Itsm Maturity 2011

7/30/2019 Itsm Maturity 2011

1/31

April2011Preparedby:BrianNewcomb

ITSMProcessMaturityAssessment


2/31

2

TABLEOFCONTENTSExecutiveSummary......................................................................................................................................................................................3

DetailedAssessmentResultsandRecommendations..................................................... ..................................................... ..........5

AdvisoryGroupSurveyResults(ExternalSurvey)....................................................................................................................7

ReadinessandAwareness(InternalAssessment).............................................. ..................................................... .................10

MaturityAssessmentResults(Internal).......................................................................................................................................13

DetailedProcessInformation.................................................................................................................................................................24

CommonProcessImprovementRecommendations...............................................................................................................24

IncidentManagement:CurrentProcessMaturity2.62..........................................................................................................24

ProblemManagement:CurrentProcessMaturity0.73..........................................................................................................24

ChangeManagement:CurrentProcessMaturity1.11............................................................................................................24

ConfigurationManagement:CurrentProcessmaturity0.37...............................................................................................24

ServiceDesk:CurrentMaturity2.45..............................................................................................................................................25 ServiceLevelManagement:CurrentMaturity1.29.................................................................................................................25

AvailabilityManagement:CurrentMaturity0.66.....................................................................................................................25

SecurityManagement:CurrentMaturity2.16............................................. ..................................................... ..........................26

ITServicecontinuityManagement:CurrentMaturity1.11.............................................. ....................................................26

OtherITILProcesses..................................................................................................................................................................................27

ReleaseManagement........................................................................................................................................................................27

ServicePortfolioManagement.....................................................................................................................................................27

ServiceCatalogmanagement........................................................................................................................................................27Demandmanagement......................................................................................................................................................................27

CapacityManagement......................................................................................................................................................................28

FinancialManagement.....................................................................................................................................................................28

SupplierManagement......................................................................................................................................................................28

TransitionPlanningandSupport................................................................................................................................................28

ServicevalidationandTesting.....................................................................................................................................................28

KnowledgeManagement.................................................................................................................................................................28

EvaluationManagement..................................................................................................................................................................29

RequestFulfillment...........................................................................................................................................................................29

Accessmanagement..........................................................................................................................................................................29

Eventmanagement............................................................................................................................................................................29

7-StepImprovementProcess........................................................................................................................................................30

References.......................................................................................................................................................................................................31


3/31

3

EXECUTIVESUMMARY

FINDINGSANDRECOMMENDATIONS

A process maturity assessment was completed to determine a current maturity for many of the ITInfrastructureLibrary(ITIL)basedITServiceManagementprocesseswithintheOfficeoftheCIO(OCIO)at

The Ohio State University. The scores were based on a 0-5 scale as defined in ITILs ProcessMaturity

Framework(PMF).Thisframework,basedonconceptsdevelopedbytheSoftwareEngineeringInstituteat

Carnegie Mellon details levels ofmaturity byassigning the followingnumericvalues: 0-none, 1-Initial, 2-

Repeatable, 3-Defined, 4-Managed, 5-Optimized. Thesevaluesrepresent the levelto which theprocess is

executedinaconsistentandefficientmanorandarenotnecessarilyadirectmeasureofperformance.

Thefollowingresultswereobtained.

This assessment was performed at an executive level and serves and is compared against the identical

assessment from 2009 as part of an ongoing assessment and improvement effort within the IT Service

ManagementProgram.Ideally,anadditionalassessmentprocessshouldbeestablishedtoquerydeeperintotheorganization.

Whilethiswasaninternalreviewofprocessmaturity,membersoftheCIOAdvisoryCommunitycompleted

an external survey. Results from this survey were used to validate the findings of the review from an

externalperspective.Nocontradictionswerenotedwhenevaluatingthisdata.

2.16

1.11

2.45

2.62

1.11

0.73

1.29

0.66

0.37

2.40

1.65

1.43

1.23

0.95

0.79

0.75

0.70

0.60

0.00 0.50 1.00 1.50 2.00 2.50 3.00 3.50 4.00 4.50 5.00

Security

Continuity

ServiceDesk

Incident

Change

Problem

ServiceLevelMgt

Availability

Conig

Process

ProcessMaturityScore

2011

2009


4/31

4

Significant increases in the maturity scores for Incident Management and the Service Desk are seen as

comparedwiththosetwoyearsago.WiththeexceptionofanincreaseinServiceLevelManagementdueto

significantprogresswiththeservicecatalog,theotherprocessesremainedrelativelyunchanged.

WiththeimprovementsmadeinreactiveprocessessuchasIncidentManagementandtheServiceDesk,focus

maynowbeturnedtoincreasingcontrolandproactiveefforts.Theassessmentindicatedthatsomeofthe

next priorities for improvement include change management and problem management. Configuration

management,whilenotatoppickfromtheaudienceassessedwillalsobeacriticalprocesstoimproveasthe

organizationlookstogaincontroloftheenvironmentandbecomemoreproactive.

Inaddition to thematurity assessment, an internal readiness and awareness assessmentwas performed.

Thisassessmentidentifiedanincreaseintrainingfromthepreviousassessment,aswellasimprovementsin

theuseofacommonvocabularybutleftplentyofroomforimprovement.Otherareaswithinthereadiness

assessmentwererelativelyunchangedfrom2009furtheridentifyingopportunitytobetterpromoteaculture

of customer focus and a service-based organization. Additional communication using multiple delivery

methods should be continued and combined with continued training, which provides the reasoning to

addresswhycertainprocessesarebeingdevelopedanddesignedacertainway.Training,alongwithother

communication and organizational change efforts, continues to be critical in a successful processimprovementprogram.

The IT Service Management Program provides a level of coordination and leadership to IT process

improvementefforts.Thisprogramwasestablishedfollowingthe2009assessmentandcontinuestowork

withtheorganizationsleadershiptoidentifypriorityopportunities,allocateresources,andprovidesupport

fortheadvancementofacustomerfocused,servicebasedorganization.


