CHAPTER 1: INFORMATION SYSTEMS (IS) OPERATIONS

Desired Learning Outcomes:

(1) Discuss the role of IS Operations in an organization.
(2) Discuss and explain governance and management.
(3) Describe the frameworks of ITSM.

Information Systems Operations

• Responsible for ongoing support for an organizations computer and IS
environment.
• plays a critical role in ensuring that computer operations processing
requirements are met, end users are satisfied, and information is
processed securely.

Management of IS Operations

COBIT 5 framework makes clear distinction between governance and

management, which are as follows:
Governance:
• Ensures that stakeholder needs, conditions and options are evaluated to
determine balanced, agreed-on enterprise objectives to be achieved;
• Setting direction through prioritization and decision making; and
monitoring performance and compliance against agreed-on direction and
objectives.
• Overall governance is the responsibility of the board of directors under the
leadership of the chairperson.
• Specific governance responsibilities may be delegated to special
organizational structures at an appropriate level, particularly in larger,
complex enterprises.

Management:
• Management plans, builds, runs and monitors activities in alignment with
the direction set by the governance body to achieve the enterprise
objectives
• Management is the responsibility of the executive management under the
leadership of the chief executive officer (CEO).
• IS management has the overall responsibility for all operations within the IT
department

Information Systems Operations and Maintenance (AIS 5)

IT Service Management Framework (ITSM)

• Refers to the implementation and management of IT services (people,

process and information technology) to meet business needs

Two Frameworks for ITSM

1. IT Infrastructure Library (ITIL)
• a reference body of knowledge for service delivery good practices
• a comprehensive framework detailed over five volumes - Service strategy,
Service design, Service transition, services operations, Continual service
improvement
• The main objective of ITIL is to improve service quality to the business.

Information Technology Infrastructure Library (ITIL) is the world's most widely used
IT Service Management framework. ITIL gives direction to an organization and
people to utilize IT as a tool to encourage business change, transformation, and
development. The goal is to improve efficiency and achieve predictable service
levels. The objective is to enhance performance and accomplish certain service
levels. The key factor for ITIL success is vendor neutrality, Best practices and easy
to understand the framework. ITIL has been owned by AXELOS, a joint venture
between HM Cabinet Office and Capita Plc.

ITIL lifecycle consists of 5 different stages:

• ITIL Service Strategy
• ITIL Service Design
• ITIL Service Transition
• ITIL Service Operation
• ITIL Continual Service Improvement.

Information Systems Operations and Maintenance (AIS 5)

2. ISO 20000-1:2011 Information technology – Service management
• Requires service providers to implement the plan-do-check-act (PDCA)
methodology
• The main objective is to improve service quality, achievement of the
standard certifies organizations as having passed auditable practices and
processes in ITSM.

Information Systems Operations and Maintenance (AIS 5)

Steps of PDCA
PDCA can be applied whenever you consider making a change in your
organization. Whenever you decide to install new firewalls, change the content of
a training, decide on a new policy or ask people to change the way devices are
installed. For each change, the basic four steps are the same: Plan – Do – Check –
Act.
• Plan: Before changing anything, you need to write down what activity you
are trying to improve, how you will determine the effect of the change.
There must be some way of measuring effectiveness. You should also know
what the current value is before improvement and what the target or
expected value is after the change. The metric can be anything as long as it
is relevant to your company. It can be number of incidents, time spent on
device configuration, or the average score of a security quiz. Ideally it relates
to organization goals, such as customer value, cost savings or time to
market.
• Do: Once you have goals, metrics and before-value, you make the change
that you intend to make. This can be installing the new firewall, modify the
training, or install devices in a new way.
• Check (or Study): Once the change has been made you should be able to
measure the effect by looking at changes in the metrics. You will of course
expect an improvement, but take care to actually measure what has
happened. Many improvement actions will result in no change or even a
worsening. For instance if you add more material to a training, it is possible
that the training becomes too difficult for people to follow and they actually
learn less.
• Act: The action will depend on the result of the check step. If the change
was successful, you should make the change permanent by instructing
everyone, updating documentation or modify process description. You
should also update the ‘current values’ of your metrics: the new better
values after the change should become the baseline value for future
improvements. If the change was not an improvement.

