Professional Documents
Culture Documents
ITIL No 1
ITIL No 1
ITIL No 1
So our customers are actually consuming these services that the IT organization actually
produces. So when you take a look at this widely recognized framework, you have to remember
that ITIL's not a standard, there are other things we'll talk about called standards later. ITIL
basically is a framework that allows you, from a suggestive standpoint, to take the pieces that
are applicable and the most beneficial to you in order to deploy and support your service
management activities. Now how do we come up with this ITIL stuff? Well there's some
sources, things around standards out there.
We'll talk about things like ISO 20,000, those types of standards. Industry practices that exist.
Good practices that are used in organizations today to help you deliver good services. Academic
research, of course, and then, of course, there's training, education, and internal experience. So
these are all things from a sources that generate these good practices for service management.
Enablers, of course, enablers are those ingredients that we have to have in order to provide
good services. We have to have employees. Customers clearly have a major, major stake in the
delivery of the services.
Good practices that are used in organizations today to help you deliver good services. Academic
research, of course, and then, of course, there's training, education, and internal experience. So
these are all things from a sources that generate these good practices for service management.
Enablers, of course, enablers are those ingredients that we have to have in order to provide
good services. We have to have employees. Customers clearly have a major, major stake in the
delivery of the services.
The suppliers, because in many cases the services that we are supporting and we're delivering
require suppliers, in some cases folks call those vendors too. Advisers, and of course,
technologies. So a lot of things come in place, a lot of ingredients here, that really looks at how
we filter out in the drivers for these things around the ITIL side. Substitutes, we have regulators,
and we have customers that are involved here. So basically what we're looking at is coming up
with knowledge fit for business objectives, contexts, and purposes.
1
So those are some basic background items around what this ITIL is and how we created, or how
the framework itself was created. So let's talk about the framework, and kind of the history of
how we came up with this ITIL stuff. So now when we look at this, the ITIL framework is this set
of books. And it really kind of started out back in the late 80s, early 90s with what was called
ITIL version one. Now version one literally was a set of 50 books.
This was in response to try to at least come out with some practices on how we manage the
infrastructure. So these 50 books was the IT Infrastructure Library. So they were really helping
us operate, manage IT effectively and efficiently. So there were some, of course, with any good
practice, we need to do updates. So what we started looking at 2000, 2002 time frame, we
started to see what was called ITIL version two.
ITIL version two, again, very process focused. It was condensed down from the previous 50
books that we had in version one. You've probably heard of what was called ITIL version three,
well, ITIL 2007 is the official term for this, and this was a major departure from the version two.
And I like this because it took the life cycle phase approach, again, very process focused, but it
started to really take a look at the service and the phases of a life cycle that a service goes
through.
Those phases like service strategy, all the way through service operation, of course, we have
continual service improvement. But that was really, really a powerful update to the ITIL model.
Of course, the most recent is what we call the ITIL 2011, which is what we're talking about here
in this course. A process based framework is the foundation for what's called ISO 20,000. Now
ISO 20,000 is a standard. ITIL's not a standard, ISO 20,000 is a standard. Organizations become
certified on ISO 20,000, it's the standard.
]]]]]]]]]]]]]]]
2
We have Service Operation or SO. We have CSI, Continual Service Improvement. It's important
to note here. Even though I drew them in a linear fashion, it's very important for you to know
that each one of these phases does have an interaction with each other. For example, CSI
doesn't just fall at the end of the spectrum. It is a parent through all phases of the life cycle. I'm
going to tell you a little bit about what each one of these phases. We'll cover more in depth
throughout this course. The Service Strategy. Its focus is on developing the capacity to achieve
and maintain a strategic advantage to refine and create policies, guidelines, and processes that
cross all of the ITIL service life cycle.
You see on the schematic here. Service Strategy across the entire life cycle. Service Design,
which is the second one, takes the Service Strategy, and creates the design that will eventually
operationalize those business objectives. The focus is on the design for new changed and
updated services. We're putting in a new service in. We're retiring a service. We're changing
something about it. Service Transition provides the guidelines for development and
improvement of capabilities for transitioning new and changed services into the life service
operation.
Those activities do actually put that in or retire that or make those changes. Service Operation
manages the day-to-day operation of a service and provides guidelines on the effective and
efficient delivery and support. Then finally, CSI provides critical guidelines in creating and
maintaining value for customers through better design transition and operation of services. As a
former CIO for a large data center operation, we always, we're looking at our list of services
with our portfolio.
Services went through this life cycle process or life cycle phases. For example, we're launching
in a new service. Let's call it Voice in Data Service. We have to go through Service Strategy.
What is it that this thing really is going to accomplish for us from a value perspective that we go
into Service Design through this new service? What is this going to look like? What's the
solution? The tools, the architectures, the processes required. The metrics and measurements
we'll use to manage this and to keep track with its health.
Then we go into Service Transition. We're approving these changes, deploying those, and
releases, capturing the knowledge. Those types of things for transitioning that new service into
the life environment or life operation. Then Service Operation. We actually run and we support
the service at that point. CSI again. We use that from a Continual Service Improvement
perspective throughout this entire set of life cycle phases to help us continually improve,
monitor our metrics, measurements, KPIs.
Those things do actually help us understand where are these things set. We have mile markers
so we could know from improvement perspective. Of course, the ITIL official site, ITIL dash
official site, dot, com, is where you go for the most recent and up to date information on a
components of the service life cycle. Now, we've talked about what these phases are. A lot of
times folks really get the misconception that this is a waterfall approach. Just like the SDLC or
something like that. Now, you notice here that each one of these phases has outputs and has
feedback that comes from other phases.
Service Strategy for example. You notice Service Strategy has output in the Service Design. We'll
talk about what those pieces are in a little bit. But notice that every phase of the life cycle from
3
that point forward all provides feedback back in to the Service Strategy phase. Service Design
has outputs and has feedback that comes in to that, as well as Service Transition, Service
Operation. Notice CSI or Continual Service Improvement. From a life cycle standpoint touches
every one of those phases, as well as the service, in the services, including the processes we use
to support the life cycle of that.
4
and Deployment Management, some key concepts we'll talk about in the Change Management,
or -- excuse me, in the Service Transition portion of the course.
Then we have Service Operation. The change is handed off over to the Service Operation side,
and in Service Operation, again, we're running and supporting that service. Some processes we
have there are Event Management, Incident Management, Problem Management, Request
Fulfillment, Access Management, those are the key processes. We also see the introduction of
something called Functions, these units of organization, as a part of the Service Operation,
which we're supporting that live service as it is today.
That's the Service Operation that we saw right here. Then we see the Continual Service
Improvement, or CSI, this purple box here. There's one process in here we call the Seven Step
Improvement Process, a lot of very neat, very powerful models from an improvement
perspective. You might have heard of PBCA, or the Deming Model, some other things around
here around CSI that we'll talk through in other modules we have. I want you to notice
something, though. Every one of these phases that we have, which includes those processes
and the key concepts, they have this central nucleus, this central theme, or this area, the
Service Knowledge Management System.
No service, no process, IT organizations cannot perform our duties without a means of
collecting, storing, having knowledge and information available for recall, so that we don't have
to learn the same things over and over again. We call that the Service Knowledge Management
System. There's a lot of details in here. We haven't covered these yet, these are part of the
course, but it's interesting, and I want you to make sure you remember that the SKMS, or
Service Knowledge Management System, really is that central glue that holds all these phases
and these processes together so we have consistent information, consistent data, consistent
knowledge and wisdom.
We'll talk about what those components are in a later video. Those are the main concepts of
the Service Lifecycle, so you can see this is a very big model, very big framework, and we're
going to take this piece by piece, coming up.
5
the business case, the significant item of expenditure, right, we have to have some type of
business case to help us out with that.
We go into service design, if we have the strategy, we know what we want to do and who we
want to do it here for and design how we want to do it. Service design, a lot of processes,
design coordination the service catalogs, service level management, capacity management,
availability, continuity, security and supplier. We had the five aspects of service design, you may
recall me using STAMP, Service solutions, Tools, Architectures, Processes, Metrics and
Measurements. We had the RACI chart.
Responsible, Accountable, Consulted, and Informed. SDP, the Service Design Package that puts
a nice package together from what we've accomplished in service design so that we can hand
that to service transition. The four P's, People, Process, Products and Partners. Service
transition, this is now where we take those new or changed services and we're transitioning
them from design phase into what's called service operation we had some processes, very key
here. Transition planning and support, change management SACM which is what I call Service
Asset and Configuration Management.
Release and Deployment Management. Service Validation and Testing. Change Evaluation,
Knowledge Management. What else we had here, we had SKMS. So the Service Knowledge
Management System we're talking about transition. We need to have a Service Knowledge
Management System, it's the go-to place. It's a collection of tools and databases where we
store our knowledge so we don't have to relearn things over and over. And part of that is KMS,
we have something called a CMS, or a Configuration Management System which includes one
or more CMDBs Managing risk and complexity, this is key in service transition because now
we're taking the design, we're putting in operations.
So we want to minimize the risk, I want to minimize the complexity because these are a lot of
moving processes that we have here. Service operation, this is were the rubber meets the road
remember it becomes visible to the customer at this point. The processes we have in service
operation. Event management, Incident management, Request fulfillment, Access
management, Problem management. We also had some functions, remember a function is not
a process, it's a unit of organisation that's designed to do a certain type of work. We had four of
those, the Service Desk, Technical Management, IT Operation Management, and Applications
Management.
Remember in the communication, very key, particularly in service operation, things like shift
change, projects, those things. Next we had the last phase we talked about, not because it's last
in the lifecycle, but it's the last one we talked about, Continual Service Improvement or CSI. One
process in there we call it, "The Seven Step Improvement Process." We have what's called a CSI
Register, I like to call that the backlog of our improvement initiatives, whether they're in
process or whether they're planned.
We have the PDCA model, that's the Deming Plan Do Check Act. Remember we also can align
that well with what we call the "CSI model" and we could also align that with the Seven Step
Improvement Process We have baselines and we start to look at metrics and measurement and
monitoring. We take baselines to give us a mile marker to know how far we've come in process
6
improvements and other improvements in general. Types of metrics, remember we have
technology metrics we have process metrics and we have service metrics.
The measurements system, if you think about the flow we talked about, we have a critical
success factor supported by one or more KPIs. They can be qualitative or quantitative then we
have the metrics to help us look at those things. A lot of stuff we just talked about on the phase
so stay tuned, we'll start breaking down the processe one by one.
IT today, IT opportunity
- So as we kick off and start to look at module three, Service Management as a Practice, I think
it's important for us over the next couple slides really to look at what we're dealing with IT
today. Some of the current challenges that we're up against and expectations the business
might have from us, as well as look at the opportunity we have within IT. Because there's a lot
of stuff within the service management world that we can do to improve our services and really
get more aligned with our customers. So today, IT, right? One of the things that will not go
away within our IT organizations, within the infrastructure in general, is change.
We will always have change and that's not going away. So we have to make sure that we are
using some advanced methods to help us really meet the business needs. Because that's why
we exist, we're supporting the business. And to take you to this first sub-bullet here, there's a
growing reliance of business on IT. We are woven into the fabric. IT services are in the fabric of
the business. And so, without IT the business cannot succeed in creating those vital business
functions that the business needs to be able to survive.
So therefore, IT exists because the business is there. So we're part of that. So because we are
so... Because the business is dependent on us for delivery of services, there is a high demand
for real business value. If we didn't provide value, there's no need to have an IT organization. So
we need to make sure we're providing, that the cost benefit that what we're supposed to
deliver, delivers, and it exceeds expectations on the customer's side. Greater business in IT
integration.
We're not talking about integration meaning we have a meeting per week with our business
units. What we're talking about is really understanding the vision, mission goals, objectives, of
the business, where the organization's going, and the IT organization is in line with that. And
that we're constantly integrated, providing the services that the business expects at the levels
of service they expect. Availability, capacity, all those pieces that are required there in order to
do that. So we have to provide high quality.
Of course, cost effective services. We provide or we are really investing high sums of money in
IT systems. So therefore we need to make sure that we're good stewards of the technology
that's being invested in, in order to provide these services. So, greater flexibility, faster
response to customer needs. We know this is a challenge that a lot of folks talk about IT. "It
takes too long to get this change in." "I need it yesterday!" There's some processes in part of
this whole Life Cycle phase that helps us plan these in a phased approach so that we're not so
7
reactive and we're not finding ourselves under capacity because we didn't expect certain
demands that are being put on the IT organization.
Diverse range of technologies. I would say this in every organization that I walked in. You will
not find a data center or an IT technology organization that's getting easier to manage. The
technology's complex, the technology's very powerful, so that we've got that challenge that we
have to make sure that we're managing that piece. And that's what we're supposed to be doing
to support the business value. Are we too reactive? When I'm talking about reactive, if I'm an
organization and I'm really good at managing incidents, handling incidents.
I had this happen to me in an organization. We were great. When an incident call came in
(snaps fingers) we could handle that thing and we were really good at it. But when you really
think about it, being good at managing the operational stuff like incidents, management,
problems, is that good enough? Or should we actually look ahead a little bit in the Life Cycle
and try to understand why those incidents are even coming in to the organization? So that's
why we wanna make sure we focus. So that we're not planning, we're not training, in many
cases we're not reviewing, investigating, and working with customers.
So there's... I shouldn't say we're not. I say there's too little time putting into that. Because we
keep putting our fingers in the hole of the pipe, and sooner or later, we run out of fingers, but
when we should've looked at why those holes are even there in the first place. Those are some
challenges we're running into. So why is it important to really understand those challenges? We
have the opportunity with an IT service management. And that IT opportunity we have is
basically adjust our working practices and embrace a service-oriented approach.
Right, what are the services we provide? What value do they provide for the customers? And
therefore have that approach so we can have some prioritization around understanding how
we're going to integrate with the business. Increase that service quality. Be more efficient so we
can control those costs and risks. Adopting that service-oriented approach for the efficient and
effective delivery of IT services to meet the business needs. That's what we need to do, the
opportunity we have in IT today.
What is a service?
- If we want to take a service oriented approach we have to really understand what a service is.
And so, a service is a means of delivering value to customers by facilitating outcomes the
customers want to achieve without the ownership of specific costs and risks. They're asking us
in IT to deliver this for them because the business isn't prepared or it does not want to actually
do it themselves, so that's we want to look at the service oriented approach. And so, as we're
taking a look at this, let's talk about what a service facilitates.
A service facilitates outcomes. These are, I'm going to read a little bit to you here you might
want to listen through this, so outcomes is the result of carrying out an activity, following a
process or delivering an IT service intended as well as actual results. So, by providing required
performance while reducing the influence of constraints, constraints could be resources,
regulations, contracts etc. So, moving towards an outcome based service delivery, moves the IT
8
beyond the business IT alignment and into integration which is really what we're talking about
of that outcome.
We want to be out of the integration and be truly aligned, grow in to that next piece of that. So
the key to this definition, the key to understanding this is understanding what value really
means. So value, we'll talk more about value and some other stuff too, but really value has two
key components to that, two pieces. One is what we call utility, utility fit for purpose, and fit for
purpose basically means the service meets a particular need, which is what the customer gets,
that's fit for purpose and that's utility.
Let's look at warranty next, warranty says fit for use. Well if fit for purpose meets a particular
need, what the customer gets, warranty is going to be basically do we have enough capacity, do
we have enough continuity, security, how it's actually delivered. What they get versus how it's
delivered that's utility and warranty. So, services facilitate these outcomes by enhancing the
performance of tasks, reducing the effect of those constraints that we talked about just a few
minutes ago. Now, we have kind of an understanding what a service is, what is an IT service?
So, when IT delivers functionality to the business, that functionality it the IT service.
So we are talking specifically about the IT service side. So, we've got an internal service and an
external service. The difference here we are talking about, internal services generally are
delivered to departments and business units that support the internal activities. Internal
activities those businesses use to support those. An external service would therefore be that
service that achieves business outcomes. So those are the differences, kind of, between the
internal and external side of this. We'll talk about some different types of services here in the
next slide, and I keep on messing that one up, so stay with me a second and I will just come up
here and go to the different types of service classifications.
So essentially three types we have, remember we have internal and external and the way we
might classify those is in what we call a core, enabling or an enhancing service. So the core
service delivers something the customer wants, what the customer is willing to buy, willing to
pay for. I like to use email for example, it's pretty, not always a simple service, but it seems
pretty well understood what email is, so we're not actually providing Microsoft Exchange or
Lotus, we're actually providing email, that's the actual service we are providing.
We might have an enabling service. Allows the customer to receive the core service, so to go
back to the email, a core, excuse me, an enabling service, when I think about it what service
might be required might be required in order to provide that core service? Might be something
like active directory, a service that we actually manage within IT. The customer is not
necessarily buying active directory from us, they're buying the core service, email, but we have
to have the enabling service, i.e. active directory in order for that to be successful.
And then we might have an enhancing service. That enhancing service is added to that core
service and they excitement factor, now this is something that may or may not be paid for but
think about like email, we have email service as our core service, an enabling part of that might
be active directory, now we might have OWA, online access, or might be additional security for
that email, those type of things are the, I hate to use bells and whistles, but it adds that extra
flavor, that extra piece to that service that the customers really, really get into that piece, so it's
more of the attractive side of each one of those things.
9
So those are the three classification types of the services that we have.
10
are focusing in on the IT side that meets the needs of the business by IT service providers
through a mix of people, process and technology.
11
confidentiality, integrity, availability of the services and of the information and the data that are
part of that.
So, both of those combined we have now looked at creating value and that's how we comprise
value. Utility, warranty, utility is fit for purpose, warranty is fit for use.
12
Internal, you could have more than one of these in an organization, basically, same organization
Internal Provider, we provide all your services to you internally, OK. The next one we might
have is called a Type II, which is Shared Servics, which is becoming pretty popular. So, in a
Shared Service type of situation, you have an Internal Service Provider that provides Shared
Services across multiple business units. So, for example, I have a Single Share Service Provider,
and we have multiple business units, and they could have their own Internal Service Providers,
but we're providing a Shared Service across that entire spectrum for all them and that is what
we call a Shared Service.
Then the third type is what we call an External Service Provider. So, on a External Service
Provider, a external customers. This could be like an outsource type of situation, outside of the
business that we're in. So, those are the three types, I, II, III, Internal, Shared, and External
Service Provider. Two general types of customers, Internal and an External Customer. So, in a
situation that I was in as a CIO of a Managed Service Provider, we were a Shared Services Unit,
we also were an Internal Service Provider, we also used External Service Providers for certain
portions of our infrastructure.
Now, I had Internal Customers, these Internal Customers that I had, worked for the same
organization. These were the people that sat on the same floor, the same building, part of the
same organzation we had, those were my Internal Customers. I also had External Customers,
these were the paying customers that were outside of the organization. Generally if you look at
it from an external perspective, this is where you have contracts and legal obligations around
supporting those services for the customers. So, those are the two types, or the two roles that
we have here.
A couple of other roles we have, which shouldn't be too much of surprise here, a User. A User is
that role, that person who is actually on a day to day basis, consuming or using those services. I
think of it, as they are hitting the keyboard, right? They're using those services. And we have
Suppliers, remember we talked about Suppliers a little bit earlier. We have a lot more where we
talk Suppliers later on, but a Supplier, I need that Supplier in order for me to provide services to
my customer. So, that Supplier, I will have a contract with them and that might be under
pinning some of the service requirements or service level agreements that I have with my
customers, OK.
We also have multiple Stakeholders as part of the general ITSM Roles. Basically a Stakeholder
has an interest in the outcome, the resources, targets or activities of a business service or
activity that we have. Some Stakeholders we might have, Suppliers could be Stakeholders,
Owners, Shareholders, Employees, Managers, Partners, are own functions, the service desk for
example, could also be a Stakeholder within the model. So, those are some key roles at a very
high level.
We'll talk more specific roles and each one of the processes that we have, specifically around
Process Owner, Process Manager and so on, these are generally applied across the board. Key
roles Service Provider I, II, and III. Then we have Internal and External Customers, Users and we
have Suppliers and multiple Stakeholders.
13
Governance
-Okay governance. Governance can is served primarily with ensuring that there's an
appropriate management framework for making sound decisions in an organization. So if you
think about the ITIL framework with the many checks and balances that we have, it seems
appropriate that we're following very good practices from a governance perspective. However
there's some things that we wanna make sure that the governance program actually does for
us. And that is in the yellow box right there at the top of that slide that we are ensuring that
policies and strategies are actually implemented and their required processes are correctly
followed.
So having decision criteria, having levels of decisions. Making sure that we understand
organizational decision rights and thresholds and accountability of those decisions. And
understanding who can make decisions under what circumstances and so on as part of an
overall governance, enterprise governance model. So there's three types that we have. We
have what's called enterprise governance, we have corporate governance, and we have IT
governance. So if you take a look at each one of those, each one, we're not gonna go into each
detail between those.
But each one of those levels: corporate,enterprise and IT, they must be able to do three things
and they must be able to do evaluate, direct and monitor. Evaluate that the plan's programs
policies in place are effective. Direct, provide direction on the overall policies and plans of the
organization. And monitor, ensure that we have adequate reporting and feedback mechanisms
involved in order to do that. What's interesting here is that EDM or evaluate, direct and
monitor is really all part of an overall core concept of what's called ISO 38,500.
Now ISO 38,500 is the international standard for IT governance and it really talks a lot about
EDM evaluate, direct and monitor across the three types: enterprise, corporate, and IT
governance. If I can leave you with one key word that I always like to remember about
governance, it's transparency. In the midst of corporate scandals and all of the regulatory and
compliance concerns we have in an organization, the one thing that helps us the most or that
drives us the most is the transparency within the organization.
And that falls back to evaluate, direct, and monitor. Governance, transparency, ISO 38,500.
14
international standard which was called ISO 20000 in late 2005. This is extremely and is wholly
complimentary to ITIL was written to follow basically along what's called the Plan-Do-Check-Act
or the Deming model. We'll talk a little bit more about ISO 20000 here in just a few minutes.
Keep that in the back of your memory very quickly. The next framework that you have you
might have heard of this, it's called the Balance Scorecard. The Balanced Scorecard... What
really was taking place for a long time in businesses and organizations is we really focused on a
couple of key things that were important to us. We looked at just the financial aspects of
management and of goals and objectives or we looked at just the customer perspective. The
Balanced Scorecard was designed to give us four quadrants and four areas to have a balanced
approach to understanding, developing, and managing a business value from these four
different quadrants.
They were the financial quadrant, the customer quadrant. We had the internal quadrant and
the learning and growth quadrant. Why that's important is because that gives you a balanced
approach to understanding key performance indicators, goals and objectives and the cascading
of those from at the highest level in the organization all the way down to the process level so
that we can focus on the right key aspects of delivering services. The next thing we have is
called COBIT. COBIT actually is pretty cool. It stands for Control Objectives for Informational
related Technologies.
It was created by IT Governance Institute and ISACA. It has it's roots in IT control security and a
lot around IT governance, enterprise governance as well. This was really built around creating
controls for processes so that we can provide assurance activities to make sure that we are
meeting our quality, fiduciary, security responsibilities for information.
COBIT right now is on COBIT version five. It's broken down into domains. Domains around
what's called EDM or Evaluate, Direct and Monitor. We talked about that on the governance
side. There are processes within that domain. We have what's called APO, Align, Plan and
Organize. We have BAI, which is Build, Acquire and Implement. Then we have DSS, Deliver,
Service and Support. And finally MEA, Monitor, Evaluate and Access. That's important but what
I really want you to know is within those domains, there are 37 processes and those can be met
directly back to our ITIL processes.
When we're looking at ITIL on the process design on how we're supporting services, what the
COBIT side of the house will help you do is establish those controls for good IT governance for
those processes. So that's COBIT. On the Six Sigma side. Six Sigma has it's literally in looking at
defects and removing waste. If you remember your statistics class which I try to forget, it's
based on these things called standard deviations and if I'm, I don't know the math precisely but
if I'm six standard deviations away from the average that comes out from a calculations
standpoint at 3.4 errors for every million opportunities we have to fail.
Which is pretty good right? Six Sigma sometimes isn't good enough but that's kind of the goal
that the Six Sigma methodology helps us with. There is a methodology part of this to get us
towards that goal and they call it DMAC, that stands for Define, Measure, Define, Measure,
Analyze, Improve and Control. That's the basic concepts around Six Sigma. Why is it important,
how does it work with us on the ITIL side? Well we can look at errors.
15
Statistically manage the quality and reduce the variance of processes within the framework.
CMM, basically what we're looking at in CMM Capability Maturity Model. It's a process
improvement approach. It's really CMM which stands for Capability Maturity Model integration.
You might have seen CMM evaluations before where you see the zero, one, two, three, four
and five. Where they're ranked from a maturity ranking where if your a maturity ranking of zero
the process that we're investigating doesn't exist.
All the way up to five which means this process is actually performing well beyond what our
expectations or what the needs would be. What typically happens in a CMM type of audit or
type of evaluation. It's processes are looked at, they're evaluated, and given a maturity of zero
through five and then that number is aggregated from an organizational standpoint. You might
have somebody say, well we're an organization and we're CMMI level three. They've gone
through that. It's an official recognition of maturity for processes in an organization.
Next we have risk management. So on the risk management. There's something called MOR,
Management of Risk. Pretty interesting model. It's the overall process to help us control those
risks. We have positive, we have negative risks. And help us make better decisions. Risk based
decision making. Things like understanding the assets, what could possibly happen, what the
threats are, what our vulnerabilities are and having risk registers and also looking at what we're
going to do.
Are we going to except it? Are we going to avoid it? Are we going to mitigate? So it's a really
handy model for us when we're planning processes, planning services across the service
spectrum. We have ISO 27001. ISO 27000 as a family, those are standards that are generally
accepted. Best practice guidance on protecting three big things and we call them
confidentiality, integrity and availability. It's around the security around those three things I like
to call that CIA.
It's easy to remember CIA for something around the security world right? Confidentiality,
Integrity, Availability, CIA. That's what the 27000 family of standards are We also have this thing
around these bottom two here. Around the project management world there's two dominant
project management methodologies PRINCE2 and PIMBOK. PRINCE2 has it's roots in the UK.
Very, very powerful in the UK right now. It stands for Projects in Controlled Environments.
On the PRINCE2 basically this method which covers the organization management and control
of projects. You also may have heard of this thing called the PIMBOK. The PMI, Project
Management Institute. It provides the global leadership in project management methodologies
and the documentation or the guide, it's called the PIMBOK or the Project Management Body of
Knowledge. Those are some basic quality frameworks that you might see.
Every one of these things can work with your service management framework. In this case we
talked about ITIL. You don't just pick one and that's it. You can see where it's very powerful to
have multiple methodologies and models to help you to focus on certain aspects of each one of
these things. What I want to talk about on the next slide is after the quality frameworks, there's
something out there that we call the ISO 20000. We talked about this a little bit ago. I want to
share with you a few more comments on ISO 20000 because I think that it's really important to
understand the distinction between ITIL as a framework and ISO 20000 as a standard.
16
So ISO 20000 first international standard specifically aimed at IT service management formally
accepted in 2005. There's an update in the 2011 version so it's originated from what's called BS
15000 or British Standard 15000. To which ITIL V2 was the original reference of that. Of course,
20000 has been updated with the latest ITIL releases. When you look into ISO 20000 a couple of
things to remember.
is remember ITIL, the Information Technology Infrastructure Library is a best practice
framework. Individuals get certified in that. Organizations don't get certified in ITIL. Now ISO
20000 as a standard, it's an organizational certification okay, so that's kind of a difference to
show there. This shows some of the processes that we have as a part of ISO 20000. They should
look somewhat familiar. We have service delivery processes. Things like capacity management.
We've seen that in the ITIL framework. Service level, service reporting, information security,
control processes, configuration change, release and deployment.
We've got incident management. We've got problem management. You see, there's a lot of
relationship obviously between the processes that we have in ITIL and the processes that are
the standard within the ISO 20000. Just to tell you that at a high level there's a couple of parts
to the ISO 20000. As a matter of fact there are a total of eight parts. Part one is what they call
the specification. In the specification, these are the shells, these are the things or the
requirements that must be met for certification.
Part two, is what's called the code of practice. These are what they call the should's. They're
further best practice elements. If you're going for certification as an organization you definitely
use part two for information and supporting details to get to the requirements or the
specifications. Part three, guidance on scope definition and applicability of ISO 20000. So it's the
guidance on how to scope definition and those types of things. Part four, is the process
reference model.
Basically describes at a high level the processes including general service management
processes. Part five, is the implementation plan and then finally what we call part eight is the
process assessment model. That is also available, the process assessment model is available as
part of what's called ISO 15-504 is the process capability of the process assessment standard.
So a lot of stuff I just talked through on that. It's key for you to note, ISO 20000 is the standard,
ITIL is the framework.
As we take a look, let's see, we can back out of here. We have this next thing called PDCA. You
may have heard of the Deming model before. What's interesting here is ISO 20000 as a
management framework. As a management system rather. Really has it's roots in continuous
improvement. The Deming model is what we call Plan-Do-Check-Act and so Deming came out
with this years back and basically it's a repeatable simple model of continuous improvement
efforts.
You plan your efforts. What is it that we want to accomplish. You do those, you execute those.
You check those which means you collect metric measurements on how well your doing against
those. Then you act, so the whole idea is as we revolve in Plan-Do-Check-Act, the more
revolutions we go through. The general maturity of the process of the service that we're looking
at. They also go up as well. So that's what we call the Deming model or Plan-Do-check-Act.
17
I want to kind of tie some things together for you here. We talked about a lot of different
models and frameworks. We hit ISO 20000. We talked PDCA as the foundation for management
systems. Now ITIL and ISO 20000 just as kind of a follow up on these. ITIL guidance is used by
organizations worldwide to establish and improve capabilities in service management so that's
the ITIL side ISO 20000, the international standard where organizations can audit and certify
their capabilities. It's a very, very robust.
Very detailed audit that you have to go through in order to be certified in ISO 20000. Individuals
cannot get this certificate. It's an organizational based evaluation. ISO 20000 standard will be
achieved and maintained. So you don't just get the ISO 20000 achievement certification, you
have to maintain that throughout the life of your certification. ITIL offers the body of knowledge
useful for achieving the standard. There's a lot of congruence between the two.
One's a standard, one's a good practice framework. In closing on this piece, I want you to really,
really understand you have to look at multiple models for multiple pieces of your governess
program or of your service management program. ITIL is obviously what were talking about
here but we saw a few other models that work very well with these things.
18
And those capabilities are the organizational umph that processes the organization, those types
of pieces that we have there. We talked some other key terms. Different, three types of service
providers. Type one, internal. Type two, shared service. Type three, external. We talked about
stakeholders. They have an interest in the success of the service and the success of the process.
We have customers. Internal customers, external customers. That might go along with our
internal external services, too. We also had users, who are actually using the system or the
services.
And suppliers. Generally the suppliers are those vendors, I guess you could call them, that we
need in order to support those services and deliver those things. Key concepts. 4Ps of Service
Design. People, process, products, and partners. Governance, about transparency. We had
three basic types. We had enterprise. We have corporate. We have IT governance. You need to
understand those. ISO 20,000. That's the standard, the service management standard that we
talked about in the previous video.
And then we had the Deming Cycle. PDCA, stands for Plan-Do-Check-Act. It's important to also
remember that PDCA is really one of the basic elements of the management systems that we
have as a part of ISO 20,000. And that's the Deming log.
19