FitSM Foundation

1

FoundationtraininginITServiceManagementaccordingtoFitSM

Version2.10

ThisworkhasbeenfundedbytheEuropeanCommission.Itislicensedundera CreativeCommonsAttribution4.0

InternationalLicense.

Purposeofthistraining

• Becomefamiliarwith– BasicITservicemanagementconceptsandterms– PurposeandstructureofFitSM standardsandtheirrelationshiptootherstandards

– ProcessframeworkunderlyingFitSM– RequirementsdefinedinFitSM-1

• AchievetheFoundationCertificateinITServiceManagementaccordingtoFitSMissuedbyTÜVSÜDExaminationInstitute

2

FitSM Foundationexam

• Attheendofthistraining• Closedbook,i.e.noaidsareallowed• Duration:30minutes• 20multiple choicequestions:

– Fourpossibleanswersforeachquestion:A,B,CorD– Onecorrectanswerperquestion

• Atleast65%correctanswers(13of20)arerequiredtopasstheexamination

3

FitSM qualificationprogram

4

FoundationLevel

FoundationtraininginITservicemanagement

AdvancedLevel

Expert Level

ExperttraininginITservicemanagement

Advancedtraininginserviceplanninganddelivery

Advancedtraininginserviceoperationandcontrol

1day

2 days2 days

2 days

Trainingagenda

• ITServiceManagement:Introduction,Terms&Concepts

• TheFitSMStandardsFamily• ITServiceManagement– GeneralAspects• ITServiceManagement– Processes• Benefits,Risks&ChallengesofImplementingITServiceManagement

• RelatedStandards&Frameworks

5

ITServiceManagement:Introduction,Terms&Concepts

6

WhyITservicemanagementisneeded

• WhyITservicemanagement(ITSM)?– About80%ofallITserviceoutages

originatefrom"peopleandprocessissues"

– Durationofoutagesanddegradationssignificantlydependentonnon-technicalfactors

• ITservicemanagement…– …aimsatprovidinghighqualityIT

servicesmeeting customers'andusers'expectations…

– …bydefining,establishingandmaintainingservicemanagementprocesses.

7

Reasonsforserviceoutages[Gartner,2001]

Whatisaservice?

8

ExamplesofITservices:– Provisionofstandarddesktopworkstations– Connectivity:E-Mail,LAN,internetaccess– Provisionofcomputationalresources– Provisionofstandardandspecialapplications– Storage,backup,archivalstorage

DefinitionfollowingFitSM-0:Service:

Awaytoprovidevalue toauser /customer throughbringingaboutresultsthattheywanttoachieve

DefinitionfollowingFitSM-0:Serviceprovider:

Organisationorfederation orpartofanorganisationorfederation thatmanagesanddeliversaservice orservicestocustomers

Serviceandvalue

• Serviceis…– …ameansofdeliveringvalue tocustomers…– …bysupportingtheminachieving theirgoals.

• Whatisvaluefromacustomerperspective?

9

Utility Warranty Value

Whatisthekeypurpose oftheservice?

Whichadditionalfactorswillimpactthecustomers’servicequality/

performanceperception?

Whatisaprocess?

• 3basicfactsaboutITservicemanagementprocesses:– ITSMprocessessupportthedeliveryofITservices.– ToprovideoneITservicetoacustomer,oftenseveralprocessesareneeded.

– AnITservicebeingsuccessfullydelivered istheresultfrommanyprocessessuccessfullyoperatingandinteracting.

10

DefinitionfollowingFitSM-0:

Process:Setofactivities thatbringaboutaspecificobjectiveorsetofresultsfromasetofdefinedinputs.

Classiclineorganizationandprocesses

11

Topmanagement

Servicedesk Clientoperations

Mobiledevices

Desktopsupport

Serveroperations

DBservers Webservers Applicationservers

ERP

CRM

Communicationnetworks

Networkplanning

Networkmaintenance

1

2

3

4

5

Whatcomprisesaprocess?

Goal(s),objectives

Clearlydefinedinputs,triggersandoutputs

Setofinterrelatedactivities(acrossdifferentfunctions)

Rolesandresponsibilities

12

Processroles

• Processowner:– Overallaccountabilityforaprocess– Definesprocessgoals,monitorstheirfulfillment– Hasauthoritytoprovide/approveresources

• Processmanager:– Responsible fortheoperationaleffectiveness and

efficiencyofaprocess– Reportstotheprocessowner

• Processstaffmember:– Responsible forperformingaspecificprocess

activity– Escalatesexceptionstotheprocessmanager

13

Processowner

Processmanager

Processstaffmember

1

1..*

1

1..*

Additionalkeyterms

14

DefinitionfollowingFitSM-0:Service managementsystem(SMS):

Overallmanagementsystemthatcontrolsandsupportsmanagementofserviceswithinanorganisationorfederation

DefinitionfollowingFitSM-0:Policy:

Documentedsetofintentions,expectations,goals,rulesandrequirements,oftenformallyexpressedbytopmanagement representatives inanorganisation orfederation

DefinitionfollowingFitSM-0:Activity:

Setofactions carriedoutwithinaprocess

DefinitionfollowingFitSM-0:Procedure:

Specified setofstepsorinstructionstobecarriedoutbyanindividualorteamtoperformoneormoreactivities ofaprocess

Servicemanagementsystem(SMS)

15

Policy1. Abc def ghijk.2. Abc def ghijk.3. Abc def ghijk.4. Abc def ghijk.

