Professional Documents
Culture Documents
INTERNATIONAL SCHOOL
------------------
INFORMATION SYSTEM
Theories & Practices
CMU-IS251
Da Nang, 2019
Information System Theories & Practices
ABSTRACT
This is INFORMATION SYSTEM THEORIES AND PRACTICES course, designed for the
second or third year student in Information System Management major.
This course:
Could be taken at the same time with the software project management course.
This course does not require any programming.
Provides in-depth knowledge and skills to the field of Information Systems as they
are practiced in the software industry.
Introduces information system management theories, but focuses more on the
actual practices to give students broader views and approaches that are currently
being applied in most information technology organizations.
Discovers the roles, responsibilities, authorities of information system
management such as Chief Information Officer, Middle Level Management
(Directors, Senior Management) and Line Management (project manager).
Explores the concepts of “Services Management” and practices that are being used
in most information technology organizations.
As a result of having successfully completed this course, students will be able to:
Understand and appreciate the information system management principles.
Understand the components of information system management and the structure
by which these components work together to create a well-defined information
systems management organization.
Describe the roles, responsibilities and authorities of information system
management structures.
Describe how information technology is used to solve business problems and help
business achieve its goals and objectives.
Apply the practices of information system management in the highly competitive
software industry.
Organize and structure a service delivery to enhance the competitiveness of the
business.
Provide guidance to future information system managers as students are entering
the industry and ready to assume more responsibilities.
Understand risks and issues of the information system management process.
Plan and set the stage for IT service delivery.
Manage information systems according to its service functions.
INTRODUCTION
Today Information Technology is everywhere and controls many things, from large
manufacturing companies to small business, from government systems to private enterprise
systems. Information Technology (IT) is the study of how computers process information and
create value in the highly competitive market. IT professionals work in different kinds of
industries, designing hardware, software, communications networks, building internet
applications, and more. Because of the broad range of opportunities available to information
technology professionals, knowledge in Information Technology can help nearly anyone find a
good job in an industry they choose.
However as Software Engineering, Computer Science and Information Technology fields
has a technical focus, there is another field that combines the aspects of technology and business
and focuses more on the management rather than technical called Information Systems
Management (ISM). A degree in Information Systems Management (ISM) can prepare you for
an exciting career in a variety of industries. As information technology plays an increasingly
important role in business, many companies are looking for skilled workers with experience in
managing information technology systems (hardware and software).
According to several U.S government studies, students that have ISM degrees can excel at a
variety of jobs immediately after graduation. People with strong communication skills can work
as company representatives to support customers. People with strong management skills can
manage data centers, networks, or company infrastructures.
Highly talented people can start as a manager of an IT department, then advance to
management of an entire computer network, and eventually Chief Information Officer (CIO) of
a company. The world of information technology is always changing, so learning how to keep
up with the pace of technology is one of the most important things students learn when enrolled
in this kind of program. The fast pace at which technology changes means that many different
types of people are required to specialize in a variety of different areas, providing plenty of
opportunity for everyone. Because it is easier to keep up with one aspect of technology than
with all of them, it is important for ISM students to specialize in particular fields such as
network management, database management, security management, application management or
ecommerce management.
A degree in Information System Management (ISM) can give you the edge toward a
management position over others because no matter what industry you work in, you can be sure
that your company uses information technology in a number of ways. Examples may be
improving customer order-processing to manufacturing or providing services to global
customers. Government is also a large employer hiring many ISM graduates as many
government functions have been converted to computer automation. Knowledge of information
technology can help almost anyone advance in his or her career and secure a good job. But is
Information Systems Management (ISM) a good choice for you?
First, students who pursue degrees in Information System Management (ISM) do NOT have
to be highly technical but must be problem solvers. While computers help the business to an
amazing degree, they can also impact many things if they are NOT working properly. The
ability to manage technical people who work on computers, ISM students must have the
fundamental knowledge on how computers work. You also must be able to identify, locate, and
solve problems in a timely fashion, so having the ability to analyze and make decisions are
important skills for ISM students. As the manager of information technology, ISM people often
work in a place where many people do NOT know much about computer systems. This means
that they must be able to explain computers and how they can support the business, which
requires good communication skills. On the contrary, technical people tend to spend a lot of
time doing technical work but they do not know much about the business. They also need to be
managed in a way that they feel comfortable. ISM people should be able to explain the business
aspect such as budget, finance, time, costs and return on investment to these technical people.
Overall, communication, the ability to train, to educate, and to manage are essential skills of
ISM students.
A major in information technology management (ISM) is suitable for people who have broad
knowledge of both business and technology with good communication skills, writing skills,
logical thinking, and leadership skills. Most ISM jobs require a Bachelor Degree for entry level
and usually an advanced degree for middle level management (Master of Science in Information
systems Management or Master of Business Administration with a focus on technology).
Typical programs consist of several information technology and business courses including:
Introduction to Programming Languages, Introduction to Information System Management,
Computing Network Security, Database Administration, Advanced Information Systems,
Project Management, and Business Finance.
1.1.1. Definition
An information system is more than the software application and the hardware technology it
runs on. Information systems also include people who design, adjust, change and manage all
Information System (IS) is the system of people, data and all activities that process the data
and information in an organization. A set of interrelated components that collect, process, store,
and distribute information to support making decision and control in an organization. A set of
Technology (ICT) is the study, design, development, implementation, support and management
hardware. Today most people use the term Information System for the “System” or “Computer”
Examples:
accounting, shipping and personnel all work together to create business value or profit that
On-line systems accept input directly from the area where they are created and the output
are returned directly to where they are required.
A common characteristic of on-line systems is that data is entered into the system and
received from the system remotely. That is, users interact with the system from terminals
that could be located far away from other terminals and from the system itself.
Another characteristic of on-line systems is that it stores data in its files or its database, so
that data can be retrieved and/or modified quickly.
A real-time system is an on-line system that controls the environment by receiving data,
processing data, and returning the results quickly to affect the environment at that time.
It is characterized by the following features:
• Processing activities that are taking place simultaneously.
Process control systems: The systems that are used to monitor and control oil refineries,
chemical manufacturing processes, milling and machining operations.
High-speed data acquisition systems: The systems that receive high-speed telemetry
data from orbiting satellites, or computers that capture massive amounts of data from
laboratory experiments.
Missile guidance systems: The systems that track the trajectory of a missile and make
continuous adjustments to the orientation and thrust of the missile engines.
Telephone switching systems: The systems that monitor voice and data transmissions
over thousands of telephone calls, detecting phone numbers being dialed, on-hook and
off-hook conditions, and all of the other many conditions of the typical telephone
network.
Patient monitoring systems: The systems that monitor patient “vital signs” (e.g.,
temperature and pulse) and either adjust medication or sound an alarm if those vital signs
stray outside some redetermined condition.
Decision-Support Systems (DSS):
Process control systems: The systems that are used to monitor and control oil refineries,
chemical manufacturing processes, milling and machining operations.
High-speed data acquisition systems: The systems that receive high-speed telemetry
data from orbiting satellites, or computers that capture massive amounts of data from
laboratory experiments.
Missile guidance systems: The systems that track the trajectory of a missile and make
continuous adjustments to the orientation and thrust of the missile engines.
Telephone switching systems: The systems that monitor voice and data transmissions
over thousands of telephone calls, detecting phone numbers being dialed, on-hook and
10 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
off-hook conditions, and all of the other many conditions of the typical telephone
network.
Patient monitoring systems: The systems that monitor patient “vital signs” (e.g.,
temperature and pulse) and either adjust medication or sound an alarm if those vital signs
stray outside some redetermined condition.
people, Information system can increase the value to the business by automating business
processes and making them more effective and efficient; Increase productivity and facilitate
business growth; encourage the sharing of information within the company, so management can
make decisions on a timely basis; link Information Technology activities to business and make it
The key asset of companies today, is their information, represented in people, experience,
process know-how, and innovations (patents, copyrights, trade secrets).To strive for competitive
advantage, companies must put into best use a strong information technology infrastructure or
processes, and technologies to provide business value to the company.The potential goals of
information systems are to support and transform the business for competitive advantage.
of people, technologies, and process collectively called information systems to solve business
Information Technology must be used to promote efficiency and speed by enabling process
automation and information sharing across the organization, and remove unnecessary
communication and duplication of data.
Due to intense global competitive pressure, every business is demanding that information
technology resources be transformed into a key strategic organization that focuses on:
Distinct mission and goal-oriented
Business planning, solution creating
Customer and market focused
Strategic and process oriented
Competitive Strategy Using IT
1.5.1. Reduce Cost Strategy:
Focus on customer
• Provide best value to customers
• Understand customer preferences
• Track market trends
• Provide products, services, & information anytime, anywhere
• Tailor customer service
Focus on supplier
• Receive best value from suppliers
• Understand supplier business
New business model: A growth strategy in which a company creates a new way of doing
business based on cutting edge of technology or business that can deliver better products and
services than anybody.
1.5.5. Alliance Strategy:
plays the supporting role but become a strategic element in almost all businesses. Many
companies realize that they can not succeed without information technology especially in the
1.7. Homework
1. Give five examples from your own experience of real-time systems, on-line systems,
decision- support systems, and expert systems.
Innovation and Change are transforming business at a very fast rate. Business must use
Information Technology (IT) to create value quickly in a highly competitive market.
The change in business also changes society as information technology has become
accessible to more and more people with personal computers and internet applications.
Business understands that information technology has a critical role and should be used to
reduce design, manufacturing, research and production time, allowing business to compete
globally.
The role of Information Technology (IT) is changing as it adapts to new business
conditions and the increasing expectations of users.
As more businesses are using IT, there is a need for the management of all IT resources
(hardware, software, people, etc.) in a company.
Information System Management (ISM) is the IT management role that has broadened its
responsibilities to more than just technology. It will support the company with strategy and
provide solutions to all business issues.
2.2. Typical Organization Structure
The CIO has come to be viewed as a key contributor in formulating strategic goals.
A CIO proposes the information technology needed by a company to achieve its goals
The CIO role is also sometimes used interchangeably with the chief technology officer
(CTO) role
◦ The CIO is generally responsible for processes and practices supporting the flow of
information
The role of CIO is to define the IT strategy and manage the destiny of the IT organization
in an ever-changing
Chief Information Officer (CIO) or IT executives must ask key questions about IT
performance:
1. "Are we doing the right things?"
2. "Are we doing things the right way?"
3. "Are we getting things done?"
4. "Are the things we are doing providing value to the business?"
