its service improvement 2 highlightshighlights there are benefits to be derived from improved...
TRANSCRIPT
ITS Service ImprovementITS Service Improvement
Len HendershottHendershott Consulting Inc
Len HendershottHendershott Consulting Inc
2
HighlightsHighlights
There are benefits to be derived from improved service management practices
Discuss concepts – frameworks, best practices, processes, etc
Explain the KEY elements contained in ITIL, CobIT and CMM
Envisioning an ITIL defined future How to achieve that future Not training into each ITIL discipline: for
each process area visit http://www.hci-itil.com
3
Information Technology Service ManagementInformation Technology Service Management
ITSM is the concept that IT should be all about servicing the customer … that means IT managers are being told that they need to change the way they think about their jobs, the way they think about their systems and the way they spend their work day.
ITSM is the concept that IT should be all about servicing the customer … that means IT managers are being told that they need to change the way they think about their jobs, the way they think about their systems and the way they spend their work day.
While the management of technologies and application components has been the traditional mainstay of IT, most IT organizations are waking up to the fact that past and even current poor service delivery has less to do with the technologies they are or are not using, than it does withpoorly designed or "missing" critical IT processes.
4
Why NowWhy Now
The systems that IT provides to the enterprise are now used by customers and suppliers, not just employees, raising the bar for IT’s management and governance processes.
Enterprise applications are now central to virtually every business initiative, leading to an unprecedented need for alignment between IT and line of business executives.
Cost reduction opportunities are now numerous and compelling within IT. Outsourcing and consolidation are the highest profile of these.
The return on IT must now be demonstrated, as expected of any mature and critical business function.
Today’s expensive and mandatory requirements for compliance and transparency fall disproportionately on IT.
IT Management and Governance systems have entered the mainstream, joining ERP, CRM, HR and e-mail as part of the standard enterprise applications landscape.This development is primarily due to the convergence of five changes in the IT universe.
David Hurwitz, Clarity, Why Now, IT management and Governance 102
5
Drivers for Improved Service ManagementDrivers for Improved Service Management
IT increasingly being asked to justify itself in business terms
Control over Total Cost of Ownership Identified accountability for IT strategic decisions Improved integration of IT planning within context of
overall business planning Customer demands for more responsive IT services Viability of out-sourcing options Marketing of approaches such as ITIL, CobIT & CMM Increasing number of integrated tool vendors Introduction of commonly used terminology Improved ability to periodically assess IT value to
organization
Typical Current PracticesTypical Current Practices
Do you recognize any of these findings ?Do you recognize any of these findings ?
7
Service Desk ResponseService Desk Response
8
Standard Equipment PolicyStandard Equipment Policy
9
Availability ManagementAvailability Management
10
Customer ServiceCustomer Service
11
Performance measured by complaints
Poor understanding of Customer concerns
Poor Customer understanding of IT issues
Performance measured by complaints
Poor understanding of Customer concerns
Poor Customer understanding of IT issues
How well are you doing ?How well are you doing ?
IT managers say they know when their users are really happy by the number of phone calls they receive. No calls means a satisfied customer since they don’t call to complain about poor service.
Often, this has become the de-facto measure of customer service. In reality, it is typical that an IT manager understands little about their customers except for the ones who are willing to pick up the phone.
From the customer viewpoint, their expectations of what service really is and how quickly the data center could respond, of what levels of service were reasonable are rarely based on the business realities of managing a technology infrastructure
12
Common Findings (HP)Common Findings (HP)
…unscheduled changes lead to false starts, multiple reworks, duplicate efforts, periodic work stoppages
inconsistent service delivery
…unscheduled changes lead to false starts, multiple reworks, duplicate efforts, periodic work stoppages
inconsistent service delivery
…unscheduled (and therefore uncontrolled) changes occurred to the production environment due to an unclear and undocumented IT process being performed (e.g., Change Management). This can lead to false starts, multiple reworks, duplicate efforts, periodic work stoppages, and often means lengthy time-to-repair intervals, and increased customer anxiety and frustration.
…the manner in which a particular IT process is triggered is vague (e.g., software distribution, etc.), thus leading to possible inconsistent service delivery, meaning the customer never gets the same quality of service twice. This can seriously impact customer satisfaction, prevent repeat business and is a sure sign that IT cannot make a commitment to strict service levels.
13
Common Findings (HP)Common Findings (HP)
uncoordinated or undefined processes
unclear roles and responsibilities & unmeasured performance
poor communications.
uncoordinated or undefined processes
unclear roles and responsibilities & unmeasured performance
poor communications.
the linkages between IT processes (e.g., Build & Test and Release to Production) are undefined, or worse, non-existent, thereby causing further delays to already tight production schedules, missed customer commitments, and loss of revenue.
the staff whose job it is to perform a process (e.g., Helpdesk or Problem Management) have unclear roles and responsibilities and are not measured on performing the process, thus leading to accountability failures when things go wrong, and complicated finger-pointing when trying to fix a broken service
Is your Support Center the last to know about product and service changes? Do your customers call into the Support Center with questions on applications and systems your staff has never heard of? Are changes frequently implemented into your production environment without any prior risk analysis or critical path analysis be conducted? If the answer to any of these questions is "yes", then your Support Center has a problem! However, it’s a problem shared by many organizations.
Organizing IT ServicesOrganizing IT Services
Frameworks
15
What is a FrameworkWhat is a Framework
"The purpose of the framework is to provide a basic structure which supports the organization, access, integration, interpretation, development, management, and changing of a set of architectural representations of the organizations information systems. Such objects or descriptions of architectural representations are usually referred to as Artifacts.
The framework, then, can contain global plans as well as technical details, lists and charts as well as natural language statements. Any appropriate approach, standard, role, method, technique, or tool may be placed in it. In fact, the framework can be viewed as a tool to organize any form of meta-data for the enterprise.”
