An efficient holistic implementation plan of the ITIL® framework version 3 for SMB

Table of contents

1 Introduction
1.1 Motivation
1.2 Problem Description
1.3 Objective
1.4 Structure of this master thesis

2 IT Service Management
2.1 Definitions of terms by ISO
2.2 Definition of terms by itSMF
2.3 Definition of terms by OGC

3 ITIL framework in version
3.1 Service Strategy
3.1.1 Financial Management
3.1.2 Return on Investment
3.1.3 Demand Management
3.1.4 Service Portfolio Management
3.2 Service Design
3.2.1 Service Catalogue Management
3.2.2 Service Level Management
3.2.3 Capacity Management
3.2.4 Availability Management
3.2.5 IT Service Continuity Management
3.2.6 Information Security Management
3.2.7 Supplier Management
3.3 Service Transition
3.3.1 Transition Planning and Support
3.3.2 Change Management
3.3.3 Service Asset and Configuration Management
3.3.4 Release and Deployment Management
3.3.5 Service Validation and Testing
3.3.6 Evaluation
3.3.7 Knowledge Management
3.4 Service Operation
3.4.1 Event Management
3.4.2 Incident Management
3.4.3 Request Fulfilment
3.4.4 Problem Management
3.4.5 Access Management
3.4.6 Service Desk
3.4.7 Technical Management
3.4.8 Application Management
3.4.9 IT Operations Management
3.5 Continual Service Improvement
3.5.1 The 7-Step Improvement Process
3.5.2 Service Measurement
3.5.3 Service Reporting

4 Experiences of SMBs with ITIL framework
4.1 Structure of the questionnaire
4.2 Method of data aggregation
4.3 Statistic conclusions about business in general
4.4 Statistic conclusions about level of organisational maturity
4.5 Statistic conclusions about ITIL implementation and experiences

5 An efficient holistic implementation plan
5.1 Concepts of planned organisational change
5.1.1 Business Reengineering
5.1.2 Organisational Development
5.1.3 Comparison of Business Reengineering and Organisational Development
5.2 The principle of Evaluation
5.3 The planning phase
5.3.1 Environment analysis
5.3.2 Analysis of known problems and unsatisfied customer requirements
5.3.3 Definition of the nominal state
5.3.4 Setup of an organisational change project

6 Conclusion

7 List of figures

8 List of tables

9 List of abbreviations

10 Bibliography

Appendix A

Appendix B

Appendix C

Appendix D

Appendix E

Appendix F

Appendix G

Appendix H

1 Introduction

1.1 Motivation

Communicating with company internal customers and serve them with services in an appropriate way is a challenge for most of Information Technology (IT) departments. The problem thereby is that the company internal customers think and act in business processes which get supported by functions (departments). On the other hand the IT departments think in technologies and act with their software, applications, servers and other IT related miscellaneous IT and telecommunication components.

Company internal customers request cost transparency, business corresponding functionality and quality which are seriously given in the minority of cases. A solution for this purpose is IT Service Management (ITSM), which is philosophically centred on the company internal customer’s perspective of IT supporting its business.

The motivation to write this master thesis is to describe how the Information Technology Infrastructure Library (ITIL) framework in version 3 enables ITSM in small and medium-sized business (SMB).

1.2 Problem Description

The ITIL framework is the most known model for ITSM. It describes on a conceptual basis how the provided applications and other IT and telecommunication components as well as the staff productivity can be merged to IT Services. The main intention of ITIL is company internal customer orientation and management of IT Services instead of applications or other IT and telecommunication components.

In addition to the improved quality of IT Services and the superior company internal customer orientation, the expenses of formalism and controlling raise due to the complexity of ITIL. This is one of the most reasons for IT departments of SMB not to deal with the ITIL framework in spite of possible improvement of quality.

It is difficult to find out which methods and recommendations of ITIL should get implemented, which should get partly implemented and which should be ignored. All the content of the ITIL publications by the Office of Government Commerce (OGC) interact together and bring along a lot of coherences and dependences.

1.3 Objective

The objective of this master thesis is to circumstantiate an efficient holistic implementation plan of the ITIL framework in version 3 for SMB in due consideration of all coherences and dependences to assure optimum quality of implementation. With such a plan, the SMBs are in a position to generate as much as possible achievement compared with an adequate scale of effort. The SMB has also the assurance that only the appropriate parts of ITIL framework are affected.

This implementation plan bases on the identified experiences of SMB with ITIL, their fulfilment of company internal customer needs and the possibilities to reduce the extensiveness of methods and recommendations in due consideration of all coherences and dependences.

1.4 Structure of this master thesis

Explaining and circumstantiating the implementation plan of ITIL for SMB, the essential content is structured as described below.

