ITIL Summary Service Delivery.doc.doc

ITIL V2 Service Delivery

Summary

Author: Pieter DuboisMail address: [email protected]

Total Pages: 44Document Version: 1.2

June, 2003

Document Control

DistributionPieter DuboisAll ITIL interested parties

Revision History

Date of this revision: 16/07/2003 Date of next revision: TBD

Revision Number Revision Date Summary of Changes

Changes marked

(1) 10/12/2002 Version 1.01.2 16/07/2003 Version 1.2

References: Service Delivery (CCTA)

� x

IBM Belgium of 44

1. Overview..................................................................................................................61.1 Management Summary.........................................................................................6

2 Introduction to ITIL.......................................................................................................71.1 ITIL is.....................................................................................................................72.1 General Service Management benefits..................................................................7

3 Service Level Management..........................................................................................83.1 Mission statement.................................................................................................83.2 Definitions.............................................................................................................83.3 Scope....................................................................................................................83.4 Benefits.................................................................................................................83.5 Costs.....................................................................................................................93.6 Problems...............................................................................................................93.7 Planning activities.................................................................................................93.8 Implementation Activities......................................................................................93.9 Ongoing activities................................................................................................103.10 SLA Contents....................................................................................................103.11 KPI and metrics................................................................................................103.12 Roles, Responsibilities & Skills of SLM..............................................................11

3.12.1 Role...............................................................................................................113.12.2 Responsibilities.............................................................................................113.12.3 Skill set.........................................................................................................11

4 Financial Management for IT Services.......................................................................124.1 Mission Statement...............................................................................................124.2 Definitions...........................................................................................................124.3 Scope..................................................................................................................124.4 Benefits...............................................................................................................134.5 Costs...................................................................................................................134.6 Problems.............................................................................................................134.7 Links with other processes..................................................................................144.8 Planning for IT Accounting & Charging................................................................144.9 Implementation of IT Accounting & Charging......................................................154.10 Ongoing management of IT Accounting & Charging.........................................154.11 Key Performance Indicators..............................................................................164.12 Reporting.........................................................................................................164.13 Roles & Responsibilities of IT Finance Manager................................................16

4.13.1 Role...............................................................................................................164.13.2 Responsibilities.............................................................................................164.13.3 Skill set.........................................................................................................17

4.14 Budgeting.........................................................................................................174.14.1 Goal...............................................................................................................174.14.2 Cost dependent budget items.......................................................................174.14.3 Workload dependent budget items...............................................................17

4.15 IT Accounting...................................................................................................174.15.1 Goals.............................................................................................................174.15.2 Possible policies............................................................................................184.15.3 Cost Model....................................................................................................184.15.4 Cost elements...............................................................................................184.15.5 Cost per Cost Unit.........................................................................................184.15.6 Changes affecting Costs................................................................................194.15.7 Investment appraisal.....................................................................................194.15.8 Budgeting, IT Accounting & Charging Cycles.................................................19

4.16 Charging...........................................................................................................194.16.1 Goal...............................................................................................................194.16.2 Policies..........................................................................................................194.16.3 Deciding Chargeable Items...........................................................................204.16.4 Pricing...........................................................................................................204.16.5 Internal market.............................................................................................204.16.6 Billing............................................................................................................20

IBM Belgium of 44

5 Capacity Management...............................................................................................215.1 Mission Statement...............................................................................................215.2 Scope..................................................................................................................215.3 Critical success factors........................................................................................215.4 Benefits...............................................................................................................215.5 Costs...................................................................................................................225.6 Problems.............................................................................................................225.7 Links with other Service Management processes................................................225.8 Planning activities...............................................................................................235.9 Implementation activities....................................................................................235.10 Capacity Management Activities......................................................................24

5.10.1 Type of activities...........................................................................................245.10.2 Iterative activities.........................................................................................245.10.3 Capacity Database........................................................................................245.10.4 Demand Management...................................................................................255.10.5 Modeling.......................................................................................................255.10.6 Application Sizing..........................................................................................255.10.7 Production of the Capacity plan....................................................................25

5.11 Reporting & Metrics..........................................................................................255.12 Key Performance Indicators..............................................................................26

