Title: IT Delivery and Support Maintaining Service Levels and Business Objectives
1IT Delivery and SupportMaintaining Service
Levels and Business Objectives
- CARTAC/CGBS IT Workshop for Regional Bank
Examiners 2009 - Peter Quinn
- June 22, 2009
2Agenda
- Service Levels and Measurement
- Business Objectives? Do we understand?
- Psychology of Delivery
- Trends in measuring performance, delivery
- Risk
- What do we need to do
3Service Levels and Measurement
- Most common measurements/Metrics
- Uptime98.5...or something
- Reflects availability of systems
- Sort of a group measurement
- Meaningful?.....we will explore
- Peak vs. Non-peak
- Understanding the critical business hours of
activity or need for systems - I.E. Branch hours of 830am to 300pm
- Relevant in an e-World?
4Service Levels and Measurement cont.
- What does IT really need to deliver today?
- Core systemssure
- But what about
- Very specific time windows in the enterprise?
- Individual PC performance
- Excel?
- Network and system (what is the system today?)
access on weekends - And is availability just within a traditional
corporate facility?
5Business Objectives? Do We Really Understand?
- Simply put
- We are in the business to make money
- And profits are a cost of doing business
- IT Perspective
- What are business objectives?
- Defined by whom
- Prioritized by who and or what corporate bodies?
- Delivered how?
- Measured as delivered by what metrics?
- All about meaningful Governance, often very
illusive
6Business Objectives? Do We Really Understand?
- My very simple definition
- Delivering what you require, when you require it,
in a form usable for that context in a secure
manner..this is a mouthful! - Challenges
- Successfully getting the business to define what
it is they real want and require - Getting IT to deliver what the business has said
they require and doing it when, in usable
context and securely, consistently bad English
but you get the gist
7The Psychology of Delivery
- Lets start with 98.5 uptime
- Does 2.5 matter? In what context?
- If I say 98.5 is good enough, does that
automatically allow me to dismiss minor
aberrations? - Is striving for anything less than 100
acceptable today? - And, by the way, is it achievable?
- Is 98.5 good enough for NASA, a surgeon, a
policemen, a Lexus?
8The Psychology of Delivery cont.
- Projects
- Critical Success Factors
- 99.999 of transactions correct?
- Contract Delivery terms
- Severity 1 We are in the toilet Fix time?
- Severity 2 Substantial impact but systems are
operating Fix time? - Severity 3 Some impact but with workarounds
available Fix time? - Severity 4 Minor impact with workarounds
available Fix time?
9The Psychology of Delivery cont.
- Contract Delivery Times cont.
- Severity 1
- Acknowledge in, say one hour fix within 4 hours?
- Severity 2, 3, 4
- Remedial Efforts requiring parts
- Same severity criteria as above logistics are
defined by MTBF - Depot (s) on island
- Spares on other islands no spares!!!!!!
- At Fed Ex, UPS, DHL, etc.
10The Psychology of Delivery cont.
- Critical psychological impact of all of this
- Service organizations are, on average, getting
worse at fixing issues, timely and correctly - The Urgency of Now has been lost
- Less than excellence is an ingrained mindset
- We, IT (all areas.internal, external, etc.) talk
in techno babble and lace our lack of performance
with woes of complexity, bad vendors, well you
dont understand with no real relevance to the
business context. I can ping the router. - Systematic Problem Determination is a lost art,
sciencewe have forgotten the basics
11Trends in Measurement
- Think Service Catalog What are you doing
- Meaningful and usable frameworks available
- ISO
- ITIL
- Substantive umbrella vendor offerings
- CA UniCenter
- IBM Tivoli
- EMC
- HP OpenView
- Landscape is filled with failed initiatives
12Trends in Measurement cont.
- Goals
- Comprehensive view of the entire enterprise
- System performance
- Availability
- Server (CPU, Memory, Channel, etc.)
- Storage ( used, s of access where, what, ILM,
etc.) - Switches, Routers (Bandwidth Used,
Re-transmissions, etc.) - SLA Management
- Asset Management
- Change Management
- Application performance (availability, module
access, etc.) - Database performance (s,
- Predictable and Sustainable financials
13Trends in Measurement cont.
- First Global Financial 8 Dimensions of Customer
Service - CUSTOMER-CENTRIC ARCHITECTURE
- EXTENDED ENTERPRISE SECURITY
- TRANSACTION EFFICIENCY
- TRANSACTION PERFORMANCE
- VALUE FOR COST
- ANYTIME, ANYWHERE SERVICE
- AN ETHICAL AND COMPLIANT PARTNER
- CONSTANT STREAM OF NEW SOLUTIONS
14Trends in Measurement cont.