Zachman Framework, INFORMATION SYSTEMS ARCHITECTURE - ISA
16
ITIL FrameworkITIL Framework
A taxonomy to highlight the ITIL booklets
17
Models – Cirba CorporationModels – Cirba Corporation
Groupings based on ITIL with some directional relationships
18
Models – Art of ServiceModels – Art of Service
http://www.itsmdirect.com/default.asp
More complexity & adding some key outputs
19
Microsoft Operations FrameworkMicrosoft Operations Framework
Groupings according to a model
20
Models - HPModels - HP
Groupings according to a model with prioritization
21
Models – HP – detailed descriptionModels – HP – detailed description
Much greater complexity with many products
22
CobIT Governance FrameworkCobIT Governance Framework
23
The field is still in fluxThe field is still in flux
The fact that specific frameworks like ITIL, MOP, PRINCE2, ASL, BSD/SSADM, RUP, DSDM, ISPL, IS-7799, COBIT and Catalyst POLDAT, were developed separately and in parallel by different groups with different outlooks, means that they were not designed to align with one another and so they don’t!
The reality is that the IT domains and frameworks are incompatible:
1. They overlap 2. There are gaps 3. They are inconsistent 4. They have no common unifying framework 5. They do not unify IT, nor unify IT with the Business
Mapping IT Governance onto a Unified Framework,
John Gilbert, Southcourt, UK, http://www.bitacenter.com
24
Unified Process FrameworkUnified Process Framework
Mapping IT Governance onto a Unified Framework,
John Gilbert, Southcourt, UK, http://www.bitacenter.com
The UPF is a process unifying framework that aligns not only the domains within IT
together but also aligns IT with the business.
25
Organizational Focus – another framework consideration
Organizational Focus – another framework consideration
Business (Strategic)
responsible for ensuring that the future business requirements for IT Services are considered, planned and implemented in a timely fashion. These future requirements come from business plans outlining new services, improvements and growth in existing services, development plans etc.
Service (Tactical)
management of the performance of the live, operational IT Services used by the Customers. It is responsible for ensuring that the performance of all services, as detailed in the targets in the SLAs and SLRs, is monitored and measured, and that the collected data is recorded, analyzed and reported.
Resource (Operational)
the management of the individual components of the IT Infrastructure. It is responsible for ensuring that all components within the IT Infrastructure that have finite resource are monitored and measured, and that the collected data is recorded, analyzed and reported
26
Integrating this element into a frameworkIntegrating this element into a framework
27
Value of FrameworksValue of Frameworks
CIOs and the IT managers that report to them have all been in need of a clear picture that depicts the IT processes required to deliver quality IT services in support of their emerging e-services. Without a clear picture, IT organizations will continue to struggle as they try to understand and determine:
The current state of IT with regard to process (the “AS-IS") The desired future state of IT (the “To-BE") The gaps between the current and future states of IT The steps needed to bridge those gaps
Therefore, the need for a concise picture - one that reflects an enterprise service management capability - is very real for most IT organizations and critical to their success.
The HP IT Service Management Reference Model, White
Paper, Version 2, January 2000
28
CaveatsCaveats
There will be no “precise” or “definitive” framework for some time.
Though the need is real, the progress towards better IT service management remains a “work in progress”
There are “proprietary” solutions which can be secured at high costs, but all require “fitting” to an organizational setting
There are generally recognized “best practices” which, through the OGC and itSMF are within the public domain
The HP IT Service Management Reference Model, White
Paper, Version 2, January 2000
ITILITIL
Information Technology Infrastructure Library
30
What is ITIL ?What is ITIL ?
INFRASTRUCTUREA logical means of dividing the overall IT environment into components of related functionality.
LIBRARYA depository built to contain books and other materials for reading and study
SO ITIL is..A method of organizing the Information Technology departments of organizations. ITIL defines the (work) processes involved and the interfaces between them.
Hyperdictionary
31
Pink Elephant DefinitionPink Elephant Definition
process A series of definable, repeatable, and measurable tasks leading to a useful result for an internal or external customer
optimal The point at which returns on investment do not justify further costs
customer groups or individuals who have a business relationship with the organization; those who receive and use or are directly affected by the products and services of the organization.
Justifiable Taking into consideration the strategic and operational considerations of the organization
ITIL is all about which processes need to be realized within the organization for
management and operation of the IT infrastructure to promote optimal service
provision to the customer of the services at justifiable costs.
ITIL is all about which processes need to be realized within the organization for
management and operation of the IT infrastructure to promote optimal service
provision to the customer of the services at justifiable costs.
32
ITIL ….ITIL ….
provides a framework in which to place existing methods and
activities in a structured context.
provides a framework in which to place existing methods and
activities in a structured context.
Structure: how an interface is organized and optimized for ease of use and understanding
33
Change ManagementSecurity Management
Availability Management
Performance Management
Problem ManagementBackup & Recovery
Application & System DesignCapacity Planning
Configuration/Asset Management
Service Level Management
The Structure ? The Structure ?
1. Setting Objectives
2. Planning
3. Execution
4. Measurement
5. Control
Phases of Management
High Availability, Piedad, Hawkins, p.39
34
ITIL ….ITIL ….
provides a framework in which to place existing methods and activities
in a structured context.
provides a framework in which to place existing methods and activities
in a structured context.
Dep
t A
Dep
t A
Dep
t B
Dep
t B
Dep
t C
Dep
t C
Dep
t D
Dep
t D
Dep
t E
Dep
t E
Dep
t F
Dep
t F
Department Silos
Process 1
Process 2
Process 3
Process 4 LO
B A
LOB Process 1
LOB Process 2
LOB Process 3
Get complicated when participants are not all subject to
same processes
35
ITIL ….ITIL ….
provides a framework in which to place existing methods and activities
in a structured context.
provides a framework in which to place existing methods and activities
in a structured context.
Since processes and their activities run through an organization, they should be mapped and coordinated by process managers
In a product-oriented organization, the flow of [functional] activities and processes is not generally recognized at all; the focus is on the product, and management and control is often lacking. The evidence is in the lack of any useful metrics related to the production process, because the process activities are not clear or even not identified.
