FitSM Foundation
1
FoundationtraininginITServiceManagementaccordingtoFitSM
Version2.10
ThisworkhasbeenfundedbytheEuropeanCommission.Itislicensedundera CreativeCommonsAttribution4.0
InternationalLicense.
Purposeofthistraining
• Becomefamiliarwith– BasicITservicemanagementconceptsandterms– PurposeandstructureofFitSM standardsandtheirrelationshiptootherstandards
– ProcessframeworkunderlyingFitSM– RequirementsdefinedinFitSM-1
• AchievetheFoundationCertificateinITServiceManagementaccordingtoFitSMissuedbyTÜVSÜDExaminationInstitute
2
FitSM Foundationexam
• Attheendofthistraining• Closedbook,i.e.noaidsareallowed• Duration:30minutes• 20multiple choicequestions:
– Fourpossibleanswersforeachquestion:A,B,CorD– Onecorrectanswerperquestion
• Atleast65%correctanswers(13of20)arerequiredtopasstheexamination
3
FitSM qualificationprogram
4
FoundationLevel
FoundationtraininginITservicemanagement
AdvancedLevel
Expert Level
ExperttraininginITservicemanagement
Advancedtraininginserviceplanninganddelivery
Advancedtraininginserviceoperationandcontrol
1day
2 days2 days
2 days
Trainingagenda
• ITServiceManagement:Introduction,Terms&Concepts
• TheFitSMStandardsFamily• ITServiceManagement– GeneralAspects• ITServiceManagement– Processes• Benefits,Risks&ChallengesofImplementingITServiceManagement
• RelatedStandards&Frameworks
5
WhyITservicemanagementisneeded
• WhyITservicemanagement(ITSM)?– About80%ofallITserviceoutages
originatefrom"peopleandprocessissues"
– Durationofoutagesanddegradationssignificantlydependentonnon-technicalfactors
• ITservicemanagement…– …aimsatprovidinghighqualityIT
servicesmeeting customers'andusers'expectations…
– …bydefining,establishingandmaintainingservicemanagementprocesses.
7
Reasonsforserviceoutages[Gartner,2001]
Whatisaservice?
8
ExamplesofITservices:– Provisionofstandarddesktopworkstations– Connectivity:E-Mail,LAN,internetaccess– Provisionofcomputationalresources– Provisionofstandardandspecialapplications– Storage,backup,archivalstorage
DefinitionfollowingFitSM-0:Service:
Awaytoprovidevalue toauser /customer throughbringingaboutresultsthattheywanttoachieve
DefinitionfollowingFitSM-0:Serviceprovider:
Organisationorfederation orpartofanorganisationorfederation thatmanagesanddeliversaservice orservicestocustomers
Serviceandvalue
• Serviceis…– …ameansofdeliveringvalue tocustomers…– …bysupportingtheminachieving theirgoals.
• Whatisvaluefromacustomerperspective?
9
Utility Warranty Value
Whatisthekeypurpose oftheservice?
Whichadditionalfactorswillimpactthecustomers’servicequality/
performanceperception?
Whatisaprocess?
• 3basicfactsaboutITservicemanagementprocesses:– ITSMprocessessupportthedeliveryofITservices.– ToprovideoneITservicetoacustomer,oftenseveralprocessesareneeded.
– AnITservicebeingsuccessfullydelivered istheresultfrommanyprocessessuccessfullyoperatingandinteracting.
10
DefinitionfollowingFitSM-0:
Process:Setofactivities thatbringaboutaspecificobjectiveorsetofresultsfromasetofdefinedinputs.
Classiclineorganizationandprocesses
11
Topmanagement
Servicedesk Clientoperations
Mobiledevices
Desktopsupport
Serveroperations
DBservers Webservers Applicationservers
ERP
CRM
Communicationnetworks
Networkplanning
Networkmaintenance
1
2
3
4
5
Whatcomprisesaprocess?
Goal(s),objectives
Clearlydefinedinputs,triggersandoutputs
Setofinterrelatedactivities(acrossdifferentfunctions)
Rolesandresponsibilities
12
Processroles
• Processowner:– Overallaccountabilityforaprocess– Definesprocessgoals,monitorstheirfulfillment– Hasauthoritytoprovide/approveresources
• Processmanager:– Responsible fortheoperationaleffectiveness and
efficiencyofaprocess– Reportstotheprocessowner
• Processstaffmember:– Responsible forperformingaspecificprocess
activity– Escalatesexceptionstotheprocessmanager
13
Processowner
Processmanager
Processstaffmember
1
1..*
1
1..*
Additionalkeyterms
14
DefinitionfollowingFitSM-0:Service managementsystem(SMS):
Overallmanagementsystemthatcontrolsandsupportsmanagementofserviceswithinanorganisationorfederation
DefinitionfollowingFitSM-0:Policy:
Documentedsetofintentions,expectations,goals,rulesandrequirements,oftenformallyexpressedbytopmanagement representatives inanorganisation orfederation
DefinitionfollowingFitSM-0:Activity:
Setofactions carriedoutwithinaprocess
DefinitionfollowingFitSM-0:Procedure:
Specified setofstepsorinstructionstobecarriedoutbyanindividualorteamtoperformoneormoreactivities ofaprocess
Servicemanagementsystem(SMS)
15
Policy1. Abc def ghijk.2. Abc def ghijk.3. Abc def ghijk.4. Abc def ghijk.
