ITSM Foundation Course Material

7/29/2019 ITSM Foundation Course Material

1/245

Training Reference Material

IT Service Management

according to ISO/IEC 20000


2/245

2

Welcome & Administration

Structure of the training

ISO/IEC 20000 certification and course outline

Examination format

Agenda


3/245

3

Welcome & Administration Introduction to IT Service Management Content of ISO/IEC 20000, section 1-5 - basics

ScopeTerms and definitionsRequirements for a management systemPlanning and implementing service managementPlanning and implementing new or changed services

Content of ISO/IEC 20000, section 6-10ITService Management Processes:

Resolution ProcessControl ProcessRelease ProcessService Delivery ProcessRelationship Process

Classification and PreviewISO/IEC 20000 certificationRelated practices and standards

ISO/IEC 20000 Qualification Program

ContentofISO/IEC

20000-

1

a

ndISO/IEC

20000-2

Structure of the training


4/245

4

ISO/IEC 20000 Qualification Program


5/245

5

Examination Format

Already available in English, Dutch, French,Portuguese, Japanese, Chinese, German, Italian,Latin-American Spanish and European Spanish.

This is a closed book exam. No materials are permitted

in the examination room.Duration: 1 hour

Number of questions: 40

Multiple-choice with

four options: A, B, C or D and

a single answer

Score minimum of 65 percent (26 of 40) to pass theexam.


6/245

6

BEST

PRACTICEaccording to

Goal of this slide set

Preparation for an ISO/IEC 20000 Foundation Examaccording to specifications from EXIN and TV SD

Akademie.

Notations used in this slide set:

Course Material

Blue background Definitions according to ISO/IEC 20000

Minimum requirements of ISO/IEC 20000-1

ISO/IEC 20000-2 recommendation

A best practice, but no ISO/IEC 20000

requirement or recommendation


7/245

7

Introduction to IT Service

Management

Motivation of process-oriented IT Service Management

Background, History

Basic principles

Check all IT Service Management Trainings conducted by Simplilearn.com
http://www.simplilearn.com/it-service-managementhttp://www.simplilearn.com/it-service-management


8/245

8

Learning target of this section

IT Services and their elements (1.2.1, 1.2.2)

IT Service Management: Concept, Benefit, Risks

(1.3.1, 1.3.2)

Process orientation: Concept, Benefit (1.4.1) Process control and measurement (1.4.2)

Roles of IT Service Management (1.4.3)

Quality, Quality of Service (1.1.1, 1.1.2, 1.2.3)

Principles of quality management and setup of aquality management system (1.1.3)

ISO/IEC 20000: Purpose, Benefit, History, Owner

(2.3.1, 2.3.2)

Groups of processes within ISO/IEC 20000 (2.3.4)


9/245

9

Motivation of Process Orientation

Availability is the most essential

service parameter of enterprise

services.

Availability is determined by

frequency and duration of servicefailure.

About 80% of failures are a

consequence of people and process

issues.

Duration of failures heavily dependson non-technical factors.

Operator

Errors

Application

Failures

[Gartner 1999]

Causes of service failure

Technology

Need for Management of IT Processes!


10/245

10

What is ISO/IEC 20000?

ISO/IEC 20000 is a worldwide standard that

describes the implementation of an integrated

process approach for the delivery of IT

services.

A set of minimum requirements to audit anorganization for effective IT Service

Management.

Owner:

ISO (International Organization for Standardization)

IEC (International Electro-technical Commission

Developed by JTC 1 / SC 7)(Joint Technical Committee 1 / Subcommittee 7)


11/245

11

History: from BS 15000 to ISO/IEC 20000 BS 15000:

Direct predecessor of ISO/IEC 20000

Developed by BSI (British Standards Institution)

1995, 1998: Code of practice (non-certifiable)PD 0005 A Code of Practice for Service Management

2000: First release of the standardBS 15000: 2000 Specification for Service Management

PD 0015: 2000 IT Service Management Self-Assessment Workbook

2002, 2003: Second releaseBS 15000-1: 2002 Specification for Service Management

BS 15000-2: 2003 Code of Practice for Service Management

PD 0015: 2002 IT Service Management Self-Assessment Workbook

2004: Adoption in other countriesAustralia: AS8018

South Africa: SANS 15000


12/245

12

ISO/IEC 20000: Development and Parts Date of Publication: December 15, 2005 - Developed using a

fast-track approach by adoption of BS 15000 during 14 months

Changes to BS 15000

Formally 450 changes (renumbering, etc.)

In terms of content, just slight differences (sole terms, etc.)

No other official publications by ISO/IEC but increasing number

of secondary publications by BSI (BIP 0030-0039, BIP 0015)

Two Parts:

ISO/IEC 20000-1:Information Technology Service Management

Part 1: SpecificationISO/IEC 20000-2:Information Technology Service ManagementPart 2: Code of Practice

Requirements -shall

Recommendations -should


13/245

13

Context of ISO/IEC 20000

Basics:IT Service Management(e.g. ITIL, MOF, CobiT)

& Quality Management (e.g. ISO 9000)

ISO/IEC 20000-2

ISO/IEC

20000-1

SHALL/MUST-HAVEs

Minimum Requirements Check lists

SHOULD-HAVEs

Enhancement of Part 1 Recommendations


14/245

14

Related Standards Overview

ITIL V2 ITIL V3

CobiT

MOF

ISO/IEC 20000

ISO 9000

CMM CMMI

ISO/IEC 15504

Software EngineeringMaturity Degree Model

IT ManagementFramework

Quality Managementstandard / methodology

BS 15000

Six Sigma

Adoption of concepts

Predecessor

Legend

ISO/IEC 27000

(since CobiT V4)


15/245

15

Basic Principles and Concepts

Process

Processes in general

Business Processes

IT Processes

Service

Process Management

Process Assessment Quality and Quality Management


16/245

16

What is a Process?

Hammer, Champy (Reengineering the Corporation):A business process is a bundle of activities, which

requires one or several inputs and which creates

value for the customer.

Office of Government Commerce (ITILVersion 3):A structured set of Activities designed to

accomplish a specific Objective. ()

DIN/ISO (ISO 9000):A business process is a collection of interrelated

resources and activities, that transform inputs into

outputs. Resources could be personnel, buildings,machinery, technology and methodology.


17/245

17

Example Business Process Workflow


18/245

18

Managements Process Orientation

Processes control and impact on

individuals behavior employment of technology usage of information/knowledge

Processes make results of activities predictable Process Orientation as a Management Paradigm

ActivityActivity Activity

Output

Output

OutputInput

Input

Input

Domain 1 Domain 2 Domain 3

Control factors Control factors Control factors


19/245

19

Process Assessment

Critical Success Factors

Meet all critical conditions to achieve success What are the basic conditions of the process?

Does the process operate effectively?