36
provides a framework in which to place existing methods and activities
in a structured context.
provides a framework in which to place existing methods and activities
in a structured context.
ITIL ….ITIL ….
By emphasizing the relationships
between the processes, the lack of
communication and co-operation
between various IT functions can be
eliminated or minimized.
Process 1
Process 2
Process 3
Process 4
Communication, cooperation
Communication, cooperation
Communication, cooperation
37
ITIL Defines ---- Best PracticesITIL Defines ---- Best Practices
What are Best Practices ?techniques or methodologies that, through experience and research, have proven to reliably lead to desired results.
A commitment to using the best practices in any field is a commitment to using all the knowledge and technology at one's disposal to ensure success.
Who’s Best Practices ?the organization who wrote the books
– U.K. Office of Government Commerce
ITIL provides a cohesive set of best practice, drawn from the public and private sectors internationally. It is supported by a comprehensive qualification scheme, accredited training organizations, and implementation and assessment tools. The best-practice processes promoted in ITIL both support and are supported by the British Standards
Institution’s Standard for IT Service Management (BS15000).
38
Implementing Best Practices may be problematic...Implementing Best Practices may be problematic...
the organization has not made the mistake - thus, not clearly understanding the reasoning behind the adopted practice.
the organization may not have adapted its' internal support processes sufficiently to implement the processes - ie., not sufficiently mature in CMM terms.
the implementation of one ITIL process will have dependencies with other ITIL processes - these interrelationships can be complex and differ with the characteristics of the organization implementing ITIL
different ITIL disciplines have base implementation scenarios targeted for different levels of organizational maturity - they reflect the "best" amongst a discrete number (and not an unbiased sample) of organizations reviewed and not the theoretical best (ie. too few organization's at higher maturity levels).
Note: Sorry new slide – not in set distributed
39
A MethodologyA Methodology
Myths of Methodology, Dan Drislane, Beggs-Heidt, August 2002
A methodology is not a best practice in and of itself. It is the collected sum of best practices that, when carefully orchestrated, create synergistic, tangible value to an organization.
Methodology is also a business process that an organization executes. The process is a collection of best practices (call them methods or tasks if you wish) that are organized to
produce value at one or more points along the process path, or if you’ve been reading the latest management texts, the value chain."
ITIL Key ConceptsITIL Key Concepts
What I think is truly different from how you may currently be operating
What I think is truly different from how you may currently be operating
41
The Journey – describing the environmentThe Journey – describing the environment
Infin
ite r
each
, ra
nge
& m
an
euvra
bili
ty
Infrastructure & services
BusinessGoals
IT PlanningGeneralized
OrganizationalGoal
Reach, Range, Maneuverability ArchitectureThe IM&M architecture of the business which permits anyone, anywhere, at any time to access (reach) any sharable information object (range) or service.
Bernard Boar, the Art of Strategic Planning for Information Technology, 1993
42
AssumptionsAssumptions
If perfectly defined infrastructure faults should ONLY occur due to:• Changes to definition• Normal wear and tear
43
The JourneyThe Journey
Infin
ite r
each
, ra
nge
& m
an
euvra
bili
ty
Infrastructure & services
BusinessGoals
IT Planning
Metadata on infrastructureCMDB
44
AssumptionsAssumptions
If perfectly defined infrastructure faults should ONLY occur due to:• Changes to definition• Normal wear and tear
The infrastructure CAN BE highly defined at acceptable costs using appropriate tools
45
The JourneyThe Journey
Infin
ite r
each
, ra
nge
& m
an
euvra
bili
ty
Infrastructure & services
BusinessGoals
IT Planning
Tool & approach improvements
Environmental Scanning
46
AssumptionsAssumptions
If perfectly defined infrastructure faults should ONLY occur due to:• Changes to definition• Normal wear and tear
The infrastructure CAN BE highly defined at acceptable costs using appropriate tools
There will be better tools offered in the future to achieve higher (or the same) availability and capacity at lower costs
47
The JourneyThe Journey
Infin
ite r
each
, ra
nge
& m
an
euvra
bili
ty
Infrastructure & services
BusinessGoals
IT Planning
Tool & approach improvements
Environmental Scanning
Releases
Infrastructure is NOT perfectly definedAnd there is wear and tear
Incidents,Problems,Changes
48
ITIL Key Concepts – Business AlignmentITIL Key Concepts – Business Alignment
Event: Economic down-turns result in business cut-backs
Leads to review of IT operations and renewed attempts to manage technology according to business goals and objectives.