5.12.1 Resource forecasts........................................................................................265.12.2 Technology....................................................................................................265.12.3 Cost-effectiveness.........................................................................................265.12.4 IT capacity matching business need..............................................................26

5.13 Roles & Responsibilities of the Capacity Manager............................................265.13.1 Role...............................................................................................................265.13.2 Responsibilities.............................................................................................265.13.3 Tasks.............................................................................................................27

5.14 Capacity Plan...................................................................................................275.14.1 Introduction...................................................................................................275.14.2 Management summary.................................................................................275.14.3 Business scenario’s.......................................................................................275.14.4 Service summary..........................................................................................275.14.5 Resource summary.......................................................................................285.14.6 Options for service improvement..................................................................285.14.7 Cost model....................................................................................................285.14.8 Recommendations........................................................................................28

5.15 The Capacity Management Process..................................................................285.15.1 The Inputs.....................................................................................................285.15.2 Sub-processes...............................................................................................285.15.3 Outputs.........................................................................................................295.15.4 Reactive-Proactive........................................................................................295.15.5 Business Capacity Management objectives...................................................295.15.6 Service Capacity Management objectives.....................................................295.15.7 Resource Capacity Management objectives..................................................30

6 IT Service Continuity Management............................................................................316.1 Mission................................................................................................................316.2 Definitions...........................................................................................................316.3 Scope..................................................................................................................316.4 Benefits...............................................................................................................316.5 Costs...................................................................................................................326.6 Problems.............................................................................................................326.7 Links with other IT Service processes..................................................................326.8 Business Continuity Lifecycle activities...............................................................32

6.8.1 Initiation activities.........................................................................................326.8.2 Requirements analysis and Strategy definition.............................................336.8.3 Implementation.............................................................................................346.8.4 Operational Management..............................................................................356.8.5 Invocation.....................................................................................................36

IBM Belgium of 44

6.9 Management Structure........................................................................................366.9.1 Scope............................................................................................................366.9.2 Management responsibilities in ongoing phase.............................................366.9.3 Management responsibilities in invocation phase.........................................37

6.10 Roles and responsibilities of the ITSCM manager.............................................376.10.1 Role...............................................................................................................376.10.2 Responsibilities.............................................................................................376.10.3 Skills..............................................................................................................37

6.11 ITSCM Recovery Plan........................................................................................386.11.1 Introduction...................................................................................................386.11.2 Recovery Strategy.........................................................................................386.11.3 Invocation.....................................................................................................386.11.4 General Guidance..........................................................................................386.11.5 Dependencies...............................................................................................386.11.6 Recovery team..............................................................................................386.11.7 Recovery Team checklist...............................................................................386.11.8 Recovery Procedure......................................................................................38

7 Availability Management...........................................................................................397.1 Mission................................................................................................................397.2 Definitions...........................................................................................................397.3 Scope..................................................................................................................397.4 Benefits...............................................................................................................407.5 Costs...................................................................................................................407.6 Problems.............................................................................................................407.7 Links with other processes..................................................................................407.8 Process & Activities.............................................................................................41

7.8.1 Inputs............................................................................................................417.8.2 Outputs.........................................................................................................417.8.3 activities........................................................................................................41

7.9 Reporting.............................................................................................................417.9.1 IT Availability reporting measures.................................................................427.9.2 End user availability reporting measures......................................................427.9.3 Business availability reporting measures......................................................42

7.10 Roles & Responsibilities of the Availability Manager.........................................427.10.1 Role...............................................................................................................427.10.2 Responsibilities.............................................................................................43

7.11 Tools & Techniques..........................................................................................437.12 The Availability Plan.........................................................................................44

IBM Belgium of 44

1. Overview

1.1 Management Summary

This document provides a summary of the most relevant information of the ITIL Service Delivery V2 book to help with preparation of the EXIN Manager’s certificate in ITIL Service Management.