Chapter 1 introduces in the master thesis. It explains the motivation, the problem description, the objective and the structure.

Chapter 2 and 3 gives an overview of ITSM and the ITIL framework in version 3 as a basis for the implementation plan next to the experiences and needs of SMB.

Chapter 4 describes the experiences of SMB with ITIL, their experiences with company internal customer satisfaction and their needs based on a survey.

Chapter 5 describes how the ITIL framework in version 3 has to be tailored and implemented to match the requirements and conditions in due to all coherences and dependences.

Chapter 6 is my conclusion.

2 IT Service Management

The terms ITSM, IT Service and others involved are not owned by an author, an organisation or vendor. There are few definitions which describe more or less the same. It is important to understand at the beginning of this master thesis what ITSM exactly is and to know its context.

At first I define for this master thesis, based on the recommended definitions of authors of essential lecture, the terms and their relations and coherences.

The significant lecture concerning this question is coming from the

- International Organization for Standardization (ISO), from the
- Information Technology Service Management Forum (itSMF) and the
- Office of Government Commerce (OGC) – author of ITIL.

(cf. Van Bon et al 2007, p. 321)

The ISO “…is the world’s largest developer and publisher of international standards. It is also a network of the national standards institute of 159 countries as well as a non-governmental organization that forms a bridge between the public and private sectors. It’s central secretariat is in Geneva, Switzerland…” (ISO 2009)

The itSMF is “…a global, independent, internationally recognized not-for-profit organization dedicated to support the development of IT Service Management, […]. It consists of a growing number of national chapters (40+), with itSMF International (itSMFI) as the controlling body.” (Van Bon et al 2008, p. 13)

The OGC is “…an independent office of HM Treasury, established to help Government deliver best value from its spending. […] OGC provides policy standards and guidance on best practice in procurement, projects and estate management, and monitors and challenges Departments' performance against these standards, grounded in an evidence base of information and assurance.” (OGC 2009)

2.1 Definitions of terms by ISO

The ISO defines the term Service Management as “Management of services to meet the business requirements” (ISO 2005a, p. 3).

The terms Managed Service, Service or IT Service are used in the same understanding plenty of times but they are not explained exactly nor defined.

2.2 Definition of terms by itSMF

The itSMF defines the term IT Service Management as “Service Management is a set of specialized organizational capabilities for providing value to customers in the form of services” (Cartlidge et al 2007, p. 6).

The term Value is described as “Value is the core of the service concept. From the customer’s perspective, value consists of two core components: utility and warranty. Utility is what the customer receives, and warranty is how it is provided.” (Van Bon et al 2008, p. 19).

The term Service is described as “A means of delivering value to customers by facilitating outcomes the customers want to achieve without the ownership of specific costs or risks. Outcomes are possible from the performance of tasks and they are limited by a number of constraints. Services enhance performance and reduce the pressure of constraints. This increases the chances of the desired outcomes being realized.” (Van Bon et al 2008, p. 19).

2.3 Definition of terms by OGC

OGC describes the term IT Service Management as “The implementation and management of Quality IT Services that meet the needs of the business. IT Service Management is performed by IT Service Providers through an appropriate mix of people, Process and Information Technology.” (OGC 2007d, p. 243).

The term IT Service is described as “A Service provided to one or more Customers by an IT Service Provider. An IT Service is based on the use of Information Technology and supports the Customer’s business processes. An IT Service is made up from a combination of people, Processes and technology and should be defined in a Service Level Agreement.” (OGC 2007d, p. 243).

The term Business is described as “An overall corporate entity or Organization formed of a number of business units. In the context of ITSM, the term business includes public sector and not-for-profit organizations, as well as companies. An IT Service Provider provides IT Services to a Customer within a business. The IT Service Provider may be part of the same business as its Customer (internal Service Provider), or part of another business (external Service Provider)” (OGC 2007d, p. 235).

The term Customer is described as “Someone who buys goods or Services. The Customer of an IT Service Provider is the person or group that defines and agrees the Service Level Targets. The term Customers is also sometimes informally used to mean Users, for example ‘this is a Customer-focused Organization’” (OGC 2007d, p. 239).

The IT Service continuum differentiates between three management strategies. The IT Systems Management, the IT Service Management and the Business Service Management (see Figure 1). The IT management continuum says that the Value to Business forces up from IT Systems Management to IT Service Management and finally to Business Service Management (cf. OGC 2007d, p. 119ff.).

