PDCA FOR ITIL. Metrics, CSFs and workflows for implementing ITIL practices PDCA FOR ITIL PDCA FOR ITIL. www.tso.co.uk. www.inform-it.

PDCA FOR ITIL Metrics, CSFs and workflows for implementing ITIL practices Numerous organizations spend their energy and funding on implementing ITIL practices. Most of them spend their time reinventing a wheel that was already created many times before in previous ITIL expeditions. If you re facing this challenge, you ll be interested in avoiding excessive cost. Although plenty of external guidance is available in the form of ITIL consultancies, you ll need to have a decent idea of what to expect in the course of your own ITIL expedition before you go for it. This book focuses on that specific target. Drawing on the experience of many ITIL practice implementations, it shows you in a very logical and practical way what to expect when you introduce ITIL to your organization, or when you increase the number of ITI L practices in your organization. Published by: www.tso.co.uk Produced by: www.inform-it.org IS B N 978-0- 11-708207- 6 9 780117 082076 Kiran Kumar Pabbathi Your growing understanding of how ITIL works will greatly reduce your external costs, improve the skills of your own staff, and move your organization to higher maturity levels. You should use this guidance as a great resource for setting up and improving your own practice. PDCA FOR ITIL The book supports this by offering, in the style of a cookbook, a step-by-step guide to the implementation of individual ITIL practices, offering practical descriptions, terminology, objectives, workflows, CSFs, KPIs and other measures, in a Plan-DoCheck-Act approach. Using the cookbook analogy, it provides you with as many recipes as you are likely to need for composing your own menu. The book s systematic approach means that once you get to grips with implementing one practice, you will be able to apply your newly developed skills to the next one, following the fundamental guidance of ITIL: adapt and adopt. PDCA FOR ITIL Metrics, CSFs and workflows for implementing ITIL practices Kiran Kumar Pabbathi

PDCA FOR ITIL Metrics, CSFs and workflows for implementing ITIL practices Kiran Kumar Pabbathi

Published by TSO (The Stationery Office) and available from: Online www.tsoshop.co.uk Mail, Telephone, Fax & E-mail TSO PO Box 29, Norwich, NR3 1GN Telephone orders/general enquiries: 0870 600 5522 Fax orders: 0870 600 5533 E-mail: customer.services@tso.co.uk Textphone: 0870 240 3701 TSO@Blackwell and other Accredited Agents Author: Kiran Kumar Pabbathi Inform-IT, Knowledge Center for Service Management Copyright in the typographical arrangement and design is vested in The Stationery Office Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the permission of the publisher. Applications for reproduction should be made in writing to The Stationery Office Limited, St Crispins, Duke Street, Norwich NR3 1PD. The information contained in this publication is believed to be correct at the time of manufacture. Whilst care has been taken to ensure that the information is accurate, the publisher can accept no responsibility for any errors or omissions or for changes to the details given. ITIL is a Registered Trademark of the Cabinet Office. A CIP catalogue record for this book is available from the British Library. A Library of Congress CIP catalogue record has been applied for. First published 2013. ISBN 9780117082076. Printed in the United Kingdom for The Stationery Office. P002570908 07/13

Contents Preface 11 Acknowledgements 12 About the author 13 Why this book? 14 How to read this book 15 Frequently asked questions 17 1 Introduction to ITSM 19 1.1 Basic terminology 20 1.2 What are IT services? 21 1.3 Importance of best practices 21 1.4 ITIL lifecycle stages 21 1.5 Processes in ITIL 22 1.6 Functions in ITIL 22 1.7 Why do we need processes? 22 1.8 Can ITIL processes help in managing business services? 23 2 Strategy management for IT services 31 2.1 Basic terminology 32 2.2 Overview of strategy management for IT services 32 2.3 Implementing strategy management for IT services 33 2.4 Measures 36 2.5 Strategy management for IT services workflow 36 3 Demand management 39 3.1 Basic terminology 40 3.2 Overview of demand management 40 3.3 Implementing demand management 41 3

3.4 Measures 43 3.5 Demand management workflow 43 4 Financial management for IT services 45 4.1 Basic terminology 46 4.2 Overview of financial management for IT services 46 4.3 Implementing financial management for IT services 47 4.4 Measures 50 4.5 Workflow for financial management for IT services 50 5 Service portfolio management 53 5.1 Basic terminology 54 5.2 Overview of service portfolio management 54 5.3 Implementing service portfolio management 55 5.4 Measures 57 5.5 Service portfolio management workflow 58 6 Business relationship management 61 6.1 Basic terminology 62 6.2 Overview of business relationship management 62 6.3 Implementing business relationship management 63 6.4 Measures 65 6.5 Business relationship management workflow 66 7 Service level management (SLM) 69 7.1 Basic terminology 70 7.2 Overview of SLM 71 7.3 Implementing SLM 71 7.4 Measures 74 7.5 SLM workflow 75 8 Design coordination 79 8.1 Basic terminology 80 8.2 Overview of design coordination 80 8.3 Implementing design coordination 80 4 PDCA for ITIL

8.4 Measures 82 8.5 Design coordination workflow 83 9 Information security management 85 9.1 Basic terminology 86 9.2 Overview of information security management 86 9.3 Implementing information security management 87 9.4 Measures 89 9.5 Information security management workflow 90 10 Availability management 93 10.1 Basic terminology 94 10.2 Overview of availability management 94 10.3 Implementing availability management 95 10.4 Measures 98 10.5 Availability management workflow 99 11 Capacity management 101 11.1 Basic terminology 102 11.2 Overview of capacity management 102 11.3 Implementing capacity management 103 11.4 Measures 106 11.5 Capacity management workflow 107 12 Service catalogue management (SCM) 109 12.1 Basic terminology 110 12.2 Overview of SCM 110 12.3 Implementing SCM 111 12.4 Measures 113 12.5 SCM workflow 114 13 Supplier management 117 13.1 Basic terminology 118 13.2 Overview of supplier management 118 13.3 Implementing supplier management 119 Contents 5

