You are on page 1of 116

Oct03-23-05

14, 2006

ITIL Essentials (Foundation) Course

Aroonrat Chinwonno
Sakul Tunboonek

page 1
What is ITIL ?
ITIL (Information Technology Infrastructure Library) is
- Documentation for IT Server Management Best Practice
- Framework for any IT organization to develop its support model

ITIL is NOT a technology specific

ITIL has been well established in UK and Europe, and was used as a
groundwork in developing BS15000/ISO20000*

BS15000/ISO20000 is (the first) worldwide standard for IT service management

ITIL recommends “ADOPT AND ADAPT” approach

ITIL Essentials (Foundations) Oct 14, 2006 page 2


What companies ADOPT and ADAPT ITIL ?
Microsoft “ADOPT and ADAPT” ITIL into its Microsoft’s Operations Framework (MOF)

HP “ADOPT and ADAPT” ITIL into its HP’s IT Service Management Reference Model

In US, implementing of ITIL provides an acceptable structure to meet many of


Sarbanes-Oxley Act audit requirements

Many companies are now regularly requesting ITIL compliance in bids and requests for
service improvement

Forrester Research reports that 13% of corporations with revenue exceeding $1 billion
had adopted ITIL by the end of 2005. By late 2006, that will have expanded to 40%,
then to as high as 80% by 2008.

ITIL Essentials (Foundations) Oct 14, 2006 page 3


What ITIL can mean to us ?
• Understand what ITIL is
• What are the (ITM Objectives) we want to implement ITIL

To reduce unexpected system downtime - Implement Change Mgnt to ensure that


system changes are properly plan
- Implement Incident Mgnt to ensure
minimum business impact
- Implement Problem Mgnt to develop
known error database
To increase user satisfaction level - Implement Service Desk SPOC with SLA ,
and metric
To find more time to do IT planning - Implement ITIL as a whole
(80/20), Difficult to get control - Each module is able to be measured*
You cannot control what you cannot measure.

• However the ultimate is to serve the Corporate Business goals (CEO) to


– Increase efficiency and create value to Business
– Reduce cost

ITIL Essentials (Foundations) Oct 14, 2006 page 4


ITIL Elements
• Service Support concentrates on day to day operation and support

• Service Delivery looks at planning and improvement of IT service

Service Support Service Delivery

Service Desk SLM

Incident Mgnt Financial Mgnt

Problem Mgnt Capacity Mgnt

Configuration Mgnt IT Service Cont Mgnt

Change Mgnt Availability Mgnt

Release Mgnt Security Mgnt

ITIL Essentials (Foundations) Oct 14, 2006 page 5


Standard Definitions

Customer: recipient of a service; usually Customer


management has responsibility for the funding of the service

Provider: the unit responsibility for the provision of IT


services

Supplier : a 3rd party responsible for supplying or supporting of


underpinning elements of the IT services

User: the person using the service on a daily basis

ITIL Essentials (Foundations) Oct 14, 2006 page 6


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 7
Oct03-23-05
14, 2006

ITIL Essentials (Foundations) Course

First Part: Service Support

page 8
Service Delivery Agenda

Service Support Service Delivery


Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt

Release Mgnt Security Mgnt

ITIL Essentials (Foundations) Oct 14, 2006 page 9


Oct03-23-05
14, 2006

Service Desk

page 10
Service Desk - Roles

• ITIL views Service Desk as a Vital function rather than as a


process

• Service Desk is the “Central Point of Contact” between users


and the IT service model

• A first positive or negative impression is perceived upon Service


Desk performance and attitude

• Service Desk in ITIL is more than just a Helpdesk. Service Desk


has broader role of the front line support – with more
organizations looking to radically increase the percentage of
calls closed at first point of contact – FIXED ON FIRST -

ITIL Essentials (Foundations) Oct 14, 2006 page 11


Service Desk - Responsibilities
• Receive and Record all calls from Users (a ticket created);
deal directly with simple requests and complaints
- Incident calls
- Service requests
- IT service information, FAQ such as how to order
equipment, how to request a software installation

• Provide initial assessment of all incidents; make first


attempt at Incident resolution and/or escalate to 2nd level
support, based on agreed SLA

• Once escalated, monitor the tickets according to SLA


and Keep users informed on the status and progress

ITIL Essentials (Foundations) Oct 14, 2006 page 12


Service Desk - Responsibilities

• Produce Service Desk Management reports

• Highlighting user requirements such as training to assist


with service improvement

• Perform basic operational functions such as password


resets, backup and restore

• Perform Infrastructure monitoring such as Data Center


environmental check, System backup status, Server-LAN-
WAN status (receiving alerts from automated tools)