Abbildung in dieser Leseprobe nicht enthalten

Figure 1: The IT management continuum (OGC 2007d, p. 123)

Managing all relevant IT components (e.g. servers, applications) and make sure their operational availability, functionality and reliability is given, is understood as IT Systems Management. Hereby the focus is on technical environment and not directly on business (cf. OGC 2007d, p. 119ff.).

While managing IT components operational availability, functionality and reliability, the management of IT Services is centred on business needs. It is not enough to focus on operational information about the infrastructure’s health even though it is very critical. If there is a link between the activities of an internal IT Service Provider with the objectives of business and all services and IT components are combined in a cohesive set, it concerns the IT Service Management (cf. OGC 2007d, p. 119ff.).

Business Service Management combines the business process activities and IT Services to a manageable set. While during IT Service Management the customer centric focusing of IT Services is the essential, at business Service Management the focus lies on enabling and management of end-to-end business processes. The Service responsible manages not only IT Services but rather completely business process activities. This is called business services (cf. OGC 2007d, p. 119ff.).

3 ITIL framework in version 3

This chapter describes the ITIL framework in version 3. The main publication by OGC counts more than 1600 pages with details on the management system IT Service Management, methods for implementing and executing as well as principles, best practice proposals and recommendations for organisation changes and technology. From this angle it would be impossible to address all information in detail within this chapter. For the conclusion of this master thesis it is important to get an overview about the ITIL theory in its entirety but not in detail. ITIL framework in version 3 is the actual publication of OGC and describes ITSM practices for the IT Service Provider, irrespective of its situation as internal or external provider. ITIL version 1 and version 2 have been developed in the United Kingdom during the late 1980s, the early 1990s and 2002 by the Government Information Technology Infrastructure Management Methodology (GITMM) which is known as OGC nowadays. ITIL in version 3 is advancement, has been published in 2007 and consists of the following publications:

- Introduction to ITIL Service Management Practices

The ITIL Service Management practices core guidance:

- Service Strategy (SS)
- Service Design (SD)
- Service Transition (ST)
- Service Operation (SO)
- Continual Service Improvement (CSI)

(cf. Van Bon et al 2008, p.13ff., OGC 2007f, p. 3ff.)

Having the best technology in place does not ensure a sustainable service for business. It is not just the technology that makes service reliable. It is how they are managed. This is Service Management. The aim of the ITIL practices is the provision of stable and reliable services which were seen as a trusted utility by business.
ITIL mentions best practices applicable to all types of Service Providers. The ITIL Service Management Practices are structured in three main sets:

- ITIL Service Management practices - core guidance are structured in form of a lifecycle. They are the main publications by OGC (Introduction to ITIL Service Management Practices, Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement (see Figure 2)).

- ITIL Service Management practices – complementary guidance are a living library and support and enhance the guidance in the ITIL core for specific industry sectors, organisation types, operating models and technology architectures. This master thesis does not further respond on the complementary guidance.

- ITIL web support services are case studies, templates and a discussion forum for a closed user group on the Internet (www.itil-live-portal.com). The subscription is with costs. This master thesis does not further respond on the complementary guidance.

(cf. OGC 2007f, p. 4ff.)

Abbildung in dieser Leseprobe nicht enthalten

Figure 2: The Service Lifecycle (OGC 2007d, p. 24)

3.1 Service Strategy

Service Strategy (SS) is critical for all ITIL service lifecycle processes. It delivers guidance with designing, developing and implementing Service Management as the centre of the lifecycle. The mission of Service Strategy is to enable an organisation to achieve and maintain a strategic advantage. For that, Service Strategy describes what should be provided to the customers and of what it should consist. Furthermore the kinds of Service Provider types, service provisioning models and organisational improvements are described and recommended (cf. OGC 2007d, p. 1ff.). Service Management has to provide a value to the customer. Service value creation is the result of a combination of utility and warranty of an IT Service (see Figure 3). The Value creation depends on either of both, they are necessary, neither is sufficient by itself. Utility as well as warranty have to be considered as a separate factor of value.

- Utility is the characteristic of an IT Service which have a positive effect on business. The removal or partly removal of constraints on service performance is also appreciated as a positive effect. The causal effect of utility is the increase of a possible profit.

- Warranty means IT Services are available with adequate capacity in continuity and security when needed. The causal effect of warranty is the decline in possible losses.

(cf. OGC 2007d, p. 17, Van Bon et al 2008, p. 24ff.)

Abbildung in dieser Leseprobe nicht enthalten

Figure 3: Logic of value creation through services (OGC 2007d, p.17)

ITIL recommends to cognize the value network to enable relationships with customers, suppliers and organisation internal. The value creation is done by exchange of knowledge, information and goods or services between partners/suppliers, customers and groups or organisations (cf. OGC 2007d, p. 47ff.).

