Introduction

A PRACTICAL APPROACH

The purpose of this publication is to provide your organization with a pragmatic approach to effectively implementing service management, incorporating practices from the ITIL framework and the ISO/IEC 20000 standard. The continual service improvement (CSI) approach depicted in Figure 0.1, derived from ITIL Continual Service Improvement (Cabinet Office, 2011), will be our guide throughout the chapters.

Before embarking on a service management implementation, first an organization needs to understand the business drivers for service management that will best support the organization’s vision, mission and goals. Beginning service management without first understanding your current organizational business drivers and primary pain points will result in much frustration and a large disconnect between IT and the business. Second, the organization needs to assess its current state in the areas most relevant to supporting its primary business drivers. Once the organization understands its current state and what its ideal future state will look like, it can then focus on building a holistic roadmap to effectively implement service management within the organization, incorporating practices from ITIL and ISO/IEC 20000.

When implementing service management, an integrated approach needs to be taken to ensure that the organization is getting the most value from its established service management system (SMS). Continual service improvements to the SMS need to occur through the effective establishment of metrics and measurements that are actionable and that truly provide a good barometer of how the organization is performing and the direction in which it is moving. Lastly, the organization has to make sure it takes a programmatic approach to implementing service management, to keep the momentum going, rather than just treating the implementation as a one-time project.

ITIL

Throughout this publication we will be using ITIL framework practices to demonstrate how to achieve superior operational excellence to meet your organizational business drivers. ITIL offers a globally accepted and proven set of leading practices, processes and roles spanning the IT enterprise. ITIL is based on over 20 years of research and development, focused on business organization models and best practices in the IT industry. It draws on the experience of leading practitioners in hundreds of organizations, managing thousands of projects from a worldwide perspective. This framework of practices is encapsulated and presented within the five ITIL core publications: ITIL Service Strategy, ITIL Service Design, ITIL Service Transition, ITIL Service Operation and ITIL Continual Service Improvement (Cabinet Office, 2011), details of which can be obtained from:

www.best-management-practice.com

The five stages of the ITIL service lifecycle are described below.

Service strategy

This service lifecycle stage defines the perspectives, positions, plans and patterns that a service provider needs in order to meet an organization’s desired business outcomes. The processes within the service strategy lifecycle stage include:

• Strategy management for IT services Strategy management for IT services defines and maintains an organization’s perspectives, positions, plans and patterns as related to its services and their management. Strategy management for IT services is also responsible for ensuring that the organization can achieve the intended business outcomes once a strategy is defined.
• Service portfolio management Service portfolio management is the process responsible for managing the service portfolio. The service portfolio describes the provider’s services in terms of business value and articulated business needs, along with the provider’s response to those needs.
• Demand management Demand management involves the activities that understand and influence customer demand for services and the provision of capacity to meet these demands. At a strategic level, demand management can involve the analysis of patterns of business activity and user profiles. At a tactical level, it can involve the use of differential charging to optimize the use of resources at non-peak times.
• Financial management for IT services Financial management for IT services incorporates the function and processes responsible for managing a service provider’s budgeting, accounting and charging requirements. Financial management for IT services provides the business and IT with the quantification, in financial terms, of the value of IT services.
• Business relationship management Business relationship management is the process that provides links between the service provider and its customers at strategic and tactical levels, enabling the provider to understand customer business requirements and provide services to meet them. Business relationship management also assists the business in articulating the value of a service.