IT Infrastructure Library (ITIL)

Learn why an Information Technology Infrastructure Library (ITIL) is essential for
your organization and how certification benefits you and your company.

ITIL is a library of best practices for managing IT services and improving IT support
and service levels. One of the main goals of ITIL is to ensure that IT services align
with business objectives, even as business objectives change.

Information Systems Operations and Maintenance (AIS 5)

ITIL stands for Information Technology Infrastructure Library. The acronym was first
used in the 1980s by the British government's Central Computer and
Telecommunications Agency (CCTA) when it documented dozens of best practices
in IT service management and printed them for distribution. Today, ITIL no longer
refers to "Information Technology Infrastructure Library"—instead, it is a
standalone term.

ITIL has matured significantly since it was introduced in the late 20th century as a
series of books that spanned more than 30 volumes. Around 2000, the second
version of ITIL streamlined these publications by grouping them into sets that
mapped to different aspects of IT management, services, and applications. Around
this time, Microsoft standardized on ITIL to help develop its Microsoft Operations
Framework.

One of the most essential parts of ITIL is the configuration management database
(CMDB), which provides the central authority for all components—including
services, software, IT components, documents, users, and hardware—that must be
managed to deliver an IT service. The CMDB tracks the location of, and changes to,
all of these assets and processes, along with their attributes and relationships to
each other.

Adhering to ITIL principles helps ensure you can get to the root cause of problems
in your environment as quickly as possible and that you have the right visibility into
the systems and people to prevent future problems.

Foundations
The ITIL framework is administered and updated by AXELOS. ITIL version 3,
released in 2007, is the current version of the standard. Version 3 improved on the
previous version of ITIL by adding process improvement, a stronger lifecycle
approach, and more processes for aligning business and IT.

At this writing, AXELOS is updating ITIL to version 4, which will focus on fostering
digital transformation, artificial intelligence, cloud computing, and DevOps. Some
modules of ITIL 4 have already been released, with the rest planned to roll out
during 2019. The Foundation level of ITIL 4 certification is already available, and
the rest is coming during the second half of 2019.

Information Systems Operations and Maintenance (AIS 5)

ITIL Concepts

Before going into the details, let's look at some fundamental ITIL concepts.

Service
• Value-Centric Approach: ITIL's emphasis on delivering valuable services
underscores the importance of aligning IT with customer needs. By focusing
on the outcomes customers seek, ITIL ensures that services are not merely
technical solutions but meaningful contributions to the business.
• Cost and Risk Management: The concept of a service in ITIL separates the
ownership of specific costs and risks from the customers. This approach
helps organizations manage their budgets more effectively and distribute
risks appropriately, contributing to overall financial stability.
• Customer-Centricity: ITIL's definition of a service highlights the customer as
the central figure. This customer-centric approach fosters a culture where IT
services are designed, delivered, and improved with the end-user in mind,
ultimately enhancing customer satisfaction.

Service Management
• Holistic Approach: Service management in ITIL encompasses a wide range
of capabilities, including activities, processes, and functions. This
perspective ensures that all aspects of IT services, from design to operation,
are considered and optimized.
• Lifecycle Perspective: The ITIL framework acknowledges that services have a
lifecycle, and service management is crucial in each stage. This
comprehensive view ensures services are designed, transitioned, operated,
and improved effectively.
• Continuous Improvement: Service management involves the ongoing effort
to define, create, and manage services. This constant improvement mindset
allows organizations to adapt to changing business needs and technological
advancements, ensuring that services remain relevant and valuable.

