Demystifying ITIL: Greg Charles, PH.D

Demystifying ITIL
Greg Charles, Ph.D.

Area Principal Consultant, CA
June 2006
Pacific Northwest Digital Government Summit
Today’s Objective
-To provide a basic understanding

(theory and concepts) of ITIL’s Service
Management Framework (Service
Support and Service Delivery
components)
2 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Ever-Increasing Complexity
Approaches Currently In Use
-Business As Usual - “Firefighting”
-Legislation - “Forced”
-Best Practice Focused
The Legislation Minefield
- Privacy & Security - Finance
- Personal Information Protection Electronic - Sarbanes Oxley (US)
Document Act (PIPEDA) - FFIEC US Banking Standards
- US Patriot Act \ Homeland Security (Critical - Basel II (World Bank)
Infrastructure)
- Turnbull Report (UK)
- Personal Health Information Protection Act
(PHIPA) - Canadian Bill 198 (MI 52-109 & 52-111)
- Health Insurance Portability and - Washington State Laws relating to IT
Accountability Act (HIPAA)
- Policy 403-R1, 400-P1, 401-S1, 402-G1;
- SEC Rules 17a-3 & 17a-4 re: Securities Executive Order 00-03; RCW 9A.52.110,120,130;
Transaction Retention RCW 9A.48.070, 080, 090; RCW 9A.105.041 and
- Gramm-Leach Bliley Act (GLBA) privacy of many more
financial information
- Children’s Online Privacy Protection Act - Other International IT Models
- Clinger-Cohen Act (US Gov.) - Corporate Governance for ICT DR 04198
(Australia)
- Federal Information Security Mgmt. Act
(FISMA) - Intragob Quality Effort (Mexico)
- Freedom of Information & Protection of - Medical Information System Development
Privacy (FOIPOP) BC Gov (Medis-DC) (Japan)
- FDA Regulated IT Systems - Authority for IT in the Public Administration (AIPA)
- Freedom Of Information Act (Italy)
- Americans with Disabilities Act, Sec. 508 - Principles of accurate data processing supported
(website accessibility) accounting systems (GDPdu & GoBS) (Germany)
- European Privacy Directive (Safe Harbor
5 Framework)
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Best Practices
Quality & Control Models Process Frameworks
• ISO 900x • IT Infrastructure Library
• COBIT • Application Service Library
• TQM • Gartner CSD
• EFQM • IBM Processes
• Six Sigma • EDS Digital Workflow
• COSO • Microsoft MOF
• Deming • Telecom Ops Map
• etc.. • etc..
•What is not defined cannot be controlled

•What is not controlled cannot be measured
•What is not measured cannot be improved
- Define -- Improve
- Measure -- Control And Stabilize
What Is ITIL?
- ITIL is a seven book series that guides
business users through the planning,
delivery and management of quality IT
services
Information Technology
Infrastructure Library
The ITIL Books
T
T Planning To Implement Service Management
h
h e
e Service Management
T
B The
Service e
ICT
u Business Support c
Infrastructure
s Perspective Management h
i Service n
n Delivery o
Security
e l
Management
s o
s g
Application Management
y
ITIL Simplified
Business,
Business, Customers
Customers && Users
Users
Service
Service Service
ServiceLevel
Level
Desk
Desk Management
Management
Incident
Incident Availability
Availability
Management
Management Management
Management
Problem
Problem Capacity
Capacity
Management
Management
Change
Change Financial
Financial
Management
Management
Release
Release Service
Service
Management
Management Continuity
Continuity
Configuration
Configuration
Management
Management
Service Service
Support Delivery
ITIL Service Support Model
The Business, Customers or Users
Monitoring
Tools Difficulties Communications
Queries Updates
Enquiries Work-arounds
Incidents
Customer
Incidents Service Desk
Survey reports Changes
Incident
Management Customer
Survey
reports
Problem
Service reports Management Releases
Incident statistics
Audit reports
Change
Problem statistics Management
Problem reports
Problem reviews
Diagnostic aids
Audit reports Change schedule Release
CAB minutes Management
Change statistics
Change reviews
Audit reports Release schedule
Release statistics Configuration
Release reviews Management
Secure library’
Testing standards
Audit reports CMDB reports
CMDB statistics
Policy standards
Audit reports
Problems Cls
Incidents Changes Releases Relationships
Known Errors
10 CMDB
Service Desk
-To provide a strategic central point of
contact for customers and an operational
single point of contact for managing
incidents to resolution
-In addition, the Service Desk handles

