Title: Lucent s ITSM Journey Session #: 299 Speaker: Sheila Bridge Company: Lucent Technologies, Inc.
Presentation Outline q Background q Foundation to Support Successful ITSM Implementation q ITSM Project Execution Year 1 q ITSM Project Continues Year 2 q ITSM Project Benefits q Summary 2
3 Background
Before ITSM.. Sarbanes Oxley Was the Initial Driving Force for Redefining and Implementing Standard IT Processes Process Development and Implementation Was Well on the Way to Support 404 Certification in September of 2003 Standard Processes Were Developed In house With Support From Consultants. Most of the Processes Were to Be Implemented Without Supporting Tools Beginning Stages of Incident Management and Helpdesk Were Implemented in Early 2003 Program/Project Management Processes Were Implemented in Mid 2003 Change Management Tool and Process Was Implemented in Late 2003 Tactical Implementation of CMDB Was Underway Additional Operational Processes Were Being Implemented IT Team Members Were ITIL Certified. Development of ITIL Practitioner Training Program Was Underway 4
ITSM Drivers The Extension of the Sarbanes Oxley Certification Date Afforded Lucent the Opportunity to Validate and Align Direction, Implement Process Improvements and Establish Leverage for Lucent s Products: Implement Best in Class Integrated Processes and Tools Establish an End State Architecture Move Beyond Vertical Process Development to a Global Integrated Best in Class Platform Leverage and Integrate Lucent s VitalSuite Product Into the Platform to Support Application Monitoring Fully Integrate IT Work Processes Define Single Global Process for All IT Work Processes Coordinate All Processes Through Common Integrated Tools Support and Extend Organization s Horizontal Processdriven Model (IT Delivery Model) 5
ITSM Program Objectives To Implement Best in Class Tools and Processes to Support the Management of Applications, Infrastructure and Network To Leverage HP s Best Practice Tools and Processes to Integrate all processes and Provide Appropriate Internal Controls Facilitating Compliance With Sarbanes Oxley Regulations Incident Management Problem Management Change Management Configuration Management Release To Production Security Administration Security Incident Service Operations Management Event Management Service Level Management Availability Management Capacity Management 6
HP s Best Practices Processes IT business assessment Security IT strategy and architecture planning Continuity management Customer management Availability management Service planning Capacity management Service level Management Financial management Problem management Change management Incident and service request management Configuration Management Service build and test Operations management Release to production 7
Foundation to Support Successful ITSM Implementation 8
Key Elements of An IT Delivery Model Focused Leadership Consistent and Constant IT Governance (Approval and Decision Making) Process oriented How Work Is Organized and Integrated Defined Roles and Responsibilities 9
10 ITSM Project Execution Year 1
11 Program Initiation Success Criteria Passionate CIO and IT Executive Leadership Team Sponsorship #1 IT Priority Project Hand picked Dedicated Project Team Entire IT Organization was ITIL certified Hard Deadline With Defined Critical Success Factors (SOX Criticality) Integration of IT Delivery Model and ITSM Foundation Tools HP Openview and Lucent Vitalsuite
Approach Leverage HP Best Practices Lucent s Approach Confirm Not Customize Lucent and HP Commitment to Deploy a Best Practice Model of ITSM HP Best Practices Design Included Pre integrated Processes and Tools The Heart of the Architecture Built Around CMDB With Event and Trouble Ticket Integration Leverage Existing Architecture and HP Tools Choose Foundation Tool Unify Work Processes Centrally Around Integrated OVSD Tool and the Strategic CMDB (Expanded) Deploy OVO Integrated Toolset (OVO MOM / MLM Event Collectors Plus Measurement and Reporting Components) Integration of Security Toolset 12
Evaluation, Assessment and Design Established The Approach: Workshop based, Directed Design Led by Lucent/HP Objective: Identify Any Significant Gaps That May Prevent Progress Integrated Design Team Total Organizational Commitment, End to end Focus and Integration Hard Deadline for Design Completion Conducted Integrated Design Review Three Week Lockdown Approach Conduct Process Walkthroughs Review and Buy in to Tools Design Finalize Design Strategy and Implementation Plans Identify Key Gaps and Establish Implementation Scope Defined the ITSM Technical Architecture Baseline To Support Additional Implementation in 2005 and 2006 13