Proce-dures
Process: Inputs
Outputs
Governance levelTop managementProcess owners
Control levelProcess managers
Process teams
Operational level Departments
FunctionsPersons
Activities and roles
e.g. Incident handling policy, change policy,
security policy
e.g. incident management, change management, security management, …
e.g. procedures for classifying and prioritizing incidents
Person (in a role)
applies
WhatisFitSM?
• Afamilyofstandardsforlightweight ITservicemanagement
• Suitable forITservice providersofanytypeandscale• Maindesignprinciple: Keepitsimple!• Allparts(andthistrainingmaterial) freelyavailable
underCreativeCommonslicenses:
www.fitsm.eu
ThedevelopmentoftheFitSMstandardswassupportedandfundedbytheEuropeanCommission throughtheEC-FP7project "FedSM“.
17
FitSM parts
18
Focus of this training
FitSM-1Requirements
FitSM-2Objectives and activities
FitSM-3Role model
FitSM-5Selected
implementation guides
FitSM-0Overview & vocabulary
FitSM-4Selected templates and
samples
FitSM-6Maturity and capability assessment scheme
Implementation aids
Core standard
FitSMprocessmodel
1. Serviceportfoliomanagement(SPM)2. Service levelmanagement(SLM)3. Service reportingmanagement(SRM)4. Serviceavailability&continuitymanagement(SACM)5. Capacitymanagement(CAPM)6. Informationsecuritymanagement(ISM)7. Customerrelationshipmanagement(CRM)8. Supplierrelationshipmanagement(SUPPM)9. Incident&service requestmanagement(ISRM)10. Problemmanagement(PM)11. Configurationmanagement(CONFM)12. Changemanagement(CHM)13. Release&deploymentmanagement(RDM)14. Continualservice improvementmanagement(CSI)
20
ApossiblegroupingoftheFitSMprocesses
Sixmaintopicareas:
21
Offer&Agree• SPM• SLM• CRM
Plan&Ensure• SUPPM• SACM• CAPM
Control&Deploy• CONFM• CHM• RDM
Resolve&Prevent• IM• PM
Report&Improve• SRM• CSI
Protect&Secure• ISM
FitSM-0:"Overview&vocabulary"
• FitSM-0defines70importanttermsfromtheITservicemanagementcontext
• Inalphabeticalorder:
22
– Accessibilityofinformation– Activity– Assessment– Audit– Availability– Capability– Capacity– Change– Classification– Closure– Competence– Compliance– Confidentialityofinformation– Configurationbaseline– Configurationitem(CI)– Configurationmanagement
database(CMDB)– Continuity– Customer
– Document– Effectiveness– Efficiency– Escalation– Federationmember– Federator– Incident– Informationsecurity– Informationsecuritycontrol– Informationsecurityevent– Informationsecurityincident– Integrityofinformation– ITservice– ITservicemanagement(ITSM)– Keyperformanceindicator(KPI)– Knownerror– Managementsystem– Maturity
– Nonconformity– Operationallevelagreement
(OLA)– Operationaltarget– Policy– Postimplementationreview– Priority– Problem– Procedure– Process– Record– Release– Requestforchange– Risk– Role– Service– Serviceacceptancecriteria
(SAC)– Servicecatalogue
– Servicecomponent– Servicedesignandtransition
package– Servicelevelagreement(SLA)– Servicemanagement– Servicemanagementplan– Servicemanagementsystem
(SMS)– Serviceportfolio– Serviceprovider– Servicereport– Servicerequest– Servicetarget– Supplier– Topmanagement– Underpinningagreement(UA)– Underpinningcontract(UC)– User– Value
FitSM-1:"Requirements"
• FitSM-1defines85requirementsthatshouldbefulfilledbyanorganisation(orfederation)offeringITservicestocustomers.
• Compliancewiththe85requirementscanberegardedasa"proofofeffectiveness".