Qualitative consideration

Key Performance Indicators

Metrics reflect the degree of target achievement Calculation based on parameter values measured during process

execution

Does the process actually operate (now, last month, last quarter, etc.)

effectively and efficiently?

Quantitative consideration


20/245

20

What is a Service?

Definition according to ITILVersion 3 (goal-oriented)

A means of delivering value to customers by facilitatingoutcomes customers want to achieve without the

ownership of specific costs and risks.

Model-based Definition (technology-oriented)

Target A view of all components and management-relevant aspects of a service.


21/245

21

Components of an IT Service

Information System:- People, Processes, Technology, Partners- Used to manage information

Support:

- Changes, system restoration in case of failure- Maintenance- To ensure performance according to the agreed

requirements

Quality:- Availability, Capacity, Performance, Security

Scalability, Adjustability, Portability- Quality attributes of the information system to be

specified and agreed upon


22/245

22

A Possible Service Model


23/245

23

ITSM: Basic Relationships

Business Processes are

supported by IT Services.

Delivering IT Services is the key

task of an IT provider.

Customers of the IT provider arebasically organizations that are

involved in business processes.

Users use IT Services to carry

out day-to-day activities.

ITSM Frameworks describe BestPractices of IT Service

Management.

Manage-ment

IT Service

Business Process

supports

IT Provider

Customer

is responsible

delivers

ITSMBest

Practice

use

User


24/245

24

Process-oriented ITSM: Objectives and Benefit

Objectives: Management of IT Services forFulfillment of Business Requirements

Benefit:Effectiveness and efficiency of workflows will be

increased. IT Management will be placed on a stable foundation by

focusing on business objectives and customerorientation.

Improved external communication, competitiveadvantage.

Improved communication, Knowledge Management

Output is more predictable and comprehensible.

Less failures and resultant faults.

Better management of risks (reduced insurance rates,compliance requirements)


25/245

25

Process-oriented ITSM: Risks

Bureaucratic procedures, more paperwork.

Lower effectiveness and efficiency, if The staff is not aware of processes and measures

and personnel do not accept the system.

Senior Management only pays lip-service to thesystem.

Important work is done outside of the system andprocess is not complied with.


26/245

26

Roles in Process Management

Sets of responsibilities, activities and authoritiesgranted to a person or team

Per process:- Process owner is responsible for process results.

- Process manager is responsible for realization of the process,day-to-day control and management.

- Process operatives (professionals) are responsible for definedactivities.

Results assessed based upon agreed performance

indicators.

One person or team may have multiple roles.


27/245

27

Role of Tools

Automated support aids in the performance of tasks/activities

Purpose:

Increased efficiency = cost reduction

Provide evidence of the process activities performed

Examples:

- Monitoring tools

- Software distribution tools

- Service Management / workflow tools

- Remote infrastructure management tools

A fool with a tool is still a fool!


28/245

28

Service Quality

Quality of Service is a measure that indicates the overalleffect of service performance that determines thedegree of satisfaction of a user of the service. Themeasure is derived from the ability of the resources toprovide different levels of services. The measure can be

both quantitative and qualitative.

Quality of service is a critical part of customer and end usersatisfaction

Measure of the ability of a service to provide the intendedvalue to a customer

Specific to the individual customer; quality metrics should bedefined from the customers perspective

Customer perception of service quality may vary over time


29/245

29

Quality Policy

The Quality Policy recognizes that there is always thepotential to increase effectiveness and efficiency(continual improvement).

The Quality Policy determines the general quality goals of anorganization.

The Quality Policy however does notcover:Legal Requirements

Customer specific requirements in quality (cp. SLAs)

Requirements of ISO/IEC 20000


30/245

30

Relationship between IT Services and Quality

A service is provided through the interaction of theprovider with customers and users; quality of the servicedepends upon this interaction.

Quality is a measure of the extent to which the service

fulfills the requirements and expectations of thecustomer.

Customer perception of quality is largely based onexpectations:

Common language/terminology required to ensure effective

dialogue.Expectations need to be clearly defined.

Supplier should continually assess how service is being

experienced and what the customer expects in the future.

Providing constant quality is crucial to perception.


31/245

31

Principles of Quality Management

ISO/IEC 20000 is predicated on basic principles ofQuality Management as defined in ISO 9000e.g.

Principles of Quality Management (QM):Customer focus

Leadership

Involvement of people

Process approach

System approach to management

Continual improvement

Factual approach to decision making

Mutually beneficial supplier relationships


32/245

32

Strategy

Process

QUALITY

MANAGEMENT

SYSTEM

What is a Quality Management System?


33/245

33

Objective of a Quality Management System

Requirements

for aManagementSystem (Sec

3)

SeniorManagementBuy-In

Right PeopleCompetent,aware and

trained

Right products Right Suppliers

RightDocuments

that aremanaged

Goodcommunication


34/245

34

Steps to Establish a Quality Management System

Identify customers requirements and expectations.

Define and assign required resources to achieve thecommitted quality goals.

Launch procedures to measure effectiveness andefficiency.


35/245

35

Summary

ISO/IEC 20000

Worldwide Standard

Process-Oriented Approach for IT ServiceManagement

Based on:Best Practices in IT Service Management (as per

description in ITILe.g.)

Principles of Quality Management (as per description

in ISO 9000 e.g.) Consists of two parts:

ISO/IEC 20000-1: Specification

ISO/IEC 20000-2: Code of Practice

Structure of both parts is identical.


36/245

36

Basic Structure ISO/IEC 20000

Release Management

Business RelationshipManagement

Supplier Management

Budgeting & Accounting

for IT services

Information Security Management

Service Level Management

Service ReportingCapacity Management

Service Continuity &

Availability Management

Incident ManagementProblem Management

Configuration ManagementChange Management

[9] Control Processes

[10] Release

Process[8] Resolution Processes

[7] Relationship

Processes

[4] Planning & Implementing Service Management

[3] Management System

[5] Planning & Implementing new or changed Services

[1] Scope

[2] Terms and Definitions

[6] Service Delivery Processes


37/245

37

Revision Course

What is IT Service Management? What is a Management Process?

What is ISO/IEC 20000?Content?

Structure?Processes and process clusters?

History?

Relationship to ITSM Frameworks?

What is the advantage of process-orientedmanagement?

What are the risks?

What is a QM System?


38/245

38

Content of ISO/IEC 20000 Part 1:Basics

(section 1 - 5)

[4] Planning & Implementing SM



[1] Scope


Management responsibilityDocumentation requirements

Competencies, awareness & trainingPlan, Do, Check, Act


39/245

39

Section 1: Scope




[1] Scope


Management responsibilityDocumentation requirementsCompetencies, awareness & training

Plan, Do, Check, Act

Objective

Description of ISO/IEC 20000 Standards and its content


40/245

40


Applicability and Scope of the Standards(2.2.1)

Usefulness and benefit of a certification(2.2.2)

Difference of ISO/IEC 20000-1 and ISO/IEC20000-2 (2.3.3)


41/245

41

Scope: Description ISO/IEC 20000

What is the common advantage of ISO/IEC

20000?