13.4 Measures 121 13.5 Supplier management workflow 122 14 IT service continuity management (ITSCM) 125 14.1 Basic terminology 126 14.2 Overview of ITSCM 126 14.3 Implementing ITSCM 127 14.4 Measures 129 14.5 ITSCM workflow 130 15 Transition planning and support 135 15.1 Basic terminology 136 15.2 Overview of transition planning and support 136 15.3 Implementing transition planning and support 136 15.4 Measures 138 15.5 Transition planning and support workflow 139 16 Change management 141 16.1 Basic terminology 142 16.2 Overview of change management 142 16.3 Implementing change management 143 16.4 Measures 146 16.5 Change management workflow 146 17 Change evaluation 151 17.1 Basic terminology 152 17.2 Overview of change evaluation 152 17.3 Implementing change evaluation 152 17.4 Measures 154 17.5 Change evaluation workflow 155 18 Release and deployment management 157 18.1 Basic terminology 158 18.2 Overview of release and deployment management 158 18.3 Implementing release and deployment management 159 6 PDCA for ITIL

18.4 Measures 162 18.5 Release and deployment management workflow 162 19 Service validation and testing 165 19.1 Basic terminology 166 19.2 Overview of service validation and testing 166 19.3 Implementing service validation and testing 167 19.4 Measures 169 19.5 Service validation and testing workflow 169 20 Service asset and configuration management (SACM) 173 20.1 Basic terminology 174 20.2 Overview of SACM 174 20.3 Implementing SACM 175 20.4 Measures 177 20.5 Service asset and configuration management workflow 178 21 Knowledge management 181 21.1 Basic terminology 182 21.2 Overview of knowledge management 182 21.3 Implementing knowledge management 183 21.4 Measures 186 21.5 Knowledge management workflow 186 22 Access management 193 22.1 Basic terminology 194 22.2 Overview of access management 194 22.3 Implementing access management 195 22.4 Measures 197 22.5 Access management workflow 197 23 Event management 201 23.1 Basic terminology 202 23.2 Overview of event management 203 23.3 Implementing event management 203 Contents 7

23.4 Measures 205 23.5 Event management workflow 206 24 Request fulfilment 209 24.1 Basic terminology 210 24.2 Overview of request fulfilment 210 24.3 Implementing request fulfilment 211 24.4 Measures 213 24.5 Request fulfilment workflow 213 25 Incident management 217 25.1 Basic terminology 218 25.2 Overview of incident management 218 25.3 Implementing incident management 219 25.4 Measures 221 25.5 Incident management workflow 222 26 Problem management 227 26.1 Basic terminology 228 26.2 Overview of problem management 228 26.3 Implementing problem management 229 26.4 Measures 232 26.5 Problem management workflow 232 27 Service desk 237 27.1 Basic terminology 238 27.2 Overview of service desk 238 27.3 Implementing service desk 240 27.4 Measures 242 27.5 Service desk workflow 243 28 Application management 245 28.1 Basic terminology 246 28.2 Overview of application management 246 28.3 Implementing application management 247 8 PDCA for ITIL

28.4 Measures 249 28.5 Application management workflow 250 29 Technical management 253 29.1 Basic terminology 254 29.2 Overview of technical management 254 29.3 Implementing technical management 255 29.4 Measures 257 29.5 Technical management workflow 257 30 IT operations management 259 30.1 Basic terminology 260 30.2 Overview of IT operations management 260 30.3 Implementing IT operations management 261 30.4 Measures 264 30.5 Operations control workflow 265 30.6 Facilities management workflow 266 31 Seven step improvement process 269 31.1 Basic terminology 270 31.2 Overview of seven step improvement process 270 31.3 Implementing seven step improvement process 271 31.4 Measures 274 31.5 CSI methods 274 Acronyms 279 Index 285 Contents 9

Preface Numerous organizations spend their energy and funding on implementing ITIL practices. Most of them spend their time reinventing a wheel that was already created many times before in previous ITIL expeditions. If you re facing this challenge, you ll be interested in avoiding excessive cost. Although plenty of external guidance is available in the form of ITIL consultancies, you ll need to have a decent idea of what to expect in the course of your own ITIL expedition before you go for it. This book focuses on that specific target. Drawing on the experience of many ITIL practice implementations, it shows you in a very logical and practical way what to expect when you introduce ITIL to your organization, or when you increase the number of ITIL practices in your organization. The book supports this by offering, in the style of a cookbook, a step-by-step guide to the implementation of individual ITIL practices, offering practical descriptions, terminology, objectives, workflows, CSFs, KPIs and other measures, in a Plan-Do- Check-Act approach. Using the cookbook analogy, it provides you with as many recipes as you are likely to need for composing your own menu. The book s systematic approach means that once you get to grips with implementing one practice, you will be able to apply your newly developed skills to the next one, following the fundamental guidance of ITIL: adapt and adopt. Your growing understanding of how ITIL works will greatly reduce your external costs, improve the skills of your own staff, and move your organization to higher maturity levels. You should use this guidance as a great resource for setting up and improving your own practice. 11

Acknowledgements I would like to express my sincere thanks to my lord Shri Krishna, who has blessed me with intellect, provided me with knowledgeable friends and colleagues, and has enabled me to gain strong IT experience in some of the world s best conglomerates. Without his benevolence, I wouldn t have been able to write this book. I am very grateful to my spiritual alma mater ISKCON (International Society For Krishna Consciousness), His Divine Grace A.C. Bhaktivedanta Swami Srila Prabhupada (Founder and Acharya of ISKCON) and His Grace Kalakanta Prabhu, who was my first spiritual guide. I would also like to thank my manager and CEO Simon (Xiaogang, Wei) who helped me to achieve most of my certifications, and all my colleagues who have been a source of encouragement. My special thanks go to Jan van Bon for recognizing my manuscript as a potential publication and helping me to edit it. Finally I would like to express my thanks and indebtedness to Inform-IT and TSO for having the confidence to publish my first book my first milestone in authoring. 12 PDCA for ITIL

