ETICS Service Management Framework Business Objectives and Best Practice Guidance ETICS2 All Hands Meeting Uwe Mueller-Wilm VEGA GmbH Palermo, Oct. 2008
Customer Feedback Transcriptions of ETICS Feedback at Aerospace Industry We really would like to have a system development and deployment environment which: Is delivered with processes and procedures which enforces use of industry best practice software standards, including quality aspects; Supports a centralized repository under our control; Offers a common working environment, shared between our offsite contractors and us; Offers secure access for authorized users; Supports authorisation ti of system access, level l and scope; Allows flexibility in composing the groups of authorized users; Supports us in the deployment of the software developed by us; Convinces our key contractors... 2
Extracting the Essentials Summary of Expectations and Benefits Standardisation Configuration Control Visibility of development, maintenance and deployment status and progress; Collaborative Use of the environment; Security in interaction, Protection against outside world; Flexibility in configuration; Acceptance of environment by users community. In Summary: not only a System is wanted, which offers these capabilities, in addition a Service which aids in the software development and maintenance and deployment processes. 3
ETICS Business Outlook Service Strategy What is the market? Commercial companies which are interested in a secured and standardized software development environment, which also can be shared across their own organisation. What is the business? Providing a Service built on or around ETICS in essence: leasing an ETICS based software development / maintenance environment to (potential) customers. Providing this service requires Standardized Processes and Procedures. 4
Looking for Standards What could be Applicable? Summary of most suitable standards / frameworks For the Service: ISO/IEC 20000: defines requirements for a Service Provider to deliver Managed Services. ITIL V3: provides a framework of Best Practice guidance for IT Service Management. For ETICS: ISO/IEC 12207: establishes a common framework for Software Life Cycle Processes, with well-defined terminology. 5
A Proposed Architecture ISO 12207, 20000, ITIL V3 and Procedures Process Definition Service Definition Standard Procedures Deployed Solution ISO 20000-1 Specification ISO 20000-2 2 Code of Practice ISO 20000-4 Process Reference Model ITIL V3 Service Life Cycle Approach ISO 12207 Software Life Cycle Processes In-House ETICS Procedures Not Published available before since 2005 2010 Proposal: not published before 2010 First version available since May 2007 Well established standard To be implemented 6
ITIL V3 The Service Lifecycle Approach Service Transition Service Strategy Service Design Service Operation Continual Service Improvement 7
ITIL V3 Core Description Service Strategy: focuses on the identification of market opportunities for which services could be developed. Defines strategies for the design, implementation, maintenance and continual improvement of the service. Service Design: activities to develop the strategy addressing all aspects of the proposed service. Key areas are Availability Management, Capacity Management, Continuity Management and Security Management. Service Transition: focuses on the implementation of the service design outputs and the modification of an existing service. Key areas are Change Management, Release Management, Configuration Management and Service Knowledge Management. Service Operation: focuses on the activities required to operate the services and maintain their functionality. Key areas are Incident Management, Problem Management and Request Fulfilment. Continual Service Improvement: focuses on the ability to improve quality of the services that is provided. Key areas are Service Reporting, Service Measurement and Service Level Management. 8
ITIL V3 The Service Lifecycle Approach Useful for developing strategies how ETICS can be extended as a commercial Service; Business processes can be applied with the aim to upgrade ETICS as a Service, in which context the development of commercial applications following industry best practice standards can take place. 9
ISO/IEC 12207 The Software Life Cycle Processes Supporting: Documentation Primary: Maintenance Configuration Mgmt. Organizational: Management Operation Quality Assurance Infrastructure Development Verification Improvement Supply Validation Training Acquisition Joint Review Audit Problem Resolution 10
ISO/IEC 12207 The Software Life Cycle Processes Useful for elaborating gprocesses and procedures how ETICS can support in using industry best practice software standards; Software oriented procedures can be applied to concrete application development within the context of ETICS as an development / maintenance System. 11
Interaction between Processes and Procedures Our Vision ITIL V3 Service Life Cycle Approach Service Operation (incident, problem, request handling ) Service Transition (release, change, configuration, deployment) Service Impro ovement Continual Mapping Layer: Service Elements to Processes & Procedures ISO 12207 Software Life Cycle Processes Development Operation Maintenance Build Tools Mapping Layer: Processes & Procedures to Tools Test Tools Config. Tools Plug-In Framework Admin. Tools ETICS Framework 12
How to get there? Steps to be performed Service Strategy What is the business? (already discussed) cost, billing models Service Design Availability, capacity, security, continuity Service Requirements Tools to be developed 13
Example Release Management Requirement: q customers stated that the wish to have control on the release and deployment procedures for tested software. ISO/IEC 12207,6.2.6.1 Release management and delivery: The release and delivery of software products and documentation shall be formally controlled. Master copies of code and documentation shall be maintained for the life of the software product. The code and documentation that contain safety or security critical functions shall be handled, stored, packaged and delivered in accordance with the policies of the organisations involved. Adaptation to ETICS Procedures shall describe: Definition of Roles: Developer, Release Manager, Users: Developer can initially read / create distributions; Release Manager can read and can decide attachment of Users to distribution packages; Users can only read packages after release. Release Process: Release Manager decides on the acceptance of software: if accepted, he allows Users to read the package and disables the creation of new packages for the Developer, so that the package is frozen for the release. 14
Release Management II Representation of Roles and Processes Release Manager Developer +/-w +/-r Users Development Acceptance Deployment Process Process Process SW Revisions SW Releases 15
Continual Service Improvement Optimizing the Framework for Business Needs Requirements Optimize Operate User Applications Design Build Service Deploy Accept Requirements Lifecycle Optimize Operate ETICS Core Design Build Deploy Accept 16
Discussion ISO /IEC 20000 certification is certainly outside of the scope of ETICS-2. However, as the proposed architecture on page 6 shows, we can start with the adaptation of ISO/IEC 12207 (which is outside of any certification purposes) which later can be upgraded. The same is true for ITIL V3: even if we cannot afford an ITIL V3 certification during the running project, we can orientate on this framework, as it offers the best seminal approach. 17
References ISO / IEC 12207 Basic Concepts: http://www.abelia.com/docs/12207cpt.pdf ISO / IEC 12207 Tutorial: http://www.abelia.com/docs/12207tut.pdf pdf ITIL V3 Publications: http://www.itsmfi.org/content/publications ISO / IEC Certification web site: http://www.isoiec20000certification.com Service Management Process Reference Model, Proposal: http://isotc.iso.org/livelink/livelink/fetch/2000/2122/327993/755080/1054034/2541793/jtc0 01-N-8640.pdf?nodeid=6587475&vernum=0 18