ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1
What is ITIL? The IT Infrastructure Library A set of books comprising an IT service management Best Practices framework An industry of products, services, and organizations Unique: consistent, comprehensive, nonproprietary Created by and for the British government, later expanded for use in all organizations Gives a detailed description of important IT practices, with comprehensive checklists, tasks, procedures and responsibilities. And can be tailored to any IT organization. 2
ITIL Objectives Create a set of comprehensive, consistent and coherent codes of Best Practice for quality IT service management, promoting business effectiveness in the use of IT Encourage the private sector to develop services and products (training, consultancy and tools) that support ITIL Provide an approach based on the best examples taken from practice 3
ITIL defined! Codes of practice for Quality management of IT Services and Infrastructure ITIL has its own definition for key terms Quality means matched to business needs and user requirements as these evolve" 4
Why use ITIL? IT service providers use ITIL concepts and practices to: Increase satisfaction of customers / users with IT services Enhance communication with customers Achieve higher reliability in mission-critical systems and infrastructure Improve the cost/benefit of services Create a common sense among staff 5
ITIL is easy 6
ITIL, not just tools & processes People Culture, Attitudes Beliefs & Skills Strategy Steering Direction Integration Service Support & Service Delivery Process Infrastructure (Technology & Tools) Products 7
Who Made & Maintains ITIL? The Office of Government Commerce created ITIL in the late 1980 s; still own it today. The National Exam Institute for Informatics (Netherlands). Current ITIL examination caretakers. Contracted in 1995 by the OGC to maintain and develop ITIL. In 2004, the OGC transferred the responsibility of managing EXIN to the itsmf. 8
Certifying Bodies The Information Systems Examination Board (UK). Part of the British Computer Society. The National Exam Institute for Informatics (Netherlands). Contracted since 1995 to maintain ITIL s examination and certification process. Loyalist College in Canada Loyalist and Prometric (Sylvan) in the USA 9
ITIL Certification & Training EXIN and ISEB provide certification testing at Foundation, Practitioner, and Manager levels Training is typically 2-3 days for Foundation, 2-3 days for Practitioner, 10 days for Manager Foundation Basic understanding of all eleven ITIL service management modules Practitioner Deep understanding of one of the ITIL service management modules Service Manager Deeper understanding of all eleven ITIL service management modules 10
ITIL - 7 Core volumes 11
ITIL - 7 Core volumes The Business Perspective Covers a range of issues concerned with understanding and improving IT service provision, as an integral part of an overall business requirement for high quality IS management. Planning to Implement Service Discusses the key issues of planning and implementing IT service management. It explains the steps required for implementation and improvement of IT service delivery. 12
ITIL - 7 Core volumes Information & Communications Technology (ICT) Infrastructure Covers all aspects of ICT infrastructure from the identification of business requirements through the tendering process, to the testing, installation, deployment, and ongoing support and maintenance of the ICT components and IT services. Network Service Operations of Local Processors Computer Installation and Acceptance Systems. Applications Discusses software development using a life cycle approach and expands on the issues of business change with emphasis on clear requirements definition and implementation of solutions to meet business needs. 13
ITIL - 7 Core volumes Security Details the process of planning and managing a defined level of security on information and ICT services, including all aspects associated with the reaction to security incidents. Service Support Is concerned with ensuring that the Customer has access to the appropriate services to support the business functions. Service Delivery Looks at what service the business requires of the provider in order to provide adequate support to the business Users. 14
Service Support 15
Service Delivery 16
Service Desk Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 17
Service Desk Goals To support business activities and drive service improvement To be primary point of contact To manage the Incident lifecycle To manage service requests To maintain ownership of a User Incident through to completion 18
Service Desk Objectives To provide a single point of contact for Customers To be a Customer interface for IT To improve incident response performance Improving service levels To facilitate the restoration of normal operational service, quickly as possible, with minimal business impact on the Customer within agreed service levels and business priorities 19
Incident Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 20
Incident Goals Restore normal service operation as quickly as possible within Service Level Agreements (SLA) limits Minimize the adverse impact on business operations Ensuring that the best possible levels of service quality and availability are maintained Maintain and apply a consistent approach to managing Incidents 21
Incident Objectives Return to the normal service level as defined in the Service Level Agreement as soon as possible with the smallest possible impact on the business activities Keep effective records of incidents to: measure and improve the process Provide appropriate information to other services management processes Report on incident progress 22
Problem Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 23
Problem Goals Stabilize IT services through: Minimizing the consequences of incidents by identifying trusted quick fixes Identifying and removing the root causes of potential incidents Identifying and managing Known Errors To improve the quality of services delivered to customers by reducing the number of preventable service disruptions 24