About the author Kiran Kumar Pabbathi has worked for various companies in the IT industry which gave him detailed insight into ITSM and ITIL best practice. Currently, Kiran works as an IT process manager in Shanghai Bizenit Information Technology, China. Kiran was privileged to work in different roles taking care of service desk operations, request fulfilment, incident management, SharePoint Administration, project management, and ITIL Consulting. Kiran is a certified professional in ITIL v3 Expert, PRINCE2 (Foundation and Practitioner), Six Sigma Green Belt, ISO/IEC20K Foundation, TMAP Foundation (Test Management Professional), MCP in SharePoint 2003 Customizations, and MCTS in MS Project 2007. 13

Why this book? This book answers many of the questions that arise in the minds of all ITIL practitioners, whether beginners, intermediary or experts in the ITSM domain. It provides clear direction on how to implement ITIL processes, based on the questions raised by students and customers on ITIL training courses and workshops. It deals with questions such as: How does ITIL help organizations? Where and how should I start? Which process should I start with first? What are the prerequisites? As manager of IT services in my organization, do I need to implement all of the processes? Is there a step-by-step approach for developing an ITIL process? What are the inputs, throughputs, outputs and outcomes delivered by the processes? This book addresses all these questions and provides an easy-to-understand approach on ITIL best practice. 14 PDCA for ITIL

How to read this book Although ITIL has become the leading guidance for IT service management worldwide, many countries and individual organizations are still taking their first steps on the ITIL journey. This book will help you to understand the key concepts of ITSM and ITIL 1, and will also show you how to implement ITIL processes in your organization. It doesn t provide detailed instructions, but describes the most important steps you should take during implementation. The book takes the approach of the Plan-Do-Check-Act cycle, which builds on good practice and adds value for IT managers and process managers. The intended audience for this book is the IT stakeholder, responsible for the planning, design, implementation and improvement of IT operations and services. Students and IT staff who perform different tasks in the IT industry will also find this book useful. In PDCA for ITIL, each process is structured in five sections, each section representing important aspects of the process: basic terminology, overview of the process, implementing the process, measures, and process workflow. Descriptions for each section are as follows: 1. Basic terminology Description of the definitions used in the process. 2. Overview The main structure, the objectives, and the business needs of the process. 3. Process implementation This section describes the prerequisites, and then the step-by-step implementation of the process through the Plan, Do, Check, Act stages: The Plan phase details the important activities that have to be performed before making any investment in development and implementation. Hence the process manager will need to present the business case, the goals of the process, the project plan, and the organization structure to gain the confidence and approval from higher level management (HLM). The Do phase details the important activities that will initiate the design, development and implementation of the process. Here process managers and service owners will become actively involved in executing the process and its activities. The Check phase details the important activities that will monitor, verify and validate the process implementation and daily IT operations. The Act phase details the important activities that will feedback to the process owner, recommending different ways to improve the process and IT operations. 1 ITIL: the IT Infrastructure Library 15

4. Measures This section describes the metrics, critical success factors (CSF) and best practices. 5. Process workflow This section describes the process workflow, which will be easy to understand and useful in designing ITSM tools. 16 PDCA for ITIL

Frequently asked questions If I want to implement ITIL in an organization, which process should I start with first? ITIL defines a set of best practices and it is up to you to select the process that you want to improve with respect to the issues in your organization. If your organization s service desk is inefficient, under-utilized and not providing good customer satisfaction, then you could refer to the service desk function and utilize ITIL best practice to improve this function in your organization. If your organization is not able to meet the service level agreements (SLAs) and service level targets (SLTs), despite utilizing its great technical resources, you could refer to the service level management process (SLM) to redefine feasible SLAs and SLTs. Which ITIL version should I refer to? The latest version of ITIL is the only version that you should refer to. ITIL was last updated in 2011. ITIL follows a lifecycle-based approach, which is convenient and easy to understand for the IT stakeholders. This lifecycle is categorized into five stages: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. ITIL contains 28 processes and four functions placed in the above five stages. How can I win the confidence of my CTO/CEO that ITIL processes would help IT in my organization? You could prepare a project charter outlining the business case, goal statement, project plan, project scope, and roles and responsibilities, and explain the benefits. The approach is explained in this book. What kind of VOI, ROI and benefits can I see after ITIL implementation? After the implementation of an ITIL process, you could expect to see maturity, improvement and clarity in every artefact of the IT operations as follows: You would have clear documented policies and procedures to perform various IT tasks. There would be clear demarcation of roles and responsibilities, based on a RACI matrix. You would not have to waste time reinventing the wheel again and again. How do I implement an ITIL process? The book provides detailed insight. 17

How much does it cost to implement an ITIL process? There is no protocol or magical calculator that can estimate the costs; it depends on the organization and how effective it wants the process to be and its function to be developed. Should I follow everything that is mentioned in ITIL best practice? ITIL is a collection of best practices for ITSM; hence you can customize it as and how you want as per your company s feasibility, cost allocation, resource allocation etc. Can a company or product be ITIL-compliant or certified? Companies cannot be ITIL-certified or ITIL-compliant. Your company can follow ITIL best practices but there is no authority that can certify that your company or product is ITIL-compliant. If you are keen to win the confidence of your customers you can opt for ISO/IEC20000 certification. Products can be ITIL-compliant: software tool vendors can obtain endorsement of their tools for ITIL Process Compliance under the official Cabinet Office ITIL Software scheme (see: http://www.itil-officialsite.com/softwarescheme/ ITILSoftwareScheme.aspx). 18 PDCA for ITIL