CIO => Strategic direction review:
◦ Business planning;
Information Technology supports the business by having two groups: Development and
Operation.
2.6.1. Definition
A strategy is a long-term plan of action designed to achieve particular goals and objectives.
A set of specific activities that defines the future direction and specifies the management actions
to create the long-term value when implemented. Strategy is differentiated from tactic which is a
short-term plan or operation which is immediate action with resources available. Strategic
direction review is a process of analyzing current existing strategy, whether implicit or explicit,
Business model:
The representation of how the organization chooses to engage in business. The model
includes the customers and markets served, products, services and any factors relevant to how it
differentiates itself in its chosen markets.
Ensures that the organization is following the course of action according to the strategic
goal identified in the strategic planning process.
Review and detect any “misfits” that reflect unanticipated events and poor outcomes in
the process.
Identify potential opportunities or threats. If a significant gap is detected, executives
needs to review strategic direction and take corrective action.
Strategic Direction Review
In strategic direction review, IS executives analyze where the organization is going,
where it stands, then determines what is needed to provide value to business.
Executive and IS Management must understand the strengths, weaknesses, opportunities
and threats of IT organization in its environment.
IS Management must ask the fundamental questions:
◦ Is there a vision?
◦ Is it communicated and shared?
◦ Is it what the organization is doing?
◦ How does the strategy fit in the business environment?
IS Management must review how it works in the past and in the future (business,
economy, society, etc.) to achieve its goals.
Review Business Value
The criteria for every IT decision is: “Will this decision, investment or action deliver the
maximum business value?"
It is critical that management focus on the realization of targeted business benefits.
Business Value may be reflected in current business performance, future organizational
growth or a combination of these.
Deciding the appropriate goals and measurable outcomes establishes a framework for
aligning decisions at every level of the organization.
2.6.8. Four Types Of Strategy
1. Core competency
A core competency strategy focuses on the key strengths that organizations
possess, such as: intellectual capital, distinctive capabilities or processes.
2. Value driven
A value-driven strategy places its value above market trends. Charitable, faith
based or ideal based organizations fall in this category. They go to market based on “core
beliefs.”
3. Market driven
The new role of information technology (IT) in business as it is integrated with business
strategy to create value and help achieve the goals and objectives.
2.8. Homework
Answers: Today business must rely on IT to improve its efficiency to compete in a globalized
world. IT is no longer just supporting the business but must play an important role in determine
which technology must be implemented to give the business advantages.
Answer: As the role of IT changes, the IT strategy also must change. It is important for CIO to
review the strategy to determine whether the strategy needs any improvement.
Answer: Organization must be dynamic because it must change to fit with the changes in the
market and technology. A close system will not allow the organization to change as necessary.
Successful organization must fit its environment in order to survive.
4. Each student to write a short paper (< 2 pages) answering the following questions:
Why does company need a CIO? Can a CEO or CFO do the job of a CIO?
Must a CIO be a technical person or a businessperson? Explain.
Business Scope :The range of served markets, which are "customer group/product
function/product form” segments to which the organizational unit sells a differentiated product
or service.
Business Strategy: Vision about the future, on anticipation and concrete experiencing of the
Executive: Review current strategy and direction to determine how well it will “fit” the
market environment
Identify technology trends in the industry that are important to the organization.
strategy planning.
opportunities or threats such as new market emergence, new business agreements, programs and
projects completed.
This activity evaluates the external and internal “fit” of the organizational unit and IT
function.
The fit of the organization with the environmental market trends and external fit is
The fit of the organization profile with the improved target or internal fit is also assessed.
The executive develops a profile of the organization in terms of how it plans and
The executive also reviews the current business model, the status, history, and impact of
To provide a clear picture of the organization„s overall structure and resources, and how
30 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
by reviewing:
Current Strategy describes the organizational unit's pattern of actions based on assembly or
synthesis of its vision, business definition, performance results, market/product scope, business
network, and core competencies. These actions are as they exist in reality and have evolved to
the present, along with the business drivers of these elements that may be uncovered. In
evaluating the Current Strategy, it is always important to compare the organizational unit's
strategy as articulated by management with the reality of the observed pattern of organizational
behaviors (the real strategy). Some of the most successful corporate strategies have originated
from 'bottom-up' opportunism rather than formal 'top-down' strategic planning processes.
Definitions
Vision-What organization wants to be, it provides common direction and an
idealized environment without specifying how to get there.
Mission-Why organization exists, it specifies the purpose of the organization.
Strategy-To align all activities that enable the organization to achieve its goals &
objectives.
Organization Vision
◦ Mission
◦ Goals
Performance Results
◦ Current Customers
◦ Customer Segments
Executives examine the existing strategy and the organization's performance, as well as the
current strengths and weaknesses to determine its ability to support the current business strategy.
The review technique is often referred to as a SWOT analysis (strengths, weaknesses,
opportunities, threats). The organization is analyzed in terms of its approach, processes, and
abilities to establish and achieve appropriate business goals.
SWOT (Strengths, Weaknesses, Opportunities, Threats) is used to assess the ability of an
organization as compared to competitive forces in its industry. Opportunities or threats for
increasing or decreasing competitive advantage.The organization is analyzed in terms of its
approach, processes, and abilities to establish and achieve appropriate business goals.
Strengths
Every organization has some strengths. In some cases this is obvious, such as a
large organization could dominate the market by their size alone but in other
cases, it is a matter of perspective, such as a smaller organization has the ability
to move fast in response to market. It is important to note that organizations that
are in a bad position also have strengths. Whether these strengths are adequate is
an issue for analysis.
Example:
Weaknesses
Every organization also has weaknesses. In some cases, this is obvious; such as,
it must follow stricter regulation by government on the environment. In other
cases, is a matter of perspective, for example, a company has 99% market share
but is open to attack from every new player. It is important to note that
companies that are extremely competent in what they do, also have weaknesses.
How badly these weaknesses will affect the company is a matter of analysis.
Examples
Opportunities
All organizations have opportunities that they can gain from. These could range
from diversification to sale of operations. Identifying hidden opportunities is the
mark of skilled managers.
Examples
Threats
Examples
Knowing yourself: Executive conducts interviews and reviews documents that describe
the current strategy. By observing the organization's processes and achievements, the executive
can establish how well the organization's behavior conforms to the existing strategy.
Vision description
Stated values
Mission
3.5. Summary
Information is the most important resource that any organization has to manage. To develop
applications to support the business is one key function but to collect, analyze, store, and
distribution of information within an organization is also very important function. It is essential
that IT organization focuses on these two functions and organizations must invest appropriate
levels of resource into the support, delivery and management of these critical IT development
and support services.
3.6. Homework
Answer: To understand how IT can help support the business. Ensure alignment with business
strategy, how well IT “Fits” the current environment, what are the critical issues, strategic
drivers, and the vision for the future.
35 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
3. Each student is to write a short paper (< 2 pages) answering the following question:
Review these four CIO questions: "Are we doing the right things?", "Are we doing things
the right way?", "Are we getting things done?" and "Are the things we are doing
providing value to the business?" and explain them from your point of view, What does it
mean to you?
Today, the roles of IT Executives (CIO) are more than strategic planning and direction. It
must also support specific business needs as change happens quickly in the “globalized world”.
Information Technology systems must “enable” the business to structure and implement
processes, services and distributed infrastructure required to do business globally; and delivers
solutions of immediate business value.
Today, every business is experiencing fierce global competition for new products and
services. Globalization and the Internet have changed the way organizations do business with
more opportunities and more competitors. To survive, organizations must balance two things:
agility and performance.
Performance is the measure of how effective and efficient business processes are in
achieving the desired result. To accurately analyze performance, organizations and business
processes need to be analyzed to determine capabilities. The focus of this analysis must be on
the inter-relationship of behaviors and structures. Business processes are complex and have
many components interacting over time to produce a result. By studying and understanding
behavior and structure, the changes can be envisioned, which will allow the performance of the
organization to be improved.
CIO must assess the organization‟s capabilities.
The capabilities encompass the company‟s human, financial, material and intellectual
resources, as well as the business processes that define how the resources are deployed to
deliver the products and services of the enterprise.
The CIO can identify strengths, weaknesses, or gaps that must be filled to improve IT
capabilities.
4.2. Process to Manage Change
CEO & CIO -> Create a business model that identifies the relationships between current
=> Identify how changes will influence the performance to meet the business targets set by
the organization.
Capabilities define what an organization is able to do. Whether in the form of organizational
development, employee competency, process construction or information technology. The
definition of capabilities systematically identifies new capabilities into the existing processes,
people, information and material needed to successfully achieve business outcomes.
The purpose of an improvement program is to define an optimal set of capabilities for the
company that includes human, financial and infrastructure, as well as processes that define how
these resources are deployed to deliver the products and services to meet targeted business
goals.
The Definition of Capabilities supports a major change that would be accomplished and
managed as an improvement program by:
• How can we ensure that our skilled and experienced people are
effectively used?
• What suggestions do you have for making our training program more
effective?
• Do you think we need more training for our people on:
o Project Management?
o Software Engineering?
o Systems Engineering?
o Information Technology?
o Information System Management?
o Information Security?
4.4.4. Competency
Competency is an underlying characteristic of an individual that is causally related to
effective or superior performance, as determined by measurable objective criteria.
Workforce Competency is a cluster of knowledge, skills, and process abilities that an
individual should develop to perform a particular type of work in the organization. A capability
gives an organization a competitive advantage. Executive and IT management must identify the
knowledge, skills, and process abilities required to support the business and create value so that
they may be developed and used as a basis for workforce competency.
Establishing Competency, IT Executives and Management need to:
Conduct skills analysis to identify skill gaps.Establish skills forecasting for future workforce.
Provide training on valuable skills. Establish environment where new skills can be practiced.
Measure effectiveness of newly acquired skills. Establish “Community of Practice” to share
“Best Practices.” Develop “Core Competency” for organization. To be “Preferred Supplier” of
high value skills to the business.
Besides investment in knowledge and skills of staff, organizations must also focus on
standardizing infrastructures.Executives and management must architecture a set of components
that defines their structural relationships and their interaction to meet a given business
purpose.These components include the business and IT resources, the processes and
management of the organization and an infrastructure that supports all of the above.The
arrangement and optimizing infrastructure can help support the organization provide faster,
better and more efficiency to the business.
4.5. Summary
IT executives and management must set up an optimal set of capabilities for the
company.The capabilities consist of resources such as human, financial and infrastructure, as
well as business processes that define how they are deployed to deliver the products and services
to customers. The capabilities support changes in the business that allows the company to meet
it targeted goals.