Problem Objectives To reduce both the number and severity of Incidents and Problems on the business that are caused by errors within the IT Infrastructure. What s causing these Incidents? 25
Incident Cycle Known Error from Release Problems Incident Control Error Control Problem Control Event Progression Incident Service Desk Resolution Problem Known Error Problem Resolution Change Request Change Resolution 26
Change Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 27
Change Goals Ensure that standardized methods and procedures are used for efficient and prompt handling of all Changes Minimize the impact of Changerelated incidents upon service quality Improve the day-to-day operations of the organization Maintain a balance between the need for change against the impact of change 28
Change Objectives Standard methods and procedures are used Changes be dealt with quickly, with the lowest impact on service quality All changes are traceable Change is good, donkey!! 29
Release Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Service Support Configuration Release Problem 30
Release Goals Plan and oversee the successful rollout of software and related hardware Ensure that hardware and software being changed is traceable, secure and that only correct, authorised and tested versions are installed Communicate and manage expectations of the customer during the planning and rollout of new releases Agree on the exact content and rollout plan for the release, through liaison with Change Implement new software releases or hardware into the operational environment using the controlling processes of Configuration (CIs) and Change 31
Release Objectives Safeguard all software, hardware & related items Ensure that only tested / correct versions of authorized software and hardware are in use Right software / hardware, right time, right place Redundant hardware, software identified for Request For Change Protect the live environment & its services! 32
Configuration Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 33
Configuration Goals To enable control of the infrastructure and services by monitoring, maintaining and verifying information on: All resources needed to deliver services Configuration Item status and history Configuration Item relationships Provide accurate information on the IT infrastructure for all the other Service processes & IT To assist with impact assessment of proposed changes Verify the configuration records against the infrastructure and correct any exceptions 34
Configuration Objectives Keeping reliable records of details of IT Assets and services provided by the organization Do I get stored in the CMDB? All Resources needed to deliver Services Configuration Items (CI) Status and History Configuration Item Relationships Providing accurate information and documentation to support the other Service processes 35
CGI Integrated IT Service Incident Problem DHL: Definitive Hardware library Availability Complete record of all CI s associated with the IT infrastructure: versions, location, documentation, components, services and the relationships between them Service Relationship Operational State - Current - Historical Related Incidents Related Problems Capacity Related Changes - Current - Historical HW, SW, Network, Documents, people, organization IT Financial Asset Financial & Contract Invoice Reconciliation Chargeback Info. Locations Cost Stockrooms Capitalization Total Cost of Ownership Inventory Containment Hierarchy System mgmt Remote access Auto-discovery tool Auto-recovery tool Monitoring Metering (HW-SW usage) Contract Warranty Vendor Information Physical Attributes Service catalogue Product catalogue CI relationships include the usage, the ownership, the service relationships, etc. IT Service Continuity Availability Configuration items Relationships : Peer-to-peer, parent-child, free-form relations Capacity Identifies, records, controls and reports on IT components. Configuration Database (CMDB) DSL Definitive Software Library Configuration -Standard/Basic change (pre-approved): IMAC, - Urgent change, Planned change SLA Release Change Lease License Depreciation TCO Lease mgmt Vendor mgmt SW licence mgmt Warranty mgmt Contract mgmt Service chargebacks HW-SW Asset status ERP Financial Procurement HR 36
Service Level Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 37
Service Level Goals Maintain and improve IT Service quality Constant cycle of agreeing, monitoring and reporting upon IT service achievements Instigation of actions to eradicate poor service - in line with business or cost justification. Better relationship between IT and its Customers 38
Service Level Objectives Ensures that the IT services required by the customer are continuously maintained and improved Achieved by agreeing, monitoring and reporting the performance of the IT organization 39
Availability Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 40
Availability Goals To understand the availability requirements of the business and to plan, measure, monitor and continuously strive to improve the availability of the IT infrastructure, services and supporting organization to ensure these requirements are met consistently To enable the business to satisfy its business objectives by: Optimizing the capability of the IT infrastructure, services and supporting organization Delivering a cost-effective and sustained level of availability 41
Availability Objectives Ensure IT services are designed to deliver the levels of availability required by the business Provide a range of IT availability reporting to ensure that agreed levels of availability, reliability and maintainability are measured and monitored on an ongoing basis Optimize the availability of the IT infrastructure to deliver cost effective improvements that deliver tangible benefits to the business & user Achieve over a period of time a reduction in the frequency and duration of incidents that impact IT availability 42
Capacity Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 43
Capacity Goals To determine the right, cost justifiable, capacity of IT resources To understand the business requirements, current operations and IT infrastructure to ensure that the current and future capacity and performance aspects of the business are provided cost-effectively To understand the potential for improved service design and delivery 44