Using ITIL SLM, IT organizations commit to describing the services they offer and to detailing the level at which those services can be offered and to measure their performance against those commitments
“Strategic alignment is achieved between the business and information technology when IM&M can be used to create, design, and exploit business opportunities.”Bernard Boar, The Art of Strategic Planning for Information technology, p. 323
49
Business Customer
CRM
ITIL Key Concepts – Manage Customer RelationsITIL Key Concepts – Manage Customer Relations
Application Support
Corporate Support?Treat internal clients
Like external customers
50
ITIL Key Concepts – Simplify contactITIL Key Concepts – Simplify contact
Service Desk rather than Help Desk
A Single Point of Contact (SPOC) – one number for all technology queries
Service Desk “owns” calls from cradle to grave – ensures they don’t get lost
Specialization of Service Desk as generalists
Complimented by self-service tools
51
ITIL Key Concepts – Emphasize service restorationITIL Key Concepts – Emphasize service restoration
Distinguish between service restoration and problem solving activities
Involve different goals and skill sets
Focus all attention and the correct resources on service restoration efforts
“Park” problems for later treatment
52
Event Management - It’s all about finding and removing infrastructure faultsEvent Management - It’s all about finding and removing infrastructure faults
53
ITIL Key Concepts – Control ChangesITIL Key Concepts – Control Changes
Achieve a “Known state” for environment in CMDB
Evidence suggests majority of incidents are a result of changes
Any change is carefully assessed for risk
Selected treatment is a function of evaluated risk of change with procedures designed to streamline known and low risk changes
54
ITIL Key Concepts – CommunicationITIL Key Concepts – Communication
Make all attempts to mitigate impact of faults and outages by strategic communications to User and businesses
Allowing them to take alternate actions to offset productivity losses from faults
Improve processes by engaging them in change acceptance activities
Improving overall customer satisfaction by participation
55
ITIL Key Concepts – MeasurementITIL Key Concepts – Measurement
Performance expressed in a ‘performance architecture’ signified by logical collection of SLA – OLA/UC network
SLA outlines end-to-end service expressed in Customer terms
Supported by network of internal & external agreements describing performance requirements of elements of service chain
56
ITIL Key Concepts – Control Customer ExpectationsITIL Key Concepts – Control Customer Expectations
Service levels are achieved at a cost
SLAs control “expectation creep” by tying additional service levels to their associated costs
Financial costing methods should clearly identify costs to customers in order to re-orient IT spending from “administrative overhead” to “strategic enabler”
57
ITIL Key Concepts – Availability Trade-offITIL Key Concepts – Availability Trade-off
Trade-off between High Availability and Restoration strategies
Based upon review of systems
need for high availability VS business impact of failure
58
In SummaryITIL improves Quality of ServiceIn SummaryITIL improves Quality of Service
Value of ITIL Process Framework to IT Service ManagementWHITE PAPER, Author: Viswanathan. S
Increased Uptime Elimination of repeat
incidents Faster resolution time
IncreasesUptime
Elimination of
repeat incidents
Faster , more accurate
resolution
59
In SummaryITIL can improve timeliness of serviceIn SummaryITIL can improve timeliness of service
Value of ITIL Process Framework to IT Service ManagementWHITE PAPER, Author: Viswanathan. S
Fewer rollbacks & incidents caused by poor changes
More accurate rollouts from releases Decreased incident volume thru
effective Problem Management
More accuraterollouts
Decreased rollbacks & incidents from poor Change
Management
Fewer Incident through proactive removal of faults
60
In SummaryITIL can reduce Cost of serviceIn SummaryITIL can reduce Cost of service
Value of ITIL Process Framework to IT Service ManagementWHITE PAPER, Author: Viswanathan. S
Reduced incidents caused by changes
Decreased ave. cost / call Decreased incident volume
and firefighting costs
Lower ave cost per incident
Fewer reported incidents
Caused by poor changes
Less incident volume & Firefighting activity through better Problem Management
COBITCOBIT
Control Objectives for IT-Related
Technology
Adaptation for auditors
Control Objectives for IT-Related
Technology
Adaptation for auditors
62
What is Governance?What is Governance?
“a structure of relationships and processes to direct and control the enterprise’s goals by adding
value while balancing risk versus return over IT and its
processes”
“a structure of relationships and processes to direct and control the enterprise’s goals by adding
value while balancing risk versus return over IT and its
processes”
COBIT Implementation Tool Set3rd Edition, July 2000
63
CobIT StructureCobIT Structure
64
CobIT Governance FrameworkCobIT Governance Framework
65
4 domains and 34 processes:
1. Planning &Organization
Domain
2. Acquisition &Implementation
Domain
3. Delivery &SupportDomain
4. MonitoringDomain
66
- Define a strategic IT plan
- Define the information architecture
- Determine the technological direction
- Define the IT organization and relationships
- Manage the IT investment
- Communicate management aims and direction
- Manage human resources
- Ensure compliance with external requirements
- Assess risks
- Manage projects
- Manage quality
1. Planning & Organization Domain1. Planning & Organization Domain
PO1
PO2
PO3
PO4
PO5
PO6
PO7
PO8
PO9
PO10
PO11
ProcessDomain
66
67
- Identify solutions
- Acquire and maintain application software
- Acquire and maintain technology architecture
- Develop and maintain IT procedures
- Install and accredit systems
- Manage changes
2. Acquisition & Implementation2. Acquisition & Implementation
A11
A12
A13
A14
A15
A16
ProcessDomain
67
68
- Define service levels- Manage third-party services- Manage performance and capacity- Ensure continuous service- Ensure systems security- Identify and attribute costs- Educate and train users- Assist and advise IT customers- Manage the configuration- Manage problems and incidents- Manage data- Manage facilities- Manage operations
3. Delivery & Support3. Delivery & Support
DS1DS2DS3DS4DS5DS6DS7DS8DS9DS10DS11DS12DS13
ProcessDomain
68
69
- Monitor the processes
- Assess internal control adequacy
- Obtain independent assurance
- Provide for independent audit
4. Monitoring4. Monitoring
M1
M2
M3
M4
ProcessDomain
69
70
COBITCOBIT
Control Objectives for Information Related Technologies
71
COBITCOBIT
Defining and managing service
levelsBusiness need to understand levels of service needed
SLAs
formal agreements
defined responsibilities
response times & volumes
charging
integrity guarantees
non-disclosure agreements
customer satisfaction criteria
cost/benefit analysis of service levels
monitoring & reporting
It’s Not that SimpleIt’s Not that Simple
Knowing What is Best PracticeIsn’t much good if you can’t achieve it.
73
Giga Research - October 23, 2003 Giga Research - October 23, 2003
Implementation issues: The ITIL methodology has proven to be notoriously time-consuming and difficult to implement. Although ITIL promises cost-saving and process improvements, there is no guaranteed return on investment (ROI), making the ITIL proposition a not very attractive one for corporate IT departments.
Expectation mismanagement: Vendors have oversold the ITIL methodology as a means of mapping business processes to IT processes, which is indeed a big concern for many IT departments these days. Unfortunately, ITIL is unsuitable for this task. It is merely a way of structuring the internal IT service delivery and once fully implemented will increase the efficiency of the IT department. Once clients started to familiarize themselves with the ITIL concept, this mismatch between promise and reality became obvious, effectively diminishing the ITIL value proposition even further.
