond to changes in that environment. For example,
in network load balancing a monitor will evaluate the
Figure 7.4 Single monitor control loop
traffic on a circuit. If network traffic exceeds a certain
range, the control system will begin to route traffic
Norm
across a backup circuit. The monitor will continue to
provide feedback to the control system which will
continue to regulate the flow of network traffic
between the two circuits.
To help clarify the difference, solving a Capacity
Control Compare Management problem through over-provisioning is open
loop; a load-balancer that detects congestion/failure and
redirects capacity is closed loop.
Norm
Control Compare
Monitor
Wiley). The first level of feedback at individual activity level IT services. And especially – who defines the norm? Based
is concerned with monitoring and responding to data on what has been described so far, monitor control loops
(single facts, codes or pieces of information). The second can be used to manage:
level is concerned with monitoring and responding to
Performance of activities in a process or procedure.
information (a collection of a number of facts about which
Each activity and its related output can potentially be
a conclusion may be drawn). Refer to the Service
measured to ensure that problems with the process are
Transition publication for a full discussion on data,
identified before the process as a whole is completed.
information, knowledge and wisdom.
For example, in Incident Management, the Service
All of this is interesting theory, but does not explain how Desk monitors whether a technical team has accepted
the monitor control loop concept can be used to operate an Incident in a specified time. If not, the Incident is
Service Operation | 109
escalated. This is done well before the target resolution support from vendor account managers. Service Design
time for that Incident because the aim of escalating acts as the bridge between Service Strategy and Service
that one activity is to ensure that the process as whole Operation and will typically involve representatives from
is completed in time all groups. The activities and controls will generally be
Effectiveness of a process or procedure as a whole. executed by IT staff (sometimes involving users) and
In this case the ‘activity’ box represents the entire supported by IT managers and the vendors. Service
process as a single entity. For example, Change Improvement spans all areas, but primarily represents the
Management will measure the success of the process interests of the business and its users.
by checking whether a change was implemented on Notice that the second level of monitoring in this complex
time, to specification and within budget monitor control loop is performed by the CSI processes
Performance of a device. For example, the ‘activity’ through Service Strategy and Service Design. These
box could represent the response time of a server relationships are represented by the numbered arrows in
under a given workload Figure 7.6:
Performance of a series of devices. For example, the
Arrow 1. In this case CSI has recognized that the
end user response time of an application across the
service will be improved by making a change to the
network.
Service Strategy. This could be the result of the
business needing a change to the Service Portfolio, or
ITSM monitor control loop
that the architecture does not deliver what was
Each activity in a service management process (or each expected
component used to provide a service) is monitored as part
Arrow 2. In this case the Service Level Requirements
of the Service Operation processes. The operational team
need to be adjusted. It could be that the service is too
or department responsible for each activity or component
expensive; or that the configuration of the
will apply the monitor control loop as defined in the
infrastructure needs to be changed to enhance
process, and using the norms that were defined during
performance; or because Operations Management is
the Service Design processes. The role of operational
unable to maintain service quality in the current
monitoring and control is to ensure that the process or
architecture
service functions exactly as specified, which is why they
Arrow 3. In this case the norms specified in Service
are primarily concerned with maintaining the status quo.
Design are not being adhered to. This could be
The norms and monitoring and control mechanisms are because they are not appropriate or executable, or
defined in Service Design, but they are based on the because of a lack of education or a lack of
standards and architectures defined during Service communication. The norms and the lack of compliance
Strategy. Any changes to the organization’s Service need to be investigated and action taken to rectify the
Strategy, architecture, Service Portfolios or Service Level situation.
Requirements will precipitate changes to what is
There are many different types of monitoring tool and
monitored and how it is controlled.
different situations in which each will be used. This section
The monitor control loops are placed within the context of focuses on some of the different types of monitoring that
the organization. This implies that Service Strategy will can be performed and when they would be appropriate.
primarily be executed by business and IT executives with
110 | Service Operation
Service Strategy 1
2 Continual Service
3 Improvement
Service Design
IT Management and Vendor Account Management
Portfolios,
Standards and Policies
Service Transition
Technical Architectures
and Performance
Standards
Users
Norm Norm Norm
depends on successful definition of events and Monitoring for CSI will therefore tend to focus on
instrumentation of the system being monitored (see detecting exceptions and resolutions. For example, CSI is
section 4.1 of the Service Operation publication). not as interested in whether an Incident was resolved, but
whether it was resolved within the agreed time and
Reactive versus proactive monitoring:
whether future Incidents can be prevented.
Reactive monitoring is designed to request or trigger
CSI is not only interested in exceptions, though. If an SLA
action following a certain type of event or failure. For
is consistently met over time, CSI will also be interested in
example, server performance degradation may trigger
determining whether that level of performance can be
a reboot, or a system failure will generate an Incident.
sustained at a lower cost or whether it needs to be
Reactive monitoring is not only used for exceptions. It
upgraded to an even better level of performance. CSI may
can also be used as part of normal operations
therefore also need access to regular performance reports.
procedures, for example a batch job completes
successfully, which prompts the scheduling system to However, since CSI is unlikely to need, or be able to cope
submit the next batch job with, the vast quantities of data that are produced by all
Proactive monitoring is used to detect patterns of monitoring activity, they will most likely focus on a
events which indicate that a system or service may be specific subset of monitoring at any given time. This could
about to fail. Proactive monitoring is generally used in be determined by input from the business or
more mature environments where these patterns have improvements to technology.
been detected previously, often several times. Proactive This has two main implications:
monitoring tools are therefore a means of automating
the experience of seasoned IT staff and are often created Monitoring for CSI will change over time. They may be
through the Proactive Problem Management process interested in monitoring the e-mail service one quarter
(see Continual Service Improvement publication). and then move on to look at HR systems in the next
quarter
Operational monitoring and Continual Service This means that Service Operation and CSI need to
Improvement build a process which will help them to agree on what
areas need to be monitored and for what purpose.
This section has focused on operational monitoring and
reporting, but monitoring also forms the starting point for
7.7.2 Service Desk
Continual Service Improvement (CSI). This is covered in the
Continual Service Improvement publication, but key A Service Desk is a functional unit made up of a dedicated
differences are outlined here. number of staff responsible for dealing with a variety of
service events, often made via telephone calls, web
Quality is the key objective of monitoring for CSI. interface or automatically reported infrastructure events.
Monitoring will therefore focus on the effectiveness of a
service, process, tool, organization or CI. The emphasis is The Service Desk is a vitally important part of an
not on assuring real-time service performance; rather it is organization’s IT department and should be the single
on identifying where improvements can be made to the point of contact for IT users on a day-by-day basis – and
existing level of service, or IT performance. will handle all Incidents and Service Requests, usually using
specialist software tools to log and manage all such events.
112 | Service Operation
The value of an effective Service Desk should not be The following roles are needed for the Service Desk.
underrated – a good Service Desk can often compensate
for deficiencies elsewhere in the IT organization; but a Service Desk manager
poor Service Desk (or the lack of a Service Desk) can give In larger organizations where the Service Desk is of a
a poor impression of an otherwise very effective IT significant size, a Service Desk manager role may be
organization! justified with the Service Desk supervisor(s) reporting to
It is therefore very important that the correct calibre of them. In such cases this role may take responsibility for
staff are used on the Service Desk and that IT managers some of the activities listed above and may additionally
do their best to make the Service Desk an attractive place perform the following activities:
to work in order to improve staff retention. Manage the overall desk activities, including the
The primary aim of the Service Desk is to restore ‘normal supervisors
service’ to the users as quickly as possible. In this context Act as a further escalation point for the supervisor(s)
‘restoration of service’ is meant in the widest possible Take on a wider customer-services role
sense. While this could involve fixing a technical fault, it Report to senior managers on any issue that could
could equally involve fulfilling a Service Request or significantly impact the business
answering a query – anything that is needed to allow the Attend Change Advisory Board meetings
users to return to working satisfactorily. Take overall responsibility for Incident and Service
Specific responsibilities will include: Request handling on the Service Desk. This could also
be expanded to any other activity taken on by the
Logging all relevant Incident and Service Request
Service Desk – e.g. monitoring certain classes of event.
details, allocating categorization and prioritization
codes Note: In all cases, clearly defined job descriptions should
Providing first-line investigation and diagnosis be drafted and agreed so that specific responsibilities are
Resolving those Incidents and Service Requests they known.
are able to
Escalating Incidents and Service Requests that they Service Desk supervisor
cannot resolve within agreed timescales In very small Service Desks it is possible that the senior
Keeping users informed of progress Service Desk analyst will also act as the supervisor – but in
Closing all resolved incidents, requests and other calls larger desks it is likely that a dedicated Service Desk
supervisor role will be needed. Where shift hours dictate it,
Conducting customer/user satisfaction call-
there may be two or more post-holders who fulfil the role,
backs/surveys as agreed
usually on an overlapping basis. The supervisor’s role is
Communication with users – keeping them informed
likely to include:
of Incident progress, notifying them of impending
changes or agreed outages etc. Ensuring that staffing and skill levels are maintained
Updating the CMS under the direction and approval of throughout operational hours by managing shift
Configuration Management if so agreed. staffing schedules etc.
Undertaking HR activities as needed
Service Operation | 113
Acting as an escalation point where difficult or Metrics should be established so that performance of the
controversial calls are received Service Desk can be evaluated at regular intervals. This is
Production of statistics and management reports important to assess the health, maturity, efficiency,
Representing the Service Desk at meetings effectiveness and any opportunities to improve Service
Arranging staff training and awareness sessions Desk operations.
Liaising with senior management Metrics for Service Desk performance must be realistic and
Liaising with Change Management carefully chosen. It is common to select those metrics that
Performing briefings to Service Desk staff on changes are easily available and that may seem to be a possible
or deployments that may affect volumes at the Service indication of performance; however, this can be
Desk misleading. For example, the total number of calls
Assisting analysts in providing first-line support when received by the Service Desk is not in itself an indication
workloads are high, or where additional experience is of either good or bad performance and may in fact be
required. caused by events completely outside the control of the
Service Desk – for example a particularly busy period for
Service Desk analysts the organization, or the release of a new version of a
major corporate system.
The primary Service Desk analyst role is that of providing
first-level support through taking calls and handling the An increase in the number of calls to the Service Desk can
resulting Incidents or Service Requests using the Incident indicate less reliable services over that period of time –
Reporting and Request Fulfilment processes, in line with but may also indicate increased user confidence in a
the objectives described earlier. Service Desk that is maturing, resulting in a higher
likelihood that users will seek assistance rather than try to
Super users cope alone. For this type of metric to be reliable for
Super users are discussed in detail in the section on reaching either conclusion, further comparison of previous
Service Desk staffing in paragraph 6.2.4 of the Service periods for any Service Desk improvements implemented
Operation publication. In summary, this role will consist of since the last measurement baseline, or service reliability
business users who act as liaison points with IT in general Changes, Problems etc. to isolate the true cause for the
and the Service Desk in particular. The role of the Super increase is needed.
User can be summarized as follows: Further analysis and more detailed metrics are therefore
To facilitate communication between IT and the
needed and must be examined over a period of time.
business at an operational level These will include the call-handling statistics previously
mentioned under telephony, and additionally:
To reinforce expectations of users regarding what
Service Levels have been agreed The first-line resolution rate: the percentage of calls
Staff training for users in their area resolved at first line, without the need for escalation to
Providing support for minor incidents or simple other support groups. This is the figure often quoted
request fulfilment by organizations as the primary measure of the Service
Involvement with new releases and rollouts.
114 | Service Operation
Desk’s performance – and used for comparison Service Transition and refined in Continual Service
purposes with the performance of other Service Desks Improvement (see other ITIL publications in this series).
– but care is needed when making any comparisons
Average time to resolve an Incident (when resolved at Technical Management organization
first line) Technical Management is not normally provided by a
Average time to escalate an Incident (where first-line single department or group. One or more technical
resolution is not possible) support teams or departments will be needed to provide
Average Service Desk cost of handling an Incident Technical Management and support for the IT
Percentage of customer or user updates conducted infrastructure. In all but the smallest organizations, where
within target times, as defined in SLA targets a single combined team or department may suffice,
Average time to review and close a resolved call separate teams or departments will be needed for each
type of infrastructure being used.