Capacity Objectives Consistently provide the required IT resources: At the right time At the right cost Aligned with the current and future business requirements Need to understand the expected business developments affecting customers and anticipate technical developments Important role in determining returns on investment and cost justification 45
Financial for IT Services Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 46
Financial Goals To provide cost-effective stewardship of any of the organization s IT asset or resources used to deliver IT services To be able to account fully for IT service expenditures To attribute these costs to the services delivered to Customers and determine whether value for money is being obtained To assist management decisions on IT investment by providing detailed business cases for changes to IT services 47
Financial Objectives Assist the internal IT organization with the cost-effective management of IT resources required for the provision of IT services Break down the IT service costs, and associate them with IT services Support management decisions with respect to IT investments Encourage the cost aware use of IT facilities 48
IT Service Continuity Service Level Availability Financial Service Delivery IT Service Continuity Service Desk Capacity Change Incident Release Service Support Configuration Problem 49
IT Service Continuity Goals To support overall Business Continuity To improve the chance of business survival by: Reducing the service vulnerability and risk to the business Reducing the impact of a disaster or major failure Maintaining a pre-determined level of service in the event of a disaster To preserve high customer and user confidence 50
IT Service Continuity Objectives Support the overall Business Continuity by ensuring that the required IT infrastructure and IT services can be restored within specified time limits after a disaster. 51
COBIT & How does it map to ITIL 52
Control Objectives for Information and Related Technology (COBIT) Sponsor: Information Systems Audit and Control Association and the IT Governance Institute What it is: An audit-oriented set of guidelines for IT processes, practices and controls. Geared to risk reduction, focusing on integrity, reliability and security. Addresses four domains: planning and organization, acquisition and implementation, delivery and support, and monitoring. Has six maturity levels, similar to CMM's. Strengths: Good checklists for IT. Enables IT to address risks not explicitly addressed by other frameworks and to pass audits. Can work well with other frameworks, especially ITIL. Limitations: Says what to do but not how to do it. Doesn't deal directly with software development or IT services. Doesn't provide road map for continuous process improvement. 53
COBIT & ITIL Mappings PLANNING & ORGANISATION COBIT ITIL 1. Define a Strategic Information Technology Plan Planning & control for IT Services 2. Define the Information Architecture Security 3. Determine the Technology Direction Determine the Technology Direction 4. Define the IT Organization and Relationships IT Services Organization 5. Manage the Investment in Information Technology Financial 6. Communicate Aims and Direction 7. Manage Human Resources 8. Ensure Compliance with External Requirements 9. Assess Risks 10. Manage Projects 11. Manage Quality Quality for IT Services (CCTA Quality Library) 54
COBIT & ITIL Mappings ACQUISITION & IMPLEMENTATION COBIT ITIL 1. Identify Solutions Service Level ; Change ; Security ; Release 2. Acquire and Maintain Application Software Change, Availability 3. Acquire and Maintain Technology Architecture Problem ; Security ; Change 4. Develop and Maintain Information Technology Procedures 5. Install and Accredit Systems Capacity ; Change ; Security 55
COBIT & ITIL Mappings DELIVERY & SUPPORT COBIT ITIL 1. Define Service Levels Service Level 2. Manage Third-Party Services Service Level 3. Manage Performance and Capacity Capacity 4. Ensure Continuous Service Availability, Contingency Planning 5. Ensure Systems Security Security 6. Identify and Allocate Costs Financial 7. Educate and Train Users Customer Liaison 8. Assisting and Advising Information Technology Customers Incident (Service Desk) 9. Manage the Configuration Configuration 10. Manage Problems and Incident Problem 11. Manage Data Capacity, Release, Availability ; Contingency Planning 12. Manage Facilities 13. Manage Operations 56
COBIT & ITIL Mappings MONITORING COBIT ITIL 1. Monitor the Process 2. Obtain Independent Assurance 3. Obtain Independent Assurance 4. Provide for Independent Audit 57
ISO17799 & How does it map to ITIL 58
ISO17799 Sponsor: British Standards Institution What it is: ISO/IEC 17799:2000 provides information to responsible parties for implementing information security within an organisation. It can be seen as a basis for developing security standards and management practices within an organisation to improve reliability on information security in inter-organisational relationships. 59
ISO17799 & ITIL Mappings ISO17799 ITIL System Access Control Security Computer & Operations ICT Infrastructure System Development and Maintenance Application Physical and Environmental Security Security Compliance Security Personnel Security Security Security Organization Security Asset Classification and Control Configuration Business Continuity (BCM) IT Service Continuity 60
itsmf 61
IT Service Forum The IT Service Forum. The independent forum for ITIL users, formed in 1991. Promotes exchange of information and experience to assist IT organizations in managing the delivery of IT services. Chapters in the UK, Netherlands, Belgium, Germany/Austria/Switzerland, Canada, South Africa, the USA and Australia. A major influencer and contributor to Industry Best Practice and Standards worldwide. 62
CGI 63
About CGI CGI is the 8th largest independent IT services firm in the world We combine industry expertise, end-to-end services and global delivery capabilities to deliver cost-effective solutions that help clients win and grow 64
CGI Contact Steve Worth Senior Consultant ITSM / ITIL Centre of Excellence CGI Email - steve.worth@cgi.com 65
Thank You! 66