Recent Advances in Automatic Control, Information and Communications

Transcription

1 Proposal of the improvement of actual ITIL version based on comparative IT Service Management methodologies and standards The implementation of IT Service Management frameworks and standards Anel Tanovic*, Fahrudin Orucevic** *Department for management of access networks and terminal devices, BH Telecom d.d. Sarajevo Obala Kulina Bana 8, Sarajevo 71000, Bosnia and Herzegovina ** Department of Computer Science and Informatics University of Sarajevo, Faculty of Electrical Engineering Zmaja od Bosne bb, Sarajevo 71000, Bosnia and Herzegovina Abstract: - CobiT is framework which is responsible for IT governance. PRINCE2 is responsible for project management. etom is the most popular standard for the management of IT services in telecommunication industry. ISO/IEC is the first international standard for IT service management. ISO/IEC is a standard responsible for design and maintenance of information security management systems. The implementation of each of these frameworks or standards and ITIL 2011 framework is based on description of key goals, key activities, key performance indicators and critical success factors for each process and function of these frameworks and standards. The result of this paper are implemented all IT service management frameworks and standards in a reference model of. The next step after implementation are the measurements of implemented frameworks and standards. Key-Words: - CobiT, PRINCE2, etom, ISO/IEC 20000, ISO/IEC 27000, Service Catalogue Management, Define and manage service levels, Managing a Stage Boundary, Billing & Revenue Management Resource Management & Operations, Release and Deployment Management, Ensure objective. 1 Introduction The main goal of this research is to improve the existing model of ITIL 2011 framework through comparative analysis with other IT service management frameworks and standards. The result of comparative analysis should be new models of ITIL framework for which will be done new measurements of the implementation. These results will be compared and based on this will be chosen new improved model of ITIL framework. The results of the comparative analysis may serve as a basis for future research related to the improvement of each of the frameworks or standards which are mentioned in this paper. Recent research in this area show that there are many disadvantages in the existing ITIL 2011 framework especially in Service Operation phase which is responsible for the relationship with end users. This research is divided into five parts. The first part describes previous research, research methodology and test environment. The second part of research describes the implementation of all IT Service Management frameworks and standards in a test environment. The third part describes a comparative analysis of results and gives a proposal for new models. The fourth part of the research describes measurements of final models for ITIL and the election of the improved model for ITIL 2011 framework. The last part of the research describes in details the improved model of ITIL 2011 framework and shows future directions of research. This paper is the second part of the research. Section 2. of the paper describes complementary IT Service Management frameworks and standards: CobiT, PRINCE2, etom, ISO/IEC and ISO/IEC Section 3. of the paper describes the implementation of each of six complementary ITSM frameworks and standards in a reference model of. Section 4. is the conclusion in which are described key principles of implementation of each IT Service Management framework or standard in a reference model and are described the principles of measurements of each implemented model. ISBN:

2 2 Complementary IT Service Management frameworks and standards Control Objectives for Information and Related Technology (CobiT) is a framework that allows managers to bridge the gap between control requirements, technical issues and business risks. The framework provides good practices across a domain and process framework [17]. CobiT is intended for translating business requirements from the management of the company to the IT department. Many organizations today implement CobiT in combination with ITIL framework. Figure 1. shows the process model for Control Objectives for Information and Related Technology framework. CobiT is a process model which contains four phases: Plan and Organize This phase includes processes for the planning and design of the organization which are intended to achieving business goals of the organization [18]. The processes which are included in this phase are: Define a strategic IT plan, Define the information architecture, Determine technological direction, Define the IT processes, organization and relationships, Manage the IT investment, Communicate management aims and direction, Manage IT human resources, Manage quality, Assess and manage IT risks and Manage projects. Acquire and Implement This phase includes the processes related to the procurement and development of IT solutions and to the management of changes [17]. These processes are