• The85requirementsarestructuredasfollows:– 16generalrequirements(GR)– 69process-specificrequirements(PR)
• Considerationofthe14ITservicemanagementprocesses fromtheFitSMprocessmodel
• Between3and8requirementsperprocess
23
Topmanagementresponsibility:RequirementsaccordingtoFitSM-1
25
GR1TopManagementCommitment&ResponsibilityREQUIREMENTS· GR1.1Topmanagementoftheorganisation(s)involvedinthedeliveryofservicesshallshow
evidencethattheyarecommittedtoplanning,implementing,operating,monitoring,reviewing,andimprovingtheservicemanagementsystem(SMS)andservices.Theyshall:o AssignoneindividualtobeaccountablefortheoverallSMSwithsufficientauthorityto
exercisethisroleo Defineandcommunicategoalso Defineageneralservicemanagementpolicyo Conductmanagementreviewsatplannedintervals
· GR1.2Theservicemanagementpolicyshallinclude:o Acommitmenttofulfilcustomerservicerequirementso Acommitmenttoaservice-orientedapproacho Acommitmenttoaprocessapproacho Acommitmenttocontinualimprovemento Overallservicemanagementgoals
Documentation:RequirementsaccordingtoFitSM-1
26
GR2DocumentationREQUIREMENTS· GR2.1TheoverallSMSshallbedocumentedtosupporteffectiveplanning.This
documentationshallinclude:o Servicemanagementscopestatement(seeGR3)o Servicemanagementpolicy(seeGR1)o Servicemanagementplanandrelatedplans(seeGR4)
· GR2.2Documenteddefinitionsofallservicemanagementprocesses(seePR1-PR14)shallbecreatedandmaintained.Eachofthesedefinitionsshallatleastcoverorreference:o Descriptionofthegoalsoftheprocesso Descriptionoftheinputs,activitiesandoutputsoftheprocesso Descriptionofprocess-specificrolesandresponsibilitieso Descriptionofinterfacestootherprocesseso Relatedprocess-specificpoliciesasapplicableo Relatedprocess- andactivity-specificproceduresasrequired
Documentation:RequirementsaccordingtoFitSM-1
27
GR2DocumentationREQUIREMENTS· GR2.3Theoutputsofallservicemanagementprocesses(seePR1-PR14)shallbedocumented,
andtheexecutionofkeyactivitiesoftheseprocessesrecorded.· GR2.4Documentationshallbecontrolled,addressingthefollowingactivitiesasapplicable:
o Creationandapprovalo Communicationanddistributiono Reviewo Versioningandchangetracking
Plan-Do-Check-ActCycle(PDCA)
28
Maturity
Time
• QualitymanagementapproachaccordingtoW.E.Deming• Keyprinciple:continualimprovement• Plan-Do-Check-Actcanbeappliedtothewholeservicemanagementsystem
PDCAappliedtotheSMS
• Plan:– DefinethescopeoftheSMS– Setthetimelineforimplementingservicemanagementprocesses(service
managementplan)• Do:
– Implementprocessesasplanned– Supportandenforcepracticalapplicationofdefinedprocesses
• Check:– Monitorkeyperformanceindicators(KPIs)toevaluateeffectivenessand
efficiency– Perform(internal)auditstodeterminethelevelofcompliance– Assesstheorganisationalmaturity
• Act:– Identifyopportunitiesforimprovements– Prioritizeandinitiateimprovements
29
GR3, GR4
GR5
GR6
GR7
SPM:Importantterms
32
DefinitionfollowingFitSM-0:Serviceportfolio:
Internallistthatdetailsall theservices offeredbyaserviceprovider,includingthose inpreparation,liveanddiscontinued
SPM:RequirementsaccordingtoFitSM-1
33
PR1ServicePortfolioManagement(SPM)REQUIREMENTS· PR1.1Aserviceportfolioshallbemaintained.Allservicesshallbespecifiedaspartofthe
serviceportfolio.· PR1.2Designandtransitionofneworchangedservicesshallbeplanned.· PR1.3Plansforthedesignandtransitionofneworchangedservicesshallconsider
timescales,responsibilities,neworchangedtechnology,communicationandserviceacceptancecriteria.
· PR1.4Theorganisational structuresupportingthedeliveryofservicesshallbeidentified,includingapotentialfederationstructureaswellascontactpointsforallpartiesinvolved.
SPM:Summary
• 3thingstoremember:– Theserviceportfoliolistsanddefinestheservicesthataserviceprovideroffersorplanstoofferinthefuture.
– Theserviceportfolioisan"internaltool"fortheserviceprovider.
– Theserviceportfolioisthebasisfortheservicecatalogue.
34
Servicecatalogue
Serviceportfolio
Customerbasisfor
ServiceLevelManagement(SLM)
35
Objective
Tomaintainaservicecatalogue,andtodefine,agreeandmonitorservicelevelswithcustomersbyestablishingmeaningfulservicelevelagreements(SLAs)andsupportiveoperationallevelagreements(OLAs)andunderpinningagreements(UAs)withsuppliers
SLM:Importantterms
36
DefinitionfollowingFitSM-0:
Service levelagreement (SLA):Documentedagreementbetweenacustomer andserviceprovider thatspecifiestheservice tobeprovidedandtheservicetargetsthatdefinehowitwillbeprovided
DefinitionfollowingFitSM-0:Servicecatalogue:
User/customerfacinglistofallliveservices offeredalongwithrelevantinformationaboutthese services
SLM:Importantterms
37
DefinitionfollowingFitSM-0:Operationallevelagreement (OLA)
Agreementbetweenaserviceprovider orfederationmemberandanotherpartoftheserviceprovider’sorganisation orthefederation toprovideaservicecomponentorsubsidiaryservice neededtoallowprovisionofservices tocustomers
DefinitionfollowingFitSM-0:Underpinningagreement (UA)
Documentedagreementbetweenaserviceproviderandanexternalsupplier thatspecifies theunderpinningservice(s)orservicecomponent(s)tobeprovidedbythesupplier,andtheservicetargetsthatdefinehowitwillbeprovided
Note:AUAcanbeseenasaservice levelagreement(SLA)withanexternalsupplierwheretheserviceproviderisinthecustomerrole.