Process
• Efficiency and Consistency: ITIL processes are structured sets of activities
with predefined sequences. This structure ensures that tasks are executed
efficiently and consistently, reducing the likelihood of errors and improving
the overall quality of IT services.
• Objective Achievement: Processes in ITIL are designed to accomplish
specific objectives. This goal-oriented approach helps organizations focus

Information Systems Operations and Maintenance (AIS 5)

 on what needs to be achieved and ensures that efforts are directed toward
meaningful outcomes.
• Repeatable and Scalable: ITIL processes are repeatable, meaning they can
be applied consistently across various situations. This repeatability makes
them scalable, allowing organizations to adapt and expand their IT services
while maintaining a high level of control and predictability.

Function
• Team Collaboration: Functions in ITIL represent teams or groups of people
with defined roles and responsibilities. These functions encourage
collaboration and specialization within an organization, ensuring tasks are
distributed efficiently among skilled individuals.
• Resource Allocation: Functions are instrumental in allocating resources
effectively. Organizations can optimize their resource allocation by
assigning specific functions to manage different aspects of IT services,
ensuring that each area receives the necessary attention and expertise.
• Roles and Accountability: Functions are often associated with specific roles,
each with its responsibilities. This role-based approach enhances
accountability within an organization, as individuals understand their duties
and how they contribute to the overall success of IT services.

Role
• Clear Responsibilities: Roles in ITIL provide individuals with clearly defined
responsibilities and duties. This clarity eliminates confusion and ensures
everyone understands their role in the larger service management context.
• Efficiency and Effectiveness: Assigning roles to functions helps streamline
operations by ensuring that each function has the right people in the right
roles. This alignment improves the efficiency and effectiveness of IT service
delivery.
• Accountability and Ownership: Roles promote accountability, as individuals
are responsible for their tasks and contributions. This accountability fosters
a sense of ownership and commitment to achieving service management
goals.

ITIL Guiding Principles

ITIL is guided by seven principles that serve as a foundation for its practices.
1. Focus on Value: The first ITIL principle emphasizes delivering value to
customers. IT services should not be viewed as mere technical solutions but
as means of facilitating customer outcomes. This principle underscores the
need for IT to align closely with business objectives and customer needs. By

Information Systems Operations and Maintenance (AIS 5)

 focusing on value, organizations ensure that their IT services are relevant,
impactful, and contribute directly to achieving business goals.
2. Start Where You Are: ITIL recognizes that every organization has a unique
starting point regarding its IT service management capabilities. This
principle encourages organizations to assess their existing processes,
resources, and capabilities and build upon them. It promotes incremental
improvement, ensuring that organizations refrain from attempting radical
overhauls that could disrupt operations and be costly.
3. Progress with Feedback: Continuous improvement is at the heart of ITIL, and
this principle reinforces that concept. Organizations should embrace
iterative cycles of planning, implementing, and reviewing processes and
services. Regular feedback mechanisms are crucial to identifying areas for
enhancement and ensuring that services remain aligned with evolving
business needs.
4. Collaborate and Promote Visibility: Collaboration between different
departments, teams, and stakeholders is essential in IT service management.
This principle encourages open communication and cooperation. It stresses
the importance of visibility into processes and services, as transparency
fosters better decision-making and accountability.
5. Think and Work: ITIL promotes a holistic perspective, urging organizations
to consider the entire service lifecycle and all aspects of service delivery. By
doing so, organizations can avoid siloed thinking and ensure that services
are well-rounded and meet technical, business, customer, and strategic
requirements.
6. Keep It Simple and Practical: Simplicity and practicality are core to successful
ITIL implementation. This principle advises against overcomplicating
processes or solutions. Complex systems can lead to increased costs,
confusion, and resistance to change. Instead, organizations should focus on
straightforward and pragmatic approaches that make sense in their context.
7. Optimize and Automate: Efficiency is a key goal of ITIL, and this principle
encourages organizations to optimize their processes and services
continually. Automation is seen as a means to achieve this optimization.
Organizations can reduce manual errors, save time, and improve overall
service quality by automating routine tasks and processes.