- More is available today than ever
- Lots of work and hard to define for ROI
- Successful initiatives start small and grow
- Too many shops suffer from Their eyes are bigger
than their stomachs - Trend is to SASS or ASP solutions
- Value for the money expertise
- Faster implementations
15Risk
- Really does need to be defined in each enterprise
and be almost element driven - Internal vs. External
- By application and its time impact
- s, reputation, regulatory
- Disaster Recovery vs. Business Continuity
Planning - People
16Risk cont.
- Internal vs. External
- As it has always been, internal risk remains the
highest (s of incidents, s, etc.), most
frequent and maybe the hardest to guard against - Most of us are externally focused and with a
growing number of potential attackers spread over
a much greater geographic landscape
17Risk cont.
- Application Risk Assessment
- Importance of the application to the enterprise
- Time relevance of its importance
- Relationship to other applications raises or
lowers the risk profile? - Can you run your business, recover, or what if
you have a problem? - Stability, TCO, malleability, delivery risk
profile - Vendor support risk
- Internal staff risk
18Risk cont.
- s, Reputation, Regulatory
- s
- Reputation risk
- ID theft
- Funds
- Regulatory
- Who needs this!
- How do you undo this if you get on the wrong side
of regulators?
19Risk cont.
- Disaster Recovery vs. Business Continuity
Planning - Too often, still mis-understood
- DR
- What is sufficient? Core only?
- Email Mission-Critical application?
- Business Continuity Planning
- How do you operate with without a data center?
- Access to documents?
- ??
20Risk cont.
- People
- Do you know who is critical and why?
- Is anybody that critical?
- Succession planning for all disciplines
- Hurricane Andrew and people
21What We Need To Do
- Have a meaningful discussion about what IT
delivers, when, why - Some simple questions to ask
- How does my business really operate?
- What is the impact of lack of application
availability to the business at what point in the
business day? - What is the business day?
- What is a meaningful service level?
- What is mission critical and why?
- How do you make sure the answers remain relevant
in a changing paradigm?
22What We Need To Do cont.
- Business Objectives
- You figured out how your business really runs
- A given
- Application availability
- Information availability
- People availability
- All with relevant security
- But what information do you really need to make
good decisions - Hourly, daily, weekly, monthly, quarterly,
annually?
23What We Need To Do cont.
- If you understand your information requirements,
does what you have (applications) and your
business processes yield that information? - Too often, IT is
- Creating another report.
- Another transaction
- Another application
- And or fixing some of or all of the above
24What We Need To Do cont.
- But are the business processes cannibalizing any
real opportunity to use information meaningfully - How do I put Peter Quinn in the system
- Once, many?
- As Peter Quinn, Quinn Peter, P Quinn, etc.?
- Can I find the Peter Quinn everywhere in my
enterprise? Easily? - Do I have unique identifiers? Use them with
consistency?
25What We Need To Do cont.
- What happens in the real world
- We do not have repeatable, sustainable, efficient
business processes thus - I have full Banking Halls and I do whatever I can
to move them through.correct idea of customer
service? - So what if I short cut the process, as long as I
move the customer along and they are not
frustrated because of the long wait - Do you have Quality Assurance to make sure this
doesnt happen? - Have you done Data Cleanup only to find out as
fast as you clean, the business process is
propagating dirty data just as quickly?
26What We Need To Do cont.
- What happens in the real world cont.
- And if I do have good governance of data and
business processes - Do our systems support that governance?
- Easily and cost effectively?
- And how important is this
- 360 view of the customer
- Customer profitability, liability
- Regulatory requirements
27What We Need To Do cont.
- We need, at a present state
- An Application Map
- A Data Map
- Architecture Map (all enterprise components)
- Understanding of our standards (or lack there of)
- Security map (deserves its own attention)
- A business map (who, what, where, when, why)
28What We Need To Do cont.
- We need to
- Map the present state unto itself
- Whats working and why
- What isnt working and why
- Create the short, medium and long term plan to
create the sustainable enterprise - All elements
- Business processes
- IT processes
- All IT elements
- Business process to sustain what it is you are
creating
29What We Need To Do cont.
- And you, as Bank Examiners
- Dig into the plans
- Challenge the status quo
- Is it real or is it Memorex what you are being
told? - In the new paradigm, what is secure, mission
critical, sustainable recovery, real business
continuity, the real risk? - Ask the tough questions