Proce-dures

Process: Inputs

Outputs

Governance levelTop managementProcess owners

Control levelProcess managers

Process teams

Operational level Departments

FunctionsPersons

Activities and roles

e.g. Incident handling policy, change policy,

security policy

e.g. incident management, change management, security management, …

e.g. procedures for classifying and prioritizing incidents

Person (in a role)

applies

TheFitSMStandardsFamily

16

WhatisFitSM?

• Afamilyofstandardsforlightweight ITservicemanagement

• Suitable forITservice providersofanytypeandscale• Maindesignprinciple: Keepitsimple!• Allparts(andthistrainingmaterial) freelyavailable

underCreativeCommonslicenses:

www.fitsm.eu

ThedevelopmentoftheFitSMstandardswassupportedandfundedbytheEuropeanCommission throughtheEC-FP7project "FedSM“.

17

FitSM parts

18

Focus of this training

FitSM-1Requirements

FitSM-2Objectives and activities

FitSM-3Role model

FitSM-5Selected

implementation guides

FitSM-0Overview & vocabulary

FitSM-4Selected templates and

samples

FitSM-6Maturity and capability assessment scheme

Implementation aids

Core standard

FitSMlogic

19

FitSMprocessmodel

1. Serviceportfoliomanagement(SPM)2. Service levelmanagement(SLM)3. Service reportingmanagement(SRM)4. Serviceavailability&continuitymanagement(SACM)5. Capacitymanagement(CAPM)6. Informationsecuritymanagement(ISM)7. Customerrelationshipmanagement(CRM)8. Supplierrelationshipmanagement(SUPPM)9. Incident&service requestmanagement(ISRM)10. Problemmanagement(PM)11. Configurationmanagement(CONFM)12. Changemanagement(CHM)13. Release&deploymentmanagement(RDM)14. Continualservice improvementmanagement(CSI)

20

ApossiblegroupingoftheFitSMprocesses

Sixmaintopicareas:

21

Offer&Agree• SPM• SLM• CRM

Plan&Ensure• SUPPM• SACM• CAPM

Control&Deploy• CONFM• CHM• RDM

Resolve&Prevent• IM• PM

Report&Improve• SRM• CSI

Protect&Secure• ISM

FitSM-0:"Overview&vocabulary"

• FitSM-0defines70importanttermsfromtheITservicemanagementcontext

• Inalphabeticalorder:

22

– Accessibilityofinformation– Activity– Assessment– Audit– Availability– Capability– Capacity– Change– Classification– Closure– Competence– Compliance– Confidentialityofinformation– Configurationbaseline– Configurationitem(CI)– Configurationmanagement

database(CMDB)– Continuity– Customer

– Document– Effectiveness– Efficiency– Escalation– Federationmember– Federator– Incident– Informationsecurity– Informationsecuritycontrol– Informationsecurityevent– Informationsecurityincident– Integrityofinformation– ITservice– ITservicemanagement(ITSM)– Keyperformanceindicator(KPI)– Knownerror– Managementsystem– Maturity

– Nonconformity– Operationallevelagreement

(OLA)– Operationaltarget– Policy– Postimplementationreview– Priority– Problem– Procedure– Process– Record– Release– Requestforchange– Risk– Role– Service– Serviceacceptancecriteria

(SAC)– Servicecatalogue

– Servicecomponent– Servicedesignandtransition

package– Servicelevelagreement(SLA)– Servicemanagement– Servicemanagementplan– Servicemanagementsystem

(SMS)– Serviceportfolio– Serviceprovider– Servicereport– Servicerequest– Servicetarget– Supplier– Topmanagement– Underpinningagreement(UA)– Underpinningcontract(UC)– User– Value

FitSM-1:"Requirements"

• FitSM-1defines85requirementsthatshouldbefulfilledbyanorganisation(orfederation)offeringITservicestocustomers.

• Compliancewiththe85requirementscanberegardedasa"proofofeffectiveness".

• The85requirementsarestructuredasfollows:– 16generalrequirements(GR)– 69process-specificrequirements(PR)

• Considerationofthe14ITservicemanagementprocesses fromtheFitSMprocessmodel

• Between3and8requirementsperprocess

23

ITServiceManagement– GeneralAspects

24

Topmanagementresponsibility:RequirementsaccordingtoFitSM-1

25

GR1TopManagementCommitment&ResponsibilityREQUIREMENTS· GR1.1Topmanagementoftheorganisation(s)involvedinthedeliveryofservicesshallshow

evidencethattheyarecommittedtoplanning,implementing,operating,monitoring,reviewing,andimprovingtheservicemanagementsystem(SMS)andservices.Theyshall:o AssignoneindividualtobeaccountablefortheoverallSMSwithsufficientauthorityto

exercisethisroleo Defineandcommunicategoalso Defineageneralservicemanagementpolicyo Conductmanagementreviewsatplannedintervals

