IT Service Catalog Tools

Transcription

1 IT Service Catalog Tools Topic relevant selected content from the highest rated wiki entries, typeset, printed and shipped. Combine the advantages of up-to-date and in-depth knowledge with the convenience of printed books. A portion of the proceeds of each book will be donated to the Wikimedia Foundation to support their mission: to empower and engage people around the world to collect and develop educational content under a free license or in the public domain, and to disseminate it effectively and globally. The content within this book was generated collaboratively by volunteers. Please be advised that nothing found here has necessarily been reviewed by people with the expertise required to provide you with complete, accurate or reliable information. Some information in this book maybe misleading or simply wrong. The publisher does not guarantee the validity of the information found here. If you need specific advice (for example, medical, legal, financial, or risk management) please seek a professional who is licensed or knowledgeable in that area. Sources, licenses and contributors of the articles and images are listed in the section entitled References. Parts of the books may be licensed under the GNU Free Documentation License. A copy of this license is included in the section entitled GNU Free Documentation License All used third-party trademarks belong to their respective owners.

2 Contents Articles Service Catalog 1 Corporate governance of information technology 2 Information Technology Infrastructure Library 5 IT service management 21 Method engineering 23 Axios Systems 29 Competitive Engineering 30 Configuration management 30 Fagan inspection 35 IBM Tivoli Unified Process (ITUP) 38 Information Services Procurement Library 44 ITIL Planning to implement service management 56 Market analysis for product software 63 Marketing decision support systems 66 Method Framework for Engineering System Architectures 66 Technical architecture 67 Corporate Governance of ICT 72 AS Autonomic Networking 73 Certified in the Governance of Enterprise IT 79 Chief web officer 80 COBIT 82 Information technology controls 84 Data custodian 89 Data governance 90 Data steward 93 Data visualization 94 Governance Interoperability Framework 98 ISO/IEC Ministry of Communications and Information Technology (Egypt) 101 Project governance 105 Public ROI 109 Risk IT 110 SOA Governance 115

3 TickIT 116 Total cost of ownership 118 Val IT 120 Web content lifecycle 123 Website governance 127 References Article Sources and Contributors 130 Image Sources, Licenses and Contributors 132 Article Licenses License 133

4 Service Catalog 1 Service Catalog A service catalog (or catalogue), as defined in Information Technology Infrastructure Library Service Design, is a list of services that an organization provides, often to its employees or customers. Each service within the catalog typically includes: A description of the service Timeframes or service level agreement for fulfilling the service Who is entitled to request/view the service Costs (if any) How to fulfill the service A user's perspective A user goes to a website to search for a specific service, such as a requesting a new laptop, requesting a change in benefits, or adding a new employee to a department. The service catalog site groups services by category and allows for searching (especially when hundreds or thousands of services are available). The user selects a desired service and sees the description and details. The user enters any pertinent information (contact information, service-specific questions) and submits the request for service. The request requires approval, and goes through routing, service-level management, and other processes necessary to fulfill the request. The user may return to the site later to check on the status of a request, or to view overall metrics on how well the organization is performing the services it provides. A business unit manager's perspective Business Unit Managers determine what services to "publish" to end-users via the service catalog. Business Unit Managers and Analysts would determine what questions are to be asked of the user, any approvals necessary for a request, and what other systems or processes are needed to fulfill the request. Once the service is defined and the fulfillment process organized, these people or a more technical employee would build the requisite functionality into the service definition and then publish this to the service catalog. External links How to Produce An Actionable IT Service Catalog [1] The Eight Essential Elements of an IT Service Lifecycle [2] References DuMoulin, Fine, Flores. Defining IT Success through the IT Service Catalog, Van Haren Publishing. ISBN References [1] / www. itsmwatch. com/ itil/ article. php/ [2] / www. itsmwatch. com/ itil/ article. php/

