Professional Documents
Culture Documents
Service Delivery Assessment
Service Delivery Assessment
Service Delivery Assessment
Figure 1 illustrates the rationale of the scoring system used in this questionnaire. The initial level
of the framework
Level 1: Prerequisites, ascertains whether the minimum level of prerequisite items are available
to support the process activities.
Level 1.5: Management Intent, establishes whether there are organisational policy statements,
business objectives (or similar evidence of intent) providing both purpose and guidance in the
transformation or use of the prerequisite items.
At the lowest levels of the framework model (see Figure 1), the questionnaire is written in generic
terms regarding products and activities. At higher levels more specific ITIL terms are used, based
on the assumption that Organisations’ achieving higher level scores are more likely to use the
ITIL vocabulary.
Level 2: Process Capability, examines the activities being carried out. The questions are aimed
at identifying whether a minimum set of activities are being performed.
Level 2.5: Internal Integration seeks to ascertain whether the activities are integrated
sufficiently in order to fulfill the process intent.
Level 3: Products, examines the actual output of the process to enquire whether all the relevant
products are being produced.
Level 3.5: Quality Control, is concerned with the review and verification of the process output to
ensure that it is in keeping with the quality intent.
Level 4: Management Information, is concerned with the governance of the process and
ensuring that there is adequate and timely information produced from the process in order to
support necessary management decisions.
Level 4.5: External Integration, examines whether all the external interfaces and relationships
between the discrete process and other processes have been established within the
organisation. At this level, for IT Service Management, use of full ITIL terminology may be
expected.
Level 5: Customer Interface, is primarily concerned with the on-going external review and
validation of the process to ensure that it remains optimised towards meeting the needs of the
customer.
The goal of the self-assessment questionnaires is not to test whether there is complete
conformance with ITIL. The aim is to give the self-assessing organisation an idea how well it is
performing compared to ITIL best practice. The questionnaire also aims to create awareness of
management and control issues that may be addressed to improve the overall process capability.
conformance with ITIL. The aim is to give the self-assessing organisation an idea how well it is
performing compared to ITIL best practice. The questionnaire also aims to create awareness of
management and control issues that may be addressed to improve the overall process capability.
Frequently Asked Questions
Data Protection
The data you enter here is just used for analysis purposes. It will not be used to
"spam" you, etc.
Problems
If you have problems with this system, please contact the itSMF, on +44 (0) 118
918 6500 or email support@itsmf.co.uk
Service Level Management
Service level management is the name given to the processes of planning, negotiating, co-
ordinating, monitoring, and reporting on Service Level Agreements (SLAs). The process
includes the on-going review of service achievement to ascertain that the required service
quality is maintained and wherever necessary improved.
SLAs contain specific targets against which performance can be evaluated. They also define
the responsibilities placed on all parties, in particular binding Service Delivery to offer an
agreed quality of service so long as the users constrain their demands within agreed limits.
The relationship between Service Delivery and its customers is therefore put on to a formal
business-like footing similar to those which exist between Service Delivery and its suppliers.
When used in conjunction with the financial management process, service level
management provides the basis for running Service Delivery as a business or profit centre.
Service level management provides a number of benefits not least of which is that it enables
specific targets to aim for and against which service quality can be monitored and measured.
Furthermore, service monitoring will allow weaknesses in existing services to be identified,
so that the quality of service provision can be improved.
Level 1: Pre-requisites
1. Are at least some service level management (SLM) activities established within the Yes No
organisation, e.g. service definition, negotiation of SLA's etc?
5. Has the appropriate data on which to base service levels been determined? Yes No
6. Are there agreed procedures by which Service Level Agreements are negotiated Yes No
and reviewed?
9. Are there mechanisms for monitoring and reviewing existing service levels? Yes No
10. Does the service catalogue give a clear and accurate picture of all services being Yes No
provided?
Yes No
12. Do you have a mechanism leading to service improvement? Yes No
16. Have all existing SLAs been reviewed and agreed by customers? Yes No
17. Do the majority of SLAs have underpinning contracts and OLAs in place? Yes No
18. Are there mechanisms in place to monitor and measure all items in existing SLAs? Yes No
20. Are the majority of SLAs, OLAs and underpinning contracts current? Yes No
22. Do you have a mechanism for keeping your service catalogue in line with Yes No
new/changed services?
23. Do you use service records to provide management and customers with Yes No
meaningful information on the quality of service?
Level 3: Products
24. Are standard service reports produced regularly? Yes No
25. Are the services and their components explicitly defined and what is excluded Yes No
documented in SLA's?
26. Do SLAs have clearly identified key targets for service hours, availability, reliability, Yes No
support, response times and change handling?
29. Are the personnel responsible for SLM activities suitably trained? Yes No
30. Does the organisation set and review either targets or objectives for SLM? Yes No
31. Does the organisation use any tools to support SLM? Yes No
Yes No
33. Do you provide management with information concerning trends in service level Yes No
breaches?
34. Do you provide management with information concerning standard service Yes No
offerings?
35. Do you provide management with information concerning number of requests for Yes No
new/changed services?
36. Do you provide management with information concerning trends in service level Yes No
request?
37. Are SLA monitoring charts provided to give an overview of how achievements Yes No
have measured up to targets?
39. When negotiating service levels does SLM consult other service delivery and Yes No
support areas like Capacity Management, Financial Management for IT Services,
Service Desk and Change Management?
40. Is SLM consulted by Change Management concerning potential impact of changes Yes No
to agreed service levels?
41. Does SLM ensure that the service catalogue is integrated and maintained as part Yes No
of the Configuration Management database (CMDB)?
42. Does SLM ensure that the incident and problem handling targets included in SLAs Yes No
are the same as those in the Service Desk tools?
44. Do you check with the customer that they are happy with the services provided? Yes No
46. Are you feeding customer survey information into the service improvement Yes No
agenda?
47. Are you monitoring the customers value perception of the services provided to Yes No
them?
Service Level Management Results
Your Score
Summary
Score Pass
Pre-Requisites 0 75
Management Intent 0 75
Process Capability 0 82
Internal Integration 0 75
Products 0 80
Quality Control 0 83
Management Information 0 75
External Integration 0 85
SLAs contain specific targets against which performance can be evaluated. They also define
the responsibilities placed on all parties, in particular binding Service Delivery to offer an
agreed quality of service so long as the users constrain their demands within agreed limits.
The relationship between Service Delivery and its customers is therefore put on to a formal
business-like footing similar to those which exist between Service Delivery and its suppliers.
When used in conjunction with the financial management process, service level
management provides the basis for running Service Delivery as a business or profit centre.
Service level management provides a number of benefits not least of which is that it enables
specific targets to aim for and against which service quality can be monitored and measured.
Furthermore, service monitoring will allow weaknesses in existing services to be identified,
so that the quality of service provision can be improved.
Level 1: Pre-requisites
1. Are at least some service level management (SLM) activities established within the No
organisation, e.g. service definition, negotiation of SLA's etc?
5. Has the appropriate data on which to base service levels been determined? No
6. Are there agreed procedures by which Service Level Agreements are negotiated No
and reviewed?
10. Does the service catalogue give a clear and accurate picture of all services being No
provided?
16. Have all existing SLAs been reviewed and agreed by customers? No
17. Do the majority of SLAs have underpinning contracts and OLAs in place? No
18. Are there mechanisms in place to monitor and measure all items in existing SLAs? No
20. Are the majority of SLAs, OLAs and underpinning contracts current? No
22. Do you have a mechanism for keeping your service catalogue in line with No
new/changed services?
23. Do you use service records to provide management and customers with No
meaningful information on the quality of service?
Level 3: Products
24. Are standard service reports produced regularly? No
25. Are the services and their components explicitly defined and what is excluded No
documented in SLA's?
26. Do SLAs have clearly identified key targets for service hours, availability, reliability, No
support, response times and change handling?
29. Are the personnel responsible for SLM activities suitably trained? No
30. Does the organisation set and review either targets or objectives for SLM? No
33. Do you provide management with information concerning trends in service level No
breaches?
35. Do you provide management with information concerning number of requests for No
new/changed services?
36. Do you provide management with information concerning trends in service level No
request?
37. Are SLA monitoring charts provided to give an overview of how achievements No
have measured up to targets?
39. When negotiating service levels does SLM consult other service delivery and No
support areas like Capacity Management, Financial Management for IT Services,
Service Desk and Change Management?
41. Does SLM ensure that the service catalogue is integrated and maintained as part No
of the Configuration Management database (CMDB)?
42. Does SLM ensure that the incident and problem handling targets included in SLAs No
are the same as those in the Service Desk tools?
44. Do you check with the customer that they are happy with the services provided? No
46. Are you feeding customer survey information into the service improvement No
agenda?
47. Are you monitoring the customers value perception of the services provided to No
them?
Financial Management for IT Services
Financial management for IT services is concerned with helping the business to assess
whether its IT Service is doing the best it can with the money it has. The business has to
understand the true costs of providing a service and manage these costs professionally.
Financial Management of IT Services implements IT Accounting and Budgeting processes,
and often Charging processes for these IT Services, allocating IT expenditure to services
and recovering the costs of those services from the business customers to whom they are
provided.
Level 1: Pre-requisites
1. Are at least some financial management activities established within the Yes No
organisation, e.g. cost forecasting, expenditure budgeting, service cost
management?
3. Has the organisation established financial data recording for workloads, services, Yes No
hardware and software?
5. Has the scope of financial management activities and any applicable pricing Yes No
policies been determined?
Yes No
6. Have goals for financial management in relation to IT expenditure and charging (IT Yes No
cost recovery) been made explicit?
7. Are there agreed procedures covering the calculation and registration of IT costs? Yes No
9. Are there explicit procedures for expenditure planning and budgeting? Yes No
10. Are budgets monitored and are there regular reports on expenditure vs budget? Yes No
11. Are there explicit procedures for procuring goods and services? Yes No
12. Are there suitable mechanisms for capturing and allocating incurred costs? Yes No
13. Do you have procedures for forecasting unit costs for resources / services? Yes No
15. Have limits been set for capital and operational expenditure? Yes No
18. Do you have procedures for determining items which will incur service charges? Yes No
19. Do you have procedures for collecting cost and charging data at regular intervals? Yes No
20. Do you have procedures for escalation in case of budget overruns? Yes No
22. Do you have procedures for compiling summaries on income versus expenditure? Yes No
24. Are charging rates, if any, determined and evaluated on the basis of actual cost Yes No
information and charging policy?
25. Is the cost classification and registration in line with the defined formal cost Yes No
allocation structure?
Level 3: Products
Yes No
26. Are standard reports concerning expenditure and income produced on a regular Yes No
basis?
28. Is the sum of items costed equal to the total cost of providing the IT Services? Yes No
30. Do you produce invoices for your customers, based on the central cost allocation Yes No
and cost recovery structure?
35. Are the personnel responsible for financial management activities suitably trained? Yes No
36. Does the organisation set and review either targets or objectives for financial Yes No
management?
37. Does the organisation use suitable tools to support the financial management Yes No
process?
39. Does Financial Management for IT Services provide information concerning actual Yes No
costs of providing resources and services against planned costs?
40. Does Financial Management for IT Services provide information concerning Yes No
financial targets for cost recovery?
41. Does Financial Management for IT Services provide information concerning Yes No
estimated amount and cost of resources to be provided or 'sold' during the next
financial year?
42. Does Financial Management for IT Services provide information concerning actual Yes No
income by resource, service and customer against planned income?
43. Does Financial Management for IT Services provide information concerning Yes No
performance of managing service costs against financial target?
44. Does Financial Management for IT Services provide information concerning Yes No
actions necessary to achieve financial targets?
45. Does Financial Management for IT Services provide information concerning Yes No
analysis of deviations from plans?
Yes No
46. Does Financial Management for IT Services provide information concerning the Yes No
current charging policies & IT Accounting methods?
48. Does Financial Management exchange information with Service Management Yes No
covering cost total, broken down by business area?
49. Does Financial Management exchange information with Service Management Yes No
covering revenue total, broken down by business area?
50. Does Financial Management exchange information with Service Management Yes No
covering problems and costs associated with IT accounting?
51. Does Financial Management exchange information with Service Management Yes No
covering information pertinent to service charging?
52. Does Financial Management exchange information with Capacity Management to Yes No
determine pricing policy?
53. Does Financial Management exchange information with Capacity Management to Yes No
forecast unit costs?
54. Does Financial Management exchange information with Capacity Management for Yes No
planning cost recovery?
55. Does Financial Management exchange information with Change Management in Yes No
order to manage service costs (review of service levels, prices charged for
resources, etc.)?
60. Do you check with the customer if they are happy with the services provided? Yes No
62. Are you feeding customer survey information into the service improvement Yes No
agenda?
63. Are you monitoring the customers value perception of the services provided to Yes No
them?
Financial Management Results
Your Score
Summary
Score Pass
Pre-Requisites 0 75
Management Intent 0 80
Process Capability 0 82
Internal Integration 0 75
Products 0 66
Quality Control 0 83
Management Information 0 76
External Integration 0 86
Level 1: Pre-requisites
1. Are at least some financial management activities established within the No
organisation, e.g. cost forecasting, expenditure budgeting, service cost
management?
3. Has the organisation established financial data recording for workloads, services, No
hardware and software?
5. Has the scope of financial management activities and any applicable pricing No
policies been determined?
6. Have goals for financial management in relation to IT expenditure and charging (IT No
cost recovery) been made explicit?
7. Are there agreed procedures covering the calculation and registration of IT costs? No
10. Are budgets monitored and are there regular reports on expenditure vs budget? No
11. Are there explicit procedures for procuring goods and services? No
12. Are there suitable mechanisms for capturing and allocating incurred costs? No
13. Do you have procedures for forecasting unit costs for resources / services? No
15. Have limits been set for capital and operational expenditure? No
18. Do you have procedures for determining items which will incur service charges? No
19. Do you have procedures for collecting cost and charging data at regular intervals? No
22. Do you have procedures for compiling summaries on income versus expenditure? No
24. Are charging rates, if any, determined and evaluated on the basis of actual cost No
information and charging policy?
25. Is the cost classification and registration in line with the defined formal cost No
allocation structure?
Level 3: Products
26. Are standard reports concerning expenditure and income produced on a regular No
basis?
28. Is the sum of items costed equal to the total cost of providing the IT Services? No
30. Do you produce invoices for your customers, based on the central cost allocation No
and cost recovery structure?
35. Are the personnel responsible for financial management activities suitably trained? No
36. Does the organisation set and review either targets or objectives for financial No
management?
37. Does the organisation use suitable tools to support the financial management No
process?
39. Does Financial Management for IT Services provide information concerning actual No
costs of providing resources and services against planned costs?
42. Does Financial Management for IT Services provide information concerning actual No
income by resource, service and customer against planned income?
46. Does Financial Management for IT Services provide information concerning the No
current charging policies & IT Accounting methods?
54. Does Financial Management exchange information with Capacity Management for No
planning cost recovery?
60. Do you check with the customer if they are happy with the services provided? No
62. Are you feeding customer survey information into the service improvement No
agenda?
63. Are you monitoring the customers value perception of the services provided to No
them?
Capacity Management
The aim of Capacity Management is to match the supply of IT resources to customer
demands for them. The process is needed to support the optimum and cost-effective
provision of IT services by helping organisations to match their IT resources to the demands
of the business. It is concerned with having the appropriate IT capacity and with making the
best use of it.
The demand for IT resources is based on agreeing with users of IT services, levels to which
those services will be delivered, based on business requirements and embodied within
service level agreements.
The customer's needs are assessed by forecasting the likely growth in demand for current
services and by sizing new service elements. The desired service levels required can then be
agreed with service users, based on business needs. The sub-processes associated with
capacity management are concerned with forecasting workload, sizing applications, and
maintaining a Capacity Plan in order to meet existing and future needs.
The Capacity Plan is beneficial to both Systems Management and Purchasing in order to
gain visibility of the schedule and likely infrastructure changes necessary to maintain service
at the required levels.
Level 1: Pre-requisites
1. Are at least some capacity management activities established within the Yes No
organisation, e.g. monitoring of usage and performance, capacity planning, sizing
of service elements etc?
3. Are monitors available for hardware, software, networking & peripherals and does Yes No
Capacity Management have access to them?
8. Is the organisation committed to the proactive management of the capacity of the Yes No
network, servers and desk-top equipment?
Level 2: Process Capability
9. Have responsibilities for capacity management activities been assigned? Yes No
10. Is there a process in place to ensure future business requirements for IT services Yes No
are incorporated into capacity management plans?
11. Does the organisation have a process to ensure that there is sufficient capacity to Yes No
support planned services?
12. Are services detailed in SLA's monitored, measured and growth/performance Yes No
predicted?
13. Are there mechanisms for analysing system usage and for reporting on Yes No
performance?
14. Are service elements both defined and sized for new services? Yes No
16. Do you model systems behaviour under various workloads and provide tuning Yes No
recommendations?
17. Is Capacity Management incorporated into all change and project planning Yes No
processes?
18. Is the utilisation of each resource and service monitored on an on-going basis? Yes No
21. Do you perform market testing of new and emerging technologies? Yes No
22. Does the capacity management process provide input to the business continuity Yes No
process?
24. Do you analyse usage and performance data in order to optimise resource Yes No
utilisation?
25. Are required service levels and forecasts used to define and size service Yes No
elements?
26. Do you identify variances, trends and deviations from plans in the utilisation of Yes No
resources?
Level 3: Products
27. Do you have a Capacity Management Database? Yes No
Yes No
29. Is the Capacity Management Database aligned with the Configuration Yes No
Management Database?
30. Are standard reports concerning performance produced on a regular basis? Yes No
31. Are standard reports concerning the use and allocation of key resources produced Yes No
on a regular basis?
32. Do you produce forecasts of new workloads and their resource requirements? Yes No
34. Are the personnel responsible for capacity management activities suitably trained? Yes No
35. Does the organisation set and review either targets or objectives for capacity Yes No
management?
36. Does the organisation have suitable tools to support capacity management Yes No
activities?
39. Does Capacity Management provide information concerning performance trends? Yes No
41. Does Capacity Management provide information concerning details of proposed Yes No
new workloads?
43. Does Capacity Management provide information concerning variances between Yes No
planned and actual capacity utilisation?
45. Does Capacity Management exchange information with Service Level Yes No
Management concerning services and workloads to be monitored?
46. Does Capacity Management exchange information with Service Level Yes No
Management concerning proposed service levels for new workloads?
Yes No
47. Does Capacity Management exchange information with Financial Management for Yes No
IT Services concerning chargeable resource utilisation?
49. Does Capacity Management exchange information with Change Management for Yes No
details of any changes proposed to existing workloads and to feed back the results
of a performance impact analysis?
50. Does Capacity Management exchange information with IT Service Continuity Yes No
Management to incorporate ITSCM requirements for all recovery options into the
Capacity Plan?
51. Does Capacity Management exchange information with IT Service Continuity Yes No
Management to assess the impact of RFCs on recovery options?
52. Does Capacity Management share use of the CMDB and other common tools for Yes No
planning, monitoring and alerting with Availability Management?
53. Does Capacity Management exchange information with Applications Management Yes No
regarding the development of new and existing systems?
55. Do you check with the customer if they are happy with the services provided? Yes No
57. Are you feeding customer survey information into the service improvement Yes No
agenda?
58. Are you monitoring the customers value perception of the services provided to Yes No
them?
Capacity Management Results
Your Score
Summary
Score Pass
Pre-Requisites 0 75
Management Intent 0 62
Process Capability 0 84
Internal Integration 0 66
Products 0 80
Quality Control 0 83
Management Information 0 80
External Integration 0 81
Capacity Management
The aim of Capacity Management is to match the supply of IT resources to customer
demands for them. The process is needed to support the optimum and cost-effective
provision of IT services by helping organisations to match their IT resources to the demands
of the business. It is concerned with having the appropriate IT capacity and with making the
best use of it.
The demand for IT resources is based on agreeing with users of IT services, levels to which
those services will be delivered, based on business requirements and embodied within
service level agreements.
The customer's needs are assessed by forecasting the likely growth in demand for current
services and by sizing new service elements. The desired service levels required can then be
agreed with service users, based on business needs. The sub-processes associated with
capacity management are concerned with forecasting workload, sizing applications, and
maintaining a Capacity Plan in order to meet existing and future needs.
The Capacity Plan is beneficial to both Systems Management and Purchasing in order to
gain visibility of the schedule and likely infrastructure changes necessary to maintain service
at the required levels.
Level 1: Pre-requisites
1. Are at least some capacity management activities established within the No
organisation, e.g. monitoring of usage and performance, capacity planning, sizing
of service elements etc?
3. Are monitors available for hardware, software, networking & peripherals and does No
Capacity Management have access to them?
10. Is there a process in place to ensure future business requirements for IT services No
are incorporated into capacity management plans?
11. Does the organisation have a process to ensure that there is sufficient capacity to No
support planned services?
13. Are there mechanisms for analysing system usage and for reporting on No
performance?
14. Are service elements both defined and sized for new services? No
16. Do you model systems behaviour under various workloads and provide tuning No
recommendations?
17. Is Capacity Management incorporated into all change and project planning No
processes?
18. Is the utilisation of each resource and service monitored on an on-going basis? No
22. Does the capacity management process provide input to the business continuity No
process?
24. Do you analyse usage and performance data in order to optimise resource No
utilisation?
25. Are required service levels and forecasts used to define and size service No
elements?
26. Do you identify variances, trends and deviations from plans in the utilisation of No
resources?
Level 3: Products
27. Do you have a Capacity Management Database? No
31. Are standard reports concerning the use and allocation of key resources produced No
on a regular basis?
32. Do you produce forecasts of new workloads and their resource requirements? No
34. Are the personnel responsible for capacity management activities suitably trained? No
35. Does the organisation set and review either targets or objectives for capacity No
management?
36. Does the organisation have suitable tools to support capacity management No
activities?
47. Does Capacity Management exchange information with Financial Management for No
IT Services concerning chargeable resource utilisation?
49. Does Capacity Management exchange information with Change Management for No
details of any changes proposed to existing workloads and to feed back the results
of a performance impact analysis?
52. Does Capacity Management share use of the CMDB and other common tools for No
planning, monitoring and alerting with Availability Management?
55. Do you check with the customer if they are happy with the services provided? No
57. Are you feeding customer survey information into the service improvement No
agenda?
58. Are you monitoring the customers value perception of the services provided to No
them?
IT Service Continuity Management
IT service continuity management (ITSCM) is concerned with the organisation’s ability to
continue to provide a pre-determined and agreed level of IT services to support the minimum
business requirements following a business service interruption.
ITSCM is a vital subset of, and provides support to the overall business continuity
management (BCM) process by ensuring that the required IT services / facilities (including
computer systems, networks, applications, telecommunications, technical support and
Service Desk) can be recovered within required and agreed business time-scales.
The ITSCM process is based on the identification of the required, minimum levels of
business operation that are required following an incident, and the necessary systems,
facilities and service requirements. It is driven by these business needs, not by the perceived
needs of the IT community, and requires senior management commitment.
Risk Management:
This covers the active management of identified risks, beyond the normal recovery
procedures embodied in the contingency plans, with particular emphasis on prevention or
reduction of risk.
Level 1: Pre-requisites
1. Are at least some IT service continuity activities established within the Yes No
organisation, e.g. business impact assessment, development of recovery plans?
2. Have the minimum operational requirements been determined by the business? Yes No
6. Has the scope of IT service continuity activity been determined – i.e. identifying, Yes No
prioritising and documenting all business critical processes?
9. Are the necessary resources being made available for the complete business Yes No
continuity life-cycle stages through a strategic directive?
11. Have the minimum business critical requirements been determined through Yes No
business impact analysis?
13. Is there an overall co-ordination plan for implementation, including emergency Yes No
response, damage assessment, salvage, identification of vital records etc?
14. Have the ITSCM components for business continuity been identified? Yes No
15. Is there a check-list covering the specific actions required during all stages of Yes No
recovery of the system?
16. Is there a formal procedure for testing and reviewing contingency plans? Yes No
19. Is guidance on the invocation process readily available, including details of Yes No
associated action and decision points?
22. Do business continuity planners inform ITSC management of the required service Yes No
criticality / priority?
23. Are ITSCM plans regularly reviewed, and the procedures and processes tested Yes No
and updated where necessary?
24. Is there an established planning structure clearly identifying responsibility for Yes No
overall co-ordination of the recovery?
Yes No
25. Are the technical activities necessary in order to invoke the contingency measures Yes No
fully documented, so that IT personnel can undertake recovery actions?
Level 3: Products
26. Are reports concerning risk assessments and risk mitigation measures produced Yes No
regularly?
27. Does ITSC management produce reports on alternative IT contingency planning Yes No
options that would provide potentially acceptable service levels for cost
consideration?
28. Are formal Requests for Change issued in order to amend ITSCM arrangements? Yes No
30. Are the personnel responsible for ITSCM activities suitably trained? Yes No
31. Does the organisation set and review either targets or objectives for ITSCM? Yes No
32. Does the organisation use any tools or proprietary methods for conducting risk Yes No
assessments and/or keeping the IT contingency plans up-to-date?
34. Does ITSC management provide information concerning IT contingency planning Yes No
options?
35. Does ITSC management provide information concerning the IT contingency plans? Yes No
36. Does ITSC management provide information concerning changes to the IT Yes No
contingency plans?
37. Does ITSC management provide information concerning verification tests of Yes No
recovery plans?
38. Does ITSC management provide information concerning risk mitigation (source Yes No
and nature of risk, proportion avoided / reduced)?
39. Does ITSC management provide information concerning effectiveness of business Yes No
continuity strategy?
41. Does ITSC management exchange information with Availability Management for Yes No
risk mitigation?
Yes No
42. Does ITSC management exchange information with Availability Management for Yes No
testing availability management components of the plan, including operating level
agreements / support contracts?
43. Does ITSC management exchange information with Change Management for Yes No
consideration of changes which may affect the currency and accuracy of IT
Continuity Plans?
44. Does ITSC management exchange information with Change Management for Yes No
assessment of proposed changes and actions necessary to avoid / reduce risks?
45. Does ITSC management exchange information with Capacity Management for Yes No
consideration of capacity / storage risks and implications?
46. Does ITSC management exchange information with Capacity Management for Yes No
specific capacity / storage requirements for recovery plan tests?
47. Does ITSC exchange information with Service Level Management for cross- Yes No
references between SLAs and IT contingency plans, and specific service levels
during contingency or recovery situations?
48. Does ITSC management exchange information with Configuration Management for Yes No
contingency requirements and final configuration details, ensuring currency of
configuration details used?
49. Does ITSC management exchange information with Configuration Management for Yes No
full relationship between components and services?
50. Does ITSC management exchange information with Problem Management and Yes No
Incident Management for reviewing major incidents?
51. Does ITSC management exchange information with Problem Management and Yes No
Incident Management for discussion of problems where cause / resolution is
possibly within the domain of ITSC management?
53. Do you check with the customer that they are happy with the services provided? Yes No
55. Are you feeding customer survey information into the service improvement Yes No
agenda?
56. Are you monitoring the customers value perception of the services provided to Yes No
them?
IT Service Continuity Results
Your Score
Summary
Score Pass
Pre-Requisites 0 75
Management Intent 0 80
Process Capability 0 76
Internal Integration 0 71
Products 0 75
Quality Control 0 83
Management Information 0 81
External Integration 0 88
ITSCM is a vital subset of, and provides support to the overall business continuity
management (BCM) process by ensuring that the required IT services / facilities (including
computer systems, networks, applications, telecommunications, technical support and
Service Desk) can be recovered within required and agreed business time-scales.
The ITSCM process is based on the identification of the required, minimum levels of
business operation that are required following an incident, and the necessary systems,
facilities and service requirements. It is driven by these business needs, not by the perceived
needs of the IT community, and requires senior management commitment.
Risk Management:
This covers the active management of identified risks, beyond the normal recovery
procedures embodied in the contingency plans, with particular emphasis on prevention or
reduction of risk.
Level 1: Pre-requisites
1. Are at least some IT service continuity activities established within the No
organisation, e.g. business impact assessment, development of recovery plans?
2. Have the minimum operational requirements been determined by the business? No
6. Has the scope of IT service continuity activity been determined – i.e. identifying, No
prioritising and documenting all business critical processes?
9. Are the necessary resources being made available for the complete business No
continuity life-cycle stages through a strategic directive?
11. Have the minimum business critical requirements been determined through No
business impact analysis?
14. Have the ITSCM components for business continuity been identified? No
15. Is there a check-list covering the specific actions required during all stages of No
recovery of the system?
16. Is there a formal procedure for testing and reviewing contingency plans? No
23. Are ITSCM plans regularly reviewed, and the procedures and processes tested No
and updated where necessary?
25. Are the technical activities necessary in order to invoke the contingency measures No
fully documented, so that IT personnel can undertake recovery actions?
Level 3: Products
26. Are reports concerning risk assessments and risk mitigation measures produced No
regularly?
28. Are formal Requests for Change issued in order to amend ITSCM arrangements? No
30. Are the personnel responsible for ITSCM activities suitably trained? No
31. Does the organisation set and review either targets or objectives for ITSCM? No
32. Does the organisation use any tools or proprietary methods for conducting risk No
assessments and/or keeping the IT contingency plans up-to-date?
35. Does ITSC management provide information concerning the IT contingency plans? No
38. Does ITSC management provide information concerning risk mitigation (source No
and nature of risk, proportion avoided / reduced)?
41. Does ITSC management exchange information with Availability Management for No
risk mitigation?
42. Does ITSC management exchange information with Availability Management for No
testing availability management components of the plan, including operating level
agreements / support contracts?
43. Does ITSC management exchange information with Change Management for No
consideration of changes which may affect the currency and accuracy of IT
Continuity Plans?
44. Does ITSC management exchange information with Change Management for No
assessment of proposed changes and actions necessary to avoid / reduce risks?
45. Does ITSC management exchange information with Capacity Management for No
consideration of capacity / storage risks and implications?
46. Does ITSC management exchange information with Capacity Management for No
specific capacity / storage requirements for recovery plan tests?
47. Does ITSC exchange information with Service Level Management for cross- No
references between SLAs and IT contingency plans, and specific service levels
during contingency or recovery situations?
48. Does ITSC management exchange information with Configuration Management for No
contingency requirements and final configuration details, ensuring currency of
configuration details used?
49. Does ITSC management exchange information with Configuration Management for No
full relationship between components and services?
50. Does ITSC management exchange information with Problem Management and No
Incident Management for reviewing major incidents?
51. Does ITSC management exchange information with Problem Management and No
Incident Management for discussion of problems where cause / resolution is
possibly within the domain of ITSC management?
53. Do you check with the customer that they are happy with the services provided? No
55. Are you feeding customer survey information into the service improvement No
agenda?
56. Are you monitoring the customers value perception of the services provided to No
them?
Availability Management
Availability management is the optimisation of the availability and reliability of IT services and
of the supporting IT infrastructure and organisation, in order to ensure that the requirements
of the business are met.
Availability management entails systematically undertaking preventative and corrective
maintenance of IT services, within justifiable cost. Technical, organisational, procedural,
security and contractual aspects have an important role in this process.
Reliability:
the capability of an IT component to perform a required function under stated conditions for a
stated period of time.
Maintainability:
the capability of an IT component or IT service to be retained in, or restored to, a state in
which it can perform its required functions.
Serviceability:
a contractual term which is used to define the availability of IT components as agreed with
external organisations supplying and maintaining these components.
Security:
providing access to IT components or IT services under secure conditions.
Level 1: Pre-requisites
1. Are at least some availability management activities established within the Yes No
organisation, e.g. monitoring of service components, analysis of service
availability?
3. Have the availability requirements of the business been identified and Yes No
documented?
4. Are there mechanisms in place for identifying service (un)availability and IT Yes No
component failure?
10. Has the scope of availability management been established within the Yes No
organisation?
11. Do you have procedures for monitoring, analysing, and forecasting service Yes No
availability?
12. Do you have procedures for agreeing, monitoring and measuring contracted Yes No
service support?
14. Do you have procedures for managing data backup and recovery? Yes No
15. Do you have defined targets for the availability, reliability and maintainability of IT Yes No
infrastructure components that are documented and agreed in SLAs, OLAs and
contracts?
16. Do you carry out monitoring and trend analysis of the availability, reliability and Yes No
maintainability of IT infrastructure components?
17. Do you investigate the underlying reasons for unacceptable availability? Yes No
18. Do you produce and maintain an availability plan that prioritises and plans for IT Yes No
availability improvements?
21. Are service availability details used to identify trends and to forecast future service Yes No
availability levels?
22. Are proposed changes to improve service availability underpinned with service Yes No
availability trends and forecasts?
23. Are availability design criteria reviewed to provide additional resilience to prevent Yes No
or minimise the impact on the business?
24. Are all new/changed configuration items designed and tested to meet the Yes No
availability criteria?
Level 3: Products
25. Are standard reports on IT service availability produced on a regular basis? Yes No
Yes No
27. Do the measures and reporting on availability, reliability and maintainability Yes No
accurately reflect the perspectives of the business, User and IT support
organisation?
28. Are formal Requests for Change issued to request service availability improvement Yes No
measures?
30. Are the personnel responsible for availability management activities suitably Yes No
trained?
31. Does the organisation set and review either targets or objectives for availability Yes No
management?
32. Does the organisation use suitable tools to support the availability management Yes No
process?
34. Does Availability Management provide information concerning response times? Yes No
41. Does Availability Management exchange information with Problem Management Yes No
concerning IT service downtime?
42. Does Availability Management exchange information with Problem Management Yes No
concerning configuration items which are the root cause of service disruption?
Yes No
43. Does Availability Management exchange information with Problem Management Yes No
concerning the need for change or preventative maintenance as proactive problem
management measures?
44. Does Availability Management exchange information with Capacity Management Yes No
for ensuring that the availability plan takes into account trends in system usage?
45. Does Availability Management exchange information with Change Management Yes No
concerning proposed change assessments?
46. Does Availability Management exchange information with Change Management Yes No
concerning changes necessary to improve IT service availability?
47. Does Availability Management exchange information with Service Management to Yes No
agree targets for the availability, reliability and maintainability of the IT
infrastructure components that underpin IT Service(s)?
48. Does Availability Management exchange information with ITSCM to formulate the Yes No
availability and recovery design criteria for the IT infrastructure?
49. Does Availability Management exchange information with Financial Management Yes No
for IT Services to assess the cost of non-availability of services and help justify
improvements identified within availability plans?
50. Does Availability Management exchange information with the Service Desk Yes No
concerning end-user complaints of poor IT service availability?
54. Do you check with the customer that they are happy with the services provided? Yes No
56. Are you feeding customer survey information into the service improvement Yes No
agenda?
57 Are you monitoring the customers value perception of the services provided to Yes No
them?
Availability Management Results
Your Score
Summary
Score Pass
Pre-Requisites 0 66
Management Intent 0 75
Process Capability 0 55
Internal Integration 0 71
Products 0 80
Quality Control 0 83
Management Information 0 84
External Integration 0 87
Availability Management
Availability management is the optimisation of the availability and reliability of IT services and
of the supporting IT infrastructure and organisation, in order to ensure that the requirements
of the business are met.
Availability management entails systematically undertaking preventative and corrective
maintenance of IT services, within justifiable cost. Technical, organisational, procedural,
security and contractual aspects have an important role in this process.
Reliability:
the capability of an IT component to perform a required function under stated conditions for a
stated period of time.
Maintainability:
the capability of an IT component or IT service to be retained in, or restored to, a state in
which it can perform its required functions.
Serviceability:
a contractual term which is used to define the availability of IT components as agreed with
external organisations supplying and maintaining these components.
Security:
providing access to IT components or IT services under secure conditions.
Level 1: Pre-requisites
1. Are at least some availability management activities established within the No
organisation, e.g. monitoring of service components, analysis of service
availability?
10. Has the scope of availability management been established within the No
organisation?
11. Do you have procedures for monitoring, analysing, and forecasting service No
availability?
12. Do you have procedures for agreeing, monitoring and measuring contracted No
service support?
14. Do you have procedures for managing data backup and recovery? No
15. Do you have defined targets for the availability, reliability and maintainability of IT No
infrastructure components that are documented and agreed in SLAs, OLAs and
contracts?
16. Do you carry out monitoring and trend analysis of the availability, reliability and No
maintainability of IT infrastructure components?
18. Do you produce and maintain an availability plan that prioritises and plans for IT No
availability improvements?
21. Are service availability details used to identify trends and to forecast future service No
availability levels?
22. Are proposed changes to improve service availability underpinned with service No
availability trends and forecasts?
23. Are availability design criteria reviewed to provide additional resilience to prevent No
or minimise the impact on the business?
24. Are all new/changed configuration items designed and tested to meet the No
availability criteria?
Level 3: Products
25. Are standard reports on IT service availability produced on a regular basis? No
28. Are formal Requests for Change issued to request service availability improvement No
measures?
30. Are the personnel responsible for availability management activities suitably No
trained?
31. Does the organisation set and review either targets or objectives for availability No
management?
32. Does the organisation use suitable tools to support the availability management No
process?
48. Does Availability Management exchange information with ITSCM to formulate the No
availability and recovery design criteria for the IT infrastructure?
50. Does Availability Management exchange information with the Service Desk No
concerning end-user complaints of poor IT service availability?
54. Do you check with the customer that they are happy with the services provided? No
56. Are you feeding customer survey information into the service improvement No
agenda?
57 Are you monitoring the customers value perception of the services provided to No
them?