· GR1.2Theservicemanagementpolicyshallinclude:o Acommitmenttofulfilcustomerservicerequirementso Acommitmenttoaservice-orientedapproacho Acommitmenttoaprocessapproacho Acommitmenttocontinualimprovemento Overallservicemanagementgoals

Documentation:RequirementsaccordingtoFitSM-1

26

GR2DocumentationREQUIREMENTS· GR2.1TheoverallSMSshallbedocumentedtosupporteffectiveplanning.This

documentationshallinclude:o Servicemanagementscopestatement(seeGR3)o Servicemanagementpolicy(seeGR1)o Servicemanagementplanandrelatedplans(seeGR4)

· GR2.2Documenteddefinitionsofallservicemanagementprocesses(seePR1-PR14)shallbecreatedandmaintained.Eachofthesedefinitionsshallatleastcoverorreference:o Descriptionofthegoalsoftheprocesso Descriptionoftheinputs,activitiesandoutputsoftheprocesso Descriptionofprocess-specificrolesandresponsibilitieso Descriptionofinterfacestootherprocesseso Relatedprocess-specificpoliciesasapplicableo Relatedprocess- andactivity-specificproceduresasrequired

Documentation:RequirementsaccordingtoFitSM-1

27

GR2DocumentationREQUIREMENTS· GR2.3Theoutputsofallservicemanagementprocesses(seePR1-PR14)shallbedocumented,

andtheexecutionofkeyactivitiesoftheseprocessesrecorded.· GR2.4Documentationshallbecontrolled,addressingthefollowingactivitiesasapplicable:

o Creationandapprovalo Communicationanddistributiono Reviewo Versioningandchangetracking

Plan-Do-Check-ActCycle(PDCA)

28

Maturity

Time

• QualitymanagementapproachaccordingtoW.E.Deming• Keyprinciple:continualimprovement• Plan-Do-Check-Actcanbeappliedtothewholeservicemanagementsystem

PDCAappliedtotheSMS

• Plan:– DefinethescopeoftheSMS– Setthetimelineforimplementingservicemanagementprocesses(service

managementplan)• Do:

– Implementprocessesasplanned– Supportandenforcepracticalapplicationofdefinedprocesses

• Check:– Monitorkeyperformanceindicators(KPIs)toevaluateeffectivenessand

efficiency– Perform(internal)auditstodeterminethelevelofcompliance– Assesstheorganisationalmaturity

• Act:– Identifyopportunitiesforimprovements– Prioritizeandinitiateimprovements

29

GR3, GR4

GR5

GR6

GR7

ITServiceManagement– Processes

30

ServicePortfolioManagement(SPM)

31

Objective

Todefineandmaintainaserviceportfolio

SPM:Importantterms

32

DefinitionfollowingFitSM-0:Serviceportfolio:

Internallistthatdetailsall theservices offeredbyaserviceprovider,includingthose inpreparation,liveanddiscontinued

SPM:RequirementsaccordingtoFitSM-1

33

PR1ServicePortfolioManagement(SPM)REQUIREMENTS· PR1.1Aserviceportfolioshallbemaintained.Allservicesshallbespecifiedaspartofthe

serviceportfolio.· PR1.2Designandtransitionofneworchangedservicesshallbeplanned.· PR1.3Plansforthedesignandtransitionofneworchangedservicesshallconsider

timescales,responsibilities,neworchangedtechnology,communicationandserviceacceptancecriteria.

· PR1.4Theorganisational structuresupportingthedeliveryofservicesshallbeidentified,includingapotentialfederationstructureaswellascontactpointsforallpartiesinvolved.

SPM:Summary

• 3thingstoremember:– Theserviceportfoliolistsanddefinestheservicesthataserviceprovideroffersorplanstoofferinthefuture.

– Theserviceportfolioisan"internaltool"fortheserviceprovider.

– Theserviceportfolioisthebasisfortheservicecatalogue.

34

Servicecatalogue

Serviceportfolio

Customerbasisfor

ServiceLevelManagement(SLM)

35

Objective

Tomaintainaservicecatalogue,andtodefine,agreeandmonitorservicelevelswithcustomersbyestablishingmeaningfulservicelevelagreements(SLAs)andsupportiveoperationallevelagreements(OLAs)andunderpinningagreements(UAs)withsuppliers

SLM:Importantterms

36

DefinitionfollowingFitSM-0:

Service levelagreement (SLA):Documentedagreementbetweenacustomer andserviceprovider thatspecifiestheservice tobeprovidedandtheservicetargetsthatdefinehowitwillbeprovided

DefinitionfollowingFitSM-0:Servicecatalogue:

User/customerfacinglistofallliveservices offeredalongwithrelevantinformationaboutthese services

SLM:Importantterms

37

DefinitionfollowingFitSM-0:Operationallevelagreement (OLA)

Agreementbetweenaserviceprovider orfederationmemberandanotherpartoftheserviceprovider’sorganisation orthefederation toprovideaservicecomponentorsubsidiaryservice neededtoallowprovisionofservices tocustomers

DefinitionfollowingFitSM-0:Underpinningagreement (UA)

Documentedagreementbetweenaserviceproviderandanexternalsupplier thatspecifies theunderpinningservice(s)orservicecomponent(s)tobeprovidedbythesupplier,andtheservicetargetsthatdefinehowitwillbeprovided

Note:AUAcanbeseenasaservice levelagreement(SLA)withanexternalsupplierwheretheserviceproviderisinthecustomerrole.