The following topics for got particular attention: What is ITIL Mission statement different ITIL processes Activities of each ITIL process Benefits/difficulties/costs implementing ITIL process Links & dependencies with other ITIL processes ITIL process roles and responsibilities Key Performance Indicators of and reports about the ITIL Process

IBM Belgium of 44

2 Introduction to ITIL

1.1 ITIL is A Public Domain Framework: the information is publicly available and can be used

by everyone for implementation Best practice Framework: the information documents industry best practice

guidance. While not detailing every action that should be done, which is organization dependant, it provides the goals, general activities, inputs and outputs of the various processes. It provides a framework in which to place existing methods and activities.

De facto standard: ITIL by its widespread use became a de facto standard. The advantage is that there is a common language for people to speak. This makes education very important to provide all people in the process this common language

Quality Approach: ITIL focuses on providing high quality services with a focus on customer relationships. There is a strong relationship between the IT organization and the Customers.

Process Based: ITIL is a process based method. It sees IT Service Management also as a Business Process and tries to organize it that way.

2.1 General Service Management benefits Improved quality of service – more reliable business support Formalizes the use of procedures so that they are more reliable to follow Provides better view of current IT capabilities. Provides better information on current IT services provided. Better understanding of IT support to the business. Better motivated staff through better management of expectations and

responsibilities. Enhanced Customer satisfaction as it is clear what service providers know and

deliver. More flexibility and adaptability through acknowledgement and formalizing working in

a changing environment. Faster cycle times and greater success rates on implementing changes.

IBM Belgium of 44

3 Service Level Management

3.1 Mission statementMaintain and improve IT Service quality through a constant cycle of:

1. negotiating2. agreeing3. monitoring4. reporting

of IT Service achievements in line with business requirements and/or cost justification, and develop a better relationship between IT and its customers.

3.2 Definitions Service Level Agreements (SLA): agreement between IT Service provider and the

IT Customer(s), in which key service targets and responsibilities of both parties. Operational Level Agreements (OLA): agreement between IT Service provider and

other internal service providers on which the service depends Underpinning Contracts (UC’s): contracts with external IT Service providers

(hardware, software). Service Catalogue (SC): This is a list of all IT Services that are provided and which

can come into scope for SLA’s. It also contains the users of the service and their maintainers.

Service: A business process underpinned by one or more IT systems. SLA Montoring chart (SLAM): Green/Amber/Red colour coded charts providing

information on SLA status of IT Services.

3.3 ScopeService Level Agreements (SLA’s) should be established for all IT services being provided. Underpinning Contracts (UC’s) and Operational Level Agreements (OLA’s) should be in place with both internal and external suppliers on which the IT Service is dependent.

3.4 Benefits Improvement in IT Service quality & reduction of service outages can lead to

significant financial savings. Satisfied customers Clearer view between both parties on roles and responsibilities Specific targets that have to be achieved and that can be measured and reported. Focusing of IT effort on what the business thinks is key. IT and customers have consistent expectations on the level of Service required. Identification of weak areas that can be remedied subsequently. SLM underpins supplier management and vice-versa IT Services are designed to meet Service Level Requirements. SLA’s can be the basis for charging and is the demonstration of what customers

receive for their money.

IBM Belgium of 44

3.5 Costs Staff: salaries, training, consultancy – initial & ongoing Support tools & hardware Marketing costs

Should be seen as investment and value-add.

3.6 Problems Monitoring of actual achievements and having the same perception as the

customers. This impacts the following:o Committing only to achievable targets.o Verifying targets prior to agreement.o SLA’s based on desires rather than achievable targets

Inadequate resources and time – SLA management done in the margin of … Too low seniority for SLA manager. SLA’s not supported by adequate UC’s and OLA’s. Unclear definition of responsibilities of each party making some things fall between

the ‘cracks’. IT based rather than business aligned. Business not knowing its requirements. Not focused SLA’s SLA’s being considered as overhead rather than chargeable service

3.7 Planning activities Nomination of SLM and supporting staff Mission statement and definition of scope & objectives Awareness campaign to win support and provide information Definition of roles, tasks & responsibilities Quantifying activities, resources, funding, quality criteria Planning of Service Catalogue Drafting pilot SLA Identification of support tools Setting & agreeing incident priority levels and escalation paths with Customers &

internal and external service providers. Plan SLA monitoring capabilities Evaluate on all levels of customer community the current perception of service levels. Plan a review or implementation of OLA’s and UC for those IT Services that are in

the SLA.