4.6. Homework
Answers:
1. To determine the effectiveness of the communication process within the company
whether managers understand and commit to the strategy and direction of the CIO.
2. To understand the capabilities of the IT organization regarding quality, risks,
knowledge and skills.
3. If managers do not understand what goals and objectives are, they may not
manage their works properly and may not communicate these messages clearly to
their subordinates.
4. To determine whether IT organization is capable of support the business goals and
objectives.
1. Dividing a project into deliverables makes the results of activities visible and
easier to manage;
2. Centering a project on deliverables shifts the focus away from procedures and
towards results;
3. Deliverables serve as a powerful communication tool among project team
members.
Deliverables divide the work of a project into manageable chunks that can be monitored,
making project progress objectively measurable.
In today's competitive economy, every business is under constant pressure. This pressure can
come from the business environment, customers, or competitors. The effects of these pressures
can often happen simultaneously. As a result, an organization's business processes can begin to
break down.
With standing pressure: In providing products and services to customers, business processes
must be flexible so they can adapt and respond to external pressures.At the same time, business
processes need to be continually improved so the organization„s competitive edge is
maintained.Organizations must leverage information technology to bring more value to the
business.By initiating an improvement program, IT executives and information system
46 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
5.1.2. Program
From the business perspective, the key issues facing many IT organizations as well as their
IT Managers are:
◦ Survey
◦ Analysis
◦ Design
◦ Install
◦ Maintenance.
Identifies the issue that must be solved, it summarize the definition of the change to the
initial delivery approach, plan, budget and estimate of resources to answers the question,
Collects additional data to ensure they have all information needed to start the
It also defines the solution to the degree required to ensure feasibility, cost-
Focus on the description of critical aspects of the current system; an initial architecture of
49 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
the system.
Complete the architecture of the system, plans the design, construction and
Results of the phase include: The architecture and standards for the entire system; the
needed); the revised plans for detailed design, construction and implementation.
and principles, and establishes standards that apply to the system as a whole.
Design & Implement Solution: The design of the solution comes from the architecture
that details the new system and its components. Design drives the implementation of
components. The information system solution involves the set of tasks and components
◦ The System construction and release phase designs, builds, tests and integrates
User documentation,
and puts a release into production and continues to provide supports when needed.
The three key viewpoints are: The Business viewpoint: Information System must produce
solutions that add value to the business.The Resources viewpoint: Information System must
deliver the solution on time and within budget.The Quality viewpoint: Information System must
deliver solution with a qualityarchitecture that can be easily integrated with existing
components.
All information system projects must be structured according to well-defined roles and
responsibilities for stakeholders - customers & users and project teams that:Favor a collaborative
51 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
work environment, avoid duplication of effort, improve communication among participants and
encourage new ideas of all participants in the execution of their responsibilities.
Roles are the positions in the project structure and the relations between them. A role
corresponds to a set of responsibilities.Responsibilities are the activities undertaken by a
participant in a specific area. They imply a decision-making power and an obligation to assume
the consequences of one's decisions.A clear division of roles and responsibilities is necessary to
ensure that each participant in the project knows exactly what is expected of them and their team
members.
Project status and progress require effective communication between customers & users and
project team members.When project activities are NOT visible, it is impossible to monitor the
progress of the project.Although money and time are being spent and resources used, project
results only happen in the end – often less than what is expected.
To make project activities visible to all participants, each key activity in a project must result
in a “tangible artifact” or “Task Package”.Project activities must be organized into several
manageable „tasks'. These tasks:
Must be predefined
Must have a specific purpose
Must be estimated and assigned
52 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
It is important to define the task package first because if you do NOT know where you are
going, how do you know when you get there?Knowing the task package will help define the task
that you must perform during the development & maintenance of the information system.
Distinguish Phase, Activity & Task Package: A phase has a series of activities. Although
theseactivities are described separately, they can be implemented independently or
concurrently.Each activity creates a Task Package. The same Task Package may be produced or
updated by more than one activity and more than one phase
5.6. Summary
5.7. Homework
Answers:
It is possible that the solution maybe large and complex. To solve business problems may
require a lot of time and efforts. To ensure that the solution can be deliver the needed value
quickly and users do not have to wait several months or years, it is better to breakdown the
solution into many smaller tasks or projects. Each solves one small issue or deliver small
function to users and the evolution of solution ensure that IT response to users‟ needs in an
effective and efficient way.
Deliverables divide the work of a project into manageable chunks that can be monitored,
making project progress objectively measurable. Dividing a project into deliverables makes the
results of activities visible and easier to manage. By emphasize on deliverables developers can
shifts the focus towards results; Deliverables serve as a powerful communication tool among
project team members.
The key role of IT Management is to ensure the delivery of value based on the IT
investments. To deliver value, sometimes it is necessary to change the way organizations
operate. Change or improvement should be based on the strategic direction and the capabilities
of the IT organization. The change activities should be organized as a program that has two key
factors: Change realization and Benefits realization
Change realization is the approach for assisting organizations to do new and better things
with their existing people. Change realization assists organizations in developing specific
capabilities needed to effect change for a given situation. The approach is organized not only
to realize the benefits of a specific change, but also to leave the organization stronger to
accommodate future, more frequent and larger changes.
6.2.1. Initiate – Develop a shared understanding of purpose and objectives of the change
6.2.2. Assess – Use diagnostic tools to assess the situation, surface risks, identify gaps
6.2.3. Plan - Based on the diagnosis and the change process, develop a set of
interventions to close gaps, resolve issues, mitigate risks and build needed
capabilities.
◦ change strategy;
◦ communication;
◦ leadership coaching;
◦ Institutionalization.
6.2.5. Monitor
6.3.1. Definition
investment.
This is the first step of a change process by which management shares a common
understanding of the change, as well as review the resources committed to the change.
CIO ->Develop a high level overview of the proposed opportunity that addresses business
context, business opportunity or need, scope of potential solution, organizational change impact,
CIO ->Value estimate for the program. Includes: the proposed program, scope,
CIO-> Validate the plan to make sure the completeness and reasonability of the costs and
benefits.
Identify Candidate Opportunities. The CIO should work with the businessmanagement to
develop a high level overview of the proposed program.Topics to be covered include business
context, business opportunity or need, scope of potential solution, organizational change impact,
and major areas of costs and benefits.Program concepts may be initiated as part of strategy or
architecture assignments or may be initiated independently within the organization.
Example: Complexity & Variation
Solution:
• Thousands of servers
• Multiple databases
Program Solution:
Server optimization:
• Standard configuration
Desktop:
• Synchronized workstation
• Standard configuration
• Standard desktop
Problem: Security
Current Situation
• Multiple logons
Proposed Solution: Provide a single secured connection for all customers, suppliers,
and employees
6.4. Summary
6.5. Homework
The new approach for operational groups is called IT Service Management which views the
IT facilities offered as “Services.”An IT service can be defined as a set of related functions
provided by Information Systems supporting the business area.The typical service can be made
up of software, hardware, communication facilities, documentation and special skills that are
dedicated to deliver and support the business with quality in a reliable and efficient way.If IT
strategy is to be seamlessly aligned to the organization‟s strategy, IT must manage the ongoing
delivery and enhancement of its services.Service Level Management ensures that ongoing
requirements, communications, and expectations between business and IT are proactively
managed. Service Level Management is also responsible for ensuring that internal IT
expectations are being met.The service catalog sets the standards against which expectations,
improvements, and performance metrics are measured.Service Level Agreements (SLAs) and
Operating level agreements (OLAs) ensure that agreements are in place to support the offerings
within the IT organization.
IT service management is aimed at providing. IT servces that facilitate the achievement of
business objectives and goals in a timely and cost effective manner.
IT operation management considers the Users (Customers) of IT services as critical and
ensures that they have access to the appropriate services to support the business functions as
they get involved by:Asking for service or changes;Needing communication, updates; Having
difficulties, queries; Real process delivery; The service desk functions as the single contact-
point for users' requests.
7.2. IT Service Management Goals
• IT services that facilitate the achievement of business objectives and goals in a timely and
In most organizations, the quality of service is unknown. Few people can specify exactly
what quality service is. This results in people judging the service on subjective criteria. The
issues of quality and expectations are related, therefore a good service can be defined as service
that consistently achieves customer satisfaction. How do you know that your customer is
satisfied with your service? Customer satisfaction survey or Customer input & involvement.
Service Level Management forms the basis for all service level agreements. Having a strong
Service Level Management ensures the quality of services for IT organizations.
Service Level Management is concerned with managing the expectations that customers
have of the IT department. It involves: Identifying customer‟s requirements in the context of
overall business objectives, determining how these can be met within the required budget and
communicating and reviewing the actual and perceived levels of IT service. Service Managers
work with all IT teams to ensure that levels of service can be delivered by: Setting measurable
performance targets, monitoring performance, taking action where targets are not met. Service
Managers must work to ensure that all IT team members are aware of what is expected of them.
Each member must know how to perform their jobs well, and knowing the consequences of not
doing their jobs well.
Service Level Management consists of:
• The IT services are designed with the real goal : meeting the customer's needs.
• The respective responsibilities of the customer and the service providers are clearly
established.
• Customers know and accept the quality levels offered and clear protocols of action are put in
• The constant monitoring of the service allows the weakest links in the chain to be identified
The Service Level Manager is responsible for understanding and documenting the customer
request for services and translates the request into a set of requirements with measurements for
internal IT teams that provide the service. The key of IT service is to quantify the service
correctly according to business objectives by: Understanding the customers‟ needs, Defining and
reviewing the service requests with the customer, Documenting how the service is to be
delivered to meet the needs, Specifying measurements to consistently be able to meet the
requests and achieve customer satisfaction.
IT Service Management must document all services in a catalog to provide an overview of
the services available to customers of IT, to be used as a marketing tool to show customers what
services are available. The catalog will help IT to manage the expectations of the business more
effectively. The design of the document should be consistent with its marketing purpose. It
should contain information that is interesting to customers, expressed in non-technical language,
with the layout in a professional and interesting style. It is possible to have the catalog as a
65 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
Service Level Management does not operate in isolation. To be effective, they need to be
integrated with other service management disciplines such as capacity management, financial
management, configuration management, change management and all services that IT provides
to its customers.As IT becomes strategic, business organizations demand a higher level of
professionalism from IT. Traditionally, the key contact has been with the development group as
they analyze needs and implement solutions, but this model does not work well as more services
in operation groups are needed to maintain, sustain and support the business.The ongoing
balance between costs, benefits and quality should be managed by the operation group which
requires strong service management.
