THE ITIL PRACTICES Intent and Context Instructor Notes: ‘Share the following information with participants: “In ITIL, a practice is a set of organizational resources designed to accomplish some task, Before moving ahead, show the video to the participants to understand what our experts say about ITIL practices.” Let us start by understanding what the experts say about the ITIL practices. Cosentino ‘Transcript for Video The ITIL practices are one of the six components of he ITIL Service Value ‘System (SVS) and support the activities of the service value chain to provide a comprehensive and adaptable toolset for service management. An ITIL practice is a set of organizational resources designed for performing certain types of work. The ITIL SVS includes 24 practices, which are divided into three categories: 1 Firstly, general management practices have been adapted for service management from general business management domains; | Secondly, service management practices have been developed in service management industries; and “Trarig content icensed to SECC Training, ssued on 08-07-2018, eatlon 2019 by SECCInstuetor Guide| TL® Foundation = Thirdly, technical management practices have been adapted from technology management domains for service ‘management purposes. ‘The scope of the ITIL Foundation syilabus is limited to the 15 most ‘commonly used practices. tis importantfor you to understand the purpose of these 15 practices but the following 7 practices are covered in detail: ® Continual improvement 3 Change control '@ Incident management ® Problem management @ Service request management Service desk mt Service level management Not only do you need to be able to describe these seven practices but also how they contribute to the service value chain activities, Let's go! ++ ITIL Management Practices nee ee eee ieee eae practices Peni = Deployment management Infrastructure and platform management = Software development and management = Architecture management = Continual improvement » Information security Management = Knowledge management = Measurement and = Availability management = Business analysis, » Capacity and performance management = Change control = Incident management reporting IT asset management = Organizational change | » ‘Monitoring and event management management = Portfolio management = Project management = Relationship management & Risk management = Strategy management = Supplier management «1 Workforce and talent = Problem management & Release management 8 Service catalogue management 8 Service configuration management Service continuity management Service design = Service desk management = Service level management Service financial = Service request management management Service validation and testing 116 | copyisttozore ‘Tearing content ieensed to SECC Training, issued on 0807-2010, elon 2019 by SECCModule 7 |The ML Prectees In ITIL, a management practice is a set of organizational resources designed for performing work or accomplishing an objective. ITIL 4 includes 14 general management practices, 17 service management practices, and three technical management practices. ‘The scope of the ITIL Foundation syllabus is limited to understanding the purpose of 15 most commonly used practices and comprehend the following 7 practices in detall Continual improvement Change control Incident management Problem management Service request management Service desk Service level management Key Terms Covered in the Module [Availability | “The abilty ofan T service or other configuration item to perform its agreed function | when required.” Change “The addition, modification, or removal of anything that could have a direct or | indirect effect on services.” “Incident "An unplanned interruption to a service, or reduction in the quality of a service.” | | Problem | ‘A.cause, or potential cause, of one or more incidents.” "Known error | ‘A problem that has been analyzed and has not been resolved.” Workaround | “Asolution that reduces or eliminates the impact ofan incident or problem for which a full | resolution is not yet available. Some workarounds reduce the lkelinood of incidents.” Event | “An event can be defined as any change of state that has significance for the | management of @ configuration item (Cl) or IT service. Events are typically | recognized Cl or monitoring toor" Masset “Any valuable component that can contribute to delivery of an IT product or ser LIT oes ee Ay weluable component fiel can connate ip dekvery of en Ss a (Quotedtoxt Source is/7L® Foundation (TIL® dediéon), 2018. Copyright @AXELOS Liniod 2018, Motels rereciced under Kees fom AXELOS Limited. Al ights reserved. congrats 2019 | 117 Tiring content icansedto SECC Trabrirg, issued on 05-07-2018, edition 2019 by SECCInstructor Guide | ML® Foundaton Module Learning Objectives At the end of this module, you will be able to Explain the purpose of various ITIL practices. Describe the following ITIL practices: © Continual improvement © Change contro! © Incident management © Problem management © Service request management © Service desk © Service level management Instructor Notes: ‘This module relates to the following Learning Outcomes from the ITIL Foundation syllabus: ‘* Know the purpose and key terms of 15 ITIL practices ‘© Understand 7 ITIL practices Topics Covered = The Continual improvement Practice The Change Control Practice The Incident Management Practice ‘The Problem Management Practice The Service Request Management Practice The Service Desk Practice ‘The Service Level Management Practice Purpose of ITIL Practices Instructor Notes: Introduce the participants with the topics that will be discussed in the module. Each of the 7 practices that are to be covered in detail has @ dedicated module. The topic “Purpose of ITIL Practices" includes the purpose of the other 11 practices that ere within the scope of the ITIL Foundation syllabus. 118 | ceeyisnee 2010 Tilning conn! Keensed to SECC Training, Iesued on 08-07-2919, dion 2019 by SECCModule 7 |The ITIL Prscices THE CONTINUAL IMPROVEMENT PRACTICE Instructor Notes: Inform the patticipants that moving further we will discuss the following ITIL practices in detail, excluding how they contribute to service value chain activities. © Continual improvement ‘+ Change contro! © Incident management * Problem management © Service request management © Service desk ‘© Service level management Let us start with defining the scope of continual improvement. Purpose of Continual improvement “The purpose of the continual improvement practice is to align the organization's practices and services with changing business needs through the ongoing identification and improvement of services, service components, practices, or any element involved in the efficient and effective management of products and services.” Quoted text Source i ITIL® Foundation (ITL® 4 ection), 2079, Copyright @ AXELOS Limited 2019, Matoral is reproduced under cance fom AXELOS Limited. Al rights reserved. Instructor Notes: ‘Ask the participants about the concept of continual improvement and how itis partof ITIL in the form of a practice, a model (continual improvement model) and as a component of the SVS. Inform them that this topic discusses continual improvement as a practice. Common 20% | 119 ‘reining content icenseto SECC Trahig, Issued on 08-7208, edion 2018 by SECCInstructor Guide| TL* Foundation Methods and Techniques for Continual improvement Balanced scorecerd re A eae to raduce waste Improvements Mult-phase Methods, Continual models ‘ ; Project ee improvement model Maturity swor assessments py Devops The scope of the continual improvement practice includes the development of improvement-related methods and techniques and the propagation of a continual improvement culture across the organization in alignment with the organization's overall strategy. Different types of improvements may require consideration for different improvement methods. For example, some improvement initiatives may be best implemented as a multi-phase project, while others may bbe more appropriate as a single quick effort. The continual improvement model, a component of ITIL SVS, can be applied to any type of improvement, from high level organizational changes toindividual services end configuration items. When assessing the current state, there are many techniques that can be used, such as a strength, weakness, opportunity and threat (SWOT) analysis, balanced scorecard reviews, internal and external assessments and ‘audits, or a combination of a number of techniques. ‘Approaches to continual improvement can be found in many methods ‘and techniques. Lean methods provide perspectives on the elimination of waste. Agile methods focus on making improvement incrementally. DevOps methods look at working holistically and ensuring improvements are not only designed well, but applied effectively Although there ere a number of methods avaliable, it is a good idea to select a few key methods thet are appropriate to the types of improvements the organization considers and to promote those methods. In this way, teams can have a shared understanding of how towork together on improvements and a greater amountof change can be made at a quicker rate. However, the organization should also try ‘new approaches or encourage innovation. Those in the organization with skills in altemative methods should be encouraged to apply them 120 | cenrisnt@ 2019 Teining content lensed to SECC Training, eeued on 08-07-2018, edion 2019 by SECCModule 7 |The ML Practices when it makes sense, and if this effort is successful, older methods can be retired in favor of new ones. Key Activities of Continual Improvement The continual improvement practice includes the following key activities: © oO @ ‘Encouraging continual “Securing tima and “Identifying and "Assessing and improvement across the budget for continual _logging improver prioiizing improvement organization” improvement” ‘opportunities opportunities” “Making business “Planning “Measuring “Coordinating ceases for improvement and implementing and evaluating Improvernent activities action" improvements” improvement results” across the organization’ (Quoted text Source is ITL® Foundation (TIL® 4 extion), 2019. Copyright © AXELOS Umited 2018. Material ls reproduced under licence trom AXELOS Limited. All rights reserved, Continual Improvement: Everyone's Responsibility Continual improvement is the responsibilty of everyone. Everyone in the organization should understand the need for active participation in continual improvement activities as core part of their job. Continual improvement should be included in the job descriptions and objectives of every employee as well as in contracts with extemal suppliers and contractors, Embedding continual improvement ino the Leaders way people tink and work Leading effots and advocate practice Continual improvement team 9055 organization Contracts shoul nce how they ees measure, report and improve re ‘The highest levels of the organization need to take responsibilty for embedding continual improvement into the way that people think and ‘work. The leaders in the organization should exhibit commitment to continual improverient and supporting attitudes, behavior, and culture to @ point where improvements are considered in everything that is done, at all levels. copyegteeacra | 124 ‘Tisring content loansedto SECC Trabing, Issued on 08-07-2078, eiion 2018 by SECCInstructor Guide | IL® Foundation Although everyone should contribute in some way. there should be a team dedicated fulltime to lead continual improvement efforts land guide others in the organization to develop the skils they need and navigating any difficulties that may be encountered. This team ‘can serve as coordinators and mentors to help others in developing the skills they need and navigating any difficulties that may be ‘encountered. In an organization, the employees should be provided training and assistance to help them feel prepared to contribute to continual improvement. ‘When parties and third-party suppliers form partof the service landscape, they shouldbe included in he improvementeffort. Acontractfora supplier's service should include details of how they will measure, report on, and improve their services over the life of the contract. Any data required ‘rom suppliers to operate internal improvements should be specified in the contract. Accurate and carefully analyzed data is the foundation of fact-based decision-making for improvement. The continual improvement practice should be supported by relevant data sources and data analysis to ensure that each potential improvement is understood and prioritized Continual Improvement Register Organizations use a structured document or database called Continual Improvement Register (CIR) to track and manage improvement ideas. © The foundation for improvement is carefully analyzed and accurate data, '* This is where improvement ideas are captured, documented, assessed, prioritized, and appropriately acted upon to ensure that the organization and its services are always being improved ‘The given table shows an example of CIR. 1a Comments Nov'18 | improve NWspeed | _M H__|Jan'19 | Infrastructure | Weiting supp! April'18 | Improve SD self help | M M | Dec'18 | Service Desk | On Track ~ Jan‘18 | Communicationon | L H [Dec's | GRe Well received security instructor Notes: Even though there can be more than one CIR in an organization, itis important to understand improvement holistically from an organization's perspective (It becomes dangerous if each team has its own CIR). Remember to stress that the example in the slide is really just to make the concept tangible. Each organization will decide on their own look and feel. aye ‘The foundation for improvement is carefully analyzed and accurate mes data. The continusl improvement practice should be supported by relevant data sources end data analysis to ensure that each potential Therecanbemorethan oneCIRinan ‘ improvement is sufficiently understood and prioritized. organization. 122 I coryiome ore “Teaning content eersed te SECC Training, issued en 08-07-2010, ection 20°0by SECCModule 7 |The ML Practees The CIRIs is used as the basis for re-prortzing improvement ideas as and ‘when new ideas are documented. The structure ofthe information captured ‘na CiRis unimportant. Whetis important. is that each improvementidea is captured, documented, assessed, prioritized, and epproprately acted upon to ensure that the organization and its services are always being improved. THE CHANGE CONTROL PRACTICE Purpose of Change Control Change “Change refers to the addition, deletion, and modification of anything that could have effect on services.” “The purpose of the change control practice is to maximize the number of successful IT changes by: * Ensuring that risks have been properly measured * Authorizing changes to proceed + Managing the change schedule” Quoted text Source is ITI® Foundation (TIL®4 edition), 2019. Copyright © AXELOS Limited 2018. Material is reproduced under icence from AXELOS Lined. Ai rights reserved Each organization defines the scope of change. The scope typically includes all IT infrastructure, applications, documentation, processes, supplier relationships, and anything that might directly or indirectly impact a product or service. istinguish Change Control from Organi ional Change Management es 1 Menages the people aspects of changes ‘= Ensures that improvements and organizational transformation initiatives are implemented successfully Cio = Focusses on changes in products and services. = Balances the need to make beneficial changes that deliver additional value with the need to protect customers and users from the adverse effect of changes instructor Notes: ‘Ask participants to distinguish between change control and organizational change management. Tell them why itis important to distinguish between the two, coprratneams | 123 Training content icensed to SECC Teining, issued on 0007-2018, eon 2019 by SECCIructor Guide | IL® Foundation The term change management can often be confused especially ‘when talking to non-IT people, When yau discuss to someone from outside of IT about change management, they would most probably think that you are referring to organizational change management, \while the term change management within IT is most probably well known as change control. Understanding the difference between these two practices help you as a practitoner not to get confused when talking to different audiences. NOTE: This practice has been renamed to change control (as ‘opposed to change management) in ITIL 4 to minimize the confusion between these two concepts. 1p Types of Changes eos as Low-risk, pre-authorized changes | Should be scheduled that are well-understood and and assessed following fully-documented. a standard process Cen be implemented without the | ‘Rat usualy includes need of additional authorization : ‘Standard changes can be service | C2” be low-risk changes or ‘major changes. requests or operational changes. Goer ceeurce Must be implemented as soon as possible usually to resolve an Incident. The process for assessment and authorization is expedited to ensure they can be implemented quickly. May be a separate change authority is required which includes senior managers who understand business risk, Different changes deal with authorization differently. Standard changes do not require any additional authorization and may be implemented as long as it follows pre-defined workflow or structure. The risks around standard changes are usually evaluated upfront and the work-flow and procedure around the change agreed, Example of a standard change may be the updating of virus software; adding or removing server memory. Normal changes can pose a low risk or a high risk to organizations, For low-risk changes, the change authority is usually someone who can make rapid decisions, often using automation to speed up the change. For mejor changes, the change authority could be as high as the board of management (or equivalent). Although this type of authorization may take slightly longer, its important to understand the impact and the risk to the organization to ensure the change is well planned and the risk is understood at the correct levels. Emergency changes are often high risk, so even though the authorization may be expedited it is critical to ensure that all role players understand the risk to the organization. 124 | coapismez010 Trining contort ieenta to SECC Training, sued on 09-07-2010, edison 2010 by SECCModule 7 |The ITIL Pracoes Change Authority ee ‘+ All changes are assessed and authorized by the people wo “3° rps Understand the risks and expected benefits before the changes are deployed. Change control must balance the need to make benefidal changes © The person or group who authorizes a change is known as @ that will delver additonal value change authority. wth the need to protect customers The authorized peope are known as change authonty tis important yu meson Headrest of to assign each type of change to the correct change authority to ensure that change control is both efficient and effective. In high velocity organizations, itis a common practice to decentralize change approval, making the peer review a top predictor of high performance. Communicating Changes Change Schedule Ooe Holpsto plan Assists in Avoids Assigns changes communication _—_confficts, resources o After the identified changes have been deployed, the change schedule can also be used to provide information needed for incident management, problem management, and improvement planning. Instructor Notes: ‘Ask participants if they make effective use of the change schedule. Inform them that very few companies make adequate use of their change schedule, which has often be the cause of disruption and confusion, The change schedule can be used to communicate the change across the organization; regardless of who the change authority is or what type of change itis. The communication about change is important for the risk assessment activity, where it is important to understand what ‘other changes are planned and who is involved. It is also important to ‘communicate information about the change to ensure people in IT and the business are fully prepared before it is deployed. Trirng content icensed i SECC Tearing, issued on 0607-2010, elton 2019 by SECCInsuctor Guide| TL® Foundation Categorizing Changes Activity Time: 10minutes In consideration to the definition of the different types of changes, how would you categorize these changes? = Replacing a faulty drive ‘Adding a new functionality to an application ‘Changing or adding a new report Changing an IP address of a server Installing new software package Providing more disk space (within pre-defined limits) Instructor Notes: Please note what is considered @ standard change by one organization may not be considered to be one for another due to their context and tolerance to risk, so there may be lots of debate around this activity. The purpose of this activity is to help the participants understand the difference between the three types of changes. ble Answers © Replacing a faulty drive: Emergency change * Adding a new functionality to an application: Normal change © Changing or adding @ new report: Standard change © Changing an IP address of @ server: Standard change but can also be low risk normal change Installing new software package: High risk normal change * Providing more disk space (within pre-defined limits): Standard change Ro THE INCIDENT MANAGEMENT PRACTICE Purpose of Incident Management Incident “incident refers to an unplanned interruption to a service, or reduction in the quality of a service.” “The purpose of incident management is to minimize the negative impact of incidents by restoring normal service operation as quickly oasis a Quoted text Source is ITIL® Foundation (ITL® 4 edkion), 2019. Copyright © AXELOS Limited 2019, Msterel i reproduced under licence from AXELOS Lined. All rights reserved, 126 | coer Teainng conten! leased to SECC Training, eyed on 08.07.2018, eiton 2019 by SECCModule? |The MIL Practices Incident management can have a massive impact on customer and User satisfection, and on how they recognize the service 1 Managing incidents is an important practice for the service pro ultimately meet the expectations of the users and customers. Key Activities of incident Management Following activities are important for resolving incidents efficiently and effectively: ©@ Logand manage Agree, document, and Prioritize the the incidents communicate the target incidents resolution times To ensure that every incident is resolved in a time that meets the customer's expectations, it should be logged and managed. To make the expectations realistic, target resolution times are agreed, documented, and communicated. Incidents are prioritized based (on an agreed classification to ensure that incidents with the highest business impact are resolved firs. Designing the Incident Management Practice Organizations should design their incident management practice: ‘Store information about incidents in Design the incident ae Teo management practice for Provide appropriate management good-quality and resource allucation to updates on different types of incidents incidents 2 9 * Design the incident management practice for appropriate management and resource allocation to different types of incidents: Low impact incidents must be managed efficiently to ensure that they do not consume too many resources. Incidents copra 2019 | 127 ‘Teining content ioanses to SECC Trairig, issu on 0867-2019, etion 2019 by SECCInstructor Gude | TL® Foundation with a larger impact may require more resources and more ‘complex management. There are usually separate processes for managing major incidents, and for managing information security incidents. ‘© Store information about incidents in incident records: A suitable tool should be used fo store and provide links to configuration items, changes, problems, known errors, and other knowledge to enable quick and efficient diagnosis and recovery. © Provide good-quality updates on incidents: People working on an incident should provide good quality updates about symptoms, business impact, configuration items affected, actions completed, and actions planned. The updates should have a timestamp and information about the people involved, so that the people involved or interested can be kept informed. Incident Diagnosis and Resolution Incidents diagnosis end resolution involves people in different groups! teams. Incident Preuss Pies Se parenere Incidents may be diagnosed and resolved by people in many different groups, depending on the complexity of the issue or the incident type. Incidents may be escalated to. support team for resolution. The routing is typically based on the incident category. Anyone working on an incident should provide quality, timely updates. Incident management requires a high level of collaboration within and between teams. It is important that all of these groups understand the incident management 128 | conpisit@ coro Tearing contontieansed to SECC Train, Iesued on 08-07-2010, elton 2019 by SECCModule 7 |The TL Practices process, and how their contribution to this helps to manage the value, ‘outcomes, costs, and risks of the services provided: 1. Some incidents will be resolved by the users themselves, using self-help 2. Some incidents will be resolved by the service desk. 3. Complex incidents will usually be escalated to a support team for resolution. Generally, the routing is based on the incident category, which should help to identify the correct team. 4. Incidents can be escalated to suppliers or partners, who offer ‘support for the products and services they supply. 5. Complex incidents and all major incidents often require ‘temporary team to work together to identify the resolution. This may include representatives of many stakeholders, including the service provider, suppliers, and users, 6. In some extreme cases, disaster recovery plans may be Disaster Recovery Plans invoked to resolve an incident. stot deny defined pasted a how an organization will eee fom U7 THE PROBLEM MANAGEMENT PRACTICE a disaster a5 well as tum toa re- eater condition, considering the fur Purpose of Problem Management ¢imensions ofservie management, Problem: “Problem refers to a cause, or potential cause, of one ‘or more incidents.” “The purpose of problem management is to ‘¢ Reduce the likelihood and impacts of incidents by identifying ‘actual and potential causes of incidents ‘* Managing workarounds end known errors” Known error: "A problem that has been analyzed and has not been resolved.” ‘Quoted text Source is TL® Foundation (TTR 4 eon), 2019. Copyight © AXELOS Limited 2018. tater is reproduced under leence fom AXELOS Limited Al ght reserved No service is without errors, flaws, or vulnerabilities, and these lead to incidents. Errors can occur in any of the four dimensions of service management and although many of the errors are identified and resolved before the service is lve, some remain unidentified or Unresolved. It is these errors that can, and will, pose a risk to live services. n ITIL, these errors are referred to as problems and they are managed by the problem management practice. capyromezos | 129 Tralning content lensed to SECC Trinng, issued on 0807-2019, edion 2019 by SECCInstructor Guide| TL® Foundation How problem is different from incident? Problems and incidents are related to each other, but should be distinguished as they are managed in different ways. Goo fo Are the causes of incidents | Have an impact on users or business processes Require investigation and Must be resolved s0 that the analysis to identify the causes, | normal business activity can develop workarounds, and continue to work recommend longer term resolution Phases of Problem Management Problem management involves three distinct phases: Identify end Manage known ‘og problems errors Lose Problem Cine Cemiret ec eae Analyze problems Document workarounds and known errors Based on AXELOS ITIL® Foundation (ITIL® 4 ection), 2019 material. Reproduced Under icone trom AXELOS Limited. All rghts reserved, Workaround "A solution that reduces o eliminates the impact of an incident or problem for which a full resolution is not yet available. Some ‘workarounds reduce the likelihood of incidents.” Problem management involves three phases: problem identification, problem control, and error control. Problem Identification Problem identification activities identity and log problems. This includes: * Performing trend analysis of incident records © Detecting duplicate and recurring issues by users, service desk, and technical support staf 130 | conpigne 2019 Training content icensed to SECC Training, esuod on 08-07-2010, ection 2019 by SECCModule 7 |The ML Practees © Identifying a risk that an incident could recur '* Analyzing information received from suppliers and partners, ‘* Analyzinginformation received frominternalsoftware developers software developers, quality teams, and project teams. Problem Control Problem control activities include analyzing problems and documenting ‘workarounds and known errors. Problems are prioritized for analysis based on the risk that they pose, and are managed as risks, based on their potential impact and probability. It is not necessary to analyze every problem, rather itis more valuable to make significant progress on the highest priority problems. Incidents have many interrelated causes. Problem control should consider all contributory causes, such as the causes thet contribute to duration and impact of incidents. It is necessary to analyze problems from the perspective of all four dimensions of service management - People, Technology, Partners, Processes. When a problem cannot be resolved quickly, it is useful to find and document @ workaround for future incidents, based on understanding of the problem. Workarounds are documented in problem records. This can be done at any stage, it doesn't need to wait for analysis to be completed. An effective incident workaround can be considered 2 permanent way of dealing with a problem when resolving the problem is not feasible or cost-effective. In this case, the problem remains in the known error status, and the documented workaround is applied if and when the related incidents occur. Error Control Error control activities manage known errors. Aknown error refers toa problem where inital analysis is complete; it usually means that faulty components have been identified. Error control involves identifying potential permanent solutions. Often these permanent solutions will involve a change request for implementation of the solution, but only it this can be justified in terms of cost, risks, and benefits Error control regularly re-assesses the status of known errors thathave not been resolved, including overall impact on customers, availabilty and cost of permanent resolutions, and effectiveness of workarounds, ‘The effectiveness of workarounds should also be evaluated each time ‘2 workaround is used. Workarounds may be improved based on the assessment, Conyrgee 2013 | 131 “raring content loensedto SECC Training, sued on 09-07-2079, dion 2019 by SECCInsc: Gude | IML® Foundation PROBLEM MANAGEMENT Instructor Notes: Discuss with participants how problem management interfaces with ther ITIL practices. Cite examples for each of the related practice. Problem management is related to the following other practices: * Incident management: Problem management activities are very closely related to incident management. The practices need to be designed to work together within the value chain, Activities from these two practices may complement each other (for example, identifying the causes of an incident is @ problem ‘management activity that may lead to incident resolution), but they may also conflict (for example, investigating the cause of an incident may delay actions needed to restore service) * Risk management: Problem management activities can be organized as a specific case of risk management. These activities identify, assess, and control risks in any of the four dimensions of service management. It is useful to adopt risk management tools and techniques for problem management. * Change control: Problem management initietes resolution via change control and participates in the post implementation review; however, approving and implementing changes is out of ‘scope for the problem management practice. 132 | commis ora ‘Tianing content leensedto SECC Tesining,Isued on 08-07-2018, eon 2018 by SECCModule 7 |The ML Pracices + Knowledge management: “Problem management may utilize information in a knowledge management system to investigate, diagnose, and resolve problems.” © Continual improvement: Problem management activities can identify improvement opportunities in all four dimensions of service management. In some cases, solutions can be treated as improvement opportunities, so they are included in a continual improvement techniques. Relation of Problem Management with People, Skills, and Competences ‘© Problem management activities are highly reliant on the knowledge and experience of staff, rather than on detalled procedures. '* For diagnosing problems, itis required to understand complex systems and to think about how different failures might have ‘occurred. The development of the combination of the required analytic and creative ability requires mentoring and time, as well as suitable training Quoted text Source is (TIL® Foundetion (INL® 4 ection), 2019. Copyright © AXELOS Limited 2019. Materials reproduced under licence fom AXELOS Limited, Al rights reserved. Identifying a Practice a Activity Time: 10 minutes Which of the following activities would typically be something the incident management practice would take care of, and which would more likely be a Problem Management practice activity? 1 Rebooting a server to re-establish connectivity Analyzing the event logs after @ server crash Selecting a supplier to supply a replacement part ‘Accessing a user's laptop and resolving the issue remotely Brainstorming with a team of engineers to understand why no-one can print a specific report Directing @ user to an FAQ site where they will find a guide to set up their mail | | | | | Asking the user to do a specific function in another way to get the same result | Performing trend analysis on past incidents copyagte20i9 | 133 ‘Tieng content ioenses fo SECC Training, issued on 08-07-2018, eon 2019 by SECCInsucor Guide | ML® Foundation Instructor Notes: keep the exercise light and energetic. The purpose of this activity is to check if the participants understand the difference between incident management and problem management, Possible Answers ‘© Rebooting a server to re-establish connectivity: Incident management ‘+ Analyzing the event logs after a server crash: Problem management ‘+ Selecting a supplier to supply a replacement part: Problem management (error control) * Asking the user to do a specific function management (applying a work around) * Accessing a user's laptop and resolving the issue remotely: Incident management ‘+ Brainstorming with a team of engineers to understand why no-one can printa specific report Problem management (problem control) + Directing 2 user to an FAQ site where they ‘management (self-help) '* Performing trend analysis on past incidents: Problem management (problem identification) another way to get the same result: Incident find 2 guide to set up their mail: Incident THE SERVICE REQUEST MANAGEMENT PRACTICE Purpose of Service Request Management Service Request “A service request is a request from a user or user's authorized representative that initiates a service action which has been agreed as a normal part of service delivery.” ‘The purpose of the service request management practice is: * To provide the promised quality of a service by handling all pre-defined, user-initiated service requests in an effective and comprehensible manner. Quoted text Source is ITIL® Foundation (ITIL® 4 ection), 2019. Copyright @ AXELOS Limited 2018, Material is reproduced under cance trom AXELOS Limi. lights reserved. Incidents refer to a failure or degradation to a service, and service requests form a normal part of service delivery. As these requests are pre-defined and pre-agreed, they should be formelized with a clear, standard procedure for initiation, approval, fulfilment, and management. 134 | compan 20: ining content icensed to SECC Training, issued on 06-07-2018, eciton 2018 by SECCMedi 7 | The ML Prectoes Examples of Service Request A request for a service delivery action, such as providing @ report Feedback, compliments, and complaints, such ‘as complaints on implementation of new interface Arequest for information, such as information on how to create a document Arequest for acoass Avrequest for provision of a toa resource or service, resource or service, such as. such as providing access providing a virtual server for loafile a development team Delivery of Service Requests + Service requests form a normal part of service delivery, and not a failure/degradation of service. ‘+ As requests are pre-defined and agreed, they can usuelly be TIPS The fle of service requests may indude changes to services or formalized with a clear, standard procedure for: thelr coraponents. These changes © Initiation sual fall under category of © Approval Standard changes, © Futfiment © Management © Some requests are very simple (such as request for information). © Some requests are complex (such as the setup of a new employee) and require involvement from other teams, © Regardless of the complexity, the steps tofulflthe request should be well-known and proven. This enables the service provider to agree times for fulfilment and provide clear communication of the status of the request to users. comymants2019 | 135,Irsuctor Guide | TL® Foundation Service Request Management Guidelines To be handled successfully, service request menagement should follow these guidelines: Service requests should Expectations Policies and be standardized should be workflows should and automated clearly set be included Policies should Opportunities be established for improvement should be identified “To be handled successfully, service request management should follow these guidelines: * Service requests and their fulfilment should be standardized and automated to the greatest degree possible. * Policies should be established regarding what service requests will be fulfilled with limited or even no additional approvals so that fulfilment can be streamlined, '* The expectations of users regarding fulfilment times should be clearly set, based on what the organization can realistically deliver. * Opportunities for improvement should be identified and implemented to produce faster fulfilment times and take additional advantage of automation, * Policies and workflows should be included for the documenting and redirecting of any requests that are submitted as service requests. ‘Some service requests can completely be fulfiled with automation from submission to closure, allowing for a complete self-service experience. Examples of such service requests are client software Some service requests requte installation or provision of virtual servers. Service request management authorization based on finandal, is dependent upon well-designed processes and procedures, which information secutity, or other ate operationalized through tracking and automation tools to maximize polices, while others may not need the efficiency of the practice.” ‘any authorization (Quoted text Source is ITIL* Foundation (ITIL® 4 ection), 2018, Copyright © AXELOS Limited 2079, Metera is reproduced under lcance from AXELOS Limited All ightS reserved. TIPS 136 | coopismazore ining content loons to SECC Training, issued on 08-07-20, extion 2019 by SECCModule 7 |The ITIL Practices Instructor Notes: Consider performing this activity in the class only if there is sufficient time; otherwise ask the participants to consider this as a self-reading or assignment. Keep the exercise light and energetic. The purpose of his activity isto see if participants understand how this practice contributes to the value chain. Possible Answers © Accomplaint is received about lack of action on an incident. This complaint is forwarded to ‘a manager to follow up. He notices that he has received several complaints related to the same engineer and decides to take action: This action relates to the improve activity. © The Request process is set up to communicate to the user each time the request changes status: This action relates to the engage activity. ‘©The management team decides on an annual budget for PCs and sets up a contract with a supplier for a specific model at a specific price to be bought throughout the next financial yea: This action relates to the build/acquire activity. ‘+ A request is received from a user to please allow them to print to a specific printer: This, action relates to the deliverisupport activity THE SERVICE DESK PRACTICE Service Desk ‘The purpose of the service desk practice is to: © Understand demand for incident resolution and service requests. © Actas the point of contact for the service provider along with its users * Provide @ clear path for users to report issues, queries, and requests, and acknowledge, classify, own, and take action on them Aservice desk acts as the entry point/single point of contact for the IT or service organization. Although the physical appearance of the service desk and how itis staffed may vary considerably from organization to ‘organization, the function and value of the service desk remains the same. Service desks are used to get matters arranged, explained, and coordinated, rather than just to get broken technology fixed. Service desk has become a vital part of any service operation. copriatts 2019 | 137 ‘Tearing content loons to SECC Training, issued on 08-07-2018, edtion 2019 by SECCInsiuctor Guide| TL? Foundation Xe Key Aspects of Service Desk ‘Supports ‘people and business’, rather than providing support for technical issues. ‘Should be the ‘empathetic and informed link betwoen the service provider and its users. Should have practical understanding of the wider organization, its business processes, and users. Has a major influence ‘on user experience and how the service provider is perceived by the users 138 | consist ® 2010 Arranges, explains, and ‘coordinates various matters than just fixing broken technology ca | ‘Works in close collaboration with the support and development teams to present and deliver a ‘joined up’ approach to users and customers =) -@ Become a vital part of any service operation Need not to be ighly technical Plays a vital role in the delivery of services These days, due to shift of technology to automation, artificial intelligence, robotic process automation, and chatbots, service desks are providing more seif-service logging and resolution directly through online portals and mobile applications. The impact of this shift on service desk is less phone contact, less low-level work, and a greater ablity to focus on excellent customer experience when personal contact is needed. Channels of Service Desk Service desks are increasingly under pressure to provide a variety of channels for the users to contact them, however it is very dependent ‘on each organization and what they are trying to accomplish. ‘Tearing content koanced to SECC Thin, lesued on 08-07-2016, eon 2019 by SECCModule? |The IIL Precces Ge id technology, such as Wi conference call Service portals and ‘Supported by service and request mobile applications catalogues, and knowledge bases Chat Live chats and chatbois Email Used for logging and updating, and for follow up surveys and confirmations Walk-in service desks | Becoming more prevalent in sectors where there are high peaks of activity that demand physical presence, such as higher education Text and social media _| Useful for sending notifications in case messaging of maior incidents, contacting specific stakeholder groups, and allowing users to request support Public and corporate —_| Contacting the service provider and social media and peer-to-peer support discussion forums Instructor Notes: ‘Ask participants how many of these channels they are using today or would likely be using in the near future. Structures of Service Desk A service desk may work at a single or centralized location, which requires various supporting technologies, such as: ‘+ Intelligent telephony systems ‘© Workflow systems for routing and escalation ‘© Workforce management and resource planning systems © knowledge base * Call recording and quality control © Remote access tools * Dashboard and monitoring tools * Configuration management systems In some cases, a service desk may act as a virtual desk that enables agents to work from different geographical locations. A virtual service desk requires more sophisticated supporting technology and more ‘complex routing and escalation. These solutions are often cioud- based. connor 209 | 139 “eaning content icensed to SECC Taking, Issued on 08-07-20", edlion 2018 by SECC.Instructor Guide | ML® Foundation Service Desk Staff Service desk staff require training and competency across a number of broad technical and business areas. Excellent customer service skills Incident analysis, Empath and prioritization ie cece Efiective Emotional ‘communication intelligence The service desk staff demonstrates the excellent customer service skills. In particular, they need skills and knowledge to understand and analyze a specific incident in terms of business priority and to take appropriate action to get this resolved. Other key skills that they require are empathy and emotional intelligence, The service desk may not need to be highly technical, although some are. Even ifthe service desk is fairly simple, it stil plays a vital role in the delivery of services, ‘and must be actively supported by its peer groups. Its also essential to understand that the service desk has a major influence on user ‘experience and how the service provider is perceived by the users. THE SERVICE LEVEL MANAGEMENT PRACTICE Service Level Management “The purpose of the service level management practice is to set clear business-based targets for service performance, so that the delivery of a service can be properly assessed, monitored, and managed against these targets.” (Quoted text Source is ITIL* Foundation (IIL®4 elton), 2018. Copyright © AXELOS Limited 2018, Materials reproduced under icence trom AXELOS Limited. Al ghts reserved In order to achieve this purpose, the service level management Practice defines, documents, and actively manages levels of service, a. Key Activities of Service Level Management Wns * The service level management practice involves the definition, documentation, and active management of service levels. The skis and competences for service level management indude * It Pfovides end to end visibility of the organization's services. relationship management, business For this, the service level management practice: liaison, business analysis and © Establishes a shared view of the services and target service mmmercalsupplier management. levels with customers © Ensures the organization meets the defined service levels © Performs service reviews © Captures and reports on service issues including performance against defined service levels 140 | coprigna core “Trahting content icensed to SECC Training, issued on 08-67-2019, edition 2019 by SECCModule 7| Tae MIL Precsees Service Level Agreements * Since years, service level management uses a tool to measure the performance of services from the customer's point of view. This tool is referred as Service Level Agreements (SLAs). ‘+ This too! is used to agree on the service between the provider and customer. Instructor Notes: Discuss how service level management uses SLAs. Service level agreements (SLAs) have long been used as a tool to measure the performance of services from the customer's point of view. Its important that they are agreed in @ wider business context. Using SLAs may present many challenges, and often they do not fully reflect wider service performance and the user experience. Some key requirements of SLAS include: © They must relate to a defined service in the service catalogue. Otherwise, they are individual metrics that do not provide any purpose and do not reflect the service perspective. © They should relate to defined outcomes. To achieve this, service level management needs to use balanced bundle of metrics, such as customer satisfaction, * They should replicate an agreement of engagement and discussion between the service provider and the consumer. '* They must be simply written and easy to understand and useful for all parties. ‘The Watermelon SLA Effect “In many cases, using single system-based metrics as targets can result in misalignment and a disconnect between service partners as to the success of the service delivery and the user experience. For example, if an SLA is only based on the percentage of uptime of a service, it can be deemed to be successful by the provider, yet still miss out on important business functionality and outcomes which are important to the consumer. This is referred to as the ‘Watermelon SLA’ effect. ‘Quoted text Source i ITIL® Foundation (ITIL 4 eiton), 2019. Copyright © AXELOS Limited 2019, Material is reproduced under licence fom AXELOS Limited. ll ights reserved, Requirements of Service Level Management ©The service level management practice requires: © Focus and effort to engage and listen to the requirements, issues, concerns, and daily needs of customers. rencozo | 144 Training canton canses to SECC Trang, issued on 0807-2019, eaton 2019 by SECCInstructor Guide| L* Foundation © Engagement to understand and confirm the needs and requirements from customers. © Listening to build relationship and trust to show customers that they are valued and understood. Sources for Collating and Analyzing Information The service level management involves collating and analyzing information from various sources. These include: Customer: Operational ‘engagement metrics | Customer Business. | feoeback metrics | ‘The service level management involves collating and analyzing information from various sources. These include: '* Customer engagement: It involves listening, discovery, and information on which the metrics is based. In addition, it involves measurement and ongoing progress discussions. In customer engagement, you can ask simple questions, such as: © What does your work involve? © How does technology help you? © What are your key business times, areas, people, and activities? © Which of these activities is most important to you? © What are your goals, objectives, and measurements for this year? © How can we help you more? * Customer feedback: It involves gathering feedback from a ‘number of sources, such as: © Surveys: It include immediate feedback, such as follow up questions, as well as the feedback on the overall service experience. © Key business-related measures: It include measures agreed between the service provider and their customers based on what the customer velues as important. 142 | cenwisnzere ‘raring contort Esonsod to SECC Training, sued en 08-07-2010, elon 2019 by SECCModule 7 |The IL Prectioes '* Operational metrics: These are the lov-level indicators of operational activities. They include system availability, incident response and fix times, change and request processing times, nd system response times. © Business metrics: Any business activity that is thought to be useful or valuable by the customer and used as a means of gauging the success of the service. This can vary from some simple transactional binary measures such as ATM or POS terminal availabilty during business hours (09:00 ~ 17:00 daily) ‘or successful completion of business activities, for instance, Passenger check-in. PURPOSE OF ITIL PRACTICES instructor Notes: Out of 15 practices that are part of the ITIL Foundation syllabus, the purpose of seven practices has been covered in previous topics. This topic includes the purpose of remaining 8 practices: ‘+ Information security management ‘+ Relationship management * Supplier management © ITasset management ‘+ Monitoring and event management ‘+ Release management ‘+ Service configuration management ‘+ Deployment management Information Security Management iS TA ‘The purpose of the information security management practice is to: '* Safeguard the information used by organizations to run their business Authentication Authentication ensures that * Understand and manage risks for confidentiality, integrity and Someone iswho they dim tobe. availability of information a ee © Maintain information security for authentication and non- — Noa-Repudiation Fapudiation i ——Non-Repudiation ensures that ie someone can't deny that they tookanacton, copyage 20a | 143, Training content iensed to SECC Tearing, issued on 0607-2018, elton 2019 by SECCInstructor Guide TIL? Foundation Security is established by means of policies, processes, behaviours, risk management, and controls, which must maintain @ balance between: A Prevention: Ensures security risks do not occur Detection: Detecting risks that cannot be prevented Correction: Recovering from risks after they are detected Relationship Management ‘The purpose of the relationship management practice is to: * Create and foster the links between the organization and its stakeholders at strategic and tactical levels * Identify, analyze, monitor, continually improve the relationships with and between stakeholders ‘The relationship management practice ensures that the: * Needs of stakeholders are understood, and products and services are prioritized ‘© Constructive relationship is established relationship between the organization and stakeholders. '* Priorities for new or changed products/services for customers are established and maintained '® Complaints and escalations from stakeholders are managed well, * Products and services facilitate value creation for the service consumers and organizations * Organizations faciltate value creation forall stakeholders ‘Supplier Management ‘The purpose of the supplier management practice is to: © Ensure that the supplier and their performance are managed appropriately to support the seamless provision of quality products and services * Create more collaborative relationships with key supplier '* Uncover and realize new value and reduce risk of failure 144 | copie “Tearing contnt icansod to SECC Training, lesued on 08-07-2010, elton 2019 by SECCMose 7 |The ML Practces Key activites of supplier management are: * Creating a single point of visibility and contro to ensure consistency ‘© Maintaining a supplierstrategy, policy, and contract management information + Negotiating and agreeing contracts and arrangements ‘* Managing relationships and contracts with internal and external suppliers '* Managing supplier performance IT Asset Management “IT asset refers to any valuable component that can contribute to delivery of an IT product or service.” © The purpose of the IT asset management practice is to plan and manage the lifecycle of all IT assets. This in turn helps the organization to: © Maximize value for customers © Control costs and budgets © Cope with risks ‘© Make decisions in terms of purchase and reuse ‘© Meet governing and promised requirements ‘Quoted text Source is /TIL® Foundation (ITL® 4 edition), 2019. Copyright © AXELOS Lites 209, Matra reproduced unr Iooce fom AXELOS Linked. Al rights ‘The IT asset management practice includes management of software, hardware, networking, and cloud services and devices. It may also includenon-ITassets, such asinfrastructure and information, operational technology, such as devices that are part of Internet of Things. Monitoring and Event Management A esyped tebe mon tori “An event can be defined as any change of state that has significance for the management of a Configuration Item (Cl) or IT service. Events are typically recognized through notifications created by an IT service, Cl, or monitoring tool.” © The purpose of the monitoring and event management practice isto: © Analyze service components © Record and report changes of state identified as events Traring content loaned to SECC Training, issued on 0667-2018, edtion 2019 by SECCInsirucor Guide | TL® Foundation © Prioritize infrastructure, services, business processes, and information security events © Manage events throughout their lifecycle (Quoted text Soure is ITIL® Foundation (ITL® ealion), 2019. Copyright © AXELOS Limited 2019, Matera is reproduced under lisence from AXELOS Limited. All rights reserved. ‘The monitoring part emphases on the observation of services and Cis. Itcan be done actively or passively, but should be performed in a highly automated manner. The event management part emphases on recording and managing monitoredchanges thatare definedas events, analyzingthe significance of events, and taking the correct control action for managing them, Release Management 1e purpose of the release management practice is to make new and changed services and features available for use.” Development Release Testing ‘Quoted text Source is ITIL® Foundation (ITL® 4 editor), 2019. Copyright @ AXELOS Limited 2019. Material is reproduced under loan from AXELOS Limite. Al ights reserved. Arelease includes various infrastructure and application components todeliver new or modified service. It may also comprise documentation, updated processes, or tools. Each element of a service may be developed by the service provider, or procured from a third party and integrated by the service provider. Service Configuration Management * The purpose of the service configuration management practice is depicted in following points: ‘©The information about the configuration of services and Cis is accurate and reliable and available when needed, © Collect and manage information about varied Cis, such as hardware, software, networks, users, and documents. © Provide information about Cis on how Cls interact, relate, and depend on each other to create value for customers and users. 146 | conynsrtozor9 Tealning content Keeneed te SECC Training, lsu on 08-07-2019, eon 2019 by SECCModule 7 |The IL Practices Treevice eed eee Cui Cloud rae Locatserver | Localstorge J Cliert device rey ees CCopyrignt@axeLOs Limstea 2018, Reprecuoed uncer loon from AXELOS Line. Alrighs rosored It is important to note that services are also treated as Cis, and Configuration management helps the organization to understand how the Cs that contribute to each service work together. The given figure is a simpified diagram showing how muttiple Cis contribute to an IT service. Deployment Management “The purpose of the deployment management practice Is to move new or changed hardware, software, documentation, processes, or any other component to live environments. It may also be involved in deploying components To other environments for testing or staging.” ‘Quoted text Source is IIL? Foundation (ITL® 4 ection), 2019, Copyright @ AXELOS Limited 2019, Meteral i reproduced under lisence from AXELOS Limited, Al ight reserved, Deployment management is a separate practice even though it works closely with release management and change control. Deployment management may also be referred to as ‘provisioning’. The term provisioning however is often used to describe the deployment of infrastructure, while “deployment” refers to software deployment. cepyiott 20a | 147 Tiining content licensed to SECC Traning issued on 0807-2018, tion 2019 by SECCInstructor Guide | ML? Foundation Within ITIL, the practice of deployment management refers to both the “provisioning” of infrastructure and the "deployment! of software. EXERCISE: CROSSWORD PUZZLE Across: 4. A management practice is regerded as an organization - (®) 8. Progressing iteratively is @ guiding principle that matches the practice of, 8.11) 9. We need to promote visibility if we work together and (my 10. Which is the practice that requires ‘controt’? (6) 11. Which practice provides a framework for building organization resilience? (7, 10) Down 1. The practice of management relates to using the General Data Protection Regulations. (11, 8) 2. Aproblem that has been analyzed and has not been resolved is called a 6.5). 3. There are three types of practices: General, Service, and @ management increases the speed and accuracy of answers that are provided to the customers, 148 | corsrnezo9 ‘Tearing content icons to SECC Training, issued on 08-07-2010, dion 2010 by SECCModula 7 |The ML Prectoes 5. End to end visibility of the organization's services Is provided by the practice of Service Management. (5) 6, Relationship Management is what type of practice. (7) Instructor Notes: IFtime permits, present this exercise in the class. Otherwise, ask the participants to attempt it as part of selfreading. Answer ian Fk] N [x] F 7] [o o =| [wi AEBOURGE EO x] [wi ci a nl Ta | fr] fi] [ (SfolN ITT INTUTATE| [wr [Rolvie|Mle|w[T] w) el fol iv! [iw le] [| felolctelAleyolrialtle| le el} iw t Te) [Re lo] [3] A s| iL le] fe/WTA[w[eTe [iTeleleforntrTi [Noli ty MODULE SUMMARY In this module, you learned that: © A management practice is a set of organizational resources designed for performing work or accomplishing an objective. * Continual improvement refers to the practice of identifying and improving services, service components, or any other element involved in the efficient and effective management of products and services to align the organization's practices and services with changing business needs. ‘* The purpose of the change control practice is to maximize the number of successful IT changes by confirming that risks have been properly measured. The scope of change conirol is defined by each organization. It will typically include all IT infrastructure, applications, documentation, processes, supplier relationships and anything else that might directly or indirectly impact a product or service. - ceoriatns203 | 149 Trirng contort icons to SECC Training, issued on 0807-2010, ston 2010. SECCInsructor Gulge | TL* Foundation ‘* The incident management reduces the undesirable impact of incidents by refurbishing normal service operations as soon as possible. The key activities that are important for resolving incidents efficiently and effectively include: © Logging and managing incidents © Agresing, documenting, and communicating the target resolution times © Prioritizing the incidents based on an agreed classification ‘+ The purpose of problem management is to minimize the probability and impact of incidents by analyzing actual and possible causes of incidents. Problem management involves three phases: problem identification, problem control, and error control * The purpose of the service request management practice is to provide the promised quality of a service by handling all pre- defined, user-initiated service requests in an effective and comprehensible manner. * The purpose of the service desk practice is to understand demend for incident resolution and service requests. A service desk acts as the entry pointisingle point of contact for the IT or service organization. * The purpose of the service level management practice is to set clear business-besed targets for service performance, so that the delivery of a service can be properly assessed, monitored, and managed against these targets. Instructor Notes: Encourage the participants to take part in summary discussion, 150 | conmgneao:9 “raring content icons to SECC Tratrig, issued on 08-07-20" dion 2019 by SECC