5 Corporate governance of information technology 2 Corporate governance of information technology Information Technology Governance, IT Governance is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, but more so because of the need for greater accountability for decision-making around the use of IT in the best interest of all stakeholders. A characteristic theme of IT governance discussions is that the IT capability is directly related to the investment choices taken by top management that have long term consequences for various stakeholders. The traditional involvement of board-level executives in IT issues was to defer all key decisions to the company's IT professionals. IT governance implies a system in which all stakeholders, including the board, executive management, customers, and staff have clear accountability for their respective responsibilities in the decision making processes affecting IT. This prevents IT or business leaders from independently making decisions about IT without retaining responsibility for their actions and the impact they have on supporting the achievement of strategic objectives. Definitions There are narrower and broader definitions of IT governance. Weill and Ross focus on "Specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT." [1] In contrast, the IT Governance Institute expands the definition to include foundational mechanisms: " the leadership and organisational structures and processes that ensure that the organisation s IT sustains and extends the organisation s strategies and objectives." [2] Van Grembergen and De Haes (2009) focus on enterprise governance of IT and define this as "an integral part of corporate governance and addresses the definition and implementation of processes, structures and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of business/it alignment and the creation of business value from IT enabled investments". While AS8015, the Australian Standard for Corporate Governance of ICT, defines Corporate Governance of ICT as "The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation." Background The discipline of information technology governance first emerged in 1993 as a derivitive of corporate governance and deals primarily with the connection between strategic objectives and IT management of an organization. It highlights the importance of IT related matters in contemporary organizations and states that strategic IT decisions should be owned by the corporate board, rather than by the chief information officer or other IT managers. The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc. Accountability is the key concern of IT governance. After the widely reported collapse of Enron in 2000 and the alleged problems within Arthur Andersen and WorldCom, the duties and responsibilities of auditors and the boards of directors for public and privately held corporations were questioned. As a response to this, and to attempt to prevent similar problems from happening again, the US Sarbanes-Oxley Act was written to stress the importance of business control and auditing. Although

6 Corporate governance of information technology 3 not directly related to IT governance, Sarbanes-Oxley and Basel-II in Europe have influenced the development of information technology governance since the early 2000s. Following Corporate collapses in Australia around the same time, working groups were established to develop standards for Corporate Governance. A series of Australian Standards for Corporate Governance were published in 2003, these were: Good Governance Principles (AS8000) Fraud and Corruption Control (AS8001) Organisational Codes of Conduct (AS8002) Corporate Social Responsibility (AS8003) Whistle Blower protection programs (AS8004) AS8015 Corporate Governance of ICT was published in January It was fast-track adopted as ISO/IEC in May 2008.Introduction to ISO [3] Problems with IT governance Is IT governance different from IT management and IT controls? The problem with IT governance is that often it is confused with good management practices and IT control frameworks. ISO has helped clarify IT governance by describing it as the management system used by directors. In other words, IT governance is about the stewardship of IT resources on behalf of the stakeholders who expect a return from their investment. The directors responsible for this stewardship will look to the management to implement the necessary systems and IT controls. Whilst managing risk and ensuring compliance are essential components of good governance, it is more important to be focused on delivering value and measuring performance. Frameworks There are quite a few supporting references that may be useful guides to the implementation of information technology governance. Some of them are: AS Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC in May 2008 ISO/IEC 38500:2008 Corporate governance of information technology [4], (very closely based on AS ) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations use of IT. ISO/IEC is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. Control Objectives for Information and related Technology (COBIT) is regarded as the world's leading IT governance and control framework. CobiT provides a reference model of 34 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. Originally created by ISACA, COBIT is now the responsibility of the ITGI [5] (IT Governance Institute). The IT Infrastructure Library [6] (ITIL) is a high-level framework with information on how to achieve a successful operational Service management of IT, developed and maintained by the United Kingdom's Office of Government Commerce, in partnership with the IT Service Management Forum. While not specifically focused on IT governance, the process related information is a useful reference source for tackling the improvement of the service management function. Others include: ISO focus on IT security