ISO/IEC 20000 defines requirements for Service providers.

ISO/IEC 20000 sets up a basis of standardized terminologyfor IT Service Management.

ISO/IEC 20000 is applicable ...

in a bid context

securing consistency in a supply chain approach

as IT Service Management benchmarking as basis for an independent assessment

to prove capability in meeting customer requirements

improving service


42/245

42

Scope: Description ISO/IEC 20000

What is the purpose of the respective parts of

ISO/IEC?

ISO/IEC 20000-1: Requirements for service providers intendingto offer managed services with acceptable quality levels

ISO/IEC 20000-2: Additional guidelines for auditors and serviceproviders

Where is ISO/IEC 20000 not suitable?

Product evaluation of tools, etc.


43/245

43

Section 2: Terms and Definitions




[1] Scope




Objective

Basic Definitions and Standardized Terminology


44/245

44


Terms and Definitions according to

ISO/IEC 20000 (2.3.6)


45/245

45

Terms and Definitions: Overview

Availability (6.3) Baseline (9.1)

Change Record (9.2)

Configuration Item

(9.1) Configuration

Management

Database (9.1)

Document

Incident (8.2)

Problem (8.3)

Record Release (10.1)

Request for Change (9.2)

Service Desk

Service Level Agreement(6.1)

Service Management

Service Provider

Grey highlighted terms: Definitions - see the following slides

All other terms: See Specification Sheet Section 7.5 for full list


46/245

46

Documents and Records

Document Information and its supported medium.

Record (objective evidence) A record is a document which shows whatkind of results are being achieved or how wellactivities are being performed.


47/245

47

Service

Service Desk

Interface function for communication of provider anduser, which covers the bigger part of the first levelsupport.

Service Management

Management of IT Services in order to support andmeet business requirements.

Service Provider

Supplier of IT Services (target object of ISO/IEC20000 certification).


48/245

48

Service Desk

Service Desk Objectives

To ensure availability of the IT provider

Single Point of Contact (SPOC) for Users

Tasks -

To take over tasks of service support (e.g. particularly

within Incident Management Process) Communication to users

Service Desk is a Core Definition, but not part of the ISO/IEC 20000 requirements.

BEST

PRACTICE

according to

ITIL Version 2 & 3, MOF


49/245

49

Requirements for a Management System




[1] Scope




Objective:

To provide a management system enabling the effectivemanagement of all IT Services.


50/245

50


Objective and purpose of a management system

(3.1.1)

Management responsibilities (3.1.2, 4.1.1)

Documentation requirements (3.1.3, 4.1.2) Competence, Awareness and Training (3.1.4, 4.1.3)


51/245

51

Management Systems

What is a management system?

A possible definition: A management system is theframework of processes, tools and resources(personnel and machinery) used to plan,

execute, document and continually improvemanagement tasks in a target-oriented,customer-oriented and quality-oriented way.

Important Aspects: Quality (cp. Quality Management) Management responsibilities Documentation Competence, Awareness and Training


52/245

52

Management Responsibilities

Management shall:

prove commitment to development, implementation andimprovement of service management capabilities byappropriate leadership behavior and appropriate

measures; establish policy, objectives and plans;

communicate the importance of meeting the objectives andthe need for continual improvement;

ensure that customer requirements are determined and are

met; appoint a member of management responsible for the co-

ordination and management of all services.


53/245

53

Management Responsibilities (continued)

Management shall: (continued)

determine and provide resources (e.g. personnel) forService Management;

manage risks to the organization and services;

conduct reviews of service management at plannedintervals.


54/245

54

Management Responsibilities (continued)

Furthermore, Senior Management should: require and support the implementation of service

management processes;

assign an executive position to the senior responsibleowner of IT Service Management ;

provide management representatives with requiredresources for continual or project-related improvement;

allocate a decision-making group to the managementrepresentatives with sufficient authority to define guidelinesand make decisions.


55/245

55

Documentation

Documentation and records shall be provided to

support effective planning, operation and control.

Including at least: Documentation of Service Management guidelines and

plans Documentation of Service Level Agreements

Documentation of processes required by ISO/IEC 20000

Records required by ISO/IEC 20000

Procedures and responsibilities shall be establishedfor the creation, review, approval, maintenance,

disposal, and control.


56/245

56

Documentation: Best Practices

Senior responsible owner should ensure evidence isavailable for audit, such as:

Policies and plans

Service documentation

Procedures

Processes

Process control records

Documents should be in a medium suitable for their purpose.

Documents should be protected from damage due to

circumstances (e.g. environmental conditions, computerdisasters).


57/245

57

Competence, Awareness & Training

All roles and responsibilities in combination with therequired competencies shall be defined.

Competencies and training needs shall be determinedand managed:

Maintain appropriate records of qualifications,experience, skills and trainings

Arrange for training and further education

Control effectiveness of qualification and training

Management shall ensure that staff are aware of therelevance and importance of their activities and howthey contribute to the achievement of servicemanagement objectives.


58/245

58

Section 4: Planning and Implementing SM

Objective Planning and

Implementing ITService Management

using DemingsQuality Circle.

PLAN

[4.1] Plan ServiceManagement

DO

[4.2] Implement ServiceManagement

CHECK[4.3] Monitor, Measure

and Review

ACT

[4.4] ContinualImprovement




[1] Scope


Management responsibility

Documentation requirementsCompetencies, awareness & training



59/245

59


Objective and purpose of the section Planning and

Implementing IT Service Management (3.1.5)

Plan-Do-Check-Act methodology for Service

Management Processes (1.5.1, 3.1.6, 3.1.8)

Principles of a Service Management Plan (3.1.7)

Internal and external audits (4.1.5, 4.1.6)

Conduct internal and external audits (4.1.6)


60/245

60

Continual Improvement

1. Necessary in order to improve the performance of theorganization and increase customer satisfaction.

2. Needs to be a permanent objective of the organiation.

3. Continual activity which keeps the wheel of the PDCAcycle turning.

4. Ensures improvement activities at all levels are aligned tothe organizations strategy.

5. Increases flexibility to act quickly on opportunities.

6. Applying the principle leads to a company culture andorganization-wide approach to continual improvement.

7. Leads to more business in the mid-term by activelyimproving the relationship with customers.


61/245

61

Demings Quality Circle PDCA

Process model of quality management according

to W. Edwards Deming Cyclical optimization of quality leads to continual

improvement

Plan-Do-Check-Act is applicable to all processes

defined in ISO/IEC 20000

time

maturity


62/245

62

PDCA in Service ManagementBusiness

Requirements

CustomerRequirements

Request for

new/changed services

Other processes(e.g. business,

supplier, customer)

Other teams(e.g. Security,IT Operations)

Management of Services

Management Responsibility

PLAN

Plan Service

Management

ACT

ContinualImprovement

DO

Implement ServiceManagement

CHECK

monitor, measureand review

Service Desk

Business results

Customer satisfaction

New/changed Services

Team and peoplesatisfaction

Other processes(e.g. business,

supplier, customer)


63/245

63

Section 4.1: Plan Service Management

Objective "Plan"To plan the implementation and delivery of servicemanagement.