Service Level Management in itself is not a guarantee of good service. It only works if all
other operation disciplines have been implemented and are working properly.A good service is
not possible unless there is a formal program to determine and maintain a consistent level of
service.The issues of quality and expectation are closely related to provide value to the business.
Service level management is the key concept for operational excellence.
Service Level Agreements (SLAs) are formal agreements between IT organizations and their
customers (customer can be internal or external). The content and structure of the SLAs depend
on a number of factors including: physical, cultural, and business aspects of the organization. If
the company consists of a number of different independent units, these could be seen as separate
customers. It is important to list all services available to customers to let them know what is
available and help IT managers to manage the expectations more effectively.A Service Level
Agreement (SLA) is fundamental to service provisions, from the perspective of both the supplier
and the recipient. It documents and defines the parameters of the relationship between the two
parties.The quality of the service level agreement is, therefore a critical matter. It is not an area
66 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
that can be left to chance and must command careful attention.The SLA itself must be of
sufficient detail and scope for the service covered. Typical SLA sections include: Introduction,
Scope of Work, Performance, Tracking and Reporting, Problem Management, Compensation,
Customer Duties and Responsibilities, Warranties and Remedies, Security, Intellectual Property
Rights and Confidential Information, Legal Compliance and Resolution of Disputes,
Termination and Signatures. Of course, other sections may be applicable.
Content Of Typical SLA:
Introduction
Scope of Work
Performance
Tracking and Reporting Problem Management
Compensation
Customer Duties and Responsibilities
Warranties and Remedies
Security
Intellectual Property Rights and Confidential Information
Legal Compliance and Resolution of Disputes
Termination
General Information
Schedules
Signatures (for approval)
SLA Example:
7.9. Summary
HOMEWORK
Each student will write a short paper (< 2 pages) describe the difficulties or issues when
implement this function in an organization.
TEAMWORK
schedules. The owner, Mr. Bill Ate understands the important of providing
quality services is equal to business success so he decides to develop several
service processes to improve its standards of service that allows him to manage
customer relations, production and distribution more efficiently.
To improve the business, Mr. Bill Ate has decided to implement Service Level
Management principles to all of his restaurants and food services. He hires
several people to manage the food process, creating a catalogue of services with
a comprehensive service quality plan and document a Service Level Agreements
(SLAs) with all of his customers.
Mr. Ate selects one of his top experienced managers to manage customer
relations as Service Level Manager. His function is to negotiate and agree on
service delivery with customers. His responsibilities include:
Delivery times.
Availability of the service (holidays, night hours, etc.)
Associated Services.
Support.
People responsible for the services on both the customer's and the
69 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
supplier's side.
Deadlines for delivery of the service.
Duration of the agreement and conditions for its renewal and/or
cancellation.
Conditions of availability of the service.
Support and maintenance work associated.
Response times.
Recovery times in the event of incidents.
Contingency plans if applicable.
Charging and collection methods.
Criteria for evaluating the quality of the service.
Mr. Bill Ate is facing a problem so he ask your team to help him to solve it by
develop a service process to solve it for him.
The capacity of a system is its maximum performance or output. Knowing the capacity of the
system will allow information system management to identify whether the organization has the
resources required to provide the services. Knowing the capacity is not enough as it only
identifies that there is a certain amount of resources available. Information system management
must find the best way to use those resources to get the desirable results.The traditional view of
IT is mainly focused on the functionality of systems rather than capacity. As the information
system becomes faster and bigger, functionality expands to fill the extra capacity, suppliers and
vendors continue to develop more powerful and advanced technology. As technology develops
and demand increases, the cost of technology drops and it becomes even easier to supply
capacity. Capacity Management must Keep up with advancements in technology and react when
performance levels drop.
Capacity Management supports the cost- effectiveness and maximum performance of IT
services by helping organizations match their IT resources to business demands. It includes
planning for: hardware, networking equipment, peripheral equipment, software, human
resources. Ensure the best use of the appropriate IT infrastructure to cost-effectively meet
business needs by understanding how IT services will be used. Also, match the IT resources to
deliver these services at the agreed levels of service currently and in the future. Key objectives
are: Ensure that existing infrastructure is performing optimally according to the agreed levels of
service, understand the way in which the infrastructure is currently being used and in the future,
forecast and plan infrastructure requirements to ensure the agreed upon ongoing delivery of IT
services. To determine that the right cost, justification, and capacity of IT resources are provided
and achieved at the right time, in order to meet the agreed upon service levels for the business.
71 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
Capacity management goals to understand the business requirements, current operations and IT
infrastructure to ensure that current and future capacity and performance aspects of the business
are provided cost- effectively.
Information System management must be able to explain clearly the IT capacity to users so
they understand what to expect.
Example:
Capacity statement:
• Our server can store 25 GB of data and is capable of response time of less than 0.01
seconds.
• Our server can provide simultaneous access to the finance application for 80 users with
information to customers.
->How do customers react to this? (I could have 80 users use the system and it is fast ….
To determine that the right cost, justification, and capacity of IT resources are provided
and achieved at the right time, in order to meet the agreed upon service levels for the
business.
ensure that current and future capacity and performance aspects of the business are
Information System management must be able to explain clearly the IT capacity to users
Increased efficiency and cost savings. Economic provision of services. Capacity is matched
to business need. Unnecessary spare capacity is not being purchased or maintained. Planned
buying is cheaper than panic buying. Allows an organization to take advantage of economies of
scale and market conditions. Reduced risk of performance problems and failure.
Business Capacity Management: focus on the future needs of users and customers.
Resource Capacity Management: study both the use of IT infrastructure and the trends
to ensure that sufficient resources are available and that they are used efficiently.
Temporary: Demand Management is used when there has been a partial failure to a
component used to provide services.
business priority. Differential pricing is sometimes used to encourage more utilization during
off-peak times. Service packages. They represent the value that the customer wants and for
which they are willing to pay. Demand Management imposed regulation could result in certain
services being unavailable at certain times. Demand Management is the most cost-effective form
of capacity management in a temporary situation.
8.6.5. Modeling
Modeling enables the Capacity Management team to predict the performance of a specified
system under a given volume and variety of work. Modeling is used to answer “What if”
questions for: Specific configurations, specific workloads, combinations of workloads
Modeling is a tool to define current performance as a baseline, verify the accuracy of the
result and tune the model until the results are within acceptable tolerance, predict the outcome
of the planned scenarios
Capacity Management needs to have a database that contains: Technical data; Business data;
Service data; Financial data; Utilization data. Different platforms require different data and the
capacity database will consist of a number of data sources.This information and database would
be part of the Configuration Management database.
Monitoring: To ensure that resources and services are performed as required to meet the
Service Level Agreements (SLAs). It includes items regarding capacity (throughput) and
performance (response time).
Analysis: To identify trends of utilization and service levels so that a baseline can be
determined. Regular monitoring and comparison with the baseline can identify exceptions in the
SLAs and to predict future resource usage.
Tuning: To identify measures to improve either utilization or performance levels for specific
services.
Business Capacity Management. This function looks at the future service requirements
needed by the business, based on business planning and Service Level Management.It uses
inputs from:Existing SLAs, future service level requirements, the business plan, the capacity
plan, modeling, application sizing.
Service Capacity Management. This function looks at the performance of existing services. It
assesses the current IT services, their use of resources, working patterns, and ensures that the
services can meet their SLA targets.It uses inputs from:SLAs; system and service throughput
and performance; monitoring, measurements, analysis, tuning and demand management.
Resource Capacity Management. This function focuses on the actual components of the IT
infrastructure to ensure optimal utilization and performance.It uses inputs from: current
technology and its utilization, future or alternative technology, resilience of systems and
services.
Relationships With Other Areas: Security Management: Security and Capacity Management
must ensure that overloads do not pose security risks.Business Continuity: IT Service Continuity
provides critical data for the Capacity Plan.Knowledge Management: Capacity Management
processes. Procedures and lessons learned should be stored in Knowledge Management
database.Capacity Management provides critical support for all other domains and disciplines.
8.7. Summary
Capacity Management:
Reduce the cost of maintenance . Administration associated with obsolete hardware and
applications and avoids the problem of incompatibilities in the IT . "last minute" purchases
HOMEWORK
Each student to write a short paper (< 2 pages) describing the difficulties or issues when
implement this function in an organization.
TEAMWORK
Scenario: Up until now, “Macro-Food” has been reactive to customers‟ orders, when
more orders come, company increases works, when fewer orders come in, company
asks people to stay home without pay. Of course this makes many workers not very
happy. The quality of service also changes when it depends on the people selected for
the jobs, as some are doing better than others. Mr. Bill Ate wants to change it so he
asks your team to come up with solution to solve this problem. As the management
team assigned by Mr. Bill Ate, your team should come up with a solution and present
to Mr. Ate in the following day.
Sample Answer:
With the increasing importance of services, the team recommends that “Macro-Food”
implement the Capacity Management process. The team suggests that Mr. Bill Ate hires a
Capacity Manager with the following responsibilities:
these are particularly important time for providing good service to customers.
Analyzing, the impact of the various orders on the restaurant‟s capacity and assign
the right workers for the right jobs.
Determine which restaurant has more customers at certain time and shift workers
there to avoid workload issues.
Evaluating, in conjunction with Service Level Management, the quality of
service expected as well as the distribution of workers as SLAs imply.
Identify workers based on skills that can meet the demand rather than treat
everyone the same.
Producing regular reports on the state of the services offered.
Analyzing trends and statistics on the workload.
The results of this work should allow:
The preparation of an annual Capacity Plan which will be reviewed quarterly
against the real data obtained from monitoring of restaurants together with the
business forecasts.
The Capacity Database (CDB) to be populated so that it contains all the
information relating to capacity.
Improvements to the service to be proposed.
Minimizing the number and impact of future incidents degrading the quality of
service.
Rationalizing the use of restaurant supports capacity.
Reducing the cost of the restaurant services.
Increasing productivity and customer satisfaction.
With the advancement of technology, IT services have become a key factor in business
processes.IT providesbusiness solutions and supports all business processes and transactions.For
example: Electronic banking, ATM.
Availability is the proportion of time that the customer is able to access a particular IT
service.The availability of IT systems and services is influenced by:The complexity of the IT
systems; the reliability of IT components and the environment on which the systems rely; levels
of maintenance; the infrastructure on which the IT services are built; the configuration of the
IT infrastructure.