The number of calls broken down by time of day and
day of week, combined with the average call-time IT Operations Management consists of a number of
metric, which is critical in determining the number of technological areas. Each of these requires a specific set of
staff required. skills to manage and operate it. Some skill sets are related
and can be performed by generalists, whereas others are
7.7.3 Technical Management specific to a component, system or platform.
Technical Management refers to the groups, departments The primary criterion of the Technical Management
or teams that provide technical expertise and overall organizational structure is that of specialization or division
management of the IT Infrastructure. of labour. The principle is that people are grouped
Technical Management plays a dual role: according to their technical skill sets, and that these skill
sets are determined by the technology that needs to be
It is the custodian of technical knowledge and
managed.
expertise related to managing the IT infrastructure. In
this role, Technical Management ensures that the This list provides some examples of typical Technical
knowledge required to design, test, manage and Management teams or departments:
improve IT services is identified, developed and refined Mainframe team or department – if one or more
It provides the actual resources to support the ITSM mainframe types are still being used by the
Lifecycle. In this role Technical Management ensures organization
that resources are effectively trained and deployed to Server team or department – often split again by
design, build, transition, operate and improve the technology types (e.g. Unix server, Wintel server)
technology required to deliver and support IT services. Storage team or department, responsible for the
By performing these two roles, Technical Management is management of all data storage devices and media
able to ensure that the organization has access to the Network support team or department, looking after the
right type and level of human resources to manage organization’s internal WANs/LANs and managing any
technology and, thus, to meet business objectives. external network suppliers
Defining the requirements for these roles starts in Service Desktop team or department, responsible for all
Strategy and is expanded in Service Design, validated in installed desktop equipment
Service Operation | 115
Database team or department, responsible for the Perform line-management for all team or department
creation, maintenance and support of the members.
organization’s databases
Middleware team or department, responsible for the Technical analysts/architects
integration, testing and maintenance of all middleware This term refers to any staff member in Technical
in use in the organization Management who performs the activities listed in
Directory services team or department, responsible for paragraph 7.7.3, excluding the daily operational actions,
maintaining access and rights to service elements in which are performed by operators in either Technical or IT
the infrastructure Operations Management. Based on this list of generic
Internet or web team or department, responsible for activities, the role of technical analysts and architects
managing the availability and security of access to includes:
servers and content by external customers, users and Working with users, sponsors, Application Management
partners and all other stakeholders to determine their evolving
Messaging team or department, responsible for e-mail needs
services Working with Application Management and other areas
IP-based telephony team or department (e.g. VoIP). in Technical Management to determine the highest
level of system requirements needed to meet the
7.7.4 Technical Management roles requirements within budget and technology
The following roles are needed in the Technical constraints
Management areas. Defining and maintaining knowledge about how
systems are related and ensuring that dependencies
Technical managers/team-leaders are understood and managed accordingly
A technical manager or team-leader (depending upon the Performing cost-benefit analyses to determine the
size and/or importance of the team and the organization’s most appropriate means to meet the stated
structure and culture) may be needed for each of the requirements
technical teams or departments. The role will: Developing operational models that will ensure
Take overall responsibility for leadership, control and optimal use of resources and the appropriate level of
decision-making for the technical team or department performance
Provide technical knowledge and leadership in the Ensuring that the infrastructure is configured to be
specific technical areas covered by the team or effectively managed given the organization’s
department technology architecture, available skills and tools
Ensure necessary technical training, awareness and Ensuring the consistent and reliable performance of
experience levels are maintained within the team or the infrastructure to deliver the required level of service
department to the business
Report to senior management on all technical issues Defining all tasks required to manage the infrastructure
relevant to their area of responsibility and ensuring that these tasks are performed
appropriately
116 | Service Operation
Input into the design of configuration data required to The value generated must exceed the cost of the
manage and track the application effectively. investment and all other organizational overheads
(such as management and marketing costs) if the
business is to succeed.
7.8 IT OPERATIONS MANAGEMENT
In a similar way, IT Operations Management can be
In business, the term ‘Operations Management’ is used to
defined as the function responsible for the ongoing
mean the department, group or team of people
management and maintenance of an organization’s IT
responsible for performing the organization’s day-to-day
infrastructure to ensure delivery of the agreed level of IT
operational activities – such as running the production line
services to the business.
in a manufacturing environment or managing the
distribution centres and fleet movements within a logistics IT Operations can be defined as the set of activities
organization. involved in the day-to-day running of the IT infrastructure
for the purpose of delivering IT services at agreed levels to
Operations Management generally has the following
meet stated business objectives.
characteristics:
There is activity to ensure that a device, system or 7.8.1 IT Operations Management role
process is actually running or working (as opposed to The role of Operations Management is to execute the
strategy or planning) ongoing activities and procedures required to manage and
This is where plans are turned into actions maintain the IT infrastructure so as to deliver and support
The focus is on daily or shorter-term activities, IT services at the agreed levels. These are summarized
although it should be noted that these activities will here for completeness:
generally be performed and repeated over a relatively
Operations control, which oversees the execution and
long period (as opposed to one-off project type
monitoring of the operational activities and events in
activities)
the IT infrastructure. This can be done with the
These activities are executed by specialized technical
assistance of an operations bridge or network
staff, who often have to undergo technical training to
operations centre. In addition to executing routine
learn how to perform each activity
tasks from all technical areas, Operations Control also
There is a focus on building repeatable, consistent performs the following specific tasks:
actions that – if repeated frequently enough at the
Console management, which refers to defining
right level of quality – will ensure the success of the
central observation and monitoring capability and
operation
then using those consoles to exercise monitoring
This is where the actual value of the organization is and control activities
delivered and measured Job scheduling, or the management of routine
There is a dependency on investment in equipment or batch jobs or scripts
human resources or both Backup and restore on behalf of all Technical and
Application Management teams and departments
and often on behalf of users
Service Operation | 117
Print and output management for the collation Application Management high-level role
and distribution of all centralized printing or Application Management is to applications what Technical
electronic output Management is to the IT infrastructure. Application
Performance of maintenance activities on behalf Management plays a role in all applications, whether
of Technical or Application Management teams or purchased or developed in-house. One of the key
departments decisions that they contribute to is the decision of
Facilities management, which refers to the whether to buy an application or build it (this is discussed
management of the physical IT environment, typically in detail in the Service Design publication). Once that
a data centre or computer rooms and recovery sites decision is made, Application Management will play a
together with all the power and cooling equipment. dual role:
Facilities Management also includes the coordination
of large-scale consolidation projects, e.g. data centre It is the custodian of technical knowledge and
consolidation or server consolidation projects. In some expertise related to managing applications. In this role
cases the management of a data centre is outsourced, Application Management, working together with
in which case Facilities Management refers to the Technical Management, ensures that the knowledge
management of the outsourcing contract. required to design, test, manage and improve IT
services is identified, developed and refined
The objectives of IT Operations Management include: It provides the actual resources to support the ITSM
Maintenance of the status quo to achieve stability of Lifecycle. In this role, Application Management ensures
the organization’s day-to-day processes and activities that resources are effectively trained and deployed to
Regular scrutiny and improvements to achieve design, build, transition, operate and improve the
improved service at reduced costs, while maintaining technology required to deliver and support IT services.
stability By performing these two roles, Application Management is
Swift application of operational skills to diagnose and able to ensure that the organization has access to the
resolve any IT operations failures that occur. right type and level of human resources to manage
applications and thus to meet business objectives. This
7.9 APPLICATION MANAGEMENT starts in Service Strategy and is expanded in Service
Design, tested in Service Transition and refined in
Application Management is responsible for managing Continual Service Improvement (see other ITIL publications
applications throughout their lifecycle. The Application in this series).
Management function is performed by any department,
group or team involved in managing and supporting Part of this role is to ensure a balance between the skill
operational applications. Application Management also level and the cost of these resources.
plays an important role in the design, testing and In additional to these two high-level roles, Application
improvement of applications that form part of IT services. Management also performs the following two specific roles:
As such, it may be involved in development projects, but
Providing guidance to IT Operations about how best to
is not usually the same as the applications development
carry out the ongoing operational management of
teams.
applications. This role is partly carried out during the
118 | Service Operation
Service Design process, but it is also a part of everyday phase, is expanded in detail in Service Design and is
communication with IT Operations Management as executed in Service Operation. Ongoing assessment
they seek to achieve stability and optimum and updating of these skills are done during Continual
performance Service Improvement
The integration of the Application Management Lifecycle Initiating training programmes to develop and refine
into the ITSM Lifecycle. This is discussed below. the skills in the appropriate Application Management
resources and maintaining training records for these
The objectives, activities and structures that enable
resources
Application Management to play these roles effectively are
discussed below. Recruiting or contracting resources with skills that
cannot be developed internally, or where there are
Application Management objectives insufficient people to perform the required Application
Management activities
The objectives of Application Management are to support
Design and delivery of end-user training. Training may
the organization’s business processes by helping to
be developed and delivered by either the Application
identify functional and manageability requirements for
Development or Application Management groups, or
application software, and then to assist in the design and
by a third party, but Application Management is
deployment of those applications and the ongoing
responsible for ensuring that training is conducted as
support and improvement of those applications.
appropriate
These objectives are achieved through: Insourcing for specific activities where the required
Applications that are well designed, resilient and cost- skills are not available internally or in the open market,
effective or where it is more cost-efficient to do so
Ensuring that the required functionality is available to Definition of standards used in the design of new
achieve the required business outcome architectures and participation in the definition of
The organization of adequate technical skills to application architectures during the Service Strategy
maintain operational applications in optimum processes
condition Research and development of solutions that can help
Swift use of technical skills to speedily diagnose and expand the Service Portfolio or which can be used to
resolve any technical failures that do occur. simplify or automate IT Operations, reduce costs or
increase levels of IT service
Application Management generic activities Involvement in the design and building of new
services. All Application Management teams or
While most Application Management teams or
departments will contribute to the design of the
departments are dedicated to specific applications or sets
technical architecture and performance standards for IT
of applications, there are a number of activities which they
services. In addition they will also be responsible for
have in common (see Figure 7.7). These include:
specifying the operational activities required to
Identifying the knowledge and expertise required to manage applications on an ongoing basis
manage and operate applications in the delivery of IT
services. This process starts during the Service Strategy
Service Operation | 119
Involvement in projects, not only during the Service Application Management resources will be involved in
Design process, but also for Continual Service defining coding systems that are used in Incident and
Improvement or operational projects, such as operating Problem Management (e.g. Incident Categories)
system upgrades, server consolidation projects or Application Management resources are used to support
physical moves Problem Management in validating and maintaining
Designing and performing tests for the functionality, the KEDB together with the Application Development
performance and manageability of IT services (bearing teams
in mind that testing should be controlled and Change Management relies on the technical
performed by an independent tester – see Service knowledge and expertise to evaluate changes, and
Transition publication) many changes will be built by Application
Availability and Capacity Management are dependent Management teams
on Application Management for contributing to the Successful Release Management is dependent on
design of applications to meet the levels of service involvement from Application Management staff. In
required by the business. This means that modelling fact they are frequently the drivers of the Release
and workload forecasting are often done together with Management process for their applications
Technical and Application Management resources Application Management will define, manage and
Assistance in assessing risk, identifying critical service maintain attributes and relationships of application CIs
and system dependencies and defining and in the CMS
implementing countermeasures Application Management is involved in the Continual
Managing vendors. Many Application Management Service Improvement processes, particularly in
departments or groups are the only ones who know identifying opportunities for improvement and then in
exactly what is required of a vendor and how to helping to evaluate alternative solutions
measure and manage them. For this reason, many Application Management ensures that all system and
organizations rely on Application Management to operating documentation is up to date and properly
manage contracts with vendors of specific applications. utilized. This includes ensuring that all design,
If this is the case it is important to ensure that these management and user manuals are up to date and
relationships are managed as part of the SLM process complete and that Application Management staff and
Involvement in definition of Event Management users are familiar with their contents
standards and especially in the instrumentation of Collaboration with Technical Management on
applications for the generation of meaningful events performing training needs analysis and maintaining
Application Management as a function provides the skills inventories
resources that execute the Problem Management Assisting IT Financial Management to identify the cost
process. It is their technical expertise and knowledge of the ongoing management of applications
that is used to diagnose and resolve Problems. It is also Involvement in defining the operational activities
their relationship with the vendors that is used to performed as part of IT Operations Management. Many
escalate and follow up with vendor support teams or Application Management departments, groups or
departments teams also perform the operational activities as part of
an organization’s IT Operations Management function
120 | Service Operation
Requirements
Optimize Design
IT Service Management
Strategy, Design,
Transition
and Improvement
Build
Operate
and Test
Deploy
Input into, and maintenance of, software configuration 7.9.1 Application Management roles
policies
Together with software development teams, the Applications managers/team-leaders
definition and maintenance of documentation related An applications manager or team-leader should be
to applications. These will include user manuals, considered for each of the applications teams or
administration and management manuals, as well as departments. The role will:
any standard operating procedures (SOPs) required to
Take overall responsibility for leadership, control and
manage operational aspects of the application.
decision-making for the applications team or
department
Provide technical knowledge and leadership in the
specific applications support activities covered by the
team or department
Service Operation | 121
Ensure necessary technical training, awareness and Generating a set of acceptance test requirements,
experience levels are maintained within the team or together with the designers, test engineers and the
department relevant to the applications being user, which determine that all of the high-level
supported and processes being used requirements have been met, in both functionality and
Involve ongoing communication with users and manageability
customers regarding application performance and Input into the design of configuration data required to
evolving requirements of the business manage and track the application effectively.