PLAN

DO

CHECK

ACT


64/245

64

Planning for Service Management

Create a plan for implementing servicemanagement.

The plan is called the Service Management

Plan.Responsibilities shall be determined anddocumented to control, authorize,communicate, operate and maintain the plans.

All process-related plans have to becompatible with the service management plan.


65/245

65

Service Management Plan

The plans shall at a minimum define:

1. Scope of service management

2. Objectives and requirements to be achieved by

service management3. Processes to be executed

4. Framework of roles and responsibilities

5. Interfaces between service management

processes


66/245

66


The plans shall at a minimum define (continued):

6. Approach to risk management

7. Methods for interfacing with development projects

8. Resources, facilities, budget9. Tools for process support

10.Methods to manage service quality including auditand improving


67/245

67


Approaches to implementing the Service Management Plan

The Service Management Plan should be implemented byconsidering the following issues (providing a map for directingprogress):

Required new service management processesChanges in existing processes

Improvement of established procedures

etc.

Other possible content of the plan: Appropriate tool support for processes

Change procedure for the plan


68/245

68


Events with impact on the Service Management Plan:

Service Improvement

Changed Services

Changes to the target-state of infrastructure Changed legal/official requirements

Regulation or deregulation of branches

Mergers and acquisitions


69/245

69

Objective "Do"To implement the service managementobjectives and plan.

PLAN

DO

CHECK

ACT

Implement Service Management & Provide the Services

70


70/245

70

Implementing Service Management

Implementing Service Management

Allocation of budgets

Allocation of roles and responsibilities

Documenting and maintaining policies, plans,procedures and definitions for each process

Identify and manage risks to the service

Managing teams (staff)

Managing facilities and budgets

Managing teams for service desk and operations

Reporting on progress of Service Management Plan

Co-ordination of service management processes

71


71/245

71

Objective "Check"To monitor, measure, and review that theservice management objectives and plan arebeing achieved.

PLAN

DO

CHECK

ACT

Monitoring, Measuring and Reviewing

72


72/245

72

Achievement of Objectives

Appropriate methods shall be applied for monitoring andmeasuring processes to disclose achievement of targets.

Management shall conduct reviews at planned intervals todetermine whether:

Service management requirements conform with the

Service Management Plan and requirements ofISO/IEC 20000

Service management requirements are effectivelyimplemented and maintained

An audit program shall be planned.

Objectives of reviews, assessments and audits shall bedocumented together with the results and detectedresolutions.

In case of failure to fulfill obligations and otherproblematical concerns, all relevant parties shall beinformed.

73


73/245

73

Characteristics of Assessments and Audits

Self-assessmente.g. a department assesses its own procedures

Poor comparability, often not objective

First party (internal) audit

Auditing is performed by a department within theorganization

Auditor belongs to same organization, but is notinvolved in audited department

Second party (vendor) audit

Third party (external) audit

Auditing is performed by an independent externalorganization

In the context of standard audits mostly a registered

certified body (RCB).

74


74/245

74

Comparison: Characteristics of Assessments and Audits

Objectiveness

Costs/effort

Self-assessment

First party

(internal) audit

Third party

(external) audit

Second party

(vendor) audit

75


75/245

75

Audit Program

To be considered by internal audit

program:

Status and importance of the audited processes andorganizations

Results of previous audits

Criteria, scope, frequency and methods

shall be defined in a procedure.

Selection of auditors shall take into

consideration:Audit has to be objective and impartial.

Auditors shall not audit their own work.

76


76/245

76

Management Review

Management Reviews should focus on:

Achievements compared to service objectives (e.g.from audit results)

Customer satisfactionResource utilization

Trends

Certain service discrepancies

77


77/245

77

Objective "Act" To improve the effectiveness and efficiency of

service delivery and management.

PLAN

DO

CHECK

ACT

Continual Improvement

78


78/245

78

Policy

A published policy for service improvement is

required.

Any non-compliance with ISO/IEC 20000 or with

service management plan shall be remedied.

Roles and responsibilities for service

improvement shall be defined clearly.

79


79/245

79

Management of Improvement

All suggested service improvements shall beevaluated, documented, prioritized andauthorized. Monitoring these activities shall beplanned.

A specific process is required for continuallyidentifying, measuring, reporting and managingimprovement. This encompasses:

Improvements concerning individual processes that

can be implemented by process owners meansOrganization-wide or cross-process improvements

80


80/245

80

Activities to be carried out

Information shall be recorded and analyzed asa baseline and a benchmark against theproviders capability in managing services and

service management processes.

Identify, plan, and implement improvements.

Consultation with all involved parties.

Set a goal for improvements regarding quality,

costs, resources.

81


81/245

81

Activities to be carried out

Consider relevant requests for improvementof all services and management processes.

Measure, report and communicate serviceimprovements.

Revise service management policies,processes, procedures and plans wherenecessary.

Ensure that all approved actions aredelivered and that they achieve theirintended objectives.

82


82/245

82

Section 5: Planning and Implementing Services




[1] Scope


Management responsibility

Documentation requirementsCompetencies, awareness & training


Objective:

To ensure that new services and changes to services will bedeliverable at the agreed cost and service quality.

83


83/245

83


Parties involved in planning new or changed services(3.2.1)

Objective and purpose of planning and implementingnew or changed services (3.2.2)

Quality requirements for new or changed services (3.2.3) Content of an implementation plan for new or changed

services (3.2.4)

Planning and implementation policy for new or changedservices (4.1.4)

Reviews for planning new or changed services (4.2.1) Records for service changes (4.2.2)

84


84/245

84

Minimum Requirements

The costs, commercial and organizational impact of anyproposed new or changed services shall be considered byoperations and management of these services.

New or changed services, including closure of service,

shall be planned and authorized/approved through changemanagement.

Planning of new/changed services shall consider aspectsof funding and allocation of resources.

New/changed services require acceptance by service

provider before deployment to live environment. Post implementation review (including target-performance

comparison) through change management process.

