Common IT Service Management Metrics, Critical Success Factors (CSFs) and Key Performance Indicators (KPIs)

Transcription

1 Common IT Service Management Metrics, Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) Manage quantity and quality of IT service needed: percentage reduction in SLA targets missed percentage reduction in SLA targets threatened percentage increase in Customer perception of SLA achievements via CSS responses percentage reduction in SLA breaches caused because of third party support contracts (Underpinning Contracts) percentage reduction in SLA breaches caused because of internal Operational Level Agreements (OLA s). Deliver service as previously agreed at affordable costs: total number and percentage increase in fully documented SLAs in place percentage increase of SLAs agreed against operational services being run percentage increase in completeness of Service Catalogue versus operational services percentage improvement in the Service Delivery costs percentage reduction in the cost of monitoring and reporting of SLAs percentage increase in the speed and accuracy of developing SLAs. Manage business interface: increased percentage of Services covered by SLAs documented and agreed processes and procedures are in place reduction in the time to respond to and implement SLA requests increased percentage of SLA reviews completed on time reduction in the percentage of outstanding SLAs for annual renegotiation reduction in the percentage of SLAs requiring s (for example targets not attainable; s in usage levels) percentage increase in the number of OLA s and third Party contracts in place documentary evidence that issues raised at service and SLA reviews are being followed up and resolved (e.g. via the CSIP)? reduction in the number and severity of SLA breaches effective review and follow-up of all SLA, OLA and underpinning contract breaches. Accurate business forecasts: production of workload forecasts on time percentage accuracy of forecasts of business trends timely incorporation of business plans into Plan reduction in the number of variances from the business plans and Plans. Knowledge of current and future technologies: increased ability to monitor performance and throughput of all services and components timely justification and implementation of new technology in line with business requirements (time, cost and functionality) reduction in the use of old technology causing breached SLAs due to problems with support or performance.

2 Ability to demonstrate cost-effectiveness: a reduction in panic buying reduction in the over-capacity of IT accurate forecasts of planned expenditure reduction in the business disruption caused by a lack of adequate IT capacity relative reduction in the cost of production of the Plan. Ability to plan and implement the appropriate IT capacity to match business needs: percentage reduction in the number of s due to poor performance percentage reduction in lost business due to inadequate capacity all new services are implemented which match Service Level Requirements (SLRs) increased percentage of recommendations made by Management are acted upon reduction in the number of SLA breaches due to either poor service performance or poor component performance. Manage availability and reliability of IT service: percentage reduction in the unavailability of services and components percentage increase in the reliability of services and components effective review and follow-up of all SLA, OLA and underpinning contract breaches percentage improvement in overall end-to-end availability of services percentage reduction in the number and impact of service breaks improvement in the MTBF (mean time between failures) improvement in the MTBSI (mean time between system incidents) reduction in the MTTR (mean time to repair). Satisfy business needs for access to IT services: percentage reduction in the unavailability of services percentage reduction of the cost of business overtime due to unavailable IT percentage reduction in critical time failures, e.g. specific business peak and priority availability needs are planned for percentage improvement in business and Users satisfied with service (by CSS results). of IT infrastructure achieved at optimum costs: percentage reduction in the cost of unavailability percentage improvement in the Service Delivery costs timely completion of regular risk analysis and system review timely completion of regular cost-benefit analysis established for infrastructure Component Failure Impact Analysis (CFIA) percentage reduction in failures of third party performance on MTTR/MTBF against contract targets reduced time taken to complete (or update) a risk analysis reduced time taken to review system resilience reduced time taken to complete an Plan timely production of management reports percentage reduction in the incidence of operational reviews uncovering security and reliability exposures in application designs. IT Security Management Controls (NIST ) Percentage of systems that had formal risk assessment performed and documented. (every 6

