Read an Excerpt
CHAPTER 1
Introduction
In today's competitive business climate it's not enough to do things right; Information Technology (IT) organizations must do the right things right. The purpose of this book is to provide a practical, step-by-step approach to creating and using IT service management processes to increase the efficiency and effectiveness of your IT organization. ISO/IEC 20000, the first international standard for IT service management, defines IT service management as follows:
IT service management (ITSM)is an integrated process approach that enables an IT organization to deliver services that meet business and customer requirements.
The focus of ITSM is on managing the full lifecycle of IT services. Its scope does not typically include project or program management, nor does it include application or software development. However, ITSM processes should be designed and implemented in a way that aligns and integrates with the project and program management and the application and software development processes. The consistent use of well-designed and implemented processes enables IT organizations to:
Align their efforts with business goals
Ensure compliance with applicable regulatory controls
Achieve customer and employee satisfaction Efficient and effective processes enable both customers and IT staff to know what needs to be done and how things need to be done. This book is designed to help you determine the right ITSM processes to perform, and how to perform them well. It describes how to develop and implement ITSM processes that deliver profound and positive results in the form of business value. It also describes the critical components that must be considered to ensure efficient and effective processes. These critical components are:
People: Individuals and teams who support customers by performing processes
Processes: Interrelated work activities that take inputs and produce outputs that are of value to a customer
Technology: Tools and technologies that people use to do their work
Information: Data and information that people need to do their work, measure process efficiency and effectiveness, and identify improvement opportunities
The focus of this book is on the process component; however, it is impossible to ignore the other components — people, technology, and information — as they ultimately determine how processes are performed. As illustrated in Figure 1.1, processes and procedures exist in every IT organization and in every business:
A process is a collection of interrelated work activities that take a set of specific inputs and produce a set of specific outputs that are of value to a customer
A procedure is a step-by-step set of instructions that describe how to perform the activities in a process
In today's fast-paced business world, every worker is responsible for a process at some level. Furthermore, every worker is simultaneously a supplier (or creator) of process input and a customer (or recipient) of process output.
To understand the importance of adopting a process-oriented approach, it is useful to discuss the changing role of IT and how business and industry trends are influencing its role.
1.1 The Changing Role of IT
The role of IT has changed dramatically in recent years and organizations can continue to expect significant changes over the next few years. This is because expectations have changed and business leaders expect IT to deliver technology solutions that support top business goals such as:
Improving business processes
Cutting enterprise costs
Increasing the use of information/analytics in decision making
Improving enterprise workforce effectiveness
Attracting new and retaining existing customers
Creating innovative new products and services
Although most of these goals are ever present, business process improvement is a strong trend that requires ongoing collaboration between IT and its business customers. An extension of business process improvement, business process management (BPM) is a systematic approach to improving an organization's business processes. BPM goals include:
Aligning business processes with customer needs
Improving the organization's ability to achieve its business goals
Improving the efficiency and effectiveness of business processes
Enabling agility, innovation, and integration with technology
A business process is a set of interrelated activities that accomplish a specific business goal. In other words, it is a process, like any other process. Business processes may include:
Core: The processes that represent an organization's core competency (e.g., manufacturing, financial services, and healthcare). These processes focus on delivering a product or service to the organization's external customers.
Supporting: The processes that govern or control and support business activities (e.g., accounting, corporate governance, human resources, and ITSM).
Many IT organizations view BPM as something "the business does." IT is then engaged after the fact to automate the results. However, IT must be engaged throughout a BPM initiative for a number of reasons including:
1. The IT organization is part of the business and in some cases is the business. Whether the IT organization's processes represent the core or supporting processes, the processes used by IT are business processes and must be continually improved.
2. The business and IT must work together to determine where integration, automation, or workflow redesign will improve process efficiency or increase agility.
3. Tools such as those used for process design, modeling, and measurement — which are deployed and maintained by IT — can improve the effectiveness of the process improvement activities themselves.