Service design

This service lifecycle stage provides a holistic approach to the design of new or changed services that are introduced into the live environment in a controlled manner. The processes within the service design lifecycle stage include:

• Design coordination Design coordination ensures that the goals and objectives of service design are met by providing and maintaining a single point of coordination and control for all activities and processes within this component of the service lifecycle.
• Service catalogue management Service catalogue management is the process that provides and maintains a single source of accurate and consistent information on all operational services and those in the process of being introduced into the production environment. It also ensures that this information is widely available to those who are authorized to access it.
• Supplier management Supplier management is the process that ensures suppliers and the services they provide are managed to support IT service targets and business expectations. The purpose of the supplier management process is to obtain value for money from suppliers and to provide seamless quality of IT service to the business by ensuring that all contracts and agreements with suppliers support the needs of the business and all suppliers meet their contractual commitments.
• Service level management Service level management (SLM) is responsible for ensuring that all IT service management processes, operational level agreements and underpinning contracts are appropriate for the agreed service level targets. SLM monitors and reports on service levels, and holds regular customer reviews.
• Capacity management Capacity management comprises three sub-processes: business capacity management, service capacity management and component capacity management. The purpose of capacity management is to provide a point of focus and management for all capacity and performance issues relating to both services and resources.
• Availability management Availability management is the process responsible for defining, analysing, planning, measuring and improving all aspects of the availability of IT services. Availability management is responsible for ensuring that the IT infrastructure, processes, tools, roles etc. are appropriate for the agreed service level targets for availability.
• IT service continuity management IT service continuity management (ITSCM) is the process responsible for managing risks that could have a serious impact on IT services. ITSCM ensures that the service provider can always provide minimum agreed service levels, by reducing the risk to an acceptable level and planning for the recovery of IT services.
• Information security management Information security management is the process that ensures the confidentiality, integrity and protection of an organization’s assets, information, data and IT services. This process usually forms part of an organization’s approach to security management, which has a wider scope than the service provider.

Service transition

This service lifecycle stage ensures that new, modified or retired services meet the expectations of the business as documented in the service strategy and service design stages of the lifecycle. The processes within the service transition lifecycle stage include:

• Transition planning and support Transition planning and support is the process responsible for ensuring that the overall planning for transitioning services into the operational environment is performed and that the resources those plans require are coordinated.
• Change management Change management is responsible for controlling the lifecycle of all changes. The primary objective of change management is to enable beneficial changes to be made, with minimum disruption to IT services.
• Service asset and configuration management Service asset and configuration management is the process responsible for identifying, controlling, recording, reporting, auditing and verifying service assets and configuration items, including versions, baselines, constituent components, their attributes and their relationships.
• Release and deployment management Release and deployment management is the process responsible for planning, scheduling and controlling the movement of releases to test and live environments. The primary objective of release and deployment management is to ensure that the integrity of the live environment is protected and that the correct components are released.
• Service validation and testing Service validation and testing is the process responsible for the validation of a new or changed IT service. Service validation and testing ensures that the IT service matches its design specification and will meet the needs of the business.
• Change evaluation Change evaluation is the process that considers whether the performance of service change is acceptable and whether it should be continued. This includes consideration of the risks and impacts associated with the business outcomes on existing and proposed services and IT infrastructure.
• Knowledge management Knowledge management is the process responsible for gathering, analysing, storing and sharing knowledge and information within an organization. The primary purpose of knowledge management is to improve efficiency by reducing the need to rediscover knowledge.

Service operation

This service lifecycle stage coordinates and carries out the activities and processes required to deliver and manage services at agreed levels to business users and customers. The processes within the service operation lifecycle stage include:

• Event management An event is a change of state that has significance for the management of a configuration item or IT service. Event management is the process responsible for managing events throughout their lifecycle.
• Incident management An incident is an unplanned interruption to an IT service or a reduction in the quality of an IT service. Incident management is the process responsible for managing the lifecycle of all incidents. The primary objective of incident management is to return the IT service to customers as quickly as possible.
• Problem management A problem is the cause of one or more incidents. Problem management is the process responsible for managing the lifecycle of all problems. The primary objectives of problem management are to prevent incidents from happening and to minimize the impact of incidents that cannot be prevented.
• Request fulfilment A service request is a request from a user for information, advice, a standard change or access to an IT service. Request fulfilment is the process responsible for managing the lifecycle of all service requests.
• Access management Access management is the process responsible for allowing users to make use of IT services, data or other assets. Access management helps to protect the confidentiality, integrity and availability of assets by ensuring that only authorized users are able to access or modify the assets.