1 Introduction to ITSM

1.1 Basic terminology Best practices: practices that are well recognized and that have proved the ability for demonstrating success in respective areas. E.g.: PMBOK for project management, ITIL for IT service management, MOF for IT service management, COBIT for IT governance, etc. Capability: the ability of an organization, person, process, application, IT service or other configuration item (CI) to carry out an activity. Capabilities are intangible assets of an organization. Critical success factor (CSF): the vital elements necessary for the success of a business. Functions: specific units of an organization (consisting of a group of people who have specific skills and responsibilities), performing specific and routine activities. Infrastructure: the combination of hardware, software, and people-ware in an organization. Information technology service management (ITSM): management of IT services to meet the organization s business goals. It can also be defined as A set of organizational capabilities and resources that work together in providing value to customers in form of services. Key performance indicator (KPI): vital metrics necessary for an organization to meet its business goals, which reflect the CSFs of an organization. Metric: measurements that quantitatively evaluate the performance of IT operations. Policy: management directives that significantly influence the processes and procedures. Process: a set or sequence of activities that results in achieving an output or business goal. Resources: a generic term that includes IT infrastructure, people, money or anything else that might help to deliver an IT service. Resources are considered to be assets of an organization. Service: provision of value to customers without any ownership of risks and internal costs associated in developing a service. Standard: rules and conventions that help to implement policies and enforce required conventions. 20 PDCA for ITIL

1.2 What are IT services? IT services can be represented in numerous forms, for example: internet that is available through an internet service provider end-user equipment with basic office functions financial information systems that are supported by applications, end-user equipment, network, etc. These services have to be well managed with defined roles and responsibilities, by following specific quality standards and processes, so the business can run without any breakdowns. 1.3 Importance of best practices Outcomes and results can be achieved in numerous ways with a variety of approaches and different strategies, each with their specific time schedules, cost structure, and resource consumption. Best practices guide us in doing things effectively, in the most appropriate way with low risks, economic costs, and optimum resources. At the same time it also ensures to attain the objective or outcome with the desired quality. Some of the best practices for ITSM are ITIL and MOF 2 : ITIL is a set of best practices for ITSM that helps in managing the IT services in an organization with the help of processes and functions. MOF is another best practice for ITSM, developed by Microsoft. MOF best practice is explained with the help of processes, functions and activities describing the management of services. 1.4 ITIL lifecycle stages ITIL s life cycle is divided into 5 stages: 1. Service Strategy 2. Service Design 3. Service Transition 4. Service Operation 5. Continual Service Improvement. 2 Microsoft Operations Framework Introduction to ITSM 21

1.5 Processes in ITIL Processes defined in ITIL are categorized into these 5 stages: 1. Service Strategy strategy management for IT services, financial management for IT services, demand management, service portfolio management, business relationship management. 2. Service Design design coordination, availability management, SLM, service continuity management, service catalogue management, supplier management, information security management, capacity management. 3. Service Transition transition planning and support, change management, change evaluation, release and deployment management, service validation and testing, service and asset configuration management, and knowledge management. 4. Service Operations access management, event management, request fulfilment, incident management, and problem management. 5. Continual Service Improvement seven step improvement process. 1.6 Functions in ITIL Functions are units of an organization (groups of a people who have specific skills and responsibilities) that perform very specific activities. Functions defined in ITIL are: service desk applications management technical management IT operations management. 1.7 Why do we need processes? We need processes: to enable repeatability (avoiding reinventing the wheel) to measure and evaluate the effectiveness of operations to provide clarity in roles and responsibilities (enabling accountability) to maintain the knowledge uniform among all human resources, and to avoid dependence on individuals. 22 PDCA for ITIL

1.8 Can ITIL processes help in managing business services? Answer Yes, ITIL can also guide business. This can be explained more in detail through the concept called business service management (BSM). Scenario A software development company wants to implement ITIL best practices to manage its services. Understanding We should understand that developing tools or applications and providing the support is an IT service here. To provide the mentioned IT service, the organization will use ITIL best practices that provide a sequenced approach for maintaining and managing the organization s services. Implementation Phase 1 The organization will first have to understand the customer s demand, define the organization s strategies, so they can build software applications with the technology that is feasible for the customers requirements. The organization recruits people with necessary skill sets and experience, who can define the strategy for the software development business (or checks if there are any human resources in the organization who have the skill set or who have experience in developing Service Strategy for software development business). Because each organization is different in size, the concept of roles is useful. Roles are specific sets of tasks and responsibilities for specific goals. Individual people can be appointed to various roles. One individual can have more than one role. This way, the guidance can be applied in any size of organization including a one-person company. If an organization is big enough, it can have an individual or even a team for each role. Introduction to ITSM 23

The organization appoints an individual to the Service Strategy manager role, to carry out different activities. The Service Strategy manager would be accountable for all the strategy related activities with the help of processes like: strategy management for IT services, financial management for IT services, demand management, service portfolio management, and business relationship management. The strategy management for IT services process works: on understanding its internal customers, external customers, and mixed customers (internal customers + external customers) on developing what kind of services are required and what kind of services should be offered to its customers on developing strategic assets on proposing a draft of the services that will be offered to its customers. The financial management process works: on estimating the costs, budgeting (fixed costs, operational costs, variable costs, direct and indirect costs etc.) for developing software development services on defining the accounting procedure for IT services on the charging procedure from internal customers, external customers, etc. The demand management process works: on checking the demands of customers for the proposed services (what is the front end technology in demand, what is the database that is preferred by the customers, middleware, web servers using patterns of business activity (PBA), and user profiles (UPs)) on estimating the demand and supply needed (how many human resources should be recruited for development, testing, business analysis, deployment, how many desktops, laptops, servers are needed, how much place is needed for the staff, etc.) on analyzing the live services that are in good demand, and reactively communicating the needs and shortcomings to other processes. The service portfolio management process works: on defining the draft of services, which can be offered to customers on analyzing the services that should be offered on approving the proposed services that can provide value to the organization on chartering the final services (this will be the final list of current services, future services, and retired services that are offered by the company). The business relationship management process works: on tracking and resolving various concerns and complaints of the customers on managing and developing good relationship with different stakeholders paying special attention to customers. 24 PDCA for ITIL