5/31

5

DETAILEDASSESSMENTRESULTSANDRECOMMENDATIONS

2011 2009

Security 2.16 2.40

Continuity 1.11 1.65ServiceDesk 2.45 1.43

Incident 2.62 1.23

Change 1.11 0.95

Problem 0.73 0.79

ServiceLevelManagement 1.29 0.75

Availability 0.66 0.70

ConfigurationManagement 0.37 0.60

Anumberofprocesscontrolquestionswerepresentedtotheassessmentgroupmadeupofseniordirectors

anddirectorswithintheOfficeoftheCIO.Theparticipantswereaskedtosubmitaresponseof0-5foreach

question.Theseresponseswerethenaveragedtodetermineafinalvalueforeachprocess.

AnexternalfacingsurveywasalsoreleasedtotheCIOAdvisoryCommunity.Thissurveyhad19questions

andservedtovalidatetheresultsobtainedfromthisinternalassessmentbyensuringthatself-ratedanswers

werenotoverorunderstated.

Boththeinternalassessmentandtheexternalsurveyweredeliveredinthesamewayandwithidentical

questionsasthe2009assessment,whichservedastheinitialandbaselineassessmentfortheOCIO.

The2011assessmentresultedinmaturityscoresrangingfrom0.37(nearnon-existent)to2.62(between

repeatableandnearingdefined).ClearincreasesinmaturitywereseeninboththeIncidentManagement

processandtheServiceDeskfunction.Thisisconsistentwiththegoalsofveryspecificandhighprofile

improvementeffortsundertakenasaresultofthepreviousassessment.Anothernotedincreasewaswithin

ServiceLevelManagement.Whilethisprocessiscurrentlybeingimplemented,furtheranalysisshowsthat

theincreaseislargelyattributedtoasignificantincreaseintheonespecificquestionwithintheServiceLevel

Managementsectionoftheassessmentthataskedabouttheexistenceofaservicecatalog.Anothermajor

effortrecentlypublishedthefirstdefinitiveservicecatalogfortheOCIO,andthiswasreflectedinthe

assessment.

Theremainingprocessesdidnotchangesignificantly.WithfocusoverthelasttwoyearsonIncident

Management,ServiceCatalogManagement,andtheServiceDesk,otherprocessescontinuedtooperateasin

thepast.Someminordecreasesarealsonoted.Whilenotsignificant,itispossiblethatoperationalneeds

resultedinad-hoceffortsinadvanceofformalprocessimprovementthathaveintroducedadditional

inconsistency.ItisalsopossiblethatcurrentprocessstatesaremorevisibleandtheOCIOisraisingthebar

internallyleadingtoslightlytougherrating.

Reviewingtheresultsofthereadinessandawarenesssection,verylittlemovementwasnoted.Thissection

focusedontheoverallITServiceManagementconceptsincludingvaluecreation,aservicebasedculture,

servicelifecycle,andacustomerfocus.Thisobservationreinforcestheneedtoimproveawarenessand

culturechangeattheprogramlevel,andinadditiontoproject/processlevelcommunications.Continued

trainingwillalsoprovidesupportforthiseffort.Onthe2011assessment,allbutoneoftheaudience

surveyedwasabletorespondthattheyhadatleastITILfoundationstraining.Thisisanincreasefromthe


6/31

6

2009assessmentand,giventhatthisassessmentiscompletedattheseniordirectoranddirectorlevel,

demonstratessupportandcommitmentfromtheorganizationsleadership.Continuingthistrainingatdeeper

levelsoftheorganizationwillsupportadvancingtheoverallconceptsofITServiceManagement.

Improvementeffortsoverthelasttwoyearshaveprovensuccessfulataprocesslevelforthetargetedareas.

Still, opportunity for continued growth in several other key process areas exists. The improvements in

IncidentManagementandtheServiceDeskprovideamoreeffectivewaytoreact.Totakethenextstepatan

operationallevel,effortsmustfocusonreducingtheamountofreactivework,providingbetterplanningand

controltotheorganizationandallowingresourcestoallocatemoretimetoproactiveactivities.

Lookingahead,theassessmentrevealedthatthenextmostimportantprocesstoimprovewasChange

ManagementfollowedclosebyProblemManagement.Theexternalsurveyvalidatedthisandalsoservedto

reflectontheimprovementsofIncidentManagement,whichwasthetopofthelistforthisquestiontwoyears

ago.Othersignificantareasofopportunitynotedintheexternalsurveyalignwithongoingimprovementsin

ServiceLevelManagementandRequestFulfillment.

OtherareasofpriorityincludeITServiceContinuityManagementandInformationSecurityManagement.

Effortsareunderwaytoimproveanumberofsecurityitemsandthecoordinationofeffortswithapplicable

ITSMprocessesandbestpracticeshouldcontinue.ITServiceContinuityManagementisstillassessedatan

initiallevelofmaturity.Infact,althoughaminimalchange,thisprocessisonethatshowedadecreasein

maturity.Cautionisadvisedindelayingpriorityofthisprocessimprovement.Unfortunately,thisprocess

usuallycallsforasignificantinvestmentwithnopromiseofreturn,andisoftenminimizedforthatreason.

Priorityshouldbeplacedonimprovementofthisprocessbeforeadisasterforcesemergencyprioritization.

An IT Service Management program was established following the 2009 assessment and services to

coordinate improvement efforts, manage implementation projects, and provide leadership to assist the

organizations adoption of consistent and efficient processes based on leading best practice. While the

organizationhascommittedtoseveralkeyinitiativesoutsideITServiceManagement,resourcesarealways

tightandtheprogrammustworkwiththeorganizationsleaderstoinvestresourcesinawaythatprovides

themostimprovementbalancedagainstotherkeycommitmentsanddaytodayoperation.Temptationtoinitiate IT process improvement outside the program should be avoided to avoid future rework and

additionalinconsistency.ThiswillallowthebestopportunityfortheOCIOtoadvanceasoneorganization

anddeliverthemostvaluetoTheOhioStateUniversity.