SLM:RequirementsaccordingtoFitSM-1
38
PR2ServiceLevelManagementREQUIREMENTS· PR2.1Aservicecatalogueshallbemaintained.· PR2.2Forallservicesdeliveredtocustomers,SLAsshallbeinplace.· PR2.3SLAsshallbereviewedatplannedintervals.· PR2.4ServiceperformanceshallbeevaluatedagainstservicetargetsdefinedinSLAs.· PR2.5Forsupportingservicesorservicecomponentsprovidedbyfederationmembersor
groupsbelongingtothesameorganisation astheserviceproviderorexternalsuppliers,OLAsandUAsshallbeagreed.
· PR2.6OLAsandUAsshallbereviewedatplannedintervals.· PR2.7Performanceofservicecomponentsshallbeevaluatedagainstoperationaltargets
definedinOLAsandUAs.
SLM:DefiningSLAs
• SLAsareagreedbetweenaserviceprovideranditscustomers• TypicalcontentsinanSLA(includedorreferenced):
– Scopeanddescriptionoftheservice– Servicehoursandexceptions– Servicecomponents&dependencies– Support
• Incidenthandling• Fulfilmentofservicerequests
– Serviceleveltargets– Limitations&constraints– Communication,reporting&escalation
• Generalcommunication• Regularreporting• SLAviolations• Escalation&complaints
– Informationsecurity&dataprotection– Additionalresponsibilitiesoftheserviceprovider– Customerresponsibilities– Review– Glossaryofterms
39
SLM:Typesofserviceagreementsandtheirrelationships
40
Internalgroupsorfederationmembers
Operationallevelagreements(OLAs)
ServiceA
Servicecomponents
Servicelevelagreements(SLAs)
Customer
Suppliers
Underpinning agreements(UAs)
ServiceB ServiceC
(IT)serviceprovider
SLM:Summary
• 3thingstoremember:– ProduceaservicecatalogueforthecustomersandagreeSLAswithcustomers.
– AgreeOLAsandUAswithsupportingpartiesandsupplierstoensureservicetargetsinSLAscanbemet.
– EvaluateserviceperformancebasedonSLAs.
41
ServiceReportingManagement(SRM)
42
Objective
Tospecifyallservicereportsandensuretheyareproducedaccordingtospecifications inatimelymannertosupportdecision-making
SRM:RequirementsaccordingtoFitSM-1
PR3ServiceReportingREQUIREMENTS· PR3.1Servicereportsshallbespecifiedandagreedwiththeirrecipients.· PR3.2Thespecificationofeachservicereportshallincludeitsidentity,purpose,audience,
frequency,content,formatandmethodofdelivery.· PR3.3Servicereportsshallbeproduced.Servicereportingshallincludeperformanceagainst
agreedtargets,informationaboutsignificanteventsanddetectednonconformities.
43
SRM:Summary
• 3thingstoremember:– Servicereportsareimportanttosupportdecision-making.– Servicereportscanbeusefultodemonstrate thelevelofservicequalitythathasbeenachieved.
– Agreethereportsandtheirpurpose,audience, frequency,content,formatandmethodofdelivery withthereportstakeholders.
44
ServiceAvailability&ContinuityManagement(SACM)
45
Objective
Toensuresufficientserviceavailabilitytomeetagreedrequirementsandadequateservicecontinuityincaseofexceptionalsituations
SACM:Importantterms
46
DefinitionfollowingFitSM-0:Availability:
Theabilityofaservice orservicecomponent tofulfilits intendedfunctionataspecifictimeoroveraspecificperiodoftime
Agreedservicehours- downtime
Agreedservicehoursx100Availability [%]=
SACM:RequirementsaccordingtoFitSM-1
PR4ServiceContinuity&AvailabilityManagementREQUIREMENTS· PR4.1Serviceavailabilityandcontinuityrequirementsshallbeidentifiedtakinginto
considerationSLAs.· PR4.2Serviceavailabilityandcontinuityplansshallbecreatedandmaintained.· PR4.3Serviceavailabilityandcontinuityplanningshallconsidermeasurestoreducethe
probabilityandimpactofidentifiedavailabilityandcontinuityrisks.· PR4.4Availabilityofservicesandservicecomponentsshallbemonitored.
47
CapacityManagement(CAPM)
48
Objective
Toensuresufficientcapacitiesareprovidedtomeetagreedservicecapacityandperformancerequirements
CAPM:RequirementsaccordingtoFitSM-1
49
PR5CapacityManagementREQUIREMENTS· PR5.1Servicecapacityandperformancerequirementsshallbeidentifiedtakinginto
considerationSLAs.· PR5.2Capacityplansshallbecreatedandmaintained.· PR5.3Capacityplanningshallconsiderhuman,technicalandfinancialresources.· PR5.4Performanceofservicesandservicecomponentsshallbemonitoredbasedon
monitoringthedegreeofcapacityutilisation andidentifyingoperationalwarningsandexceptions.