85


85/245

Implementation Plans for New/Changed Services

Implementation plans for new/changed

services comprises at least:

Roles and responsibilities for implementing,

operating and managing (as well at the customer andat vendor)

Required changes to existing services and systems

Communication to the stakeholders

New and changed contracts and agreements Manpower requirements

Skills and training requirements

86


86/245

Implementation Plans for new/changed Services

Implementation plans for new/changed services

consists of at least (continued):

Processes, measures, methods, and tools to be used inconnection with the new/changed service

Budgets and timelines

Service Acceptance Criteria

The expected outcomes from operating the new service

expressed in measurable terms

87


87/245

PINCS: Involved Parties

Roles and responsibilities related to the service need

to be defined, including activities to be performed by:

Customers

Suppliers

Service Provider

Implementation via Change Management

Skills and training requirements for:

Users

Technical support of the service

88


88/245

Reviews at planning new or changed services

During planning new/changed services, thefollowing should be reviewed:

Budget Adjustment of budgeting required?

Increased financial requirements through new

services?Reduction of costs through changes or replacementof expensive services?

Staff Is existing staff able to provide/support

new/changed services?

Increased headcount (e.g. at support)?Possible personnel consolidation throughnew/changed services?

Service Levels Impact on existing service

levels?

89


89/245

Reviews for planning new or changed services

During planning new/changed services thefollowing should be reviewed (continued):

SLAs and other commitments

Changing existing or concluding new SLAs required?

Other commitments? Processes, procedures and documentation

Changing existing processes and procedures required (e.g.at support)?

Changed services require new documentation or update ofexisting documents?

Scope of Service Management

New or not yet implemented service managementprocesses required?

Service Management Plans update required?

90


90/245

Change Records of Changed Services

All changes to existing services should be

documented in relevant change records.

Staff training - conducted update training forsupport staff

Move or transfer

Conducted user training

Any change-related communication

Changes to supporting technologies (e.g.system components, software)

Closure of services

91


91/245

Content of ISO/IEC 20000

Part 2:IT Service Management Processes

(section 6 - 10)

Release Management


Supplier Management

Budgeting & Accountingfor IT services

Information Security ManagementService Level Management


Service Continuity &Availability Management




[10] Release


[7] Relationship

Processes


92


92/245

Release Management


Supplier Management









[10] Release


[7] Relationship

Processes


Section 8: Resolution Processes

About the process groupIncident and Problem Management are closely related

processes but differ in their objectives. These processes are coveredin the Professional module Support of IT Services within the ISO/IEC20000 Qualification Program.

93


93/245

Learning target of this section Objectives and requirements within

Incident Management (3.5.1)

Best Practices within Incident

Management (4.5.1)

Objectives and requirements within

Problem Management (3.5.2)

Best Practices within Problem

Management (4.5.2)

94


94/245

Code of Practice

Classification Incident vs. Problem Management Incident Management: Quickest possible service

recovery

Problem Management: Root cause identification and

resolution

Similarities and connections between Incident and

Problem Management

Prioritization of Incidents and Problems Problem Management develops and maintains work-

arounds provided to Incident Management.

95


95/245

Code of Practice

Aspects to consider scheduling Incidents andProblems

Priority: Control factor resulting fromImpact

Urgency

Staff skills

Competing requests for resource allocation

Costs of implementing the resolution

Approximated time to implement the resolution

ISO/IEC 20000

Code of Practice

96


96/245

Objective:

Resolve incidents as quickly as possible and minimize theadverse impact on business operations.

Incident Management

Release Management


Supplier Management






Incident Management

Problem Management

Configuration Management

Change Management


[10] ReleaseProcess[8] Resolution Processes

[7] RelationshipProcesses


97


97/245

Fundamental terms

Incident An unplanned interruption to a service or

reduction in the quality of an service.

Further Terms Service Request:

Request for documentation

User Request for Change

Escalation:procedure of forwarding an incidentFunctional Escalation

Hierarchical Escalation

98


98/245

Process

Activities:

Detection and Recording - description of symptoms,creation of ticket

Classification and Initial Support - if possible,resolution through first level support (Service Desk);incident prioritization and categorization

Investigation and Diagnosis - find a resolution torestore the service as quickly as possible

Resolution and Recovery - initiation of requiredrecovery measures

Closure - resolution documentation, userconfirmation, close ticket

BEST

PRACTICE

according to

ITIL Version 2 & 3

99


99/245

Functional Escalation

Request?

Detection

1st Support

Resolvable?

Resolution

Diagnosis

Resolvable?

Resolution

Closure

RequestFulfillment

Yes

Yes Yes

No No No

2nd Level

Support3rd Level

Support

ServiceDesk

Co-ordination of support units

Diagnosis

Resolvable?

Resolution

Yes

No

BEST

PRACTICE

according to

ITIL Version 2 & 3

100


100/245

Service Requests and Incidents

The 20 GB hard disk of mynotebook is too small !

I have forgotten my Wiki-Password!

The color printer in room

D.2 stopped printing red!

It takes a long time toload our external web

sites!

I cannot accessmy emails!

Service Request for a storageupgrade

Service Request for a

cartridge change or a printerfailure

Performance Incident

Service Request for apassword or account reset

E-mail service failure

101


101/245


All Incidents shall be recorded.

Procedures for detection, impact analysis, prioritization,classification, escalation, resolution and closure ofincidents shall be defined.

Customers shall be kept informed of the process progress andalerted BEFORE SLA is breached or at risk of beingbreached.

All staff involved in incident management shall have access torelevant information such as:

Known errors Problem resolutions

Configuration Management Database (CMDB)

Major Incidents shall be managed according to a process.

102


102/245

Code of Practice

Process closure

Prerequisite - Final closure of an incident should only takeplace when the initiating user has confirmed that the

service is restored.

Major incidents

Important - There should be a clear definition of whatconstitutes a major incident.

All major incidents should have a clearly definedresponsible manager at all times.

The process for a major incident should include review.

103


103/245

Assessment Card Template

SectionSub

SectionRequirement of ISO20000

8.1 Incident Managem ent

8.2 a All incidents shall be recorded

8.2 bProcedures shall be adopted to manage the impact of

service incidents

8.2 c

Procedures shall define the recording, prioritization,

business impact, classification, updating, escalation,

resolution and formal closure of all incidents

8.2 d

The customer shall be kept informed of the progress of their

reported incidents or service request and alerted in

advance if their service levels cannot be met and an action

agreed

8.2 e

All staff involved in incident management shall have access

to relevant information such as know n errors, problem

resolutions and the configuration management database

8.2 f Major incidents shall be classified and managed according

to a defined process

104


104/245

Objective:To avoid disruption by proactive and reactive analysis of the cause ofpotential incidents.

Problem Management

Release Management


Supplier Management








Change Management


[10] ReleaseProcess

[8] Resolution Processes[7] Relationship

Processes


105


105/245

Fundamental terms

Problem

An unknown cause of one or more incidents

Additional terms:

Known Error- root cause of one or more incidents forwhich work-arounds exist, if applicable.