7/31

7

ADVISORYGROUPSURVEYRESULTS(EXTERNALSURVEY)

0 10 20 30 40

2011

Always

Usually

Sometimes

Never

0 10 20 30 40

Iamadvisedofproposed

changesthataffectmyIT-

relatedservices.(ChangeMgt)

Expectationsforthe

performanceoftheservices

deliveredbytheIT

organizationareavailableto

me.(SLM)

Reviewsofmeasurement

aroundthedeliveryofIT

servicesareavailabletome.

(SLM)

IamabletomakeITservice

requestsfromasingle

location(onestopshopping)containingdetails,costs,etc.

fortherequest.(RF/Tools)

IknowwheneachITservice

isexpectedtobeavailable,or

Iknowwheretoindthat

information.(Availability

Mgt)

PeriodsofITservice

downtimeforregular

maintenanceareknownand

acceptable.(AvailabilityMgt/

SLM)

Thereisacommitmentwithin

theITmanagementteamand

otherITstafftoprotectthe

organization'sinformation.

(Security)

ITstaffmembersworkwith

mewhenchangestothe

securityofaservicemay

affectmyabilitytohandlethe

businessofmyarea.

Iamawareofsafeguardsin

placetoensurecontinuation

oftheservicesuponwhichmybusinessdepends.(Service

Continuity)

2009


8/31

8

0 10 20 30 40

2011

Always

Usually

Sometimes

Never

0 10 20 30 40

WhenIreportanITissue,it

remainsopenuntilithas

beenconirmedbymethat

theissuehasbeenresolved

tomysatisfaction.(Incident

MyITissuesarehandledina

consistentmannereachtime

IcontacttheITorganization.

(IncidentMgt)

Staffwiththerequiredskills

areidentiiedandassigned

toworkwithmeto

investigateandanalyzemore

complexissues.(Incident

The"rootcause"ofmyIT

issueiscommunicatedtome.(ProblemMgt)

Wheninstructionstoresolve

myITissueisfound,Ihave

accesstothatinformation.

(ServiceDesk/Tools)

Ihaveanopportunitytoprovideinputintomajor

changestomyITservices.

(ChangeMgt)

Whenthereisanissuewith

anITservicethataffectsme,

theITstaffseemtoknow

whattoinvestigateto

resolvetheissue.(Conig

ThereisasingleareaIcan

contactforanyITissueImay

have.(ServiceDesk)

TheITServiceDeskstays

involvedwithmyissueuntil

Iamsatisiedwiththe

outcome.(ServiceDesk)

2009


9/31

9

ExternalOpinionQuestion:

TheaspectofITServiceimprovementthatismostimportanttome,is:

35%

20%

32%

13%

2011

MyITserviceissuesare

consistentlyresolvedquickly

andeficiently.(IncidentMgt)


preventedordon'treoccur.

(ProblemMgt)

Myproductivitydoesn't

decreaseduetosystemchanges.

(ChangeMgt)

IknowwhatITservicesareavailableandhowtogetthem.

(SLM/Availability)

47%

17%

23%

13%

2009


consistentlyresolvedquickly

andeficiently.(IncidentMgt)


preventedordon'treoccur.

(ProblemMgt)

Myproductivitydoesn't

decreaseduetosystemchanges.

(ChangeMgt)

IknowwhatITservicesare

availableandhowtogetthem.

(SLM/Availability)


10/31

10

READINESSANDAWARENESS(INTERNALASSESSMENT)

!"##

! "#$ # #$

% &'$ ( !'$) ('$ "! %'$

! "#$ # #$

$%&'() !" #""* #+ #""*

# #$ " *+!'$

"# '#$ * &%+'#$

"# '#$ , '#$

# #$ " *+!'$

$%&'() !" #""* #+ #""*

! "#$ ! "!+'#$"! *#$ "! %'$

* $ ! "!+'#$

# #$ # #$

$%&'() !" #""* #+ #""*

# #$ " *+!'$

"# '#$ ) '*+!'$

"# '#$ * &%+'#$

# #$ # #$

$%&'() !" #""* #+ #""*

! "#$ * &%+'#$

) ('$ , '#$

, (#$ ! "!+'#$

" '$ # #$

$%&'() !" #""* #+ #""*

* $ ' &"+!'$

) ('$ "# *!+'#$

' !'$ " *+!'$

# #$ # #$

$%&'() !" #""* #+ #""*

* $ , '#$

% &'$ , '#$

% &'$ # #$

# #$ # #$

$%&'() !" #""* #+ #""*

-./01234567892/::

67892/::

;2/::

-./012345;2/::

!"",-./)0%1)/)

-./01234567892/::

67892/::

;2/::

-./012345;2/::

234--5/-%0/6'&/-78&9-'-:%;;%1-)&%;/6-F68(&>6/-/P8)&)-81-%>6-%6G'18H'&8%13 !"##-./)0%1)/) !"",-./)0%1)/)


11/31

11

!"##

! "# ! $%&"#

!' "'# ( )*%("#

+ )"# $ *(%"'#

' '# & !&%"'#

$%&'() !" #""* #+ #""*

! "# ) &"#

!$ ,'# !! $,%("#

* !"# ! $%&"#

' '# ' '#

$%&'() !" #""* #+ #""*

! "# $ *(%"'#

!) ('# !' $&%"'#" &"# ' '#

' '# ' '#

$%&'() !" #""* #+ #""*

' '# ! $%&"#

! "# , "'#

!" ("# ( )*%("#

) &'# ' '#

$%&'() !" #""* #+ #""*

' '# + "$%&"#

) &'# ' '#

, )'# ) &"#

* !"# ! $%&"#

' '# ! $%&"#

' '# ' '#

& !'# ! $%&"#

' '# ' '#

* !"# !"#$%&'()$*++,

' '# !"#$%&'()$*++,

$%&'() !" #""* #+ #""*

!* $"# !"#$%&'()$*++,

( *"#

$%&'() !" #""*

,$-./01'2341))/'42/56'7141))/01)8(&)

!""9!"#$%&'()*+,*-.++

9:;///(1F1(/%E/,$,G/&7'3434H/3)I !"##/01)=%4)1) !""9/01)=%4)1)

-./01234567892/::

67892/::

;2/::

-./012345;2/::