With all these tasks, the Service Strategy manager has done his job in estimating, understanding and developing the strategic plans, using as many resources as necessary and available. Phase 2 The organization checks for human resources, who have skills and experience in Service Design activities, so the strategic plans are activated and converted in appropriate designs and architectures, etc. The organization appoints an individual to the Service Design manager role, who would be accountable for all the Service Design activities with the help of processes like: SLM, information security management, availability management, capacity management, service catalogue management, supplier management, and service continuity management. The SLM process works: on defining SLAs with the external customers and operational level agreements (OLAs) with internal business units, underpinning contracts (UCs) with third party suppliers on time duration for the project, scope of the project, service acceptance criteria (SAC), number of defects that can be accepted, etc. The availability management process works: on defining availability plans, and understanding requirements in terms of availability on defining the availability of the services (24*7 or only working days, holidays, and timings) on setting up the reliable infrastructure assets. The capacity management process works: on defining capacity plans and capacity requirements. on providing appropriate capacity in terms of network, hardware, and software. The service catalogue management process works: on maintaining a list of current products or services that are offered by organization to its customers. The supplier management process works: on selecting suppliers to buy necessary assets required for the delivery of IT services (Avaya phones, bridges, routers, dashboards) from suppliers at economic costs with good quality on maintaining good relationship with suppliers consistently as required. Introduction to ITSM 25

The information security management process works: on defining security policies, standards to bring awareness for the IT staff. These policies will be implemented by access management to safeguard the customer s assets, information and also the organization s assets. The service continuity management process works: on defining IT service continuity plans to continue the IT services in case of natural disasters, accidents, and other threats. With all the above process activities, the Service Design manager completes all the Service Design tasks, using as many resources as necessary and available. Phase 3 The organization checks for human resources, who have skills and experience in managing the transition of IT services. The organization appoints an individual to the role of service transition manager, who is accountable for all transition related activities with the help of processes like transition planning and support, change management, release and deployment management, service and asset configuration management, knowledge management, change evaluation, and service validation and testing. The transition planning and support process works: on planning transition activities like: developing plans for introducing a new service/products in an organization coordinating the resources to ensure the transition or introduction of a new service. The change management process works: on defining procedures for handling different types of changes on ensuring only valid and approved changes are implemented in the organization on ensuring that the changes bring positive effects in organization on ensuring that there is no disruption of services, while changes are implemented. The change evaluation process works: on evaluating the complete service transition activities, from the change initiation to the release deployment. The release and deployment management process works: on ensuring the new changes are implemented and deployed well in the organization. The service validation and testing process works: on ensuring new releases are validated and tested in terms of functionality and usability. 26 PDCA for ITIL

The service and asset configuration management process works: on ensuring that all of the service assets and CIs in the organization are stored, tracked, and controlled in the configuration management database (CMDB, providing relationships between CIs) and the configuration management system (CMS). The knowledge management process works: on developing best practices, knowledge for different projects, products and other services (transforming data to information, information to knowledge, and knowledge to wisdom) on ensuring that the knowledge is accessible for authorized users. With all the above activities, the service transition manager establishes all the necessary for smooth transition of services from Service Design to service transition, using as many resources as necessary and available. Service transition ensures that new assets and CIs are well planned, released, tested and evaluated. Phase 4 The organization checks for human resources, who have skills and experience in managing the organization s day to day operations. The organization appoints an individual to the role of service operation manager, who is accountable for all the operational activities with the help of processes and functions. Processes in service operations are request fulfilment, event management, incident management, problem management, and access management. The access management process works: on providing appropriate access privileges to the authorized users. For example: access management ensures that all the employees are provided with necessary access to the knowledge base websites, respective tools and applications, and information systems. The event management process works: on analyzing all the events logged and on the events so that they don t get converted into incidents. For example: before a network outage happens, there will be some kind of events generated in the infrastructure tools. The event management process keeps a meticulous watch on events and prevents incidents from having too much impact. The request fulfilment process works: on taking requests from users, and to fulfill the requests. Introduction to ITSM 27

The incident management process works: on restoring the breakdown of services as soon as possible For example: if there is a breakdown of a server, the incident management process tries to fix the issue as soon as possible and restore the server. The problem management process works: on finding the root causes of the incidents and provide a permanent fix. For example: there is a serious network/server outage and the incident management process resolved the incident. Now, to prevent the same incident from happening again, the problem management process tries to understand the root cause of the network outage. It will check with corresponding processes and functions and investigates the devices, topology, software etc. to find a permanent fix. Functions in service operations are service desk, applications management, technical management, IT operations management. The service desk function works: as a single point of contact for customers, users and stakeholders on different kinds of issues as a point of contact for any kind of help or information regarding the organization and its assets. The applications management function works: on ensuring that necessary applications and tools are installed, maintained and managed well in the organization. The technical management function works: on ensuring that all the technical knowledge is provided to employees of the organization on ensuring all the technological constraints and conditions are taken into consideration. The IT operations management function works: on ensuring all the operational activities are performed regularly, like network management, database administration, desktop management, etc. on ensuring all the facilities are managed well for the organization premises. With all these above activities, the service operation manager ensures smooth and effective operations of IT services, using as many resources as necessary and available. 28 PDCA for ITIL

Phase 5 The organization finally checks for human resources, who have skills and experience in identifying improvements and managing these for all the different stages: Service Strategy, Service Design, Service Transition, and Service Operation. Continual Service Improvement provides feedback for doing things in a better way, providing value, saving time, in consideration with cost. The organization appoints an individual to the role of CSI manager, who is accountable for all the improvement activities with the help of processes and functions. The Continual Service Improvement phase has only one process: the seven step improvement process. The seven step improvement process works: on improving the IT service operations. With all the above 5 phases, an IT service organization can manage and execute its services with the help of ITIL best practices. Introduction to ITSM 29

SERVICE STRATEGY Service Strategy defines the strategy for an IT organization that helps to achieve its business goals. This stage analyzes the demand for services, customer s requirements, risks, costs, value creation and defines the service offerings. Processes involved in Service Strategy are: strategy management for IT services demand management financial management for IT services service portfolio management business relationship management. 30 PDCA for ITIL