3.8 Implementation Activities Produce Service Catalogue Manage customer expectations. Plan SLA structure based on SC (Service Based and/or Customer Based or Multi-

level) Establish Service Level Requirements and create draft SLA (iterative process) Produce clear wording in SLA without ambiguities (potentially translated). Seek agreement with actual Customers of the services AND the IT Service

organization to finalize SLA contents and initial Service Level targets. Establish monitoring capabilities which measures precisely those metrics agreed on

in the SLA’s to avoid disputes later on.

IBM Belgium of 44

Review UC’s and OLA’s to make sure the supplier underpins the target SLA’s. Define Reporting & Review process with Customers. Publicise existence of SLA’s to Service Desk, other support groups and user

community.

3.9 Ongoing activities Monitoring & Reporting: Daily operational reports, exception reports (SLA broken),

regular SLA performance reports (SLAM charts). Report making should be automated.

Service Review Meetings reviewing service achievement in last period and preview issues in coming period. Monthly. Actions for improvements to be identified. Particular attention on breach of service levels. Minutes made.

Service Improvement Program: instigated when an underlying difficulty has been identified that adversely impacts service quality (training, testing, documentation, …).

Maintenance of SLA’s, UC’s & OLA’s: bring under change control and annually reviewed to check relevance towards business needs.

3.10 SLA Contents Introduction: parties, description agreement, signatures, Dates, scope agreement,

responsibilities Service Provider and Customer, description services Service Hours for each service, special hours, calendar Availability targets for each service within agreed hours Reliability expressed in # of service breaks, MTBF, MTBSI Support: support hours, arrangement for support extentions, special hours, target

response times, target resolve times Throughput: likely traffic volumes and troughput, n° of concurrent users, … Transaction Response Times: Target times for average, maximum workstation

response times Batch turnaround times: times for input delivery and output delivery. Change: targets for approving, handling & implementing RFC’s based on

category/priority of changes Contingency & security: brief description of contingency plans and how to invoke

them. Detail of diminished service targets should a disaster occur. Charging: Details of charging formula and periods. Service reporting & reviewing: content, frequency & distribution of service reports

and service review meetings. Performance incentives/penalties based on performance against SLA.

3.11 KPI and metrics Number or % of Services covered by SLA’s. % of UC’s and OLA’s for all SLA’s Monitoring implemented & reports produced on regular basis Review meetings held on time and correctly minuted Evidence that issues raised at reviews are being followed up and resolved. Are SLA’s, OLA’s and UC’s current? % in need of review? Number and % of service targets met Number and severity of service breaches Are Service Level achievements improving? Are Customer perception statistics improving?

IBM Belgium of 44

3.12 Roles, Responsibilities & Skills of SLM

3.12.1 Role

Implement and maintain the SLM process

3.12.2 Responsibilities

Create and maintain service catalogue Formulate, agree & create SLM structure (SLA, OLA, UC) Negotiate, agree & maintain SLA, OLA, UC. Analyze & review Service performance against SLA & OLA Produce regular reports Organize and maintain regular Service Level Reviews with Customer and IT provider. Initiate any actions required to maintain/improve Service Levels Conduct annual reviews of entire Service Level process Coordinate any temporary changes to Service Levels required.

3.12.3 Skill set

Understand IT Providers services and understand how customer requirements impact them.

Understand Customers business and how IT affects it Excellent communication & negotiation skills Patience, tolerance and resilience Experience in Contract/Supplier Management type roles People Management and Administrative skills Understand statistical and analytical principles and processes Presentation skills Numeric skills Ability to interact at all levels of Customer and IT Provider organization Translate technical requirements into business concepts and vice versa. Be seen as fair to all parties Good listener Innovative in respect to Service Quality and how it can be improved within

organization limits.

IBM Belgium of 44

4 Financial Management for IT Services

4.1 Mission StatementTo be able to account fully on the spent money on IT Services, to attribute these costs to IT services delivered to the Customers and to assist management decisions on IT investment by providing detailed business cases for changes to IT services.