ITIL Essentials (Foundations) Oct 14, 2006 page 13


Service Desk - Tools

• Remedy (BMC), Tivoli (IBM), Openview (HP)


• Knowledge base
• ACD (Automated Call Distribution)
• IVR (Interactive Voice Response)

ITIL Essentials (Foundations) Oct 14, 2006 page 14


Service Desk - Types

• Local Service Desk


- Distributed Service Desk on each site

• Central Service Desk


- Centralized, or Regional Helpdesk

• Virtual Service Desk


- Global, Follow the Sun concept

ITIL Essentials (Foundations) Oct 14, 2006 page 15


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 16
Oct03-23-05
14, 2006

Incident Management

page 17
Incident Management
Purpose:
• To restore normal service operation as quickly as possible
with minimal disruption to the business

Definition:
• Incident is an event which is not part of standard operation
service and cause interruption or reduction in quality of
service

Incident Management process is usually owned by Service Desk


,and later can transferred to Incident Manager (IM)

ITIL Essentials (Foundations) Oct 14, 2006 page 18


Incident Management
Incident Priorities: ITIL defines

Priority = Urgency + Impact

Urgency = How soon the problem needs resolution


Impact = How many or how large business service is effected

Priority in many practical term is called “Severity”

ITIL Essentials (Foundations) Oct 14, 2006 page 19


Incident Management – Severity Level
<<Company Name>>Incident Severity Definition:

* Incident Manager (IM) should be identified and


on board to take over the Sev1 and/or Sev2 incidents

ITIL Essentials (Foundations) Oct 14, 2006 page 20


Incident Management – Incident Manager

IM’s roles
– Arrange a formal meeting of “Support Group” which are
usually Problem Management, and Service Desk teams
– Make common understanding of this incident management
objectives:
• To restore the service ASAP (also communicate SLA)
• To minimize the business disruption (consider workaround)
– Arrange any additional resources if required
– Be a communicator between “Support Group” and the
“Customer”, so that the “Support Group” do not receive
mixed directions

ITIL Essentials (Foundations) Oct 14, 2006 page 21


Incident Management - Escalation

There are 2 types of escalation:


• Functional escalation – involving more specialist to help
• Hierarchical escalation – means a vertical move is made
through the organization because the authority are required

ITIL Essentials (Foundations) Oct 14, 2006 page 22


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 23
Oct03-23-05
14, 2006

Problem Management

page 24
Problem Management
Purpose:
- To minimize the adverse effect on the business of Incidents and
problems cause by error in the infrastructure
- To proactively prevent the occurrence of incidents and problems

Role:
- To diagnose the root cause of the incidents and to identify a
permanent solution

Definition:
Incident is an abnormal event which cause interrupt or impact
Problem is an Unknown underlying cause of the incident
Known Error is an problem which root cause has been determined

ITIL Essentials (Foundations) Oct 14, 2006 page 25


Problem Management - Definition
Error in Infrastructure

Incident
is an abnormal event which cause interrupt or impact

Problem:
A problem describes an undesirable situation, indicating the unknown root cause of the Incident

Known Error
A known error is a problem whose root cause has been determined

Request for Change (RFC)


An RFC proposes a change. Eg. To eliminate the known error

ITIL Essentials (Foundations) Oct 14, 2006 page 26


Problem Management – Responsibilities

• Identify problems
• Investigate problems to resolution or error identification
• Raise RFC to clear error
• Advise IM of workaround for incidents for known errors
• Assist in Major incident to identify root cause
• Prevent the replication of problems across multiple system

ITIL Essentials (Foundations) Oct 14, 2006 page 27


Problem Management

• Problem Control – Focus on transforming Problems into


Known Error

• Error Control – Focus on resolving Known errors via the


Change Management process

Incident Configuration Service Level Availability


Management Management Management Management

Information

Problem Management
Workaround Problem Control -> Error Control
RFC

Change
Management

ITIL Essentials (Foundations) Oct 14, 2006 page 28


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 29
Oct03-23-05
14, 2006

Configuration Management

page 30
Configuration Management

• Asset Management
• Assurance the recorded CIs (Configuration Item) from
receipt to disposal
• Not only Asset Management but also provide relationship
among CIs

CMDB (Configuration Management Database)

is a single repository of information will be accessed across


the Service Management process, and is a major driver of
consistency between processes

ITIL Essentials (Foundations) Oct 14, 2006 page 31


Configuration Management

Remedy ITSM 6.0


- Remedy Helpdesk 5.6
- Remedy Asset Management 5.6
- Remedy Change Management 5.6
- Remedy SLA 5.6