Reactive and proactive problem management

106


106/245

Problem Control

Process

Sub-processes within reactive problem management

Problem control

Error control

Problem Known Error

unknown cause known cause

Error Control

Request for Change

Change Management

BEST

PRACTICE

according to

ITIL Version 2

Problem Management

107


107/245

Process

Process activities within reactive problem management

Problem detection

Problem logging

Categorization

Prioritization

Investigation and Diagnosis

Find out work-arounds, if possible

Create Known Error Record

Submit request for change, if requiredResolution

Closure

BEST

PRACTICE

according to

ITIL Version 3

108


108/245

Trend Analysis

Definition: Analysis of data of various sources to identify time-

related patterns.

Examples of sources:

Ticket system - number of similar incidents

Monitoring tools - resource utilization peaks

Examples of time-related patterns:

Each Monday between 7:30-9:30 p.m. noticeable accumulationof submitting network incidents

Problem identification (reactive problem management sinceincidents already occured)

Every day between 2-5 a.m. marginally high utilization of aninformation system

Problem identification (proactive problem managementsince incidents should be avoided)

109


109/245


All identified problems shall be recorded.

Procedures shall be adopted to identify, minimize or avoid theimpact of incidents and problems. They shall define therecording, classification, updating, escalation, resolution and

closure of all problems. Preventive action shall be taken to reduce potential problems.

Changes required in order to correct the underlying cause ofproblems shall be passed to the change management process.

110


110/245


Problem resolution shall be monitored, reviewed and reportedon for effectiveness.

Problem management shall be responsible for ensuring up-to-date information on known errors and corrected problems isavailable to incident management.

Actions for improvement identified during this process shall berecorded and implemented.

111


111/245

Code of Practice

CommunicationAll processes and people involved in service supportparticularly incident management should be informed of:

Work-arounds

Permanent fixes

Progress of problems

112


112/245

Example: From Problem to Change


sites!

Incident

Category: SW/ServiceImpact:Highest (all users)Urgency:

Low (no SLA affected)

Problem

1. Back up log file2. Empty log file

Failure in writing logfiles causes delays

Root cause

Max. file size of webserver log files reached

Known Error

Install patch forweb server

Resolution

Install patch T12-02 forweb server onmachine pclx3

RfC

Work-around

113


113/245


SectionSub


8.3 a All identif ied problems shall be recorded

8.3 bProcedures shall be adopted to identify, minimize or avoid

the impact of incidents and problems.

8.3 cProcedures shall define the recording, classification,

updating, escalation, resolution and closure of all problems

8.3 dPreventive action w ill be taken to reduce potential problems,

eg. Follow ing trend analysis of incident volumes and types

8.3 e

Changes required in order to correct the underlying cause

of problems shall be passed to change management

process

8.3 f Problem resolution shall be monitored, review ed and

reported on for eff ectiveness

8.3 g

Problem management shall be responsible for ensuring up-

to-date information on know n errors and corrected

problems is available to incident management

8.3 hActions for improvement identif ied during this process shall

be recorded and input into the service improvement plan

8.3 Problem Management

114


114/245

Revision Course

Trend analysis is important during what activity of problem

management process?

What is the difference between a problem and an error?

What are the sub-processes of problem management?

How is problem management linked to change

management? What is the next step within problem management after a

change was implemented to resolve an error?

What kind of information does problem management

provide for the incident management process?

115


115/245

Section 9: Control Processes

About the process groupObjective:

To manage configuration information and changes effectively.

Release Management


Supplier Management









[10] Release


[7] Relationship

Processes


116


116/245


Objectives and requirements of Configuration Management (3.2.5)

Best Practices of Configuration Management (4.2.3)

Objectives and requirements of Change Management (3.2.6)

Best Practices of Change Management (4.2.4)

117


117/245


Objective:

To define and control the components of the service and infrastructureand maintain accurate configuration information.

Release Management


Supplier Management








Change Management


[10] ReleaseProcess

[8] Resolution Processes



118


118/245

Fundamental terms

Configuration Item (CI)

Any IT infrastructure component or other element that isrecorded and maintained by configuration managementprocess

Configuration Management Database (CMDB)

A database used to store:

all relevant information of all CIs

relationships with other CIs

119


119/245

Fundamental terms

Additional terms

Attribute - a piece of information about a CI (e.g. asset id,location)

Baseline - a benchmark used as a reference point.Configuration Management System (CMS) - a set of tools anddatabases that are used to manage configuration information:

includes one or more CMDBs Federated CMDB

manages relationships with other CIs and related incidents,

problems, known errors, changes, etc.

BEST

PRACTICE

according to

ITILIL Version 3

120


120/245

Process

ActivitiesPlanning of:

CMDB targets (e.g. Which processes have to be supported?How?)

Scope of CMDBIdentification - define types of CIs, name conventions,

versioning

Recording and Control:

record new CIs

update existing CIsStatus Accounting - record/update lifecycle status of each CI

Verification - mapping CMDB and actual situation

BEST

PRACTICEaccording to

ITIL Version 2 & 3

121


121/245

Process

Planning

Identification

Recording and Control

Status Accounting

Verification

CMDB

Targets, Scope

Types of CIs, Baselines,Name conventions

New CIs, changed CIs

Update CI Status

Difference betweenCMDB and reality

BEST

PRACTICE

according to

ITIL Version 2 & 3

122


122/245


There shall be an integrated approach to change andconfiguration management planning Scope of CMDB= Scope of change management!

Configuration management shall have an interface tofinancial asset accounting processes.

There shall be a configuration management policy onwhat is defined as a configuration item and its constituentcomponents.

The information to be recorded for each item shall bedefined and shall include the relationships anddocumentation necessary for effective servicemanagement.

123


123/245


Configuration management shall provide the mechanismsfor identifying, recording, controlling and trackingversions of CIs. It shall be ensured that the process

meets the business needs, risk of failure and servicecriticality.

Configuration management shall provide information tothe change management process:

Supporting Change Management in risk and impact analysis

of planned changes Tracking of hardware/software changes

124


124/245


A baseline of the appropriate configuration items shallbe taken before a release to the live environment.

Master copies of digital CIs (software, documents) shall

be controlled in secure physical or electronic libraries

(cp. release management: definitive software library) andreferenced to the configuration records.

All configuration items shall be uniquely identifiable andrecorded in a CMDB to which update access shall bestrictly limited and controlled.

Audit procedures shall include process and CMDB.

125


125/245

Configuration Management: Best

Practices

Should be planned and implemented together with Change and ReleaseManagement.

All major assets and configurations should be accounted for and have a

responsible manager who is accountable. There should be an up-to-date configuration management plan for the

infrastructure and/or services.

Managed CIs should be defined by relevant and auditable. Attributes,relationships and dependencies between CIs should be identified.

CIs should be held in a secure and suitable environment.

No CI should be added or undergo an uncontrolled status change. Statusrecords should provide current and historical data and be available to allrelevant parties.