2 Strategy management for IT services

2.1 Basic terminology Access based positioning: A positioning strategy where service providers make themselves feasible to their customers, who have very distinguished needs and conditions which could be in terms of location, scale or structures. Need based positioning: A positioning strategy where service providers deliver most or all the needs of customer or customers. Here the service provider s priority is the customer and his needs, so the service provider tries to fulfill most of the needs of customers. Strategy: The objectives and direction that lays the foundation for the organization to run its business and operations. Type I service provider: Internal service providers that are a part of same business and that provide specific/explicit services to the business unit. Type II service provider: The shared service units that exist in the same organization, but provide services for many business units. Type III service provider: The external service providers who support the organization in its different businesses. Variety based positioning: A positioning strategy where service providers deliver a variety of services to their customers. Here service providers have their strength and experience in delivering a specific variety of services (could be technologies or products) and they focus on providing only that variety of services. 2.2 Overview of strategy management for IT services Strategy management for IT services defines a standardized process for building strategic assets with vision, strategic goals, innovation, value creation, and resilient attitude for adapting new changes. Its main focus is to define the market, propose the service offerings, develop the service offerings as strategic assets, execute the developed offerings, also measure and evaluate the strategies. Strategy management for IT services is the most critical process for long term sustainability of the organization s offerings. 32 PDCA for ITIL

Objectives Analyze and understand the IT requirements. Develop strategic assets that will create value for customers and the service provider, through a closed loop system. Measure and evaluate the defined services as strategic assets. Business needs Provides guidance in designing and deciding the necessary artifacts for IT service management as a strategic asset. Improves service quality by strategic planning. Creates value and enables to create distinguished services for the organization. Enables in making effective decisions for investment. 2.3 Implementing strategy management for IT services Prerequisites Business goals, market analysis, competitor products/services. Plan Prepare the project charter, consisting of a business case, goal statement, project plan, project scope, and roles and responsibilities. Business case should describe the benefits and opportunities of strategy management for IT services considering the following areas: Business needs of strategy management for IT services. What are the short term benefits and long term benefits of this project? What impacts will this new initiative have on other business units and employees? Pros and cons. What are the risks and issues involved, what are the dependencies? Monitoring and evaluation mechanism. Cost and benefit analysis. Goal statement should be closely associated with the prepared business case. Goals should be SMART and mention: Define the CSFs. Define the KPIs. Strategy management for IT services 33

What is the time estimated to see the results? Project plan should show the timeline, milestones for various activities to establish strategy management process in place and run the process. Project interfaces should define the boundaries, scope, relationships of the strategy management. Roles and responsibilities should identify the required roles and hire the human resources. Primary roles needed for strategy management for IT services can be defined as: Do IT steering group strategy manager. Define a RACI model for clarity in roles and responsibilities. Develop the statement of work (SOW) for strategy management for IT services, defining the: scope of services, that has to be considered by strategy management services that are out of scope hardware, software, people-ware and tools required appropriate people for the defined the roles and responsibilities risks and dependencies issues and other conditions costs involved. Define the strategy as perspective, position, plan and pattern. Perspective is defined by goals, through the following activities: definition of CSFs definition of KPIs. Position is defined by the distinctiveness of services for customers. It is defined by: variety based positioning need based positioning access based positioning. Plan is defined by the procedures of doing actions/milestones/activities, it is the estimation of time duration and number of resources required for: strategy assessment development of the offerings execution of the strategy measurement and evaluation. Pattern is defined by the series of consistent decisions and actions embedded in doing the business. It involves defining policies, processes, adopting best practices, etc. 34 PDCA for ITIL

Perform assessments on the internal artifacts and external artifacts. Internal artifacts are the service provider s business goals, strategy, service provider s strengths, weakness, opportunities, threats, and CSFs. External artifacts are customers, customer services, needs of the customers, opportunities of the customers, and competitor s services. Develop a strategy for service offerings, with the provision of: quality cost feasibility timely delivery objectives and CSFs prioritization of investments. Select and implement the appropriate tool for recording all the activities performed by the process. Execution of strategies developed. Check Evaluate the services proposed, by methods like: Brainstorming A method to generate ideas (potential solutions) on a specific issue and then determine ideas. Nominal group technique An approach to generate additional ideas, surveys the ideas of a small group, and prioritizes brainstormed ideas. Delphi technique A method of relying on a panel of experts to anonymously select their responses using a secret ballot process. Multi-voting A mechanism to narrow down the list of ideas and select the correct subset for further investigation. Ensure there is innovation and value creation in the services offered. Ensure the organizational strategies sync with the regulations, compliances, government, and environment laws. Review and update the strategic plans and objectives as per changing business plans and requirements. Ensure internal function objectives are linked with organization objectives and strategic plans. Act Perform a GAP analysis for the customer s needs and requirements. Analyze the major reasons, why a customer is seeking another service provider. Identify the opportunities to explore new service offerings. Identify areas of improvement for the current services. Develop plans to mitigate significant risks. Strategy management for IT services 35

2.4 Measures Metrics number of new proposals, plans defined number of new services proposed number of failed services (that have not been approved by strategy manager/it steering group) total time taken for proposing a new service in service portfolio number of new customers developed number of lost customers. CSFs awareness on the organizational strategies evaluation of the new strategies defined shared vision and active stakeholders involvement effective risk and impact assessment methodologies effective business and market analysis knowledge documentation of suggestions to other processes and lessons log is captured. 2.5 Strategy management for IT services workflow Analyze and assess Define Execute Analyze and assess An understanding is developed about the service provider s current situation. Assessments and analysis is made on current services, market spaces, risks associated, customer s history, customer needs, customer feedbacks and recommendations, competitors, and competitors services. Assessments are made in form of: interviews, questionnaire, direct observation, simulations, etc. 36 PDCA for ITIL

Define Definition of strategy can be done by adopting Porter s five force analysis, value chain analysis, and SWOT analysis in consideration with perspective, position, plan and patterns. It defines strategic values like quality standards, cost justifiable approach, effective utilization of resources, and timely delivery of services. It defines service management as a closed-loop control system that can adapt to the changes, feedbacks provided. Definition of strategy can be evaluated through some methods like brainstorming, nominal group technique, Delphi technique, multi-voting etc. Execute This is the process of implementing the mission, objectives, goals, and CSFs for a service provider and its services. It actually involves implementation of the strategies developed and evaluating them with assessments. Strategy management for IT services 37