Availability Management is the planning, managing, implementing, and optimizing of IT
services so they can be used where and when business requires them.Availability Management
is applied to all new IT services, existing IT services where Service Level Agreements (SLAs)
have been arranged, IT suppliers (Internal and External), all aspects of the IT infrastructure
which may impact availability.Ensure the delivery of IT services where, when and to whom
they are required, by planning and building a reliable and maintainable infrastructure and key
support according to the requirements.Determine the availability requirements of the business
and matching these to the capability of the IT infrastructure.Responsible to ensure that the cost
of high availability does not exceed its value.Look for the best compromise between the cost of
the availability solution and unavailability.
To ensure IT services are designed to deliver the agreed levels of availability.To measure
79 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
and monitor availability, reliability, and maintainability on an on going basis.To optimize the
availability of the IT infrastructure according to business objectives.To work at reducing the
frequency and duration of incidents.To ensure that corrective actions for downtime are identified
and progress.To create and maintain an availability plan.
Include:
levels of availability.
Supervising compliance with the OLAs and UCs agreed with internal and external service
providers.
Determining the requirements from the business for IT services.Planning availability and
recovery design criteria for the IT infrastructure.Determining the vital business functions and
impact arising from IT component failure. Where appropriate provide additional
resilience.Defining the targets and establishing measures for availability, reliability and
maintainability to be documented and agree with the Service Level Management. Monitoring
and trend analysis of IT components.Reviewing IT service and component availability and
identifying unacceptable levels.Maintaining the availability plan.
level of availability is desirable, they need to be made aware that high availability can result in
costs that may not be justified by their real needs.It is necessary that Availability Management:
Planning availability allows the IT organization to establish levels of availability that match
the needs of the business and the capabilities of the IT organization.The Availability Plan must
include:The current availability status of the IT services, tools for monitoring availability,
analysis methods and techniques to use, relevant and precise definitions of the metrics to use,
availability improvement plans, expectations about future availability.
Determine availability requirements include estimate business impact, determine the cost of
downtime, calculate the cost of building higher availability. Design for infrastructure from the
beginning, identify single points of failure, risk analysis, determine measurements for new
services, testing.
Security considerations. A key factor in obtaining high levels of reliability and availability is
robust Security Management.Security-related aspects must be taken into account at all stages of
the process.It is as important to determine when the service will be available as who will use it
and how.
Availability and security are interdependent and any failings in one of them will seriously
affect the other.Planned downtime. Routine systems maintenance. Availability Improvement
9.6.3. Maintainability
9.6.4. Monitoring
Availability Management must monitor the availability of the IT service and report any
incident from the time of the interruption of service until it is restored (downtime).
Detection time: This is the time elapsing between when the fault occurs and when the IT
organization becomes aware of it.
Response time: This is the time that elapses between the detection of the problem and
when the incident is logged and diagnosed.
Repair/recovery time: The time taken to repair the fault or find a workaround and
restore the system to the same state as before the service was interrupted.
Overview of Incidents
Average downtime: The average duration of a service interruption, including the time
taken to detect, respond and resolve the incident.
Average uptime: The average length of time the service is available without
interruptions.
Average time between incidents: The average time between one incident and the next.
This is equal to the sum of the average downtime and average uptime. The average time
between incidents is a measure of the reliability of the system.
Measurements
Availability is measured from the customer‟s point of view and is recorded in the
SLA.Availability is normally expressed in a percentage:
Cost of Unavailability
User productivity loss = Hourly cost of affected user X hours of disruption; And
Other business losses incurred (Overtime, wasted materials, financial penalties or fines etc.)
And Impact on customer service.
Many business processes and transactions depend on information technology (IT). The cost
of unavailable IT services is high and has a significant impact on the business.
CFIA (Component Failure Impact Analysis): This method is used to identify the impact of
the IT service availability on the failure of each configuration item involved.
FTA (Failure Tree Analysis): The aim is to study how faults propagate throughout the IT
infrastructure, so as to better understand their impact on service availability.
CRAMM (CCTA Risk Analysis and Management Method): The aim of CRAMM is to
identify the risks and vulnerabilities to which the IT infrastructure is exposed in order to take
countermeasures to reduce them or enable rapid recovery of the service in the event of an
interruption.
SOA (Service Outage Analysis): The aim of this technique is to analyze the causes of the
faults detected and propose solutions to them. It differs from the previous methods in that it
performs its analysis from the point of view of the customer, placing special emphasis on factors
other than purely technical aspects directly linked to the IT infrastructure. Scope and plan the
service outage analysis. Build hypotheses on possible cause and effect. Analyze data. Interview
key personnel. Produce findings and recommendations. Build and validate the solution.
9.8. Summary
Homework:
Each student to write a short paper (< 2 pages) describing the difficulties or issues when
implement this function in an organization.
Teamwork:
Scenarios:
As more and more people are working at different time and different shifts,
Mr. Bill Ate found that many customers come to his restaurants at odd hours
and they demand certain kind of menus that usually not available at certain
time. For example: Breakfast at 4: AM or Lunch at 2: PM and Dinner at 11:
PM. He also found that the number of customers increased significant because
of the quality of foods and low prices, but many people also complain that
they have to wait a long time for food services. Mr. Bill Ate asks your team to
come up with a solution to this problem
Establishing policies and procedures that avoid, as far as possible, the harmful
The main benefits of proper IT Service Continuity Management may be summarized as:
Periodically reviewing the plans and adapting them to real business needs.
Step 1:To establish the objectives, scope and the commitment of the IT organization, i.e. the
policy.
◦ Strategic IT services.
IT Service Continuity Management will NOT succeed if the resources, in terms of both
◦ Loss of profits
ITSCM must:
services.
Reactive measures: Restore acceptable levels of service in the shortest time possible.
10.4.3.Implementation
Executive Board: Overall authority and control within the business and responsibility for:
crisis management, public relations, liaison with other business units, groups, departments,
regulators, government, etc.
Coordinating Team: Understand business processes, priorities, and manage the overall
recovery activities:Support business recovery, coordinate any critical activities, manage central
control of service continuity
Business Recovery Teams: Responsible for implementing the business recovery plans for
their own areas and act as day-to-day liaison with staff, customers, and suppliers.A business
recovery team follows the direction of coordinating team‟s policies, procedures, standards, and
priorities to ensure recovery processes are implemented accordingly.The coordinating team‟s
planning must give appropriate authority for each team or individual to make decisions and take
action during the contingency. These roles and responsibilities must be clearly identified.
Typical structure
Risk Prevention Plan: The main objective of the risk prevention plan is to minimize the
impact of a disaster on the IT infrastructure. Commonly used measures include: Distributed data
storage; back-up electricity power supply systems; data back-up policies; duplication of critical
systems; passive security systems
Emergency Management Plan: Emergency management plans need to take into account
aspects such as:
Recovery Plan:The recovery plan needs to include everything necessary to reorganize the
staff involved, re_establish the hardware and software systems necessary, and recover the data
and restart the IT service. The recovery procedures may depend on the importance of the
contingency and the associated recovery option (cold or hot stand-by), but in general they
involve:
10.6. Summary
IT Service Continuity Management manages the risk of IT services failing by reducing and
avoiding identified risks and planning to recover IT services as a contingency, to support the
continued functioning of the business to a specified level within a stated set of circumstances.
ITSCM focuses on all IT services that are needed to keep critical business process
functioning.
Homework:
Each student to write a short paper (< 2 pages) describing the difficulties or issues when
implement this function in an organization.
Teamwork:
Scenario: Mr. Bill Ate, owner of “Macro-Foods” company recognizes that even
his company has a Business Continuity Management but his restaurant sector is
currently does not have any Service Continuity Management. He understands
the importance that services have for his business so he wants to correct this
problem as soon as possible. As the sole provider of food services to many
companies in High-tech Park, he has enjoyed high profit margin. If their food
services are interrupted, thousand people will be very angry and the company may
lose this profitable business. Mr. Bill Ate decides that his company will guarantee
the continuity of services within 1 hours of any incident. (i.e., Fire, storm, traffic
jam, electricity issue etc.)
You are given the task to solve this problem for him.
Sample answer:
“Macro-Foods” should appoint a manager the role of managing the process and charged with
coordinating all the activities involved with Macro Foods‟ Business Continuity Management.
Business Continuity Management has signed an agreement with other catering companies
for emergency supplies to cover the company's most important customers:
In these cases, coordination requires the development of special modules allowing order
databases to be exported in standard data exchange formats so they can be processed by the
other organization.
Additionally, an emergency management application has been developed to allow supplier
orders to be handled and ensure the integrity of existing foods is maintained, according to its
information and the impact of the business interruption on the food storage.
The following are also established:
However, IT Service Continuity Management not only has to apply reactive measures to
mitigate the impact of a possible interruption to service. Its obligations also include the drafting
of prevention plans to avoid these situations arising. To avoid interruptions to its services the
company:
• Contracts food services with another food provider just in case there is a
interruption such as fire, storm, or electricity power outage in the area.
• Replicates critical food service systems at different locations.
The objective of IT Financial Management is to evaluate and control costs associated with IT
services to ensure that customers are offered quality service with an efficient use of the
necessary IT resources.If the IT organization and its customers are not aware of the costs
associated with the services, they will not be able to assess the return on investment (ROI) or
establish technology investment plans.The main objective of IT Service Financial Management
is to operate IT services to the business efficiently and profitably.
IT Service Financial Management must:
Financial Management manages IT infrastructure costs and provides a good financial basis
for business decisions relating to IT by identifying and accounting for the costs of delivering IT
services.
Objectives:
To account for the cost of operating the IT department and providing IT services.
To facilitate accurate budgeting and provide information about the cost of IT
services, which will enable the business to make better decisions.
To build the basis to determine Return on Investment (ROI) of IT and balance
costs, capacity and service level requirements.
• Increasing customer satisfaction by having contract services that offer good value.
11.3.1.Budgeting
Budgets are set by forecasting the costs of specific categories of expenditure. Where these
are not known, they are estimated according to Business forecasts, Capacity forecasts and
Service Level Management.
The objectives of having IT budgets are Planning IT spending and long-term investments,
Ensuring that IT services are adequately financed and establishing clear objectives that allow the
performance of the IT organization to be evaluated. For the budgets to be realistic, it is
necessary to identify all the cost items. Estimating the cost associated with these items is not
easy as external factors are not under the direct control of the IT organization, such as an
increase in the cost of hardware, software, resources, salary and licenses, etc.
11.3.2.IT Accounting
An accounting system is a set of interrelated activities used to budget, track, and charge for
IT services by:
Accounting Center: This type of organization simply identifies the cost of providing
service, may do some budgeting. The focus is on measuring performance and conducting
investment assessments.