Configuration audits should be carried out regularly.

126


126/245


9.1 aThere shall be an integrated approach to change and

configuration management planning

9.1 bThe service provider shall define the interface to f inancial

asset and accounting processes

9.1 cThere shall be a policy on w hat is defined as a

conf iguration item and it's constituent components

9.1 d

The information to be recorded for each item shall be

defined and shall include the relationships and

documentation necessary for effective service

management

9.1 e

Configuration management shall provide the mechanisms for

identifying, controlling and tracking versions of identifiable

components of the service and infrastructure

9.1 f The degree of control shall be suf ficient to meet the

business needs, risk of failure and service criticality

9.1 g

Configuration management shall provide information to the

change management process on the impact of a requested

change on the service and infrastructure configurations

9.1 h

Changes to configuration items shall be traceable and

auditable where appropriate, eg. For changes and

movements of softw are and hardw are

9.1 i

Configuration control procedures shall ensure that integrity

of systems, services and service components are

maintained

9.1 jA baseline of the appropriate conf iguration items shall be

taken before a release to the live environment

9.1 Service Asset and Configuration Management

127


127/245

Excursus: Service Knowledge Mgmt. according to ITIL

Why Service Knowledge Management?

Sole Configuration Management is insufficient to soundly supportmanagement decisions.

Service Knowledge Managementadditional documentation of:

experiences

key findings of former projects

expert knowledge

Service Knowledge Management System (SKMS): A set of tools

and databases that are used to manage knowledge andinformation. The SKMS includes the:

CMDBs

CMS

BEST

PRACTICE

according to

ITILVersion 3

128

Ch M


128/245

Change Management

Objective:

To ensure all changes are assessed, approved, implemented andreviewed in a controlled manner.

Release Management


Supplier Management









[10] ReleaseProcess

[8] ResolutionProcesses



129

F d l


129/245

Fundamental terms

Request for Change (RfC)

Form to register all relevant details of a required change to a CI.

Change Record

A record containing the CI details of an authorized change.

130


130/245

Fundamental terms

Additional terms:

Change Advisory Board (CAB) - A group of people

that advises in the assessment, prioritization andscheduling of changes.

Emergency Change Advisory Board (ECAB) - Asubset of the Change Advisory Board put together ondemand that plans and makes decisions about

emergency changes.Forward Schedule of Change (FSC) - Schedule of allplanned changes.

BEST

PRACTICE

according to


131

P


131/245

Process

Activities:

Records all RfCs

Review and Filter - decide on RfC acceptance bydefined formal criteria

Classification: Priority (impact, urgency)

Category (Risks)

Authorize and Plan - release changes for development,budgeting and resource planning

Coordination of change development and changerelease

Post implementation review (PIR)

BEST

PRACTICE

according to


132

P


132/245

Process

Release Management

Review & Filter

Record

Authorization

Classification

Coordination

Assess (PIR)

RfC

accepted?

Yes

RfCrejected

No

authorized?Changerejected

No

YesChangeManag

ement

BEST

PRACTICE

according to


133


133/245


Changes shall have a clearly defined and documentedscope.

All requests for change shall be recorded and classified

and assessed for their risk, impact and business benefit.The process shall include the manner in which thechange shall be reversed or remedied if unsuccessful.

All changes shall be reviewed after implementation(PIR).

There shall be policies and procedures to control theauthorization and implementation of emergencychanges.

134



134/245


The scheduled implementation dates of changes

shall be documented including details of all the

changes (FSC).

Change records shall be analyzed regularly to detect

increasing levels of changes, frequently recurring

types and other trends.

135


135/245

Code of Practice

Standard Change

Established, documented and practiced procedure

Pre-authorized by Change Management

Emergency Change

Emergency change procedure will follow the normal changeprocedure as far as possible.

Regular requirements can be relaxed for time-critical steps,e.g.

Testing may be reduced, or in extreme cases forgone

completely Documentation may be deferred

Emergency changes should be reviewed after the change toverify that it was a true emergency.

136

A t C d T l t


136/245

Assessment Card TemplateSection

Sub


9.2 aService and infrastructure changes shall have a clearly

defined and documented scope

9.2 bAll requests for change shall be recorded and classified.

Eg. Urgent, emergency, major, minor

9.2 cRequests for changes shall be assessed for their risk,

impact and business benefit.

9.2 d

The change management process shall include the manner

in w hich the change shall be reversed or remedied if

unsuccessful

9.2 e Changes shall be approved and then checked, and shall beimplemented in a controlled manner.

9.2 f All changes shall be review ed for success and any actions

af ter implementation

9.2 gThere shall be policies and procedures to control the

authorization and implementation of emergency changes

9.2 hThe scheduled implementation dates of changes shall be

used as the basis for change and release scheduling

9.2 i

A schedule that contains the details of all changes

approved for implementation and their proposed

implementation dates shall be maintained and communicated

to relevant parties

9.2 j

Change records shall be analyzed regularly to detect

increasing levels of changes, f requently recurring types,

emerging trends and other relevant information.

9.2 kThe results and conclusions draw n from change analysis

shall be recorded

9.2 lActions f or improvement identified during this process shall

be recorded and input into the service improvement plan

9.2 Change Managem ent

ISO/IE

C

20000

CodeofPractice

137

Section 10: Release Process/Release Management


137/245

Section 10: Release Process/Release Management

Objective:

To distribute one or more changes in a release to the liveenvironment including planning and documentation.

Release Management


Supplier Management








Change Management


[10] ReleaseProcess

[8] Resolution Processes



138


138/245


Objectives and requirements within release management

(3.2.7)

Best Practices within release management (4.2.5)

139

Fundamental terms


139/245

ReleaseA collection of new or changed CIs required to be tested together and

deployed to live environment.

Additional termsDefinitive Media Library (DML):

Master copies of deployed software (licensed third-party software andproprietary)

Basis for packaging of releases

Definitive Hardware Store (DHS):Physical storage location of approved and registered hardware

Fundamental terms

140

Process


140/245

Process

Activities leading to Release Readiness Review

Release Planning - release plan development, strategyand guidelines on further steps

Release Building - release package constructionincluding all required tools and documents for releaseroll-out

Acceptance Tests - release test in a simulatedproduction environment

Release Readiness Review - assessment of testresults, Go/No-Go decision on release

Information to change management, if release wasrejected.

BEST

PRACTICE

according to

MOF

141

Process


141/245

Process

Activities after Release Readiness Review

Roll-out planning:

details of physical provisioning in production environment

verify environment is ready for release (e.g. capacity: storage,

room in hardware racks, etc.)concrete roll-out times and timeframes for resource allocation

communication and training

separate plans for different locations as an option

Roll-out Preparation: Ensure that

all resources included in roll-out plan are available.prerequisites for contingency plan are met.