#":;//$?1/05J,/C%21(/3)/8)12/&%/1K=('34/1'A?/7%(1/34/&?1/ !"##/01)=%4)1) !""9/01)=%4)1)

-./01234567892/::

67892/::;2/::

-./012345;2/::

-:/:


12/31

12

! "# !"#$%&'()$*++,

$ %"#

!& "

!"#$%& '( )((*

'()*+,

-./0)12340

)'+,-!./-$0"12#-$23-45/61/278-"4-9!:;-7$#>"2&->&? '())-@/&A"2&/&

'()5678


13/31

13

MATURITYASSESSMENTRESULTS(INTERNAL)

0 1 2 3 4 5

TheOrganizationhasclearlydeined

processgoals,objectives,documented

policies,activitiesandproceduresfor

Clearrolesandresponsibilitiesforthe

IncidentManagementprocesshavebeen

identiied,deined,documentedand

ThedeinitionofanIncidentisclearly

understoodasdistinctandseparate

fromaProblem;thisdeinitionisapplied

Thereareclearpoliciesanddeinedand

consistentproceduresforloggingall

Incidents.Incidentsarecategorizedusinga

methodthatenablesmeaningful

reporting.

Ameasurementframeworkhasbeen

establishedforIncidentManagement

thatidentiies,measuresandreportson

AllIncidentsareassignedapriority

basedonimpactandurgency.

Thedeinitionofandprocedurefor

handlingaMajorIncidentbasedon

impactandurgencyisclearly

Customersareinformedofthestatusof

Incidentsthataffecttheminaconsistent

anddeinedmanner.

Incidentclosurepoliciesandprocedures

statethatIncidentclosurebeperformed

onlybytheServiceDeskandthatclosure

Proceduresareinplacetoassessthe

usersatisfactionlevelsrelatedtothe

resolutionoftheIncident.

ThereisasearchableKnowledge

Databasethatcontainswork-arounds,resolutions,andknown-errors,aswell

IncidentManagementexistsasa

standardizedandrepeatableprocess

acrossourorganization.

IncidentManagement

2011

2009


14/31

14

0 1 2 3 4 5


processgoals,objectives,documentedpolicies,activitiesandproceduresfor

theProblemManagementprocess.A


ProblemManagementProcesshave

beenidentiied,deined,documented

andappointed.

Thereisaprocedurebywhich

potentialproblemsareclassiiedin

termsofcategory,urgency,priority

andimpactandassignedfor

TheProblemManagementprocess

ownerundertakesproactiveproblemmanagement(lookingforpotential

areasoffailure,beforetheyoccur).

TheProblemManagementprocess

owneranalyzesincidentinformation

tolookforincidenttrends.

Problemrecordsincludecurrent

statusoftheprobleminvestigation,

categorizationoftheproblem,andany

changesinstatusfortheproblem.

ProblemManagementensures(followingaPostImplementation

Review)thatChangeshavebeen

successfullyimplementedbefore

AllProblemsandKnownErrorsare

linkedtoConigurationItemswhen

relevant.(PMtoSACM)


establishedforProblemManagement

thatidentiies,measuresandreports

onmetricsalignedtoKey

ProblemManagementexistsasa



ProblemManagement

2011

2009


15/31

15

0 1 2 3 4 5



policies,activitiesandproceduresforthe

ChangeManagementprocess.Ashared

repositoryofChangeManagement


ChangeManagementProcesshavebeen


appointed.

AroleexistswithintheChange

Managementprocesswhichisresponsible

forthecoordinationofeachChangebeing

built,tested,implemented,thenreviewed

accordingtothespeciicationscontained

AChangeauthorizationmodeldeinesvariousChangecategories,andwhatlevel

ofauthorizationisrequiredforthedifferent

Changecategories.

AChangeAdvisoryBoard(CAB)existsasa

formalbodyresponsibleforreviewingand

authorizingChanges.

AnEmergencyCABtoreviewandauthorize

emergencyChangesexists.

AnITManagementBoardisresponsiblefor

reviewingandauthorizingChangesbearing

signiicantrisktothebusinessand/orthat

impactmultipleservicesororganizational

areas

Businessrepresentatives(fromnon-IT

areasoftheUniversity)areinvolvedwith

thereviewofmajorproposedchanges.

Changesareassessedforpotentialimpacts

toexistingservicesasdeinedinServiceLevelAgreements.(ChgtoSLM)

ChangeManagement

2011

2009


16/31

16

0 1 2 3 4 5


establishedforChangeManagement

thatidentiies,measuresandreports

onmetricsalignedtoKey

ARequestforChangeisusedtorecord

andcontrolallinformationrelatedto

Changesandproposedchanges.

ThepriorityforasubmittedChange

Requestisdeterminedthroughthe

assessmentoftheChangeimpactand

urgency.

A"calendarofChange"is

communicatedtoallChange

stakeholders(whichincludesthe

ServiceDesk).

AllChanges(includingemergency

Changes)aretestedpriorto

implementation.

ThescopeofChangeManagement

includesChangestotheService

Portfolio,Changestoexistingservices,

impactstotheSecurityPlan,aswellas

ChangeManagementexistsasa



ChangeManagementCont.

2011

2009


17/31

17

0 1 2 3 4 5



AServiceAssetandConiguration

Managementprocessownerwith

accountabilityfortheprocessacross


ConigurationManagementProcess

havebeenidentiied,deined,

AllConigurationItems(CIs),

attributes,owners,andrelationships

arerecordedandmaintainedina

TheConigurationManagementDatabase(CMDB)providesalogical

modelofallserviceassetsusedin

ConigurationItems(CIs)containedin

theCMDBincludeservices,systems,

hardwareandsoftwarecomponents,

ThereisaDeinitiveSoftwareLibrary

andaDeinitiveHardwareStore

withintheorganization(physical


establishedforServiceAssetand

ConigurationManagementthatRegisteredConigurationItemsare

physicallyidentiiedthroughlabeling

accordingtoorganizationalpolicy

Ascheduledandregularlyoccurring

auditisusedtoverifytheaccuracyof

theConigurationManagement

TheConigurationManagement

Databaseauditincludesacomparison

ofConigurationItemsinthe

ServiceAssetandConiguration

Managementprovidesuptodateinformationaboutinfrastructureand

ConigurationManagementexistsasa



Con=igurationManagement

2011

2009


18/31

18

0 1 2 3 4 5



policies,activitiesandproceduresfortheServiceDeskfunction.


