Objectives The objectives of the access management process are to do the following:

 Manage access to services, carrying out the policies defi ned within information security management (see the
service design stage).
 Ensure that all requests for access are verified and authorized. This may include requests to restrict or remove
access.
 Ensure that requests are dealt with efficiently, balancing the requirement for authorization and control with the
need to be responsive to business requirements.
 Ensure once access rights are granted that the rights that have been granted are used in accordance with
security policies. This might include, for example, the use of Internet access for personal use. Although some
personal use may be allowed, there are likely to be categories of websites that may not be accessed.

Scope The scope of access management, as we have said, is the efficient execution of information security
management policies. By carrying these out, the confidentiality, availability, and integrity (CIA) of the organization’s
data and intellectual property are protected. Confidentiality here means that only authorized users are able to see
the data. Integrity means that the data is kept safe from corruption or unauthorized change. Access management
ensures that the service is made available to the authorized user; this does not guarantee that it will always be
available during service hours, because this is the responsibility of availability management.

Understanding the Purpose of CSI

The purpose of continual service improvement (CSI) is to continue to support the business with IT services in the face
of changing business needs. Consider for a moment exactly what that may mean in your organization. In most
companies, there are business drivers that cause changes in behaviour to meet market forces. Organizations that do
not respond to outside forces or recognize the need to change will usually not survive the rigors of the marketplace.
The same should be applied to the provider of the IT services that support the business.

The idea that an IT service provider will be viewed differently is quite surprising, but this is often the perception in an
IT department. Continual service improvement is there to make sure that the changes in business processes that
keep the business alive and thriving are recognized and that the IT services that support those processes change with
them.

Think about these statements

 You cannot manage what you cannot control.
 You cannot control what you cannot measure.
 You cannot measure what you cannot defi ne
Measurement is critical to the success of continual improvement. Without defi ned measures, it is difficult to
manage improvements. CSI is concerned with the improvement of all aspects of the service lifecycle, from strategy
through design, transition, and operation.
Failure to implement processes that support your services, which are measurable, repeatable, and manageable, will
have an impact on the business. It is necessary to engage with your organizational goals and use them to provide
clear objectives for your IT services

The Objectives of CSI

1. Review, analyse, prioritize, and recommend improvement opportunities in each lifecycle stage right from service
strategy, service design, service transition, and service operation, as well as CSI. Regular activity of this type will
move the improvement from an ad hoc approach to a genuine improvement initiative.
2. Review and analyze service level achievements, according to the service level agreements in place.
3. Identify and implement specific activities to improve IT service quality, including improvements to the
effectiveness and efficiency of the enabling processes. The overall service quality is partially dependent on the
quality of the processes.
4. Improve the cost effectiveness of IT service delivery, without negatively impacting customer satisfaction.
Customer satisfaction is an important measure of the value of the service being delivered.
5. Ensure suitable and applicable quality management methods are in use to support the continual improvement
activities. The quality management methods in use should support the overall quality governance in place in the
organization
6. Ensure that the processes in use have clearly defined objectives and measurements, which produce identifiable
and actionable improvements. This should be part of the controls around the processes in use throughout the
service lifecycle.
7. Understand what to measure, why it is being measured, and what the successful outcome should be.
Recognizing exactly what is required will enable a better interpretation of the metrics and the behaviours they
will drive.

The ITIL Continual Service Improvement publication provides guidance in four main areas:

■ The overall health of IT service management as a discipline

■ Continual alignment of the IT services with the current and future needs of the business
■ The maturity and capability of the organization, management, processes, and people utilized by the services
■ Continual improvement of all aspects of the IT service and the service assets that support them

It is only by understanding how the improvements are to be carried out, and what the desired outcomes are, that
you can deliver continual service improvement.
 Reviewing the service performance targets and trends, using the available management information, to
understand if the desired service levels are being met
 Reviewing process outputs to understand if the required performance is being achieved to enable the services
 Regularly carrying out maturity assessments on the processes in use to identify areas of concern or demonstrate
improvement achievements
 Conducting compliance audits on the processes, ensuring maturity is maintained
 Identifying and making proposals for improvements
 Conducting customer satisfaction surveys as required on a periodic basis
 Reviewing and understanding business trends and projections, maintaining awareness of business priorities
 Measuring and identifying the value created by continual improvement initiatives

The Continual Service Improvement Model The Continual Service Improvement Model is a simple set of guiding
questions which can be used to organize and perpetuate an improvement program. It closely mirrors the basic
approach also used in the ITIL® 7-Step Improvement Process.
Once the vision has been established, the next step requires an objective assessment of the current state, namely, a
baseline capture of the organization in terms of business, people, process, and technology. Utilizing this information
will give a picture of the current service provision and its quality. The question asked at this step is “Where are we
now?” Having established where you are now, the logical next question is “Where do we want to be?” This is not
necessarily the achievement of the vision identified at the start of the approach. In fact, it is probably unwise to have
that as the answer, because unless it is an easily achievable goal, it is unlikely to be reached. A better approach is to
identify an achievable target, one that will enable some quick wins and gain some buy-in for the improvement
opportunity. Working in small steps, identifying achievable targets that build steady progression to the overall goal
will enable your improvements to be consolidated at each target.