Professional Documents
Culture Documents
FitSM Advanced Training SOC V2.5 PDF
FitSM Advanced Training SOC V2.5 PDF
FitSM Advanced Training SOC V2.5 PDF
1
Purpose of this training
3
FitSM qualification program
Expert Level
Advanced Level
2 days 2 days
Advanced training in Advanced training in
service planning and delivery service operation and control
Foundation Level
4
Agenda of this training
5
FitSM Foundation Wrap-Up & ITSM Basics
6
What is a service?
What is the key purpose of the Which additional factors will impact
service? the customers’ service quality /
performance perception?
7
IT service management
Note: The activities carried out in the ITSM context should be directed by policies
and structured and organised by processes and supporting procedures.
8
Service management system (SMS)
security policy
Control level
Process: Inputs Process managers
Process teams
Activities and roles
e.g. incident management,
change management, security Outputs
management, …
Operational level
Departments
Person (in a role) Proce- Functions
dures
e.g. procedures for Persons
classifying and prioritizing
applies incidents
10
Policies and processes
Note: Policies are then realised in processes, which are in turn made up of
procedures that people carry out.
11
Activities and procedures
12
What is a process?
The development of the FitSM standards is supported and funded by the European
Commission through the EC-FP7 project “FedSM” under contract number 312851.
14
FitSM parts
Terminology
FitSM-0
Overview & vocabulary
Requirements
FitSM-1
Requirements
FitSM-2 FitSM-3
Support & Guidance
FitSM-5 FitSM-6
FitSM-4
Selected Maturity and
Selected templates
implementation capability assess-
and samples
guides ment scheme
15
FitSM logic
16
FitSM: ITSM process framework
17
Related standards and frameworks
ISO 9000
Legend
IT service management
ITIL FitSM standard / framework
Quality management
standard
Information security
COBIT
management standard
Software engineering
maturity model
18
ITIL, ISO/IEC 20000, COBIT
IT Infrastructure Library
• Number of books with "good practice" • Most popular and wide-
in IT Service Management spread framework
• Slogan: "the key to managing IT • Not a "real" standard, but
services" often related to as "de-facto
• Descriptions of key principles, standard"
concepts and processes in ITSM • 5 books released by the
British Cabinet Office
ISO/IEC 20000
• International standard for managing • Developed by a joint
ISO/IEC 20000 and delivering IT services committee (JTC) of ISO and IEC
• Defines the minimum requirements on • Based on ITIL, BS 15000
ITSM • Auditable, certifiable
Control Objectives for Information and
Related Technologies • Developed by ISACA
• IT Governance framework • can be combined with ITIL
• Specifies control objectives, metrics, and ISO/IEC 20000
maturity models
19
ISO 9000, ISO/IEC 27000, CMMI
ISO 9000
• International standard for quality • Applicable to all organizations
management and branches
ISO 9000 • Quality management principles • Auditable, certifiable
• Minimum requirements for a quality • Several documents
management system
ISO/IEC 27000
• International standard for information • Applicable to all organizations
security management and branches
ISO/IEC 27000 • Minimum requirements for an • Auditable, certifiable
information security management • Based on BS 7799
system (ISMS) • Auditable, certifiable
• More than 100 security controls • Several documents
Capability Maturity Model Integration
• Maturity and capability model • Developed by SEI (Software
• Organizational maturity assessment Engineering Institute),
Carnegie Mellon University
20
ITSM: Benefits and risks in practice
21
Challenges in federated IT infrastructures
Advisor
ITSM perspective
Matchmaker
24
Selected General Aspects of Establishing a
Service Management System
25
Overview
26
Top management responsibility
Why?
To ensure that top management of the organisation(s) involved
in the delivery of services is clearly committed to a service- and
process-oriented approach and that they fulfil their leadership
duties
27
Top management responsibility:
Important terms & concepts
Definition following FitSM-0:
Top management:
Senior management within the service provider organisation or federation who
set policies and exercise overall control of the organisation or federation.
28
Top management responsibility:
Requirements according to FitSM-1
GR1 Top Management Commitment & Responsibility
REQUIREMENTS
• GR1.1 Top management of the organisation(s) involved in the delivery of services shall show
evidence that they are committed to planning, implementing, operating, monitoring,
reviewing, and improving the service management system (SMS) and services. They shall:
o Assign one individual to be accountable for the overall SMS with sufficient authority to
exercise this role
o Define and communicate goals
o Define a general service management policy
o Conduct management reviews at planned intervals
• GR1.2 The service management policy shall include:
o A commitment to fulfil customer service requirements
o A commitment to a service-oriented approach
o A commitment to a process approach
o A commitment to continual improvement
o Overall service management goals
29
Documentation
Why?
To ensure that policies, processes and procedures and their
outputs are sufficiently documented to support and enhance
effectiveness and traceability of IT service management
30
Documentation:
Requirements according to FitSM-1
GR2 Documentation
REQUIREMENTS
• GR2.1 The overall SMS shall be documented to support effective planning. This
documentation shall include:
o Service management scope statement (see GR3)
o Service management policy (see GR1)
o Service management plan and related plans (see GR4)
• GR2.2 Documented definitions of all service management processes (see PR1-PR14) shall be
created and maintained. Each of these definitions shall at least cover or reference:
o Description of the goals of the process
o Description of the inputs, activities and outputs of the process
o Description of process-specific roles and responsibilities
o Description of interfaces to other processes
o Related process-specific policies as applicable
o Related process- and activity-specific procedures as required
31
Documentation:
Requirements according to FitSM-1
GR2 Documentation
REQUIREMENTS
• GR2.3 The outputs of all service management processes (see PR1-PR14) shall be documented,
and the execution of key activities of these processes recorded.
• GR2.4 Documentation shall be controlled, addressing the following activities as applicable:
o Creation and approval
o Communication and distribution
o Review
o Versioning and change tracking
32
Documentation:
Important terms & concepts
Definition following FitSM-0:
Document:
Information and its supporting medium
33
Documentation:
Examples
• Examples of documents that are not records:
– Policy
– Plan
– Process description
– Procedure definition
– Agreement
– Contract
• Examples of documents that are records:
– Ticket (e.g. incident / service request / change ticket)
– Training record
– Audit report
– Meeting minutes
– Visitor list / guestbook
34
Defining the scope of service management
Why?
To agree and document the extent and boundaries of the SMS by
clearly defining the service(s), organisation(s) and location(s) for
which the SMS is valid
35
Defining the scope of service management:
Requirements according to FitSM-1
GR3 Defining The Scope Of Service Management
REQUIREMENTS
• GR3.1 The scope of the SMS shall be defined and a scope statement created.
36
Defining the scope of service management:
Examples of scope statements
• Example:
The SMS of the ACME IT service unit that delivers Microsoft
Windows-based desktop and communication services from
their data center site in Amsterdam to all ACME business
units at locations in The Netherlands
37
The PDCA cycle applied to the SMS
Why?
To ensure that the SMS as a whole is solidly planned,
implemented, monitored and continually improved
38
Plan-Do-Check-Act Cycle (PDCA)
Maturity
Time
• Quality management approach according to W. E. Deming
• Cyclical optimization of quality leads to continual improvement
• Plan-Do-Check-Act can be applied to the whole service management system
39
PDCA applied to the SMS: Brief overview
40
Planning ITSM:
Requirements according to FitSM-1
GR4 Planning Service Management (PLAN)
REQUIREMENTS
• GR4.1 A service management plan shall be created and maintained.
• GR4.2 The service management plan shall at minimum include or reference:
o Goals and timing of implementing the SMS and the related processes
o Overall roles and responsibilities
o Required training and awareness activities
o Required technology (tools) to support the SMS
• GR4.3 Any plan shall be aligned to other plans and the overall service management plan.
41
Planning ITSM:
Roles and responsibilities
Description ITSM example Non-ITSM
example
Generic role A conceptual class of role which is Process manager Flight captain
instantiated in a specific context to
create a specific role
Specific role A concrete role which can be Incident manager Flight captain for
assigned to a person or team in order (process manager flight XX123 from
to give this person or team the for the incident and Munich to Brussels
responsibility for something service request
management
process) of an IT
service provider
42
Planning ITSM:
Generic roles according to FitSM-3
• SMS owner
• SMS manager
• Process owner (optional)
• Process manager
• Case owner
• Member of process staff
• Service owner
43
SMS owner: General tasks
46
Process manager: General tasks
47
Case owner: General tasks
Note: The role of a case owner is usually required in a process, if occurrences (e.g. incidents,
service requests, problems, changes, releases, …) or logical entities / objects (e.g. different types
of agreements, reports or plans, …) are managed by the process, and the process manager him- /
herself does not take over specific responsibility for all of these occurrences or entities.
48
Member of process staff: General tasks
49
Service owner: General tasks
50
Planning ITSM:
Summary of the role model
SMS owner
SMS manager Overall service management system (SMS)
Incident 142
Incident 143
Incident 144 Case owner
ISRM staff
51
Implementing ITSM:
Requirements according to FitSM-1
GR5 Implementing Service Management (DO)
REQUIREMENTS
• GR5.1 The service management plan shall be implemented.
• GR5.2 Within the scope of the SMS, the defined service management processes shall be
followed in practice, and their application, together with the adherence to related policies
and procedures, shall be enforced.
52
Monitoring and reviewing ITSM:
Requirements according to FitSM-1
GR6 Monitoring And Reviewing Service Management (CHECK)
REQUIREMENTS
• GR6.1 The effectiveness and performance of the SMS and its service management processes
shall be measured and evaluated based on suitable key performance indicators in support of
defined or agreed targets.
• GR6.2 Assessments and audits of the SMS shall be conducted to evaluate the level of maturity
and compliance.
53
Continually improving ITSM:
Requirements according to FitSM-1
GR7 Continually Improving Service Management (ACT)
REQUIREMENTS
• GR7.1 Nonconformities and deviations from targets shall be identified and corrective actions
shall be taken to prevent them from recurring.
• GR7.2 Improvements shall be planned and implemented according to the Continual Service
Improvement Management process (see PR14).
54
Agenda of this training
55
ITSM Processes for the Operation & Control
of Services
56
Overview
57
Common structure of the presentation of
ITSM processes in this training material
• Objective
• Important terms & concepts
• Process-specific requirements according to FitSM-1
• Initial process setup
• Inputs & outputs
• Ongoing process activities
• Roles
• Critical success factors & KPIs for selected
• Simplified application example ITSM processes
58
Overview
59
Incident & Service Request Management
(ISRM)
Objective
To restore normal / agreed service operation within the agreed
time after the occurrence of an incident, and to respond to user
service requests
60
ISRM: Important terms & concepts
Note: Service requests are often handled by the same process and tools as
incidents.
61
ISRM: Important terms & concepts
Note: Often incidents, service requests, problems and changes are given a priority.
In the case of incidents and problems, priority is usually based on the specific
impact and urgency of the situation.
62
ISRM: Service request or incident?
I forgot
my Wiki password!
?
I cannot access
my e-mails! ?
63
ISRM: Requirements according to FitSM-1
64
ISRM: Initial process setup
65
ISRM: Initial process setup
66
ISRM: Initial process setup
67
ISRM: Initial process setup
68
ISRM: Inputs & outputs
Inputs
Incidents reported by users or identified by the
Outputs
service provider
Incident records
Service requests raised by users
Service request records
Configuration information (CMDB)
Major incident review reports
Requests for changes raised to trigger the
change management process, in order to
commence the fulfilment of service requests
Up-to-date descriptions of step-by-step
workflows for standard incidents and service
requests
Regular incident reports
69
ISRM: Ongoing process activities
Incident Register
Classify
Escalate
Prioritize Yes
Functional escalation
Analyze required?
No
Resolve / Restore service
Close
71
ISRM: Roles
72
ISRM: Roles
73
ISRM: Critical success factors & KPIs
74
ISRM: Critical success factors & KPIs
75
A simplified example
– Is this an incident?
– If it is an incident: What should be the pre-defined steps in
a standardized procedure for handling this kind of
incident?
76
Overview
77
Problem Management (PM)
Objective
To investigate the root causes of (recurring) incidents in order to
avoid future recurrence of incidents by resolving the underlying
problem, or to ensure workarounds / temporary fixes are
available
78
PM: Important terms & concepts
80
PM: Initial process setup
81
PM: Inputs & outputs
Inputs
Outputs
Statistics on incidents and service
requests (for trend analysis)
Up-to-date KEDB with information
Incident and service request records (records) on problems, known errors
Other relevant sources of and related workarounds
information to identify (new) Requests for changes raised to
problems, including change and trigger the change management
release records process, in order to resolve the
Configuration information (CMDB) underlying root cause(s) of identified
problems / known errors
82
PM: Ongoing process activities
83
PM: Roles
84
PM: Roles
85
PM: Critical success factors & KPIs
86
A simplified example
87
Overview
88
Configuration Management (CONFM)
Objective
To provide and maintain a logical model of all configuration items
and their relationships and dependencies
89
CONFM: Important terms & concepts
Note: CIs vary widely and can be anything from technical components (computer
hardware, network components, cables, software) to documents (SLAs, manuals,
contracts, license documentation).
90
CONFM: Important terms & concepts
91
CONFM: Requirements according to FitSM-1
92
CONFM: Initial process setup
93
CONFM: Inputs & outputs
Inputs
Outputs
Relevant information / data on
configuration items (CIs) and their Up-to-date logical model of all
relationships relevant CIs and their attributes
Information on changes to CIs and relationships, reflected by the
information / records stored in the
configuration management
database (CMDB)
Configuration baselines
Configuration verification reports
94
CONFM: Ongoing process activities
95
CONFM: Roles
97
A simplified example
98
Overview
99
Change Management (CHM)
Objective
To ensure changes to CIs are planned, approved, implemented
and reviewed in a controlled manner to avoid adverse impact of
changes to services or the customers receiving services
100
CHM: Important terms & concepts
101
CHM: Requirements according to FitSM-1
102
CHM: Initial process setup
103
CHM: Initial process setup
104
CHM: Inputs & outputs
Inputs
Outputs
Requests for changes (RFCs)
Information on planned releases Change records
and deployments Up-to-date schedule of changes
Post implementation review
reports
Up-to-date list of (pre-defined)
standard changes and step-by-
step-workflows for handling them
105
CHM: Ongoing process activities
106
CHM: Workflow
RFC Filter
Register
Classify
No Change
Approved?
refused
Assess & Approve
Yes
Review (PIR)
107
CHM: Roles
108
CHM: Roles
109
CHM: Roles
Important notes:
• The CAB should be composed of (all) relevant
stakeholders of the changes that are currently
subject to evaluation and approval.
• CAB meetings should take place in regular
intervals, although the specific composition of the
CAB may / will vary.
110
CHM: Critical success factors & KPIs
111
A simplified example
– Standard changes?
– Non-standard (“normal”) changes?
– Emergency changes?
112
Overview
113
Release & Deployment Management (RDM)
Objective
To bundle changes of one or more configuration items to releases,
so that these changes can be tested and deployed to the live
environment together
114
RDM: Important terms & concepts
115
RDM: Requirements according to FitSM-1
116
RDM: Initial process setup
117
RDM: Inputs & outputs
Inputs
Outputs
Information on approved
changes Defined and successfully
Release and deployment deployed releases
planning constraints Information / reports on the
success and failure of releases
118
RDM: Ongoing process activities
• Manage releases
– Plan a release
– Build a release
– Test a release
– Inform, educate and train users on deployment
– Inform, educate and train support staff on deployment
– Prepare the live environment for deployment
– Deploy a release
– Review a release for success
119
RDM: Workflow
Deployment planning
Deployment preparations
122
Overview
123
Continual Service Improvement
Management (CSI)
Objective
To identify, prioritize, plan, implement and review improvements
to services and service management
124
CSI: Important terms & concepts
125
CSI: Requirements according to FitSM-1
126
CSI: Initial process setup
127
CSI: Inputs & outputs
Inputs
Outputs
Identified nonconformities as well as
deficiencies in effectiveness and
efficiency of ITSM processes, and Requests for changes raised to trigger
resulting opportunities for the change management process, in
improvement order to implement improvements
Identified deficiencies in the Reports on the status and progress of
performance of services or supporting improvements
service components, and resulting
opportunities for improvement
128
CSI: Ongoing process activities
• Manage improvements
– Identify and record an opportunity / suggestion for
improvement
– Prioritize an opportunity / suggestion for improvement
– Evaluate and approve an opportunity / suggestion for
improvement
• Review the status and progress of improvements
129
CSI: Roles
130
CSI: Critical success factors & KPIs
131
Agenda of this training
132
ITSM Process Interfaces & Dependencies
133
Service Operation & Control: Overview of
key process interfaces
Configuration
ISRM information
Service
Incident Requests for Change Change
request
records records changes CHM records schedule
Problem
PM records RDM
Release Release
Known error
database
records plans
134
Explanations
XXX ITSM process, i.e. one of the service planning & delivery processes introduced earlier
[artefact] is a basis for / used for / aligned with / referenced from [artefact]
[output] is at the same time input to [ITSM process] (relevant for “closed-loop”
processes) – i.e. the output is maintained by its “producing” ITSM process and
requires regular reviews / updates
135
Info
136