Recovery Center: This is where organizations analyze the full expenditure and
investment so they can be recovered from the customers – usually in some form of charging.
The focus is on making customers aware of the true costs of using services.
Profit Center: This is where the IT department acts as a business in its own right,
although its objectives are set by the organization as a whole. This does not always imply that
the department has to make a profit.
The cost model is a framework in which all known costs are identified and allocated to
specific customers or services.The first step in defining a cost model is to categorize how the
costs are actually incurred. Cost types are categories that make it easier to identify where money
is being spent or where it is going to be spent.Cost types are: hardware, software, people,
accommodations (facilities), services.Within each cost element there are different types of costs
that will behave in different ways: capital and operational, direct and indirect, fixed and variable
and depreciation.
Direct costs: Costs that are specifically related to a single product or service, for
example, web servers used for an internet service.
Indirect costs:Costs that are not specifically related to a single service, such as the IT
organization's connectivity, on which many web services and the general communications
platform depend. These costs are more difficult to determine and are generally spread or pro-
rated across the various services and products.
Fixed costs:Costs related with fixed assets, independent of the volume of production,
such as cost of equipment.
Variable costs:Costs that depend on the volume of production, such as the cost of the
personnel providing the service, etc.
Cost ofcapital: Derived from the repayment of fixed assets or long-term investments.
Operating costs:Costs associated with the day-to-day functioning of the IT organization.
A cost unit is the basic unit of service that a customer will use or be charged for.Cost units
are items that can easily be measured or seen by customers and users.A simple calculation
includes:
A set of interrelated policies, activities, and tools that enable IT to recover their costs from
users on an equitable basis to determine the most suitable charging policies for an organization;
recover fairly and accurately, the agreed costs of providing IT services and collaborate with
customers to ensure optimal return on IT investment by the business.
It is important to identify exactly what the customers will be charged for. The user should
see these items as a unit. Both fixed and variable costs should be identified for each chargeable
item.
Pricing
Knowing the cost of IT services provided and establishing a pricing policy that allows the
costs incurred to be recovered are essential.Pricing is the process of identifying exactly how
much money the charging process should recover.Since the level of pricing has a direct impact
on the demand for the service, these factors should be taken into account:
Cost plus margin: the total cost of the service is calculated and a profit margin is added.
Market price: services are charged at the market rate for services of a similar kind.
Negotiated price: the price of the services is negotiated directly with the customer.
Variable price: dependent on the IT capacity actually used and/or the objectives met.
Once the price has been set, the rates for services have to be defined according to:
Charging method
Direct charging: Customer is charged directly on receiving a service (e.g. charging for
delivery and installation of a PC).
Resource usage: Customer is charged based on the use of specific IT resources (e.g. disk
space or CPU usage).
Apportionment: Customer is charged on shared facilities which is split up between users and
the facility or resource.
11.4. Summary
The IT service Financial Management can evaluate and control the costs associated with IT
services so that customers are offered a high quality service with an efficient use of IT
resources.
If the business is not aware of the costs associated with the services they use, they will not be
profit center just like any business unit and move away from a supporting role to a more
strategic role.
Homework:
Each student to write a short paper (< 2 pages) describing the difficulties or issues when
implement this function in an organization.
Teamwork:
Scenario:
"Macro-Foods" company has been providing food services for customers in
restaurants, high tech companies‟ cafeterias, and special occasion service etc. Mr.
Bill Ate believes in quality service and has hired many service managers to ensure
that his services meet customers‟ needs and the quality of foods and services
exceed the SLAs. However, this type of service management spending has not
been well documented on the finance accounts and budgeted specifically. It is
impossible to know what impact that having these services would impact the cost
of each of the services provided and how much it contributes to the profit of the
company.
Sample Answer:
Mr. Bill Ate wants to develop a new pricing policy for his service management
process that allows him to pass on its costs to customers, in the same way that it
passes on the cost of food preparation, transport, raw materials, etc.
It is recommended that Mr. Ate appoint a senior manager to look into this
process.
All these activities aim to define precisely the costs associated with the IT
services already being delivered and to propose rates that can be passed on to
customers, either directly or as a part of general items.
The information compiled will be used as the basis for the preparation of the
budgets prepared by Financial Management.
The main objectives of Configuration Management are to provide accurate and reliable
information about all the components of the IT infrastructure.Without configuration
management in place, it is impossible to track IT infrastructure costs in order to make best use of
it. As changes do happen, if not managed, it can create confusion and frustration among users.
12.3. The concept of Configuration Item
12.3.1.Configuation:
12.3.2.Configuation Item:
configuration)
Planning
Identification
Physical: Marking items to identify which items are under configuration control
(e.g. barcode or sticker).
Examples
A lifecycle refers to the stages that occur during the life of a configuration item
(CI). Each CI has its own lifecycle and CIs of the same type will share the same
life cycle. By defining lifecycles, configuration management allows CIs to be
moved and tracked from stage to stage in a controlled manner. CIs can then be
checked to see whether they are: authorized, complete, cost in line, on time, to
specification.
information:
Be unique
Be consistent with naming convention
Allow for copy and version numbers
Allow for growth
Control Information
Status accounting
Status accounting uses the life cycles to track and update the status of CIs.Status
accounting functions of CM are responsible for the recording and reporting all
data for all CIs. These reports can be produced to pre-defined criteria or be taken
directly from the CMDB when required.
Examples of reports:
Verification
Service Desk
Equipment held
Software accessible
Diagnostic aids
Problem history
Change history
Service Level Agreement
Training/experienced record
Personal information
Problem Management
Change Management
Release Management
Deviations between the information stored in the CMDB and that obtained from the
configuration audits.
The purpose of Change Management is to evaluate and plan the change process to ensure
that, if a change is made, it is done in the most efficient way possible, following the established
procedures to ensure the quality and continuity of the IT service at all times.
The reasons for making IT changes are:
Change Management‟s objective is that all changes that need to be made to IT infrastructure
and services be evaluated and implemented correctly according to standard procedures.
Change Management‟s goals are:
To manage the process whereby changes are requested, assessed, authorized and
implemented.
To ensure that no unauthorized changes are implemented.
To minimize risk and disruption caused by changes.
To ensure that changes are properly researched and that all relevant parties have
input into the assessment of changes.
To coordinate the effort involved in building, testing, and implementing changes.
Hardware
Software
Networking equipment
Applications
All documentations, plans, procedures relevant to the running, supporting and
maintenance of IT infrastructure
The number of potential incidents and problems associated with each change is reduced.If
the change has a negative impact on the IT structure, the process of returning to a stable
configuration is relatively quick and simple.The number of back-outs needed is
reduced.Changes are better received and the tendency to resist change is reduced.The true costs
associated with the change are evaluated and is, therefore, easier to assess the true return on the
investment.The CMDB is kept properly up-to-date. This is essential if all other IT processes are
to be managed correctly.Standard change procedures are developed allowing rapid updates to
non-critical systems.
Change Manager: The person responsible for the change process and ultimately responsible
for all the tasks assigned to Change Management.
Change Advisory Board (CAB): Internal group, chaired by the Change Manager,
consisting of the representatives of IT services management areas, it may include:
• External consultants
• Representatives of user groups
• Representatives of hardware and software suppliers
• The Change Advisory Board (CAB) is responsible for assessing the impact of
requested changes and estimating the resource requirements. They advise the Change
Manager on whether changes should be approved and assist in the changes.
• CAB members may vary depending on the change being requested, and should
consist of people who are impacted by the change.
• In case of emergency, CAB may need to consult with senior managers, before
approving urgent changes.
All changes to IT infrastructure must be made via a Request for Change (RFC).Change
Management manages all changes to IT infrastructure and services to ensure that they are
implemented correctly and standard procedures are followed.
Change Management ensures that changes:
• Are justified.
• Are carried out without impacting IT service quality.
• Are properly recorded, classified and documented.
• Have been carefully tested in a test environment.
• Are recorded in the CMDB.
• Can be undone by running back-out plans if the system functions incorrectly after
implementation.
Sources of Change
New Services: The development of new services usually requires changes to the
IT infrastructure. It is important to coordinate the whole process with Capacity,
Availability and Service level management to ensure that the changes meet
expectations and do not degrade the quality of other services.
Business Strategy: Management may change strategic direction that affects the
levels of service offered. This kind of change requires modifications to existing
hardware, software and procedures.
Logging
The first step in the change process is to record the Request for Change (RFC)
appropriately with the following data:
• Date received
• Unique identifier of the RFC
• Identifier of the associated known error (where appropriate)
• Description of the proposed change:Reason for change, purpose of
changeCIs involved, estimated resources needed, estimated time
The information in the log must be updated throughout the change process for
better tracking with the following data:
After the RFC has been logged, a preliminary filter review needs to be made to
accept or reject the change.
An RFC may be rejected if the change is not justified. The RFC must be returned
to the person or department making the request so they can offer new
justifications or modify it if necessary.
Accepting the change does not mean that it will subsequently be implemented by
the CAB. It is merely an indication that it is sufficiently justified to be given
further consideration.
Classification
After accepted, RFC should be classified (by priority and category) depending
on its urgency and impact.
The priority determines the relative importance of the RFC in relation to other
outstanding RFCs.
• Normal: Change should be made when it does not get in the way of
another higher priority change.
The category determines the difficulty and impact of the RFC so the change
board can determine the resources needed.The category is determined based on
the impact on the organization and the effort required implementing the
change.Minor changes may not need the approval of the CAB and may be
implemented directly.Any other changes need to be discussed by the CAB and
sometimes may need the collaboration of specialists to advise on the change.
Change Evaluation
The CAB will evaluate all changes in detail before approval by asking:
Recording, evaluating and accepting or rejecting the Request for Changes (RFCs) received.
Evaluating the results of the change and proceeding to close the change if successful.
12.12. Summary
Configuration Management provides accurate and reliable information about all the
level of detail and managing this information using the configuration database
(CMDB).
management processes.
• Interacting with Incident, Problem, Change and Release Management so they can
resolve incidents effectively by finding the cause of the problem rapidly, making the
changes necessary to solve it, and keeping the CMDB up- to-date at all times.
environment and comparing it with that held in the CMDB to correct any
discrepancies.
• Evaluating the results of the change and proceeding to close the change, if
successful.
Homework:
Each student to write a short paper (< 2 pages) describing the difficulties or issues when
implement this function in an organization.