SLM:RequirementsaccordingtoFitSM-1

38

PR2ServiceLevelManagementREQUIREMENTS· PR2.1Aservicecatalogueshallbemaintained.· PR2.2Forallservicesdeliveredtocustomers,SLAsshallbeinplace.· PR2.3SLAsshallbereviewedatplannedintervals.· PR2.4ServiceperformanceshallbeevaluatedagainstservicetargetsdefinedinSLAs.· PR2.5Forsupportingservicesorservicecomponentsprovidedbyfederationmembersor

groupsbelongingtothesameorganisation astheserviceproviderorexternalsuppliers,OLAsandUAsshallbeagreed.

· PR2.6OLAsandUAsshallbereviewedatplannedintervals.· PR2.7Performanceofservicecomponentsshallbeevaluatedagainstoperationaltargets

definedinOLAsandUAs.

SLM:DefiningSLAs

• SLAsareagreedbetweenaserviceprovideranditscustomers• TypicalcontentsinanSLA(includedorreferenced):

– Scopeanddescriptionoftheservice– Servicehoursandexceptions– Servicecomponents&dependencies– Support

• Incidenthandling• Fulfilmentofservicerequests

– Serviceleveltargets– Limitations&constraints– Communication,reporting&escalation

• Generalcommunication• Regularreporting• SLAviolations• Escalation&complaints

– Informationsecurity&dataprotection– Additionalresponsibilitiesoftheserviceprovider– Customerresponsibilities– Review– Glossaryofterms

39

SLM:Typesofserviceagreementsandtheirrelationships

40

Internalgroupsorfederationmembers

Operationallevelagreements(OLAs)

ServiceA

Servicecomponents

Servicelevelagreements(SLAs)

Customer

Suppliers

Underpinning agreements(UAs)

ServiceB ServiceC

(IT)serviceprovider

SLM:Summary

• 3thingstoremember:– ProduceaservicecatalogueforthecustomersandagreeSLAswithcustomers.

– AgreeOLAsandUAswithsupportingpartiesandsupplierstoensureservicetargetsinSLAscanbemet.

– EvaluateserviceperformancebasedonSLAs.

41

ServiceReportingManagement(SRM)

42

Objective

Tospecifyallservicereportsandensuretheyareproducedaccordingtospecifications inatimelymannertosupportdecision-making

SRM:RequirementsaccordingtoFitSM-1

PR3ServiceReportingREQUIREMENTS· PR3.1Servicereportsshallbespecifiedandagreedwiththeirrecipients.· PR3.2Thespecificationofeachservicereportshallincludeitsidentity,purpose,audience,

frequency,content,formatandmethodofdelivery.· PR3.3Servicereportsshallbeproduced.Servicereportingshallincludeperformanceagainst

agreedtargets,informationaboutsignificanteventsanddetectednonconformities.

43

SRM:Summary

• 3thingstoremember:– Servicereportsareimportanttosupportdecision-making.– Servicereportscanbeusefultodemonstrate thelevelofservicequalitythathasbeenachieved.

– Agreethereportsandtheirpurpose,audience, frequency,content,formatandmethodofdelivery withthereportstakeholders.

44

ServiceAvailability&ContinuityManagement(SACM)

45

Objective

Toensuresufficientserviceavailabilitytomeetagreedrequirementsandadequateservicecontinuityincaseofexceptionalsituations

SACM:Importantterms

46

DefinitionfollowingFitSM-0:Availability:

Theabilityofaservice orservicecomponent tofulfilits intendedfunctionataspecifictimeoroveraspecificperiodoftime

Agreedservicehours- downtime

Agreedservicehoursx100Availability [%]=

SACM:RequirementsaccordingtoFitSM-1

PR4ServiceContinuity&AvailabilityManagementREQUIREMENTS· PR4.1Serviceavailabilityandcontinuityrequirementsshallbeidentifiedtakinginto

considerationSLAs.· PR4.2Serviceavailabilityandcontinuityplansshallbecreatedandmaintained.· PR4.3Serviceavailabilityandcontinuityplanningshallconsidermeasurestoreducethe

probabilityandimpactofidentifiedavailabilityandcontinuityrisks.· PR4.4Availabilityofservicesandservicecomponentsshallbemonitored.

47

CapacityManagement(CAPM)

48

Objective

Toensuresufficientcapacitiesareprovidedtomeetagreedservicecapacityandperformancerequirements

CAPM:RequirementsaccordingtoFitSM-1

49

PR5CapacityManagementREQUIREMENTS· PR5.1Servicecapacityandperformancerequirementsshallbeidentifiedtakinginto

considerationSLAs.· PR5.2Capacityplansshallbecreatedandmaintained.· PR5.3Capacityplanningshallconsiderhuman,technicalandfinancialresources.· PR5.4Performanceofservicesandservicecomponentsshallbemonitoredbasedon

monitoringthedegreeofcapacityutilisation andidentifyingoperationalwarningsandexceptions.

