Information Technology Infrastructure Library ITIL

1
Information Technology Infrastructure Library
(ITIL)

• History, Concepts and Alignment to CobiT and ISO
  20000
• Thursday, October 12, 2006

2
Todays Objectives

• Learn about the history of ITIL
• Understand ITILs key objectives
• Discover all components of the ITIL Framework
• Visit each of the core 10 ITIL SM Processes
• Learn the importance of process interaction
• Understand the ISO 20000 alignment to ITIL
• Understand the alignment to CobiT Framework
• Learn about the future of ITIL

3
Dalibor Petrovic, I.S.P.Consulting Manager, IT
Strategy and Management, Deloitte
- Certified ITIL Service Manager- EXIN
International Exam Marker for ITIL Service
Manager Certifications- Certified CobiT
Professional- Certified ISO 20000 Internal
Auditor- Chair of itSMF Northern Alberta
4
WHAT IS ITIL?
Framework for Best Practices in IT Service
Management
A Library of Books
Defined Common Sense

• Origins
• British Governments effort to improve IT
  management
• Developed by the CCTA in the late 1980s
• Originally, a library of over 40 books that
  documented various IT Service areas, processes
  and standards
• Today, a library of 8 books, under the auspices
  of OGC

5
ITIL Objectives

• Three Key Objectives of IT Service Management
• Align IT Services with the Current and Future
  Needs of the Business and its Customers
• Improve Quality of IT Services
• Reduce Long-Term Costs of IT Service Provision

6
In the beginning
there was Deming!
7
The Deming Cycle
8
The Deming Cycle
9
The ITIL Library
Source OGC
10
ITSM Components
IT Service ContinuityManagement
Service Level Management
Availability Management
Release Management
Service Delivery Set
Capacity Management
Service Support Set
Change Management
FinancialManagementfor IT services
Configuration Management
Incident Management
Problem Management
11
(No Transcript)
12

• Service Support
• The Service Desk
• Incident Management
• Problem Management
• Configuration Management
• Release Management
• Change Management
• Service Delivery
• Service Level Management
• Availability Management
• IT Service Continuity Management
• Capacity Management
• Financial Management for IT Services

13
The Service Desk
The Service Desk
Goals

• To act as the single point of contact between the
  User and IT Service Management and track status
  of all customer interactions
• To handle Incidents and requests, and provide an
  interface for other activities such as Change,
  Problem, Configuration, Release, Service Level,
  and IT Service Continuity Management

14
Inputs to the Service Desk
The Service Desk
Information
15
Why a Service Desk?
The Service Desk
Essentials

• The Service Desk is more than just a Help Desk
• The first and single point of contact
• High quality support to meet business goals
• Help identify costs of IT services
• Proactive support and communication of changes
• Increase user perception and satisfaction
• Identification of business opportunities
• Identification of Training Opportunities

16
Responsibilities
The Service Desk
Activities

• Receive and record all calls from users
• Provide first-line support (using knowledge
  resources)
• Refer to second-line support where necessary
• Monitoring and escalation of incidents
• Keep users informed on status and progress
• Provide interface between ITSM disciplines
• Produce measurements and metrics

17
Incident Management
Incident Management
Goals
To restore normal service operation as quickly as
possible with minimum disruption to the business,
thus ensuring that the best achievable levels of
availability and service are maintained
Incident definition Any event which is not part
of the standard operation of a service and which
causes, or may cause, an interruption to, or a
reduction in, the quality of that
service Work-around definition A method of
avoiding an Incident or Problem either by
employing a temporary fix or technique so the
user is no longer reliant on a Configuration Item
(CI) that is known to cause failure

18
The Incident Life Cycle the monitoring and
tracking of Incidents
Incident Management
Activities
Including Impact and Urgency selection
Yes
No
Note. This is not Problem Closure
19
Categorization
Incident Management
Activities

• Service affected (and possibly by association the
  affected SLA)
• User perception of failure in terms of the Users
  inability to do something
• Batch job output has not been received
• I cant print, connect to a server or access an
  application
• Category and details of CI thought to be at fault
• Category and details of CI eventually found to be
  at fault
• The fault in the CI, the quick fix and the action
  taken, etc.