Despite significant vendor hype, fully fledged IT Infrastructure Library (ITIL) implementations by enterprise IT departments have remained an exception. The majority of companies have not advanced beyond the piloting or even exploration phases. There are two main reasons for the failure of ITIL to live up to expectations
74
Why do implementations fail?Why do implementations fail?
Simply implementing a ‘process control function’, as implementations were considered to be in the past, is not enough.
In most cases failure was caused by lack of attention to the ‘process enablers’.
Management should be committed during the entire ‘plan-do-check-act’ cycle, and should also address all aspects of the service management framework
Simply implementing a ‘process control function’, as implementations were considered to be in the past, is not enough.
In most cases failure was caused by lack of attention to the ‘process enablers’.
Management should be committed during the entire ‘plan-do-check-act’ cycle, and should also address all aspects of the service management framework
Stop Being a Victim!By: Char LaBounty Presidenthttp://labountyassociates.com/pubs/publications02.html
75
What can be done ?What can be done ?
ITIL establishes a target
But provides little guidance on how to
hit the target
76
Need process improvement advice to hit targetNeed process improvement advice to hit target
CMMI provides guidance for organizational
improvementITIL is an excellent base for driving performance and quality improvements in the Service management domain. It is also going to be an integral part of a wider quality initiative from other frameworks, such as for Capability Maturity Model,(CMM) impacting application development, or COBIT.
Assyst – Service Matters (http://mediaproducts.gartner.com)
77
ITIL Implementation: Vital elements to consider --ITIL Implementation: Vital elements to consider --
the scope and complexity of the organization
the resources at your disposal, including staff numbers
the level of maturity of the organization – particularly with achieving a “Defined” capability
the impact of IT on the business – how important is the area to the overall business
the culture of the organization
continuous communication with the User population.
ITIL Service Management, C1
Capability Maturity ModelingCapability Maturity Modeling
The ability to deliver is determined by organizational capabilities and maturities
The ability to deliver is determined by organizational capabilities and maturities
79
Remember the methodologyRemember the methodology
Myths of Methodology, Dan Drislane, Beggs-Heidt, August 2002
The ability to call upon, utilize and sustain enablers is a function of the organization’s capability maturity level.
80
Capability Maturity Model (CMM)Capability Maturity Model (CMM)
First advanced by Crosby in “Quality is Free” (1979)
Adapted by IBM in 1980s to instill TQM into software development. Humphrey observed…
TQM needed to be implemented in stages to be successful New software development practices did not survive unless
organization changed supporting behaviors Work is chronically over-committed in low maturity organizations –
results depended on skills of exceptional individuals
Carnegie-Melon Institute uses approach to devise Software CMM, Software Engineering CMM and Product Development CMM
In 1995 Carnegie-Melon developed People CMM to improve the capability of the workforce.
In 2000 Carnegie-Melon integrated SW with system engineering processes in CMM-Integrated
Information Systems Audit and Control Association devise COBIT for IT Governance auditing
IT Service CMM is a work in progress in the Netherlands by Professor Niessink
81
CMMI Maturity LevelsCMMI Maturity Levels
82
CMMI - Levels 1 through 3CMMI - Levels 1 through 3
A process cannot be improved if it cannot be repeated
Repeatable: The first step in helping an organization improve its maturity is focused on helping organizations remove the impediments that keep them from repeating successful .. practices.
Managed: The effort to establish a repeatable capability is the effort to establish basic management practices locally within each unit or project. Only when this management capability is established will the organization have the foundation on which it can deploy common processes.
Defined: When the organization defines a standard process for performing its business activities, it has laid the foundation for a professional culture. Most organizations report the emergence of a common culture as they achieve Level 3. This culture is based on common professional practices and common beliefs about the effectiveness of these practices.
83
What Does CMMI offerWhat Does CMMI offer
“This history of productivity and quality improvement in software has been riddled with silver bullets.
Complex, advanced technologies were usually implemented in a big bang that often proved too large for the organization to absorb.
The SW-CMM achieved widespread adoption because it broke the cycle of silver bullets and big bangs. At each stage of its evolutionary improvement path, the SW-CMM implemented an integrated collection of management and development practices that the organization was prepared to adopt.
Each level of maturity established a new foundation of practices on which more sophisticated practices could be implemented in later stages.
More importantly, each level shifted the organization’s culture one step further away from its initial frenzied state toward an environment of professionalism and continuous improvement.”
People CMM, p.12
84
So, CMMI can provide advice on HOW to implementSo, CMMI can provide advice on HOW to implement
Some ITIL processes exist predominantly at a specific, but attainable level of maturity – but, can achieve additional benefits at higher implementation levels
Some aspects of ITIL processes exist at levels of maturity beyond the capability of the organization at its current maturity levels. These require enabling processes to be implemented.
Eg. availability, SLM measurement require sophisticated quantitative measurement capability associated with level 4
Problem Management Root Case Analysis is associated with level 5 activities (Continuous improvement through elimination of defects)
There are implied orders amongst ITIL disciplines and within sub-divisions of disciplines in HOW they should best be implemented
85
CMMI – A DistinctionCMMI – A Distinction
CMM makes an important distinction between practices designed to implement a workforce habit and practices designed to institutionalize the practice. Without the later, all too often newly embedded practices will revert to previous, well-entrenched behaviors. The four institutional practices are displayed below.
86
CMMI - Generic PracticesCMMI - Generic Practices
Establish and maintain an organizational policy for planning and performing the process
Establish and maintain the plan for performing the process
Provide adequate resources
Assign responsibility and authority
Train the people
Identify and involve the relevant stakeholders
Monitor and control the process against the plan
Objectively evaluate adherence of the process against its process description, standards, and procedures, and address noncompliance
Establish and maintain the description of a defined process
Collect work products, measures, measurement results, and improvement information
Generic practices are practices that should be included in every process area in addition to the specific practices that appear in each process area description. The generic practices improve the
power of a process by assuring that the specific practices are executed and that there is appropriate planning of the process to assure that it is feasible and well-supported.