7 Corporate governance of information technology 4 CMM - The Capability Maturity Model - focus on software engineering TickIT is a quality-management certification program for software development Non-IT specific frameworks of use include: The Balanced Scorecard (BSC) - method to assess an organization s performance in many different areas. Six Sigma - focus on quality assurance TOGAF - The Open Group Architectural Framework - methodology to align business and IT, resulting in useful projects and effective governance. Professional certification Certified in the Governance of Enterprise Information Technology (CGEIT) is an advanced certification created in 2007 by the Information Systems Audit and Control Association (ISACA). It is designed for experienced professionals, who can demonstrate 5 or more years experience, serving in a managing or advisory role focused on the governance and control of IT at an enterprise level. It also requires passing a 4-hour test, designed to evaluate an applicant's understanding of enterprise IT management. The first examination was held in December Footnotes [1] Weill, P. & Ross, J. W., 2004, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results", Harvard Business School Press, Boston. [2] IT Governance Institute 2003, "Board Briefing on IT Governance, 2nd Edition". Retrieved January 18, 2006 from / www. isaca. org/ Content/ ContentGroups/ ITGI3/ Resources1/ Board_Briefing_on_IT_Governance/ 26904_Board_Briefing_final. pdf [3] / www. itsmf. nl/ imagesfile/ PRESENTATIES%20JC%2008%20tbv%20publicatie/ Christophe%20Feltus%20Introduction%20to%20ISO% %20v1_0. pdf [4] / www. iso. org/ iso/ pressrelease. htm?refid=ref1135 [5] / www. itgi. org [6] / www. itil. co. uk/ Further reading Lutchen, M. (2004). Managing IT as a business : a survival guide for CEOs. Hoboken, N.J., J. Wiley., ISBN Van Grembergen W., Strategies for Information technology Governance, IDEA Group Publishing, 2004, ISBN Van Grembergen, W., and S. De Haes, Enterprise Governance of IT: Achieving Strategic Alignment and Value, Springer, W. Van Grembergen, and S. De Haes, A Research Journey into Enterprise Governance of IT, Business/IT Alignment and Value Creation, International Journal of IT/Business Alignment and Governance, Vol. No. 1, 2010, pp S. De Haes, and W. Van Grembergen, An Exploratory Study into the Design of an IT Governance Minimum Baseline through Delphi Research, Communications of AIS, No. 22, 2008, pp S. De Haes, and W. Van Grembergen, An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment, Information Systems Management, Vol. 26, 2009, pp S. De Haes, and W. Van Grembergen, Exploring the relationship between IT governance practices and business/it alignment through extreme case analysis in Belgian mid-to-large size financial enterprises, Journal of Enterprise Information Management, Vol. 22, No. 5, 2009, pp Georgel F., IT Gouvernance : Maitrise d'un systeme d'information, Dunod, 2004(Ed1) 2006(Ed2), 2009(Ed3), ISBN "Gouvernance, audit et securite des TI", CCH, 2008(Ed1) ISBN See also the bibliography sections of IT Portfolio Management and IT Service Management