BMC Atrium 6.3 = CDMB

ITIL Essentials (Foundations) Oct 14, 2006 page 32


Configuration Management

Configuration Baseline
is a configuration of a system established at a specific point in
time, and capturing both structure and details

- Created first time as a baseline


- Updated of CIs affected as changed by RFC
- Use as a point to fall back to if things go wrong

ITIL Essentials (Foundations) Oct 14, 2006 page 33


Configuration Management – Relationship with others

ERROR

INCIDENT

PROBLEM

KNOWN ERROR

CDMB
RFC

CHANGE
AUTHORIZED

CHANGE
IMPLEMENTED

ITIL Essentials (Foundations) Oct 14, 2006 page 34


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 35
Oct03-23-05
14, 2006

Change Management

page 36
Change Management
Purpose
To ensure that standardize method and procedure are used
to handle all changes in order to minimize the impact of
change-related incidents, and the improve the day-to-day
operation of the organizations

Input of RFC
- Required resolution of an incident or problem
- A proposed to add/change/remove a CI
- A proposed to upgrade the infrastructure
- Changes in business requirement or Policy
- Product or service changes from vendors/suppliers

ITIL Essentials (Foundations) Oct 14, 2006 page 37


Change Management - Roles
• Change Manager Roles
– Receive, Log, Assign priority to RFCs
– Reject RFCs which are impractical
– Consolidate, issue agenda of RFCs to CAB
– Chair CAB meeting
– Update authorized change status (post implementation)
– Produce Change Management report

• CAB (Change Advisory Board) Roles


– Review RFCs, ensure to evaluate of RFCs’ impact,
implementation plan, resource plan, UAT, and Rollback plan
– Provide approval or not approval for the RFCs

ITIL Essentials (Foundations) Oct 14, 2006 page 38


Change Management - Types

• Standard pre-approved Changes


– An accepted solution to an identifiable and relatively common
set of requirements, where authority is effectively in advance
of implementation. E.g. setting up access profiles for a new
employee
• Urgent Changes
– A change that requires immediate action in the managed IT
environment and cannot be executed through the normal
change/authorization process
– Most of urgent changes are reactive changes E.g. Urgent RFCs
from Problem Management to fix error (during the incidents)

IT organization should also identify process to handle such


urgent change such as who can be CAB to approve the urgent
changes, a minimum steps qualifying to approve such urgent
changes

ITIL Essentials (Foundations) Oct 14, 2006 page 39


Change Management – Abuse of Urgent change

Do NOT request Urgent Change for …

– Would be nice to have completed early


– Was accidentally submitted too late for the CAB
– Attempting to avoid all of the planning processes
– To compensate for poor planning

Note: An Urgent Change should be avoided if possible and used only when
required. Urgent Changes skip the normal planning and communication process,
many urgent changes request for approval over the telephone. Approval of the
RFCs in such situation can cause instability in the production environment.

ITIL Essentials (Foundations) Oct 14, 2006 page 40


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 41
Oct03-23-05
14, 2006

Release Management

page 42
Release Management - Purpose

To take a holistic view of a change to an IT service and


ensure that all aspects of a release, both technical and
non-technical, are considered together.

•PROTECTS THE PRODUCTION


ENVIRONMENT

ITIL Essentials (Foundations) Oct 14, 2006 page 43


Release Management

Usually Release Management will be used for


- Large or critical hardware / software roll out
- Bundle relates set of changes

Release Management
• is concerned with implementation, unlike Change
Management, which is concerned with verification
• particularly useful in distributed multi-tier environments,
where an implementation may consist of a number of
different components supported by different technology
domains, which need to be coordinated

ITIL Essentials (Foundations) Oct 14, 2006 page 44


Release Management

Responsibilities:

• Plan the rollout of software and related hardware.


• Create procedures for the distribution and installation
of changes to IT systems
• Communicate and manage customer expectations
during the planning and rollout of releases
• Implementing new releases into the operational
environment using the controlling processes of
Configuration and Change Management.
• Ensuring that master copies of all software are
secured in the Definitive Software Library (DSL) and
that the Configuration Management Database (CMDB)
is updated

ITIL Essentials (Foundations) Oct 14, 2006 page 45


Release Management – Functions and Roles

Release Management staff


In most of companies the Release Management function
may well be combined with several other Service
Management disciplines, in particular Change
Management and Configuration Management.
• In a larger organization there may be dedicated
Release Management staff for particular systems.