SEI'S Capability Maturity Model - Integrated Acquisition Model vs 1
87
Pre-requisites for repeatable services (level 2)Pre-requisites for repeatable services (level 2)
Service Commitment Management - to ensure that service commitments are based on the current and future IT service needs of the customer.
Service Delivery Planning - ensure that the service delivery planning is developed in accordance with the service commitments and that internal commitments are secured.
Service Tracking and Oversight - During service delivery, performance is monitored to enable corrective actions before the service commitments are breached. In addition, the tracking forms the basis for service reports to the customer.
Service Sub-contract Management - Parts of the service that are sub-contracted to third parties are managed and controlled.
Configuration Management - The information technology subject to the IT service is identified and controlled.
Event Management - managing events that occur during service delivery. Events can be incidents, such as unavailable servers, or service requests from end-users. Both types of events need to be handled in time in order to meet the service commitments.
Service Quality Assurance - An independent quality assurance group provides insight for senior management into the processes used and work products produced
Frank Niessink Version 1.0.2-en, January 15, 2003 download from www.itservicecmm.org/download.html
88
Pre-requisites for defined services (level 3)Pre-requisites for defined services (level 3)
Organization Service Definition - a service catalogue is developed that describes the services, in terms of customer benefits, that the service provider can deliver.
Organization Process Definition - the organization describes the processes used to deliver the services, described in the service catalogue. Service catalogue and standard service processes undergo improvement as a result of practical experience.
Organization Process Focus - this key process area is aimed at implementing the standard processes and assessing the performance of the processes in practice.
Integrated Service Management - this key process area is aimed at tailoring the standard service processes to specific service commitments for a specific customer so that the tailored process can be used to manage and deliver services to the customer.
Service Delivery - the tailored service processes are performed to deliver the services.
Training Program - based on the standard processes, a training program is developed. Employees are trained to fulfill their roles in the standard process.
Intergroup Coordination - delivering services requires different groups and disciplines to coordinate their work. This key process area makes sure communication between different groups is facilitated.
Problem Management - incidents and service requests that are registered as part of the Event Management key process area are analyzed to identify and solve underlying problems in the information technology.
Resource Management - required resources for delivering different services to different customers are coordinated across the organization
Frank Niessink Version 1.0.2-en, January 15, 2003 download from www.itservicecmm.org/download.html
Success is still not guaranteedP-CMMSuccess is still not guaranteedP-CMM
Organizational workforce practices need to be addressed.Organizational workforce practices need to be addressed.
90
Processes Require Departmental CooperationProcesses Require Departmental Cooperation
Dep
t A
Dep
t A
Dep
t B
Dep
t B
Dep
t C
Dep
t C
Dep
t D
Dep
t D
Dep
t E
Dep
t E
Dep
t F
Dep
t F
Process 1
Process 2
Process 3
Process 4
The implementation of processes modifies the traditional structure by requiring the initiation of “workforce competencies” rather than departmental skillsets.
An example is the view of Availability as being composed of generic or cross-organizational issues rather than product-centric (eg. network).
91
People CMM - ManagementPeople CMM - Management
Optimized
Predictable
Defined
Managed
Initial
Optimized
Predictable
Defined
Managed
InitialInconsistent
People
Competency
Capability
Change
Managers to take workforce activities as high priority responsibilities of their job with focus on Unit level activities.Managers to take workforce activities as high priority responsibilities of their job with focus on Unit level activities.
Organization has not defined workforce practices, and, in other areas, it has not trained responsible individuals to perform the practices that exist.
Organization has not defined workforce practices, and, in other areas, it has not trained responsible individuals to perform the practices that exist.
Develop an organization-wide infrastructure atop lower practices that ties the capability of the workforce to strategic business objectives.
The organization builds an organization-wide framework of workforce competencies that establishes the architecture of the organization’s workforce. Each workforce competency is an element of the workforce architecture, and dependencies among competency based processes describe how these architectural elements interact.
Develop an organization-wide infrastructure atop lower practices that ties the capability of the workforce to strategic business objectives.
The organization builds an organization-wide framework of workforce competencies that establishes the architecture of the organization’s workforce. Each workforce competency is an element of the workforce architecture, and dependencies among competency based processes describe how these architectural elements interact.
92
Achieving a Defined Maturity is a process enabler:Achieving a Defined Maturity is a process enabler:
P-CMM findings: frequent failure of organization-wide improvement programs...
Because they were thrust on an unprepared management team - It is difficult to implement organization-wide practices if managers are not performing the basic workforce practices required to manage their units.
competency-based processes (P-CMM Maturity Level 3) form a basis for defining workgroup roles and operating processes. Rather than just relying on the interpersonal coordination skills developed at Maturity Level 2, workgroups can now organize themselves by tailoring and applying standard competency-based processes. The ability to use defined processes simplifies coordination within the workgroup, since it no longer rests solely on the interpersonal skills of group members to figure out how to manage their mutual dependencies.
Competent professionals demand a level of autonomy in performing their work. To best utilize competent professionals, the organization must create an environment that involves people in decisions about their business activities. Decision-making processes are adjusted to maximize the level of competency applied to decisions, while shortening the time required to make them. Individuals and workgroups should be provided with the business and performance information needed to make competent decisions. A participatory culture enables an organization to gain maximum benefit from the capability of its workforce competencies while establishing the environment necessary for empowering workgroups.
P-CMM findings: frequent failure of organization-wide improvement programs...
Because they were thrust on an unprepared management team - It is difficult to implement organization-wide practices if managers are not performing the basic workforce practices required to manage their units.
competency-based processes (P-CMM Maturity Level 3) form a basis for defining workgroup roles and operating processes. Rather than just relying on the interpersonal coordination skills developed at Maturity Level 2, workgroups can now organize themselves by tailoring and applying standard competency-based processes. The ability to use defined processes simplifies coordination within the workgroup, since it no longer rests solely on the interpersonal skills of group members to figure out how to manage their mutual dependencies.