CAPM:Summary

• Mostimportantoutput fromthisprocess:

• 3thingstoremember:– Identifyserviceperformancerequirements (e.g.fromSLAs).– Plantheresourcesrequiredtofulfiltherequirements and

produceacapacityplan.– Monitorserviceperformance.

50

Capacityplan(s)

Typicalcontents:• Agreed/requiredcapacityandperformancetargets• Plannedcapacityupgrades,downgradesandre-assignments of

resources• Requirementsforcapacitymonitoringandrelatedthresholds

InformationSecurityManagement (ISM)

51

Objective

Tomanageinformationsecurityeffectivelythroughallactivitiesperformedtodeliverandmanageservices,sothattheconfidentiality, integrityandaccessibility ofrelevantassetsarepreserved

ISM:Whatisinformationsecurity?

• Informationsecurityaspects:– Confidentiality– Integrity– Accessibilityofinformation

52

Keyaspects

ISM:Confidentialityandintegrity

Confidentiality:Toprotectinformationfromunauthorizeddisclosure

53

10110100010110011010110011001011

Bob

Chuck

Alice

Integrity:Toprotectinformationfrommodifications,additions,deletions,rearrangement,duplicationorre-recording

10110100010110011010110011001011

10110100101001000100011011001011

Chuck

Alice

Bob

ISM:RequirementsaccordingtoFitSM-1

PR6InformationSecurityManagementREQUIREMENTS· PR6.1Informationsecuritypoliciesshallbedefined.· PR6.2Physical,technicalandorganizationalinformationsecuritycontrolsshallbe

implementedtoreducetheprobabilityandimpactofidentifiedinformationsecurityrisks.· PR6.3Informationsecuritypoliciesandcontrolsshallbereviewedatplannedintervals.· PR6.4Informationsecurityeventsandincidentsshallbegivenanappropriatepriorityand

managedaccordingly.· PR6.5Accesscontrol,includingprovisioningofaccessrights,forinformation-processing

systemsandservicesshallbecarriedoutinaconsistentmanner.

54

ISM:Outputs

• Mostimportantoutputsfromthisprocess:– Informationsecuritypolicies

• Overallinformationsecuritypolicy• Specificsecuritypolicies,including…

– Passwordpolicy– E-mailpolicy– Mobiledevicepolicy– Accesscontrolpolicy– Mediadisposalpolicy– …

– Informationsecurityriskassessment– Documented informationsecuritycontrols

55

ISM:Summary

• 3thingstoremember:– Preserveconfidentiality, integrityandaccessibilityofinformationassets.

– Identifyandtreatinformationsecurityrisks.– Produceandenforceinformationsecuritypolicies.

56

CustomerRelationshipManagement (CRM)

57

Objective

Toestablishandmaintainagoodrelationshipwithcustomersreceivingservices

CRM:RequirementsaccordingtoFitSM-1

PR7CustomerRelationshipManagementREQUIREMENTS· PR7.1Servicecustomersshallbeidentified.· PR7.2Foreachcustomer,thereshallbeadesignatedcontactresponsibleformanagingthe

customerrelationshipandcustomersatisfaction.· PR7.3Communicationmechanismswithcustomersshallbeestablished.· PR7.4Servicereviewswiththecustomersshallbeconductedatplannedintervals.· PR7.5Servicecomplaintsfromcustomersshallbemanaged.· PR7.6Customersatisfactionshallbemanaged.

58

SupplierRelationshipManagement (SUPPM)

59

Objective

Toestablishandmaintainahealthyrelationshipwithsupplierssupportingtheserviceproviderindeliveringservicestocustomers

SUPPM:RequirementsaccordingtoFitSM-1

60

PR8SupplierRelationshipManagementREQUIREMENTS· PR8.1Suppliersshallbeidentified.· PR8.2Foreachsupplier,thereshallbeadesignatedcontactresponsibleformanagingthe

relationshipwiththesupplier.· PR8.3Communicationmechanismswithsuppliersshallbeestablished.· PR8.4Supplierperformanceshallbemonitored.

Incident&ServiceRequestManagement(ISRM)

61

Objective

Torestorenormal/agreedserviceoperationwithintheagreedtimeaftertheoccurrenceofanincident,andtorespondtouserservicerequests

ISRM:Importantterms

62

DefinitionfollowingFitSM-0:Incident:

Unplanneddisruptionofoperationinaservice orservicecomponent,ordegradationofservicequalityversustheexpectedoragreedservice leveloroperationallevelaccordingtoservice levelagreements(SLAs),operationallevelagreements(OLAs) andunderpinningagreements(UAs) withsuppliers

DefinitionfollowingFitSM-0:Service request:

Requestforinformation,advice,accesstoaservice orapre-approvedchange

Note:Servicerequestsareoftenhandledbythesameprocessandtoolsasincidents.