ITIL Framework
The ITIL framework is a widely recognized set of best practices and guidelines for
managing IT services and IT service management (ITSM). The ITIL service lifecycle
is a core concept within the framework and represents the path that IT services
follow throughout their existence. It's important to note that these stages are not

Information Systems Operations and Maintenance (AIS 5)

isolated; they are interlinked, and their interaction ensures the delivery of high-
quality IT services.

• Service Strategy: This initial stage defines the overall vision and objectives
for IT services, considering the organization's strategic goals. It involves
assessing market demand, identifying growth opportunities, and
developing a clear plan for service implementation.
• Service Design: With the service strategy as a foundation, the design stage
focuses on turning concepts into tangible IT services. This stage
encompasses designing processes, policies, and procedures that govern
service delivery, ensuring that services are reliable, scalable, and efficient.
• Service Transition: Service transition is the bridge between service design
and operation. During this phase, the services designed in the previous
stage are transitioned into the live environment. Rigorous testing, training,
and documentation ensure a seamless transition.
• Service Operation: This is where the rubber meets the road, as services are
actively delivered to customers. Service operation includes managing
incidents, problems, changes, and service requests, all while maintaining
service availability, performance, and security.
• Continual Service Improvement (CSI): CSI is the engine that drives ongoing
enhancement. It involves measuring service performance, identifying areas
for improvement, and implementing changes to optimize service quality,
efficiency, and cost-effectiveness.

Information Systems Operations and Maintenance (AIS 5)

Information Systems Operations and Maintenance (AIS 5)
Benefits of ITIL
By adopting ITIL principles, practices, and processes, businesses can enhance
their IT service quality, align their IT operations with business objectives, and
achieve greater efficiency.

Improved IT Service Quality

One of the primary benefits of ITIL is its focus on delivering high-quality IT
services. By following ITIL's best practices, organizations can ensure that their IT
services meet or exceed customer expectations. This leads to increased customer
satisfaction and trust in the reliability of IT services.

Enhanced Customer Satisfaction

ITIL emphasizes understanding and meeting customer needs. Organizations can
enhance customer satisfaction by aligning IT services with business requirements

Information Systems Operations and Maintenance (AIS 5)

and improving service delivery. Satisfied customers are likelier to remain loyal
and recommend the organization's services.

Efficient Resource Management

ITIL helps organizations optimize IT resources, including personnel, technology,
and budget. Efficient resource management leads to cost savings, improved
allocation of staff, and better utilization of technology assets. This, in turn,
contributes to a more cost-effective IT operation.

Cost Savings and ROI

Through the effective management of IT services and resources, organizations
can realize significant cost savings. ITIL's focus on reducing waste, improving
processes, and minimizing downtime leads to a positive return on investment
(ROI) for IT initiatives.

Alignment with Business Goals

ITIL ensures that IT services are closely aligned with the strategic goals and
objectives of the organization. This alignment helps bridge the gap between IT
and the rest of the business, making IT a strategic partner in achieving business
success.

Greater Visibility and Control

ITIL promotes transparency and visibility into IT processes and services. This
increased visibility allows organizations to monitor performance, identify
bottlenecks, and make informed decisions to improve service delivery. It also
provides a better understanding of IT costs and their impact on the organization.

Risk Reduction
By implementing ITIL's best practices for change management, incident
management, and problem management, organizations can reduce the risks
associated with IT operations. Quick identification and resolution of issues
minimize the potential impact of incidents on business operations.

Continuous Improvement
ITIL is built on the principle of continual service improvement (CSI). This means
that organizations are encouraged to regularly assess their IT services and
processes, identify areas for enhancement, and implement changes. CSI ensures
that IT services remain adaptable and responsive to evolving business needs and
technology trends.

Information Systems Operations and Maintenance (AIS 5)

Standardization and Consistency
ITIL promotes the standardization of processes and practices across the
organization. This standardization leads to greater consistency in service delivery,
reduces errors, and ensures that IT services are reliable and predictable.

Competitive Advantage
Organizations that implement ITIL often gain a competitive advantage. They can
respond more effectively to market changes, deliver better customer experiences,
and outperform competitors not prioritizing IT service management.