Define Compliance Approach Evaluate and Re define, As Necessary, High Risks and Internal Controls for the Following: Establish Detective and Preventive Controls Define Risk and Control Matrices (RCM) Define Detective and Preventive Controls for Each Risk Point Define the Explicit Evidence for These Controls Update or Create Work Instructions to Ensure Execution Details Support the Process Control 14
Governance and Staffing Project Team Full Time and Dedicated Resources Needed To Ensure Continuity and Sustainability 129 Lucent Management and Technical Staff 34 HP/Other Contractor Staff Extended Team All Other Lucent IT Employees, Contractors, And Outsourced Vendor Partners Project Governance Model Used a RACI Chart to Ensure Clear Responsibilities and Accountabilities Organization Change Management Activity Was Key to Leading the Organization Change Effort Program/project Management (PMO) Organization Integrated Across All Partners RACI: Responsibility, Accountability, Communication to, Input needed from 15
16 Configure, Build and Test (CBT) No Software Customization Lucent Specific Configuration Service Support Focus CMDB as the heart of the Service support module Service Delivery Focus Operations Management and Event Management Tested Processes and Tool Integration Timeline For 3/1/05 Deployment 10/14/04 Project Initiation and Project Teams Formed 11/9/04 IT Teams Realigned to Support New ITSM Roles and Responsibilities 01/05/05 Production Hardware Available 02/13/05 02/17/05 02/28/05 System Test Completed (53 Test Scripts) UAT Completed (28 Test Scripts) GO Live Training Completed Configure, Build And Test Was Completed In In 19 19 Weeks
Project Execution Go Live ITSM LIVE! 4:00 AM CST March 1, 2005 17
Results Fully Integrated IT Work Processes Defined Single Global Process for All IT Work Processes Coordinate All Processes Through Common Integrated Tools Maintained Integrity of Change Process without interruption Supported and Extended the Organization s Horizontal Process driven Model. Achieved Sarbanes Oxley Compliance. Leveraged and Integrated Lucent s VitalSuite With HP s OpenView 18
Best Practices Implemented Based on ITIL Standards Organization Trained in ITIL Aligned With The IT Delivery Model Provided Appropriate Internal Controls to Ensure Compliance With Sarbanes Oxley Regulations Global Implementation Auditable and Integrated Processes and Tools Training..Training..Training Documented Processes Flows and Work Instructions Documented Risks and Controls Procedure for Storing Control Evidence Organization and Teams Separation of Duties Change Advisory Board and a Forward Schedule of Change ITSM Governance Council Configuration Management Council 19
3.1.x Project Planning Processes 3.2.1 Project Planning & Scoping 3.2.2 Resource Management 3.3.x Project Control & Execution Processes 3.4.x Gate Reviews Start 3.3.6.1 Identify Change 3.3.6.2 Conduct C hange Analysis ( cos t, schedule, etc) 3.3.6.3 Review Change and Strategy with SLT 3.3.6.4 PCR R equired? 3.3.6.6 Category 1? 3.3.6.5 Manage as an Iss ue? 3.3.5 Issues Management 3.3.6.7 Create Category 1 PCR 3.3.6.8 Create Category 2 4 PCR and Assessment 3.3.6.9 Review PCR 3.3.6.17 Category 2? 3.3.6.13 Review PCR & Provide Sign off 3.3.6.12 WPE Sign off Requied 3.3.6.11 Flag approval, Acquire Sign offs and submit CA2 3.3.6.10 PCR Approved? Cat 2 4 3.3.6.14 Sign off Obtained? Cat 1 3.3.6.15 Mitigate Sign off Issues 3.3.6.16 Review & Assess PCR 3.3.6.18 Prepare Agenda for Control Meeting 3.3.6.19 Review Changes at Weekly Prog Control Mtg C A2 Cat 2 4 Cat 1 3.3.6.20 Change Approved? 3.3.6.24 Implement Change 3.3.6.23 Update Project Plan and R equest Baseline 3.3.6.22 Update Hyperlens as required 3.3.6.21 Update outcome and create Action Items 3.3.6.25 go Live Date Chg? 4.3:5.0 Change Mgmt 3.8.1 Knowledge Center Mgmt Stop Sample Standard Operating Procedures (SOPs) Process Model Role Definitions Responsibility Lane Business Application Owner (BAO) Global Process Owner (GPO) Business Sarbox PMO CIO Client Manager (IT Executive Leadership Team (ELT) WP Box Owner WP3 Box Owner IT PMO Definition Business representative responsible for the controls and integrity of an application as it relates to Sarbox 404 compliance. Business Global process owner responsible for the business controls and processes supporting Sarbox 404 compliance. Lucent Sarbanes/Oxley PMO organization responsible for the oversight and compliance of processes and systems to ensure Sarbox 404 compliance. Lucent Technologies Chief Information Officer. This group within Lucent Technologies IT is comprised of individuals that serve as a single point of contact for Work Process Owners