ITIL Essentials (Foundations) Oct 14, 2006 page 46


Release Management - Activities

A Release is
a collection of
authorized
changes into
an IT
environment

ITIL Essentials (Foundations) Oct 14, 2006 page 47


Release Management –
Process Relationships

Incident Problem RFC


Management Management Change Approved
Management RFC
New projects
Incidents Release HW and SW
schedules

Service Release
Desk Management
Release
schedules Configuration
Configuration
-assets
Management
-relationships
Release
schedules

Service -Monitoring
CpM Level -software
Service Management -availability
AvM Delivery
SCM
ITIL Essentials (Foundations) Oct 14, 2006 page 48
Release, Change and Configuration Management

Change mgnt ensures


that new/modified CIs are
implemented to Production Change
environment properly Management

Change Mgnt ensures


Release that Configuration Items
Management are accurate due to changes

Configuration Mgnt ensures


that Release Mgnt use the
correct CIs version Configuration
Management

ITIL Essentials (Foundations) Oct 14, 2006 page 49


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 50
Oct03-23-05
14, 2006

ITIL Essentials (Foundations) Course

Second Part: Service Delivery

page 51
Service Delivery Agenda

Service Support Service Delivery


Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt

Release Mgnt Security Mgnt

ITIL Essentials (Foundations) Oct 14, 2006 page 52


Service Delivery - Overview
BUSINESS /
USERS

Service
Level
Management

IT Service
COSTS Financial
Management SERVICE Continuity
Management
RISK
DELIVERY Security
Management

Capacity Availability
Management Management

TECHNOLOGY
ITIL Essentials (Foundations) Oct 14, 2006 page 53
Service Delivery

Service Delivery looks at the long term planning and


improvement of IT service provision, which will also improve
efficiency and the achievement of business goals.
There are five processes within the Service Delivery umbrella
and they are:
– Service Level Management
– Financial Management for IT Services
– Capacity Management
– IT Service Continuity Management
– Availability Management.
Security Management sits under the Information Security
umbrella but will be addressed today due to the criticality of
information security in today’s IT environment.

ITIL Essentials (Foundations) Oct 14, 2006 page 54


Service Level Management - Purpose

To maintain and improve IT service quality through a


constant cycle of agreeing, monitoring and reporting
upon IT Service achievements and the instigation of
actions to eradicate poor service, in line with business
or cost justification.

•SERVICE DEFINITION AND


STANDARDS

ITIL Essentials (Foundations) Oct 14, 2006 page 55


Service Level Management - Role

Service Level Management


• is essential in any organization so that the level of IT
service needed to support the business can be
determined, and monitoring can be initiated to identify
whether the required service levels are being met.
• is a client facing role, where regular lines of
communication are maintained between the IT service
provider and the IT customer
• process is responsible for ensuring Service Level
Agreements (SLAs) and Operational Level Agreements
(OLAs) or underpinning contracts (UCs) are met

ITIL Essentials (Foundations) Oct 14, 2006 page 56


Types of Agreements and Contracts

Internal/External
Service Level Customers
Agreements

(Business
Language)

IT Service Level
Operational Underpinning
Level
Management Contracts
Agreements (supporting)
(Technical
(Technical Language)
Language)

Internal Suppliers External Suppliers


and Maintenance and Maintenance
Personnel Personnel
ITIL Essentials (Foundations) Oct 14, 2006 page 57
Service Level Management - Activities
CustomerDemand

Identify: ServiceLevel
needs Requirements

Define: ServiceS pec


Internallyand Sheets
Externally
ServiceQuality
Plan
Contract:
-Negotiate Service
-Draft Catalogue
-Am end
-Conclude ServiceLevel
Agreem ent

Operational
Level
Agreem ent

Underpinning
C ontract

Mon itoring: ServiceLevel


ServiceLevels Achievem ent

Report ServiceLevel
Reports

Service
Review Improvem ent
Program

ITIL Essentials (Foundations) Oct 14, 2006 page 58


Service Catalogue

• A list of all services


• The characteristics of each service
• Information on the use of the service

ITIL Essentials (Foundations) Oct 14, 2006 page 59


Contents of a Service Level Agreement

• Scope of the agreement • Functionality


• Service description • Charges
• Signatories • Change procedure
• Date of next review • Contingency
• Service hours • Anticipated growth
• Service availability • Restrictions
• Support levels • Training
• Performance • Change procedure for the
• Security Service Level Agreement

ITIL Essentials (Foundations) Oct 14, 2006 page 60


Service Level Management - Benefits

• IT services are designed to meet expectations outlined


in SLRs
• Service performance can be measured
*Reporting is Critical to the success of Service Level
Agreements
• If charged, customers can draw a balance between
service costs and required quality
• The IT organization can control resource management
and reduce costs in the long term as the organization
can specify the required services and components
• Improved customer relationships and satisfaction