ServiceDeskfunctionhavebeen


appointed.

ThereisaServiceDeskinplacewhichis

theknowncontactpointforallIT

inquiriesandproblems.

CallsrecordedbytheServiceDeskare

distinguishedasincident,requestfor

change,orservice(orinformation)

request.

TheServiceDeskensuresthattheend

usersareadvisedofupcomingexpected

servicechangesand/oroutages.

ReportsforserviceDeskmetrics,suchas

numbersofcallsreceived,typesofcalls,

etc.areeasilyaccessible.

Thereisausersatisfactionsurveysystem

inplace.

TheServiceDeskprovidestrending

informationandcustomersatisfaction

ratingreportstoManagement.

TheServiceDeskproactivelyadvises

usersofthestatusoftheircallswhen

certaintimelimitsarereached.

Thereisanescalationprocessinplacefor

callsthatcannotberesolvedatirstpoint

ofcontactwiththeServiceDesk.

Thereisaregular,reportedreviewof

ServiceDeskperformanceagainst

expectedKeyPerformanceIndicators

(KPIs)andCriticalSuccessFactors(CSFs).

ServiceDesk

2011

2009


19/31

19

0 1 2 3 4 5



theServiceLevelManagement

process.Asharedrepositoryof

ServiceLevelManagement

AServiceLevelManagementprocess

ownerwithaccountabilityforthe

processacrosstheorganizationhas

beenappointed.Theprocessowner

hastheauthoritytoensure

compliancetoandgovernanceofthe


ServiceLevelManagementProcess

havebeenidentiied,deined,

documentedandappointed.

ServiceLevelAgreements(SLAs)--

whichdeinealltheservicesand

levelsofservicesprovidedbyITfor

thecustomers--existforallservices.

OperationalLevelAgreements(OLAs)

-whicharealignedwithrequirements

deinedintheSLAs--havebeen

documentedandagreedamong

individualproviderITgroupswithin

theorganization.

ServiceLevelAgreementsare

regularlyreviewedtoensuretheyare

currentandaligned--andre-

negotiatedwhenneeded--with

customerrequirements.

SupplierManagementexistsasaprocesstomanagecontractswith

externalsuppliers.

ServiceLevelManagement

2011

2009


20/31

20

0 1 2 3 4 5

ThereisaServiceCatalogthat

describestheservicesofferedbytheITorganization.

Servicelevelsachievedbyall

operationalservicesaremonitored

andmeasuredagainsttargetswithin

SLAs,OLAs,andContracts.

Regularcommunicationsandreports

concerninglevelsofservicecontained

withinServiceLevelAgreements

occurwithITmanagement,the

ServiceDesk,andallinternal

Servicereviewmeetingsareheld

regularlywithcustomerstodiscuss

ServiceLevelachievementsandany

plansforimprovementsthatmaybe

required.

ServiceImprovementProgramsare

usedtoimprovethequalityofservices

andareinitiatedforservicesthatare

underperforming.

ServiceLevelAgreements,Operational

AgreementsandUnderpinning

ContractsarestoredinaDeinitive

DocumentLibraryandarecontrolled

asConigurationItemsinthe

ServiceLevelManagementexistsasa



ServiceLevelManagementCont.

2011

2009


21/31

21

0 1 2 3 4 5




theAvailabilityManagementprocess.

AsharedrepositoryofAvailabilityAnAvailabilityManagementprocess






AvailabilityManagementProcesshave


andappointed.

TheAvailabilityManagementProcess

areaprovidesinformationtothe

ChangeManagementprocessarea

abouttheimpactofproposedchanges.

Thereareregularreviewsofcurrent

infrastructureagainstrequired

availability(KPIsandCSFs),witha

viewtooptimizingequipment

(loweringcost)whilemaintaining

Acceptedperiodsofservicedowntime

formaintenanceareknownand

acceptedbythecustomer/businessrepresentative.

Thereisanacceptedprocedurefor

investigatingreasonsforhigh

unavailability.

Trendanalysisiscarriedouton

availabilitydata,tohelpidentify

potentialfuturebottlenecks.

AvailabilityManagementexistsasa



AvailabilityManagement

2011

2009


22/31

22

0 1 2 3 4 5



ASecurityManagementprocess




SecurityManagementProcesshave


Thereisaclearunderstandinginthe

organizationofwhoisresponsiblefor

ITsecurity.

ThereisacommitmentwithintheITmanagementteamandotherITstaff

toprotecttheorganization's

Therearephysicalbarriersinplace

preventingunauthorizedaccessto

criticalITequipment.

Therearepreventativesystemsin

placetoprotectagainstelectronic

attacks(e.g..Firewalls).

Thereareclearstepsinplacefor

handlingandreportinganysecurity

breaches.

Thecostofprovidingsecurityis

knownandbalancedagainstthevalue

oftheinformationbeingprotected.

Thereareproceduresinplaceto

ensurethatthesystemsprotectingthe

organizationareupdatedtothelatest

Thereareregularreviewswith

supplierstoensurethattheirsecurity

measuresareadequate.

Thereareregularreviewswith

clients/customerstoensurethatthe

ITsecuritymeasuresdonothamper

SecurityManagementexistsasa



ITSecurityManagement

2011

2009


23/31

23

0 1 2 3 4 5




theContinuityManagementprocess.

AsharedrepositoryofContinuityAContinuityManagementprocess






ContinuityManagementProcesshave


andappointed.

ThereisaregularBusinessImpact

Analysis(BIA)thatreviewsthe

servicesusedbythebusinessandthe

impact(monetaryandnon-monetary)

iftheyarelost.

Thereisadocumentedandtested

recoveryplaninplacewhichis

understoodbytheserviceproviders

andcustomersforeachservice.

Regularbackupsofcriticaldataare

taken,tested,andthesebackupsarestoredsecurely.