Report to senior management on all issues relevant to
the applications being supported 7.10 SERVICE OPERATION AND PROJECT
Perform line-management for all team or department
MANAGEMENT
members.
Because Service Operation is generally viewed as ‘business
Applications analyst/architect as usual’ and often focused on executing defined
procedures in a standard way, there is a tendency not to
Application analysts and architects are responsible for
use project management processes when they would in
matching requirements to application specifications.
fact be appropriate. For example, major infrastructure
Specific activities include:
upgrades, or the deployment of new or changed
Working with users, sponsors and all other stakeholders procedures, are significant tasks where formal project
to determine their evolving needs management can be used to improve control and manage
Working with Technical Management to determine the costs/resources.
highest level of system requirements needed to meet
Using project management to manage these types of
the requirements within budget and technology
activity would have the following benefits:
constraints
Performing cost-benefit analyses to determine the The project benefits are clearly stated and agreed
most appropriate means to meet the stated There is more visibility of what is being done and how
requirement it is being managed, which makes it easier for other IT
Developing operational models that will ensure groups and the business to quantify the contributions
optimal use of resources and the appropriate level of made by operational teams
performance This in turn makes it easier to obtain funding for
Ensuring that applications are designed to be projects that have traditionally been difficult to cost
effectively managed given the organization’s justify
technology architecture, available skills and tools Greater consistency and improved quality
Developing and maintaining standards for application Achievement of objectives results in higher credibility
sizing, performance modelling etc. for operational groups.
122 | Service Operation
Service Objectives
Strategy Resource and from
Requirements
Policies Constraints
Strategies
Service
Design SDPs
Standards
Solution Architectures
Designs
Service
Transition
Tested SKMS
Transition solutions
Plans
Service Operational
Operation services
Continual
Service
Improvement Improvement
actions and plans
Continual Service Improvement (CSI) provides practical The maturity of the enabling IT processes required to
guidance in evaluating and improving the quality of support business processes in a continual Service
services, overall maturity of the ITSM Service Lifecycle and Lifecycle model.
its underlying processes, at three levels within the
organization:
8.1 PURPOSE OF CSI
The overall health of ITSM as a discipline
The primary purpose of CSI is to continually align and re-
The continual alignment of the portfolio of IT services
align IT services to the changing business needs by
with the current and future business needs identifying and implementing improvements to IT services
that support business processes. These improvement
activities support the lifecycle approach through Service
126 | Continual Service Improvement
Strategy, Service Design, Service Transition and Service These activities do not happen automatically. They must
Operation. In effect, CSI is about looking for ways to be owned within the IT organization which is capable of
improve process effectiveness and efficiency as well as handling the responsibility and possesses the appropriate
cost effectiveness. authority to make things happen. They must also be
planned and scheduled on an ongoing basis. By default,
‘improvement’ becomes a process within IT with defined
8.2 CSI OBJECTIVES
activities, inputs, outputs, roles and reporting. CSI must
Review, analyse and make recommendations on ensure that ITSM processes are developed and deployed in
improvement opportunities in each lifecycle phase: support of an end-to-end service management approach
Service Strategy, Service Design, Service Transition and to business customers. It is essential to develop an
Service Operation ongoing continual improvement strategy for each of the
Review and analyse Service Level achievement results processes as well as the services.
Identify and implement individual activities to improve As Figure 8.1 shows, there are many opportunities for CSI.
IT service quality and improve the efficiency and The figure also illustrates a constant cycle of improvement.
effectiveness of enabling ITSM processes The improvement process can be summarized in six steps:
Improve cost effectiveness of delivering IT services
Embrace the vision by understanding the high-level
without sacrificing customer satisfaction
business objectives. The vision should align the
Ensure applicable quality management methods are
business and IT strategies
used to support continual improvement activities.
Assess the current situation to obtain an accurate,
The following activities support a continual process unbiased snapshot of where the organization is right
improvement plan: now. This baseline assessment is an analysis of the
Reviewing management information and trends to current position in terms of the business, organization,
ensure that services are meeting agreed Service Levels people, process and technology
Reviewing management information and trends to Understand and agree on the priorities for
ensure that the output of the enabling ITSM processes improvement based on a deeper development of the
are achieving the desired results principles defined in the vision. The full vision may be
Periodically conducting maturity assessments against years away but this step provides specific goals and a
the process activities and roles associated with the manageable timeframe
process activities to demonstrate areas of improvement Detail the CSI plan to achieve higher quality service
or, conversely, areas of concern provision by implementing ITSM processes
Periodically conducting internal audits verifying Verify that measurements and metrics are in place to
employee and process compliance ensure that milestones were achieved, process
Reviewing existing deliverables for relevance compliance is high, and business objectives and
priorities were met by the level of service
Making ad hoc recommendations for approval
Finally, the process should ensure that the momentum
Conducting periodic customer satisfaction surveys
for quality improvement is maintained by assuring that
Conducting external and internal service reviews to
changes become embedded in the organization.
identify CSI opportunities.
Continual Service Improvement | 127
Business vision,
What is the vision? mission, goals and
objectives
Baseline
Where are we now?
assessments
Measurements &
Did we get there? metrics
8.2.1 Perspectives on benefits Much of the angst and confusion surrounding IT process
There are four commonly used terms when discussing improvement initiatives can be traced to the misuse of
service improvement outcomes: these terms. Below is the proper use:
ROI – The difference between the benefit (saving) There is additional focus on the quality of IT in terms
achieved and the amount expended to achieve that of reliability, availability, stability, capacity, security and,
benefit, expressed as a percentage. Logically, one especially, risk
would like to spend a little to save a lot IT and IT governance is an integral component in
Example: ABC Corp spent £200,000 to establish the corporate governance
formal Change Management process that saved IT performance becomes even more visible – technical
£395,000. The ROI at the end of the first year of outages and customer dissatisfaction increasingly
operation was therefore £195,000 or 97.5% become boardroom issues
VOI – The extra value created by establishment of IT organizations increasingly find themselves in a
benefits that include non-monetary or long-term position where they have to not only realize but
outcomes. ROI is a subcomponent of VOI manage business-enabling technology and services
Example: ABC Corp’s establishment of a formal that deliver the capability and quality demanded by
Change Management process (which reduced the the business
number of failed changes) improved the ability of IT must demonstrate value for money
ABC Corp to respond quickly to changing market IT within e-business is not only supporting the primary
conditions and unexpected opportunities resulting business processes, but is the core of those processes.
in an enhanced market position. In addition, it
promoted collaboration between business units and 8.4 TECHNOLOGY DRIVERS
the IT organization and freed up resources to work
on other projects that otherwise might not have The rapid pace of technology developments, within which
been completed. IT provides solutions, becomes a core component of
almost every area of business operations. As a result, IT
services must:
8.3 BUSINESS DRIVERS
Understand business operations and advise about the
Businesses are becoming increasingly aware of the short- and long-term opportunities (and limitations)
importance of IT as a service provider to not only support of IT
but also enable business operations. As a result the
Be designed for agility and nimbleness to allow for
business leaders of today ask much more pointed and
unpredictability in business needs
direct questions regarding the quality of IT services and
Accommodate more technological change, with a
the competency and efficiency of their provider. This
reduced cycle time, for realizing change to match a
higher level of scrutiny buttresses the expanding need for
reduced window in the business cycle
CSI, meaning that:
Maintain or improve existing quality of services while
IT does more than enable existing business operations; adding or removing technology components
IT enables business change and is, therefore, an Ensure that quality of delivery and support matches
integral component of the business change the business use of new technology
programme
Bring escalating costs under control.
Continual Service Improvement | 129
Identify
• Vision 1. Define what you
• Strategy should measure
• Tactical Goals
• Operational Goals
Goals
3. Gather the data
6. Present and use the
Who? How? When?
information, assessment
Integrity of data?
summary, action plans, etc.
Make it simple. The number of things you should measure Corporate, divisional and departmental goals and
can grow quite rapidly. So too can the number of metrics objectives
and measurements. Legislative requirements
Identify and link the following items: Governance requirements
Budget cycle
Corporate vision, mission, goals and objectives
Balanced Scorecard.
IT vision, mission, goals and objectives
Critical success factors
8.6.2 Step 2 – Define what you can measure
Service level targets
Every organization may find that they have limitations on
Job description for IT staff.
what can actually be measured. If you cannot measure
Inputs: something then it should not appear in an SLA.
Service Level Requirements and targets Compile a list of what each tool can currently measure
Service Catalogue without any configuration or customization. Stay away
Vision and mission statements from customizing the tools as much as possible;
configuring them is acceptable.
Continual Service Improvement | 131
Perform a gap analysis between the two lists. Report this performance. CSI may therefore also need access to
information back to the business, the customers and IT regular performance reports.
management. It is possible that new tools are required or
However since CSI is unlikely to need, or be able to cope
that configuration or customization is required to be able
with, the vast quantities of data that are produced by all
to measure what is required.
monitoring activity, they will most likely focus on a
Inputs: specific subset of monitoring at any given time. This could
be determined by input from the business or
List of what you should measure
improvements to technology.
Process flows
Procedures When a new service is being designed or an existing one
Work instructions changed, this is a perfect opportunity to ensure that what
CSI needs to monitor is designed into the service
Technical and user manuals from existing tools
requirements (see Service Design publication).
Existing reports.
This has two main implications:
8.6.3 Step 3 – Gathering the data Monitoring for CSI will change over time. They may be
Gathering data requires having some form of monitoring interested in monitoring the e-mail service one quarter,
in place. Monitoring could be executed using technology and then move on to look at HR systems in the next
such as application, system and component monitoring quarter
tools or could even be a manual process for certain tasks. This means that Service Operation and CSI need to
Quality is the key objective of monitoring for Continual build a process which will help them to agree on what
Service Improvement. Monitoring will therefore focus on areas need to be monitored and for what purpose.
the effectiveness of a service, process, tool, organization or It is important to remember that there are three types of
Configuration Item (CI). The emphasis is not on assuring metrics that an organization will need to collect to
real-time service performance, rather it is on identifying support CSI activities as well as other process activities.
where improvements can be made to the existing level of The types of metrics are:
service, or IT performance. Monitoring for CSI will therefore
Technology metrics – these metrics are often
tend to focus on detecting exceptions and resolutions. For
example, CSI is not as interested in whether an Incident associated with component and application-based
was resolved, but whether it was resolved within the metrics such as performance, availability etc.
agreed time, and whether future Incidents can be Process metrics – these metrics are captured in the
prevented. form of CSFs, KPIs and activity metrics for the service
management processes. These metrics can help
CSI is not only interested in exceptions, though. If a determine the overall health of a process. Four key
Service Level Agreement is consistently met over time, CSI questions that KPIs can help answer are around quality,
will also be interested in determining whether that level of performance, value and compliance in following the
performance can be sustained at a lower cost or whether process. CSI would use these metrics as input in
it needs to be upgraded to an even better level of identifying improvement opportunities for each
process
132 | Continual Service Improvement
Service metrics – these metrics are the results of the Quality – How well are the processes working? Monitor
end-to-end service. Component/technology metrics are the individual or key activities as they relate to the
used to compute the service metrics. objectives of the end-to-end process
As much as possible, you need to standardize the data Performance – How fast or slow? Monitor the process
structure through policies and published standards. For efficiency such as throughput or cycle times
example, how do you enter names in your tools – John Value – Is this making a difference? Monitor the
Smith; Smith, John; or J. Smith? These can be the same or effectiveness and perceived value of the process to the
different individuals. Having three different ways of stakeholders and the IT staff executing the process
entering the same name would slow down trend analysis activities.
and will severely impede any CSI initiative. Monitoring is often associated with automated monitoring
Gathering data is defined as the act of monitoring and data of infrastructure components for performance such as
collection. This activity needs to clearly define the following: availability or capacity, but monitoring should also be
used for monitoring staff behaviour such as adherence to
Who is responsible for monitoring and gathering the data?
process activities, use of authorized tools as well as project
How the data will be gathered? schedules and budgets.