4.2 Definitions Budgeting: process of predicting and controlling the spending of money to IT

Services. It consists of a periodic negotiation cycle to set budgets and to monitor day-to-day the spending of current budgets.

IT Accounting: process that enables the IT organization to fully account the way its money is being spent by identifying cost per customer, service and activity. Involves ledgers. Requires Accountancy skills

Charging: process to bill the Customers for the IT services supplied to them. Requires IT Accounting to the level of detail required for analysis, billing & reporting processes.

Notional Charging: provide information on cost of IT Service to create awareness of costs.

Cost Center: target of Direct Costs. Typically a business unit that relates directly to the general ledger system

Profit Center: source of revenue. Target is to recover an amount larger than costs incurred.

Cost Unit: basic items of resource used to calculate cost of individual services. It must be easily counted things like CPU usage, file store usage … Required to be able assigning Cost per cost unit.

Capital Cost: or current expenditure comes in the balance sheets as an asset. Is depreciated over the years. Applies to physical assets (equipment) or in-house developed software.

Operational Cost: or revenue expenditure is seen as a cost. Costs incurred by day-to-day running of IT Services. Repeating payments (staff costs)

Direct Cost: costs clearly attributable to a single customer Indirect Cost: or overheads are costs that are incurred on behalf of all the customers

and have to be apportioned over them in a fair manner. Those that can’t be apportioned (unabsorbed overheads) need to be recovered by uplifting calculated costs by fair amount.

Fixed Costs: costs that do not change even when utilization varies. Variable Costs: costs that vary with some factor like usage or time.

4.3 ScopeBudgeting, IT Accounting and Charging of IT Services to the Customers:

Budgeting: ensure that predicted costs are matched by the budget, and that early warnings are given where this is not the case.

IT Accounting: accounts for all costs made. Enables the attribution of costs to customer service provided. Should aid investment, renewal decisions and identify poor value for money, but without going in more detail then required (charge fixed

IBM Belgium of 44

amount for an agreed capacity). Identify cost of changes. Perform ROI and cost-benefit analysis.

Charging: recovers in a fair way the cost of the IT services and/or influence Customer behavior where necessary.

4.4 BenefitsTo Users:

Improved service due to efficient use of IT spending.In general

Locks IT to the Business and vice versa. Prevents IT drifting away from needs of the business. Prevents Business pursuing private deals outside the enterprise.

Increased confidence in setting & managing budgets Accurate cost information for determining costs of ownership for ongoing services More efficient use of IT resource throughout the enterprise Increased professionalism of staff

Budgeting Ensures Business provides sufficient funds to run the IT Services it requires. Ensures Service Levels can be maintained by covering required costs Provides early warning of over- or under-consumption of services in financial terms

IT Accounting Provides management information on the cost of providing IT Services supporting

business needs. Make business-like decisions about IT Services Plan and budget with confidence Demonstrate over or under-consumption of services in financial terms. Understand cost of not taking advantage of opportunities of change.

Charging: Provides sound business method of balancing shape and quantity of IT Services with

need and resources of the customers. Make formal evaluations of IT Services and plan for investment based on cost

recovery Recover IT costs in a fair manner Influence customer behavior where appropriate. Shape customer awareness if notional charging is introduced.

4.5 Costs3 categories:

1. administration and organization costs for planning, implementation, ongoing operations

2. Extra computing resources for automating and facilitate IT Accounting and Charging.

3. Purchase and support of tools.

4.6 Problems New discipline, so limited understanding of leading practice in Cost modeling and

charging mechanisms, leading to overly complex or ineffective systems IT Accounting relies on planning information provided by other functions within and

outside the IT Services management and is sometimes difficult to obtain. Combination of IT skills and accountancy skills are rare.

IBM Belgium of 44

IS strategy and objectives are not clear hence prediction of capacity requirement is not accurate.

Senior management may not realize benefits of IT Accounting and Charging Resentment of administrative overhead and workload. Complex IT Accounting & Charging makes cost larger than value of information

provided. Monitoring tools providing resource usage are inaccurate or not cost-efficient.