ITIL Essentials (Foundations) Oct 14, 2006 page 61


Service Level Management –
Process Relationships

Service
Incidents Incident Problem
Desk
Management Release
RFC
Service
Support
Change Configuration
Management Management

Service
SLAs definitions
OLAs

SLAs Service Third


Customer Level Party
SLRs Management UCs Suppliers
SLAs
OLAs

Capacity Finance
Service
Planning Availability
Delivery
Continuity

ITIL Essentials (Foundations) Oct 14, 2006 page 62


Service Level Management
SLR - Service
Level
COMPANY

SERVICE MGMT
Requirement FIN
SLA - Service SCM METRICS
Level Agreement AVM CEO
SLR
UC CAP SLA
SLM
Suppliers
SLR
Suppliers OLA
Suppliers
Suppliers
IM

SERVICE DESK
PM End
OLA - Operational CHG User
Level Agreement CFG
UC - Underpinning
REL
Contract IT ORGANISATION

ITIL Essentials (Foundations) Oct 14, 2006 page 63


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 64
Oct03-23-05
14, 2006

Financial Management for IT Services

page 65
Financial Management for IT Services
- Purpose

To provide cost effective stewardship of the IT assets


and the financial resources used in the IT services
provided.

•CONTROL AND RECOVER IT


COSTS

ITIL Essentials (Foundations) Oct 14, 2006 page 66


Financial Management for IT Services –
Role

Financial Management is responsible for


• Accounting for the costs (costing) and return
on IT service investments (IT portfolio
management), and
• Budgeting – defining and implementing IT
budgetary process
• Charging - for any aspects of recovering
costs from the customers (charging).

ITIL Essentials (Foundations) Oct 14, 2006 page 67


Financial Management for IT Services –
Functions and Roles

Finance Manager
Responsibility for:
• Managing the IT budget
• Gathering suitable cost data to develop a cost model
• Preparing regular bills for the customer
Note:
• The Finance Manager for IT Services may not necessarily be
a dedicated resource.
• The process may have an owner within the IT department
who liaises with the Finance department of the organization
and senior IT managers, particularly those responsible for
service level management.

ITIL Essentials (Foundations) Oct 14, 2006 page 68


The Costing, Charging and Budgeting Cycle
Business IT IT operational plan Cost analysis Charges
requirements (inc. Budgets) (Accounting)

Financial targets

Costing models
Feedback of proposed Charging policies
charges to business

ITIL Essentials (Foundations) Oct 14, 2006 page 69


Cost Model

• A framework in which all known costs can be recorded and allocated to


specific Customers, activities or other categories
• Several types
– Cost-by-service, activity (Activity Based Costing), Customer or location
• Define the Cost Unit for services or activities (transaction, minute, CPU-
seconds, storage, incident, change, etc.)

ITIL Essentials (Foundations) Oct 14, 2006 page 70


Pricing Policy

• Market price – the price charged by external suppliers


• Going rate – comparable to other internal organizations
• Cost plus – input cost plus uplift
• Cost – total cost of ownership
• Fixed price – negotiated price for a fixed period

ITIL Essentials (Foundations) Oct 14, 2006 page 71


Financial Management – •

Purpose

Process Relationships
• Activities
• Benefits
• Relationships Between Processes
• Potential Challenges/Problems
• KPIs

Services Service
Customer Level
Management
Performance
Cost Usage Service
Budget model Support
Spend Charging
Configuration
Management
Business
Relationship Financial Changes with
Management Cost model Management cost affects
Charges Capacity
Management

Service
Delivery
Performance
Usage

ITIL Essentials (Foundations) Oct 14, 2006 page 72


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 73
Oct03-23-05
14, 2006

Capacity Management

page 74
Capacity Management - Purpose

To ensure that cost justifiable IT capacity always exists


and that it is matched to the current and future
identified needs of the business.

ITIL Essentials (Foundations) Oct 14, 2006 page 75


Capacity Management –
Functions and Roles

Capacity Manager
• Reporting on current usage of resources, trending and
forecasts for future usage
• Identifying needs for increases or reductions in
hardware based on SLR and cost
• Performance testing of new systems
• Sizing all proposed new systems to determine
resources required.
• Assessing new technology or products which may
improve efficiency of the capacity process.

