Professional Documents
Culture Documents
Manage access to services, carrying out the policies defi ned within information security management (see the
service design stage).
Ensure that all requests for access are verified and authorized. This may include requests to restrict or remove
access.
Ensure that requests are dealt with efficiently, balancing the requirement for authorization and control with the
need to be responsive to business requirements.
Ensure once access rights are granted that the rights that have been granted are used in accordance with
security policies. This might include, for example, the use of Internet access for personal use. Although some
personal use may be allowed, there are likely to be categories of websites that may not be accessed.
Scope The scope of access management, as we have said, is the efficient execution of information security
management policies. By carrying these out, the confidentiality, availability, and integrity (CIA) of the organization’s
data and intellectual property are protected. Confidentiality here means that only authorized users are able to see
the data. Integrity means that the data is kept safe from corruption or unauthorized change. Access management
ensures that the service is made available to the authorized user; this does not guarantee that it will always be
available during service hours, because this is the responsibility of availability management.
The purpose of continual service improvement (CSI) is to continue to support the business with IT services in the face
of changing business needs. Consider for a moment exactly what that may mean in your organization. In most
companies, there are business drivers that cause changes in behaviour to meet market forces. Organizations that do
not respond to outside forces or recognize the need to change will usually not survive the rigors of the marketplace.
The same should be applied to the provider of the IT services that support the business.
The idea that an IT service provider will be viewed differently is quite surprising, but this is often the perception in an
IT department. Continual service improvement is there to make sure that the changes in business processes that
keep the business alive and thriving are recognized and that the IT services that support those processes change with
them.
The ITIL Continual Service Improvement publication provides guidance in four main areas:
It is only by understanding how the improvements are to be carried out, and what the desired outcomes are, that
you can deliver continual service improvement.
Reviewing the service performance targets and trends, using the available management information, to
understand if the desired service levels are being met
Reviewing process outputs to understand if the required performance is being achieved to enable the services
Regularly carrying out maturity assessments on the processes in use to identify areas of concern or demonstrate
improvement achievements
Conducting compliance audits on the processes, ensuring maturity is maintained
Identifying and making proposals for improvements
Conducting customer satisfaction surveys as required on a periodic basis
Reviewing and understanding business trends and projections, maintaining awareness of business priorities
Measuring and identifying the value created by continual improvement initiatives
The Continual Service Improvement Model The Continual Service Improvement Model is a simple set of guiding
questions which can be used to organize and perpetuate an improvement program. It closely mirrors the basic
approach also used in the ITIL® 7-Step Improvement Process.
Once the vision has been established, the next step requires an objective assessment of the current state, namely, a
baseline capture of the organization in terms of business, people, process, and technology. Utilizing this information
will give a picture of the current service provision and its quality. The question asked at this step is “Where are we
now?” Having established where you are now, the logical next question is “Where do we want to be?” This is not
necessarily the achievement of the vision identified at the start of the approach. In fact, it is probably unwise to have
that as the answer, because unless it is an easily achievable goal, it is unlikely to be reached. A better approach is to
identify an achievable target, one that will enable some quick wins and gain some buy-in for the improvement
opportunity. Working in small steps, identifying achievable targets that build steady progression to the overall goal
will enable your improvements to be consolidated at each target.