and Work Process Executives. They are responsible for gathering business needs/requirements, and for facilitating communications between the business and IT. All of the individuals within IT that report directly to the CIO. One important responsibility of the Executive Leadership Team is to convene a weekly Program Control Meeting to discuss and make decisions, if necessary, on Key Items, Key Issues, Key Risks, Changes and Key Dependencies. A single, individual member of the IT Executive Leadership Team. There is an executive responsible for each of the following organizations within IT: Strategy & Planning Program, Supplier & Risk Management Application Solutions Strategic Application Solutions QTC/EDW Infrastructure Solutions Operations & Services Role Descriptions WP3 Box Owner reports directly to the CIO and is responsible for Lucent Technologies Information Technology's Program, Supplier & Risk Management sub organization. This includes overall direction and leadership of IT's Program Management Office, Supplier Management, Financial & Asset Management, Business Continuity Planning, and Audit Liaison teams. In this capacity, the executive is accountable for overall integration and delivery of the IT Program Plan in support of Lucent Technologies' business strategies, objectives, and initiatives. IT Program Management Office: One of the organizations managed by the WP3 Box Owner, the IT PMO is responsible for the development and day to day management & coordination of the IT Program Plan. WPE Team Member Project Manager Accountable SLT WP Box Owner IT PMO IT Executive Leadership Team (ELT) Process Project/Program Change Work flow ID Sub process Change Manager 3.3.6.1 Identify Change r A,r R r WPE GPO/ BAI & Sox PMO Client Manager IT Executive Leadership Team 3.3.6.2 Conduct Change Analysis A C R 3.3.6.3 Review Change and Strategy with SLT. ELT Box Owner WP3 Box Owner SLT (Onwer) IT PMO Project Management A R r 3.3.6.4 PCR Required? A C R 3.3.6.5 Manage as an Issue? A R 3.3.6.6 Category 1? A R 3.3.6.7 Create Category 1 PCR A I R 3.3.6.8 Create Category 2 4 PCR A I R 3.3.6.9 Review PCR A,R C C 3.3.6.10 PCR Approved? A,R I I 3.3.6.11 Flag Approval Acquire Sign off and Submit A I R 3.3.6.12 WPE Sign off Required? I A I R 3.3.6.13 Review PCR and Provide Sign off A, R 3.3.6.14 Sign off Obtained? A, R 3.3.6.15 Mitigate Sign off Issues C A,r r r R 3.3.6.16 Review and Assess PCR A R C 3.3.6.17 Category 2? A R 3.3.6.18 Prepare Agenda for Control Mtg A R 3.3.6.19 Review Changes at Weekly Program Control Meeting 3.3.6.20 Change Approved? A, R RACI Responsibility Matrix Role based Workflow Diagrams Yes (3.3.6 Project/Program Change) No No Yes Yes Sarba nes/oxley Defined Ris k No R1 No r Yes Yes Yes No No R1 A, R Sarbanes/Oxley Control Point No 3.3.6.3 Yes Yes r I No C I No 3.3.6.3 Team Member Yes Standard Operating Procedures (SOPs) based on leading practice were defined to identify process steps and standard roles and responsibilities within the processes. This included: Process Model Role Descriptions RACI Responsibility Matrix Role based Workflow Diagrams All steps and roles are tied to the delivery model boxes. Began with planning and control processes, then addressed operations, finally design & implementation. 20
Sample Process Flow Change Management Overview Change Requester Change Coordinator 2.1.1 Log and Classify Change Change Successful? No Yes Change Manger Change Advisory Board 2.1.4 Approve Change 2.1.8 Emergency Change 2.1.10 Review Change Change Owner 2.1.2 Plan Change 2.1.3 Risk & Impact Assessment 2.1.5 Schedule Release to Production Handoff 2.1.6 Implement Change 2.1.7 Back out Change 2.1.9 Standard Change 21
22 ITSM Project Continues Year 2
Post 3/1/05 Enhancements Further Integration Between HP s OVO, OVSD and Lucent s VitalSuite to: Integrated Event, Capacity and Availability Management With Incident & Service Request Management. Extended Application Monitoring Using HP s OVO & Lucent s VitalSuite Platform. Implemented Additional Security Tools. Extended CMDB Scope by Incorporating Network Elements. Developed and Piloted a Self Service Portal. Developed and Piloted Metrics Using HP s Service Information Portal (SIP) Dashboard. 23
Post 3/1/05 Enhancements Deployed Web based Forward Schedule of Change (FSC) Developed Service Levels and Deployed Service Level Management (SLM) Processes and Tools. Deployed Problem Management Trending Process/Tools. Implemented Process Key Performance Indicator (KPI) Reporting. Adopted and Deployed HP s Provision Process Modeling to Support Users of the Change Management Process. 24