When and how often is the data gathered?
Exceptions and alerts need to be considered during the
Criteria to evaluate the integrity of the data
monitoring activity as they can serve as early warning
The answers will be different for every organization. indicators that services are breaking down. Sometimes the
exceptions and alerts will come from tools, but they will
Service monitoring allows weak areas to be identified, so
often come from those who are using the service or
that remedial action can be taken (if there is a justifiable
service management processes. We don’t want to ignore
business case), thus improving future service quality.
these alerts.
Service monitoring also can show where customer actions
are causing the fault and thus lead to identifying where Inputs to the gather-the-data activity:
working efficiency and/or training can be improved.
New business requirements
Service monitoring should also address both internal and Existing SLAs
external suppliers since their performance must be Existing monitoring and data capture capability
evaluated and managed as well. Availability and Capacity Plans
Service management monitoring helps determine the Service Improvement Plans
health and welfare of service management processes in Previous trend analysis reports
the following manner: List of what you should measure
Process compliance – Are the processes being List of what you can measure
followed? Process compliance seeks to monitor the Gap analysis report
compliance of the IT organization to the new or List of what to measure
modified service management processes and also the Customer satisfaction surveys.
use of the authorized service management tool that
was implemented
Continual Service Improvement | 133
8.6.4 Step 4 – Processing the data What format is required for the output? This is also
Once data is gathered, the next step is to process the data driven by how analysis is done and ultimately how the
into the required format. Report-generating technologies are information is used
typically used at this stage as various amounts of data are What tools and systems can be used for processing the
condensed into information for use in the analysis activity. data?
The data is also typically put into a format that provides an How do we evaluate the accuracy of the processed
end-to-end perspective on the overall performance of a data?
service. This activity begins the transformation of raw data There are two aspects to data gathering. One is automated
into packaged information. Use the information to develop and the other is manual. While both are important and
insight into the performance of the service and/or processes. contribute greatly to the measuring process, accuracy is a
Process the data into information (i.e. create logical major differentiator between the two types. The accuracy
groupings) which provides a better means to analyse the of the automated data gathering and processing is not the
data – the next activity step in CSI. issue here. The vast majority of CSI-related data will be
The output of logical groupings could be in spreadsheets, gathered by automated means. Human data gathering
reports generated directly from the service management and processing is the issue. It is important for staff to
tool suite, system monitoring and reporting tools, or properly document their compliance activities, to update
telephony tools such as an automatic call distribution tool. logs and records. Common excuses are that people are
too busy, that this is not important or that it is not their
Processing the data is an important CSI activity that is often
job. On-going communication about the benefits of
overlooked. While monitoring and collecting data on a single
performing administrative tasks is of utmost importance.
infrastructure component is important, it is also important to
Tying these administrative tasks to job performance is one
understand that components impact on the larger
way to alleviate this issue.
infrastructure and IT service. Knowing that a server was up
99.99% of the time is one thing, knowing that no one could Inputs to the processing-the-data activity:
access the server is another. An example of processing the Data collected through monitoring
data is taking the data from monitoring of the individual
Reporting requirements
components such as the mainframe, applications, WAN, LAN,
SLAs
servers etc., and processing this into a structure of an end-to-
OLAs
end service from the customer’s perspective.
Service Catalogue
Key questions that need to be addressed in the processing
List of metrics, KPI, CSF, objectives and goals
activity are:
Report frequency
What is the frequency of processing the data? This Report template.
could be hourly, daily, weekly or monthly. When
introducing a new service or service management 8.6.5 Step 5 – Analysing the data
process it is a good idea to monitor and process in
Your organization’s Service Desk has a trend of reduced
shorter intervals than longer intervals. How often
call volumes consistently over the last four months. Even
analysis and trend investigation activities take place
though this is a trend, you need to ask yourself the
will drive how often the data is processed
134 | Continual Service Improvement
question: ‘Is this a good trend or a bad trend?’ You don’t Is this bad?
know if the call reduction is because you have reduced Is this expected?
the number of recurring errors in the infrastructure by Is this in line with targets?
good Problem Management activities or if the customers
feel that the Service Desk doesn’t provide any value and Combining multiple data points on a graph may look nice
they have started bypassing the Service Desk and going but the real question is, what does it actually mean.
directly to second-level support groups. ‘A picture is worth a thousand words’ goes the saying. In
analysing the data an accurate question would be, ‘Which
Data analysis transforms the information into knowledge thousand words?’ To transform this data into knowledge,
of the events that are affecting the organization. More skill compare the information from Step 3 against both the
and experience is required to perform data analysis than requirements from Step 1 and what could realistically be
data gathering and processing. Verification against goals measured from Step 2.
and objectives is expected during this activity. This
verification validates that objectives are being supported Be sure to also compare the clearly defined objectives
and value is being added. It is not sufficient to simply against the measurable targets that were set in the Service
produce graphs of various types but to document the Design, Transition and Operations lifecycle stages.
observations and conclusions looking to answer the Confirmation needs to be sought that these objectives and
following questions: the milestones were reached. If not, have improvement
initiatives been implemented? If so, then the CSI activities
Are there any clear trends? start again from the gathering data, processing data and
Are they positive or negative trends? analysing data steps to identify if the desired improvement
Are changes required? in service quality has been achieved. At the completion of
Are we operating according to plan? each significant stage or milestone, a review should be
Are we meeting targets? conducted to ensure the objectives have been met. It is
Are corrective actions required? possible here to use the Post-Implementation Review (PIR)
from the Change Management process. The PIR will
Are there underlying structural problems?
include a review of supporting documentation and the
What is the cost of the service gap?
general awareness amongst staff of the refined processes
It is interesting to note the number of job titles for IT or service. A comparison is required of what has been
professionals that contain the word ‘analyst’ and even achieved against the original goals.
more surprising to discover that few of them actually
During the analysis activity, but after the results are
analyse anything. This step takes time. It requires
compiled and analysis and trend evaluation have occurred,
concentration, knowledge, skills, experience etc. One of
it is recommended that internal meetings be held within
the major assumptions is that the automated processing,
IT to review the results and collectively identify
reporting, monitoring tool has actually done the analysis.
improvement opportunities. It is important to have these
Too often people simply point at a trend and say ‘Look,
internal meetings before you begin presenting and using
numbers have gone up over the last quarter.’ However,
the information which is the next activity of Continual
key questions need to be asked, such as:
Service Improvement. The result is that IT is a key player in
Is this good?
Continual Service Improvement | 135
determining how the results and any actions items are Consideration must be given to the skills required to
presented to the business. analyse from both a technical viewpoint and from an
interpretation viewpoint.
This puts IT in a better position to formulate a plan of
presenting the results and any action items to the business When analysing data, it is important to seek answers to
and to senior IT management. Throughout this publication questions such as:
the terms ‘service’ and ‘service management’ have been
Are operations running according to plan? This could
used extensively. IT is too often focused on managing the
be a project plan, financial plan, availability, capacity
various systems used by the business, often (but
or even IT Service Continuity Management plan
incorrectly) equating service and system. A service is
Are targets defined in SLAs or the Service Catalogue
actually made up of systems. Therefore if IT wants to be
being met?
perceived as a key player, then IT must move from a
Are there underlying structural problems that can be
systems-based organization to a service-based
organization. This transition will force the improvement of identified?
communication between the different IT silos that exist in Are corrective actions required?
many IT organizations. Are there any trends? If so then what are the trends
showing? Are they positive trends or negative trends?
Performing proper analysis on the data also places the
What is leading to or causing the trends?
business in a position to make strategic, tactical and
operational decisions about whether there is a need for Reviewing trends over a period of time is another
service improvement. Unfortunately, the analysis activity is important task. It is not good enough to see a snapshot of
often not done. Whether it is due to a lack of resources a data point at a specific moment in time, but to look at
with the right skills and/or simply a lack of time is unclear. the data points over a period of time. How did we do this
What is clear is that without proper analysis, errors will month compared to last month, this quarter compared to
continue to occur and mistakes will continue to be last quarter, this year compared to last year?
repeated. There will be little improvement.
Data analysis transforms the information into knowledge
8.6.6 Step 6 – Presenting and using the
of the events that are affecting the organization. As an information
example, a sub-activity of Capacity Management is The sixth step is to take our knowledge and present it,
workload management. This can be viewed as analysing that is, turn it into wisdom by utilizing reports, monitors,
the data to determine which customers use what resource, action plans, reviews, evaluations and opportunities.
how they use the resource, when they use the resource Consider the target audience; make sure that you identify
and how this impacts the overall performance of the exceptions to the service, benefits that have been
resource. You will also be able to see if there is a trend on revealed, or can be expected. Data gathering occurs at the
the usage of the resource over a period of time. From an operational level of an organization. Format this data into
incremental improvement process this could lead to some knowledge that all levels can appreciate and gain insight
focus on demand management, or influencing the into their needs and expectations.
behaviour of customers. This stage involves presenting the information in a format
that is understandable, at the right level, provides value,
136 | Continual Service Improvement
notes exceptions to service, identifies benefits that were business benefits of a well-run IT support group. The
revealed during the time period, and allows those starting point is a new perspective on goals, measures,
receiving the information to make strategic, tactical and and reporting, and how IT actions affect business results.
operational decisions. In other words, presenting the You will then be prepared to answer the question: ‘How
information in the manner that makes it the most useful does IT help to generate value for your company?’
for the target audience.
Although most reports tend to concentrate on areas where
Creating reports and presenting information is an activity things are not going as well as hoped for, do not forget to
that is done in most organizations to some extent or report on the good news as well. A report showing
another; however it often is not done well. For many improvement trends is IT services’ best marketing vehicle.
organizations this activity is simply taking the gathered It is vitally important that reports show whether CSI has
raw data (often straight from the tool) and reporting this actually improved the overall service provision and if it has
same data to everyone. There has been no processing and not, the actions taken to rectify the situation.
analysis of the data.
There are usually three distinct audiences:
8.6.7 Step 7 – Implementing corrective
action
The business – Their real need is to understand
Use the knowledge gained to optimize, improve and
whether IT delivered the service they promised at the
correct services. Managers need to identify issues and
levels they promised and if not, what corrective actions
present solutions. Explain how the corrective actions to be
are being implemented to improve the situation
taken will improve the service.
Senior (IT) management – This group is often
focused on the results surrounding CSFs and KPIs such CSI identifies many opportunities for improvement
as, customer satisfaction, actual vs. plan, costing and however organizations cannot afford to implement all of
revenue targets. Information provided at this level them. Based on goals, objectives and types of service
helps determine strategic and tactical improvements breaches, an organization needs to prioritize improvement
on a larger scale. Senior (IT) management often wants activities. Improvement initiatives can also be externally
this type of information provided in the form of a driven by regulatory requirements, changes in
Balanced Scorecard or IT scorecard format to see the competition, or even political decisions.
big picture at one glance After a decision to improve a service and/or service
Internal IT – This group is often interested in KPIs and management process is made, then the Service Lifecycle
activity metrics that help them plan, coordinate, continues. A new Service Strategy may be defined, Service
schedule and identify incremental improvement Design builds the changes, Service Transition implements
opportunities. the changes into production and then Service Operation
Now more than ever, IT must invest the time to manages the day-to-day operations of the service and/or
understand specific business goals and translate IT metrics service management processes. Keep in mind that CSI
to reflect an impact against these goals. Businesses invest activities continue through each phase of the Service
in tools and services that affect productivity, and support Lifecycle.
should be one of those services. The major challenge, and Each Service Lifecycle phase requires resources to build or
one that can be met, is to effectively communicate the modify the services and/or service management processes,
Continual Service Improvement | 137
potential new technology or modifications to existing measured and processed into logical groupings as well as
technology, potential changes to KPIs and other metrics doing the actual processing of the data. Service Operation
and possibly even new or modified OLAs/UCs to support would also be responsible for taking the component data
SLAs. Communication, training and documentation are and processing it in a format that will provide a better
required to transition a new/improved service, tool or end-to-end perspective of the service achievements.
service management process into production.
8.6.9 Role of other processes in monitoring
8.6.8 Monitoring and data collection and data collection
throughout the Service Lifecycle
Service Strategy is responsible for monitoring the progress
Service Level Management
of strategies, standards, policies and architectural decisions SLM plays a key role in the data-gathering activity as SLM
that have been made and implemented. is responsible for not only defining business requirements
but also IT’s capabilities to achieve them.