20
Impact, Urgency Priority
Incident Management
Definitions
21
Incident Management
Illustrative Example
Payroll Application System run once per month to
run payroll
Bank Teller Application System used by cashiers
in bank to transact on accounts
22
Escalation
Incident Management
Definitions
Hierarchical escalation would typically include
authorization, resources and/or cost
Hierarchical (authority)
Functional (competence)
Functional escalation might include specialist
groups e.g. Unix Group
23
Functional Escalation
Incident Management
Activities

• The use of support teams is important in
  efficient incident resolution.
• First line support deals with the communication
  to the user, resolution of known incidents (e.g.
  password resets)
• allowing the second and subsequent levels to
  focus on resolving assigned incidents.
• Targets are often set for improving the
  percentage of incidents resolved at first level.

24
Problem Management
Problem Management
Goals
To minimize the adverse effect on the business of
Incidents and Problems caused by errors in the
infrastructure, and to proactively prevent the
occurrence of Incidents, Problems and Errors.

• Problem definition
• Unknown cause of one or more incidents
• Known Error definition
• An Incident or Problem for which the root cause
  is known and for which a temporary work around or
  permanent alternative has been identified

25
Problem Flow
Problem Management
Information
Incidents
Service Desk
Problem
Known Error
Change Process
26
Configuration Management
Configueration Management
Goals

• Enabling control of the infrastructure by
  monitoring and maintaining information on
• Configuration Items (CI) needed to deliver
  services
• CI status and history
• CI relationships
• Valuable CIs (monetary or service)
• Providing information on the IT infrastructure to
  all other processes and to IT Management

27
Configuration Management
Configueration Management
Definitions

• Configuration Item (CI) a component of an IT
  infrastructure which is (or is to be) under the
  control of Configuration Management and therefore
  subject to formal change control
• Configuration Management Database (CMDB) a
  database which contains details of the attributes
  and history of each CI and the relationships
  between CIs
• Baseline a snapshot of the state of a CI and
  its components or related CIs, frozen in time for
  a particular purpose, such as
• The ability to return a service to a trusted
  state if a change goes wrong
• A specification for copying the CI or for a
  roll-out
• The minimum CIs needed to maintain vital Business
  Functions after a disaster

28
Major CI Types
Configueration Management
Definitions
Documentation Designs Reports Agreements
Contracts Procedures Plans Process
Descriptions Minutes Records Events (Incident,
Problems, Change Records) Proposals Quotations
Data Files What, Where, Most Important
Environment Accommodation Light, Heat, Power
Utility Services (Electricity, Gas, Water, Oil)
Office Equipment Furniture Plant Machinery
People Users, Customers, Who, Where, What Skills,
Characteristics, Experience, Roles
Services Desktop Support, E-mail, Service Desk,
Payroll, Finance, Production Support
Hardware Computers, Computer components, Network
components cables (LAN, WAN), Telephones,
Switches
Software Network Mgmt Systems In-house
applications O/S Utilities (scheduling, B/R)
Packages Office systems Web Management
29
CI Relationships and Attributes
Configueration Management
Activities
30
Change Management
Change Management
Goals

Process of controlling changes to the
infrastructure or any other aspect of services,
in a controlled manner, enabling approved changes
with minimum disruption.

• Change Management ensures that standardized
  methods and procedures are used for the efficient
  and prompt handling of all Changes, in order to
  minimize the adverse impact of any Change-related
  incidents upon service quality.
• Changes can arise as a result of Problems, Known
  Errors and their resolution, but many Changes can
  come from proactively seeking business benefits
  such as reducing costs or improving services

31
Change Management
Change Management
Definitions

• Change a deliberate action that alters the
  form, fit or function of Configuration Item (CI)
  such as an addition, modification, movement, or
  deletion that impacts the IT infrastructure
• Request for Change (RFC) a means of proposing a
  change to any component of an IT infrastructure
  or any aspect of an IT service
• Forward Schedule of Change (FSC) a schedule
  that contains details of all the changes approved
  for implementation and their proposed
  implementation date

32
Change Management
Change Management
Definitions

• Standard Change a Change that is recurrent, has
  been proceduralized to follow a pre-defined,
  relatively risk free path and where Change
  Management and budgetary authority is effectively
  give in advance
• Service Request a request, usually made through
  a Service Desk, for a Standard Change
• Example providing access to services for a new
  member of staff or relocating a few PCs

33
Release Management
Release Management
Goals
Release Management takes a holistic view of a
Change to an IT service and should ensure that
all aspects of a Release, both technical and
non-technical, are considered together

• Good resource planning and management are
  essential to package and distribute a Release
  successfully.
• The focus of Release Management is the protection
  of the live environment and its services through
  the use of formal procedures and checks.