Thecostofcontinuityplanningis

balancedagainstthevaluetothe

business.

Thereareregularreviews(including

testing)onperformanceofthis

processareaagainstdocumentedKey

PerformanceIndicators(KPI's).

ContinuityManagementexistsasa



ITServiceContinuityManagement

2011

2009


24/31

24

DETAILEDPROCESSINFORMATION

PROCESSDEFINITIONSANDRECOMMENDATIONS

COMMONPROCESSIMPROVEMENTRECOMMENDATIONS.

Toincreasetheconsistencyandefficiencyofanyprocess,thefollowingcommonactivitiesarerecommended.

Effortsshouldbemadetoapplythesetoanyprocessestablished.

Clearlydefineprocessgoals,objectives,documentedpolicies,andproceduresfortheprocess. DefineaprocessownerandestablishaRACIauthoritymatrixfortheprocess. Provideappropriatecommunicationandtrainingtostaffasapplicable. Maintainallprocessdocumentationinashared,communicatedlocation. Establishameasurementframeworkthatidentifies,measures,andreportsonmetricsalignedtoKey

PerformanceIndicators(KPIs)anddefinedCriticalSuccessFactors(CSFs)

INCIDENTMANAGEMENT:CURRENTPROCESSMATURITY2.62

TheprimaryobjectiveofincidentmanagementistoreturntheITservicetousersasquicklyaspossible.

Based on the results of the previous assessment, a major effort to improve Incident Management was

undertaken. Thisresultedin a formalprocess,new tooling,and provided thefoundation forfuture ITSM

efforts.

PROBLEMMANAGEMENT:CURRENTPROCESSMATURITY0.73

Theprimaryobjectiveofproblemmanagementistopreventincidentsfromhappeningandminimizeimpact

ofincidentsthatcannotbeprevented.

Recently,improvementeffortswereundertakingtodefinetheproblemmanagementprocessfortheOCIO.Process documentation and tooling are in place, however, resource constraints led to holdingoff on the

remainingworktorollouttheprocess.

Nextstepswhichleadtoamorematureproblemmanagementprocessinclude:

Provideawarenessandtrainingonthedocumentedprocess ImplementtheprocesswithintheOCIO

CHANGEMANAGEMENT:CURRENTPROCESSMATURITY1.11

Theprimarygoalofchangemanagementistoenablebeneficialchangestobemadewithminimumdisruption

toITservices.

Currently,amajoreffortisunderwaytoformallydefinethisprocessandimplementitacrosstheOCIO

CONFIGURATIONMANAGEMENT:CURRENTPROCESSMATURITY0.37

ConfigurationmanagementisincludedintheServiceAssetandConfigurationManagementprocessandis

responsibleformaintaininginformationaboutconfigurationitems(anycomponentthatneedstobemanaged

inordertodeliveraservice)andtheirrelationships.


25/31

25

Theneed tobetter track assets and various levels of configuration item tracking continue toresult inan

extremelyinconsistent,inefficientsetofactivitiesacrosstheOCIO.Itislikelythatalevelofre-workwillbe

requiredwhenformalprocessisdefined.Theamountofreworkwillincreaseasadditionaltimepasseswith

thecurrentapproach.

Keyactivitieswhichwillleadtoamorematureconfigurationmanagementprocessinclude:

Definethelifecycleprocessforassetsfromprocurementtodisposal. Maintain a configuration management database with configuration items that include services,

systems,hardware,software,databases,documentationandsupportstaffroles.

EstablishdocumentationdefiningtherelationshipsofCIstobusinessprocessesandservicestothebusiness.

SchedulearegularaudittocompareconfigurationiteminformationintheorganizationtothedataintheCMDB.

SERVICEDESK:CURRENTMATURITY2.45

TheservicedeskservesasthecustomerssinglepointofcontactforallITservices.

Together with the Incident Management improvements, the service desk has been re-aligned under the

guidanceoftheCustomerExperienceorganizationwithin theOCIO. Theeffortsareclearin the increased

maturityscoreforthisarea.

Recommendationswhichwillleadtoanevenmorematureservicedeskinclude:

ContinuetoconsolidateusercontactpointswithintheOCIOforincreasedefficiency. Establish a consistent process for customer and user communications regarding any changes to

services.

SERVICELEVELMANAGEMENT:CURRENTMATURITY1.29

Theservice levelmanagement process involves agreementamong the customers and theprovidersof IT

servicesregardingthedefinitionandexpectationsoftheservice.

CurrenteffortsareunderwaytodocumenttheServiceLevelManagementprocessanddefineagreedservice

levelsforOCIOservices.

Keyactionstofollowonthecurrenteffortsinclude:

Continuedcommunicationandawareness.Thisprocessiskeyinadvancingtowardabusinessfocusandbeyondtheconstraintsofatechnologyfocus.

EstablishaprocesswherebyregularcommunicationsandreportsregardingSLAKPIsandCSFsoccurbothinternallyandwiththecustomers.

Establishaserviceimprovementprogramforunderperformingservices.AVAILABILITYMANAGEMENT:CURRENTMATURITY0.66

TheavailabilitymanagementprocessoptimizesthecapabilityoftheITInfrastructure,servicesandsupport

organizationtodeliveracosteffectiveandsustainedlevelofavailability.


26/31

26

EstablishaprocessforavailabilitymanagementtoparticipateintheChangeManagementprocessbyprovidinginputabouttheimpactofproposedchanges.

Establishaprocedurefortheinvestigationofreasonsfortheunavailabilityofaservice. Establishamethodbywhichtrendanalysisiscarriedoutonavailabilitydatatoproactivelyidentify

potentialfutureserviceissues.

SECURITYMANAGEMENT:CURRENTMATURITY2.16

Thesecuritymanagementprocessensuresthatthesecurityaspectswithregardtoservicesandallservice

managementactivitiesareappropriatelymanagedandcontrolledinlinewithbusinessneedsandrisks.

Keyactionsthatwouldleadtoamorematuresecuritymanagementprocessinclude:

Ensureallappropriatesecurityrelatedpoliciesaredocumented,accessible,andcommunicated. Ensurepoliciesdefineanappropriatelevelofsecurityrelativetothetypeofdata,risk,andbusiness

requirements.