ITIL Essentials (Foundations) Oct 14, 2006 page 76


Input and Output Data Requirements

Inputs Sub-process Outputs

 Technology
 Capacity plan
 SLAs, SLRs and Service  Business  Capacity Database
Catalogue
Capacity  Baselines and profiles
 Business plans and strategy
Management  Thresholds and alarms
 IS/IT plans and strategy
 Capacity reports (regular, ad
 Business requirements and
hoc and exception)
volumes
 SLA and SLR
 Operational schedules  Service
recommendations
 Deployment and development Capacity  Costing and charging
plans and programs Management recommendations
 Forward Schedule of Change
 Proactive changes and service
 Incidents and Problems
 Resource improvements
 Service Reviews
Capacity  Revised operational schedule
 SLA breaches
Management  Effectiveness reviews
 Financial plans
 Audit reports
 Budgets

ITIL Essentials (Foundations) Oct 14, 2006 page 77


Sub-Processes

• Resource Capacity Management


– Monitor, analyze, run and report on the utilization of
components, establish baselines and profiles of use
of components
• Service Capacity Management
– Monitor, analyze, tune, and report on service
performance, establish baselines and profiles of use
for services, manage demand for services
• Business Capacity Management
– Trend, forecast, model, prototype, size and
document future business requirements

ITIL Essentials (Foundations) Oct 14, 2006 page 78


Capacity Management –
Process Relationships

Service
Level Monitoring Incident
Management Reporting Management

Requirements Problem Service


SLR Management Support
Plans

Requirements Change
Customer Capacity Management

Plans Management Plans

Availability Service
Continuity Delivery
Planning

ITIL Essentials (Foundations) Oct 14, 2006 page 79


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 80
Oct03-23-05
14, 2006

IT Service Continuity Management

page 81
IT Service Continuity Management –
Purpose

To support the overall Business Continuity Management


process by ensuring that the required IT technical and
services facilities can be recovered within required and
agreed business timescales.

•KEEP THE BUSINESS IN


BUSINESS

ITIL Essentials (Foundations) Oct 14, 2006 page 82


IT Service Continuity Management –
Functions and Roles

The primary goal of ITSCM Manager is to implement and


maintain the ITSCM process in accordance with the
overall requirements of the organization's Business
Continuity Management (BCM), and to represent the
IT services within the BCM function.

ITIL Essentials (Foundations) Oct 14, 2006 page 83


Thoughts that should avoid…
• Too expensive
• Disaster unlikely to happen
• More important things to do
• We will ‘muddle through’
• Unaware of the business risks

Thought that should have….


MURPHY LAW……Anything can go wrong , will go wrong

You cannot control what you cannot measure,


You cannot recover what you have not planned.

ITIL Essentials (Foundations) Oct 14, 2006 page 84


IT Service Continuity Management –
Functions and Roles

Role Roles in Normal Operation Roles in Crisis Situation

Board Level Initiate IT Service Continuity, set Crisis Management,


policy, allocate responsibilities, direct corporate decisions, external
and authorize affairs

Senior Manage IT Service Continuity, accept Co- ordination, direction and


Management deliverables, communicate and arbitration, resource
maintain awareness, integrate across authorization
organization
Junior Undertake IT Service Continuity Invocation, team leadership,
Management analysis, define deliverables, contract site management, liaison
for services, manage testing and and reporting
assurance
Supervisors Develop deliverables, negotiate Task execution, team
and Staff services, perform testing, develop and membership liaison
operate processes and procedures

ITIL Essentials (Foundations) Oct 14, 2006 page 85


IT Service Continuity Management –
Activities

Stage 1 - Initiation Initiate BCM

Stage 2 – Business Impact Analysis


Requirements &
strategy Risk Assessment

Business Continuity Mgt

Stage 3 - Organization and


Implementation Implementation Planning

Implement Stand-by Develop Recovery Implement Risk


Arrangements Plans Reduction Measures
Develop Procedures

Initial Testing

Testing
Review & Change
Audit Management
Stage 4 – Operational
Management Education & Training
Awareness
Assurance

ITIL Essentials (Foundations) Oct 14, 2006 page 86


IT Service Continuity Management –
Risk Reduction and Recovery Options

It is rare that an organization will choose only risk reduction


(prevention measures) or recovery options. Generally a
combination of reducing risks to assets with greatest
vulnerability or with higher business impact with a recovery
plan will be implemented.
Recovery Options
Do nothing
Return to manual systems
Gradual recovery (cold stand-by) (72 hrs)
Intermediate recovery (warm stand-by) (24-72 hrs)
Immediate recovery (hot start, hot stand-by) (<24 hrs)
Combinations

ITIL Essentials (Foundations) Oct 14, 2006 page 87


Gradual Recovery Facilities
(cold standby 72+ hours)

• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications

Does not include ANY computing equipment

ITIL Essentials (Foundations) Oct 14, 2006 page 88


Intermediate Recovery Facilities
(warm standby 24-72 hours)

• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
• Operations, system management and technical support
• Processors, peripherals, communications equipment and / or
operating systems

ITIL Essentials (Foundations) Oct 14, 2006 page 89


Immediate Recovery Facilities
(hot standby <24 hours)

• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
• Operations, system management and technical support
• Processors, peripherals and communications equipment
• Operating systems, applications and data mirrored from the operational
servers

ITIL Essentials (Foundations) Oct 14, 2006 page 90


IT Service Continuity Management –
Process Relationships

Service Exercise /
Level Service Recovery Incident
Management Management

Problem
Management Service
SLR Support
Plans Requirements
Change
Requirements Service
Management

Customer Continuity
Plans Management Configuration
Management
Planning
Incidents

Service
Desk Capacity
Event Availability
Monitoring Service
Delivery
Planning

ITIL Essentials (Foundations) Oct 14, 2006 page 91


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 92
Oct03-23-05
14, 2006

Availability Management

page 93
Availability Management - Purpose

To optimize the capability of the IT infrastructure and


supporting organization to deliver a cost effective and
sustained level of availability that enables the
business to satisfy its business objectives.

•ENSURE RESOURCES ARE


AVAILABLE AND
EFFECTIVE

ITIL Essentials (Foundations) Oct 14, 2006 page 94


The Availability Management Process

INPUTS OUTPUTS
Business availability Availability & recovery design
requirements criteria
A
Business impact assessment V M IT infrastructure resilience
& assessment
A A
I N
Availability, reliability & Agreed targets for availability
L A
maintainability requirements and maintainability
A G
B E
Reports of availability, reliability
Incident and problem data I M & maintainability achieved
L E
I N
Configuration & monitoring data Availability monitoring
T T
Y
Service level achievements Availability Plan
ITIL Essentials (Foundations) Oct 14, 2006 page 95
Availability Management Terminology
• Availability - is the ability for an IT Service or component to perform
its required function at a stated instant or over a stated period
• Reliability – the tendency of an IT Service or component not to fail
(i.e. how long can it perform)
• Resilience – the ability of the component to continue providing the
service even though some piece is no longer functioning (i.e. fault
tolerance)
• Maintainability - is the ability to retain or restore an IT Service or
component to an operational state (internal)
• Serviceability - as Maintainability but for external suppliers
• Security - Confidentiality, Integrity and Availability of the services
and associated data; an aspect of overall availability
Confidentiality, Integrity and Availability (CIA) – the basis of
security

ITIL Essentials (Foundations) Oct 14, 2006 page 96


Availability Management Terminology
Basic Availability Calculation
(2 of 2)

(Agreed service time – downtime)


Availability = ____________________________ x 100
Agreed service time

Remember the definition of a "Service”

ITIL Essentials (Foundations) Oct 14, 2006 page 97


Availability Management Activities

• Designing for availability (Proactive perspective)


– The technical design of the IT infrastructure and the
alignment of the internal and external suppliers required
to meet the availability requirements of the service

• Designing for recovery (Reactive perspective)


– The design points required to ensure that in the event of
an IT service failure, the service can be reinstated to
resume normal business operations as quickly as possible

ITIL Essentials (Foundations) Oct 14, 2006 page 98


The Monetary Impact of Unavailability

User productivity Hourly cost of Hours of


loss = User affected
X disruption
+
IT productivity Hourly cost of IT Hours of
loss = staff
X disruption
+ Lost revenue per Hours of
Lost revenue = hour
X disruption
+
Other business (Overtime, wasted materials or goods, financial
losses incurred penalties or fines)

+
Impact on
Customer Service (Where / if known)
/ Reputation

ITIL Essentials (Foundations) Oct 14, 2006 page 99


Calculating Availability

M inicom puter N etw ork Server W orkstation


99.8% 98% 99.5% 96%

Host x N etw ork x Server x W orkstation = Availability

93.4%
0.998 x 0.98 x 0.995 x 0.96 = 0.934

ITIL Essentials (Foundations) Oct 14, 2006 page 100


Availability Management –
Process Relationships

Service Downtime
Level SLA Monitoring Incident
Management Monitoring Management

Cause Problem
Management Service
SLR Support
Plans
Change
Requirements Management

Customer Availability
Management Change
Plans Configuration
Management
Planning
Incidents

Service
Desk
Event
Monitoring of Capacity Service
Downtime Continuity Delivery
Planning

ITIL Essentials (Foundations) Oct 14, 2006 page 101


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 102
Oct03-23-05
14, 2006

Security Management

page 103
Security Management - Purpose

Security Management is the process of managing a


defined level of security on information and IT services
. It has links with all processes
It also includes managing the reaction to security
incidents.
Security Management has two objectives:
• To meet the security requirements of SLAs and other
external requirements further to contracts, legislation
and externally imposed policies.
• To provide a basic level of security, independence and
external requirements.