Service Design monitors and gathers data associated with
creating and modifying (design efforts of) services and One of the first items in defining IT’s capabilities is to
service management processes. This part of the Service identify what monitoring and data collection activities
Lifecycle also measures against the effectiveness and are currently taking place
ability to measure CSFs and KPIs that were defined SLM then needs to look at what is happening with the
through gathering business requirements. Service Design monitoring data. Is the monitoring taking place only at
also defines what should be measured. This would include a component level and, if so, is anyone looking at
monitoring project schedules, progress to project multiple components to provide an end-to-end service
milestones, and project results against goals and performance perspective?
objectives. SLM should also identify who gets the data, whether
any analysis takes place on the data before it is
Service Transition develops the monitoring procedures and
presented, and if any trend evaluation is undertaken to
criteria to be used during and after implementation.
understand the performance over a period of time. This
Service Transition monitors and gathers data on the actual
information will be helpful in following CSI activities
release into production of services and service
management processes. It is the responsibility of Service Through the negotiation process with the business,
Transition to ensure that the services and service SLM would define what to measure and which aspects
management processes are embedded in a way that can to report. This would in turn drive the monitoring and
be managed and maintained according to the strategies data collection requirements. If there is no capability to
and design efforts. Service Transition develops the monitor and/or collect data on an item then it should
monitoring procedures and criteria to be used during and not appear in the SLA. SLM should be a part of the
after implementation. review process to monitor results
SLM is responsible for developing and getting
Service Operation is responsible for the actual monitoring agreement on OLAs and UCs that require internal or
of services in the production environment. Service external monitoring.
Operation plays a large part in the processing activity.
Service Operation provides input into what can be
138 | Continual Service Improvement
Effort % variation against Within 10% of estimate Not to be less than Not to exceed 10% of
revised plan 10% of estimate estimate
Cost % variation against Within 10% of estimate Not to be less than Not to exceed 10% of
revised plan 10% of estimate estimate
Defects % variation against Within 10% of estimate Not to be less than Not to exceed 10% of
planned defect 10% of estimate estimate
Productivity % variation against Within 10% of estimate Not to be less than Not to exceed 10% of
productivity goal 10% of estimate estimate
Customer satisfaction Customer satisfaction Greater than 8.9 on the Not to be less than
survey result range of 1 to 10 8.9 on the range of
1 to 10
Metrics are a system of parameters or ways of quantitative Simply looking at some results and declaring a trend is
assessment of a process that is to be measured, along dangerous. Figure 8.3 shows a trend that the Service Desk
with the processes to carry out such measurement. Metrics is opening fewer incident tickets over the last few months.
define what is to be measured. Metrics are usually One could believe that this is because there are fewer
specialized by the subject area, in which case they are Incidents or perhaps it is because the customers are not
valid only within a certain domain and cannot be directly happy with the service that is being provided, so they go
benchmarked or interpreted outside it. Generic metrics, elsewhere for their support needs. Perhaps the
however, can be aggregated across subject areas or organization has implemented a self-help knowledge base
business units of an enterprise. and some customers are now using this service instead of
contacting the Service Desk. Some investigation is
8.6.11 Interpreting metrics required to understand what is driving these metrics.
When beginning to interpret the results it is important to
know the data elements that make up the results, the
purpose of producing the results and the expected normal
ranges of the results.
140 | Continual Service Improvement
16,000
15,500
Number of incident tickets
15,000
14,500
opened
14,000
13,500
Number of incident
13,000 tickets
12,500
12,000
11,500
ry
y
ua
ar
ch
ne
nu
ril
br
ay
ar
Ap
Fe
Ju
Ja
M
8.7 SERVICE REPORTING It is not satisfactory simply to present reports which depict
adherence (or otherwise) to SLAs, which in themselves are
A significant amount of data is collated and monitored by
prone to statistical ambiguity. IT needs to build an
IT in the daily delivery of quality service to the business;
actionable approach to reporting, i.e. this is what
however, only a small subset is of real interest and
happened, this is what we did, this is how we will ensure
importance to the business. (Figure 8.4 shows the
it doesn’t impact you again, and this is how we are
process.) The majority of data and its meaning are more
working to improve the delivery of IT services generally.
suited to the internal management needs of IT.
The business likes to see a historical representation of the
past period’s performance that portrays their experience;
however, it is more concerned with those historical events
that continue to be a threat going forward, and how IT
intend to militate against such threats.
Continual Service Improvement | 141
The Business
Define Reporting
Policies and Rules
Collate
Publish
9 Complementary guidance
9.1 ITIL AND OTHER FRAMEWORKS, ISO 20000 is based on the ITIL service management
PRACTICES AND STANDARDS processes.
Continual Service Improvement Service Strategy Processes Service Design Processes Service Transition Processes Service Operation Processes
Processes Demand Management
Strategy Generation
Service Portfolio Management
IT Financial Management
Service Catalogue Management
Service Measurement Service Level Management
Capacity Management
Availability Management
Service Continuity Management
Information Security Management
Supplier Management
Transition Planning and Support
Service Reporting
Change Management
Service Asset and Configuration Management
Release and Deployment Management
Service Validation and Testing
Evaluation
Knowledge Management
Event Management
Service Improvement
Incident Management
Request Fulfilment
Problem Management
Access Management
Operation Management
all stages of the lifecycle. They reside predominantly in Provider. In this scenario the Service Provider could be
Service Strategy and Continual Service Improvement. Type I, II or III (refer to section 4.3 for a description of
Service Provider types).
The lifecycle structure of ITIL leverages process and activity
elements throughout various stages of the lifecycle and Not all of the Service Management Model elements are
Figure 10.2 illustrates the reach of each of the governance shown in their entirety in this scenario, but can be
and operational elements across the lifecycle. referenced from the web portal in their entire depth and
application. The use of this scenario is intended to help
The illustrations that follow are an excerpt of the full ITIL
you gain an understanding of the basic practice and
integrated Service Management Model which is available
process elements used across the ITIL Service Lifecycle.
on the ITIL Live™ web portal (www.itil-live-portal.com).
The specific sub-process activities and work instructions
A particular scenario has been chosen to illustrate the flow are not shown here, but again, can be obtained from the
and integration of the Service Management Model and ITIL web portal.
how the lifecycle flows from the inception of a service to
its retirement. The scenario involves a business outcome
that will require a new service to be offered by a Service
The ITIL Service Management Model | 151
Type I
Figure 10.3 Typical Type I Service Provider interactions
Customer
Supplier
Generic Value Network
Type II
Figure 10.4 Type II Service Provider interactions
Supplier Services
Supplier
Type III
Figure 10.5 Type III Service Provider interactions
Business Customers
Business Services Business Services
Business Services
Company
Supplier Services
Supplier
Each of the start and termination nodes depicts an input Each of the elements shown is comprised of a variety of
that triggers the process or an output that triggers another activities. These are not described here in detail but
process. provided to illustrate the main practice activities an
organization would expect to execute during the Service
As an example, Figure 10.6 illustrates that the trigger for
Lifecycle. Details about each of these can be found in the
the Service Strategy processes is a desired business
ITIL Service Management core lifecycle publications and
strategy. The termination of the Service Strategy processes
on the ITIL Live™ web portal (www.itil-live-portal.com).
is the chartering of a service and the supply of a Service
Level Package, which then triggers the Service Design
processes, and so on.
Within each process element, a number of main practice
elements accompany each process and are carried out
during the lifecycle. Figure 10.7 illustrates these.
154 | The ITIL Service Management Model
Continual
Service Service
Service Strategy Service Design Service
Transition Operation Improvement
Service Transition
Strategy Event Service
Catalogue Planning &
Generation Management Measurement
Management Support
Service Asset
Demand Availability & Incident Service
Management Management Configuration Management Reporting
Management
IT Service Service
Operations
Continuity Knowledge
Management
Management Management
Service
Service Design Performance
Service Released
Package Reporting
Determine
Analyse perspective
external Vision
factors
Form a
position
Policies Continual
Establish Service
Service
objectives Strategy
Improvement
• Service Portfolio
Craft a plan
• Service Design
Plans requirements
Analyse
• Service Transition
internal requirements
factors
Adopt • Service Operation
patterns of requirements
action Actions
Service Portfolio
Service Catalogue
Service Pipeline
Continual Service
Improvement
Third-party
Market
catalogue
spaces
Service
design
Customers
10.5 DECIDING THE COURSE OF ACTION TO If during this assessment the business decides that the
CREATE A NEW SERVICE options available cannot be committed to at the time,
Continual Service Improvement will review this periodically
10.5.1 Stage 1 – Service Strategy elements to determine if a future time is appropriate to charter and
create the service or if there are external catalysts that
In Figure 10.10, Service Strategy evaluates the Service
might make it feasible to proceed at a particular point in
Portfolio to determine if existing capabilities are in place
time as part of a service improvement programme.
to create the service and deliver the desired business
outcomes. Note that other parts of the ITIL Service
10.5.2 Stage 2 – Design the solution
Lifecycle are involved during the assessment. For example
Service Design will evaluate the existing Service Catalogue In this stage, all parts of the Service Lifecycle are involved
to determine if live services can be tagged to deliver the (Figure 10.11). Each provides input as part of the
required business outcomes. Service Transition becomes requirements-gathering stage to ensure that a full service-
involved when the new service is designed either from focused view is understood and leveraged when designing
existing capabilities in the Service Portfolio or Catalogue, the service. Examples of the benefits in involving all parts
or added to them, and moves to the transition stage of of the Service Provider network are:
the Service Lifecycle.
Tag service
Service
Match outcome to
Identify business services in Service portfolio with New service Customer will
A good match? Yes Charter Service
outcome Portfolio pipeline service concept Justified? commit?
outcome
No No Yes
Service
Design
No
Prepare for
Transition
Operation
Service
Improvement
Continual
Service
Review desired
outcome
periodically or on
exception
The ITIL Service Management Model | 159
Service Level
Strategy
Requirements
Service
Package No Yes
signed off?
Buy Buy
Build Build
Transition
Provide input
Service
Service Design
to Package
requirements
Operation
Provide input
Service
to
requirements
Improvement
Continual
Service
Provide input
to
requirements
Ability to re-use existing technology and resources in A full description of these elements and the guidance on
the operation and support of the new services executing them can be found in the Service Design core
Understanding the impact across the Service Provider publication.
network of introducing a new service
Ensuring that the new Service Design is consistent with 10.5.3 Stage 3 – Transition the service
the capabilities planned and future investment strategy For a service being built, once the Service Design Package
of the organization. (SDP) has been created during the Service Design stage,
the service can be planned, built, tested and deployed.
It is important to note that the Service Design stage of the
During the Service Transition stage the elements executed
lifecycle will also consider design activities that ensure
draw from key Service Transition processes:
Availability, Capacity, Security, Service Continuity etc. This
is done during the solution design as part of the five Transition Planning and Support
aspects of Service Design (refer to the Service Design core Change Management
publication). The detailed Service Management Model Service Asset and Configuration Management
elements for these are available on the ITIL Live Web Service Validation and Testing Management
portal (www.itil-live-portal.com).
Release and Deployment Management.
160 | The ITIL Service Management Model
Revise Service
Service
Design
Create Service
Design Package
Design Package
No
The process workflows for these can be found both in the Now that the scenario has reached the stage of going into
Service Transition core publication and the ITIL Live web live operation, there are many interactions and information
portal (www.itil-live-portal.com). flows that are being passed through the various stages of
the ITIL Service Lifecycle. Figure 10.15 depicts some of
Figure 10.14 shows an example of the Change
those interactions from a view during the transition stage
Management process as it would be executed in this
of the lifecycle. Note the assortment of data and
scenario. It would be included as part of the elements
information passing between stages by this point in the
shown in Figure 10.13, which are an extract from the
creation of the service.
‘Transition the service’ workflow in Figure 10.12.
The full Change Management process flow for these
elements (Figure 10.14) is taken from the Service
Transition publication.
The ITIL Service Management Model | 161
Create
RFC
Change
proposal
(optional)
Record the
RFC
Initiator
requested
Review
RFC
Change
Plan updates
Change
Management scheduled Work orders
Coordinate change
implementation*
Change
Management implemented
Customer
Service Change
Strategy Service Management
Activities Lifecycle Activities
within Governance within
Service Provider Processes Transition Change Request
Transition
Phase Phase
Evaluation Activities
Change Evaluation within Transition Phase Service
Operation
Processes
10.5.4 Stage 4 – Operate the service predicted results and meeting the business outcomes we
In our scenario we have now deployed the new service started with.
and have accepted it into live operation. But the work Beyond early life support, the service becomes ‘business as
from Strategy, Design and Transition is not done. usual’ and is continuously monitored and controlled,
Early life support is a critical part of ensuring that what we becoming part of the overall service value to the business
have planned, built, tested and installed is producing the customer.