Service assets are used by the Service Provider to create the utility and warranty for value creation: resources and capabilities.

- Resources are the components which produce the IT Service. These components are management, organisational structures, processes and knowledge.

- Capabilities are the capacities of a Service Provider to enable the resources to generate the value for business at an adequate level of quality (availability, capacity, continuity, security). These are financial capital, infrastructure, applications and information.

(cf. OGC 2007d, p. 38ff.)

ITIL distinguishes between three types of Service Providers which provide these service assets to customers. This is done to understand which aspects of Service Management are reasonably applicable to organisations and business of a Service Provider. This separation is done to facilitate customers for their decision on Service Providers – matching need to capability (see Figure 4).

- Type I – internal Service Providers are providers who deliver the IT Services within their own business units.

- Type II – shared services units are providers who deliver their IT Services to more than one business unit.

- Type III – external Service Providers are providers who deliver their IT Services to external customers in competing business

(cf. OGC 2007d, p. 41ff.)

Abbildung in dieser Leseprobe nicht enthalten

Figure 4: Customer decisions on Service Provider types (OGC 2007d, p. 45)

Customers should select by the model of service provisioning, which IT Services should be sourced and delivered. Service Providers use these models under consideration of financial management impacts of on-shore, off-shore or near shore variants.

- Managed Services; Provision of an IT Service to a business unit which requires it for itself. Funding is also done by the business unit.

- Shared Services; Provision of multiple IT Services to one or more business units. Funding of the IT Services is done subdivided by specific agreements.

- Utility based provisioning; Provision of IT Services to one or more business units on the basis of how much is required. Funding of the IT Service is done by utilisation.

(cf. OGC 2007d, p. 104ff.)

To ensure high quality of realised activities, ITIL recommends based on lifecycle phase processes being carried out that all issues concerning the topics are fulfilled. For SS these processes are Financial Management, Return on Investment (ROI), Demand Management and Service Portfolio Management (SPM).

3.1.1 Financial Management

Financial Management does not exist solely within the holistic financial domain. For an internal Service Provider the IT-Financial Management is an integrated part of company’s financial management. It covers all activities which are responsible for managing a provider’s budget, charging and accounting requirements.

IT provides operational forecasting, the value of IT Services as well as the value of the underlying assets in form of financial terms to the customer and provider. It provides also information regarding efficient and cost-effective service delivery and allocates expenditures directly to IT Services. The basic concepts are:

- Provisioning values are the creation costs of an IT Service (e.g. hardware costs, software licence costs, annual maintenance costs, personnel costs, facility costs, tax funds, compliance costs)

- Service value potential is the added value for the customer based on its perception of value from the IT Service or expected utility and warranty of usage of the IT Service, compared with the customer’s assets.

(cf. OGC 2007d, p. 97ff.)

All costing and budgeting activities which are typically for an Service Provider bases on the IT Services. So, a correct funding for the delivery of an IT Service calls for analysis and searching for the many variables that have an impact on the IT Service costs. Variable Cost Dynamics (VCD) do so by taking an insight on direct respectively indirect costs, labor costs, variable costs as well as on the complexity of delivery and utilisation (cf. OGC 2007d, p. 103ff.).

3.1.2 Return on Investment

“ROI is used as a measure of the ability to use assets to generate additional value. In the simplest sense, it is the net profit of an investment divided by the net worth of the assets invested. The resulting percentage is applied to either additional top-line revenue or the elimination of bottom-line cost.

- Business case – a means to identify business imperatives that depend on Service Management

- Pre-Programme ROI – techniques for quantitatively analysing an investment in Service Management

- Post-Programme ROI – techniques for retroactively analysing an investment in Service Management.”

(OGC 2007d, p. 112)

3.1.3 Demand Management

It is not possible to create IT Services and store them until customers demand evolves. Within IT the production and consumption of IT Services is done synchronously and dealing with demands has to be done in a pull-system, in which consumption cycles initiate production cycles (see Figure 5). Demand Management has to understand customer’s demands and has an impact on them. This is done by analysis of customer’s business and user profiles as well as by setting different charging models to encourage customers to use IT Services at less busy times. The basic concepts are:

- Service packages consist of a Service Level Package and one or more core and supporting IT Services. It is a detailed description of an IT Service provided for customers.
- Service Level Packages (SLP) are designed to be up to the business activity’s mark and describe a defined level of utility and warranty for a particular service package.
- Core service Package (CSP) is a detailed description of a core service that is shared by Service Level Packages.
- Line of Service (LOS) is a set of different entities of a core or supporting service that supports different Service Packages.

(cf. OGC 2007d, p. 129ff.)