ImplementcontrolsspecifiedinISO27002 EstablishaformalInformationSecurityManagementSystem(ISMS)assuggestedinISO27001.

ITSERVICECONTINUITYMANAGEMENT:CURRENTMATURITY1.11

ITServiceContinuityManagement(ITSCM)supportstheoverallbusinesscontinuityplan(BCP)byensuring

that therequired IT technical and service facilities canbe resumed within required and agreedbusiness

timescales.

TheOCIOmaintainsemergencyplansbasedonuniversitybusinesscontinuityprogramrequirements,butno

formalservicebasedcontinuityprocessisdefinedorowned.

Theimportanceofthisprocessisoftenminimizeduntilitistoolate.

KeyactionsthatwouldleadtoamorematureITsecuritymanagementprocessinclude:

PerformregularBusinessImpactAnalysis(BIA)andriskanalysis. EnsurethatITservicecontinuityrecoveryplansaredefinedandtestedforeachservice. Ensurethecostofrecoveryplanningisbalancedagainstthevaluetotheuniversityandincludedin

theoverallcostmodeloftheservice.

ProvideinformationtoServiceLevelManagementtobettersetcustomersexpectationofservices.


27/31

27

OTHERITILPROCESSESProcessesdefinedinITILthatwerenotformallyassessedarelistedbelow.Foreachofthese,recommended

actionsincludeallactivitiesnotedinthecommonactivitiesabove.Additionally,specificinformationisnoted

whenavailable.

RELEASEMANAGEMENTReleasemanagementistheprocessresponsibleforplanning,scheduling,andcontrollingthemovementof

releases to test and live environments. The primary objective is to ensure that the integrity of the live

environmentisprotectedandthatthecorrectcomponentsarereleased.

ReleaseManagementcurrentlyexistsacrosstheOCIOinmultiplelevelsofmaturity.Mostformally,thisprocess

existsaspartoftheSoftwareDevelopmentLifecycle(SDLC)withintheEnterpriseApplicationsorganizationand

the Configuration Management team within the Infrastructure organization. Opportunities to improve

consistencyandincreasematuritywilldevelopasaresultofimprovedperformanceofChangeManagement.

SERVICEPORTFOLIOMANAGEMENT

Service portfoliomanagement is a method for governing investments in servicemanagement across the

enterpriseandmanagingthemforvalue.Theserviceportfolioincludestheservicepipeline(newservices

beingdeveloped),theservicecatalog(servicescurrentlyofferedinoperation),andretiredservices(services

nolongeroffered).

KeycomponentsofTheServicePortfolioManagementprocesshavebeenimplementedwithsuccesswhilefuture

opportunitiesalsoexisttoprovideevenmorevaluetotheOCIO.Theservicecataloghasbeencreated.While

establishingthecatalog,visibilitytoservicesearlierinthelifecyclehavebeenrealized.VisibilityofOCIOservices

inoneplacealongwiththetotalcostofownershipeffortsofFinancialManagementhavealsoprovideddatafor

decisions regarding retirement of services. Future improvement opportunities for the Service Portfolio

Management process includedefinitionof formalownership anda defined approachtomakingthe strategic

decisionaboutwhetheraserviceshouldbeoffered.

SERVICECATALOGMANAGEMENT

ThegoalofServiceCatalogmanagementistoprovideasinglesourceofconsistentinformationonallofthe

agreedservicesandensurethatitiswidelyavailabletothosewhoareapprovedaccesstoit.

ServiceCatalogManagement isa formally recognized processwithintheOCIOwith anamedprocessowner.

Recentimprovementsestablisheda consistentdefinition fora Service andpresentedan official list ofOCIO

Servicesinawebaccessibleservicecatalog.ThevalueofthecatalogwillcontinuetogrowasdatafromService

LevelManagement becomes available and is published. While this process was not formally assessed, one

specific question within the Service LevelManagement section may provide some information of progress

movingfromanaverageresponseof0.69to2.65overthetwo-yearperiod.Seethetopofpage19ofthisreport.

DEMANDMANAGEMENT Activities of demand management are focused on understanding customer demand for services and the

provisionofcapacitytomeetthesedemands.Thisisstrategicallyaccomplishedbyanalysisofpatternsof

businessactivityanduserprofiles.

DemandManagementrequires supportingdata. Thisprocess offersopportunities as improvements continue

withrelationshipmanagement,definitionsofOCIOservicesintheServicesCatalogareformalized,andresulting

dataofotherprocessesbecomesavailable.


28/31

28

CAPACITYMANAGEMENT

CapacitymanagementensuresthatthecapacityofITservicesandtheITInfrastructureisabletodeliverat

agreedservicelevelsinacosteffectiveandtimelymannerbyconsideringallresourcesrequiredtodeliverthe

service.

CapacityManagement presents a clear area of opportunity for the OCIO. As more reactive processes are

stabilized,resourcesandsupportingdatawillbecomeavailabletoinvestigatetheseopportunities.

FINANCIALMANAGEMENT

Financialmanagement,bothaprocessandafunction,isresponsibleformanagingandITserviceproviders

budgeting,accounting,andchargingrequirements.

FinancialManagementisaformallyrecognizedprocesswithintheOCIOwithanamedprocessowner.Recent

improvements provided a defined service based cost model and templates for calculation of total cost of

ownershipTCO.EffortscontinuetoproduceaTCOforeachOCIOservicethatwillsupportvalidationoffeesand

charges,budgets,andaccounting.

SUPPLIERMANAGEMENTSupplierManagementistheprocessresponsibleforensuringthatallcontractswithsupplierssupportthe

needsofthebusiness,andthatallsuppliersmeettheircontractualcommitments.