Sample answer:
115 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
The instructor may want to discuss the difficulties in Configuration Management such as:
Incorrect planning: it is essential to plan the necessary activities correctly to avoid
duplications or mistakes.
Inappropriate CMDB structure: keeping an excessively detailed and exhaustive configuration
database up-to-date can be a time-consuming process requiring too many resources.
Inappropriate tools: it is essential to have the right software to speed up the data entry process
and make the best use of the CMDB.
Lack of Coordination between Change and Release Management making it impossible to
maintain the CMDB correctly.
Lack of organization: it is important for there to be a correct assignment of resources and
responsibilities. Where possible, it is preferable for Configuration Management to be undertaken
by independent specialist personnel.
Lack of commitment: the benefits of Configuration Management are not immediate and are
almost always indirect. This can lead to a lack of interest on the part of management and
consequently a lack of motivation among the people involved
Teamwork:
Scenario:
Mr. Bill Ate understands that configuration management is important, but for his food service
company, it can easily waste a lot of resources if excessively criteria are laid down. Therefore,
he decided to limit the scope of the configuration database to the systems he felt to be critical
such as:
LAN servers.
Internet servers.
Service Centre computing infrastructure.
SLAs
He asks your team to design a Configuration Management system that meets his initial simple
goal.
Sample Answer:
To simplify management of “Macro-Foods”, it is recommended that configurations should be
organized to each configuration items as described by Mr. Ate with these advantages:
Medium-to-long term reduction in the associated costs.
Improving the consistency of the services delivered.
Simplification of all the processes associated with service support: Incidents,
problems, changes, versions, etc.
Opting for a series of standard configurations allows a high level of detail to be achieved
without the effort being excessive. The following items were therefore entered on the database:
Software configurations:
Operating Systems:
Installed applications.
At the same time, management tools were installed to allow all these configurations to be
monitored remotely and periodic automatic audits to be carried out.
Release Management is responsible for implementation of all the hardware and software
Management to ensure that all information relating to changes (new versions) is properly
included on the CMDB so that it is fully up-to-date and provides an accurate image of the
Release Management also keeps the Definitive Software Library (DSL) up-to-date, where
copies of all the software in production environment are kept, and the Definitive Hardware
Storage (DHS), where spare parts and documentation for the rapid repair of hardware problems
• To plan and manage the release of software and hardware to users in production
environment.
• To design and implement procedures for the distribution and installation of changes to
IT systems.
• To ensure only correctly released, tested, and authorized versions of CIs are in use.
• To ensure the physical storage and protection of master copies of all software.
Implementing new versions of hardware and software on the live environment after
Ensuring that the change process meets the specifications of the relevant RFC.
Archiving (identical) copies of the live software, and all their associated documentation,
Changes are made without deterioration of the quality of service. New releases meet the
proposed objectives. The number of incidents caused by incompatibilities with other installed
hardware or software is reduced. The related testing processes not only allows the quality of the
hardware and software due to be installed to be tested, but also elicits the opinions of users on
the functionality and usability of the new versions. Keeping the DSL properly maintained will
prevent the loss of (valuable) copies of the source files. The number of illegal software copies is
reduced.
Control of the software and hardware deployed is centralized. Protection against viruses
13.5.1. Release
• Minor releases: These are the correction of one or more specific errors and are often
hardware.
Beta: A release that still needs to be tested for bugs in an environment similar to the
production.
Full: All components of the release unit are built, tested, distributed and implemented.
Delta: A partial release, usually just to fix a problem or only release some functionality
earlier than scheduled or only release the CIs that have changed.
• Delta release: Only the modified components are tested and installed.
• Full release: All the affected components are distributed, whether they have been
modified or not
Testing new versions in an environment that simulates the live environment as closely as
possible.
Informing and training customers and users about the functionality of the newly released
version.
13.5. Summary
Release Management:
• Testing new versions in an environment that simulates the live environment as closely
as possible.
• Informing and training customers and users about the functionality of the newly
released version.
13.6. Homework
An incident is any “event” which is NOT part of the normal operation of a service that
Incident Management
not concerned with finding and analyzing the cause of a particular incident, but solely
agreed times, thus ensuring the best possible levels of service quality and availability.
• To ensure the best use of resources to support the business during service failures
or disruptions.
It is common that multiple incidents happen at the same time, making it necessary to define
• Impact: This determines the importance of the incident depending on how it affects
• Urgency: Depends on the maximum delay the customer will accept for the resolution of
Incident Management should take into consideration the expected resolution time and the
resources necessary. “Simple" incidents will be dealt with as soon as possible. Depending on the
priority, the necessary resources will be assigned to resolve the incident. The incident's priority
The first level of support is provided by Help Desk during the user call to report the
incident.
If Help Desk can not resolve then incident is referred to technical support group for
If the support group can not resolve then they have to contact another specialist to assist
them.
Functional escalation: The support of a higher level specialist is needed to resolve the
problem.
Incidents may be reported from various sources, such as users, application managers, the
The Help Desk must be able to evaluate whether the service required is included in the
customer„s SLA in the first incident and if not, forward it to a competent authority.
It is important for the Help Desk to check that the incident has not already been logged:
it is commonplace for more than one user to report an incident, so it is necessary to check
Assigning a reference: Help Desk will assign an incident reference number to uniquely
identify it in both internal processes and when communicating with the customer.
Initial data capturing: Help desk collects basic information needed to process the
incident (time, description of the incident, systems affected, etc.) and enter them on the
associated database.
Incident notification: Help Desk may determine where the incident may affect other users
and notifies them so they are aware of how the incident may impact their work.
Help desk examines the incident based on information from a knowledge database (KB)
to determine if it matches with any incident that has already been resolved and an
If the Help Desk is unable to resolve the incident, it will forward it to a higher level for
the experts assigned to investigate. If these experts are unable to resolve the incident, the
Throughout the lifecycle of the incident, the various agents involved must update the
information stored in the databases so that all the levels involved have complete
Classification: The purpose of incident classification is to collect all the information that
may be used to resolve it. The classification process has the following steps:
the workgroup responsible for resolving it. The services affected by the incident
• Allocation of resources: If the Service Desk cannot resolve the incident in the
first instance, it will designate the technical support personnel responsible for
Problem Control: this is responsible for logging and classifying problems to determine their
causes and turn them into known errors.
Error control: records known errors and proposes solutions to them by means of RFCs
which are sent to Change Management. It also conducts Post-Implementation Review of these
changes in close collaboration with Change Management.
When the structure of the organization allows, it carries out Proactive Problem Management
to help detect problems even before they manifest themselves by causing degradation to quality
of service.
Service Level Management: It is essential that customers have timely information about the
level of compliance with SLAs and that corrective measures are taken in the event of non-
compliance.
Monitoring the performance of the Help Desk will determine the degree of satisfaction of
the customer from supervising the proper function of the first line of support and customer care
delivered.
Optimizing the allocation of resources: Managers need to know if the escalation process
has followed the established protocols faithfully and if duplication has been avoided in the
management process.
14.10. Identifying mistakes: It may happen that the specified protocols are not right for the
need to be taken.
about the assignment of resources, additional costs associated with the service, etc.
14.11. Summary
service within agreed times, and ensuring the best possible levels of quality service to
customers.
resolve problems according to the business needs, preventing them from recurring and recording
Homework:
Each student to write a short paper (< 2 pages) describing the difficulties or issues when
implement this function in an organization.
Teamwork
Scenarios:
Incident Management: A manager has just received a call from the person in charge of
supplies at one of its high tech company's cafeterias. The person says that he had ordered a
new batch of ice-creams a few days ago over the web, they had not yet arrived and the stock
was running low. He is very angry at the food service because it is summer and most of his
people would buy ice cream.
The manager looks in the computer database and confirms that the order was made several
days ago, but he also notices that it was incorrectly stored. He tries to repeat the order on his
computer, but the system continues to malfunction. What should he do?
Problem Management: The manager has informed Problem Management about the
incident which could not be associated with a known error and which caused a low impact
interruption to service. What would be the better solution?
Sample Answers:
Incident Management:
The manager should do the following:
Evaluate its priority: although the impact is low, the incident is urgent as the customer
needs the delivery urgently.
Log the details of the incident.
Check the Knowledge Base in the database to investigate whether the incident is the
result of a known error, (has happened before) and if there are any possible “work-
around”.
Propose a temporary solution to the customer by pointed to a reserved area of the
website where he can place "urgent" orders by email.
Contact systems department to warn that the incident may be repeated throughout the
day.
Use the application that monitors warehouse stock, he checks the availability of the
ice-creams ordered.
Reassures the customer that he will receive the ice-creams before midday via the
company's express service.
Meanwhile, the IT systems department:
Runs a series of tests and confirms that, in general, the system is functioning correctly.
Are unable to identify the cause of the incident.
They contact the manager and suggest that the problem be forwarded to Problem
Management with a preliminary classification of low priority.
Problem Management:
Problem Management decided to analyze the problem following the established
protocol:
Identifying the problem.
Classifying of the problem.
Establishing the possible causes.
Checking the most likely cause.
Confirming the actual cause.
Identification: In the case with which we are concerned, the problem is easy to define:
The online orders application produces unpredictable errors when recording certain
orders. There is no apparent relationship between the error and other
hardware/software components.
Classification: The problem may be classified according to the following parameters:
Identification: Problems recording orders.
Source: Online orders module.
Frequency: the problem is not recurrent, this is the first time it has been detected.
Impact: slight. The incident was resolved without a serious interruption to service.
Possible causes: The most likely causes include:
Errors in programming on the client side of the application.
Errors in the web server recording modules.
Database configuration errors.
The analysts decide that the most likely origin of the problem is in the application's
recording modules.
Checking the most likely cause: with the help of the information recorded by Incident
Management:
Problem management tries to reproduce the problem.
They find that the error is only reproduced with a particular brand of ice-cream.
They notice that the brand of ice-cream has an apostrophe in its name and that if this is
removed the order is recorded without problems.
Verification:
133 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
The main objective of the Service Desk, is to serve as a point of contact between
Service Desk is the center of all the IT service support processes by:
Management.
• Working with Configuration Management to ensure that the relevant databases are up-
to-date.
The point of contact with the customer may take various forms, depending on the breadth and
depth of the services offered:
Call Centre: The aim is to manage a high volume of calls and redirect users (except in
trivial cases) to other levels of support and/or sales.
The Help Desk: Its main objective is to provide a first line of supporting resolving
service interruptions as quickly as possible.