CAPM:Summary
• Mostimportantoutput fromthisprocess:
• 3thingstoremember:– Identifyserviceperformancerequirements (e.g.fromSLAs).– Plantheresourcesrequiredtofulfiltherequirements and
produceacapacityplan.– Monitorserviceperformance.
50
Capacityplan(s)
Typicalcontents:• Agreed/requiredcapacityandperformancetargets• Plannedcapacityupgrades,downgradesandre-assignments of
resources• Requirementsforcapacitymonitoringandrelatedthresholds
InformationSecurityManagement (ISM)
51
Objective
Tomanageinformationsecurityeffectivelythroughallactivitiesperformedtodeliverandmanageservices,sothattheconfidentiality, integrityandaccessibility ofrelevantassetsarepreserved
ISM:Whatisinformationsecurity?
• Informationsecurityaspects:– Confidentiality– Integrity– Accessibilityofinformation
52
Keyaspects
ISM:Confidentialityandintegrity
Confidentiality:Toprotectinformationfromunauthorizeddisclosure
53
10110100010110011010110011001011
Bob
Chuck
Alice
Integrity:Toprotectinformationfrommodifications,additions,deletions,rearrangement,duplicationorre-recording
10110100010110011010110011001011
10110100101001000100011011001011
Chuck
Alice
Bob
ISM:RequirementsaccordingtoFitSM-1
PR6InformationSecurityManagementREQUIREMENTS· PR6.1Informationsecuritypoliciesshallbedefined.· PR6.2Physical,technicalandorganizationalinformationsecuritycontrolsshallbe
implementedtoreducetheprobabilityandimpactofidentifiedinformationsecurityrisks.· PR6.3Informationsecuritypoliciesandcontrolsshallbereviewedatplannedintervals.· PR6.4Informationsecurityeventsandincidentsshallbegivenanappropriatepriorityand
managedaccordingly.· PR6.5Accesscontrol,includingprovisioningofaccessrights,forinformation-processing
systemsandservicesshallbecarriedoutinaconsistentmanner.
54
ISM:Outputs
• Mostimportantoutputsfromthisprocess:– Informationsecuritypolicies
• Overallinformationsecuritypolicy• Specificsecuritypolicies,including…
– Passwordpolicy– E-mailpolicy– Mobiledevicepolicy– Accesscontrolpolicy– Mediadisposalpolicy– …
– Informationsecurityriskassessment– Documented informationsecuritycontrols
55
ISM:Summary
• 3thingstoremember:– Preserveconfidentiality, integrityandaccessibilityofinformationassets.
– Identifyandtreatinformationsecurityrisks.– Produceandenforceinformationsecuritypolicies.
56
CustomerRelationshipManagement (CRM)
57
Objective
Toestablishandmaintainagoodrelationshipwithcustomersreceivingservices
CRM:RequirementsaccordingtoFitSM-1
PR7CustomerRelationshipManagementREQUIREMENTS· PR7.1Servicecustomersshallbeidentified.· PR7.2Foreachcustomer,thereshallbeadesignatedcontactresponsibleformanagingthe
customerrelationshipandcustomersatisfaction.· PR7.3Communicationmechanismswithcustomersshallbeestablished.· PR7.4Servicereviewswiththecustomersshallbeconductedatplannedintervals.· PR7.5Servicecomplaintsfromcustomersshallbemanaged.· PR7.6Customersatisfactionshallbemanaged.
58
SupplierRelationshipManagement (SUPPM)
59
Objective
Toestablishandmaintainahealthyrelationshipwithsupplierssupportingtheserviceproviderindeliveringservicestocustomers
SUPPM:RequirementsaccordingtoFitSM-1
60
PR8SupplierRelationshipManagementREQUIREMENTS· PR8.1Suppliersshallbeidentified.· PR8.2Foreachsupplier,thereshallbeadesignatedcontactresponsibleformanagingthe
relationshipwiththesupplier.· PR8.3Communicationmechanismswithsuppliersshallbeestablished.· PR8.4Supplierperformanceshallbemonitored.
Incident&ServiceRequestManagement(ISRM)
61
Objective
Torestorenormal/agreedserviceoperationwithintheagreedtimeaftertheoccurrenceofanincident,andtorespondtouserservicerequests
ISRM:Importantterms
62
DefinitionfollowingFitSM-0:Incident:
Unplanneddisruptionofoperationinaservice orservicecomponent,ordegradationofservicequalityversustheexpectedoragreedservice leveloroperationallevelaccordingtoservice levelagreements(SLAs),operationallevelagreements(OLAs) andunderpinningagreements(UAs) withsuppliers
DefinitionfollowingFitSM-0:Service request:
Requestforinformation,advice,accesstoaservice orapre-approvedchange
Note:Servicerequestsareoftenhandledbythesameprocessandtoolsasincidents.