Post 3/1/05 Efficiencies Continuous Assessment of Processes and Tools through Process Focus Sessions Proactive Introduction of Process Improvements Conducted IT Management Audits to Confirm Processes Are Working Efficiently or Highlight Gaps to Be Remediated Annual Review and Evaluation of IT General Controls IT General Controls Training and Certification Course 25
ITSM Then and Now As As of of 3/1/05! Configuration Items Items (CI s) (CI s) loaded loaded into into CMDB CMDB Approx. 2000 2000 RFC s RFC s And And Incidents Transitioned to to OVSD OVSD Servers Deployed With With OVO OVO and and MLM MLM OVO OVO Agents Deployed on on Servers to to Monitor and and Capture Events Events Applications Monitored With With Lucent Lucent VitalSuite Overview Control and and Process Training Rollout to to Over Over 700 700 Associates Core/Practitioner Process/Tool Training Rollout to to Over Over 370 370 Associates 26 As As of of 5/1/06! Number of of CI s CI s Have Have Increased Threefold Since Since Go live RFC RFC have have increased 1000% 1000% since since Go Live Service Requests and and Incident Tickets Have Have Increased tremendously OVO OVO Deployment to to Servers Increased by by 200% 200% Additional Applications Are Are Being Being Monitored by by Lucent Lucent VitalSuite Reinforcement Training Provided IT IT General Controls Training & Certification
27 ITSM Project Benefits
ITSM Project Benefits Sarbanes Oxley Compliance 2005 Sarbanes Oxley (SOX) Audit resulted in IT receiving A+ Continued Deployment and Automation Positioned Lucent IT to Achieve Year Over Year Compliance. Significantly Reduced Risks End to End Integration Helped to Drive A Controlled Environment Provided the Ability to Track and Trend Easier Highlighted Errors Before Detected by Human Intervention Facilitated the consolidation of multiple separate Service/Help Desk Into One Global Helpdesk Facilitated a seamless move of a Major Datacenter Integrated Event, Capacity, and Availability Management with Incident and Service Request Management Provided the Opportunity to Showcase Lucent s Product VitalSuite Integration with HP s ITSM Tools 28
29 Summary
And the Journey Continues The Initial Journey. On May 1, 2004, Launched the Initial Design Phase for ITSM On November 15, 2004, Launched the Implementation Phase On March 1, 2005, Completed Deployment of Phase 1 of a Full Scale Implementation of ITSM And The Journey Continues. On August 29, 2005, Completed Integration Between OVO and OVSD to Automate Ticket Creation for Events and Integration of Capacity and Availability Management On December 19, 2005, Extended CMDB scope by incorporating Network Elements On January 30, 2006, Piloted Client View Log to Be Used for Self Service Portal On February 27, 2006, Deployed Crystal Reports To Support Process KPIs On March 31, 2006, Piloted Deployment of Service Information Portal (Dashboard) On April 24, 2006, Deployed Change Management Process Support Using Provision 30
Retrospective Lessons Learned Effort Must Be a #1 Priority. Confirm, NOT Customize Must Be the Motto. Customization increases Cost and Time. Use a Top down Approach, Address Big Chunks First, Then Tackle the Finer Points. Take the Time to Define and Evaluate Roles and Job Functions, Then Ensure That Every Person Gets Assigned to a Pre defined Job. The Organizational Change Management Part of This Is Huge Don t Underestimate It. Introduction of New Processes/Tools and Training Required Additional Lead Time. 31
32 Retrospective Lessons Learned Organization Change Management Activities Must Start As Early As the Project to Smooth the Way for Deployment. Define an Overall Implementation Strategy and Decide Where to Make Tradeoffs. Take Tactical Steps to Address Immediate Issues, While Working Intermediate and Long Term Solutions. Go Live Date Must Be Firm or Else Other Priorities Will Get in the Way. Implement Multiple Processes at Once to Leverage Synergies. The Approach of Doing One Process First and Do Others Later Will Elongate the Implementation Timeframe and Total Cost. Risks and Controls Require Careful Analysis and Integration With Best Practice Work Instructions to Support Evidentiary Needs for Compliance
Summary ITSM Implementation Was Demanding Yet Rewarding, and Proved to Be a Valuable Growth Opportunity for All in the Organization. Critical Success Factors Included: Partnership With HP Total Leadership Commitment End to end, Top to bottom #1 IT Project Total Resource Commitment Process Leads/teams Chosen From Best of the Best Process Leads/teams Staffed Full Time All Resource Requests Supported Empowered Project Managers to Manage Scope and Timeline Cooperation and Strong Commitments Among External Partners 33
34 Single Minded, Relentless Execution Towards the Goal!