Competent professionals demand a level of autonomy in performing their work. To best utilize competent professionals, the organization must create an environment that involves people in decisions about their business activities. Decision-making processes are adjusted to maximize the level of competency applied to decisions, while shortening the time required to make them. Individuals and workgroups should be provided with the business and performance information needed to make competent decisions. A participatory culture enables an organization to gain maximum benefit from the capability of its workforce competencies while establishing the environment necessary for empowering workgroups.
93
Management CMMManagement CMM
94
Other Techniques/ApproachesOther Techniques/Approaches
TCO Management – benchmark financial costs
BPR – change management – the organization
BPM – the acknowledged successor to BPR
BS15000 – ISO – certify thyself
quality – TQM, six sigma
Microsoft MSF / MOF
Balanced scorecards
95
Approaches Applicability to IT Approaches Applicability to IT
News Story by Gary H. Anthes, http://www.computerworld.com/,
So, where do I go ?So, where do I go ?
Some KeysSome Keys
97
ConcernsConcerns
99
Key to A Coherent Strategy ?Key to A Coherent Strategy ?
Alice: Which way should I go?
Cat: That depends on where you are going.
Alice: I don’t know where I am going.
Cat: Then it doesn’t matter which way you go.
Be clear about what you want to accomplish
100
Implementing ITIL is not revenue neutralImplementing ITIL is not revenue neutral
Before ITILBefore ITIL After ITILAfter ITIL
Cost of Processes
Replaced
Cost of Processes
Replaced
Cost of ITIL
Processes
Cost of ITIL
Processes
Cost to
Business of
IT service
provision
Cost to
Business of
IT service
provision
Cost to Business ofIT serviceprovision
Cost to Business ofIT serviceprovision
The benefits to theorganization
The cost to theService Provider
Harder to define
101
But, the road is long and the target is movingBut, the road is long and the target is moving
Queen of Hearts: it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!'
102
Perhaps Wayne Gretsky said it bestPerhaps Wayne Gretsky said it best
Skate to where the puck will be
103
What to ExpectWhat to Expect
FutureToday
Best Practices Certification
Service Desk SW Integrated Service Mgmt SW
Gap Analysis “Mature” Maturity Modeling
ITIL modules ITIL-3
Process emphases
ITIL/CMM/COBIT integration
104
1954 Popular Mechanics Magazine.... 1954 Popular Mechanics Magazine....
SuggestionsSuggestions
Some basic suggestions on how to implement ITIL processesSome basic suggestions on how to implement ITIL processes
106
METAMETA
Phase 1 (6-8 months): Develop selling, marketing, service deployment planning, service deployment, change management, problem management, event management, and service level management processes
Phase 2 (8-12 months): Develop capacity planning, performance (server/network) management, configuration management, and cost/chargeback processes
Phase 3 (12-15 months): Develop the remaining miscellaneous processes
Phase 4 (15-18 months): Analyze measurements and undertake ongoing optimization use this structure for citations
Due to the diversity and complexity of deploying IT processes, we recommend the following four-phased implementation scheme:
META - Process Clustering - Service Management Strategies, Oct 23, 2000
107
Microsoft “Quick Wins”Microsoft “Quick Wins”
Service Desk - Merge multifunctional service desk into one central point of contact, either virtually or physically.
Incident Management - Establish consistent definitions of incident severities to ensure proper response by support staff to logged incidents.
Problem Management - Ensure that changes are correctly referenced to problems so that the root cause is only resolved once
Change Management - Establish a standard Request for Change (RFC) form.
Release Management - Ensure that Operations Acceptance Testing (OAT) is carried out as a separate exercise to User Acceptance Testing (UAT).
Configuration Management - Produce a "logical" CMDB from existing system data (for example, inventory, human resources, purchasing) rather than a "physical" CMDB.
108
Microsoft “Quick Wins”Microsoft “Quick Wins”
Availability Management - Use historical analysis on hardware mean time before failure (MTBF) in order to proactively replace equipment before it fails.
Capacity Management - Input threshold figures for CPU, memory, and disk to Service Monitoring and Control.
Service Level Management - Summarize service level agreements into two pages or less so that they are easier to read.
Service Monitoring and Control - Identify system baselines to establish accurate thresholds for monitoring and alerting on normal and abnormal system utilization.
Financial Management - Charge on service management issues (service desk calls, problems/changes raised) rather then CPU, memory I/O, etc...
IT Service Continuity Management - Ensure that documentation copies are stored at an off-site location either electronically or physically.
109
Proactive – Service ManagementProactive – Service Management
110
Proactive – Service DeliveryProactive – Service Delivery
111
The Art of ServiceThe Art of Service
Determine the base line; start with an assessment to determine priorities.
Survey the services/system(s) currently used by the organization for providing day-to-day user support and for handling incidents, problems and known errors. Review the support tools used, and the interfaces to change management and configuration management including inventory management, and the operational use of the current system within the IT provider. Identify strengths to be retained, and weaknesses to be eliminated. Ascertain the agreements in place between service providers and customers
Ascertain service level requirements and document these. Plan and implement the service desk using tools designed for this function which support incident control. These tools should either support or be capable of integration with tools for the aspects of Problem Management as well as for configuration management and change management. Implement at least the inventory elements of configuration management required for incident control and change management.
Extend the incident control system to allow other domains such as Computer Operations and Network Control staff to log incidents directly. Negotiate and set up SLAs
Develop the management reporting system
Implement the balance of 'reactive' Problem Management (problem control, error control and management reporting) and configuration management. The proactive parts of Problem Management should be implemented as staff are released from reactive duties by gradually improving service quality. Implement the release management process.