3 IT Security Percentage of systems that have had risk levels reviewed by management. (6 months) Percentage of total systems for which security controls have been tested and evaluated in the past IT Security year. (12 months) The average time elapsed between vulnerability or weakness discovery and implementation of IT Security corrective action. (3 months) Percentage of systems that have the costs of their security controls integrated into the life cycle of IT Security the system. (12 months) Percentage of system changes recertified if security controls are added or modified after the IT Security system was developed. (12 months) Percentage of total systems that have been authorized for processing following certification and IT Security accreditation. (3 months) Percentage of systems that are operating under an Interim Authority to Operate (IATO). (3 IT Security Percentage of systems with approved system Security plans. (12 months) IT Security Percentage of current security plans. (6 months) IT Security Operational Controls (NIST ) IT Security Percentage of systems compliant with the separation of duties requirement. (12 months) Percentage of users with special access to systems who have undergone background evaluations. IT Security (6 months) Percentage of information systems libraries that log the deposits and withdrawals of tapes. (6 Percentage of data transmission facilities in the organization that have restricted access to IT Security authorized individuals. (6 months) IT Security Percentage of laptops with encryption capability for sensitive files. (3 months) Percentage of security-related user issues resolved immediately following the initial call. (6 IT Security Percentage of used media sanitized before reuse or disposal. (12 months) Percentage of critical data files and operations with an established backup frequency. (12 months) IT Security IT Security Percentage of systems that have a contingency plan. (12 months) Percentage of systems for which contingency plans have been tested in the past year. (12 IT Security Percent of systems that impose restrictions on system maintenance personnel. (12 months) Percentage of software changes documented and approved through change request forms. (3 IT Security Percentage of systems with the latest approved patches installed. (1 month) Percentage of systems with automatic virus definition updates and automatic virus scanning. (6 IT Security Percentage of systems that perform password policy verification. (6 months) IT Security Percentage of in-house applications with documentation on file. (12 months) IT Security Percentage of systems with documented risk assessment reports. (12 months) IT Security Technical Controls (NIST ) Percentage of employees with significant security responsibilities who have received specialized IT Security training. (12 months) IT Security Percentage of agency components with incident handling and response capability. (6 months) IT Security Number of incidents reported to FedCIRC, NIPC and local law enforcement. (3 months) IT Security Percentage of systems without active vendor-supplied passwords. (6 months) IT Security Percentage of unique user IDs. (3 months) Percentage of users with access to security software that are not security administrators. (3 IT Security Percentage of systems running restricted protocols. (6 months) IT Security Percentage of websites with a posted privacy policy. (3 months)

4 IT Security Percentage of systems on which audit trails provide a trace of user actions. (12 months) Quickly resolve s: (applies to both and Request Fulfillment) percentage reduction in average time to respond to a call for assistance from first-line operatives percentage increase in the s resolved by first line operatives percentage increase in the s resolved by first line operatives on first response percentage reduction of s incorrectly assigned percentage reduction of s incorrectly categorized reduced mean elapsed time for resolution or circumvention of s, broken down by impact code increased percentage of s resolved within agreed (in SLAs) response times by impact code. Maintain IT service quality: (applies to both and Request Fulfillment) reduction in the service unavailability caused by s increased percentage of s resolved within target times by priority increased percentage of s resolved within target times by category percentage reduction in the average time for second line support to respond reduction of the backlog percentage increase in the s fixed before Users notice percentage reduction in the s reopened percentage reduction in the overall average time to resolve s reduction in the number of s requiring more than one second line support team. Improve business and IT productivity: (applies to both and Request Fulfillment) percentage reduction in average cost of handling incidents improve percentage of business incidents dealt with first line operatives percentage reduction number of times first line operatives bypassed percentage improvement in average number of incidents handled by each first line operatives no delays in the production of management reports improved scores on CSS responses. User satisfaction: (applies to both and Request Fulfillment) percentage improvement in CSS responses on the Management service percentage reduction in length of queue time waiting for response percentage reduction in the number of lost calls percentage reduction of the number of revised business instructions issued. Receiving Calls (Performance): (applies to both and Request Fulfillment) % First Call Resolution % First Call Resolutions without Passwords # Dropped Calls Average Call Hold Time Workload Volumes (Performance) Total # Calls / day / month / year Average # Calls per Day Average # Calls per Month Average # Calls Assigned / day. Average # Calls Assigned / month. Operational Level (Quality) (applies to both and Request Fulfillment)