ISRM:RequirementsaccordingtoFitSM-1
PR9Incident&ServiceRequestManagementREQUIREMENTS· PR9.1Allincidentsandservicerequestsshallberegistered,classifiedandprioritizedina
consistentmanner.· PR9.2Prioritizationofincidentsandservicerequestsshalltakeintoaccountservicetargets
fromSLAs.· PR9.3Escalationofincidentsandservicerequestsshallbecarriedoutinaconsistentmanner.· PR9.4Closureofincidentsandservicerequestsshallbecarriedoutinaconsistentmanner.· PR9.5Personnelinvolvedintheincidentandservicerequestmanagementprocessshallhave
accesstorelevantinformationincludingknownerrors,workarounds,configurationandreleaseinformation.
· PR9.6Usersshallbekeptinformedoftheprogressofincidentsandservicerequeststheyhavereported.
· PR9.7Thereshallbeadefinitionofmajorincidentsandaconsistentapproachtomanagingthem.
63
ISRM:Workflow(incidentmanagement)
Classify
Record
Analyze
Prioritize
Resolve/Restoreservice
Close
Incident
Escalationrequired?
No
Yes
Escalate
64
ISRM:Servicerequestorincident?
65
The capacity of the hard disk drive in my notebook is
insufficient!
I forgotmy Wiki password!
The resource I am trying to access does not respond!
It takes a very long time for my transaction to
complete!
I cannot access my e-mails!
?
?
?
?
?
ProblemManagement(PM)
66
Objective
Toinvestigatetherootcausesof(recurring)incidents inordertoavoidfuturerecurrenceofincidentsbyresolvingtheunderlyingcauses,ortoensureworkarounds/temporaryfixesareavailable.
PM:Importantterms
67
DefinitionfollowingFitSM-0:Problem:
Theunderlyingcauseofoneormoreincidents thatrequiresfurtherinvestigationtopreventincidents fromrecurringorreducetheimpactonservices
DefinitionfollowingFitSM-0:Knownerror:
Problemwhichhasnot(yet)beencorrected,butforwhichthereisadocumentedworkaroundortemporaryfixtoprevent(excessive)negativeimpactonservices
Identifyproblem
Problem
IncidentsIdentified pattern of recurring incidents
Investigaterootcause
Identifyworkaround
Initiateresolution
Problem Requestforchange
PM:RequirementsaccordingtoFitSM-1
68
PR10ProblemManagementREQUIREMENTS· PR10.1Problemsshallbeidentifiedandregisteredbasedonanalysing trendsonincidents.· PR10.2Problemsshallbeinvestigatedtoidentifyactionstoresolvethemorreducetheir
impactontheservices.· PR10.3Ifaproblemisnotpermanentlyresolved,aknownerrorshallberegisteredtogether
withactionssuchaseffectiveworkaroundsandtemporaryfixes.· PR10.4Up-to-dateinformationonknownerrorsandeffectiveworkaroundsshallbe
maintained.
PM:Example – Fromincidentstoproblemstoresolutions
IncidentManagement
IncidentsIt takes avery long timeformy transaction to complete!
à Incident re-occurredseveral times inthepast
weeks.
ProblemManagement:
Analysis&Workaround
Problem• Category:SW/Service• Impact:High(allusers)• Urgency:Low(nocriticalSLAviolations)
Workaround• Back-uplogfile• Emptylogfile• Reboot system
ProblemManagement:Resolution
Knownerror• Errorwhenwritinglogfilescausesjobinterruption
• Maximumfilesizeofserverlogfileexceeded
Resolution• Patchavailable• Requestfor Change:Installpatch T12-02onpclx3
69
ConfigurationManagement (CONFM)
70
Objective
Toprovideandmaintainalogicalmodelofallconfigurationitemsandtheirrelationshipsanddependencies
CONFM:Importantterms
71
DefinitionfollowingFitSM-0:Configurationitem(CI):
Elementthatcontributestothedeliveryofoneormoreservices orservicecomponents,andthereforeneedstobecontrolled
DefinitionfollowingFitSM-0:Configuration baseline:
Thestateofaspecifiedsetofconfigurationitems(CIs) atagivenpointintime
DefinitionfollowingFitSM-0:Configurationmanagementdatabase(CMDB):
Storefordataaboutconfigurationitems (thereforeconfigurationdata)
Note:TheCMDBlikely includesattributesofCIsaswellasinformationonrelationshipsbetweenCIs,servicecomponentsandservices.
CONFM:RequirementsaccordingtoFitSM-1
72
PR11ConfigurationManagementREQUIREMENTS· PR11.1Configurationitem(CI)typesandrelationshiptypesshallbedefined.· PR11.2Thelevelofdetailofconfigurationinformationrecordedshallbesufficienttosupport
effectivecontroloverCIs.· PR11.3EachCIanditsrelationshipswithotherCIsshallberecordedinaconfiguration
managementdatabase(CMDB).· PR11.4CIsshallbecontrolledandchangestoCIstrackedintheCMDB.· PR11.5TheinformationstoredintheCMDBshallbeverifiedatplannedintervals.· PR11.6Beforeanewreleaseintoaliveenvironment,aconfigurationbaselineoftheaffected
CIsshallbetaken.