ISRM:RequirementsaccordingtoFitSM-1

PR9Incident&ServiceRequestManagementREQUIREMENTS· PR9.1Allincidentsandservicerequestsshallberegistered,classifiedandprioritizedina

consistentmanner.· PR9.2Prioritizationofincidentsandservicerequestsshalltakeintoaccountservicetargets

fromSLAs.· PR9.3Escalationofincidentsandservicerequestsshallbecarriedoutinaconsistentmanner.· PR9.4Closureofincidentsandservicerequestsshallbecarriedoutinaconsistentmanner.· PR9.5Personnelinvolvedintheincidentandservicerequestmanagementprocessshallhave

accesstorelevantinformationincludingknownerrors,workarounds,configurationandreleaseinformation.

· PR9.6Usersshallbekeptinformedoftheprogressofincidentsandservicerequeststheyhavereported.

· PR9.7Thereshallbeadefinitionofmajorincidentsandaconsistentapproachtomanagingthem.

63

ISRM:Workflow(incidentmanagement)

Classify

Record

Analyze

Prioritize

Resolve/Restoreservice

Close

Incident

Escalationrequired?

No

Yes

Escalate

64

ISRM:Servicerequestorincident?

65

The capacity of the hard disk drive in my notebook is

insufficient!

I forgotmy Wiki password!

The resource I am trying to access does not respond!

It takes a very long time for my transaction to

complete!

I cannot access my e-mails!

?

?

?

?

?

ProblemManagement(PM)

66

Objective

Toinvestigatetherootcausesof(recurring)incidents inordertoavoidfuturerecurrenceofincidentsbyresolvingtheunderlyingcauses,ortoensureworkarounds/temporaryfixesareavailable.

PM:Importantterms

67

DefinitionfollowingFitSM-0:Problem:

Theunderlyingcauseofoneormoreincidents thatrequiresfurtherinvestigationtopreventincidents fromrecurringorreducetheimpactonservices

DefinitionfollowingFitSM-0:Knownerror:

Problemwhichhasnot(yet)beencorrected,butforwhichthereisadocumentedworkaroundortemporaryfixtoprevent(excessive)negativeimpactonservices

Identifyproblem

Problem

IncidentsIdentified pattern of recurring incidents

Investigaterootcause

Identifyworkaround

Initiateresolution

Problem Requestforchange

PM:RequirementsaccordingtoFitSM-1

68

PR10ProblemManagementREQUIREMENTS· PR10.1Problemsshallbeidentifiedandregisteredbasedonanalysing trendsonincidents.· PR10.2Problemsshallbeinvestigatedtoidentifyactionstoresolvethemorreducetheir

impactontheservices.· PR10.3Ifaproblemisnotpermanentlyresolved,aknownerrorshallberegisteredtogether

withactionssuchaseffectiveworkaroundsandtemporaryfixes.· PR10.4Up-to-dateinformationonknownerrorsandeffectiveworkaroundsshallbe

maintained.

PM:Example – Fromincidentstoproblemstoresolutions

IncidentManagement

IncidentsIt takes avery long timeformy transaction to complete!

à Incident re-occurredseveral times inthepast

weeks.

ProblemManagement:

Analysis&Workaround

Problem• Category:SW/Service• Impact:High(allusers)• Urgency:Low(nocriticalSLAviolations)

Workaround• Back-uplogfile• Emptylogfile• Reboot system

ProblemManagement:Resolution

Knownerror• Errorwhenwritinglogfilescausesjobinterruption

• Maximumfilesizeofserverlogfileexceeded

Resolution• Patchavailable• Requestfor Change:Installpatch T12-02onpclx3

69

ConfigurationManagement (CONFM)

70

Objective

Toprovideandmaintainalogicalmodelofallconfigurationitemsandtheirrelationshipsanddependencies

CONFM:Importantterms

71

DefinitionfollowingFitSM-0:Configurationitem(CI):

Elementthatcontributestothedeliveryofoneormoreservices orservicecomponents,andthereforeneedstobecontrolled

DefinitionfollowingFitSM-0:Configuration baseline:

Thestateofaspecifiedsetofconfigurationitems(CIs) atagivenpointintime

DefinitionfollowingFitSM-0:Configurationmanagementdatabase(CMDB):

Storefordataaboutconfigurationitems (thereforeconfigurationdata)

Note:TheCMDBlikely includesattributesofCIsaswellasinformationonrelationshipsbetweenCIs,servicecomponentsandservices.

CONFM:RequirementsaccordingtoFitSM-1

72

PR11ConfigurationManagementREQUIREMENTS· PR11.1Configurationitem(CI)typesandrelationshiptypesshallbedefined.· PR11.2Thelevelofdetailofconfigurationinformationrecordedshallbesufficienttosupport

effectivecontroloverCIs.· PR11.3EachCIanditsrelationshipswithotherCIsshallberecordedinaconfiguration

managementdatabase(CMDB).· PR11.4CIsshallbecontrolledandchangestoCIstrackedintheCMDB.· PR11.5TheinformationstoredintheCMDBshallbeverifiedatplannedintervals.· PR11.6Beforeanewreleaseintoaliveenvironment,aconfigurationbaselineoftheaffected

CIsshallbetaken.