Service Requests
Incident Management
- To restore normal service operation
as quickly as possible and minimize
the adverse impact on business
operations
Problem Management
- To minimize the adverse impact of
incidents and problems on the business
that are caused by errors in the IT
Infrastructure and to prevent recurrence
of incidents related to these errors
Change Management
-To ensure that standardized methods and
procedures are used for efficient and
prompt handling of all changes to minimize
the impact of change-related incidents and
improve day-to-day operations
Release Management
• Release Management takes a holistic view of a

change to an IT service and should ensure
that all aspects of a Release, both technical
and non-technical, are considered together
Configuration Management
- To identify, record and report on
all IT components that are under
the control and scope of
Configuration Management
ITIL Service Support
ITIL Service Delivery Model
Business, Customers and Users
Queries Communications
Enquiries Updates
Reports
Availability
Management
Service Level
Availability plan Management
AMDB
Design criteria
Targets/Thresholds Capacity Requirements
SLAs, SLRs OLAs
Reports Service reports
Audit reports
Management Targets Service catalogue
Achievements SIP
Capacity plan Exception reports
CDV
Audit reports
Targets/thresholds Financial
Capacity reports Management
Schedules For IT Services
Audit reports
Financial plan
Types and models IT Service
Costs and charges Continuity
Reports Management
Budgets and forecasts
Audit reports
IT continuity plans
BIS and risk analysis
Requirements def’n
Management Alerts and Control centers
Exceptions DR contracts
Tools Reports
Changes Audit reports
Service Level Management
-To maintain and improve IT service quality through a

constant cycle of agreeing, monitoring and reporting to
meet the customers’ business objectives
Availability Management
-To optimize the capability of the IT
infrastructure, services and supporting
organization to deliver a cost effective and
sustained level of availability enabling the
business to meet their objectives
Capacity Management
-To ensure that all the current and future
capacity and performance aspects of the
business requirements are provided cost
effectively
Financial Management
-To provide cost-effective stewardship of the

IT assets and resources used in providing
IT services
IT Service Continuity Management
- To ensure that the required IT technical
and services facilities can be recovered
within required, and agreed timescales
- IT Service Continuity Planning is a