Abbildung in dieser Leseprobe nicht enthalten

Figure 5: Business activity influences patterns of demand for services (OGC 2007d, p. 130)

3.1.4 Service Portfolio Management

The aim of Service Portfolio Management is the creation of maximum value by managing risks and costs. It shows IT Services in term of business value. Service Portfolio Management is an ongoing process for investments across the lifecycle of an IT Service. It guides the IT Service from concept via design, transition and operational status till its retirement. Service Portfolio Management directs in terms of financial values (cf. OGC 2007d, p. 119ff.). The main utilities (see Figure 6) are:

- Service Catalogue is a detailed overview of all actual provided IT Services of a Service Provider and is visible to the customer.
- Service Pipeline consists of all IT Services that are in planning or development. It is a strategic foresight, all IT Services within the pipeline get applied into the production via the Service Transition lifecycle phase.
- Retired Services are phased out and were not offered to the customer. It is necessary to guarantee all agreements with customers to control phased out IT Services within the Service Transition lifecycle phase.

(cf. OGC 2007d, p. 119ff.)

Abbildung in dieser Leseprobe nicht enthalten

Figure 6: Service pipeline and service catalogue (OGC 2007d, p. 74)

3.2 Service Design

Service Design (SD) is next to SS a stage in the Service lifecycle and supports business change process as an important facilitator (see Figure 7). Within this lifecycle stage, appropriate and innovative IT Services including their architectures, processes, policies and documentations are designed according actual and upcoming requirements by business.

Abbildung in dieser Leseprobe nicht enthalten

Figure 7: The business change process (OGC 2007b, p. 23)

This stage starts with a set of business requirements and ends with the designed service solution in form of a Service Design Package (SDP) ready to handover to the next stage, Service Transition (see chapter 3.3) (cf. OGC 2007b, p. 11ff.). A Service Design Package is “Document(s) defining all aspects of an IT Service and its Requirements through each stage of its Lifecycle. A Service Design Package is produced for each new IT Service, major Change, or IT Service Retirement.” (OGC 2007b, p. 309).

Abbildung in dieser Leseprobe nicht enthalten

Figure 8: Service Composition (OGC 2007b, p. 24)

As described in chapter 3.1, an IT Service provides a required utility under respect of an agreed warranty, produced by capabilities with the resources (see Figure 8). How to develop such an IT Service depends strongly on the decision which service delivery model is chosen. ITIL characterises the following main service delivery strategies:

- Insourcing; Internal resources are used for design, transition, operation and improvement for IT Service.
- Outsourcing; The opposite of insourcing is outsourcing. Thus, design, transition and operation for the IT Service is done by external organisations.
- Co-sourcing; A combination of insourcing and outsourcing in which various outsourcing organisations work together through the whole lifecycle.
- Partnership or multi sourcing; Multiple organisations make formal agreements with focus on strategic partnerships (to create new market opportunities).
- Business Process Outsourcing (BPO); An external organisation takes over a business process or a part of it in order to save costs partly (eg. call center).
- Application Service Provision (ASP); IT-based IT Services are offered to customers over a technical network.
- Knowledge Process Outsourcing (KPO); Is an enhancement of Business Process Outsourcing and offers knowledge of a (part of a) process or knowledge of an entire work area.

(cf. OGC 2007b, p. 50ff.)

The Service Design lifecycle stage follows the demand management of Service Strategy and proceeds to Service Transition stage. Trough the Service Design stage the Design Package of Demand Management will be aligned to the Service Portfolio and designed and developed with the aid of the following processes (see Figure 9):

- Service Catalogue Management (SCM)
- Service Level Management (SLM)
- Capacity Management
- Availability Management
- IT Service Continuity Management
- Information Security Management
- Supplier Management

(cf. OGC 2007b, p. 59ff.)

Abbildung in dieser Leseprobe nicht enthalten

Figure 9: Service Design - the big picture (OGC 2007b, p. 60)

3.2.1 Service Catalogue Management

The Service Catalogue Management (SCM) within Service Design provides a single, consistent source of information on all active IT Services and ensures that it is available for whom it concerns. The Service Catalogue is a subset of the Service Portfolio and consists of active IT Services. The Service Portfolio (as described in chapter 3.1.4) describes the entire process, starting with business requirements and execution of IT Services. It contains all active and inactive (in pipeline, retired) IT Services in their various phases. SCM includes the following activities:

(1) Definition of an IT Service including all interfaces and dependencies between the IT Services and the underlying core and supporting services.
(2) Maintenance of the Service Catalogue.
(3) Maintenance of the dependencies and consistency between the catalogue and the Service Portfolio.