included in this phase: Identify automated solutions, Acquire and maintain application software, Acquire and maintain technology infrastructure, Enable operation and use, Procure IT resources, Manage changes and Install and accredit solutions and changes. Deliver and Support This phase includes the processes related to the current deliveries of IT services to the organization [17]. These processes are part of this phase: Define and manage service levels, Manage third-party services, Manage performance and capacity, Ensure continuous service, Ensure systems security, Identify and allocate costs, Educate and train users, Manage service desk and incidents, Manage the configuration, Manage problems, Manage data, Manage the physical environment and Manage operations. Monitor and Evaluate This phase includes the processes for regular checking of IT processes and their success in achieving the goals of IT controls [18]. The processes which are included in this phase are: Monitor and evaluate IT performance, Monitor and evaluate internal control, Ensure regulatory compliance and Provide IT governance. PRINCE2 (Projects in a Controlled Environment) is a structured project management method based on experience drawn from thousands of projects [14], [16]. Projects are the means by which we introduce change and, while many of the skills required are the same, there are some crucial differences between managing business as usual and managing project work [15]. The PRINCE2 components describe aspects of project management that must be addressed continually. Figure 2. shows the components for Projects in Controlled Environments2 framework. The total number of components is seven [14]: Business Case - The purpose of this componente is to establish mechanisms to judge whether the project is viable, desirable and achievable as a means to support decision making in its investment. Organization The purpose of this componente is to define and establish the project s structure of accountability and responsibilities. Quality - The purpose of this componente is to define and implement the means by which the project will create and verify products that are fit for purpose. Plans The purpose of this componente is to facilitate communication and control by defining the means of delivering the products. Risk The purpose of this componente is to identify, assess and control uncertainty and, as a result, improve the ability of the project to succeed. Change The purpose of this componente is to identify, assess and control any potential and approved changes to the baseline. Progress The purpose of this component is to establish mechanisms to monitor and compare actual achievements against those planned. The second purpose is to provide a ISBN:

3 forecast for the project objectives and the project s continued viability. The third purpose is to control any unacceptable deviations. A process is a structured set of activities designed to accomplish a specific objective. It takes one or more defined inputs and turns them into defined outputs. The processes are presented in all seven components of PRINCE2. Figure 3. shows the processes for Projects in Controlled Environments2 framework [16]. There are seven processes in PRINCE2: Starting up a Project This process ensures that the prerequisites for Initiating a Project are in place by answering the question: do we have a viable and worthwhile project? The aim is to do the minimum necessary in order to decide whether it is worthwhile to even initiate the project. Directing a Project This process enables the Project Board to be accountable for the project s success by making key decisions and exercising overall control while delegating day to day management of the project to the Project Manager. Initiating a Project This process is responsible for establishing solid foundations for the project, for enabling the organization to understand the work that needs to be done to deliver the project s products before committing to a significant spend. Controlling a Stage The purpose of this process is to to assign work to be done, monitor such work, deal with issues, report progress to the Project Board, and take corrective actions to ensure that the stage remains within tolerance. Managing Product Delivery The purpose of this process is to control the link between the Project Manager and the Team Manager, by placing formal requirements on accepting, executing and delivering project work. Managing a Stage Boundary This process is responsible for giving a permission to the Project Board to be provided with sufficient information by the Project Manager so that it can review the success of the current stage, for giving an approval to the next Stage Plan, for reviewing the updated Project Plan, and for giving a confirmation to continued business justification and acceptability of the risks. Closing a Project This process recognizes that objectives have been achieved in the original Project Initiation documentation. etom is the most popular standard for the management of IT services in telecommunication industry. Many previous researches show that etom standard is very similar to the