The Service Desk: This is customers' and users' interface with the whole range of IT
services offered by the organization focusing on business processes. Apart from offering
the services mentioned above, it provides customers, users and the IT organization itself
additional services such as:
Supervising maintenance and service level contracts.
Channeling customers' Service Requests.
Software license management.
Centralizing all the processes associated with IT management.
• What types of structure should the Service Desk have (distributed, centralized,
15.5.1.Logical structure
The members of the Service Desk team must:
Be familiar with the protocols for interaction with customers: scripts, checklists, etc.
Be equipped with software tools they need to log their interactions with users.
Know when to escalate incidents to higher levels or contribute to discussions on the
compliance with SLAs.
Have the relevant knowledge bases at their fingertips so as to give a better service to
users.
Receive training on the company's products and services.
15.5.2.Physical structure
The structure of the Service Desk opted for will vary depending on the service needs
(global, local, 24/7, etc.).
There are three basic formats:
Centralized
Distributed
Virtual
The main characteristics of each format are described below:
Centralized Service Desk
In this case all contact with users is channeled through a single central structure.
The main advantages are:
Costs are reduced.
The activities of the Service Desk can include almost all aspects of IT Services Management.
However, its main function is that of managing relationships with customers and users, keeping
them informed about all the processes of interest to them. Some of the key functions a Service
Desk should offer are:
15.6.1.Incident Management
Although managing incidents in full requires the collaboration of other departments and
staff, the Service Desk must be able to provide a first line of support to help resolve
interruptions to service and/or service requests from customers and users. Its specific
tasks include:
Logging and monitoring each incident.
Checking that the support service required is included in the associated SLA.
Tracking the escalation process.
138 | Nguyen Thi Thanh Tam - DTU
Information System Theories & Practices
Identifying problems.
Closing the incident and obtaining confirmation from the customer.
15.6.2.Information Center
The Service Desk should be the main source of information for customers and users,
informing them about:
New Services.
New releases to correct errors.
Compliance with the SLAs.
This direct contact with customers should also be used to identify new business
opportunities, and to assess customers' needs and their level of satisfaction with the service they
are given. The Service Desk is ideally positioned to provide inside information on all the IT
service management processes. For it to do so, however, it is essential that it log all interactions
between users and customers properly. The Service Desk is also responsible for relations with
external suppliers providing maintenance services. In order to offer a high quality service, it is
essential that there be close links between external maintenance providers and Incident
Management. This should be channeled through the Service Desk.
We have all endured frustrating experiences dealing with large companies that promise high
quality, round the clock support, and when it turn out to have a contact center with staff who are
poorly trained, if not rude. It is important to understand that Service Desk's success is your
company's success and it depends to large degree on the people in the team. It is therefore
essential to establish strict selection and training protocols for them. Ideally, the Service Desk
staff should:
Share the organization's customer care philosophy.
Deal with customers in a way that is correct and polite, using language the
customer can understand.
Have an in-depth knowledge of the services and products offered.
Understand customers' needs and redirect them, if necessary, to the experts in
question.
Control all the technological tools available to them in order to offer a high quality
service.
Be able to work as a team.
The training they are given should relate to all these aspects and not be limited to building
their technology skills. It is also essential for the management to be committed to:
Close monitoring of the services delivered, particularly as regards their
effectiveness and performance.
Continuous support to the service desk team in its difficult task of dealing directly
with customers.
Team work.
And finally, remember that you never get a second chance to make a first impression. The
best measure of the success of a Service Desk is customer satisfaction. It is important to try to
set up well defined metrics with which to measure the performance of the Service Desk and the
perception users have of it. Progress reports should include points such as:
The average time taken to respond to requests sent by e-mail, phone or fax.
The percentage of incidents closed at the level of the first line of support.
The percentage of queries responded to in the first instance.
A statistical analysis of the incident resolution times organized according to their
urgency and impact.
Compliance with the SLAs.
The number of calls handled by each member of the Service Desk team.
Another important monitoring task is that of overseeing the level of customer satisfaction.
This can be achieved by means of surveys allowing the customer's perception of the services
provided to be assessed. You could opt to close each incident or query with a series of questions
allowing the customer's opinion about the attention received to be gathered, along with his or
her satisfaction with the solution offered, etc. All this information should be compiled and
analyzed periodically to enable the quality of service to be improved.
15.7. Summary
Service Desk is an important aspect of user and liaison support. It is the main contact
Service Desk staff represents the image of the company and organization as they help
customers to resolve problems, record information on IT services and escalate problems to the
15.8. Homework
Scenario:
Macro-Foods receive so many calls to order foods, complain about quality of services, certain
incidents where food order were delivered to the wrong places, inefficient services and these call
disrupted normal operation as manager are busy response to customers and suppliers. How can
the company avoid these issues?
You are tasked to help solve this problem.
Sample Answer:
Macro-Food should set up a service desk and centralizing all the IT organization‟s contacts
with customers and suppliers by:
The growth of the Internet, problems associated with information security have worsened
considerably and affect all organizations. Information is an integral part of any business and
managing it correctly rests on three basic factors:
Confidentiality: the information must only be accessible to its predefined recipients.
Integrity: the information must be correct and complete.
Availability: the information must be accessible when it is needed.
Security Management ensures that the information is correct and complete, that it is always
available for business purposes and that it is only used by authorized people.
16.2. Security Management Staff
Security Management staff must have an in-depth knowledge of both the business and the IT
services in order to establish security policy, as well as procedures to ensure that the information
Security staff must work with the business and IT organization to determine security
requirements, then document them in the relevant SLAs so that implementation of them can be
ensured.
Security Management should review all risks to which the IT infrastructure is exposed to
Designing a security policy (in collaboration with customer and suppliers) that is aligned
with the needs of the business.
Ensuring compliance with the agreed security standards.
Minimizing the security risks threatening continuity of service.
16.4. The benefists of Security Management
The IT organization determines the feasibility of the requirements and compares them to the
The customer and IT organization negotiate and define a service level agreement (SLA) that
includes definition of the information security requirements in measurable terms and specifies
information security services will be provided, are negotiated and defined within the IT
organization.
Customers receive regular reports about the effectiveness and status of provided information
security services.
16.5.1.Security SLA
• Training programs.
• The structure and people responsible for the Security Management process.
Example:
16.5.3.Security Plan
The aim of the Security Plan is to set the levels of security that must be included as a part of
This plan should be part of Service Level Management, which is ultimately responsible for
both the quality of the service delivered to customers and the service received by the IT
The Security Plan has to focus on offering better and more secure service to customers.
Security metrics should be defined to allow the agreed levels of security to be evaluated.
The Security Plan should establish security protocols covering all the phases of the service
The Plan phase is about issuing the policy, assessing information security risks and selecting
appropriate controls.
The Do phase involves implementing security protocols, procedures and control, and
The Check phase is to objectively review and evaluate the performance (efficiency and
In the Act phase, changes are made where necessary to bring the system back to peak
performance.
16.5.5.Implementation Issues
There is insufficient commitment or knowledge to the security process from members of the
IT organization.
Excessively restrictive security policies could bring negative effects on the business.
Staff are not given adequate security training to be able to apply security protocols.
16.5.6.Measurements
Security Management must coordinate the implementation of the security protocols and
• The staff know and accept the established security measures and their responsibilities
regarding security.
It is essential to evaluate security service in compliance with the security measures, their
These evaluations/audits should assess the performance of the security process and put
improvements into action. These will be set out in RFCs, which will be sent for
occurs.
16.5.8.Security Maintenance
Security Management is a continuous process and the Security Plan and security-related
Changes in the Security Plan and the SLAs may be a result of the evaluation referred to
It is also important that Security Management is up-to-date regarding new risks and
vulnerabilities caused by viruses, spyware, denial of service attacks, etc., and that the
• Prepare reports on the performance of security issues and provide information to all
organizations.
16.6. Summary
business functions.
security services; this ensures that the services are aligned with the business' needs.
security in a structured, clear way based on best practices. Information security staff can help the
organization move from "fire fighting" mode to a more structured and planned approach.
With its requirement for continuous review, Security Management can help ensure that IT
service can maintain their effectiveness as requirements, environments and threats change.
Security Management establishes documented processes and standards (such as SLAs and
OLAs) that can be audited and monitored. This can help IT organizations understand the
processes and best practices can be built securely such as Change Management, Configuration
Security Management enables its staff to discuss details of information security in terms
people can understand that information security is a key part of having a successful, well-run
organization.
Many people do not relate to technical details about encryption or firewall rules, but with
proper training they could appreciate security concepts and be able to incorporate security into
their processes for handling problems, improving service, and maintaining SLAs.
The security reporting keeps the organization„s management well informed about the
effectiveness of their security measures so they can make informed decisions about the risks of
their organization.
16.7. Homework
Each Student to write a 1 page paper on the topic of: “what are the difficulties when
implement security management in a company?
Scenario:
A large portion of “Macro-Food” business is an Online ordering, especially that many of its
customers are employees from High tech companies located in the Software Park. These people
order their foods using “Macro-Food” websites which listed the catalogue of menus for Lunch,
Diner, Snacks and special occasion events. Many companies pay by their credit cards or special
arrangement with their banks so the businesses are mostly on line where orders, payments and
special arrangement transaction are conducted as an e-business (online).
The management of "Macro-Foods" understands that an approach to security based solely on
the concept of "defending against cyber attacks" does not meet the needs of the business.
It is important that their customers have up-to-date information about their orders,
outstanding payments, etc. and this requires interaction with the company's finance systems.
Clearly, this raises a number of additional security problems, as channels to the outside have to
be opened up from within the organization‟s IT core
Sample Answer:
The management of "Macro-Foods" has decided to create a Web Services allowing access to
their information while preserving its confidentiality and integrity. This requires a review of the
REFERENCES
Required Reading:
[1] John Vu – Senio Scientist – Institute for Software Research, slide Information System
Theories and Practies , Carnegie Mellon University
Bibliography:
[3] Laudon, Kenneth C.; Laudon, Jane P. (2009). Management Information Systems: Managing
the Digital Firm (11 ed.). Prentice Hall/CourseSmart. p. 164.
[4] Transaction processing systems (TPS) collect and record the routine transactions of an
organization. Examples of such systems are sales order entry, hotel reservations, payroll, employee
record keeping, and shipping.
[5] Pant, S., Hsu, C., (1995), Strategic Information Systems Planning: A Review, Information
Resources Management Association International Conference, May 21–24, Atlanta.
[6] Laudon, K.,&Laudon, J. (2010). Management information systems: Managing the digital
firm. (11th ed.). Upper Saddle River, NJ: Pearson Prentice