The Service Catalogue has two aspects (see Figure 10):

- The Business Service Catalogue; Contains details of all IT Services (also named as Business Services in some parts of the ITIL publications) which are actually provided to business with relationships to business units and business processes. The Business Service Catalogue can also be seen as the customer’s view to the Service Catalogue.

- The Technical Service Catalogue; Contains all components which are necessary to enable an IT Service. These components are the core services and the supporting services. Core services deliver the basic outcomes desired by the customers for which they are willing to pay. Supporting services either enable or enhance value proposition. Core and/or supporting services are the capabilities and resources of an IT Service (see Figure 8).

(cf. OGC 2007b, p. 59ff.)

Abbildung in dieser Leseprobe nicht enthalten

Figure 10: The Business Service Catalogue and the Technical Service Catalogue (OGC 2007b, p. 62)

3.2.2 Service Level Management

Service Level Management (SLM) ensures that an agreed service level is written, reviewed and reported at regular intervals. Within the scope of Service Level management are external interfaces of a Service Provider to customers and suppliers as well as internal interfaces to another parts of its organisation.

The distinction is done by:

- Service Level Agreements (SLA); Agreements which cover the utility and warranty between the customer and the Service Provider.
- Operational Level Agreements (OLA); Agreements which define the goods or services that are provided from a department to another within the same organisation.
- Underpinning Contracts (UC); Agreements which manage the delivery or support of supplier’s benefits.

The OLA and UC define targets and responsibilities that are required to meet agreed service level targets in an SLA. (cf. OGC 2007b, p. 65ff.). The methods, activities and techniques within SLM are:

(1) Design of SLA frameworks; Design of an appropriate SLA structure to cover all services and customers in a manner best suited to organisational needs:

a. Service-based SLAs; One SLA covers one IT Service for all customers of that IT Service.

b. Customer-based SLAs; One SLA with one customer containing all IT Services it uses.

c. Multi-level SLAs; Three layer structure: Corporate layer covers all SLM issues appropriate to every customer. Customer layer covers all SLM issues appropriate to particular customer groups, business units or domains. Service layer covers all SLM issues to a specific IT Service in relation to a defined entity or the customer layer.

(2) Determining, documenting and agreeing requirements for new services and production of Service Level Requirements (SLR); After completion of the service catalogue and SLA frameworks, the SLRs have to be discussed and agreed with the customer. These SLRs are the basis for the next steps.

(3) Monitoring service performance against SLA and reporting; Measurement of all Service Level Requirements and deviations from thresholds.

(4) Reviewing of the underlying agreements; Regular check if the IT Service underlying agreements (OLA, UC) are within constraints deduced from the accordant SLA.

(5) Reviewing and improving IT Services; Consulting the customer to evaluate the utility and warranty of the IT Service on a regular basis. Measures derived from these reviews have to be documented and managed in a Service Improvement Plan (SIP).

(cf. OGC 2007b, p. 66ff.)

3.2.3 Capacity Management

During the Service Design stage, Capacity Management plans the business, service and component capacities deduced from the Service Packages (see chapter 3.1.3). Capacity Management is then executed across the whole lifecycle. The most important element within the Capacity Management is the Capacity Management Information System (CMIS) that provides relevant and aligned information for the management of Business, service and component capacities. Therefore the three sub processes are:

- Business Capacity Management; With a focus on current and future business needs, the customer requirements are translated into specifications for IT Services.
- Service Capacity Management; Based on the specifications from BCM, Service Capacity Management monitors IT Services, measures their performance, analyse and reports them. This is done to ensure that the IT Services meet their SLA targets
- Component Capacity Management; CCM does basically the same as SCM but with focus on components that enables IT Services such as processors, networks, and bandwidth.

So the main activities within the Capacity Management are:

(1) reactive actions, such as monitoring and measuring

(2) proactive activities, such as predicting future requirements and trends

(cf. OGC 2007b, p. 79ff.)

3.2.4 Availability Management

While Capacity Management deals with current and future business needs on capacity issues, Availability Management proceeds with needs on availability. This process has to ensure that the agreed level of IT Service availability meets its agreed targets across the entire lifecycle. Availability Management includes designing, implementing, measuring, managing and improving IT Services and its components availability as an important part of the SDP. Therefore the following aspects get monitored, measured, analysed and reported:

- Availability; The ability of the IT Service and its components to be available when required.
- Reliability; The time period while an IT Service and its components are available without interruption (mean time between system incidents (MTBSI) and mean time between failures (MTBF)).
- Maintainability; How effectively and quickly an IT Service and its components can be restored after a failure (Mean time to restore service (MTRS)).
- Serviceability; The ability of an external IT Service Provider or supplier to meet the terms of their UCs.