The ITIL Service Management Model | 163
Change
Service
Management
Operational
Customer Request
Service Desk Change
Self Service Fulfilment
Management
Improvement
Continual
Service
Proactive Corrective
Problem Action &
Service
Analysis Improvement
The workflow in Figure 10.16 depicts the high-level provided with feedback on the performance of the new
activities within Service Operation. The details of each service, any issues that are revealed, how the business
process element and activity can be found in the Service customer is adapting to use of the new service, etc.
Operation core publication and the ITIL Live™ web portal
It is at this stage that the measurement systems and
(www.itil-live-portal.com).
metrics created at the design stage begin to be generated
During early life support Service Transition and Service and accumulated for service reporting. It is also at this
Operation work together. As is often the case, a number of stage that the quality and value of the new service are
issues with a new service may be uncovered. Depending realized since the business is now fully engaged in its use.
upon the nature of these, information should be recorded
A few examples of the full process workflows in Service
either as events, incidents or known errors, and passed
Operation are given in Figures 10.17 and 10.18. The full
along the workflow accordingly. Service Strategy, Service
integrated Service Management Model and process flows
Design and Continual Service Improvement should be
can be obtained on the ITIL Live web portal.
164 | The ITIL Service Management Model
Event
Event Notification
Generated
Event Detected
Event Filtered
Warning
Event Correlation
Trigger
Incident/
Event Logged Auto Response Alert Problem/
Incident Change? Change
Problem
Review Actions
No
Effective?
Yes
Close Event
End
The ITIL Service Management Model | 165
Incident
Identification
Incident
Logging
Incident
Categorization
Yes
Service Request? To Request
Fulfilment
No
Incident
Prioritization
No
Initial
Diagnosis
Functional Functional
Yes Yes Escalation
Escalation
Needed? 2/3 Level
No Investigation
& Diagnosis
Resolution
and Recovery
Incident Closure
End
166 | The ITIL Service Management Model
The new service is now in full operation and much more Whatever the reason behind the need for change, the
information is being exchanged within the ITIL Service Continual Service Improvement stage offers the means to
Lifecycle. An example of this is provided in Figure 10.19. cast an eye over the performance, utility and warrant of
the new service on an ongoing basis.
10.5.5 Stage 5 – Continual Service Figure 10.20 illustrates some of the main elements and
Improvement processes involved in service improvement.
Even a new designed service will undergo improvements
The Continual Service Improvement core publication
over time. There are many reasons for this. Business
documents the full process elements. With a new service,
outcomes change as business needs evolve. New
the activities revolve around ensuring that business value
technologies become available that are sought after to
and expected outcomes are being achieved, and
improve services. Competitive forces demand rapid
identifying where there are opportunities to improve
change capability for both business outcomes and Service
further. Continual Service Improvement feeds back to
Providers.
every stage in the Service Lifecycle.
Customer
IT Services Demand
Problem
Service
Transition Request Incidents Incident Incidents Management
Processes Fulfilment Management Activities within
Operation Phase
Service Transition
Access Event
Activities within
Management Management Service Operation
Operation Phase
Improvement Plan
Service Operation
Service Strategy Reports
Service Design
Activities within Activities within
Operation Phase Operation Phase
Supplier Services
Supplier
The ITIL Service Management Model | 167
Feedback on
Service
improvement
opportunities
Feedback on
Service
Design
improvement
opportunities
Transition
Feedback on
Service
improvement
opportunities
Operation
Service
Feedback on
improvement
opportunities
Improvement
Continual
Figure 10.21 shows the information flow within the Readers are encouraged to learn more about the
process elements of Continual Service Improvement. integrated ITIL Service Management Model by exploring
the core ITIL Service Management publications and visiting
These five stages form part of a larger, integrated Service
the ITIL Live™ web portal (www.itil-live-portal.com).
Management Model and show how they would be applied
for the creation of a new service. Organizations should
think of the broader picture of the ebb, flow and
interactions within the Service Lifecycle.
Figure 10.22 shows the high-level integrated flow
between lifecycle stages.
If we think of the main elements involved in the creation
of a new service as layers through the lifecycle (Figure
10.23), we see the interactions and dependencies needed
to ensure that business outcomes and business value are
met.
168 | The ITIL Service Management Model
IT Strategy
Service
Internal Service Reports Lifecycle
Service Reporting Operational
Processes
Supplier
The ITIL Service Management Model | 169
Service
Supplier Service Level
Negotiate and Agree Design Solution Catalogue
Management Management
Management
Service Design
Service
Package Reliabilty Balanced Design Requirements Measurement Systems Architecture Compliance Design
Availability Capacity Security Continuity
Quality Assurance Service Acceptance Conformance Utility and Warranty Decision Capability
Planning & Support Validation & Testing Evaluation Knowledge
Service
Early Life
Transition
Service Asset & Release & Support
Change Optimize Risk Verify
Configuration Deployment
Management
Management Management
Continual
Service Service
Improvement Service Define the Metrics Service Analyze Improvement
Improve
Measurement Reporting Plan
170 | The ITIL Service Management Model
Figure 10.23 Layered view of the main elements in the Service Lifecycle
ycle
L ifec
vice nts
Ser Eleme
t
rke
e Ma
efin
–D
ge1
Sta
tion
S olu
the
ign
– Des
g e2
Sta vice
e Ser
n th
nsitio
– Tra
g e3
Sta vice
e Ser
ate th
O per
4–
ge
Sta vice
e Ser
e th
rov
Imp
e 5–
Stag
Acronyms
| 173
Acronyms
ACD Automatic Call Distribution CSI Continual Service Improvement
AM Availability Management CSIP Continual Service Improvement Plan
AMIS Availability Management Information System CSP Core Service Package
ASP Application Service Provider CTI Computer Telephony Integration
BCM Business Capacity Management DIKW Data-to-Information-to-Knowledge-to-
Wisdom
BCM Business Continuity Management
ELS Early Life Support
BCP Business Continuity Plan
eSCM-CL eSourcing Capability Model for Client
BIA Business Impact Analysis
Organizations
BRM Business Relationship Manager
eSCM-SP eSourcing Capability Model for Service
BSI British Standards Institution Providers
BSM Business Service Management FMEA Failure Modes and Effects Analysis
CAB Change Advisory Board FTA Fault Tree Analysis
CAB/EC Change Advisory Board/Emergency IRR Internal Rate of Return
Committee
ISG IT Steering Group
CAPEX Capital Expenditure
ISM Information Security Management
CCM Component Capacity Management
ISMS Information Security Management System
CFIA Component Failure Impact Analysis
ISO International Organization for
CI Configuration Item Standardization
CMDB Configuration Management Database ISP Internet Service Provider
CMIS Capacity Management Information System IT Information Technology
CMM Capability Maturity Model ITSCM IT Service Continuity Management
CMMI Capability Maturity Model Integration ITSM IT Service Management
CMS Configuration Management System itSMF IT Service Management Forum
COTS Commercial off the Shelf IVR Interactive Voice Response
CSF Critical Success Factor KEDB Known Error Database
174 | Acronyms
Glossary
The publication names included in parentheses after the authorized Users are able to access or modify the Assets.
name of a term identify where a reader can find more Access Management is sometimes referred to as Rights
information about that term. This is either because the Management or Identity Management.
term is primarily used by that publication or because
additional useful information about that term can be Account Manager
found there. Terms without a publication name associated (Service Strategy) A Role that is very similar to Business
with them may be used generally by several publications, Relationship Manager, but includes more commercial
or may not be defined in any greater detail than can be aspects. Most commonly used when dealing with External
found in the glossary, i.e. we only point readers to Customers.
somewhere they can expect to expand on their
knowledge or to see a greater context. Terms with Accounting
multiple publication names are expanded on in multiple
(Service Strategy) The Process responsible for identifying
publications.
actual Costs of delivering IT Services, comparing these
Where the definition of a term includes another term, with budgeted costs, and managing variance from the
those related terms are given initial capitals. This is Budget.
designed to help the reader with their understanding by
pointing them to additional definitions that are all part of Accredited
the original term they were interested in. The form ‘See Officially authorized to carry out a Role. For example an
also Term X, Term Y’ is used at the end of a definition Accredited body may be authorized to provide training or
where an important related term is not used with the text to conduct Audits.
of the definition itself.
Active Monitoring
Acceptance
(Service Operation) Monitoring of a Configuration Item or
Formal agreement that an IT Service, Process, Plan or other an IT Service that uses automated regular checks to
Deliverable is complete, accurate, reliable and meets its discover the current status. See also Passive Monitoring.
specified Requirements. Acceptance is usually preceded
by Evaluation or Testing and is often required before Activity
proceeding to the next stage of a Project or Process. See
A set of actions designed to achieve a particular result.
also Service Acceptance Criteria.
Activities are usually defined as part of Processes or Plans,
and are documented in Procedures.
Access Management
(Service Operation) The Process responsible for allowing
Users to make use of IT Services, data, or other Assets.
Access Management helps to protect the Confidentiality,
Integrity and Availability of Assets by ensuring that only
178 | Glossary
BIA defines the recovery requirements for IT Services. Ensuring that the IT Service Provider is satisfying the
These requirements include Recovery Time Objectives, Business needs of the Customers.
Recovery Point Objectives and minimum Service Level
This Process has strong links with Service Level
Targets for each IT Service.
Management.
Reset) or may be very complex with many steps that Chronological Analysis
require approval (e.g. major software release). See also (Service Operation) A technique used to help identify
Standard Change, Change Advisory Board. possible causes of Problems. All available data about the
Problem is collected and sorted by date and time to
Change Record provide a detailed timeline. This can make it possible to
(Service Transition) A Record containing the details of a identify which Events may have been triggered by others.
Change. Each Change Record documents the Lifecycle of a
single Change. A Change Record is created for every CI Type
Request for Change that is received, even those that are (Service Transition) A Category that is used to Classify CIs.
subsequently rejected. Change Records should reference The CI Type identifies the required Attributes and
the Configuration Items that are affected by the Change. Relationships for a Configuration Record. Common CI
Change Records are stored in the Configuration Types include: Hardware, Document, User etc.
Management System.
Classification
Change Request
The act of assigning a Category to something.
See Request for Change. Classification is used to ensure consistent management
and reporting. CIs, Incidents, Problems, Changes etc. are
Change Schedule usually classified.
(Service Transition) A Document that lists all approved
Changes and their planned implementation dates. A Client
Change Schedule is sometimes called a Forward Schedule A generic term that means a Customer, the Business or a
of Change, even though it also contains information about Business Customer. For example, Client Manager may be
Changes that have already been implemented. used as a synonym for Account Manager.
Charging Closed
(Service Strategy) Requiring payment for IT Services. (Service Operation) The final Status in the Lifecycle of an
Charging for IT Services is optional, and many Incident, Problem, Change etc. When the Status is Closed,
Organizations choose to treat their IT Service Provider as a no further action is taken.
Cost Centre.
186 | Glossary
Continual Service Improvement Roles, RAID, door locks etc. A Control is sometimes called a
(Continual Service Improvement) A stage in the Lifecycle Countermeasure or safeguard. Control also means to
of an IT Service and the title of one of the Core ITIL manage the utilization or behaviour of a Configuration
publications. Continual Service Improvement is responsible Item, System or IT Service.
for managing improvements to IT Service Management
Processes and IT Services. The Performance of the IT Control Objectives for Information and
Service Provider is continually measured and related Technology
improvements are made to Processes, IT Services and IT See COBIT.
Infrastructure in order to increase Efficiency, Effectiveness
and Cost Effectiveness. See also Plan-Do-Check-Act. Control Perspective
(Service Strategy) An approach to the management of IT
Continuous Availability Services, Processes, Functions, Assets etc. There can be
(Service Design) An approach or design to achieve 100% several different Control Perspectives on the same IT
Availability. A Continuously Available IT Service has no Service, Process etc., allowing different individuals or
planned or unplanned Downtime. teams to focus on what is important and relevant to their
specific Role. Example Control Perspectives include
Continuous Operation Reactive and Proactive management within IT Operations,
(Service Design) An approach or design to eliminate or a Lifecycle view for an Application Project team.
planned Downtime of an IT Service. Note that individual
Configuration Items may be down even though the IT Control Processes
Service is Available. The ISO/IEC 20000 Process group that includes Change
Management and Configuration Management.