34
Service Support Process Model
ServiceDesk
Enquiries,Communications, Workarounds, Updates
ManagementTools IT Infrastructure
Users / Customers
Incidents
Incident Management
Changes
Problem Management
Releases
Change Management
Services Reports, Incidents, Statistics, Audit
Reports
Release Management
Problem Statistics, Trend Analysis, Problem
Reports, Problem Reviews, Diagnostic Aids, Audit
Reports
Configuration Management
Change Schedule, CAB Minutes, Change
Statistics, Change Reviews, Audit Reports
Release Schedule, Release Statistics, Release
Reviews, Source Library, Testing Standards, Audit
Reports
CMDB Reports, CMDB Statistics, Policy/Standards, A
udit Reports
Configuration Management Database
Problems,Known Errors
Incidents
Changes
Releases
CI Relationships
35
(No Transcript)
36

• Service Support
• The Service Desk
• Incident Management
• Problem Management
• Configuration Management
• Release Management
• Change Management
• Service Delivery
• Service Level Management
• Availability Management
• IT Service Continuity Management
• Capacity Management
• Financial Management for IT Services

37
Service Level Management
Service Level Management
Goals
To maintain and gradually improve business
aligned IT service quality, through a constant
cycle of defining, agreeing, monitoring,
reporting and IT service achievements and through
instigating actions to eradicate unacceptable
levels of service

• Service Level Management manages and improves the
  agreed level of service between two parties
• The provider who may be an internal service
  department or the external organisation that
  provides an outsourced service
• The receiver of the servers i.e. the customer who
  pays the bill.

38
Availability Management
Availabtily Management
Goals
To optimise the capability of the IT
infrastructure and supporting organisations to
deliver a cost effective and sustained level of
availability that enables the business to satisfy
its objectives
39
IT Service Continuity Management
IT Service Coninuity Management
Goals
To support the overall Business Continuity
Management process by ensuring that the required
IT technical services and facilities can be
recovered within required and agreed business
time-scales
Note. IT Service Continuity Management used to be
known as Disaster Recovery in the old ITIL books
40
Capacity Management
Capacity Management
Goals
To understand the future business requirements
(the required service delivery), the
organization's operations (the current delivery),
and ensure that all current and future capacity
and aspects of the business requirements are
provided cost effectively
41
Financial Management
Financial Management For IT Services
Goals
To provide cost-effective stewardship of the IT
assets and financial resources used in Services
Note. Financial Management of IT Services used to
be known as Cost Recovery in the old ITIL books
42
Participants in IT Service Management
Sr. IT Mgt
Sr. Mgt
Strategic
Customers
Service Level Management
Tactical
Users
Service Desk
Operational
IT
The Business
43
DISPATCH AMBULANCE
Emergency Room
TESTS and ANALYSIS
Root Cause
Service Level Mgmt
Problem Management
DIAL 911
Specialist Consult
DIAGNOSIS
Financial Mgmt
Problem Control
Error Control
Incident Management
Heart Attack!!!
Request for Operation/Procedure
Capacity Management
Availability Management
Service Continuity Management
Change Management
Release Management
Configuration Management
44
ITIL is more than a library of books

• Training
• Fundamentals
• Practitioner
• Service Manager

Qualifications Certification at each level
Information Technology Infrastructure Library
Consultancy Provision of IT consulting services
to clients based on a de facto standard
Tools ITIL compliance is driving tools
manufacturers
itSMF User groups providing seminars,
conferences, and workshops
45
Consistent and predictable results, process
improvement and cost saving top the list of
benefits from implementing defined IT Process
methods

Source Forrester Research Stabilizing IT
with Process Methodologies May, 2005
46
CobiT

• What Is It?
• How Does It Relate To ITIL?