CONFM:Outputandsummary

• Mostimportantoutputfromthisprocess:

• 3thingstoremember:– ConfigurationManagement isnot aboutconfiguringresources

– ConfigurationManagement isaboutunderstanding(anddocumenting)thecurrentconfiguration

– Currentconfiguration=AllrelevantCIsandtheirattributesandrelationships

73

Logical CMDB:• InformationonCIsandtheirattributes• InformationontherelationshipsbetweenCIs• Linkstootherinformationsystems(physicalCMDBs)

CMDB

ChangeManagement(CHM)

74

Objective

Toensurechangestoconfigurationitemsareplanned,approved,implemented andreviewedinacontrolledmannertoavoidadverseimpactofchangestoservicesorthecustomersreceivingservices

CHM:Importantterms

75

DefinitionfollowingFitSM-0:Requestforchange(RFC):

Documentedproposalforachange tobemadetooneormoreconfigurationitems(CIs)

DefinitionfollowingFitSM-0:Change:

Alteration(suchasaddition,removal,modification,replacement)ofaconfigurationitem(CI) thatcontributestoprovidingoneormoreservices

CHM:RequirementsaccordingtoFitSM-1

PR12ChangeManagementREQUIREMENTS· PR12.1Allchangesshallberegisteredandclassifiedinaconsistentmanner.· PR12.2Allchangesshallbeassessedandapprovedinaconsistentmanner.· PR12.3Allchangesshallbesubjecttoapostimplementationreviewandclosedina

consistentmanner.· PR12.4Thereshallbeadefinitionofemergencychangesandaconsistentapproachto

managingthem.· PR12.5Inmakingdecisionsontheacceptanceofrequestsforchange,thebenefits,risks,

potentialimpacttoservicesandcustomersandtechnicalfeasibilityshallbetakenintoconsideration.

· PR12.6Ascheduleofchangesshallbemaintained.Itshallcontaindetailsofapprovedchanges,andproposeddeploymentdates,whichshallbecommunicatedtointerestedparties.

· PR12.7Forchangesofhighimpactorhighrisk,thestepsrequiredtoreverseanunsuccessfulchangeorremedyanynegativeeffectsshallbeplannedandtested.

76

Release&DeploymentManagement

FilterRecord

Assess&Approve

Classify

Implement

Review(PIR)

RFC

Approved? Changerefused

No

Yes

CHM:Workflow

77

CHM:Summary

• 3thingstoremember:– AllchangestoCIsshouldbecontrolledbythechangemanagementprocess.

– Typically,therearethreemaincategoriesofchanges:• Standardchange(pre-approved)• Non-standardchange• Emergencychange

– Achangeadvisoryboard(CAB)maybeestablished.DuringCABmeetings,requestsfornon-standardchangesareevaluatedanddiscussed.

78

Release&DeploymentManagement(RDM)

79

Objective

Tobundlechangesofoneormoreconfigurationitemstoreleases,sothatthesechangescanbetestedanddeployedtotheliveenvironmenttogether

RDM:Importantterms

80

DefinitionfollowingFitSM-0:Release:

Setofoneormorechanges toconfigurationitems(CIs) thataregroupedtogetheranddeployedasalogicalunit

RDM:RequirementsaccordingtoFitSM-1

81

PR13Release&DeploymentManagementREQUIREMENTS· PR13.1Areleasepolicyshallbedefined.· PR13.2Thedeploymentofneworchangedservicesandservicecomponentstothelive

environmentshallbeplannedwithallrelevantpartiesincludingaffectedcustomers.· PR13.3Releasesshallbebuiltandtestedpriortobeingdeployed.· PR13.4Acceptancecriteriaforeachreleaseshallbeagreedwiththecustomersandanyother

relevantparties.Beforedeploymentthereleaseshallbeverifiedagainsttheagreedacceptancecriteriaandapproved.

· PR13.5Deploymentpreparationshallconsiderstepstobetakenincaseofunsuccessfuldeploymenttoreducetheimpactonservicesandcustomers.

· PR13.6Releasesshallbeevaluatedforsuccessorfailure.

RDM:Workflow

Record

Assess & Approve

Classify

Review (PIR)

Release building

Release planning

Readiness review

Acceptance testing

Deployment preparations

Deployment planning

Deployment / rollout

ApprovedChange

ApprovedChange

ApprovedChange

Change Management

Release &

Deploym

entManagem

ent

82

ContinualServiceImprovementManagement(CSI)

83

Objective

Toidentify,prioritize,plan,implementandreviewimprovementstoservicesandservicemanagement

CSI:RequirementsaccordingtoFitSM-1

PR14ContinualServiceImprovementManagementREQUIREMENTS· PR14.1Opportunitiesforimprovementshallbeidentifiedandregistered.· PR14.2Opportunitiesforimprovementshallbeevaluatedandapprovedinaconsistent

manner.

84

Benefits,Risks&ChallengesofImplementingITServiceManagement

85

Benefitsandrisksinpractice

86

Typicalbenefits(excerpt):+ Repeatabilityofdesiredoutputs+ Highereffectivenessandefficiency+ Customerfocus,alignmentofITandtheircustomers+ Improvedreputation

Potentialrisks(excerpt):− Processesandproceduresmaybecometoobureaucratic,morepaperwork− Lowereffectivenessandefficiency,if…

− staffarenotawareofprocessesandmeasuresandpersonneldonotacceptthesystem

− topmanagement lacksaclearcommitmenttoITservicemanagementandrelatedactions

− processes arebypassed

ChallengesinfederatedITserviceprovisioning

• Traditional ITservicemanagement (ITSM)practices…– assumesinglecentralcontroloverallservicemanagement

processesbyoneorganisation actingastheserviceprovider;– hardlyaddresscollaborativeapproachestoservicedelivery.