Contract
A legally binding Agreement between two or more parties. Core Service
(Service Strategy) An IT Service that delivers basic
Contract Portfolio Outcomes desired by one or more Customers. See also
(Service Strategy) A database or structured Document used Supporting Service, Core Service Package.
to manage Service Contracts or Agreements between an IT
Service Provider and their Customers. Each IT Service Core Service Package
delivered to a Customer should have a Contract or other (Service Strategy) A detailed description of a Core Service
Agreement that is listed in the Contract Portfolio. See that may be shared by two or more Service Level
Service Portfolio, Service Catalogue. Packages. See also Service Package.
Control Cost
A means of managing a Risk, ensuring that a Business The amount of money spent on a specific Activity, IT
Objective is achieved, or ensuring that a Process is Service or Business Unit. Costs consist of real cost (money),
followed. Example Controls include Policies, Procedures, notional cost such as people’s time, and Depreciation.
Glossary | 189
Document Effectiveness
Information in readable form. A Document may be paper (Continual Service Improvement) A measure of whether
or electronic. For example, a Policy statement, Service the Objectives of a Process, Service or Activity have been
Level Agreement, Incident Record, diagram of computer achieved. An Effective Process or activity is one that
room layout. See also Record. achieves its agreed Objectives. See also KPI.
Downtime Efficiency
(Service Design) (Service Operation) The time when a (Continual Service Improvement) A measure of whether
Configuration Item or IT Service is not Available during its the right amount of resources have been used to deliver a
Agreed Service Time. The Availability of an IT Service is Process, Service or Activity. An Efficient Process achieves its
often calculated from Agreed Service Time and Downtime. Objectives with the minimum amount of time, money,
people or other resources. See also KPI.
Driver
Something that influences Strategy, Objectives or Emergency Change
Requirements. For example, new legislation or the actions (Service Transition) A Change that must be introduced as
of competitors. soon as possible. For example, to resolve a Major Incident
or implement a Security patch. The Change Management
Early Life Support Process will normally have a specific Procedure for
(Service Transition) Support provided for a new or handling Emergency Changes. See also Emergency Change
Changed IT Service for a period of time after it is Released. Advisory Board (ECAB).
During Early Life Support the IT Service Provider may
review the KPIs, Service Levels and Monitoring Thresholds, Emergency Change Advisory Board
and provide additional Resources for Incident and Problem (Service Transition) A sub-set of the Change Advisory Board
Management. that makes decisions about high-impact Emergency
Changes. Membership of the ECAB may be decided at the
Economies of scale time a meeting is called, and depends on the nature of
(Service Strategy) The reduction in average Cost that is the Emergency Change.
possible from increasing the usage of an IT Service or
Asset. See also Economies of scope. Environment
(Service Transition) A subset of the IT Infrastructure that is
Economies of scope used for a particular purpose. For example: Live
(Service Strategy) The reduction in Cost that is allocated to Environment, Test Environment, Build Environment. It is
an IT Service by using an existing Asset for an additional possible for multiple Environments to share a
purpose. For example, delivering a new IT Service from Configuration Item, for example Test and Live
existing IT Infrastructure. See also Economies of scale. Environments may use different partitions on a single
mainframe computer. Also used in the term Physical
Environment to mean the accommodation, air
conditioning, power system etc.
Glossary | 193
represents a chain of events using Boolean notation in a Requests are passed between groups in different time
diagram. zones.
responsibilities of both parties. For example there could be Standards Organization or itSMF. The term Organization is
an OLA: sometimes used to refer to any entity that has People,
Resources and Budgets. For example a Project or Business
Between the IT Service Provider and a procurement
Unit.
department to obtain hardware in agreed times
Between the Service Desk and a Support Group to
Outcome
provide Incident Resolution in agreed times.
The result of carrying out an Activity; following a Process;
See also Service Level Agreement. delivering an IT Service etc. The term Outcome is used to
refer to intended results, as well as to actual results. See
Operations Bridge also Objective.
(Service Operation) A physical location where IT Services
and IT Infrastructure are monitored and managed. Outsourcing
(Service Strategy) Using an External Service Provider to
Operations Control manage IT Services. See also Service Sourcing, Type III
See IT Operations Control. Service Provider.
with the Business, and with Third Parties who are critical Pilot
to the delivery of IT Services. See also Value Network. (Service Transition) A limited Deployment of an IT Service,
a Release or a Process to the Live Environment. A pilot is
Passive Monitoring used to reduce Risk and to gain User feedback and
(Service Operation) Monitoring of a Configuration Item, an Acceptance. See also Test, Evaluation.
IT Service or a Process that relies on an Alert or notification
to discover the current status. See also Active Monitoring. Plan
A detailed proposal that describes the Activities and
Pattern of Business Activity Resources needed to achieve an Objective. For example a
(Service Strategy) A Workload profile of one or more Plan to implement a new IT Service or Process. ISO/IEC
Business Activities. Patterns of Business Activity are used to 20000 requires a Plan for the management of each IT
help the IT Service Provider understand and plan for Service Management Process.
different levels of Business Activity. See also User Profile.
Plan-Do-Check-Act
Percentage utilization (Continual Service Improvement) A four-stage cycle for
(Service Design) The amount of time that a Component is Process management, attributed to Edward Deming. Plan-
busy over a given period of time. For example, if a CPU is Do-Check-Act is also called the Deming Cycle.
busy for 1,800 seconds in a one-hour period, its utilization
PLAN: Design or revise Processes that support the IT
is 50%.
Services.
Performance DO: Implement the Plan and manage the Processes.
A measure of what is achieved or delivered by a System, CHECK: Measure the Processes and IT Services, compare
person, team, Process or IT Service. with Objectives and produce reports.
ACT: Plan and implement Changes to improve the
Performance Anatomy
Processes.
(Service Strategy) An approach to Organizational Culture
that integrates, and actively manages, leadership and Planned Downtime
strategy, people development, technology enablement,
(Service Design) Agreed time when an IT Service will not
performance management and innovation.
be available. Planned Downtime is often used for
maintenance, upgrades and testing. See also Change
Performance Management
Window, Downtime.
(Continual Service Improvement) The Process responsible
for day-to-day Capacity Management Activities. These Planning
include monitoring, threshold detection, Performance
An Activity responsible for creating one or more Plans. For
analysis and Tuning, and implementing changes related to
example, Capacity Planning.
Performance and Capacity.
Glossary | 207
PMBOK Pricing
A Project management Standard maintained and (Service Strategy) Pricing is the Activity for establishing
published by the Project Management Institute. PMBOK how much Customers will be Charged.
stands for Project Management Body of Knowledge. See
www.pmi.org for more information. See also PRINCE2. PRINCE2
The standard UK government methodology for Project
Policy management. See www.ogc.gov.uk/prince2 for more
Formally documented management expectations and information. See also PMBOK.
intentions. Policies are used to direct decisions, and to
ensure consistent and appropriate development and Priority
implementation of Processes, Standards, Roles, Activities, IT (Service Transition) (Service Operation) A Category used to
Infrastructure etc. identify the relative importance of an Incident, Problem or
Change. Priority is based on Impact and Urgency, and is
Portable Facility used to identify required times for actions to be taken. For
(Service Design) A prefabricated building, or a large example the SLA may state that Priority 2 Incidents must
vehicle, provided by a Third Party and moved to a site be resolved within 12 hours.
when needed by an IT Service Continuity Plan. See also
Recovery Option, Fixed Facility. Proactive Monitoring
(Service Operation) Monitoring that looks for patterns of
Post-Implementation Review Events to predict possible future Failures. See also Reactive
A Review that takes place after a Change or a Project has Monitoring.
been implemented. A PIR determines if the Change or
Project was successful, and identifies opportunities for Proactive Problem Management
improvement. (Service Operation) Part of the Problem Management
Process. The Objective of Proactive Problem Management
Practice is to identify Problems that might otherwise be missed.
A way of working, or a way in which work must be done. Proactive Problem Management analyses Incident Records,
Practices can include Activities, Processes, Functions, and uses data collected by other IT Service Management
Standards and Guidelines. See also Best Practice. Processes to identify trends or significant problems.
Problem Management several Process Managers for one Process, for example
(Service Operation) The Process responsible for managing regional Change Managers or IT Service Continuity
the Lifecycle of all Problems. The primary objectives of Managers for each data centre. The Process Manager Role
Problem Management are to prevent Incidents from is often assigned to the person who carries out the
happening, and to minimize the Impact of Incidents that Process Owner Role, but the two Roles may be separate in
cannot be prevented. larger Organizations.
Services include banking, legal support or e-mail. Service is available for Deployment. The Service Catalogue is the
also used as a synonym for IT Service. only part of the Service Portfolio published to Customers,
and is used to support the sale and delivery of IT Services.
Service Acceptance Criteria The Service Catalogue includes information about
(Service Transition) A set of criteria used to ensure that an deliverables, prices, contact points, ordering and request
IT Service meets its functionality and Quality Requirements Processes. See also Contract Portfolio.
and that the IT Service Provider is ready to Operate the
new IT Service when it has been Deployed. See also Service Continuity Management
Acceptance. See IT Service Continuity Management.
Service Failure Analysis the IT Service Provider and the Customer. A single SLA
(Service Design) An Activity that identifies underlying may cover multiple IT Services or multiple Customers. See
causes of one or more IT Service interruptions. SFA also Operational Level Agreement.
identifies opportunities to improve the IT Service Provider’s
Processes and tools, and not just the IT Infrastructure. SFA Service Level Management
is a time-constrained, project-like activity, rather than an (Service Design) (Continual Service Improvement) The
ongoing process of analysis. Process responsible for negotiating Service Level
Agreements, and ensuring that these are met. SLM is
Service Hours responsible for ensuring that all IT Service Management
(Service Design) (Continual Service Improvement) An Processes, Operational Level Agreements and
agreed time period when a particular IT Service should be Underpinning Contracts are appropriate for the agreed
available. For example, ‘Monday-Friday 08:00 to 17:00 Service Level Targets. SLM monitors and reports on Service
except public holidays’. Service Hours should be defined in Levels, and holds regular Customer reviews.
a Service Level Agreement.
Service Level Package
Service Improvement Plan (Service Strategy) A defined level of Utility and Warranty
(Continual Service Improvement) A formal Plan to for a particular Service Package. Each SLP is designed to
implement improvements to a Process or IT Service. meet the needs of a particular Pattern of Business Activity.
See also Line of Service.
Service Knowledge Management System
Service Level Requirement
(Service Transition) A set of tools and databases that are
used to manage knowledge and information. The SMKS (Service Design) (Continual Service Improvement) A
includes the Configuration Management System, as well as Customer Requirement for an aspect of an IT Service. SLRs
other tools and databases. The SKMS stores, manages, are based on Business Objectives and are used to
updates and presents all information that an IT Service negotiate agreed Service Level Targets.
Provider needs to manage the full Lifecycle of IT Services.
Service Level Target
Service Level (Service Design) (Continual Service Improvement) A
Measured and reported achievement against one or more commitment that is documented in a Service Level
Service Level Targets. The term Service Level is sometimes Agreement. Service Level Targets are based on Service
used informally to mean Service Level Target. Level Requirements, and are needed to ensure that the IT
Service design is Fit for Purpose. Service Level Targets
Service Level Agreement should be measurable, and are usually based on KPIs.
Service Management Package includes a Service Level Package and one or more
Service Management is a set of specialized organizational Core Services and Supporting Services.
capabilities for providing value to Customers in the form
of services. Service Pipeline
(Service Strategy) A database or structured Document
Service Management Lifecycle listing all IT Services that are under consideration or
An approach to IT Service Management that emphasizes Development, but are not yet available to Customers. The
the importance of coordination and Control across the Service Pipeline provides a Business view of possible future
various Functions, Processes and Systems necessary to IT Services and is part of the Service Portfolio that is not
manage the full Lifecycle of IT Services. The Service normally published to Customers.
Management Lifecycle approach considers the Strategy,
Design, Transition, Operation and Continuous Service Portfolio
Improvement of IT Services. (Service Strategy) The complete set of Services that are
managed by a Service Provider. The Service Portfolio is
Service Manager used to manage the entire Lifecycle of all Services, and
A manager who is responsible for managing the end-to- includes three Categories: Service Pipeline (proposed or in
end Lifecycle of one or more IT Services. The term Service Development); Service Catalogue (Live or available for
Manager is also used to mean any manager within the IT Deployment); and Retired Services. See also Service
Service Provider. Most commonly used to refer to a Portfolio Management, Contract Portfolio.