CONFM:Outputandsummary
• Mostimportantoutputfromthisprocess:
• 3thingstoremember:– ConfigurationManagement isnot aboutconfiguringresources
– ConfigurationManagement isaboutunderstanding(anddocumenting)thecurrentconfiguration
– Currentconfiguration=AllrelevantCIsandtheirattributesandrelationships
73
Logical CMDB:• InformationonCIsandtheirattributes• InformationontherelationshipsbetweenCIs• Linkstootherinformationsystems(physicalCMDBs)
CMDB
ChangeManagement(CHM)
74
Objective
Toensurechangestoconfigurationitemsareplanned,approved,implemented andreviewedinacontrolledmannertoavoidadverseimpactofchangestoservicesorthecustomersreceivingservices
CHM:Importantterms
75
DefinitionfollowingFitSM-0:Requestforchange(RFC):
Documentedproposalforachange tobemadetooneormoreconfigurationitems(CIs)
DefinitionfollowingFitSM-0:Change:
Alteration(suchasaddition,removal,modification,replacement)ofaconfigurationitem(CI) thatcontributestoprovidingoneormoreservices
CHM:RequirementsaccordingtoFitSM-1
PR12ChangeManagementREQUIREMENTS· PR12.1Allchangesshallberegisteredandclassifiedinaconsistentmanner.· PR12.2Allchangesshallbeassessedandapprovedinaconsistentmanner.· PR12.3Allchangesshallbesubjecttoapostimplementationreviewandclosedina
consistentmanner.· PR12.4Thereshallbeadefinitionofemergencychangesandaconsistentapproachto
managingthem.· PR12.5Inmakingdecisionsontheacceptanceofrequestsforchange,thebenefits,risks,
potentialimpacttoservicesandcustomersandtechnicalfeasibilityshallbetakenintoconsideration.
· PR12.6Ascheduleofchangesshallbemaintained.Itshallcontaindetailsofapprovedchanges,andproposeddeploymentdates,whichshallbecommunicatedtointerestedparties.
· PR12.7Forchangesofhighimpactorhighrisk,thestepsrequiredtoreverseanunsuccessfulchangeorremedyanynegativeeffectsshallbeplannedandtested.
76
Release&DeploymentManagement
FilterRecord
Assess&Approve
Classify
Implement
Review(PIR)
RFC
Approved? Changerefused
No
Yes
CHM:Workflow
77
CHM:Summary
• 3thingstoremember:– AllchangestoCIsshouldbecontrolledbythechangemanagementprocess.
– Typically,therearethreemaincategoriesofchanges:• Standardchange(pre-approved)• Non-standardchange• Emergencychange
– Achangeadvisoryboard(CAB)maybeestablished.DuringCABmeetings,requestsfornon-standardchangesareevaluatedanddiscussed.
78
Release&DeploymentManagement(RDM)
79
Objective
Tobundlechangesofoneormoreconfigurationitemstoreleases,sothatthesechangescanbetestedanddeployedtotheliveenvironmenttogether
RDM:Importantterms
80
DefinitionfollowingFitSM-0:Release:
Setofoneormorechanges toconfigurationitems(CIs) thataregroupedtogetheranddeployedasalogicalunit
RDM:RequirementsaccordingtoFitSM-1
81
PR13Release&DeploymentManagementREQUIREMENTS· PR13.1Areleasepolicyshallbedefined.· PR13.2Thedeploymentofneworchangedservicesandservicecomponentstothelive
environmentshallbeplannedwithallrelevantpartiesincludingaffectedcustomers.· PR13.3Releasesshallbebuiltandtestedpriortobeingdeployed.· PR13.4Acceptancecriteriaforeachreleaseshallbeagreedwiththecustomersandanyother
relevantparties.Beforedeploymentthereleaseshallbeverifiedagainsttheagreedacceptancecriteriaandapproved.
· PR13.5Deploymentpreparationshallconsiderstepstobetakenincaseofunsuccessfuldeploymenttoreducetheimpactonservicesandcustomers.
· PR13.6Releasesshallbeevaluatedforsuccessorfailure.
RDM:Workflow
Record
Assess & Approve
Classify
Review (PIR)
Release building
Release planning
Readiness review
Acceptance testing
Deployment preparations
Deployment planning
Deployment / rollout
ApprovedChange
ApprovedChange
ApprovedChange
Change Management
Release &
Deploym
entManagem
ent
82
ContinualServiceImprovementManagement(CSI)
83
Objective
Toidentify,prioritize,plan,implementandreviewimprovementstoservicesandservicemanagement
CSI:RequirementsaccordingtoFitSM-1
PR14ContinualServiceImprovementManagementREQUIREMENTS· PR14.1Opportunitiesforimprovementshallbeidentifiedandregistered.· PR14.2Opportunitiesforimprovementshallbeevaluatedandapprovedinaconsistent
manner.
84
Benefitsandrisksinpractice
86
Typicalbenefits(excerpt):+ Repeatabilityofdesiredoutputs+ Highereffectivenessandefficiency+ Customerfocus,alignmentofITandtheircustomers+ Improvedreputation
Potentialrisks(excerpt):− Processesandproceduresmaybecometoobureaucratic,morepaperwork− Lowereffectivenessandefficiency,if…
− staffarenotawareofprocessesandmeasuresandpersonneldonotacceptthesystem
− topmanagement lacksaclearcommitmenttoITservicemanagementandrelatedactions
− processes arebypassed
ChallengesinfederatedITserviceprovisioning
• Traditional ITservicemanagement (ITSM)practices…– assumesinglecentralcontroloverallservicemanagement
processesbyoneorganisation actingastheserviceprovider;– hardlyaddresscollaborativeapproachestoservicedelivery.
