ITSM is a set of guidelines for different aspects of best-practice data management.

Split into two groups and eleven disciplines. The two groups inside of ITSM are Service

Delivery and Service Support.

Service Delivery◦ IT Financial Management◦ Capacity Management◦ Availability Management◦ IT Continuity Management◦ Service Level Management

Service Support◦ Change Management◦ Release Management◦ Problem Management◦ Incident Management◦ Configuration Management◦ Service Desk

Provides a way to align the IT services with the business requirements.

Customers and IT personnel can discuss and asses how well a service is being delivered.

Primary Objective:◦ Provide a way for setting clear expectations with

both customers and user groups

The primary management of IT services Service Level Management is dependent

upon all the other areas of service delivery Business processes associated with SLM:

◦ Reviewing existing services◦ Negotiating with the customers◦ Implementation of Service Improvement

policies and processes◦ Planning for service growth◦ Involvement in accounting to asses costs of

services

Financial Management includes budgeting, accounting, and charging for IT services being delivered to the customers. Budgeting and accounting involves understanding the costs of providing various services Financial Management ensures that any IT service proposed is justified from a budget point of view. Allows IT departments to function as a business unit. Allows customers to demand a value for their money.

The discipline of ensuring the IT infrastructure is obtained at the most effective price◦ Not necessarily the cheapest!

Calculating the costs of providing the service so the organization can justify the costs of its IT services◦ Costs can then be recovered from the customer of the service

IT Costs can be divided into different units:◦ Equipment◦ Software◦ Organization (staff, overtime, etc.)◦ Transfer (costs of 3rd party service providers)

Costs can also be divided into direct and indirect costs.

Measuring availability:Agreement statistics – what is included within the

agreed serviceAvailability – agreed service times, response timesHelp Desk Calls – number of incidents raised,

response times, resolution times Capacity – performance timings for online

transactions, report production, numbers of users, etc.

Costing Details – charges for the service, and any penalties should service levels not be met.

Includes planning, sizing, and controlling service solution capacity to satisfy user demands.

This requires a collection of information about usage scenarios and patterns as well as stated performance requirements.

Inputs:◦ Performance monitoring ◦ Workload monitoring ◦ Application sizing ◦ Resource forecasting

Also known as contingency management◦ Focuses on minimizing the disruptions to

businesses caused by failure of “mission-critical” systems

◦ Deals with planning to cope with and recover from an IT disaster

◦ Provides guidance on safeguarding existing systems

◦ Also considers what activities need to be taken in the event certain services are not available

Basic steps:Prioritizing the businesses to be recovered by

conducting a Business Impact Analysis (BIA) Performing a Risk Assessment (Risk Analysis)

for each of the IT Services to identify the assets, threats, vulnerabilities and countermeasures for each service.

Evaluating the options for recovery Producing the Contingency/Recovery Plan Testing, reviewing, and revising the plan on a

regular basis

Continuity management and disaster recovery are important, yet often overlooked, part of IT security and risk analysis

Inadequate contingency planning is looked at as a risk to the business, and is often overlooked until it is too late.◦ When a security or other breach results in the loss

of supporting IT systems or valuable information

Service Support revolves largely around a strong service or help desk.

Service desks can be unskilled (used for incident tracking and call dispatching) or skilled (incidents are solved at the helpdesk).

Goal:◦ Provide a single point of contact for the user for all

their IT queries.◦ Proactively identify problems as well as create

resolutions to incidents.

Release Management is responsible for the management of software support, development, and installation.

Goal:Plan the rollout of software.Implement procedures for the distribution of changes to

the IT system. Path:

Proper Release Management means to organize a way of controlling and monitoring distribution of software, often by creating a single point of storage for all software.

For internal software this also means creating a logical store to track releases, and store previous versions of software.

Create a standardized process for implementing software.

Configuration Management is a process that tracks all of the individual items in a system. A system may be a single server, or an entire IT department.

Goals:◦ Create a list of every hardware and software item

in the system and define their relationship while tracking their current status as well as their history.

Business continuity planning (BCP) and contingency planning in support of operations are elements of a system of internal control that is established to manage availability of critical processes in the event of interruption. The most important part of such a plan deals with the cost-effective support of the information system. Availability of business data is vital to the sustainable development and/or even to the survival of any organization.

BCP and disaster recovery planning (DRP) processes

Business impact analysis (BIA) Recovery strategies and alternatives Plan testing Backup and restoration Audit considerations

Inability to maintain critical customer services

Damage to market share, image, reputation or brand

Failure to protect the company assets, including intellectual properties and personnel

Business control failure Failure to meet legal or regulatory

requirements

The purpose of business continuity/disaster recovery is to enable a business to continue offering critical services in the event of a disruption and to survive a disastrous interruption to their activities. Rigorous planning and commitment of resources is necessary to adequately plan for such an event.

Earthquakes Floods Tornados Thunderstorms Fire Discontinuation of Services like Electrical Power,

Telecommunications, Natural Gas Terrorist Attacks Hacker Attacks Virus Attacks System Malfunctions Accidental File Deletions Network Denial of Services (DoS) Attacks Intrusion

The BCP process can be divided into the following life cycle phases: Creation of a business continuity policy Business Impact Analysis (BIA) Classification of operations and criticality analysis Identification of IS processes that support critical organizational

functions Development of a BCP and IS disaster recovery procedures Development of resumption procedures Training and awareness program Testing and implementation of plan Monitoring

Interruption window: The time the organization can wait from the point of failure to the critical services/applications restoration. After this time, the progressive losses caused by the interruption are unaffordable.