•PROTECT DATA
ITIL Essentials (Foundations) Oct 14, 2006 page 104
The Cost of Security Incidents

Incident Type 1999 2004

Proprietary $1,847,652 $11,460,000


Information

Fraud 1,470,592 7,670,500

Denial of Service 116,250 26,064,050

Virus 45,465 55,053,900

Insider Access 142,680 4,278,205

Laptop Theft 86,920 6,734,500

Total losses reported in the 2004 report was: $141,496,560


Source: CSI/FBI Computer Crime and Security Survey
ITIL Essentials (Foundations) Oct 14, 2006 page 105
Security Management - Role

• Confidentiality
– protecting the business information from failure and
attack
– is more than locking server rooms or insisting on
password discipline.
• Integrity
– timeliness or correctness require careful consideration of
information flows and
– safeguards against incorrect values
• Availability
– maintaining the uninterrupted operation of the IT
organization
– also helps to simplify Information Security Service Level
Management, as it is much more difficult to manage a
large number of different SLAs than a limited one.
ITIL Essentials (Foundations) Oct 14, 2006 page 106
Security Management Activities *
• Plan
– Establish the structure of the Security section of the Service Level Agreements, Operational Level Agreements and
Underpinning Contracts
– Establish the security baseline (or minimum security standards)
• Implement
– Establish and maintain security awareness
– Establish the procedures to identify and classify security incidents
– Establish the procedures to handle security incidents
• Evaluate
– Conducting security audits
• Using Internal resources
• Using External resources
• Self assessment (using Security Management resources)
– Ongoing review and analysis of security incidents
• Control
– Establish the structure and controls for security functions
– Defines the roles & responsibilities (including the line of command)
• Maintain
– Ensure the continuity of security measures
– Update to the security handbooks
• Report
– Communicate the effectiveness and efficiency of the security management process and functions
– Communicate the number and type of security incidents
– Communicate the action plans to improve/correct security measures
– Communicate compliance with security policy

ITIL Essentials (Foundations) Oct 14, 2006 page 107


Security Management –
Process Relationships

Service Incidents
Level SLA Incident
Management Monitoring Management

Virus Problem
Management Service
SLR Support
Plans
Change
Requirements Management

Customer Security
Management Change
Plans Configuration
Management
Planning
Incidents Release
Management

Service
Desk
Attacks
Capacity Service
Continuity Delivery
Planning Availability

ITIL Essentials (Foundations) Oct 14, 2006 page 108


Oct03-23-05
14, 2006

Quick Review

page 109
ITIL Process Linkages

IT Service
Continuity
Management

Strong Relationship Availability Capacity


Management Management
Uses

Communicates With

Configuration Management

Change
Management
Financial Service Level
Management Management

Problem
Release
Management
Management

Incident
Management and
Service Desk

ITIL Essentials (Foundations) Oct 14, 2006


Attitude Change

The organization works better

We can learn

Recommending improvements

Structure helps
Understanding

May have
benefits

Would be nice in a perfect world

Bureaucratic
Time and Effort
Too much
delay

Paper chase

It won't work for us

We already do
ITIL Essentials (Foundations)
that Oct 14, 2006 page 111
Roles that could be combined

• Configuration Management and Release Management


• Configuration Management and Change Management
• Service Level Management and Financial Management for
IT Services

ITIL Essentials (Foundations) Oct 14, 2006 page 112


Roles that should not be combined

• Problem Management and Incident Management


• Problem Management and Change Management
• Capacity Management and Availability Management

ITIL Essentials (Foundations) Oct 14, 2006 page 113


Some Useful Websites

http://www.ogc.gov.uk The OGC – the organization that publishes the ITIL books

http://www.itil.co.uk ITIL UK – Official Web Site

http://www.itilexams.com/ Loyalist College [Belleville, Ontario]


ITIL Certification Agent

http://www.itsmf.com The global IT Service Management Forum site

http://www.itsmfusa.org/mc/page.do The ITSMF – US site

http://www.itsmf.ca/ ItSMF Canada Site – IT Service Management Forum - check out


Event/Presentation for local context and players.

http://www.pultorak.com/pcbit/itsm.htm General ITSM information and white-papers

http://www.staytech.com/ Ottawa based ITIL Services/Training provider


“Links” contains a good selection of ITIL Information/Solution providers

http://www.nextslm.org/ Tools, newsletters, and white-papers on ITSM

ITIL Essentials (Foundations) Oct 14, 2006 page 114


What
questions
do you
have?
ITIL Essentials (Foundations) Oct 14, 2006 page 115
Go home!

ITIL Essentials (Foundations) Oct 14, 2006 page 116