SupplierManagementisaformallyrecognizedprocesswithintheOCIOwithanamedprocessowner.Current

effortshaveprovidedmorevisibilityandimprovementsinendoftermcontractrenewals.Contractscustodians

havealsobeenassociatedwitheach contract to serveas aprimary contactwithintheOCIOatrenewaland

negotiations. Whileno specificsectionof theassessmentaddressedthisprocess,one specificquestion inthe

ServiceLevelManagementsectionfocusedonSupplierManagement(bottompage18).Theaverageresponse

for this question moved from a 0.63 to a 1.35. Further efforts may include increased communication of the

process,establishmentofa supplierscorecardandmore formallink fromsupplierstoOCIOservicesandservice

levels.

TRANSITIONPLANNINGANDSUPPORT

Transitionplanningandsupportistheprocessresponsibleforplanningallservicetransitionprocessesand

coordinatingtheresourcesthattheyrequire.

TheactivitiesofthisprocessalignwiththeOCIOsprojectmanagementmethodology.Improvementscontinueto

beimplementedunderformalleadershipofthePortfolioandProgramManagementOfficewithintheOCIO.

SERVICEVALIDATIONANDTESTING

Theservicevalidationandtestingprocess isresponsibleforvalidationand testingofa neworchangedIT

service by ensuring that the services matches its design specification and will meet the needs of the

university.

Activities from thisprocessarecurrentlybeing consideredwithin theSharedServicesGroupwithin theOCIOs

EnterpriseApplicationteam.Formalizationoftestingandqualityassuranceprocesseswithinthisgroupwill

inherentlyworktoimprovethisprocess.

KNOWLEDGEMANAGEMENT


29/31

29

Knowledge management is responsible for gathering, analyzing, storing and sharing knowledge and

informationwithinanorganization.Theprimarypurposeistoincreaseefficiencybyreducingtheneedto

rediscoverknowledgeandmakingthatknowledgeavailabletoenablebetterbusinessdecisions.

TheOCIOhasastarttoKnowledgeManagementonanumberoffronts.Traditionally,theKnowledgeBaseused

bytheservicedeskhasbeenthekeycomponent,however,KnowledgeManagement,encompassesmuchmore.

Manyothersystemsinplace,includingServiceKnowledgeManagementSystem,recordnewdataeverydaythat

feedtheKnowledgeManagementprocess.

EVALUATIONMANAGEMENT

TheevaluationprocessassessesaneworchangedITservicetoensurethatriskshavebeenmanagedandto

help determinewhether toproceedwith the change. Itis alsoperforms comparisonsbetweenthe actual

outcomeandtheintendedoutcomeoronealternativewithanother.

At a high level, some of these activities are performed within the OCIO project management methodology.

FurthermaturingofthismethodologyalongwithimprovementsinChangeManagementandStrategy/Service

PortfolioManagementwillcontinuetorefinetheactivities.

REQUESTFULFILLMENT

Requestfulfillmentisfocusedonmanagingthelifecycleofservicerequestsmanagingtherequestfromstart

tofinish.Thisprocessisoftencloselyassociatedwiththeservicedesk.

RequestFulfillmentisanofficiallyrecognizedprocessintheOCIOwithanamedprocessowner.Improvementsin

RequestFulfillmenthavebeguninclosecoordinationwithIncidentManagement,ServiceCatalogManagement,

andServiceLevelManagement.Majorcustomervisibleimprovementwillberealizedwiththereleaseofa self-

servicerequestcatalogthatallowsuserstoorderorrequestitemsfromtheOCIOandtracktheirprogress.

ACCESSMANAGEMENT

TheaccessmanagementprocessisresponsibleforallowinguserstomakeuserofITservices,data,orother

assets.Accessmanagementhelpsprotecttheconfidentiality,Integrity,andavailabilityofassetsbyensuringonly authorizedusersareable toaccess ormodify theassets. Accessmanagement isoftenreferredto as

RightsmanagementorIdentitymanagement.

This process continues to mature as efforts within the Identity Management program define process and

implementnewtoolsformanagementofOSUidentities.

EVENTMANAGEMENT

The event management process is responsible for managing events (any change of state which has

significanceforthemanagementofaconfigurationitemorservicei.e.analertornotification)throughtheir

lifecycle.

Major activities of this process exist inmany areas of the OCIO including Infrastructure andSecurity. Thesystem/eventmonitoring taking place currently leverage many different technologies and are managed by

variousteams.Thereisaninconsistentlevelofcorrelationordefinition.Tomaketheseactivitiesevenmore

effective,andincreasematurityinthisprocess,eventsbeingmonitoredshouldbeformallydefinedalongwith

identificationofappropriateactionstobetriggeredbythoseevents.Theseeffortswillalsoindirectlyincrease

performance in Incident Management, Service Level Management, Capacity Management, Configuration

Management,andothers.


30/31

30

7-STEPIMPROVEMENTPROCESS

The7-stepimprovementprocessdefinedinITILconsistsofastandard,continuousapproachtoimprovement

basedonthePlan,Do,Check,ActcycledescribedbyW.EdwardsDeming.The7stepsinclude:

1. Definewhatyoushouldmeasure.2. Definewhatyoucanmeasure.3. Gatherthedata.4. Processthedata.5. Analyzethedata.6. Presentingandusingtheinformation.7. Implementingcorrectiveaction.

After processes aredocumented and implementedas part of the IT ServiceManagement program, the 7-step

improvementprocessmaybeusedtomanageon-goingcontinualimprovementefforts.


31/31

REFERENCESITGovernanceInstitute.(2007).ControlObjectivesforIT.RollingMeadows:ITGI.

OfficeofGovernmentandCommerce.(2007).ContinualServiceImprovement.London:TSO.

OfficeofGovernmentandCommerce.(2007).ServiceDesign.London:TSO.

OfficeofGovernmentandCommerce.(2007).ServiceOperation.London,UnitedKingdom:TSO.

OfficeofGovernmentandCommerce.(2007).ServiceStrategy.London:TSO.

OfficeofGovernmentandCommerce.(2007).ServiceTransition.London:TSO.

SoftwareEngineeringInstitute.(2009).CMMIforServices,Verson1.2.Pittsburgh:CarnegieMellonUniversity.

Date post:	14-Apr-2018
Category:	Documents
Upload:	alaincharpentier
View:	215 times
Download:	0 times

Itsm Maturity 2011

Documents