Demystifying ITIL

1
Demystifying ITIL

• Greg Charles, Ph.D.
• Area Principal Consultant, CA
• June 2006
• Pacific Northwest Digital Government Summit

2
Todays Objective

• To provide a basic understanding (theory and
  concepts) of ITILs Service Management Framework
  (Service Support and Service Delivery components)

3
Ever-Increasing Complexity
4
Approaches Currently In Use

• Business As Usual - Firefighting
• Legislation - Forced
• Best Practice Focused

5
The Legislation Minefield

• Privacy Security
• Personal Information Protection Electronic
  Document Act (PIPEDA)
• US Patriot Act \ Homeland Security (Critical
  Infrastructure)
• Personal Health Information Protection Act
  (PHIPA)
• Health Insurance Portability and Accountability
  Act (HIPAA)
• SEC Rules 17a-3 17a-4 re Securities
  Transaction Retention
• Gramm-Leach Bliley Act (GLBA) privacy of
  financial information
• Childrens Online Privacy Protection Act
• Clinger-Cohen Act (US Gov.)
• Federal Information Security Mgmt. Act (FISMA)
• Freedom of Information Protection of Privacy
  (FOIPOP) BC Gov
• FDA Regulated IT Systems
• Freedom Of Information Act
• Americans with Disabilities Act, Sec. 508
  (website accessibility)

• Finance
• Sarbanes Oxley (US)
• FFIEC US Banking Standards
• Basel II (World Bank)
• Turnbull Report (UK)
• Canadian Bill 198 (MI 52-109 52-111)
• Washington State Laws relating to IT
• Policy 403-R1, 400-P1, 401-S1, 402-G1 Executive
  Order 00-03 RCW 9A.52.110,120,130 RCW
  9A.48.070, 080, 090 RCW 9A.105.041 and many more
• Other International IT Models
• Corporate Governance for ICT DR 04198 (Australia)
• Intragob Quality Effort (Mexico)
• Medical Information System Development (Medis-DC)
  (Japan)
• Authority for IT in the Public Administration
  (AIPA) (Italy)
• Principles of accurate data processing supported
  accounting systems (GDPdu GoBS) (Germany)
• European Privacy Directive (Safe Harbor
  Framework)

6
Best Practices

• Process Frameworks
• IT Infrastructure Library
• Application Service Library
• Gartner CSD
• IBM Processes
• EDS Digital Workflow
• Microsoft MOF
• Telecom Ops Map
• etc..

• Quality Control Models
• ISO 900x
• COBIT
• TQM
• EFQM
• Six Sigma
• COSO
• Deming
• etc..

• What is not defined cannot be controlled
• What is not controlled cannot be measured
• What is not measured cannot be improved
• Define -- Improve
• Measure -- Control And Stabilize

7
What Is ITIL?

• ITIL is a seven book series that guides business
  users through the planning, delivery and
  management of quality IT services

Information Technology Infrastructure Library
8
The ITIL Books
T h e Technology
Planning To Implement Service Management
T h e B u s i n e s s
Service Management
Service Support
The Business Perspective
ICTInfrastructureManagement
Service Delivery
Security Management
Application Management
9
ITIL Simplified
Business, Customers Users
ServiceDesk
Service LevelManagement
IncidentManagement
AvailabilityManagement
ProblemManagement
CapacityManagement
ChangeManagement
FinancialManagement
ReleaseManagement
ServiceContinuity
ConfigurationManagement
10
ITIL Service Support Model
The Business, Customers or Users
Monitoring Tools
Difficulties Queries Enquiries
Communications Updates Work-arounds
Incidents
Customer Survey reports
Service Desk
Incidents
Changes
Incident Management
Customer Survey reports
Problem Management
Releases
Service reports Incident statistics Audit reports
Change Management
Problem statistics Problem reports Problem
reviews Diagnostic aids Audit reports
Release Management
Change schedule CAB minutes Change
statistics Change reviews Audit reports
Release schedule Release statistics Release
reviews Secure library Testing standards Audit
reports
Configuration Management
CMDB reports CMDB statistics Policy
standards Audit reports
Problems Known Errors
Cls Relationships
Incidents
Changes
Releases
CMDB
11
Service Desk

• To provide a strategic central point of contact
  for customers and an operational single point of
  contact for managing incidents to resolution
• In addition, the Service Desk handles Service
  Requests

12
Incident Management

• To restore normal service operation as quickly as
  possible and minimize the adverse impact on
  business operations

13
Problem Management

• To minimize the adverse impact of incidents and
  problems on the business that are caused by
  errors in the IT Infrastructure and to prevent
  recurrence of incidents related to these errors

14
Change Management

• To ensure that standardized methods and
  procedures are used for efficient and prompt
  handling of all changes to minimize the impact of
  change-related incidents and improve day-to-day
  operations

15
Release Management

• Release Management takes a holistic view of a
  change to an IT service and should ensure that
  all aspects of a Release, both technical and
  non-technical, are considered together

16
Configuration Management

• To identify, record and report on all IT
  components that are under the control and scope
  of Configuration Management