Business Relationship Manager, a Process Manager, an
Account Manager or a senior manager with responsibility Service Portfolio Management
for IT Services overall. (Service Strategy) The Process responsible for managing
the Service Portfolio. Service Portfolio Management
Service Operation considers Services in terms of the Business value that they
(Service Operation) A stage in the Lifecycle of an IT provide.
Service. Service Operation includes a number of Processes
and Functions and is the title of one of the Core ITIL Service Potential
publications. See also Operation. (Service Strategy) The total possible value of the overall
Capabilities and Resources of the IT Service Provider.
Service Owner
(Continual Service Improvement) A Role that is Service Provider
accountable for the delivery of a specific IT Service. (Service Strategy) An Organization supplying Services to
one or more Internal Customers or External Customers.
Service Package Service Provider is often used as an abbreviation for IT
(Service Strategy) A detailed description of an IT Service Service Provider. See also Type I Service Provider, Type II
that is available to be delivered to Customers. A Service Service Provider, Type III Service Provider.
Glossary | 217
IT Service Continuity Management, but also applies to another. A single Transaction may involve numerous
other areas such as Problem and Availability Management. additions, deletions and modifications of data. Either all of
these complete successfully or none of them is carried out.
Threshold
The value of a Metric that should cause an Alert to be Transition
generated, or management action to be taken. For (Service Transition) A change in state, corresponding to a
example ‘Priority 1 Incident not solved within four hours’, movement of an IT Service or other Configuration Item
‘more than five soft disk errors in an hour’, or ‘more than from one Lifecycle status to the next.
10 failed changes in a month’.
Transition Planning and Support
Throughput (Service Transition) The Process responsible for Planning all
(Service Design) A measure of the number of Transactions, Service Transition Processes and coordinating the
or other Operations, performed in a fixed time. For resources that they require. These Service Transition
example, 5,000 e-mails sent per hour, or 200 disk I/Os per Processes are Change Management, Service Asset and
second. Configuration Management, Release and Deployment
Management, Service Validation and Testing, Evaluation
Total Cost of Ownership and Knowledge Management.
(Service Strategy) A methodology used to help make
investment decisions. TCO assesses the full Lifecycle Cost Trend Analysis
of owning a Configuration Item, not just the initial Cost or (Continual Service Improvement) Analysis of data to
purchase price. See also Total Cost of Utilization. identify time-related patterns. Trend Analysis is used in
Problem Management to identify common Failures or
Total Cost of Utilization fragile Configuration Items, and in Capacity Management
(Service Strategy) A methodology used to help make as a Modelling tool to predict future behaviour. It is also
investment and Service Sourcing decisions. TCU assesses used as a management tool for identifying deficiencies in
the full Lifecycle Cost to the Customer of using an IT IT Service Management Processes.
Service. See also Total Cost of Ownership.
Tuning
Total Quality Management The Activity responsible for Planning changes to make the
(Continual Service Improvement) A methodology for most efficient use of Resources. Tuning is part of
managing continual Improvement by using a Quality Performance Management, which also includes
Management System. TQM establishes a Culture involving Performance monitoring and implementation of the
all people in the Organization in a Process of continual required Changes.
monitoring and improvement.
Type I Service Provider
Transaction (Service Strategy) An Internal Service Provider that is
A discrete Function performed by an IT Service. For embedded within a Business Unit. There may be several
example transferring money from one bank account to Type I Service Providers within an Organization.
Glossary | 223
Vulnerability Workload
A weakness that could be exploited by a Threat. For The Resources required to deliver an identifiable part of an
example an open firewall port, a password that is never IT Service. Workloads may be categorized by Users, groups
changed, or a flammable carpet. A missing Control is also of Users or Functions within the IT Service. This is used to
considered to be a Vulnerability. assist in analysing and managing the Capacity,
Performance and Utilization of Configuration Items and IT
Warm Standby Services. The term Workload is sometimes used as a
See Intermediate Recovery. synonym for Throughput.
Warranty
(Service Strategy) A promise or guarantee that a product
or Service will meet its agreed Requirements. See also
Service Validation and Testing, Service Warranty.
Work in Progress
A Status that means Activities have started but are not yet
complete. It is commonly used as a Status for Incidents,
Problems, Changes etc.
Work Instruction
A Document containing detailed instructions that specify
exactly what steps to follow to carry out an Activity.
A Work Instruction contains much more detail than a
Procedure and is only created if very detailed instructions
are needed.
Workaround
(Service Operation) Reducing or eliminating the Impact of
an Incident or Problem for which a full Resolution is not
yet available. For example by restarting a failed
Configuration Item. Workarounds for Problems are
documented in Known Error Records. Workarounds for
Incidents that do not have associated Problem Records are
documented in the Incident Record.
Index
| 229
Index
Access Management 105–106 BPO (Business Process Outsourcing), Service Design,
business value 105–106 delivery model options 49 (Tab)
Account Manager 109 Business Capacity Management 57
Active Monitoring 94, 110 focus 58
Alert 132 Business Continuity Management 66 (Fig)
Application Architect 15 (Tab) Business Continuity Plans 64
Application Management 117–121 business drivers, Continual Service Improvement 128
generic activities 118–120, 120 (Fig) Business Impact Analysis (BIA) 50, 64, 65
objectives 118 Business Process Outsourcing (BPO), Service Design,
roles 120–121 delivery model options 49 (Tab)
Applications analysts/architects 121 Business Relationship Management 51
Application Service Provision (ASP), Service Design, Business Service 48 (Fig), 152 (Fig), 153 (Fig)
delivery model options 49 (Tab) Business Service Catalogue 50
Applications managers/team-leaders 120–121
Architecture 20 (Fig) Capability Maturity Model Integrated (CMMi) 146
ASP (Application Service Provision), Service Design, Capacity Management 50, 54, 96
delivery model options 49 (Tab) elements 59 (Fig)
Asset and Configuration Management see Service Asset monitoring and data collection 138
and Configuration Management (SACM) objectives 57
Automatic Call Distribution 133 Problem Management, open-loop system 107
Availability and Continuity 85 Service Design 55–60
Availability Management 54, 96 Capacity Management Information System (CMIS) 58
costs justification 61, 63 (Fig) Capacity Plans 57, 58, 138
elements 61, 62 (Fig) Certification, Service Potential increases 39 (Tab)
monitoring and data collection 138 Change Advisory Board (CAB) 82 (Fig), 83
objectives 60 Change and Release Management 76, 79
principle 61 Change Management 80–83, 134
Service Design 60–64 Configuration Item information 85
Vital Business Functions identification 61 elements 161 (Fig)
Availability Management Information System 62 (Fig) goals 80–81
Availability Plans 60, 62 (Fig), 138 process 160, 161 (Fig)
Request approvals 100
backup and restore 116 seven Rs 81
Best Practice 4 supporting policies 81
guidance 5 Change Manager 15 (Tab), 83
BIA see Business Impact Analysis (BIA) Change Model, definition 81–82, 82 (Fig)
230 | Index
Job Scheduling 116 Monitor Control Loops see Monitor Control Loops
reactive vs. proactive 111
KEDB (Known Error Database) 103–104, 105 monitoring and data collection 137–138
Key Performance Indicator, Service Level Agreements 55 M_o_R® (Management of Risk) 145–146
Knowledge Management 150 (Fig), 154 (Fig), 162 (Fig) multi-sourcing, Service Design, delivery model options
Knowledge Process Outsourcing (KPO) 49 (Tab) 49 (Tab)
Known Error 122
Known Error Database (KEDB) 103–104, 105 Normal Change Model 82, 82 (Fig)
Known Error Record 104
KPO (Knowledge Process Outsourcing) 49 (Tab) Operational 149–150, 150 (Fig)
operational monitoring see monitoring and control
Levels of Service (LOS) 56 Operations Control 116
Operations Management see IT Operations Management
Major Incidents 69 (Fig) Organizational Configuration Items 84
Management organizational structures, Service Strategy 39–41, 40 (Tab)
definition 35 Outsourcing
senior 136 selective 34 (Tab)
Management of Risk (M_o_R®) 145–146 Service Design, delivery model options 49 (Tab)
Mean Time to Restore Service 80 Service Strategy 33–35, 34 (Tab)
metrics 138–139
Cost 139 (Tab) Partnership, Service Design, delivery model options
customer satisfaction 139 (Tab) 49 (Tab)
defects 139 (Tab) Passive Monitoring 110–111
definition 138 Patterns of Business Activity (PBA) 56
interpretation 139 PDCA (Plan-Do-Check-Act) cycle 13 (Fig), 68
process 131 performance reports 58
productivity 139 (Tab) Plan-Do-Check-Act (PDCA) cycle 13 (Fig), 68
service 129, 132 PMBOK® (Project Management Body of Knowledge) 146
Service Desk performance 113 Portfolio Manager 15 (Tab)
Service Level Agreements 55 Post-Implementation Review (PIR) 134
technology 131 practice framework 4–5
Middleware 115 predictive reports 58
Monitor Control Loops principles 6
complex 107–109, 108 (Fig) print and output management 117
ITSM 109–111, 110 (Fig) Proactive Monitoring 111
single 107, 107 (Fig) Proactive Problem Management 101, 102 (Fig)
monitoring and control 106–111 Problem Management 61, 62, 101–105
active vs. passive 110–111 open-loop system, Capacity Management 107
Continual Service Improvement 111 process 101–103, 102 (Fig)
234 | Index
Asset and Configuration Management see Service Software Process Improvement and Capability
Asset and Configuration Management (SACM) dEtermination (SPICE) 145
Change Management see Change Management Solution Development 15 (Tab)
Release and Deployment Management see Release Sourcing see Service Sourcing
and Deployment Management SPICE (Software Process Improvement and Capability
service testing and evaluation 88, 89 (Fig) dEtermination) 145
Transition Planning and Support see Transition SPM (Service Portfolio Management) 31, 33 (Fig)
Planning and Support Stakeholder 21, 52, 77 (Fig), 159 (Fig)
role 136 Standard Change 81–82, 100
specialization 21 Standard Change Model 81–82
strategy 78 Standard Operating Procedures (SOPs) 120
Service Transition plan 78–79 Status Accounting 86 (Fig)
Service Utility 29 strategic assessment, Service Strategy 25–27, 26 (Tab)
Service Validation and Testing 76, 77 (Fig), 88, 150 (Fig), strategic capability development, Service Strategy 27
159, 162 (Fig) Super Users 113–114
Service Valuation Supplier and Contract Database 70
Financial Management 37–38 Supplier Management 70–72
Service Warranty 28 objectives 70–71
Seven-step Improvement Process 129–137, 130 (Fig) roles and interfaces 71 (Fig)
corrective action implementation 136–137 Supplier Relationship Management 15 (Tab)
data analysis 133–135 Support Group 99, 100, 103, 113, 134
data gathering 131–132 Supporting Service 50–51, 78
data presentation 135–136
data processing 133 technical analysts/architects 115–116
measurement definitions 129–131 Technical Management 114–116
SFA see Service Failure Analysis (SFA) organization 114–115
Shared Service Provider 28 roles 115–116
Shift 113 support staff 15 (Tab)
Single Point of Contact 138 technical managers/team-leaders 115
SIP see Service Improvement Programme (SIP) Technical Service Catalogue 51–52, 51 (Fig)
Six Sigma 146 Technical Support see Technical Management
SLAs see Service Level Agreements (SLAs) technology considerations, core guidance 6
SLM see Service Level Management (SLM) technology drivers, Continual Service Improvement 128
SLPs see Service Level Packages (SLPs) technology metrics 131
SLRs see Service Level Requirements (SLRs) Terms of Reference 65
Snapshot 126, 135 Testing/Production Assurance 15 (Tab)
Software Asset Management (SAM) 145 thin-client computing 39 (Tab)
software development teams 120 Third Party 31, 31 (Fig), 99, 105, 155 (Fig)
reduced, Service Design business value 46
238 | Index
UC (Underpinning Contracts) 47
Underpinning Contracts (UCs) 47
Unit Cost 28, 22
User Profile 106
user satisfaction surveys, Incident Management 99
Utility, Service Assets 28
Value Chain 26
Value for Money 70, 128
Value Network 26, 70, 151, 152, 153 (Fig)
Value on Investment (VOI), Continual Service Improvement
127, 128
value proposition 4
Variable Cost Dynamics (VCD) 38
Variance 37, 101
VCD (Variable Cost Dynamics) 38
Verification and Audit 86 (Fig)
Virtual Private Network (VPN) connections 106
virus-checking software 69
Vital Business Functions (VBFs) 61, 65
identification, Availability Management 61
VOI see Value on Investment (VOI)
VPN (Virtual Private Network) connections 106