Roll-out - coordination, documentation and final provisioning

of releases

BEST

PRACTICE

according to

MOF

142

Exemplary Workflow


142/245

Exemplary WorkflowBEST

PRACTICE

according to

MOF

Review & filter

Record

Authorization

Classification

Asses (PIR)

Release building

Release planning

Readiness Review

Acceptance test

Roll-out preparation

Roll-out Planning

Roll-out

approvedChange

approvedChange

approvedChange

C

hangeManagem

ent R

eleaseManagem

ent

143



143/245


The release policy stating the frequency and type ofreleases shall be documented and agreed upon.

The service provider shall plan with the business therelease of services, systems, software and hardware.

Plans on how to roll out the release shall be agreed to byall relevant parties (e.g. customers, users and supportstaff).

The process shall include the manner in which the releaseshall be reversed or remedied if unsuccessful.

Plans shall record the release dates and deliverables andrefer to related change requests, known errors andproblems.

Requests for change shall be assessed for their impact onrelease plans.

144



144/245


Release management process requires update andchange procedures for configurations items.

To test releases before distribution requires acontrolled test environment.

Release and distribution shall be designed andimplemented so that the integrity of hardware andsoftware is maintained at all times.

Success and failure of releases shall be measured.Measurements shall include incidents related to a

release in the period following a release. Analysis shallprovide input to a plan for improving the service.

145

C d f P ti


145/245

Code of Practice

Release Policy

A document to define general requirements for release management.

A Release Policy should include:

frequency and type of release (release types)

roles and responsibilities for process

authority for the release into acceptance test

unique identification and description of all releases

approach to grouping changes into a release

approach to automating the plan, build and release distribution processes

verification and acceptance of a release (e.g. error-free or covered byknown error database)

146

Code of Practice


146/245

Code of Practice

Release and Roll-out Plan

Objective of Release Planning: Compatible with CIs in target environment

Ensure that all changes are authorized by Change Management (feedback)

Release Plan: Detailed document to plan a concrete release (important: differs from release policy)

The planning for a release and roll-out should typically include (abstract):

release dates

related changes

problems and known errors closed or resolved by this release

known errors that have been identified during testing of the release

the manner in which the release will be reverted or remedied if unsuccessful

detailed description of the required test

communication training (particularly for customer and support staff)

resources required for release

147

Example: From Change to Release


147/245

Example: From Change to Release


sites!

Incident

Install patch T12-02for web server

Status: Accepted

RfC

Install patch T12-02

Priority:

Medium (high impact,low urgency)

Category (risk):Minor Change

Change

Schedule:Complete until2008-06-25

1. Download patch2. Install in test

environment

Roll-out Plan

1. Install in operativeenvironment

2. Post ImplementationReview

PIR Report

Release

148



148/245


ISO/IE

C

20000

Codeo

fPractice

SectionSub


10.1 aThe release policy stating the frequency and type of

releases shall be documented and agreed

10.1 bThe service provider shall plan w ith the business the

release of services, systems, softw are and hardw are

10.1 c

Plans on how to roll out the release shall be agreed and

authorized by all relevant parties, eg. Customers, users,

operations and support staff

10.1 dThe process shall include the manner in w hich the release

shall be backed out or remedied if unsuccessful

10.1 e

Plans shall record the release dates and deliverables and

refer to related change requests, know n errors and

problems

10.1 f The release management process shall pass suitable

information to the incident management process

10.1 gRequests f or change shall be assessed for their impact on

release plans

10.1 h

Release management procedures shall include the updating

and changing of configuration information and change

records.

10.1 i

Emergency releases shall be managed according to a

defined process that interfaces the emergency change

management process

10.1 jA controlled acceptance test environment shall be

established to build and test all releases prior to distribution

10.1 k

Release and distribution shall be designed and implemented

so that the integrity of hardw are and softw are is maintained

during installation, handling, packaging and delivery

10.1 Release Managem ent

149

Section 6: Service Delivery Processes


149/245

Section 6: Service Delivery Processes

About the process group

Service delivery processes handle long-term service planning andmanagement of service delivery requirements.

Release Management


Supplier Management









[10] Release


[7] Relationship

Processes


150



150/245


Objectives, requirements and best practices withinService Level Management (3.3.1, 4.3.1)

Objectives, requirements and best practices withinService Reporting (4.3.2)

Objectives, requirements and best practices withinBudgeting and Accounting for IT Services (3.3.3, 4.3.3)

Objectives, requirements and best practices withinService Continuity and Availability Management (3.4.1,4.4.1)

Objectives, requirements and best practices withinCapacity Management (3.4.2, 4.4.2)

Objectives, requirements and best practices withinInformation Security Management (3.4.3, 4.4.3)

151



151/245


Objective:To define, agree, record and manage levels of service.

Release Management


Supplier Management









[10] Release


[7] Relationship

Processes


152

Fundamental terms


152/245

Fundamental terms

Service Level Agreement (SLA)An agreement between an IT service provider and acustomer which describes the IT service and servicelevel targets.

Additional terms

Service Level -Acceptable quality level of aservice

Service Catalogue -A structured documentwith information about all provided services (maycontain reference to SLA)

153

Supporting Service Agreements


153/245

Internal Organizations

Service Agreements / OLAs

Lead Suppliers

Contracts

Service A

IT Systems

Service Level Agreements

Business

Subcontracted Suppliers

Suppliers

Contracts

Service B ServiceC

ServiceProvider

Supporting Service Agreements

154



154/245


Possible SLA content (abstract): Service description

Validity period

Authorization details

Service hours

Service targets

Escalation and notification process

Guidelines to define impact and priority Workload limits

etc.

155



155/245


The full range of services to be provided together with thecorresponding service level targets and workloadcharacteristics shall be agreed to by the parties andrecorded.

Each service provided shall be defined, agreed upon and

documented in one or more service level agreements(SLAs).

SLAs, together with supporting service agreements,supplier contracts and corresponding procedures, shall beagreed to by all relevant parties and recorded.

The SLAs shall be under the control of the changemanagement process.

The SLAs shall be maintained by regular reviews.

Service levels shall be monitored and reported ascompared to targets.

156

Service Level Management: Best Practices


156/245

A service catalogue defining all services should be up-to-dateand easily accessible for both customers and support staff.

SLAs should be defined from a customer perspective. SLM process should be flexible to accommodate major business

changes and changing customer requirements.

Service provider should be given adequate information in orderto understand their customers business drivers andrequirements.

SLM process should encourage both the service provider andthe customer to be proactive and take joint responsibility for theservice.

Customer satisfaction is key but should be recognized as asubjective measurement.

Supported services should be documented and agreed uponwith each supplier, including internal groups.

157



157/245


ISO/IE

C

20000

Codeo

fPractice

6.1 Service Level Management

6.1 a

The full range of services to be provided together w ith the

corresponding service level targets and w orkload

cha