Drawbacks of ITIL
While ITIL offers numerous benefits, it's essential to be aware of potential
drawbacks:
• Complexity and Resource Requirements: Implementing ITIL can be
complex and resource-intensive, especially for smaller organizations.
• Resistance to Change: Employees may resist changes in processes and
practices, which can slow down the implementation of ITIL.
• Potential for Over-Standardization: In some cases, excessive
standardization can stifle creativity and innovation within IT teams.
• Limited Agility in Some Cases: ITIL's structured approach may need to be
better suited for organizations that require rapid adaptability to changing
circumstances.

ITIL Processes and Stages: Summary

ITIL process management allows organizations to use and manage their IT
services effectively.

Incident Management
Incident Management process focuses on minimizing the impact of incidents on
IT services by swiftly restoring normal operations. It involves logging,
categorizing, prioritizing, and resolving incidents to reduce downtime and
disruptions.

Problem Management
It aims to identify and address the root causes of recurring incidents. By
proactively addressing underlying issues, organizations can prevent incidents
from happening in the future.

Information Systems Operations and Maintenance (AIS 5)

Change Management
This is crucial for controlling IT services and infrastructure changes. It ensures that
changes are planned, approved, and implemented with minimal risks and
disruptions.

Service Level Management

It defines and agrees upon customer service levels. It ensures that services meet
agreed-upon performance standards and that any deviations are addressed
promptly.

Capacity Management
Capacity management optimizes IT resources to meet current and future business
requirements. It helps organizations avoid resource bottlenecks and ensures that
services are scalable.

Availability Management
Availability management ensures that IT services are available when needed and
minimizes downtime. It involves monitoring, measuring, and managing service
availability and reliability.

IT Service Continuity Management

This process involves planning for and recovering from incidents or disasters that
could disrupt IT services. It ensures that organizations can maintain essential
services during and after such events.

Financial Management for IT Services (ITFM)

ITFM helps organizations manage their IT budgets effectively and allocate costs
to different services. It ensures that IT spending is aligned with business priorities.

How Do I Put ITIL Into Practice?

Implementing an ITIL process in an organization can be a transformative process.
Find the key steps below to implement ITIL successfully.

1. Assessment: Begin by assessing your organization's current IT service

management practices and identifying areas that need improvement.
2. Leadership and Stakeholders: Get buy-in from leadership and involve key
stakeholders in the process.
3. Training and Certification: Provide training to staff and consider ITIL
certification to ensure that everyone understands and follows ITIL practices.

Information Systems Operations and Maintenance (AIS 5)

 4. Pilot Implementation: Start with a small-scale pilot implementation to test
an ITIL process and adjust as needed.
5. Challenges and Mitigation: Anticipate and address challenges, such as
resistance to change, with clear communication and support.
6. Measurement and Continuous Improvement: Define key performance
indicators (KPIs) and regularly assess the success of your ITIL
implementation. Continuously improve processes based on feedback and
results.

Certification
If you want to implement ITIL within an organization, you will need ITIL certification.
AXELOS offers ITIL certification training and testing through strategic partners. The
ITIL foundation certificate is the bare minimum certification needed to evaluate
and implement the ITIL framework in your environment. ITIL certifications last for
three years and must be renewed through an AXELOS approved partner. Each ITIL
exam costs about USD 300.

In addition to making you a more valuable resource for your company, ITIL
certification can improve your own employment prospects. ITIL is a well-respected
framework, and companies look for IT professionals who have learned the
methodology and certified that knowledge by passing a series of exams.

Certification levels
There are five levels of training and certification for ITIL v3, each more advanced
than the previous:
1. ITIL Foundation: Covers the basic concepts, elements, and terminology in
the ITIL framework.
2. ITIL Practitioner: Covers the Continual Service Improvement approach and
organizational change management, communication, and measurement
and metrics.
3. ITIL Intermediate: Consists of two parts. The Service Lifecycle track focuses
on the basics of the core ITIL phases, and the Service Strategy track
concentrates on the management of the Service Strategy phase of the
Service Lifecycle, with a focus on ITSM.
• Service Lifecycle modules include Service Strategy, Service Design,
Service Transition, Service Operation, and Continual Service
Improvement.
• Service Strategy modules include Operational Support and Analysis;
Planning, Protection, and Optimization; Release, Control, and
Validation; and Service Offerings and Agreements.