Acronyms

ABA AHT AM AM ASA ASP AMIS BCM BCP BIA BRM BRS BSM CAB CAPEX CFIA CI CMDB CMIS CMS CSAT CSF CSI DCAB DIKW DML DSL DHL DRP abandonment rate average handling time asset management availability management average speed to answer application service provider availability management information system business continuity management business continuity plan business impact analysis business relationship manager business requirement specifications business service management change advisory board capital expenditure component failure impact analysis configuration item configuration management database capacity management information system configuration management system customer satisfaction rating critical success factor continual service improvement deployment CAB data, information, knowledge, wisdom definitive media library definitive software library definitive hardware library disaster recovery plan 280 PDCA for ITIL

ECAB ELS ERT FCR FMEA FSC FTA GTB HLD HLM IMIS ISG ISMS ITSCM ITSM ITT KEDB KPI LLD MOF MTBF MTBSI MTO MTRS MTTR OGC OLA OPEX PBA emergency CAB early life support emergency response function first-call resolution failure modes and effects analysis forward schedule of changes fault tree analysis grow the business high level document higher level management incident management information system IT steering group information security management system IT service continuity management IT service management invitation to tender known error database key performance indicator low level document Microsoft Operations Framework mean time between failures mean time between system incidents maximum tolerable outage mean time to restore service mean time to repair Office of Government Commerce operational level agreement operational expenditure pattern of business activity Acronyms 281

PIR PMO POR PSO RCA RCB RFA RFC RFI ROI RTO RPO SD SO SS ST SAC SACM SCD SCM SCM SDP SFA SIA SIP SKMS SLA SLM SLP post implementation review project management office post outage review projected service outage root cause analysis registered certification body request for approval request for change request for information return on Investment recovery time objective recovery point objective Service Design Service Operation Service Strategy Service Transition service acceptance criteria service asset and configuration management supplier and contract database service capacity management service catalogue management service design package service failure analysis service investment analysis service improvement plan service knowledge management system service level agreement service level management service level package 282 PDCA for ITIL

SLR SLT SME SOP SPM SPOC SPOF SQP SRS TCAB TRT TTB UC UP VBF VIP VVIP VOI VPN VCD 5S service level requirement service level target subject matter expert standard operating procedures service portfolio management single point of contact single point of failure service quality program software requirement specifications technical CAB target recovery time transform the business underpinning contracts user profile vital business function very important person very very important person value on investment virtual private network variable cost dynamics sort stabilize shine standardize sustain Acronyms 283

Index

A access 194 access based positioning 32, 34 access management 194 access manager 195 access request 198 accounting 46, 51 active monitoring 202 application management s 246 application sizing 102 architectural requirements. 250 assessment 270 asset 46, 174 asset management 174 audit 270 authentication 86, 194 authorization 194 availability 86, 94 availability analyst 96 availability management 94 availability manager 96 availability monitoring 99 availability test analyst 96 B back-out plan 142 backup analyst 128 benchmarking 277 best practice 20, 21 brainstorming 37 budgeting 46, 51 build 158 build analyst 160 business capacity analyst 104 business capacity management 102 business case 33 business continuity management (BCM) 126 business impact analysis (BIA) 48, 126 business relationship management 62 business relationship manager 64 business requirements 250 286 PDCA for ITIL

business requirement specifications 250 business service catalogue 110 C capability 20 capacity 102 capacity analyst 104 capacity forecasting 102 capacity management 102 capacity management information system (CMIS) 102 capacity manager 104 capacity plan 102 centralized service desk 238 change 142 change advisory board (CAB) 142 change analyst 144 change closure 149 change deployment 149 change evaluation 152 change evaluation report 152, 155 change implementer 144 change management 142 change management operations 145 change manager 144, 153 change schedule 142 charging 46, 52 closed-loop control system 37 closure 215, 225 component capacity analyst. 104 component capacity management 102 component failure impact analysis (CFIA) 94 confidentiality 86 configuration analyst 176 configuration baseline 174 configuration control 179 configuration identification 179 configuration item (CI) 174 configuration management 174 configuration management database (CMDB) 174 configuration management system (CMS) 174 console management 260 Index 287

continual service improvement (CSI) 270 continuity 126 contract development 66 critical event 207 critical success factor (CSF) 20 CSI manager 272 CSI methods 274 CSI register 270 customer based SLA 73 customer-based SLA 70 customer portfolio 62 customer survey questionnaire 62 customer survey response 62 D data 182 deep-dive RCA 234 definitive media library (DML) 174 definitive spare 174 Delphi technique 37 demand analysis 43 demand analyst 42 demand management 40 demand management tool 42 demand manager 42 demand modelling 44 demand monitoring 107 deployment 163, 246 deployment analyst 160 deployment CAB (DCAB) 144 de-provisioning 194, 199 design 246 design coordination 80 design coordination process owner 81 development 246 deviation 152 diagnosis 223 differential charging 46 duplicate event detection 202 288 PDCA for ITIL

E early life support (ELS) 164 editorial review 91, 188 ELS analyst 160 emergency action plan 260 emergency CAB (ECAB) 144 emergency change 147 emergency release 158 environmental analyst 262 escalation 224 evaluation 166 event 202 event analyst 204 event closure 207 event filtering and correlation 202 event management 203 event manager 204 event notification 206 event record 202 event solving group 204 exception 206 external audit 46 external service provider 32 F facilities administrator 262 facilities analyst 262 facilities head 262 facilities management 260 fault tree analysis (FTA) 94 financial analyst 48 financial audit 52 financial management 46 financial manager 48 five force analysis 37 fixed charging 46 forward for schedule changes 148 forward schedule of changes (FSC) 142 function 20 functional requirements 250 Index 289