ITIL framework [12], [13]. The etom Business Process Framework represents the whole of a service provider's enterprise environment [12]. Figure 4. shows the process model for Enhanced Telecom Operations Map framework in which are processes placed in horizontal and vertical lines. At the overall conceptual level, the etom framework can be viewed as having three major process areas: The Strategy, Infrastructure & Product Process Area includes processes that develop strategies and commitment to them within the enterprise; that plan, develop and manage the delivery and enhancement of infrastructures and products; and that develop and manage the Supply Chain. In the etom framework, infrastructure refers to more than just the resource (IT and network) infrastructure that directly supports products and services. It also includes the operational and organizational infrastructure required to support marketing, sales, service and supply chain processes for example Customer Relationship Management (CRM) [11]. These processes direct and enable processes within the Operations process area. The Operations Process Area is the traditional heart of the Service Provider enterprise, and of the etom standard. It includes all operations processes that support the customer (and network) operations and management, as well as those that enable direct customer operations with the customer. These processes include both day-to-day and operations support and readiness processes. The etom framework view of Operations also includes sales management and Supplier/Partner Relationship Management [13]. The Enterprise Management Process Area includes those basic business processes that are required to run and manage any large business. These generic processes focus on both the setting and achieving of strategic ISBN:

4 corporate goals and objectives, as well as providing those support services that are required throughout an Enterprise. These processes are sometimes considered to be the corporate functions and processes, for example Financial Management or Human Resources Management [13]. Since Enterprise Management processes are aimed at general support within the Enterprise, they may interface as needed with almost every other process in the Enterprise, be they operational, strategy, infrastructure or product processes. ISO/IEC is the first international standard for IT service management. ISO/IEC standard has emerged as a consequence of the need to present the recommendations of ITIL framework within one uniform standard. ISO/IEC standard has also emerged as a need of a large number of organizations that wanted to have implemented a standard in its business environment which will replace the existing ISO/IEC 9000 standard which is only focused in total quality management practices [7], [8]. ISO/IEC contains recommendations for ITIL framework that are displayed in the main processes that make up this standard. Figure 5. shows the process model for ISO/IEC standard. ISO/IEC contains four phases: Service Delivery Processes These processes are responsible for the management with: capacity, availability, continuity and information security of the service, and for the management with contracts and finances [9]. The processes that are presented in this phase are: Capacity Management, Service Continuity & Availability Management, Service Level Management, Service Reporting, Information Security Management and Budgeting & Accounting for services. Relationship Processes These processes are responsible for the management with suppliers and relationships which are the part of the organization [10]. Two processes which are the part of this phase are: Supplier Management and Business Relationship Management. Resolution Processes These processes are responsible for the management with: incidents, service requests and problems [9]. The processes which are the part of this phase are: Incident and Service Request Management and Problem Management. Control Processes These processes are responsible for the management with changes and for the design and implementation of the IT service. Three processes are the part of this phase: Configuration Management, Change Management and Release and Deployment Management [7]. ISO/IEC is part of a growing family of ISO/IEC Information Security Management Systems (ISMS) standards [20]. ISO/IEC is a standard from this group responsible for the design, implementation and testing of an information security management system and it is the most important project under ISO/IEC ISO/IEC formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements [19]. Organizations that claim to have adopted ISO/IEC can therefore be formally audited and certified compliant with the standard [21]. Figure 6. shows the PDCA model for ISO/IEC standard which is the basic model for activities with design and maintenance of Information Security Management System (ISMS). The ISO adopts the process model Plan- Do-Check-Act (PDCA) which is applied to the structure of all the processes in ISMS: Plan (establishing the ISMS) - Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization [19]. The processes from this phase are: Define the scope of ISMS, Define information security policy, Undertake risk assessment, Select controls, Risk treatment plan and Prepare statement of applicability. Do (implementing and workings of the ISMS) - Implement and exploit the ISMS policy, controls, processes and procedures [20]. The processes from this phase are: Execute risk treatment plan, Write controls and BCM, Implement policies and BCM, Implement training, Manage operation and resources and Implement procedure for security. Check (monitoring and review of the ISMS) - Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical ISBN:

5 experience and report results to management for review [21]. The processes from this phase are: Execute operational plan, Regular reviews of the effectiveness of ISMS, Review the level of residual risk, Internal ISMS audit, Management review of ISMS and Record impact on ISMS. Act (update and improvement of the ISMS) - Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the same system [19], [20]. The processes from this phase are: Implement identified improvement, Take corrective and preventive action, Apply lesson learned, Communicate result, Ensure objective and Continue process. 3 Implementation of IT Service Management frameworks and standards for the reference model The configuration of ITIL 2011 framework is based on implementation of four different functions: Technical Management, Application Management, Service Desk and IT Operations Management [6]. The realization of each function is based on the implementation of all 26 processes in all five ITIL phases: Service Strategy [1], Service Design [2], Service Transition [3], Service Operation [4] and Continual Service Improvement [5]. That means that the total number of ITIL process implementations is 104. If we add the implementation of four functions, than the total number of ITIL implementations is 108. For each of independent implementation (process or function) it is needed to describe: key goals, key activities, key performance indicators and critical success factors. Key activities and critical success factors are placed under the principles of reference model. Table I. and II. show key goals, key activities, key performance indicators and critical success factors of Service Catalogue Management process at Application function [2]. The implementation of other processes and functions is done in the same way [1], [2], [3], [4], [5]. The configuration of CobiT framework is based on implementation of four phases: Plan and Organise, Acquire and Implement, Deliver and Support and Monitor and Evaluate. The first phase has 10 processes, the second phase has 7 processes, the third phase has 13 processes and the fourth phase has 4 processes [18]. That means that the total number of CobiT process implementations is 34. If we add the implementation of four phases, than the total number of CobiT implementations is 38. For each of independent implementation (process or function) it is needed to describe: key goals, key activities, key performance indicators and critical success factors. Key activities and critical success factors are placed under the principles of reference model [17]. Table III. and IV. show key goals, key activities, key performance indicators and critical success factors of CobiT process Define and manage service levels. The implementation of other processes and phases is done in the same way. The configuration of PRINCE2 framework is based on implementation of seven phases: Business scenario, Organization, Quality, Plans, Risk, Change and Progress [15]. Each phase has seven different processes: Starting up a Project, Directing a Project, Initiating a Project, Controlling a Stage, Managing Product Delivery, Managing Stage Boundary and Closing a Project. That means that the total number of PRINCE2 process implementations is 49. If we add the implementation of seven phases, than the total number of PRINCE2 implementations is 56. For each of independent implementation (process or function) it is needed to describe: key goals, key activities, key performance indicators and critical success factors [16]. Key activities and critical success factors are placed under the principles of IPTV/VoIP reference model. Table V. and VI. show key goals, key activities, key performance indicators and critical success factors of PRINCE2 process Managing a Stage Boundary at component Risk. The implementation of other processes and phases is done in the same way. The configuration of etom standard is based on implementation of three phases: Strategy, Operation and Organization. The first phase has 12 processes, the second phase has 16 processes and the third phase has 7 processes. That means that the total number of etom process implementations is 35. If we add the implementation of three phases, than the total number of etom implementations is 38. For each of independent implementation (process or function) it is needed to describe: key goals, key activities, key performance indicators and critical success factors. Key activities and critical success factors are placed under the principles of IPTV/VoIP reference model [12], [13]. Table VII. and VIII. show key goals, key activities, key performance indicators and critical success factors of etom process Billing & Revenue Management Resource Management & Operations. The ISBN:

6 implementation of other processes and phases is done in the same way. The configuration of ISO/IEC standard is based on implementation of four phases: Service Delivery Processes, Relationship Processes, Resolution Processes and Control Processes. The first phase has 6 processes, the second phase has 2 processes, the third phase has 2 processes and the fourth phase has 3 processes. That means that the total number of ISO/IEC process implementations is 13. If we add the implementation of four phases, than the total number of ISO/IEC implementations is 17 [8]. For each of independent implementation (process or function) it is needed to describe: key goals, key activities, key performance indicators and critical success factors. Key activities and critical success factors are placed under the principles of reference model. Table IX. and X. show key goals, key activities, key performance indicators and critical success factors of ISO/IEC Release and Deployment Management process [9]. The implementation of other processes and phases is done in the same way. The configuration of ISO/IEC standard is based on implementation of four phases: Establish ISMS, Design and implementation of ISMS, Monitor and review ISMS and Maintain and improve ISMS. Each of these phases has 6 processes [20]. That means that the total number of ISO/IEC process implementations is 24. If we add the implementation of four phases, than the total number of ISO/IEC implementations is 28. For each of independent implementation (process or function) it is needed to describe: key goals, key activities, key performance indicators and critical success factors. Key activities and critical success factors are placed under the principles of IPTV/VoIP reference model [21]. Table XI. and XII. show key goals, key activities, key performance indicators and critical success factors of ISO/IEC Ensure objective process. The implementation of other processes and phases is done in the same way. 4 Conclusion The implementation of each IT Service Management framework or standard covers all their processes and functions. ITIL has 4 functions and 104 processes. CobiT has 4 phases and 34 processes. PRINCE2 has 7 phases and 49 processes. etom has 3 phases and 35 processes. ISO/IEC has 4 phases and 13 processes. ISO/IEC has 4 phases and 24 processes. It means that the total number of implementations that have been finished in this research are 268. Each independent implementation required a description of key goals, key activities, key performance indicators and critical success factors for one function or process [1], [2], [3]. All key goals and key activities represent actions for the design, implementation and maintenance of systems for [4], [5], [6]. Key performance indicators and critical success factors are obtained directly from these defined key activities. All measurements, which will be described in part 3 of this project, are based on these real defined key performance indicators and critical success factors. In this paper is shown the implementation of one process for each IT Service Management framework or standard. References: [1] S.Taylor, M. Iqbal, and M. Nieves, ITIL Version 3 Service Strategy, The Office of Government Commerce, July [2] S.Taylor, V. Lloyd, and C. Rudd, ITIL Version 3 Service Design, The Office of Government Commerce, July [3] S.Taylor, S. Lacy, and I. Macfarlane, ITIL Version 3 Service Transition, The Office of Government Commerce, July [4] S.Taylor, D. Cannon, and D. Wheeldon, ITIL Version 3 Service Operation, The Office of Government Commerce, July [5] S.Taylor, G.Case, and G.Spalding, ITIL Version 3 Continual Service Improvement, The Office of Government Commerce, July [6] R. A. Steinberg, Measuring ITIL: Measuring, Reporting and Modeling the IT Service Management Metrics That Matter Most to IT Senior Executives, Trafford Publishing, January [7] Van Haren Publishing, Implementing ISO/IEC Certification The Roadmap (ITSM Library), February [8] M. Kunas, Implementing Service Quality based on ISO/IEC 20000, IT Governance Publishing, May [9] L. Cooper, A Guide to the New ISO/IEC : The Differences Between the 2005 and the 2011 Editions, BSI British Standards Institution, June [10] Van Haren Publishing, Implementing IT Service Management Aligning with ITIL and ISO/IEC 20000, June [11] H. Jiejin, A Practical Approach to the Operation of Telecommunication Services driven by the TMF etom Framework, ISBN:

7 Universitat Poliecnica de Catalunya, September [12] J. P. Reilly, M. Kelly, K. J. Willets, and M. Kreaner, The etom A Business Process Framework Implementer s Guide. TM Forum, April [13] D. Byron, An Assessment of the TeleManagement Forum s etom Model. TM Forum, March [14] Central Computer and Telecommunications Agency, Managing Successful Projects with PRINCE 2, January [15] The Office of Government Commerce, Directing Successful Projects with PRINCE2, January [16] G. Williams, APMP for PRINCE2 Practitioners, The Office of Government Commerce, January [17] IT Governance Institute, IT Assurance Guide Using CobiT, 2 nd Edition, May [18] IT Governance Institute, CobiT Control Practices: Guidance to Achieve Control Objectives for Successful IT Governance, 2 nd Edition, May [19] H. Baars, K. Hintzbergen, J. Hintzbergen, and A. Smulders, Foundations of Information Security Based on ISO27001 and ISO27002, Van Haren Publishing, April [20] E. Humphreys, Implementing the ISO/IEC Information Security Management System Standard, Artech Print on Demand, September [21] S. T. Arnason and K. D. Willett, How to Achieve Certification: An Example of Applied Compliance Management, Auerbach Publications, November Figure 2. Components for Projects in Controlled Environments2 (PRINCE2) framework Figure 3. Processes for Projects in Controlled Environments2 (PRINCE2) framework ISBN:

8 Figure 4. Process model for Enhanced Telecom Operations Map (etom) framework Figure 5. Process model for ISO/IEC standard Figure 6. PDCA model for ISO/IEC standard ISBN:

9 Figure 1. Control Objectives for Information and Related Technology (CobiT) framework TABLE I. KEY GOALS AND KEY ACTIVITIES FOR ONE SPECIFIED ITIL PROCESS Key goals of the ITIL application Service Catalogue Management process for Key activities of the ITIL application Service Catalogue Management process for Defining a technical catalogue for the central application of the Defining technical specifications for servers of central information system application of the information system and relationship with other Defining a technical catalogue for the Provisioning System between central application of the information system and network elements for IPTV and VoIP Defining a technical catalogue for the Billing system Defining a technical catalogue for the ERP system systems Defining technical specifications for servers of Provisioning system and relationship with other systems Defining technical specifications for servers of Billing system and relationship with other systems Defining technical specifications for servers of ERP system and relationship with other systems TABLE II. KEY PERFORMANCE INDICATORS AND CRITICAL SUCCESS FACTORS FOR ONE SPECIFIED ITIL PROCESS Key performance indicators of the ITIL application Service Critical success factors of the ITIL application Service Catalogue Management process for Catalogue Management process for documentation for the central application of information system 9 days after installing and releasing into production new servers of the same system documentation for the Provisioning system after installing and 14 days releasing into production new servers of the same system documentation for the Billing system after installing and 17 days releasing into production new servers of the same system ISBN:

10 documentation for the ERP system after installing and releasing into production new servers of the same system 6 days TABLE III. KEY GOALS AND KEY ACTIVITIES FOR ONE SPECIFIED COBIT PROCESS Key goals of CobiT process Define and manage service levels Key activities of CobiT process Define and manage service for levels for Defining a technical catalogue for technical systems of Defining technical specifications for servers of each technical system and their relationship with other systems Defining a technical catalogue for application systems of Defining technical specifications for servers of each application system and their relationship with other systems Defining a technical catalogue for Service Desk systems of Defining technical specifications for servers of each Service Desk system and their relationship with other systems Defining a technical catalogue for operation systems of Defining technical specifications for servers of each operation system and their relationship with other systems Defining contracts for technical systems of Defining contracts with other companies which are responsible for the maintenance of technical systems Defining contracts for application systems of Defining contracts with other companies which are responsible for the maintenance of application systems Defining contracts for Service Desk systems of IPTV/VoIP Defining contracts with other companies which are responsible service for the maintenance of Service Desk systems Defining contracts for operation systems of Defining contracts with other companies which are responsible for the maintenance of operation systems TABLE IV. KEY PERFORMANCE INDICATORS AND CRITICAL SUCCESS FACTORS FOR ONE SPECIFIED COBIT PROCESS Key performance indicators of CobiT process Define and Critical success factors of CobiT process Define and manage manage service levels for service levels for 9 working days documentation for technical system's servers 17 working days documentation for application system's servers 18 working days documentation for Service Desk system's servers 22 working days documentation for operation system's servers The highest average number of potential new contracts which are 10 contracts signed for technical systems during one year The highest average number of potential new contracts which are 7 contracts signed for application systems during one year The highest