• Asaresult:ApplyingITSMinfederated environmentsmaybemoredifficult,andnotallconcepts /ideaswillapply.
• Importantinafederated environment:Understandingtheneedsofdifferent typesoffederations withrespectto(federation-wide) ITSM
87
Examplesoftypesoffederation
Invisiblecoordination
…
Matchmaking
…
Full serviceintegration
88
Inlooserfederations:Individualfederationmembersareresponsiblefordeliveringservicestotheircustomerslargely
ontheirownà Few,ifany,federation-wideITSMprocesses
Inmoretightlyintegratedfederations:ServicedeliverytocustomersrequiresjointeffortfrommultiplefederationmembersàMany,ifnotall,ITSMprocessesare
federation-wide
ITSM
perspective
Hotelindustryassociation
Travelagent,bookingportal
Airlinewithcodesharing
Virtualmobilephoneoperator
Hotelguide,ratingportal
Relatedstandardsandframeworks
90
ITIL
COBIT
ISO9000
CMMI
Software engineeringmaturity model
IT (service) management standard / framework
Quality managementstandard
adoption of concepts
Legend
ISO/IEC27000 ISO/IEC20000
FitSM
ISO15504
Information security management standard
ITIL,ISO/IEC20000,COBIT
91
ISO/IEC 20000
ITInfrastructureLibrary (ITIL)• Number ofbookswith"goodpractice"inITServiceManagement• Slogan:"thekeytomanagingITservices"• Descriptionsofkey principles,conceptsandprocessesinITSM
• Popularandwide-spreadframework• Nota"real"standard,butoftenregardedtoas"de-factostandard"• 5booksreleasedbytheBritishCabinetOffice
ISO/IEC20000• InternationalstandardformanaginganddeliveringITservices• Requirementsfor aservicemanagementsystem(SMS)
• Developedbyajointcommittee(JTC)ofISOandIEC• BasedonITIL,BS15000• Auditable,certifiable
ControlObjectivesforInformationandRelatedTechnologies(COBIT)• Framework forgovernanceandmanagementofenterpriseIT
• Developed byISACA• canbecombinedwithITILandISO/IEC20000
ISO9000,ISO/IEC27000,CMMI
92
ISO/IEC 27000
ISO9000• Internationalstandardforqualitymanagement• Qualitymanagementprinciples• Requirementsforaqualitymanagementsystem
• Applicable toallorganizationsandbranches• Auditable,certifiable• Severaldocuments
ISO/IEC27000• Internationalstandardforinformationsecuritymanagement• Requirementsforan informationsecuritymanagementsystem(ISMS)• Morethan100securitycontrols
• Applicable toallorganizationsandbranches• Auditable,certifiable• BasedonBS7799• Auditable,certifiable• Severaldocuments
CapabilityMaturityModelIntegration• Maturityandcapabilitymodel• Organizationalmaturityassessment
• Developed bySEI(SoftwareEngineeringInstitute),CarnegieMellonUniversity
ISO 9000
Releasenotes&changelog
93
Slide(V.2.9)
Slide(V. 2.10)
Contentold Contentnew CommenttoChanges
14 14 Servicemanagementsystem(SMS)
Additionalkeyterms Definitionsbased onFitSM-0addedfortheterms“policy”,“activity”and“procedure”
n/a 21 ApossiblegroupingoftheFitSMprocesses
Newslideillustratingsix topicareasusedtogrouptheFitSMprocesses
21 23 FitSM-1:"Requirements" FitSM-1:"Requirements" Minortextupdate(last bullet)
22 20 FitSM-1:ITSMprocessframework FitSMprocessmodel Slidemoved,updatedtitle
86 87 ChallengesinfederatedITserviceprovisioning
ChallengesinfederatedITserviceprovisioning
Updatedtextinthe secondandthirdbullet(alignedwithchangesonslide87)
87 88 Examplesoffederator roles(“businessmodels”)
Examplesoftypesoffederation FocusedonITSMaspectsarounddifferenttypesoffederation(ratherthanfederatorsandbusinessmodels)
Releasenotes&changelog
94
Slide(V.2.8)
Slide(V. 2.9)
Contentold Contentnew CommenttoChanges
n/a 11 Classiclineorganizationandprocesses
Newslideillustrating theexecutionof processesinalineorganization
16 17 Whatis FitSM? Whatis FitSM? AddedmentionandlogoofCreativeCommonslicense
17 18 FitSMparts FitSMparts Figureupdated,differentiationbetweencorepartsoftheFitSMstandard(0to3)and“implementationaids”(4to6)
86 87 Examplesoffederatorroles(“businessmodels”)
Examplesoffederatorroles(“businessmodels”)
Addedexamples (“hotelindustryassociation”,“hotelguide”,etc.)ontherighthandsideoftheslide