To optimise the availability of IT Services, a detailed analysis of an incident lifecycle is required. The standardised way to spread an incident is described in the expanded incident lifecycle which defines the start and end of up and down time as well as the different steps within. The unavailability of an IT Service can be reduced by detecting root causes for high unavailability (see Figure 11) (cf. OGC 2007b, p. 100f.).

Abbildung in dieser Leseprobe nicht enthalten

Figure 11: The expanded incident lifecycle (OGC 2007b, p. 106)

For analysing an incident and improving of the aspects listed above, ITIL recommends the following metrics:

illustration not visible in this excerpt

(cf. OGC 2007b, p. 100f.)

All these aspects and metrics are aligned and stored in the Availability Management Information System (AMIS). Therefore the main activities are:

- Reactive activities such as monitoring, measuring, analysing and reporting the availability of IT Service, analysing unavailability and Service Failure Analysis (SFA).

- Proactive activities such as designing for availability, Component Failure Impact Analysis (CFIA), Single Point of Failure (SPOF) analysis, Fault Tree Analysis (FTA), risk analysis and management, production of the Projected Service Availability (PSA) document and continuous reviewing and improvement.

(cf. OGC 2007b, p. 97ff.)

3.2.5 IT Service Continuity Management

IT Service Continuity Management (ITSCM) ensures and maintains an appropriate recovery capability within IT Services to meet the requirements and timeframes of business in case of a calamity. As the main process interface of the Service Provider it supports the overall business continuity management process of customers. The basic concept is that IT Service continuity and recovery plans have been created and kept continuously aligned with the identified business continuity plans and business priorities. The main activities are:

(1) Initiation; Through this phase the entire organisation defines the policy, specifies conditions and scope, allocates necessary resources and defines an adequate management structure for implementing ITSCM.

(2) Requirements and strategies; Through this phase the business requirements for ITSCM and strategies get determined. ITIL recommends for identification of business requirements a Business Impact Analysis (BIA) and risk estimation. Suitable strategies have to cover risk-reducing measures as well as IT recovery options.

(3) Implementation; Through the implementation phase the ITSCM plan gets created corresponding to the approved strategy. This plan describes disaster organisation as well as which IT Services have to be recommissioned in case of a disaster. If calamities occur, leadership and decision-making processes change. A senior manager has to be in charge for the accomplishment.

(4) Ongoing Operations; To assure an adequate ITSCM plan, education and awareness trainings, regular scenario and walkthrough tests have to be carried out.

(cf. OGC 2007b, p. 125ff.)

3.2.6 Information Security Management

The aim of information security management is to keep information security aligned with business security and to ensure that information security is managed effectively. The essential components therefore are:

- An information security policy
- An Information Security Management System (ISMS)
- A comprehensive security strategy
- An effective security organisation
- A set of security controls according to security policy
- A risk management
- Training and awareness plans

Information security management gets initialised through the service design and has to be done while all follow-up stages of the IT Service lifecycle. For this reason, the ISMS has to be considered during the design of each service, changes of organisation and processes and all other activities which have impact on it. Information security management is not only a technical issue.

The main activities are:

(1) Operation, maintenance and distribution of information security policy

(2) Assessment of information

(3) Implementation and documentation of the security controls in processes, systems, facilities etc.

(4) Monitoring and management of breaches and security incidents

(cf. OGC 2007b, p. 141ff.)

3.2.7 Supplier Management

To ensure a seamless quality of IT Services, Service Providers have to pay attention on all involved parties while design, transition and operation stages of the IT Service. These are inter alia suppliers and the services supplied by them have also to be managed. Under consideration of the expectation value network (see chapter 3.1) this should be realised in form of a partnership.

Abbildung in dieser Leseprobe nicht enthalten

Figure 12: Contract Lifecycle (own illustration 2009, cf. Van Bon et al 2008, p. 101)

The basic concept of supplier management is that all activities within have to result from a supplier strategy. To ensure that, important information has to be available for all these activities. A Supplier and Contract Database (SCD) has to be used by each activity within this process (see Figure 12). The essential aim of SLM is drawing up a formal UC which is not covered by supplier management. But it is necessary to identify the performance of suppliers from SLM reviews and bear it in mind during categorisation activities. The categorisation has to point out the impact of a supplier and its services on the Service Provider. Therefore it is necessary to structure all suppliers according to the following focal points:

- Intensity of risks and impact of supplier
- Intensity of value potential and importance of supplier
- Dependency of the supplier from the Service Provider and vice versa

(cf. OGC 2007b, p. 149ff.)