Having IT engaged in BPM activities ensures that long range goals are understood and that ITSM efforts underpin those goals. Having IT engaged also helps ensure that all options are explored and the best solution(s) are identified. As those options often include contracting with external suppliers or partners to deliver some or all IT services, partners must be engaged during process design and improvement activities as well. Having partners involved ensures roles, responsibilities, and interfaces are clearly understood.
Once viewed as a part of the back office, the IT organization now can — and should — contribute directly to the bottom line. Times have changed and today's IT organization is expected to:
Deliver value
Contribute to the achievement of business goals
Manage and continually improve processes
Improve regulatory compliance
Enable innovation
Understand and reduce costs
Understand and reduce risks
Satisfy customers
Customer satisfaction reflects the difference between how a customer expects to be treated and how a customer perceives he or she was treated. This reality is one of the many things that make satisfying customers a challenge. Two people who experience the same event will perceive that event differently. What a customer perceives as good one day may not be good enough the next.
1.2 The Importance of IT Service Management Processes
ITSM processes help organizations achieve business and IT alignment, which is a top priority for Chief Information Officers (CIOs) according to a survey conducted by CIO Insight.
An integrated approach to implementing ITSM processes also enables IT organizations to balance critical traits such as those illustrated in Table 1.1. All of these traits are important to IT customers and cannot be viewed as mutually exclusive. Balance is important and is achieved by:
1. Rigorously executing processes
2. Measuring and monitoring process performance
3. Continually improving processes
As illustrated in Table 1.2, well-documented and managed ITSM processes enable an organization to change its behaviors and ultimately its culture.
The processes that IT organizations perform vary based on factors such as its type (e.g., internal or external service provider), size, and stage of maturity. Business goals and the required level of business and IT integration also influence the processes performed.
1.3 Using Process Frameworks and Standards
Although it is possible to start with a clean sheet of paper when designing or improving a process, it is much more efficient to use an existing framework or standard as a starting point. A framework is a logical structure for classifying and organizing complex information. A process framework describes best practices that can be used to define and continually improve a given set of processes. Process frameworks also provide a common vocabulary that organizations can use when describing and executing processes.
Because a framework does not contain the mandatory requirements found in a standard, organizations can choose to adopt some practices and not others. This is an important distinction, as organizations often lack the resources required to adopt all of the practices described in a framework, at least initially. For example, the widely used Information Technology Infrastructure Library framework (discussed below) describes more than 20 processes and hundreds of best practices. Few organizations have the resources to focus on all of these processes at once. Instead, most organizations initially adopt a basic set of practices for a small subset of processes, and expand their use of the framework over time.
The world's largest developer and publisher of international standards is the International Organization for Standardization (ISO). ISO is a network of the national standards institutes of more than 150 countries, one member per country, with a Central Secretariat in Geneva, Switzerland.
In the context of ISO, a standard is a document that contains an agreed-upon and approved set of requirements that an organization must satisfy to be certified. ISO standards are created by committees of experts who discuss and debate requirements until a consensus is reached on a draft agreement. Draft agreements are published for public review, and committee members use the feedback they receive to formulate a revised agreement. For an agreement to be accepted as an international standard, it must be voted on and approved by the ISO national members.
ISO standards are voluntary, and organizations can choose to comply with the standards — or not. However, to be certified, an organization must produce evidence that it has put in place all of the mandatory controls specified in the standard. This evidence must be presented to a third-party organization known as a registered certification body during an independent audit. An audit is an examination of evidence such as documents and records to verify compliance with a law, regulation, policy, or standard.
Achieving ISO certification can cost an organization tens of thousands of dollars and take months of effort. Companies that seek ISO certification typically do so to provide their customers assurance that quality processes are used to produce their products and services. ISO certification also enables companies to create a competitive advantage and attract customers. Some organizations are required to achieve ISO certification if they choose to do business with a particular customer or compete in a particular market space. Table 1.3 compares the characteristics of frameworks and standards. Many frameworks and standards exist that enable IT organizations to manage and support information technology and continually improve the quality of their services.