17
ITIL Service Support
18
ITIL Service Delivery Model
Business, Customers and Users
Communications Updates Reports
Queries Enquiries
Availability Management
Service Level Management
Availability plan AMDB Design criteria Targets/Thr
esholds Reports Audit reports
Capacity Management
SLAs, SLRs OLAs Service reports Service
catalogue SIP Exception reports Audit reports
Requirements Targets Achievements
Capacity plan CDV Targets/thresholds Capacity
reports Schedules Audit reports
Financial Management For IT Services
Financial plan Types and models Costs and
charges Reports Budgets and forecasts Audit
reports
IT Service Continuity Management
IT continuity plans BIS and risk
analysis Requirements defn Control centers DR
contracts Reports Audit reports
Alerts and Exceptions Changes
Management Tools
19
Service Level Management

• To maintain and improve IT service quality
  through a constant cycle of agreeing, monitoring
  and reporting to meet the customers business
  objectives

20
Availability Management

• To optimize the capability of the IT
  infrastructure, services and supporting
  organization to deliver a cost effective and
  sustained level of availability enabling the
  business to meet their objectives

21
Capacity Management

• To ensure that all the current and future
  capacity and performance aspects of the business
  requirements are provided cost effectively

22
Financial Management

• To provide cost-effective stewardship of the IT
  assets and resources used in providing IT
  services

23
IT Service Continuity Management

• To ensure that the required IT technical and
  services facilities can be recovered within
  required, and agreed timescales
• IT Service Continuity Planning is a systematic
  approach to create a plan and/or procedures to
  prevent, cope with and recover from the loss of
  critical services for extended periods

24
Service Delivery
25
What Is ITIL All About?

• Aligning IT services with business requirements
• A set of best practices, not a methodology
• Providing guidance, not a step-by-step, how-to
  manual the implementation of ITIL processes will
  vary from organization to organization
• Providing optimal service provision at a
  justifiable cost
• A non-proprietary, vendor-neutral,
  technology-agnostic set of best practices.

26
IT Governance Model
Audit Models
Quality Systems Mgmt. Frameworks
IT OPERATIONS
27
CobIT (Control Objectives for IT)

• CobIT is an open standard control framework for
  IT Governance with a focus on IT Standards and
  Audit
• Based on over 40 International standards and is
  supported by a network of 150 IT Governance
  Chapters operating in over 100 countries
• CobIT describes standards, controls and maturity
  guidelines for four domains, and 34 control
  processes

28
The CobiT Cube
(Business Requirements)
4 Domains 34 Processes 318 Control Objectives

29
CobiT Domains
Acquire Implement (AI Process Domain)
Plan Organize (PO Process Domain)
Monitor (M Process Domain)
Deliver Support (DS Process Domain)
30
Planning Organization Acquire
Implement
Plan Organize
Acquire Maintain Application Software
Deliver Support
Monitor
31
COSO Components

• Control Activities
• Policies that ensure management directives are
  carried out
• Approval and authorizations, verifications,
  evaluations, safeguarding assets security and
  segregation of duties

• Monitoring
• Assess control system performance over time
• Ongoing and separate evaluations
• Management and supervisory activities

• Information and Communication
• Relevant information identified, captured and
  communicated timely
• Access to internal and externally generated
  information
• Information flow allows for management action

• Risk Assessment
• Identify and analyze relevant risks to achieving
  the entitys objectives

• Control Environment
• Sets tone at the top
• Foundation for all other components of control
• Integrity, ethical values, competence, authority,
  responsibility

32
COSO, CobiT SOX Components
33
Putting COSO, CobiT, and ITIL together

• COSO defines the high level policies of a well
  governed organization
• CobiT defines the control structures for
  evaluating the IT organization conforms to COSO
  policies.
• ITIL defines the best practices that will satisfy
  the CobiT controls.

34
How to Make ITIL a Reality?
Key Success Factors
Theory ITIL/CobIT/COSO
Process

• Guidelines for Best Practices
• Provides the theory but not the process
• Education is an important component

• Convert theory to process that is applicable to
  the unique needs of the organization
• Training Education
• Tool configuration

Technology CA and others

• Provide the technology that enables and automates
  the process
• Repeatability, compliance and notifications
• Implement processes impossible without technology

35
Making IT Easier
Customer maturity isolates appropriate transition
point, blueprint ROI
36
Next Steps - Focus on Customer Needs
EITM
Complete Integrated Open

• People
• Process
• Technology
• Partners

Proven Best Practices High Quality
Comprehensive
Business Flows
Solutions
Enabling Evolutionary Efficient
37
Typical Survey Section features
38
Comparison Charts
3 Sets of Scores
39
Tools to Aid Success
Maturity Model
Solution Sheets
Transitional Maturity
ROI Tool
Process Model
SAO/SAS
Profilers
Blueprints
40
Meeting Customer Needs Best Practices
Best Practices Six Sigma, etc.
Best Practices Industry and CA best practices
are applied to all of our solutions to maximize
standardization and quality
41
Questions?
Thank You