8 Corporate governance of information technology 5 Renz, Patrick S. (2007). "Project Governance." Heidelberg, Physica-Verl. (Contributions to Economics) ISBN Wood, David J., "Assessing IT Governance Maturity: The Case of San Marcos, Texas". Applied Research Projects, Texas State University-San Marcos. / ecommons. txstate. edu/ arp/ 345 External links Institutes and associations The IT Governance Institute ( www. itgi. org) Informations Systems Audit and Control Association ( www. isaca. org) International Association of Information Technology Asset Managers, Inc. - IAITAM ( www. iaitam. org/ Corp_Bios. htm) Australian Computer Society Governance of ICT Committee ( www. acs. org. au/ governance) IT Governance Network ( www. itgovernance. com) ( www. opengroup. org/ togaf/ ) IT Governance Portal ( www. cioindex. com/ channels/ it_governance. aspx) Information Technology Infrastructure Library The Information Technology Infrastructure Library (ITIL) is a set of concepts and practices for Information Technology Services Management (ITSM), Information Technology (IT) development and IT operations. ITIL gives detailed descriptions of a number of important IT practices and provides comprehensive checklists, tasks and procedures that any IT organisation can tailor to its needs. ITIL is published in a series of books, each of which covers an IT management topic. The names ITIL and IT Infrastructure Library are registered trademarks of the United Kingdom's Office of Government Commerce (OGC). History Responding to growing dependence on IT, the UK Government's Central Computer and Telecommunications Agency in the 1980s developed a set of recommendations. It recognised that without standard practices, government agencies and private sector contracts were independently creating their own IT management practices. The IT Infrastructure Library originated as a collection of books, each covering a specific practice within IT Service Management. ITIL was built around a process-model based view of controlling and managing operations often credited to W. Edwards Deming and his plan-do-check-act (PDCA) cycle. [1] After the initial publication in , the number of books quickly grew within ITIL v1 to over 30 volumes. In 2000/2001, to make ITIL more accessible (and affordable), ITIL v2 consolidated the publications into 8 logical "sets" that grouped related process-guidelines to match different aspects of IT management, applications, and services. However, the main focus was known as the Service Management sets (Service Support and Service Delivery) which were by far the most widely used, circulated, and understood of ITIL v2 publications. In April 2001 the CCTA was merged into the Office of Government Commerce (OGC), an office of the UK Treasury. [2] In 2006, the ITIL v2 glossary was published. In May 2007, this organisation issued the version 3 of ITIL (also known as the ITIL Refresh Project) consisting of 26 processes and functions, now grouped under only 5 volumes, arranged around the concept of Service lifecycle structure.

9 Information Technology Infrastructure Library 6 In 2009, the OGC officially announced that ITIL v2 certification would be withdrawn and launched a major consultation as per how to proceed. [3] Overview of the ITIL v2 library The eight ITIL version 2 books and their disciplines are: The IT Service Management sets 1. Service Support 2. Service Delivery Other operational guidance 3. ICT Infrastructure Management 4. Security Management 5. The Business Perspective 6. Application Management 7. Software Asset Management To assist with the implementation of ITIL practices a further book was published (Apr 9, 2002) providing guidance on implementation (mainly of Service Management): 8. Planning to Implement Service Management And this has more recently (Jan 26, 2006) been supplemented with guidelines for smaller IT units, not included in the original eight publications: 9. ITIL Small-Scale Implementation Service Support The Service Support [4] ITIL discipline focuses on the User of the ICT services and is primarily concerned with ensuring that they have access to the appropriate services to support the business functions. To a business, customers and users are the entry point to the process model. They get involved in service support by: Asking for changes Needing communication, updates Having difficulties, queries Real process delivery The service desk functions as the single contact-point for end-users' incidents. Its first function is always to "create" an incident. If there is a direct solution, it attempts to resolve the incident at the first level. If the service desk cannot solve the incident then it is passed to a 2nd/3rd level group within the incident management system. Incidents can initiate a chain of processes: Incident Management, Problem Management, Change Management, Release Management and Configuration Management. This chain of processes is tracked using the Configuration Management Database (CMDB), which records each process, and creates output documents for traceability (Quality Management).

10 Information Technology Infrastructure Library 7 Service Desk / Service Request Management Tasks include handling incidents and requests, and providing an interface for other ITSM processes. Features include: single point of contact (SPOC) and not necessarily the first point of contact (FPOC) single point of entry single point of exit easier for customers data integrity streamlined communication channel Primary functions of the Service Desk include: incident control: life-cycle management of all service requests communication: keeping the customer informed of progress and advising on workarounds The Service Desk function can have various names, such as: Call Center: main emphasis on professionally handling large call volumes of telephone-based transactions Help Desk: manage, co-ordinate and resolve incidents as quickly as possible at primary support level Service Desk: not only handles incidents, problems and questions but also provides an interface for other activities such as change requests, maintenance contracts, software licenses, service-level management, configuration management, availability management, financial management and IT services continuity management The three types of structure for consideration: Local Service Desk: to meet local business needs - practical only until multiple locations requiring support services are involved Central Service Desk: for organisations having multiple locations - reduces operational costs and improves usage of available resources Virtual Service Desk: for organisations having multi-country locations - can be situated and accessed from anywhere in the world due to advances in network performance and telecommunications, reducing operational costs and improving usage of available resources Incident Management Incident Management aims to restore normal service operation as quickly as possible and minimise the adverse effect on business operations, thus ensuring that the best possible levels of service-quality and -availability are maintained. 'Normal service operation' is defined here as service operation within Service Level Agreement (SLA) limits. Incident Management can be defined as : An 'Incident' is any event which is not part of the standard operation of the service and which causes, or may cause, an interruption or a reduction of the quality of the service. The objective of Incident Management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price. Problem Management Problem Management aims to resolve the root causes of incidents and thus to minimise the adverse impact of incidents and problems on business that are caused by errors within the IT infrastructure, and to prevent recurrence of incidents related to these errors. A 'problem' is an unknown underlying cause of one or more incidents, and a 'known error' is a problem that is successfully diagnosed and for which either a work-around or a permanent resolution has been identified. The CCTA(Central Computer and Telecommunications Agency) defines problems and known errors as follows