1.4 IT Service Management Frameworks
Several frameworks help clarify the scope of ITSM. These frameworks provide guidance and describe best practices that IT organizations can use to implement and continually improve their ITSM capabilities.
Many organizations adopt practices from multiple frameworks in an effort to develop a set of processes that meet their needs. The most commonly used ITSM frameworks include:
Information Technology Infrastructure Library®
Control Objectives for Information and related Technology
Microsoft® Operations Framework
The Information Technology Infrastructure Library® (ITIL® is a set of best practice guidance drawn from public and private sectors worldwide that describes a systematic and professional approach to the management of IT services. ITIL was developed in the 1980s by the British Government's Central Computer and Telecommunications Agency, now called the Office of Government Commerce, with the goal of developing a framework for efficient and financially responsible use of IT resources within the British government and the private sector.
Widely adopted in the 1990s, the library has evolved and ITIL Version 3, published in June 2007, consists of five books that span the service lifecycle:
Service Strategy: Provides guidance on how to design, develop, and implement service management. It covers processes such as financial, service portfolio, and demand management.
Service Design: Provides guidance for the design and development of services and service management processes. It covers processes such as service catalog, service level, availability, capacity, IT service continuity, information security, and supplier management.
Service Transition: Provides guidance for the development and improvement of capabilities for transitioning new and changed services into operations. It covers processes such as change, service asset and configuration, release and deployment, and knowledge management. Other processes include transition planning and support, validation and testing, and evaluation.
Service Operation: Provides guidance on achieving effectiveness and efficiency in the delivery and support of services. It includes processes such as event, incident, problem, and access management, along with request fulfillment.
Continual Service Improvement: Provides guidance on creating and maintaining value for customers through better design, transition, and operation of services. It includes processes such as service measurement, service reporting, and the 7-step improvement process.
Control Objectives for Information and related Technology (COBIT®) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. Created in 1992 by the Information Systems Audit and Control Association and the IT Governance Institute, the framework continues to evolve and COBIT 4.1 was released in May 2007.
COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT defines IT activities in a generic process model within four domains:
Plan and organize: Covers the use of information and technology and how it can best be used in a company to help achieve the company's goals and objectives
Acquire and implement: Covers identifying IT requirements, acquiring the technology, and implementing it within the company's current business processes
Deliver and support: Focuses on the delivery aspects of the information technology
Monitor and evaluate: Deals with a company's strategy in assessing the needs of the company, and whether or not the current IT system still meets the objectives for which it was designed, and the controls necessary to comply with regulatory requirements
ITIL and COBIT complement each other; for example, you can supplement the IT operational process strengths of ITIL with the critical success factors and key performance indicators of COBIT.
The Microsoft® Operations Framework (MOF) consists of integrated best practices, principles, and activities that provide comprehensive guidelines for achieving reliability for IT solutions and services. Originally introduced in 1999, the platform-independent framework has evolved and MOF 4.0 was introduced in July 2008. The guidance in MOF encompasses all of the activities and processes involved in managing an IT service: its conception, development, operation, maintenance, and — ultimately — its retirement. MOF organizes these activities and processes into service management functions (SMFs), which are grouped together in phases that mirror the IT service lifecycle. In MOF, the IT service lifecycle is composed of three ongoing phases and one foundational layer that operates throughout all of the other phases. The lifecycle phases are:
Plan: Planning and optimizing the IT service to align with the business strategy
Deliver: Design and delivery of the IT service
Operate: Ongoing operation and support
(Continues…)
Excerpted from "The ITSM Process Design Guide"
by .
Copyright © 2010 ITSM Academy.
Excerpted by permission of J. Ross Publishing, Inc..
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.