systematic approach to create a plan
and/or procedures to prevent, cope with
and recover from the loss of critical
services for extended periods
Service Delivery
What Is ITIL All About?
- Aligning IT services with business requirements
- A set of best practices, not a methodology
- Providing guidance, not a step-by-step, how-to
manual; the implementation of ITIL processes will
vary from organization to organization
- Providing optimal service provision at a
justifiable cost
- A non-proprietary, vendor-neutral,
technology-agnostic set of best practices.
IT Governance Model
US Securities &
Sarbanes-
Audit Models
COSO
Exchange
Oxley Commission
CobIT
Quality System
App. Dev. (SDLC)
Service Mgmt.
Project Mgmt.
Quality Systems &
IT Planning
IT Security
Mgmt. Frameworks
ISO
CMMi
Six
Sigma
ITIL
IT OPERATIONS
BS 15000 ASL ISO TSO
ISO 20000 PMI IS
26 17799 Strategy
CobIT (Control Objectives for IT)
-CobIT is an open standard control framework
for IT Governance with a focus on IT
Standards and Audit
-Based on over 40 International standards and
is supported by a network of 150 IT
Governance Chapters operating in over 100
countries
-CobIT describes standards, controls and
maturity guidelines for four domains, and 34
control processes
The CobiT Cube
(Business
Requirements)
4 Domains
34
Processes
318
Control
Objectives
CobiT Domains
Plan &&
Plan Acquire && Implement
Acquire Implement
Organize
Organize (AIProcess
(AI ProcessDomain)
Domain)
(POProcess
(PO ProcessDomain)
Domain)
Monitor
Monitor
(MProcess
(M ProcessDomain)
Domain) Deliver && Support
Deliver Support
(DSProcess
(DS ProcessDomain)
Domain)
Plan&&Organize
Organize Acquire&&Implement
Acquire Implement
Plan
Define Define Determine Acquire & Acquire & Develop &
Define Define Determine Identify Acquire & Install & Acquire & Develop &
Strategic Information Technological Identify Maintain Install & Manage Maintain Maintain
Strategic Information Technological Automated Maintain Accredit Manage Maintain Maintain
IT Plan Architecture Direction Automated Application Accredit Change Technology IT
IT Plan Architecture Direction Solutions Application Systems Change Technology IT
Solutions Software Systems Infrastructure Procedures
Software Infrastructure Procedures
Define IT
Define IT Communicate
Organization Manage IT Communicate
Organization Manage IT Aims &
& Investment Aims &
& Investment Direction
Relationships Direction
Relationships
Ensure
Manage Ensure
Manage Compliance Assess
Human Compliance Assess
Human With External Risks
Resource With External Risks
Resource Standards
Standards
Manage Manage
Manage Manage
Projects Quality
Projects Quality
Monitor
Monitor Deliver&&Support
Support
Assess
Deliver
Monitor Assess
Monitor Internal Define &
The Internal Define & Manage Manage Ensure Ensure Identify
The Control Manage Manage Manage Ensure Ensure Identify Manage
Process Control Manage Third-Party Performance Continuous System & Allocate Manage
Process Adequacy Service Third-Party Performance Continuous System & Allocate Operations
Adequacy Service Services & Capacity Service Security Costs Operations
Levels Services & Capacity Service Security Costs
Levels
Assist &
Obtain Provide Educate Assist & Manage
Obtain Provide Educate Advise Manage Manage Manage Manage
Independent Independent & Advise Manage Problems & Manage Manage
Independent Independent & IT Configuration Problems & Data Facilities
Assurance Audit Train Users IT Configuration Incidents Data Facilities
Assurance Audit Train Users Customers Incidents
Customers
COSO Components
Monitoring Control Activities
• Assess control system • Policies that ensure
performance over time management
• Ongoing and separate directives are carried
evaluations out
• Management and • Approval and
supervisory activities authorizations,
verifications,
evaluations,
safeguarding assets
Information and
security and
Communication
segregation of duties
• Relevant information
identified, captured and
communicated timely Risk Assessment
• Access to internal and Control Environment
• Identify and analyze
externally generated • Sets “tone at the top”
relevant risks to
information • Foundation for all other achieving the entity’s
• Information flow allows components of control objectives
for management action • Integrity, ethical values,
competence, authority,
responsibility
COSO, CobiT & SOX
Components
Putting COSO, CobiT, and ITIL
together
-COSO defines the high level policies of a
well governed organization
-CobiT defines the control structures for
evaluating the IT organization conforms to
COSO policies.
-ITIL defines the best practices that will
satisfy the CobiT controls.
How to Make ITIL a Reality?
Key Success Factors
Theory – ITIL/CobIT/COSO Process

 Guidelines for Best Practices  Convert theory to process that
 Provides the theory but not the is applicable to the unique
process needs of the organization
 Education is an important  Training & Education
component  Tool configuration
Technology – CA and others

 Provide the technology that enables
and automates the process
 Repeatability, compliance and
notifications
 Implement processes impossible
without technology
Making IT Easier
Customer maturity isolates appropriate transition point, blueprint & ROI
Next Steps - Focus on Customer
Needs
EITM
• Complete
• Integrated
• Open
• Proven Best • People

Practices • Process
• High Quality • Technology
Business
Flows • Comprehensive • Partners Solutions
• Enabling
• Evolutionary
• Efficient
Respondent Scoring
Proven Practice “Statements”
37
Typical Survey Section features…
Comparison Charts
3 Sets of
Scores Industry Role
Comparison Comparison
Overall Your
Comparison Score
Tools to Aid Success Maturity Model
Solution Sheets
Transitional Maturity
ROI Tool
Process Model
SAO/SAS
Profilers Blueprints
Meeting Customer Needs – Best
Practices
Best Practices:
Six Sigma, etc.
Best Practices:
Industry and CA best practices are applied to all of our solutions to maximize standardization and quality
Thank You
Questions?

Demystifying ITIL: Greg Charles, PH.D

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Demystifying ITIL: Greg Charles, PH.D

Uploaded by

Copyright:

Available Formats

Demystifying ITIL

Greg Charles, Ph.D.

-To provide a basic understanding

-Business As Usual - “Firefighting”

-Best Practice Focused

•What is not defined cannot be controlled

-In addition, the Service Desk handles

• Release Management takes a holistic view of a

-To maintain and improve IT service quality through a

-To provide cost-effective stewardship of the

- IT Service Continuity Planning is a

Theory – ITIL/CobIT/COSO Process

Technology – CA and others

Customer maturity isolates appropriate transition point, blueprint & ROI

• Proven Best • People

Proven Practice “Statements”

You might also like