G goal statement 33 H high level document (HLD) 250 I identity 194 identity management 194 incident 218 incident management 218 incident model 218 incident record 218 incident registration and categorization 223 incident ticket 233 information 182 informational event 202, 206 information security 86 information security management 86 information security plan 90 information technology service management (ITSM) 20 infrastructure 20 initial RCA 234 integrity 86 interaction 238 internal audit 46 IT operations management 260 IT service continuity management (ITSCM) 126 IT steering group 34, 56 IT user account management 194 J job scheduling 260 K key performance indicator (KPI) 20 knowledge 182 knowledge author 184 knowledge base 182 knowledge editorial reviewer 184 knowledge management 182 290 PDCA for ITIL

knowledge manager 184 knowledge publisher 184 knowledge technical reviewer 184 known error 228 known error database (KEDB) 228 known error record 228 L local service desk 238 low level document (LLD) 250 M maintainability 94 maintenance advisor 262 major event 207 major incident 218, 225 major incident criterion 225 major release 158 maximum tolerable outage (MTO) 126 medical advisor. 262 metric 20 minor event 207 minor releases 158 modeling 102 multi-level SLA 70, 73 multi-voting 37 N need based positioning 32, 34 nominal group technique 37 normal change 146 notification 202 notional charging 46 O operational demand analysis 43 operations control 260 operations level agreement (OLA) 70 operations manager 262 P passive monitoring 202 Index 291

pattern 34 patterns of business activity (PBA) 40 perspective 34 plan 34 policy 20 position 34 post implementation review (PIR) 100 proactive monitoring 77 proactive problem management 228 problem 228 problem closure 235 problem management 228 problem model 228 problem record 228 problem registration and categorization 233 problem ticket 233 process 20 process benchmarking 270 process evaluation 270 project plan 33 provisioning 194 R reactive monitoring 77 reactive problem management 228 recovery plan 126 relationship management 67 release 158 release and deployment management 158 release approach 158 release package 158, 163 release planning 163 release request 163 release types 158 release unit 158 release window 158 reliability 94 remediation plan 142 request approver 211 request for approval (RFA) 210 request for change (RFC) 142, 210 292 PDCA for ITIL

request for information (RFI) 210 request for knowledge 186 request fulfilment 210 request fulfilment manager 211 request model 210 requirement 66, 246 resolution 224 resource 20 restoration plan 126 retired services 54 rights management 194 risk and performance evaluation manager 153 S SAC council 176 SAC manager 176 safety advisor 262 secure library 174 secure store 174 security 94 security advisor 262 security analysts 88 security manager 88 service 20 serviceability 94 service acceptance criteria (SAC) 70 service asset and configuration management (SACM) 174 service based SLA 73 service-based SLA 71 service capacity analyst 104 service catalogue 54, 110 service catalogue management (SCM) 110 service catalogue manager 111 service continuity manager 128 service continuity plans 131 service design manager 81 service design package (SDP) 80, 84 service desk 238, 239 service failure analysis (SFA) 94 service improvement program (SIP) 70 service investment analysis (SIA) 48 Index 293

service invoice 46 service knowledge management system (SKMS) 182 service level agreement (SLA) 70 service level analyst 72 service level management (SLM) 71 service level manager 72 service level package 70 service level package (SLP) 70 service level report 70 service level requirement (SLR) 70 service level target (SLT) 70 service measurement 275 service package 40, 70 service pipeline 54 service portfolio 54 service portfolio management 54 service portfolio manager 56 service quality program (SQP) 70 service reporting 270, 276 service reporting analyst 72 service request 210, 214 service review 270 service testing 171 service validation and testing 166 service validation and testing process owner 167 seven step improvement process 270 shared service unit 32 single point of failure (SPOF) 94 snapshot 174 software requirement specifications 250 standard 20 standard change 146 statement of work (SOW) 34 status accounting 174 status accounting and reporting 179 steady state 265 strategic demand analysis 43 strategy 32 strategy management for IT services 32 strategy manager 34 supplier and contract database (SCD) 118 294 PDCA for ITIL

supplier management 118 supplier manager 119 supplier monitoring 123 SWOT analysis 37 T target recovery time (TRT) 126 technical CAB (TCAB) 144 technical management function 254 technical review 91, 188 technical service catalogue 110 test 166 test analyst 160 test architect 167 test environment validation 170 threat 86 throttling 202 transition 136 transition planning and support 136 tuning 102 type III service provider 32 type II service provider 32 type I service provider 32 U underpinning contract (UC) 71 use cases 250 user profile (UP) 40 user requirements 250 V validation 166 validation and testing manager 167 value chain analysis 37 variable cost dynamics (VCD) 46 variety based positioning 32, 34 verification 166 virtual service desk 238 vital business function (VBF) 94 vulnerability 86 Index 295

W warning 202, 206 wisdom 182 workplace emergency 260 296 PDCA for ITIL

PDCA FOR ITIL Metrics, CSFs and workflows for implementing ITIL practices Numerous organizations spend their energy and funding on implementing ITIL practices. Most of them spend their time reinventing a wheel that was already created many times before in previous ITIL expeditions. If you re facing this challenge, you ll be interested in avoiding excessive cost. Although plenty of external guidance is available in the form of ITIL consultancies, you ll need to have a decent idea of what to expect in the course of your own ITIL expedition before you go for it. This book focuses on that specific target. Drawing on the experience of many ITIL practice implementations, it shows you in a very logical and practical way what to expect when you introduce ITIL to your organization, or when you increase the number of ITI L practices in your organization. Published by: www.tso.co.uk Produced by: www.inform-it.org IS B N 978-0- 11-708207- 6 9 780117 082076 Kiran Kumar Pabbathi Your growing understanding of how ITIL works will greatly reduce your external costs, improve the skills of your own staff, and move your organization to higher maturity levels. You should use this guidance as a great resource for setting up and improving your own practice. PDCA FOR ITIL The book supports this by offering, in the style of a cookbook, a step-by-step guide to the implementation of individual ITIL practices, offering practical descriptions, terminology, objectives, workflows, CSFs, KPIs and other measures, in a Plan-DoCheck-Act approach. Using the cookbook analogy, it provides you with as many recipes as you are likely to need for composing your own menu. The book s systematic approach means that once you get to grips with implementing one practice, you will be able to apply your newly developed skills to the next one, following the fundamental guidance of ITIL: adapt and adopt. PDCA FOR ITIL Metrics, CSFs and workflows for implementing ITIL practices Kiran Kumar Pabbathi