Service delivery objective (SDO): Level of services to be reached during the alternate process mode until the normal situation is restored. This is directly related to the business needs.

Maximum tolerable outages: Maximum time the organization can support processing in alternate mode. After this point, different problems may arise, especially if the alternate SDO is lower than the usual SDO, and the information pending to be updated can become unmanageable.

They are fully configured and ready to operate within several hours. The equipment, network and systems software must be compatible with the primary installation being backed up. The only additional needs are staff, programs, data files and documentation.

Costs associated with the use of a third-party hot site are usually high, but less than creating a redundant site, and are often cost justifiable for critical applications.

They are partially configured, usually with network connections and selected peripheral equipment, such as disk drives and other controllers, but without the main computer. Sometimes a warm site is equipped with a less-powerful central processing unit (CPU), than the one generally used. The assumption behind the warm site concept is that the computer can usually be obtained quickly for emergency installation (provided it is a widely used model) and, since the computer is the most expensive unit, such an arrangement is less costly than a hot site. After the installation of the needed components, the site can be ready for service within hours; however, the location and installation of the CPU and other missing units could take several days or weeks.

They have only the basic environment (i.e., electrical wiring, air conditioning, flooring, etc.) to reduce the cost. The cold site is ready to receive equipment, but does not offer any components at the site in advance of the need. Activation of the site may take several weeks.

This is a specially designed trailer that can be quickly transported to a business location or to an alternate site to provide a ready-conditioned facility. These mobile sites can be connected to form larger work areas and can be preconfigured with servers, desktop computers, communications equipment, and even microwave and satellite data links. They are a useful alternative when there are no recovery facilities in the immediate geographic area. They are also useful in case of a widespread disaster and are a cost-effective alternative to duplicate for a multi-office organization.

Incident response team: A team that has been designated to receive the information about every incident that can be considered as a threat to assets/processes. This reporting can be useful for coordinating an incident in progress and or for postmortem analysis. The analysis of all incidents also provides input for updating the recovery plans.

Emergency action team: They are first responders, designated fire wardens and bucket crews, whose function is to deal with fires or other emergency response scenarios. One of their primary functions is the orderly evacuation of personnel and the securing of human life.

Information security team: The main mission of this team is to develop the needed steps to maintain a similar level of information and IT resource security as was in place in at the primary site before the contingency, and implement the needed security measures in the alternative procedures environment. Additionally, this team must continually monitor the security of system and communication links, resolve any security conflicts that impede the expeditious recovery of the system, and assure the proper installation and functioning of security software. The team is also responsible for the security of the organization's assets during the disorder following a disaster.

Damage assessment team: Assesses the extent of damage following the disaster. The team should be comprised of individuals who have the ability to assess damage and estimate the time required to recover operations at the affected site. This team should include staff skilled in the use of testing equipment, knowledgeable about systems and networks, and trained in applicable safety regulations and procedures. In addition, they have the responsibility to identify possible causes of the disaster and their impact on damage and predictable downtime.

Emergency management team: Responsible for coordinating the activities of all other recovery/continuity/response teams and handling key decision making. They determine the activation of the BCP. Other functions entail arranging the finances of the recovery, handling legal matters evolving from the disaster, and handling public relations and media inquiries.

Offsite storage team: Responsible for obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule for information created during operations at the recovery site.

Software team: Responsible for restoring system packs, loading and testing operating systems software, and resolving system-level problems.

Applications team: Travels to the system recovery site and restores user packs and application programs on the backup system. As the recovery progresses, this team may have the responsibility of monitoring application performance and database integrity.

Pretest: The set of actions necessary to set the stage for the actual test. This ranges from placing tables in the proper operations recovery area to transporting and installing backup telephone equipment. These activities are outside the realm of those that would take place in the case of a real emergency, in which there is no forewarning of the event and, therefore, no time to take preparatory actions.

Test: This is the real action of the business continuity test. Actual operational activities are executed to test the specific objectives of the BCP. Data entry, telephone calls, information systems processing, handling orders, and movement of personnel, equipment and suppliers should take place. Evaluators review staff members as they perform the designated tasks. This is the actual test of preparedness to respond to an emergency.

Post-test: The cleanup of group activities. This phase comprises such assignments as returning all resources to their proper place, disconnecting equipment, returning personnel, and deleting all company data from third-party systems. The post-test cleanup also includes formally evaluating the plan and implementing indicated improvements.

Desk-based evaluation/paper test: A paper walk-through of the plan, involving major players in the plan's execution who reason out what might happen in a particular type of service disruption. They may walk through the entire plan or just a portion. The paper test usually precedes the preparedness test.

Preparedness test: Usually a localized version of a full test, wherein actual resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about how good the plan is. It also provides a means to improve the plan in increments.

Full operational test: This is one step away from an actual service disruption. The organization should have tested the plan well on paper and locally before endeavoring to completely shut down operations. For purposes of the BCP testing, this is the disaster.