47
COBIT and ITILProcess Perspective
Strategic
COBIT
Process Control
XY
XY
XY
XY
XY
ITIL





Process Execution
Work Instruction

• Work instruction
• 2
• 3
• 4,5,6.

• Work instruction
• 2
• 3
• 4,5,6.

• Work instruction
• 2
• 3
• 4,5,6.

• Work instruction
• 2
• 3
• 4,5,6.

• Work instruction
• 2
• 3
• 4,5,6.

48
CobiT
COBIT Control
WHAT
ITIL Activities
HOW
49
Gartner Advisory on COBIT and ITIL
COBIT Control
WHAT
ITIL Activities
HOW
50
Acquire and Implement (AI Process Domain)
Plan and Organise (PO Process Domain)
Deliver and Support (DS Process Domain)
Monitor and Evaluate (M Process Domain)
51
Planning Organization Acquire and
Implement
Plan and Organise
Define Strategic IT Plan
Determine Technological Direction
Define Information Architecture
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Develop and Maintain IT Procedures
Install and Accredit Systems
Manage Change
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL
Service Delivery
Service Support
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Level Management
Availability Management
Capacity Management
Service Desk
Incident Management
Problem Management
Manage Projects
Manage Quality
Financial Management
Continuity Management
Change Management
Release Management
Configuration Management
Deliver and Support
Monitor and Evaluate
Assess Internal Control Adequacy
Monitor the Process
Manage Performance and Capacity
Ensure Continuous Service
Ensure System Security
Identify and Allocate Costs
Manage Third-party Services
Define and Manage Service Levels
Manage Operations
Obtain Independent Assurance
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
Provide Independent Audit
52
Planning Organization Acquire and
Implement
Plan and Organise
Define Strategic IT Plan
Determine Technological Direction
Define Information Architecture
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Develop and Maintain IT Procedures
Install and Accredit Systems
Manage Change
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL
Service Delivery
Service Support
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Level Management
Availability Management
Capacity Management
Service Desk
Incident Management
Problem Management
Manage Projects
Manage Quality
Financial Management
Continuity Management
Change Management
Release Management
Configuration Management
Deliver and Support
Monitor and Evaluate
Assess Internal Control Adequacy
Monitor the Process
Manage Performance and Capacity
Ensure Continuous Service
Ensure System Security
Identify and Allocate Costs
Manage Third-party Services
Define and Manage Service Levels
Manage Operations
Obtain Independent Assurance
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
Provide Independent Audit
53
Planning Organization Acquire and
Implement
Plan and Organise
Define Strategic IT Plan
Determine Technological Direction
Define Information Architecture
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Develop and Maintain IT Procedures
Install and Accredit Systems
Manage Change
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL
Service Delivery
Service Support
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Level Management
Availability Management
Capacity Management
Service Desk
Incident Management
Problem Management
Manage Projects
Manage Quality
Financial Management
Continuity Management
Change Management
Release Management
Configuration Management
Deliver and Support
Monitor and Evaluate
Assess Internal Control Adequacy
Monitor the Process
Manage Performance and Capacity
Ensure Continuous Service
Ensure System Security
Identify and Allocate Costs
Manage Third-party Services
Define and Manage Service Levels
Manage Operations
Obtain Independent Assurance
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
Provide Independent Audit
54
Planning Organization Acquire and
Implement
Plan and Organise
Define Strategic IT Plan
Determine Technological Direction
Define Information Architecture
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Develop and Maintain IT Procedures
Install and Accredit Systems
Manage Change
Define IT Organisation and Relationships
Manage IT Investment
Communicate Aims and Direction
ITIL
Service Delivery
Service Support
Manage Human Resource
Ensure Compliance with External Standards
Assess Risks
Service Level Management
Availability Management
Capacity Management
Service Desk
Incident Management
Problem Management
Manage Projects
Manage Quality
Financial Management
Continuity Management
Change Management
Release Management
Configuration Management
Deliver and Support
Monitor and Evaluate
Assess Internal Control Adequacy
Monitor the Process
Manage Performance and Capacity
Ensure Continuous Service
Ensure System Security
Identify and Allocate Costs
Manage Third-party Services
Define and Manage Service Levels
Manage Operations
Obtain Independent Assurance
Educate and Train Users
Assist and Advise IT Customers
Manage Configuration
Manage Problems and Incidents
Manage Data
Manage Facilities
Provide Independent Audit
55
(No Transcript)
56
(No Transcript)
57
ISO 20000

• What Is It?
• How Does It Relate To ITIL?