3.3 Service Transition

As illustrated in Figure 2, Service Transition is a stage in the lifecycle of an IT Service. The aim of Service Transition is to deliver IT Services which are given over by Service Design in form of an SDP into operational use. It is always important to recognise changed business circumstances, assumptions or requirements during the Service Transition stage because it is the last facility to change required services. ITIL defines the scope of Service Transition as “Service Transition includes the management and coordination of the processes, systems and functions required for the packaging, building, testing, deployment of a release into production and establish the service specified in the customer and stake-holder requirements.” (Van Bon et al 2007, p. 93) Key Principles of Service Transition are:

- For an effective Service Transition it is essential to know its nature and purpose in terms of the outcomes or removed business constraints and assurances that utilities will be delivered à Understanding all services, their utility and warranty.
- Consistency and comprehensiveness ensure that no services, stake-holders, occurrences are missed out and so cause service failures à Establishment of a formal policy and framework for change implementation.
- Involving all relevant parties, ensuring knowledge availability and reusable work delivers effective Service Transition à Support of knowledge transfer, decision support and reuse of processes and systems.
- Full documentation of proactive determination of likely course corrections à Anticipation and management of course corrections.
- Ensuring involvement of Service Transition through the whole IT Service lifecycle.

(cf. OGC 2007e, p. 24ff., Cartlidge 2007, p.24f.)

The Service Transition stage provides processes which have impact across all lifecycle stages and processes which are mainly focused on its stage. The whole lifecycle processes are:

- Change Management
- Service Asset and Configuration Management (SACM)
- Knowledge Management

Processes focused on Service Transition, but not exclusive to the stage are:

- Transition Planning and Support
- Release and Deployment Management
- Service Validation and Testing
- Evaluation

3.3.1 Transition Planning and Support

The transition planning and support process has to ensure that the planning and coordination of resources is done for realisation of all specifications described in the SDP. Additionally the identification, management and minimisation of risks is handled by this process to identify and minimise the risks which can interrupt the service during transition. Within the scope of Service Transition are design specifications as well as management of plans, supporting activities, transition progress, risks, deviations and processes and their supporting systems and tools. Within transition planning and support release (see chapter 3.3.4) guidelines and policies are defined, which should contain at least

- Naming conventions, distinguishing release types (major, minor or emergency release),
- Roles and responsibilities,
- Release cycle,
- Approach for accepting and grouping changes into a release,
- Entry and exit criteria and authority for acceptance of the release into the controlled test, training, disaster recovery and production environment and
- Criteria authorisation for leaving Early Life Support (ELS) and handover to service operation.

Main activities of Service Transition are:

(1) Setup of a transition strategy; The transition strategy defines the global approach to Service Transition and the assignment of resources.

(2) Preparation of Service Transition; The preparation consists of analysis and acceptance of input from other service lifecycle stages; identifying, filing and planning Request for Changes (RfC), monitoring the baseline and transition readiness.

(3) Planning and Coordination of Service Transition; An individual Service Transition plan describes the tasks and activities required to roll out a release in a test and production environment.

(4) Support; Service Transition advises and supports all stake-holders. The planning and support team will provide insight for stake-holders regarding Service Transition processes and supporting systems and tools.

(cf. OGC 2007e, p. 35ff.)

3.3.2 Change Management

Change Management enables changes to be made with minimal disruption to IT Services. This process ensures that changes are deployed in a controlled way such as recording, evaluating, authorising, prioritising, planning, testing, implementation and documentation. Therefore it is necessary to have standardised methods for efficient and prompt handling of all changes. Typically the process should be used for defined Configuration Items (CIs) (see chapter 3.3.3). The process addresses all IT Service changes. ITIL defines a Service Change as “The addition, modification or removal of authorized, planned or supported service or service component and its associated documentation.” (OGC 2007e, p. 43) The ITIL Change Management process scope covers IT Services within the Service Portfolio and Service Operation (see Figure 13). Other changes should be defined by the service provider and managed by appropriate procedures in a narrow reconciliation with the change management process.

Abbildung in dieser Leseprobe nicht enthalten

Figure 13: Scope of change and release management for services (OGC 2007e, p. 43)

How Service Changes, Changes and CIs are arranged among each other is described in chapter 3.3.3. The basic types of changes are:

- A Request for Change (RfC) which is a formal request to change one or more CIs.

- A normal change which is the addition, modification, or elimination of an authorised, planned or supporting service (or component) and its related documentation.

- A standard change which is a pre-authorised (or pre-approved), low risk and relatively common change. Standardised procedures or work instructions should be in place for it (eg. provision of standard equipment, new user account, password reset).

- An emergency change which is a change that must be transferred as soon as possible to resolve a major incident (see chapter 3.4.2) or implement a security patch.

(cf. OGC 2007e, p. 46ff.)

[...]