Information Systems Operations and Maintenance (AIS 5)

 4. ITIL Expert: Requires full understanding and demonstration of the entire
ITIL scheme. Passing this level includes completion of the ITIL Managing
Across the Lifecycle Capstone Course (MALC).
5. ITIL Master: Requires five years of leadership in IT service management and
a demonstrated ability to apply the principles, methods, and techniques
from ITIL in the workplace.

FAQs
1. What distinguishes ITIL from other IT frameworks?
ITIL stands out from other IT frameworks because it focuses on best practices for
IT service management (ITSM). It emphasizes a customer-centric approach,
continuous improvement, and a comprehensive framework that covers the entire
service lifecycle.

2. What are the 4 pillars of ITIL?

The four pillars of ITIL are
1. Organizations and people.
2. Value streams and processes.
3. Information and technology.
4. Partner and suppliers.
These pillars guide organizations in effectively planning, implementing, and
managing their IT services.

3. What is the ITIL life cycle?

The ITIL life cycle comprises five stages.
1. Service Strategy
2. Service Design
3. Service Transition
4. Service Operation
5. Continual Service Improvement.
These stages together form a continuous loop for managing IT services
throughout their lifecycle.

4. What tools are required to begin a journey with ITIL?

To begin an ITIL journey, you'll need essential tools like IT service management
software, incident management systems, change management tools, and service
desk solutions.

Information Systems Operations and Maintenance (AIS 5)

5. Why is IT called ITIL 4?
ITIL 4 signifies the fourth iteration of the ITIL framework. It was introduced to
address modern IT practices, focusing on agility, flexibility, and integration with
other frameworks and methodologies.

6. How long does it usually take for an ITIL adoption to show results?
The time for ITIL adoption to show results varies depending on the organization's
size, complexity, and commitment. Typically, organizations can start seeing initial
improvements within a few months to a year after implementation.

7. Does ITIL have variants for different industries?

Yes, ITIL has industry-specific variants like ITIL for Healthcare, ITIL for Financial
Services, and ITIL for Public Sector. These variants tailor ITIL principles to meet
specific industries' unique needs and regulations.

ITIL plays a crucial role in every aspect of business and stands as a guiding light for
organizations seeking to streamline their IT services. By understanding the core
concepts, enhancing the guiding principles, and implementing the ITIL framework,
organizations can unlock their numerous benefits, leading to improved service
quality, customer satisfaction, and overall efficiency. While ITIL isn't without its
challenges, the rewards of effective IT service management are well worth the
effort. So, consider adopting ITIL practices to propel your organization towards IT
excellence and success.

Information Systems Operations and Maintenance (AIS 5)

Reference:
GreyCampus (n.d.). What is ITIL?. Retrieved from:
https://www.greycampus.com/opencampus/itil-foundation/what-is-itil

IBM. (n.d.). What is IT Infrastructure Library (ITIL)?. Retrieved from:

https://www.ibm.com/topics/it-infrastructure-library#anchor-1534723868

Sieuwert van Otterloo. (2017). Information security and PDCA (Plan-Do-Check-Act).

Retrieved from:
https://ictinstitute.nl/pdca-plan-do-check-act/

Simplilearn. (2024). ITIL: Concepts, Processes, Benefits. Retrieved from:

https://www.simplilearn.com/itil-key-concepts-and-summary-article#what_is_itil

Srinath, A. (2020). CISA Domain 4 – Information Systems Operations, Maintenance

And Service Management. Retrieved from:
https://www.infosectrain.com/blog/cisa-domain-4-information-systems-
operations-maintenance-and-service-management/

Information Systems Operations and Maintenance (AIS 5)