11 Information Technology Infrastructure Library 8 A problem is a condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant. A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a work-around. Problem management differs from incident management. The principal purpose of problem management is to find and resolve the root cause of a problem and thus prevent further incidents; the purpose of incident management is to return the service to normal level as soon as possible, with smallest possible business impact. The problem-management process is intended to reduce the number and severity of incidents and problems on the business, and report it in documentation to be available for the first-line and second line of the help desk. The proactive process identifies and resolves problems before incidents occur. Such processes include: Trend analysis; Targeting support action; Providing information to the organisation The Error Control Process iteratively diagnoses known errors until they are eliminated by the successful implementation of a change under the control of the Change Management process. The Problem Control Process aims to handle problems in an efficient way. Problem control identifies the root cause of incidents and reports it to the service desk. Other activities are: Problem identification and recording Problem classification Problem investigation and diagnosis A technique for identifying the root cause of a problem is to use an Ishikawa diagram, also referred to as a cause-and-effect diagram, tree diagram, or fishbone diagram. Alternatively, a formal Root Cause Analysis method such as Apollo Root Cause Analysis can be implemented and used to identify causes and solutions. An effective root cause analysis method and/or tool will provide the most effective/efficient solutions to address problems in the Problem Management process. Change Management Change Management aims to ensure that standardised methods and procedures are used for efficient handling of all changes, A change is "an event that results in a new status of one or more configuration items (CIs)" approved by management, cost effective, enhances business process changes (fixes) - with a minimum risk to IT infrastructure. The main aims of Change Management include: Minimal disruption of services Reduction in back-out activities Economic utilisation of resources involved in the change

12 Information Technology Infrastructure Library 9 Change Management Terminology Change: the addition, modification or removal of CIs Request for Change (RFC) or in older terminology Change Request (CR): form used to record details of a request for a change and is sent as an input to Change Management by the Change Requestor Forward Schedule of Changes (FSC): schedule that contains details of all forthcoming Changes. Release Management Release Management is used by the software migration team for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. Proper software and hardware control ensures the availability of licensed, tested, and version-certified software and hardware, which functions as intended when introduced into existing infrastructure. Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. This guarantees that all software meets the demands of the business processes. The goals of release management include: Planning the rollout of software Designing and implementing procedures for the distribution and installation of changes to IT systems Effectively communicating and managing expectations of the customer during the planning and rollout of new releases Controlling the distribution and installation of changes to IT systems Release management focuses on the protection of the live environment and its services through the use of formal procedures and checks. A Release consists of the new or changed software and/or hardware required to implement approved changes. Release categories include: Major software releases and major hardware upgrades, normally containing large amounts of new functionality, some of which may make intervening fixes to problems redundant. A major upgrade or release usually supersedes all preceding minor upgrades, releases and emergency fixes. Minor software releases and hardware upgrades, normally containing small enhancements and fixes, some of which may have already been issued as emergency fixes. A minor upgrade or release usually supersedes all preceding emergency fixes. Emergency software and hardware fixes, normally containing the corrections to a small number of known problems. Releases can be divided based on the release unit into: Delta Release: a release of only that part of the software which has been changed. For example, security patches. Full Release: the entire software program is deployed for example, a new version of an existing application. Packaged Release: a combination of many changes for example, an operating system image which also contains specific applications.

13 Information Technology Infrastructure Library 10 Configuration Management Configuration Management is the management and traceability of every aspect of a configuration from beginning to end and it includes the following key process areas under its umbrella : Identification, Planning, Change Control, Change Management, Release Management, Maintenance, process that tracks all individual Configuration Items (CI) generated by applying all of the key process areas in a system. Service Delivery The Service Delivery [5] discipline concentrates on the proactive services the ICT must deliver to provide adequate support to business users. It focuses on the business as the customer of the ICT services (compare with: Service Support). The discipline consists of the following processes, explained in subsections below: Service Level Management Capacity Management IT Service Continuity Management Availability Management Financial Management Service Level Management Service Level Management provides for continual identification, monitoring and review of the levels of IT services specified in the Service Level Agreements (SLAs). Service Level Management ensures that arrangements are in place with internal IT Support-Providers and external suppliers in the form of Operational Level Agreements (OLAs) and Underpinning Contracts (UCs), respectively. The process involves assessing the impact of change upon service quality and SLAs. The service level management process is in close relation with the operational processes to control their activities. The central role of Service Level Management makes it the natural place for metrics to be established and monitored against a benchmark. Service Level Management is the primary interface with the customer (as opposed to the user serviced by the Service Desk). Service Level Management is responsible for: ensuring that the agreed IT services are delivered when and where they are supposed to be liaising with Availability Management, Capacity Management, Incident Management and Problem Management to ensure that the required levels and quality of service are achieved within the resources agreed with Financial Management producing and maintaining a Service Catalog (a list of standard IT service options and agreements made available to customers) ensuring that appropriate IT Service Continuity plans exist to support the business and its continuity requirements. The Service Level Manager relies on the other areas of the Service Delivery process to provide the necessary support which ensures the agreed services are provided in a cost-effective, secure and efficient manner.

14 Information Technology Infrastructure Library 11 Capacity Management Capacity Management supports the optimum and cost-effective provision of IT services by helping organisations match their IT resources to business demands. The high-level activities include: Application Sizing Workload Management Demand Management Modelling Capacity Planning Resource Management Performance Management IT service continuity management IT service continuity management covers the processes by which plans are put in place and managed to ensure that IT Services can recover and continue even after a serious incident occurs. It is not just about reactive measures, but also about proactive measures - reducing the risk of a disaster in the first instance. Continuity management is regarded by the application owners as the recovery of the IT infrastructure used to deliver IT Services, but as of 2009 many businesses practice the much further-reaching process of Business Continuity Planning (BCP), to ensure that the whole end-to-end business process can continue should a serious incident occur (at primary support level). Continuity management involves the following basic steps: Prioritising the activities to be recovered by conducting a Business Impact Analysis (BIA) Performing a Risk Assessment (aka risk analysis) for each of the IT Services to identify the assets, threats, vulnerabilities and countermeasures for each service. Evaluating the options for recovery Producing the Contingency Plan Testing, reviewing, and revising the plan on a regular basis Availability Management Availability Management targets allowing organisations to sustain the IT service-availability to support the business at a justifiable cost. The high-level activities are Realise Availability Requirements, Compile Availability Plan, Monitor Availability, and Monitor Maintenance Obligations. Availability Management addresses the ability of an IT component to perform at an agreed level over a period of time. Reliability: Ability of an IT component to perform at an agreed level at described conditions. Maintainability: The ability of an IT component to remain in, or be restored to an operational state. Serviceability: The ability for an external supplier to maintain the availability of component or function under a third-party contract. Resilience: A measure of freedom from operational failure and a method of keeping services reliable. One popular method of resilience is redundancy. Security: A service may have associated data. Security refers to the confidentiality, integrity, and availability of that data. Availability gives a clear overview of the end-to-end availability of the system.