Re-published from www.artofservice.com publication has been decommissioned
112
Interprom CaveatsInterprom Caveats
Goals Are Unclear - An IT organization which starts implementing ITIL processes because “We have a problem”, will probably be less successful compared to an IT organization which is aware of its weaknesses after having done an audit or a customer review.
Lack of Tactical Management Processes - IT organizations after having implemented operational processes such as Incident Management, Configuration Management and Change Management, immediately jump to Service Level Management to have Service Level Agreements and service level reports. With this, IT organizations skip the implementation of formal tactical processes such as Availability Management, Capacity Management, IT Service Continuity Management and Cost Management.
Duration Times - ITIL offers process models, which are based on ‘Industry Best Practices’. This means that out-of-the-box implementations of ITIL simply don’t exist. Instead, ITIL provides IT organizations with a framework. It depends on each individual IT organization to have ITIL fit to its needs and priorities . A complete and full implementation of one process can last months, and while maturing, IT organizations continue to optimize their processes.
Bad Change Management - it is important to spend enough time to deal with resistance an implementation of a new way of working introduces. Managing these changes is therefore very important. Introducing these kinds of changes asks for an incremental approach. In short cycles the new process is introduced to the organization, which allows enough time to adjust, and to absorb the new situation. The Plan-Do-Check-Act (PDCA) cycles we know from TQM-implementation projects can be useful in this perspective.
Process Itself is Not the Goal - Implementation of formal (ITIL) processes help to increase the performance of the IT organization. Processes are implemented to provide management information, which directly contributes to the most effective and efficient way to contribute to the realization of the primary business processes of the company. Line managers, process managers and product managers are responsible to define performance indicators, process characteristics and control variables. By measuring performance, periodical management reports can be generated. Strategic decisions can then be based on hard figures instead of intuition.
Implementation of ITIL, Copyright 2002 InterProm USA Corporation
113
ITIL Disciplines Maturity PlacementITIL Disciplines Maturity Placement
Maturity Levelj k l m n
Reactive Problem Proactive Problem
Release
Service Continuity
MOU Service Catalogue OLA SLA Measurement Reporting
Demand App Sizing Workload
Recovery High Availability Modeling
Incident Major Incident CMDB References
Assets Mission Critical Configurations Configuration Mgmt
Change Asset Reference CMDB Reference
Financial
114
Preparing for an ImplementationPreparing for an Implementation
Determine Organization’s Ability to Change
Determine the Cost of Downtime for Major Applications
Develop a Vision for the Implementation
Develop Process Repository
The attainment of Level 3 - defined Maturity is a pre-requisite for implementing many ITIL processes so that they will be self-sustaining
Assigning costs of Unavailability allow the organization to establish what is acceptable risk. Once established then highly reliable analyses of the optimal level of availability are possible and a correct assessment of the availability-recoverability trade-off is possible.
A vision includes both a description of the organization's most desirable future state and a declaration of what the organization needs to care about most to reach that future state."
The organization should select appropriate standards and toolsets for describing process attributes and processes.
115
Some Common ApproachesSome Common Approaches
Start with Service Management practices
Incident then change (quick wins requiring level 2 (repeatable) maturity
Consolidate to have SPOC Service Desk
Develop Asset Mgmt database then migrate to CMDB
Identify Services
Improve change process to greater maturity
Ensure QA on Incident Tickets & improve Ticket reporting to enhance quality of “fault data”
Implement reactive Problem Management
Identify costs of services & add to Service Catalogue description
118
Issues w. Traditional ApproachIssues w. Traditional Approach
Success assumes highly mature organization – particularly with regard to Project Management capabilities (as defined by CMMI)
Strategic definitional steps preclude early initiation of easily definable initiatives enjoying high degrees of organizational consensus
Does not fully utilize benefits of implementing “best practices” which have gained acclaim by virtue of their wide applicability
119
Poor Project ManagementPoor Project Management
A few examples of poor project management, “have you ever been involved with or heard of a project within your organization or department that has or is exhibiting these or similar weaknesses?”
Poor estimation of duration leading to the project taking more time than expected
Poor estimation of costs leading to the project costing more than expected
Lack of quality control resulting in a product (or service) that is unusable or inadequate
Lack of planning Inadequate criteria for what is required Poor managerial support Poor administrative support Poor communication Unclear roles and responsibilities Lack of resource commitment
What is PRINCE2? - by Fiona Spence (CC Consulting Ltd) - http://www.crazycolour.com/p2/0009.shtml
120
CMMI – Project ManagementCMMI – Project Management
“it is much better to apply a simple method correctly than to adopt a more complex approach
inconsistently. “http://www.albacore.ltd.uk/PRINCE2.html
The basic Project Management process areas address the basic activities related to establishing and maintaining the project plan, establishing and maintaining commitments, monitoring progress against the plan, taking corrective action, and managing supplier agreements.
Capability Maturity Model® Integration (CMMI), Version 1.1
121
CMMI – Project ManagementCMMI – Project Management
The advanced Project Management process areas address activities such as establishing a defined process that is tailored from the organization’s set of standard processes, coordinating and collaborating with relevant stakeholders (including suppliers), risk management, forming and sustaining integrated teams for the conduct of projects, and quantitatively managing the project’s defined process.
Capability Maturity Model® Integration (CMMI), Version 1.1
122
Project LifecycleProject Lifecycle
Planning
Requirements
Acquisition
Modify/BuildIteration
Integration
Maintain
Project Lifecycle
Implementation
123
Publishinformation on the
Web
IMPLEMENT
INTEGRATE
ITERATE
Continuous ImplementationContinuous Implementation
In ConclusionIn Conclusion
Wrapping it up
125
What’s been SaidWhat’s been Said
Many organizations are demanding greater ROI from their IT services
Used together, ITIL, CobIT and CMM frameworks can provide a structure to achieve enhanced IT service management
A coherent, encompassing service improvement process will take several years. You need strategies to ensure sustained momentum.
Be aware of the need to achieve enabling organizational practices as pre-requisites for implementing ITIL processes which require greater levels of maturity
126
Thank YouThank You