• Asaresult:ApplyingITSMinfederated environmentsmaybemoredifficult,andnotallconcepts /ideaswillapply.

• Importantinafederated environment:Understandingtheneedsofdifferent typesoffederations withrespectto(federation-wide) ITSM

87

Examplesoftypesoffederation

Invisiblecoordination

…

Matchmaking

…

Full serviceintegration

88

Inlooserfederations:Individualfederationmembersareresponsiblefordeliveringservicestotheircustomerslargely

ontheirownà Few,ifany,federation-wideITSMprocesses

Inmoretightlyintegratedfederations:ServicedeliverytocustomersrequiresjointeffortfrommultiplefederationmembersàMany,ifnotall,ITSMprocessesare

federation-wide

ITSM

perspective

Hotelindustryassociation

Travelagent,bookingportal

Airlinewithcodesharing

Virtualmobilephoneoperator

Hotelguide,ratingportal

RelatedStandards&Frameworks

89

Relatedstandardsandframeworks

90

ITIL

COBIT

ISO9000

CMMI

Software engineeringmaturity model

IT (service) management standard / framework

Quality managementstandard

adoption of concepts

Legend

ISO/IEC27000 ISO/IEC20000

FitSM

ISO15504

Information security management standard

ITIL,ISO/IEC20000,COBIT

91

ISO/IEC 20000

ITInfrastructureLibrary (ITIL)• Number ofbookswith"goodpractice"inITServiceManagement• Slogan:"thekeytomanagingITservices"• Descriptionsofkey principles,conceptsandprocessesinITSM

• Popularandwide-spreadframework• Nota"real"standard,butoftenregardedtoas"de-factostandard"• 5booksreleasedbytheBritishCabinetOffice

ISO/IEC20000• InternationalstandardformanaginganddeliveringITservices• Requirementsfor aservicemanagementsystem(SMS)

• Developedbyajointcommittee(JTC)ofISOandIEC• BasedonITIL,BS15000• Auditable,certifiable

ControlObjectivesforInformationandRelatedTechnologies(COBIT)• Framework forgovernanceandmanagementofenterpriseIT

• Developed byISACA• canbecombinedwithITILandISO/IEC20000

ISO9000,ISO/IEC27000,CMMI

92

ISO/IEC 27000

ISO9000• Internationalstandardforqualitymanagement• Qualitymanagementprinciples• Requirementsforaqualitymanagementsystem

• Applicable toallorganizationsandbranches• Auditable,certifiable• Severaldocuments

ISO/IEC27000• Internationalstandardforinformationsecuritymanagement• Requirementsforan informationsecuritymanagementsystem(ISMS)• Morethan100securitycontrols

• Applicable toallorganizationsandbranches• Auditable,certifiable• BasedonBS7799• Auditable,certifiable• Severaldocuments

CapabilityMaturityModelIntegration• Maturityandcapabilitymodel• Organizationalmaturityassessment

• Developed bySEI(SoftwareEngineeringInstitute),CarnegieMellonUniversity

ISO 9000

Releasenotes&changelog

93

Slide(V.2.9)

Slide(V. 2.10)

Contentold Contentnew CommenttoChanges

14 14 Servicemanagementsystem(SMS)

Additionalkeyterms Definitionsbased onFitSM-0addedfortheterms“policy”,“activity”and“procedure”

n/a 21 ApossiblegroupingoftheFitSMprocesses

Newslideillustratingsix topicareasusedtogrouptheFitSMprocesses

21 23 FitSM-1:"Requirements" FitSM-1:"Requirements" Minortextupdate(last bullet)

22 20 FitSM-1:ITSMprocessframework FitSMprocessmodel Slidemoved,updatedtitle

86 87 ChallengesinfederatedITserviceprovisioning

ChallengesinfederatedITserviceprovisioning

Updatedtextinthe secondandthirdbullet(alignedwithchangesonslide87)

87 88 Examplesoffederator roles(“businessmodels”)

Examplesoftypesoffederation FocusedonITSMaspectsarounddifferenttypesoffederation(ratherthanfederatorsandbusinessmodels)

Releasenotes&changelog

94

Slide(V.2.8)

Slide(V. 2.9)

Contentold Contentnew CommenttoChanges

n/a 11 Classiclineorganizationandprocesses

Newslideillustrating theexecutionof processesinalineorganization

16 17 Whatis FitSM? Whatis FitSM? AddedmentionandlogoofCreativeCommonslicense

17 18 FitSMparts FitSMparts Figureupdated,differentiationbetweencorepartsoftheFitSMstandard(0to3)and“implementationaids”(4to6)

86 87 Examplesoffederatorroles(“businessmodels”)

Examplesoffederatorroles(“businessmodels”)

Addedexamples (“hotelindustryassociation”,“hotelguide”,etc.)ontherighthandsideoftheslide