58
ISO 20000 Basic Concepts

• Quality standard for IT Service Management
• Formal specification defined requirements for an
  organization to deliver managed services to
  acceptable quality to customers
• BS 15000 fast-tracked to become IS0 20000
• ITIL forms the basis of the standard
• Standard a list of criteria that needs to be
  met
• The standard versus the framework
• Standard audit certify against. Makes ITIL
  alive
• Framework best practice that the standard is
  based on

59
ISO 20000
SERVICE DELIVERY
Capacity Management
Information Security Management
Service Level Management
The Business Perspective
Service Reporting
Availability and Service Continuity
Budgeting and Accounting for IT Services
ICT Infrastructure Management
CONTROL
Configuration Management
RELEASE
RELATIONSHIP
Change Management
Business Relationship Management
RESOLUTION
Release Management
Incident Management
Supplier Relationship Management
Problem Management
Source itSMF International
60
Example Change Management

• Specifications Objective Requirements
• Objective
• To ensure all changes are assessed, approved,
  implemented and reviewed in a controlled manner
• Requirement examples
• All requests for change shall be recorded and
  classified, e.g. urgent, emergency, major, minor
• Requests for changes shall be assessed for their
  risk, impact and business benefit
• All changes shall be reviewed for success and
  any actions taken after implementation

61
Example Change Management

• Code of Practice Objective Detailed Best
  Practices
• Objective (Sub-process 8.2.2) Closing and
  reviewing the change request
• Detailed Best Practice
• All changes should be reviewed for success or
  failure after implementation and any improvements
  recorded
• A post-implementation review should be undertaken
  for major changes to check that
• a) the change met its objectives
• b) the customers are happy with the results
• c) there have been no unexpected side effects
• Any nonconformity should be recorded and actioned
• Any weaknesses or deficiencies identified in a
  review of the change control process should be
  fed in to service improvement plans

62
ITIL Future from this.
to this ITIL V.3
Service Strategy
Service Design
Service Transition
Service Operation
Continuous Service Improvmt
LIFECYCLE PERSPECTIVE
The Business
The Technology
Pocket Guides
Case Studies
ITIL Practice Working Templates
Governance Methods
Certification-based Study Aids
Executive Introduction to IT Service Management
63
Various non-proprietary frameworks and methods
exist to help IT organizations become more
process centric and improve the quality of the
services delivered
ITIL
CobiT
CMM
Six Sigma
ISO 2000
The IT Infrastructure Library is a customizable
framework of best practises that promote quality
IT service, build on a process-model view of
controlling and managing operations. ITIL was
originally developed by the UK government and has
since matured into an internationally recognized
standard.
Control OBjectives for Information and related
Technologyis a framework for information
security and provides generally accepted IT
control objectives to assist in developing
appropriate IT governance and control
The Capability Maturity Model is a method of
evaluating and measuring the maturity of the
software development process. Recent revisions
(CMMI) provide guidance for improving
organization process and manage the development,
acquisition and maintenance of products and
service
A data driven quality management program to
control variations and thereby achieve high
levels of quality.
A standard concerned primarily with the quality
of IT Service Management. It provides the basis
to fulfill customer requirements, regulatory
requirements, enhance customer satisfaction, and
pursue continual improvement
What is it?
Focus
IT Operations IT Service Management
Development
Governance and Control
Process Improvement
Processes Consistency
IT Specific
Yes
Yes
Yes
No
Yes
How it fits
Define and implement processes
Determine extent of process maturity
Provide process controls
Improve processes
Certify processes are being followed
64
Frameworks and Methodologies
ISO20000
CobiT
SIX SIGMA
CMMi
ITIL
Business Process Models
Governance
65
In summary

• ITIL is
• The international de-facto Best Practice for IT
  Service Management
• Process Approach to improving Quality,
  Efficiency and Effectiveness
• Service focused IT management, viewed from the
  perspective of IT customers and users
• Evolving, vendor-neutral, non-proprietary
  framework
• CobiT complementary, Certifiable through
  ISO20000
• DEFINED COMMON SENSE