average number of potential new contracts which are 5 contracts signed for Service Desk systems during one year The highest average number of potential new contracts which are 14 contracts signed for operation systems during one year TABLE V. KEY GOALS AND KEY ACTIVITIES FOR ONE SPECIFIED PRINCE2 PROCESS Key activities of PRINCE2 process Managing a Stage Boundary at component Risk for Form expert team who should be responsible for the comparison of business scenario with risks which incurred during the development or expansion of individual systems Form expert team who should be responsible for changing business scenarios for the development and expansion of systems of in the part connected to risks Key goals of PRINCE2 process Managing a Stage Boundary at component Risk for Review and change the business scenario for development and extension of systems for if it is not matched with the current existing risks Management with a system for monitoring the implementation of risks during the development and expansion of IPTV/VoIP service's systems Form expert team which is responsible for monitoring the performance of individual employees, teams or extern companies that participate in the definition and monitoring of individual risks Write on the integrated place results of the work of employees, teams or extern companies involved in the management and control of risks Development of a central database in which are inserted reports about the work of employees, teams or extern companies Implementation of applications on the basis of which can be lifted out regular reports about the work of employees, teams or external companies and as such can be delivered to the project manager and executive manager TABLE VI. KEY PERFORMANCE INDICATORS AND CRITICAL SUCCESS FACTORS FOR ONE SPECIFIED PRINCE2 PROCESS Key performance indicators of PRINCE2 process Managing Critical success factors of PRINCE2 process Managing a a Stage Boundary at component Risk for Stage Boundary at component Risk for Maximum available percentage of business scenarios that need to be changed during one year because of the risk in the 20% ISBN:

11 development or expansion of IPTV/VoIP system's service The largest available time which is needed to change business scenario during the occurrence of unplanned risks The minimum allowed percentage of positive achieved results of employees, teams and external companies which are responsible for managing with risks The average allowed number of reports during one month to the executive management about the work of all participants which are responsible for managing with risks 15 working days 90% 4 reports TABLE VII. KEY GOALS AND KEY ACTIVITIES FOR ONE SPECIFIED ETOM PROCESS Key goals of etom process Billing & Revenue Management Resource Management & Operations for Reviewing and resolving problems that are associated with the work of the module for the measurement of IPTV service consumption Reviewing and resolving problems that are associated with the work of the module for the measurement of VoIP service consumption Key activities of etom process Billing & Revenue Management Resource Management & Operations for Constant reviewing of modules for the measurement of IPTV service's consumption Monitoring of the problems that occurred during the final calculation of consumption for IPTV service and checking whether the problem has to be forwarded to the appropriate supplier Printing the entire consumption of IPTV service for the user who has invested a complaint to the account Working on solving possible errors during the collection of all spending records for IPTV service for the user who has invested a complaint to the account Constant reviewing of modules for the measurement of VoIP service's consumption Monitoring of the problems that occurred during the final calculation of consumption for VoIP service and checking whether the problem has to be forwarded to the appropriate supplier Printing the entire consumption of VoIP service for the user who has invested a complaint to the account Working on solving possible errors during the collection of all spending records for VoIP service for the user who has invested a complaint to the account TABLE VIII. KEY PERFORMANCE INDICATORS AND CRITICAL SUCCESS FACTORS FOR ONE SPECIFIED ETOM PROCESS Key performance indicators of etom process Billing & Critical success factors of etom process Billing & Revenue Revenue Management Resource Management & Operations Management Resource Management & Operations for for The average number of allowed problems which are detected by 5 problems monitoring of module for the calculation of IPTV consumption The allowed percentage of problems in category of the total number of problems that are connected with the module for the final calculation of IPTV consumption which can solve the staff 60% of Telecom operator without the support of extern companies The allowed percentage of problems in category of the total number of problems in company that are connected with the 20% module for the final calculation of IPTV consumption The average number of allowed problems which are detected by 5 problems monitoring of