5 Average duration by Call Type Average duration by Call Group Counts of Call Type / Group / Customer Control of IT assets: percentage reduction in number of Item (CI) attribute errors found in Management Database (CMDB) percentage increase in the number of CI s successfully audited percentage improvements in the speed and accuracy of audit. Support the delivery of quality IT services: percentage reduction in service errors attributable to wrong CI information improved speed of component repair and recovery improved Customer satisfaction with services and terminal equipment. Economic service provision: reduction in the number of missing or duplicated CI s greater percentage of maintenance costs and license fees within budget percentage reduction in S/W costs due to better control percentage reduction in H/W costs due to better control of spares inventory and supplies percentage improvement in average cost of maintaining CI s in CMDB. Support, integration and interfacing to all other ITSM processes: reduced percentage of failures as a result of inaccurate configuration data improved resolution time due to the availability of complete and accurate configuration data more accurate results from Risk Analysis audits due to available and accurate asset information. Improve service quality: percentage reduction in repeat s/s percentage reduction in the s and s affecting service to Customers percentage reduction in the known s and s encountered no delays in production of management reports improved CSS responses on business disruption caused by s and s. Minimize impact of s: percentage reduction in average time to resolve s percentage reduction of the time to implement fixes to Known Errors percentage reduction of the time to diagnose s percentage reduction of the average number of undiagnosed s percentage reduction of the average backlog of open s and errors. Reduction cost of s to Users: percentage reduction of the impact of s on User reduction in the business disruption caused by s and s percentage reduction in the number of s escalated (missed target) percentage reduction in the IT Management budget increased percentage of proactive s raised by Management, particularly from Major and reviews.

6 Repeatable process: percentage fewer rejected RFCs percentage reduction in unauthorized s detected percentage of requests (business driven need) implemented on time percentage reduction in average time to make s percentage reduction in the backlog percentage fewer s backed out because of testing failures percentage reduction in s required by previous failures increase in the percentage of reports produced on schedule. Quick and accurate s: percentage reduction in the number of urgent s percentage reduction of urgent s causing s reduction in the percentage of s implemented without being tested percentage reduction of urgent s requiring back-out reduced percentage of urgent or high priority s submitted without business case to justify decision. Protect service: reduction in both the scheduled and unscheduled service unavailability caused by s percentage reduction in s backed out percentage reduction of unsuccessful s percentage reduction in s causing s percentage reduction in s impacting core service time and SLA service hours percentage increase in s activated outside core service time and SLA service hours reduction in the percentage of s not referred to a Advisory Board (CAB) or Advisory Board Emergency Committee (CAB/EC) improvement in Customer Satisfaction Survey (CSS) feedback on percentage reduction in failed s that do not have recorded back-out plan percentage reduction in time to implement a freeze. Show efficiency and effectiveness results: percentage efficiency improvement based on number of RFCs processed percentage increase in the accuracy of estimates percentage reduction in the average cost of handling a percentage reduction in overtime due to better planning reduction in the cost of failed s increased percentage of s implemented on time increased percentage of s implemented to budget reduction in the percentage of failed s reduction in the percentage of backed out s. Better quality software and hardware: percentage reduction in the use of software and hardware s that have not passed the required quality checks percentage reduction in installed software not taken from DSL percentage reduction in non-standard hardware all bought-in software complies with legal restrictions

7 percentage reduction in the use of unauthorized software and hardware. Repeatable process for rolling out software and hardware s: all new s planned and controlled by Management all installed software taken from the DSL all appropriate hardware stored in the DHS percentage reduction in the number of failed distributions of s to remote sites reduction in the percentage of urgent s increase in the percentage of normal units as opposed to ad hoc s. Implementation of s swiftly (business driven needs) and accurately: percentage reduction in build failures percentage implementation of releases at all sites, including remote ones, on time percentage reduction in the number of urgent s percentage reduction in the s causing s reduction in the percentage of s implemented without being tested reduced percentage of urgent or high priority s requested without the appropriate business case/justification. Cost-effective releases increased percentage of s built and implemented on schedule percentage s built and implemented within budget reduction in the service unavailability caused by s percentage reduction in s backed out percentage reduction of failed s percentage reduction in the average cost of handling a percentage reduction in overtime due to better planning reduction in the cost of failed s no evidence of payment of license fees or wasted maintenance effort, for software that is not in use no evidence of wasteful duplication in building (e.g. multiple builds of remote sites, when copies of a single build would suffice) percentage improvement of the planned composition of s matching the actual composition (which demonstrates good planning) percentage improvement in the resources required by Management percentage increase in the accuracy of estimates.