Continual service improvement

Continual service improvement (CSI) aligns IT services with changing business needs by identifying and implementing improvements to IT services that support business processes. CSI describes best practice for achieving incremental and large-scale improvements in service quality, operational efficiency and business continuity, and for ensuring that the service portfolio remains aligned with business needs. CSI is the ongoing activity of enabling IT departments to remain aligned with strategic visions and provides an introspective view into improving service management for customers and providers. The key process within CSI is the seven-step improvement process, whose purpose is to define and manage the steps needed to identify, define, gather, process, analyse, present and implement improvement. The seven steps can be grouped under the four elements of the Deming Cycle (see Figure 1.5 in Chapter 1):

• Plan
  • Identify the strategy for improvement
  • Define what you will measure
• Do
  • Gather the data
  • Process the data
• Check
  • Analyse the information and data
  • Present and use the information
• Act
  • Implement improvement.

CSI register

The concept of a CSI register has been introduced as a place to prioritize and record details of all improvement opportunities within an organization.

ISO/IEC 20000

ISO international standards are developed and published by the International Organization for Standardization (ISO), details of which can be found at:

www.iso.org

ISO’s business standards are strategic tools that reduce costs by minimizing waste and errors and increasing productivity.

Throughout this publication we will be using the ISO/IEC 20000 standard for IT service management, which complements ITIL well in demonstrating how to achieve superior operational excellence to meet your organizational business drivers. ISO/IEC 20000 was introduced on 15 December 2005, founded on very successful national standards: BS 15000 (from the UK) and its facsimiles AS 8018 (Australia) and SANS 15000 (South Africa). ISO/IEC 20000 sets out a series of requirements on service providers that address the service management system (SMS) as applied specifically across the IT service management space.

The appeal of ISO/IEC 20000 is varied and international in nature. Drivers for initial certification and retention of ISO/IEC 20000 include:

• Recognition ‘Yes, we are doing a good job.’ This is a simple but effective message that often can be overlooked, particularly with internal service providers where IT is not the core business. As a by-product, staff morale can also be improved.
• Ability to bid for work/retain it Many customers are now specifying certification as a requirement for their service providers, normally with an accompanying target date.
• Benchmark Service providers initiating a service management improvement plan often find it difficult to know where to start: ‘What is the benchmark we need to initially achieve?’ ISO/IEC 20000 has the answer. ITIL records a deep framework of best-practice guidance, whereas ISO/IEC 20000 specifies what needs to be done as a minimum, with corresponding requirements which all service providers should meet.

The standard promotes four primary principles, or ‘prime directives’, that need to be considered and aligned throughout the service provider operation, namely:

• Customer alignment ‘Service providers only exist to support the customer.’ This is a fundamental principle which is often ignored. Service providers need to be able to demonstrate how they have elicited customer involvement in establishing service management from initial engagement and design to operation.
• End-to-end service management The supply chain for many service providers is a critical enabler to assist with service delivery and operation. If one element of this model fails, then the service to the customer could be adversely affected. Integration at a number of levels is required but, as a minimum, it is needed at a process and people level.
• Integrated service management Service management teams cannot operate in silos. They must work together, sharing information, to enable the service provider to deliver a holistic service to the customer.
• Continual service improvement Service providers should not be focused simply on answering the question ‘Are we there yet?’ but on ‘Where do we go next?’ CSI is about an effective approach to continual alignment and realignment with the customer’s and service provider’s objectives.

Achieving ISO/IEC 20000 certification or implementing practices from the standard can be a major milestone towards aligning IT with the customer. It is important never to forget that the primary goal for embarking on a service management programme is to achieve service excellence by providing value-driven outcomes that are meaningful to customers.

Please note that the American National Standards Institute (ANSI) versions of the ISO standards were used when authoring this publication.