module for the calculation of VoIP consumption The allowed percentage of problems in category of the total number of problems that are connected with the module for the 50% final calculation of VoIP consumption which can solve the staff of Telecom operator without the support of extern companies The allowed percentage of problems in category of the total number of problems in company that are connected with the 15% module for the final calculation of VoIP consumption TABLE IX. KEY GOALS AND KEY ACTIVITIES FOR ONE SPECIFIED ISO/IEC PROCESS Key activities of ISO/IEC process Release and Deployment Management for Implementation of hardware infrastructure of technical systems Implementation of software infrastructure of technical systems Implementation of relationship of technical systems with some other systems Key goals of ISO/IEC process Release and Deployment Management for Implementation of hardware and software infrastructure of technical systems of Implementation of hardware and software infrastructure of application systems of Implementation of hardware infrastructure of application systems Implementation of software infrastructure of application systems Implementation of relationship of application systems with some other systems Implementation of hardware infrastructure of Service Desk systems ISBN:

12 Implementation of hardware and software infrastructure of Service Desk systems of Implementation of hardware and software infrastructure of operation systems of Implementation of software infrastructure of Service Desk systems Implementation of relationship of Service Desk systems with some other systems Implementation of hardware infrastructure of operation systems Implementation of software infrastructure of operation systems Implementation of relationship of operation systems with some other systems TABLE X. KEY PERFORMANCE INDICATORS AND CRITICAL SUCCESS FACTORS FOR ONE SPECIFIED ISO/IEC PROCESS Key performance indicators of ISO/IEC process Critical success factors of ISO/IEC process Release Release and Deployment Management for and Deployment Management for The maximum allowed time which is needed for the implementation of hardware and software infrastructure of 30 days technical systems of The maximum allowed time which is needed for the implementation of hardware and software infrastructure of 35 days application systems of The maximum allowed time which is needed for the implementation of hardware and software infrastructure of 24 days Service Desk systems of The maximum allowed time which is needed for the implementation of hardware and software infrastructure of 14 days operation systems of TABLE XI. KEY GOALS AND KEY ACTIVITIES FOR ONE SPECIFIED ISO/IEC PROCESS Key activities of ISO/IEC process Ensure objective for Checking the validity of implemented information security procedures in technical systems Checking the validity of implemented information security procedures in application systems Checking the validity of implemented information security procedures in Service Desk systems Checking the validity of implemented information security procedures in operation systems Key goals of ISO/IEC process Ensure objective for Checking the correctness of implemented information security procedures and their results in the production environment of The analysis of do implemented security procedures can meet current business needs of IPTV and VoIP service The detailed analysis of do each implemented security procedure can meet current business needs of technical systems The detailed analysis of do each implemented security procedure can meet current business needs of application systems The detailed analysis of do each implemented security procedure can meet current business needs of Service Desk systems The detailed analysis of do each implemented security procedure can meet current business needs of operation systems TABLE XII. KEY PERFORMANCE INDICATORS AND CRITICAL SUCCESS FACTORS FOR ONE SPECIFIED ISO/IEC PROCESS Key performance indicators of ISO/IEC process Critical success factors of ISO/IEC process Ensure Ensure objective for objective for The average allowed time which is needed for checking the validity of implemented information security procedures in technical systems, the allowed percentage of realized security 2 months, 94% procedures for these systems that can meet the business needs of The average allowed time which is needed for checking the validity of implemented information security procedures in application systems, the allowed percentage of realized security 3 months, 85% procedures for these systems that can meet the business needs of The average allowed time which is needed for checking the validity of implemented information security procedures in Service Desk systems, the allowed percentage of realized 3 months, 87% security procedures for these systems that can meet the business needs of The average allowed time which is needed for checking the validity of implemented information security procedures in operation systems, the allowed percentage of realized security 6 months, 80% procedures for these systems that can meet the business needs of ISBN: