ITIL Key Concepts of the Service Lifecycle Tutorial
1.2 Key Concepts of the Service Lifecycle
Hello and welcome to the learning Unit 1 of ITIL Managing Across the Lifecycle Certification Course offered by Simplilearn. Congratulations to you for successfully completing all your ITIL intermediate certifications and for pursuing this final course on the way to become an ITIL Expert. In this module we would be revisiting some of the basic concepts of ITIL which you have learned during the ITIL foundation and intermediate courses. We shall briefly cover the topics on ITIL library constituents, the service lifecycle, value creation and realisation, risk management and knowledge management. Let us look into the different constituents of ITIL.
1.3 ITIL The Library Constituents
As you are well aware, ITIL stands for information technology infrastructure library and is a globally recognised best practices framework for IT service management. This library consists of core publications, complementary guidance and web support services. We will be discussing all of these in detail. Let’s first begin with core publications. Core publications are a set of best practice guidance applicable to all types of organisations who provide IT services to a business or customer. This set consists of five publications covering: service strategy; service design; service transition; service operation; and continual service improvement. The core is iterative and multidimensional and is structured in the form of a lifecycle. It is expected to provide structure, stability and strength to service management capabilities, with durable principles, methods and tools. This serves to protect investments and provide the necessary basis for measurement, learning and improvement. Complementary guidance provides guidance relevant to industry sectors, environments and organisation types. These include: white papers; pocket books; working templates; case studies; and governance methods. The complementary guidance provides flexibility to implement the core in a diverse range of environments. Practitioners can select complementary guidance as needed to provide traction for the core in a given business context. Web support services provide online and interactive services wherein users can access time with ITSM experts to answer questions; discuss issues or seek advice. These support services include: a glossary of terms and definitions; interactive service management model; online subscriber services; case studies; and templates. In the next slide we will discuss further what the term ‘service’ means in service management.
1.4 Managing Services and Service Management
We know that ITIL is a service oriented, customer focused and process based framework. Adopting ITIL enables IT service providers to deliver quality services focused on meeting current and future requirements of its customers. As we proceed further with our discussion on the various key concepts of IT service management, let us first touch upon the definition of the term ‘service’. A service is a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks. Value is delivered to customers when the required functionality, features and performance levels are provided to enable them to perform the intended transactions, tasks or activities. The service provider owns the costs and risks related to provision of the services and the customer would specialise in the outcomes from the services utilised. Services can be discussed in terms of how they relate to one another and their customers. They can be classified as core services, enabling services and enhancing services. Core services deliver the basic outcomes desired by one or more customers. A core service provides a specific level of utility and warranty. Customers may be offered a choice of utility and warranty through one or more service options. Enabling services are ones that are needed in order to deliver a core service. Enabling services may or may not be visible to the customer, but they are not offered to customers in their own right. Enhancing services are offered additionally with a core service to make it more attractive to the customer. Enhancing services are not essential to the delivery of a core service but are used to encourage customers to use the core services or to differentiate the service provider from its competitors. Now that we have understood about service, let us learn what service management and IT service management is.
1.5 Managing Services and Service Management
Service assets are a combination of capabilities and resources. The ability to transform capabilities and resources into valuable services is the essence of service management. Service management is a set of specialised organisational capabilities utilised for providing value to customers in the form of services. Service management capabilities are a combination of processes and functions. The maturity level of service provider’s capabilities represents their ability to consistently meet customer requirements in a timely and cost-effective manner. There are specific skills required for defining the strategy, developing the designs, building, testing and implementing the solution, delivering and supporting the services and finally ensuring continual improvement during the life of the service – hence these are termed as ‘specialised organisational capabilities’. Service provider organisations should develop and continuously improve their capabilities to ensure alignment to changing business requirements and objectives. We will move on to the concept of IT service management.
1.6 Managing Services and Service Management
IT organisations are basically IT service providers. Hence, these organisations should adopt the principles of service management to ensure that they deliver the outcomes required by their customers. IT service management is concerned with the implementation and management of quality IT services that meet the needs of the business. IT service management is performed by IT service providers through an appropriate mix of people, process and information technology. The diagram in the following slide explains the service lifecycle.
1.7 The Service Lifecycle
The diagram on this slide represents the integration across the service lifecycle. While we shall discuss all the lifecycle stages and processes in the next few slides, let us look at the integration aspect now. The service provider organisation has to ensure seamless integration of the lifecycle stages and processes in order to support and achieve the service management objective for business value realisation. The service knowledge management system is one important tool that enables integration across the service lifecycle stages. This system is the repository of knowledge, information and data required for designing, developing, implementing and managing the services. Another important integration aspect is the continual feedback from one lifecycle stage to the other stages. This feedback ensures that service optimisation is managed from a business perspective and is measured in terms of the value the business derives from services at any point in time during the service lifecycle. In the next slide we will discuss service strategy and its different processes.
1.8 The Service Lifecycle
We shall now take a high level view of the service lifecycle. The service lifecycle consists of five stages namely – service strategy, service design, service transition, service operation and continual service improvement. Service strategy is at the core of the lifecycle. It defines the perspective, position, plans and patterns that a service provider needs to execute to meet an organisation’s business outcomes. This stage establishes policies and principles that provide direction and guidance for the entire service lifecycle. There are five processes discussed within the service strategy guidance. They are: First is the strategy management for IT services process which is responsible for defining and maintaining an organisation’s perspective, position, plans and patterns with regard to its services and the management of those services. It is also responsible for ensuring that it achieves the intended business outcomes. Second is the service portfolio management process which ensures that the service provider has the right mix of services to meet required business outcomes at an appropriate level of investment. Service portfolio management considers services in terms of the business value that they provide. Third is the financial management for IT services process which is responsible for managing an IT service provider’s budgeting, accounting and charging requirements. Financial management for IT services secures an appropriate level of funding to design, develop and deliver services that meet the strategy of the organisation in a cost-effective manner. Fourth is demand management process which is responsible for understanding, anticipating and influencing customer’s demand for services. Demand management works with capacity management to ensure that the service provider has sufficient capacity to meet the required demand. The last one is business relationship management process which is responsible for maintaining a positive relationship with customers. Business relationship management identifies customer’s needs and ensures that the service provider is able to meet these needs with an appropriate catalogue of services. We understood the service strategy and its different processes now we will proceed to service design and its processes.
1.9 The Service Lifecycle
Service design stage takes care of the design of the services, governing practices, processes and policies required to realise the service provider’s strategy and to facilitate the introduction of services into supported environments. All aspects required for transitioning and operating the new or changed services are documented in the service design package. Service design adopts a holistic approach by considering all five aspects, namely; the services, management information systems and tools, technology architectures, processes, and measurement methods and metrics. The service design guidance discusses eight processes. They are: First one is the design coordination process that ensure that the goals and objectives of service design stage are met by providing and maintaining a single point of coordination and control for all activities and processes within the design stage of the service lifecycle. Second is service catalogue management that provides a single source of consistent and accurate information on all operational services and those being prepared to be run operationally and ensures that the service catalogue is widely available to those who are authorised to access it. Third is service level management that is responsible for ensuring that all current and planned IT services are delivered to the agreed achievable targets. This is accomplished through a constant cycle of negotiating, agreeing, monitoring, reporting on and reviewing IT service targets and achievements and through instigation of actions to correct or improve the levels of service delivered. Fourth is availability management process that ensures that the level of availability delivered in all IT services meets the agreed availability needs and service level targets in a cost-effective and timely manner. Availability management focuses on meeting both the current and future availability needs of the business. Fifth is capacity management process that is responsible for ensuring that the capacity of IT services and the IT infrastructure is able to meet the agreed capacity and performance related requirements in a cost-effective and timely manner. Capacity management considers all resources required to deliver an IT service and is concerned with meeting both the current and future capacity and performance needs of the business. Capacity management includes three sub-processes - business capacity management, service capacity management and component capacity management. Sixth is IT service continuity management that supports the overall business continuity management process by managing the risks that could seriously affect IT services and thereby ensuring minimum agreed business continuity-related service levels. Seventh is information security management process that tries to align IT security with business security and ensure that the confidentiality, integrity and availability of the organisation’s assets, information, data and IT services always matches the agreed needs of the business. The last process is supplier management that is concerned with obtaining value for money from suppliers and to provide seamless quality of IT service to the business by ensuring that all contracts and agreements with suppliers support the needs of the business and that all suppliers meet their contractual commitments. Next, let us learn about service transition and its various processes.
1.10 The Service Lifecycle
Service transition ensures that new, modified or retired services meet the expectations of the business as documented in the service strategy and service design stages of the lifecycle. This stage is also responsible for the transition of an organisation from one state to another while controlling risk and supporting organisational knowledge for decision support. There are seven processes covered under the service transition guidance. They are: The first process, transition planning and support, provides overall planning for service transitions and facilitates coordination of the required resources. It is mainly concerned with ensuring that all relevant plans for service transition are in place and the support and coordination activities are taken care of and ensures smooth and successful transitioning of new, changed or retired services. The second process, change management, is responsible for controlling the lifecycle of all changes, enabling beneficial changes to be made with minimum disruption to IT services. It ensures that changes are systematically managed in order to optimise risk exposure, minimise impact, make implementations successful at first attempt and to keep all stakeholders informed in a timely manner. The third process, service asset and configuration management, ensures that the assets required to deliver services are properly controlled, and that accurate and reliable information about those assets is available when and where it is needed. This information includes details of how the assets have been configured and the relationships between them. The fourth process, release and deployment management, is responsible for planning, scheduling and controlling the build, test and deployment of releases and to deliver new functionality required by the business while protecting the integrity of existing services. The fifth process, service validation and testing, ensures that new or changed IT service matches its design specification and will meet the needs of the business. Service validation and testing is the ’quality assurance’ part of the service solution. The utility and warranty of services delivered in live environment reflect the efficiency and effectiveness of this process. While validation ensures meeting business requirements, testing is concerned with meeting specifications. The sixth process, change evaluation, provides a consistent and standardised means of determining the performance of a service change in the context of likely impacts on business outcomes and on existing and proposed services and IT infrastructure. This information enables change management to take appropriate decisions. The last process, knowledge management, ensures systematic gathering, categorising and storing of data, information and knowledge. It enables availability of information and data in the right place at the right time for taking informed decisions and improves efficiency by reducing the need to rediscover knowledge. Now that we have learnt about service transition, the next slide is service operation and its processes.
1.11 The Service Lifecycle
Service operation stage coordinates and carries out the activities and processes required to deliver and manage services at agreed levels to business users and customers. Service operation also manages the technology that is used to deliver and support services. It is in this stage that the actual value of the service is realised by the business, customers and users. Thus, this stage is responsible for sustaining, maintaining and continually improving the committed services – in line with the customer expectations. There are five processes discussed under service operation guidance. They are: First, event management process is concerned with detecting events, making sense of them and determining the appropriate control action. It also forms the basis for operational monitoring and control and can help in automating many routine operations management activities. Second, incident management process is responsible for restoring normal service operation as quickly as possible and minimising the adverse impact on business operations. In doing so, incident management ensures that the agreed levels of service quality are maintained. Third, request fulfilment process provides a channel for users to request and receive standard services for which a predefined authorisation and qualification process exists. It also provides information to users and customers about the availability of services and the procedure for obtaining them. Fourth, problem management process is concerned with managing the lifecycle of all problems from initial identification through further investigation, documentation and eventual removal of these problems. It strives to minimise the adverse impact of incidents and problems on the business that are caused by underlying errors within the IT infrastructure and to proactively prevent recurrence of incidents related to these errors. Fifth, access management process is responsible for allowing users to make use of IT services, data or other assets. Access management helps to protect the confidentiality, integrity and availability of assets by ensuring that only authorised users are able to access or modify them. Access management implements the policies of information security management and is sometimes referred to as rights management or identity management. We will now move on to the concept of continual service improvement in the next slide.
1.12 The Service Lifecycle
Continual service improvement: Continual service improvement ensures that services are aligned with changing business needs by identifying and implementing improvements to IT services that support business processes. The performance of the IT service provider is continually measured and improvements are made to the processes, IT services and IT infrastructure in order to increase efficiency, effectiveness and reduce cost. This stage of the service lifecycle enables creating and maintaining value for customers through better strategy, design, transition and operation of services. It also enables achieving incremental as well as large-scale improvements in service quality, operational efficiency and business continuity. More importantly it takes care so that the service portfolio continues to be aligned to business needs. The seven step improvement process is covered as part of the continual service improvement guidance. The seven-step improvement process is responsible for defining and managing the steps needed to identify, define, gather, process, analyse, present and implement improvements. Opportunities for improvement are recorded and tracked in the CSI register. The concept of service value is represented in a diagram which we will discuss now.
1.13 Concept of Service Value
We have earlier seen that a ’service is a means of delivering value to customers’. Value is a combination of utility and warranty. We shall now do a quick recap of these two terms. Utility of a service represents its functionality and features. It denotes whether the service is able to meet its desired outcomes. In other words is it ‘fit for purpose’? Utility also represents aspects that support the performance of business assets or removal/reduction of constraints faced. Thus, utility has a positive effect on the activities/tasks associated with the desired business outcomes. Warranty, on the other hand, is concerned with the performance efficiency of the service. It represents the level of availability, capacity, continuity and security of the service. In other words is the service ‘fit for use’? It must be noted that warranty is a representation of all the four factors together and not any one of them or a few of them. A customer will be able to effectively achieve the desired outcomes only when all the required features and functionality are available and all aspects of the performance also match the business requirements. In this slide we discussed the concept of service value, now let’s move on to the different characteristics of value.
1.14 Concept of Service Value
Let us now look at the characteristics of value. The key characteristic of ‘value’ is that it is defined by customers. The value of a service is determined by the person who receives or uses the service rather than the provider of the service. In other words, it is the customers who will decide what they will do with the service, what return and objectives they will achieve by utilising the service. Thus the ultimate decision as to whether a service is valuable or not rests with the customers. The second characteristic of ‘value’ is that it is an affordable mix of features. Customers normally select the service that has the best mix of features and functionality, meeting their requirements, at the price they are willing to pay. The third characteristic is that ‘value’ represents achievement of objectives. While some commercial organisations focus on achieving financial objectives, non-commercial or government organisations focus on other objectives. From this perspective, the value of service is determined by measuring how far the service supports the achievement of stated objectives. The fourth characteristic is that ‘value changes over time and circumstances’. With changing business needs, objectives, and environmental factors, a service that is valuable today may not be valuable at a later point in time. We will move on to the concept of service strategy.
1.15 Value to Business Service Strategy
Service strategy stage is concerned with defining a strategy for delivering services to meet the customer’s business outcomes as well as managing those services. In this direction, a number of benefits are derived by business from adopting and following the service strategy guidance and best practices. Let us discuss these benefits now. The first benefit of service strategy is that it supports the ability to link activities performed by the service provider to outcomes that are critical to internal or external customers. The service provider will contribute to the value of the organisation and not just focus on the costs incurred in providing the services. Service strategy also enables the service provider to have a clear understanding of what types and levels of service will make its customers successful and then organise itself optimally to deliver and support those services. Service strategy enables the service provider to respond quickly and effectively to changes in the business environment, ensuring increased competitive advantage over time. Analysis, decision making, approval and charter of new services or changes to existing services become a regular feature when the IT organisation’s perspective, position, plans and patterns are clearly established. Support the creation and maintenance of a portfolio of quantified services that will enable the business to achieve positive return on its investment in services. It represents the service provider’s commitments and investments across all customers and market spaces. Service strategy facilitates functional and transparent communication for a clear understanding between the service provider and the customer. This is mainly achieved through a well-designed and maintained service portfolio. This stage provides the means for implementing and delivering services in an efficient and effective manner. It ensures that all the guidelines, policies and controls are in place for the overall service management. There is a diagrammatic representation in the next slide which will help you to understand service strategy better.
1.16 Value to Business Service Strategy
In general terms, the value of a service is measured by ’how much the customer is willing to pay for the service’. This, in turn, depends on the extent to which the service meets the customer’s expectation. However the value of a service needs to be looked at beyond the financial perspective. As shown in the diagram, value needs to be defined based on three important components. These three components are: the business outcomes achieved; the customer’s preferences and the customer’s perception of what was delivered. Business outcomes may take various forms like profitability, market share, innovation, customer satisfaction, etc. Businesses execute various business processes, activities, plans and projects to achieve these outcomes. And these processes, projects and activities are supported by services. Hence, an important component of value is how far the services enable and support achievement of the business outcomes. The second component is ‘perceptions’. Perceptions about a service are influenced by the attributes of the service. The features, functionality, performance and responsiveness experienced currently, or compared to previous experiences, or those compared to similar services provided by competitors also play an important role in determining the value of a service. The third component is ‘preferences’ which are mostly influenced by perceptions. To what extent a service meets these customers preferences also influences the value of a service. Further these preferences keep changing over time and the service provider should align the services to these changing preferences. In summary, apart from supporting the business outcomes, service providers have to influence the customer’s perceptions about the services provided and also respond to customer’s preferences. The diagram to follow shows the value of service.
1.17 Value to Business Service Strategy
The diagram on this slide depicts how customers perceive the value of a service. The ‘reference value’ represents the initial value as perceived by the customer based on do-it-yourself or existing arrangements analysis. The service provided should obtain this value through market information, discussion with the customer or from other sources. The positive difference represents the additional benefits and gains expected to be delivered by the service provider. These are based on the additional features, functionality and performance – the ‘utility’ and ‘warranty’ of the service, when compared to the reference value service. The negative difference represents the aspects of the service that the customer has to forego or lose by investing in the service. It is essential that the service provider gathers information on customer’s requirements and meets them during service provision. The net difference is the difference between positive and negative values perceived by the customer. It could be better or worse and it is this net difference that drives the customer’s investment decision for the service. The final aspect is the ‘economic value of service’ which represents the total value – that is the net difference plus the reference value, of the service. This is further analysed in relation to the service’s ability to meet desired business outcomes and objectives. The next slide gives a diagrammatic representation to understand the IT value chain better.
1.18 Value to Business Service Strategy
The diagram on this slide represents a simple IT value chain. A value chain is a sequence of processes that creates a product or service that is of value to a customer. In this example, the IT organisation spends money on procuring, developing and maintaining various components required by relevant departments – in this case the database administration department, the application management department and the application hosting department. These departments further incur amounts by way of salaries, office expenses and overheads to manage and deliver the services. The database combined with applications and hosting, deliver more value than that as individual components. It is important to note that when value is added at each step, the value of the service must grow at a higher rate than the amount spent. Now let us look at some important rules on value addition: The first rule is that the amount of value added can only be calculated once value has been realised, that is, only after the service has achieved the desired outcome. The second rule is that the value realised has to be greater than the money spent. And the third rule is that if the value realised is not greater than the money spent, then the service provider has not added any value. Rather they have simply spent money. Hence, if IT organisations have to demonstrate that they have added value, then they must link their activities to services and then link those services to business outcomes. Let us move on to the different responsibilities of service operation stage.
1.19 Realising Business Value in Service Operation
It is through the service operation lifecycle stage that the business directly sees and receives value from its IT investments. Now we shall discuss the responsibilities of service operation stage from various angles. The main responsibility of service operation is to focus on managing day-to-day activities and technology. However, it is important to understand that service operation has got a greater role to play over and above managing the day-to-day activities. As part of the service lifecycle, service operation is responsible for: executing and performing processes that optimise the cost and quality of services and enabling the business to meet its objectives. As part of the world of technology, the responsibilities include: effective functioning of components that support services and executing operational control activities to manage and deliver services. As part of the overall business, the responsibilities are: delivering services efficiently and at acceptable cost, delivering services within prescribed service levels and maintaining user satisfaction for IT services provided. We will proceed further and discuss the different service operation related challenges that may put business value at risk.
1.20 Realising Business Value in Service Operation
It is important to pre-empt challenges and take appropriate steps to overcome them. The service operation related challenges that may put business value at risk are: Firstly, it is very easy to quantify the costs of a project, but very difficult to quantify what the service will cost after three years of operation. When organisations do not consider the costs of on-going management of services, it will impact the budgetary and return on investment targets and hence business perception of the value of the service may diminish. Secondly, it is difficult to obtain funding during the operational stage, to fix design flaws or unforeseen requirements. This is left to incident and problem management to resolve – as if it is purely an operational issue. There could be instances where the service design might have to be reviewed and changes made requiring additional investments. If these are ignored, value of the service as well as customer satisfaction is bound to deteriorate. Thirdly, it is difficult to obtain additional funding for tools or actions aimed at improving the efficiency of service operation. Where all the five aspects of service design are not considered, there is a possibility of missing out on some non-functional requirements of the service. When these come up later in the lifecycle, question arises on further funding. Also, the fast pace of technology change may prompt further funding requests. Lastly, where services are stable after introduction in live environment, their performance becomes a baseline for business expectations. Services are taken for granted and any action to optimise them is perceived as ‘fixing services that are not broken’. Business does not see any value added in improving or optimising such services. We will move on to discuss change evaluation and its impact in detail.
1.21 Service Value in Service Transition
Let us now look at how the change evaluation process within service transition stage contributes to or enhances service value. Change evaluation, by its very nature, is concerned with value. It tries to determine the performance of a service change in the context of likely impacts on business outcomes and on existing and proposed services and IT infrastructure. Also, risks and issues related to the change are identified and managed. Change evaluation ensures that a service change will be fairly, consistently and objectively evaluated. This enables establishing the use made of resources in terms of delivered benefit. This information will allow a more accurate focus on value in future service development and change management. Change evaluation also identifies and analyses the intended and unintended effects of the new or changed service. It also compares the actual performance with predicted performances. The evaluation reports supports decision making by change management. Continual service improvement can derive a great deal of intelligence for initiating further improvements to the change process as well as the predictions and measurements of service change performance. The use of service measurement and monitoring to support lifecycle is discussed in the following slide.
1.22 Using Service Measurement and Monitoring to Support Lifecycle
Monitoring and measurement are essential to manage, improve or control a service. We shall now look at how these two aspects support the service lifecycle. First, operational monitoring forms the basis for continual service improvement. However, monitoring, measurement and reporting can help in identifying opportunities for improvement in all lifecycle stages and in all processes. Next, monitoring focuses on the effectiveness of a service, process, tool, organisation or configuration item. The emphasis is on identifying where improvements can be made to the existing level of service or IT performance. Monitoring should focus on detecting exceptions and resolutions. For instance, improvement activities are not interested in whether an incident has been resolved; rather they focus on determining if it has been resolved within the agreed time and whether future incidents can be prevented. If a service level agreement is consistently met over time, the continual service improvement activities may also be interested in determining whether that level of performance can be sustained at a lower cost or whether it needs to be upgraded to an even better level of performance. We will now look into the diagrammatic representation of process and its components in the next slide.
This is a simple diagrammatic representation of a process and its components. A process consists of a set of activities. Inputs are data and information used by the process and may be the output from another process. The output produced by a process has to conform to operational norms that are derived from business objectives. A process, or an activity within a process, is initiated by a trigger. A trigger may be the arrival of an input or other event. A process may include roles, responsibilities, tools and management controls required to deliver the outputs reliably. A process may define policies, standards, guidelines, activities and work instructions if they are needed. Processes, once defined, should be documented and controlled. Process measurement and metrics can be built into the process to control and improve the process. A process is owned by a process owner, who is responsible for ensuring that the process is followed; it is reviewed and improved regularly; and to achieve the process objectives. Let us now define the term ‘process’.
1.24 Organising IT Service Management Process Definition
Now, let us look at the definition of the term ‘process’. A process is a set of coordinated activities combining and implementing resources and capabilities in order to produce an outcome, which, directly or indirectly, creates value for an external customer or stakeholder. It is also defined as a structured set of activities designed to accomplish a specific objective. A process takes one or more inputs and turns them into defined outputs. A process includes all of the roles, responsibilities, tools and management controls required to reliably deliver the outputs. Process oriented approach is becoming an integral part of all management and quality frameworks. Processes play a significant role in achieving and improving organisational performance and objectives. We will move on to learn about the characteristics of a process.
1.25 Characteristics of a Process
Processes are defined with a set of objectives and a well-defined process can improve efficiency and productivity within and across organisations and functions. There are four key characteristics of processes. We shall discuss these characteristics now: Firstly, processes are measurable. They are performance driven and various people derive relevant measurements for the processes executed. For example, managers may be interested in measuring cost, quality and other variables while practitioners may be interested in duration and productivity. Secondly, they deliver specific results. Processes are designed and implemented with the sole objective of achieving specific results. Thirdly, they deliver primary results to customers. Processes are implemented with a key focus on meeting customer’s requirements and expectations. Lastly, they respond to a specific event. Processes are initiated by specific triggers or events. They may be on-going or iterative, but every instance is traceable to a specific trigger or event. We looked into the different characteristics of process, let’s proceed further and discuss the different terms relating to organisational structure.
1.26 Organising IT Service Management Organisation Structure
In an organisation the most commonly used terms are ‘functions’ and ‘roles’. Let us do a quick recap of these two terms. A function is a team or a group of people and the tools or other resources they use to carry out one or more processes or activities. Functions are units of organisations specialised to perform certain types of work and are responsible for specific outcomes. They are normally self-contained organisational units constituting resources, capabilities and tools. Based on the size of an organisation, functions may be further divided into departments or teams. Service desk, application management, technical management and IT operations management are the four functions detailed in service operation publication of ITIL. A role is a set of responsibilities, activities and authorities granted to a person or team. A role is defined in a process or function. Roles should not be confused with job titles and designations as one person may play different roles in different contexts. For example, a service delivery manager may perform the roles of change manager, service level manager and continuous improvement manager. It is important to note that while assigning more than one role to a person, there should be no conflict of interest with respect to responsibilities assigned to these roles. We shall now cover some of the other terms relating to organisation structure. Groups are informal organisational structures with people performing similar activities. It is possible that the members of the group may work on different technologies or report into different organisational structures or may even belong to different companies. A team is a more formal type of group comprising of people working together to achieve a common objective. Teams are generally formed for dealing with a situation of a temporary or transitional nature. The people in the team may not be in the same organisational structure. Departments are formal organisational structures which exist to perform a specific set of defined activities on an on-going basis. Departments have a hierarchical reporting structure with managers who are usually responsible for the execution of the activities and also for day-to-day management of the staff in the department. A division is a self-contained unit with a number of departments grouped together by geography, product line or some other criteria. The next slide deals with connecting with processes and functions with RACI matrix.
1.27 Connecting with Processes and Functions RACI Matrix
A key element of process designing is detailing the roles and responsibilities as clearly as possible. As services, processes and their component activities run through an entire organisation, the individual activities should be clearly mapped to well-defined roles. RACI model is an effective way of defining the roles and responsibilities in relation to processes and activities. It provides a compact, concise, easy method of tracking who does what in each process and enables decisions to be made quickly and with confidence. The acronym RACI stands for: Responsible: The person or people responsible for getting the job done. Accountable: The person who has ownership of quality and the end result of the activity. Only one person can be accountable for each task. Consulted: The people who are consulted and whose opinions are sought—especially subject matter experts and senior management. Informed: The people who are kept up-to-date on progress of the activities. Some organisations have added more roles and have come up with some variations of RACI. One such variation is RACI-VS. Where the additional ‘v’ stands for ‘verifies’: The person or group that checks whether the acceptance criteria have been met; and ’S’ stands for ‘signs off’: The person who approves the verified decision and authorises the product hand-off. This could be the accountable person also. Another variation is RASCI. Where the additional ‘s’ stands for ‘supportive’: The person or group that provides additional resources to conduct the work or plays a supportive role in implementation. We will learn about the different aspects of risk management now.
1.28 Risk Management
We shall now discuss some basic concepts of risk management. Risk may be defined as uncertainty of outcome, whether a positive opportunity or negative threat. It is the fact that there is uncertainty that creates the need for attention and formal management of risk. The purpose of formal risk management is to enable better decision-making based on a sound understanding of risks and their likely impact on the achievement of objectives. There are two distinct phases to support risk related decision making – Risk assessment and Risk management. Risk assessment is concerned with gathering information about exposure to risk so that the organisation can make appropriate decisions and manage risk in a right way. It includes analysing the value of assets to the business, identifying threats to those assets and evaluating how vulnerable each asset is to those threats. Risk management is concerned with the identification, selection and adoption of countermeasures justified by the identified risks to assets in terms of their potential impact on services if failure occurs and the reduction of those risks to an acceptable level. It involves having processes in place to monitor risks, access to reliable and up-to-date information about risks, the right balance of control in place to deal with those risks and decision-making processes supported by a framework of risk analysis and evaluation. There a number of risk management frameworks developed and established by various organisations and institutions. The key ones are: Management of Risk (M_o_R); ISO 31000; ISO/IEC 27001 and Risk IT. We shall briefly discuss these frameworks in the next few slides. We will start with management of risk in the next slide.
1.29 Management of Risk(M o R) Framework
Let us start with management of risk framework. ‘Management of risk’ also known as M_o_R in the short form, is the OGC methodology for managing risks. It provides guidance to organisations to put in place an effective framework for risk management. It also details the activities required to identify and control the exposure to risks, which may have an impact on the achievement of organisation’s business objectives. The diagram on this slide illustrates the ‘management of risk’ framework. This framework is based on four core concepts which we shall discuss now. The first concept is M_o_R principles. These are high-level and universally applicable good practices that are fundamental for the development and maintenance of a good risk management practice in an organisation. The next concept is M_o_R approach. Establishing the approach involves adapting and adopting the general principles to suit oragnisational requirements. This approach needs to be agreed and defined within the risk management policy, process guide and strategies. The third concept is M_o_R process. The process consists of four steps: identify, assess, plan and implement. Each step describes the inputs, outputs, tasks and techniques involved to ensure that the overall process is effective. The fourth concept is ‘embedding and reviewing M_o_R’. This ensures that the established approach and process are consistently applied across the organisation and that their application undergoes continual improvement in order for them to be effective. Communication is at the core. The principles, approach, process and improvement actions need to be communicated to all concerned to ensure the effectiveness of ‘management_of_risk’. You may visit www.m-o-r.org for more information on this framework. We shall now look into the diagrammatic representation of the ISO 31000 in the next slide.
1.30 ISO 31000 Risk Management Approach
ISO 31000 is a process-oriented approach to risk management. It provides a broad scope for organisations to adopt the high-level principles and tailor them to meet their specific needs and circumstances. ISO 31000 defines risk as ‘the effect of uncertainty on objectives’. The initial steps under this risk management approach are: The designing of framework for managing risk across all levels of the organisation Gaining an understanding of the organisation and its context Establishing risk management policy Once the framework has been established and the context understood, risk assessment is undertaken. This consists of three steps: risk identification, risk analysis and risk evaluation. The risk identification step is intended to create a comprehensive list of risks based on those events that might create, enhance, prevent, degrade, accelerate or delay the achievement of the organisation’s objectives. Risk analysis involves developing a full understanding of the risks as an input to risk evaluation and the decisions regarding the plan for treating the risks. Risk evaluation is performed to make decisions about which risks require treatment and the relative priorities amongst them. Risk treatment involves the modification of risks using one or more approaches. These approaches are not necessarily mutually exclusive and may include: avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing the risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties and retaining the risk by informed decisions. Let us understand more about ISO/IEC 27001.
1.31 ISOIEC 27001
ISO/IEC 27001 is an information security management system intended to bring information security under explicit management control. Though ISO/IEC 27001 is a security standard, the risk management methods described in this standard may be applied to general risk management activities and overall service provision. This standard suggests that management should: systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities and impacts; design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment, such as risk avoidance or risk transfer, to address those risks that are deemed unacceptable; and adopt an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs on an on-going basis. The risk management steps recommended by this standard include: defining the risk assessment approach of the organisation; identifying the risks, assets and the owners of the assets; identifying the threats to these assets; identifying the vulnerabilities that might be exploited by the threats; analysing and evaluating the risks and assessing the business impacts on the organisation; estimating the levels of risk and determining which are acceptable and require treatment and identifying and evaluating options for the treatment of risks. Let us look into the diagrammatic representation of the different principles of risk IT.
1.32 Risk IT
Risk IT provides a framework for effective governance and management of IT risk and is published by ISACA. The key principles of risk IT are that: IT risks governance and management should always connect to the business objectives and management of IT-related business risk should be aligned with overall enterprise risk management. The framework constitutes three domains namely - risk governance, risk evaluation and risk response. Risk governance ensures that IT risk management practices are embedded in the enterprise, enabling it to secure optimal risk-adjusted return. Risk evaluation ensures that IT-related risks and opportunities are identified, analysed and presented in business terms. Risk response ensures that IT-related risk issues, opportunities and events are addressed in a cost-effective manner and in line with business priorities. We will move on to discuss more about knowledge management.
1.33 Knowledge Management and SKMS
Knowledge management can be represented by the ‘Data-Information-Knowledge-Wisdom’ structure. It is also popularly known as the DIKW structure. Data is a set of discrete facts. Organisations capture various types of data relating to people, process, activities, performance, etc. Data is generally stored in structured databases for further use. Processed data or meaningful data is known as information. Information comes from providing context to data. The key knowledge management activity around information is managing the content in a way that makes it easy to capture, query, find, re-use and learn from experiences so that mistakes are not repeated and work is not duplicated. Knowledge is gained from analysis of information. It also includes the experiences, ideas, insights, values and judgments of individuals. Knowledge is dynamic and context-based. Knowledge puts information into an ‘ease of use’ form, which can facilitate decision-making. Wisdom is the ability to make informed decisions by knowledge gained. All the data, information and knowledge captured and processed at various stages of the lifecycle, from various processes and activities are essentially used to make decisions - ranging from simple to complex situations or circumstances. The following slide diagrammatically represents the service knowledge management system.
1.34 Knowledge Management and SKMS
Service knowledge management system or SKMS is a set of tools and databases that is used to manage knowledge, information and data. It includes the tools for collecting, storing, managing, updating, analysing and presenting all the knowledge, information and data that an IT service provider will need to manage the full lifecycle of IT services. The service knowledge management system includes the configuration management system, as well as other databases and information systems. The diagram on this slide illustrates the relationship between service knowledge management system, configuration management system and the configuration management database. The SKMS will contain different types of data, information and knowledge. These include - the service portfolio, agreements, contracts, policies, plans, reports, etc. Many of these knowledge and information assets are configuration items. Changes to configuration Items must be under the control of the change management process, and details of their attributes and relationships will be documented in the configuration management system. The key purpose of service knowledge management system is to support the delivery of services and to take informed decisions. We will now learn more about knowledge management in the next slide.
1.35 Knowledge Management and SKMS
Implementing a service knowledge management system enables effective decision support and reduces the risks that arise from a lack of knowledge or information. The diagram on this slide illustrates the service knowledge management architecture. The four layers and components within these four layers are shown in a clear way. The first one is the presentation layer that enables searching, browsing, retrieving, updating, subscribing and collaboration. The different views can be enabled for meeting the requirements of different audiences. Each view should be protected to ensure that only authorised people can see or modify the underlying knowledge, information and data. The second layer is the knowledge processing layer where the information is converted into useful knowledge that enables decision-making. Third is the information integration layer that provides information that has been gathered from data in multiple sources in the data layer. Last one is the data layer that includes tools for data discovery, data collection and data items in unstructured and structured forms. This architecture is applicable for many of the management information systems, including availability management information system and the capacity management information system. With that we have successfully concluded learning unit 1, let us summarise what we have learnt so far.
We have come to an end of the learning unit 1 which dealt with the key concepts of the service lifecycle. Let’s look into the key points that we have learnt so far: ITIL – library constituents Definition of service and classification of services Service management and IT service management The service lifecycle: here we covered it’s different processes, they are: Service strategy and processes Service design and processes Service transition and processes Service operation and processes Continual service improvement and processes Service value – utility and warranty Characteristics of value Value to business and service strategy Realising business value in service operation Service value in service transition Using service measurement and monitoring to support lifecycle Definition and characteristics of process Functions, roles and RACI Risk management : M_o_R, ISO 31000, ISO/IEC 27001 & risk IT Knowledge management and SKMS Next in the learning unit 2 we will learn about communication and stakeholder management. Learning Unit- 2: Communication and Stakeholder Management Slide 52: Communication and Stakeholder Management Welcome to the Learning Unit 2 of ITIL Managing Across the Lifecycle Certification Course by Simplilearn. Providing services and service management is all about understanding stakeholder requirements and expectations and meeting them. In this module we shall discuss about stakeholder management strategy, relevance of business relationship management and managing communications across various stakeholders.
About the On-Demand Webinar
About the Webinar