4.7 Links with other processes Service Level Management: Cost of meeting customer SLA requirements impacts

shape and scope of services that are agreed. IT Finance manager cooperates with Service Level Manager about the costs meeting business demands and charging policies influencing customer behavior. The more variations to service levels, the larger the scope of charging but the larger the overheads of Budgeting, IT accounting & Charging.

Capacity/Availability Management: Cost information can be used to estimate cost of desired capacity/availability.

Configuration Management: Financial management requires asset and cost information which can be provided through the CMDB.

Change Management: influence of changes on cost.

4.8 Planning for IT Accounting & Charging Agree scope and requirements with Terms of Reference (TOR) Compose project board with:

o Director of ISo Senior manager of Financial Serviceso One or more billable customerso IT Services Manager

Create project board that has knowledge of Business as well as IT Services and who understand principles of IT Accounting.

Conduct feasibility study which includes:o Evaluation and quantification of benefito Recommendations on Charging Policyo Outline implementation planso Specify financial interfaces with enterpriseo Recommendation on customers control of budgets (can it be spent

elsewhere).o Evaluation of support toolso Identification of current Charging or IT Accounting practiceso Identification of risk area’so Identification of Performance indicators to a successful implementation

Create Project Plan which should cover:o Analysis of costs and Charging policieso Design & development of IT Accounting and Charging systemso Implementation & post-implementation review

Design Cost model based on IT organization budget info, IT requirements from businesses and policies for IT Accounting & Charging:

o Identify planning cycle in the enterprise (yearly e.g.) where business plans are created which include IT requirements.

IBM Belgium of 44

o Establish current costs by identifying IT Services that will be provided and the total cost of resources needed to provide them.

o Check the data and the model by using more than one source to identify costs and by performing a full balance check.

4.9 Implementation of IT Accounting & ChargingIt can take 6 or more months. Must be introduced at beginning of financial year, but notional charging can be introduced at any time.

Document operational procedures and produce user manuals. It is vital to cover:o How & when IT & Customer mgmt will be informed of costso How IT Accounting data is to be collectedo How the Charging system works and what pricing structure is usedo How budgets are monitored between billso How & when auditing takes placeo How errors are handledo How Accounts are settledo What Change control is applied

Set up Cost Centers and Cost Unitso Separate capital & operational costso Identify Direct Costs & Indirect costs and apportion the latter

Set up data recording which provides information on:o Workloadso Serviceso Costso Resource Inventories

Select, install & test software tools Mount awareness campaign to reduce resistance. Provide info on:

o Capacity and costs. Improving service may increase costs if capacity is to be increased

o Customer reaction. IT becomes more business like and charging may change the pattern of the customers usage

o Flexibility of charges. Should be limited if IT organization cannot reduce its own costs if consumption is reduced

o Perceptions. IT Services will not be seen anymore as low cost commodities, but service value will come under scrutiny

Pilot the system Monitor the system Create IT Accounting and Charging continuity plan

4.10 Ongoing management of IT Accounting & Charging Ongoing operation includes:

o Daily/Weekly. Collect cost data, instigate changes.o Monthly. Run cost reporting, check costs with predictions, produce cost

analysis, produce charges and compare to budget, circulate balance sheeto Quarterly/half yearly: prepare for annual budget cycle, assess accuracy of

charging (actual revenue/expected revenue), verify price lists, assess accuracy of forecasts, and attend CAB’s.

o Annually. Audit IT Accounting, produce final accounts, annual cost analysis, circulate final balance sheets, review standard cost units, recalculate cost per

IBM Belgium of 44

cost unit, review charging policies, assist customers to set IT budgets, review IT service continuity plans

Change Management due to:o Changes to enterprise or IT organizationo Errors in the IT Accounting systems producing incorrect forecasts or budgetso Demands by customers which exceed their budgetso Changes in workload variance

4.11 Key Performance Indicators Cost recovery profiles and expenditures are accurate Charges are seen to be fair IT organization is provided with expected income IT customers and users behaviors change as planned Plans and budgets produced on time Specified reports produced on required intervals All costs are accounted for Timeliness of annual audits

4.12 ReportingTo Customers:

How much they have spent Charges match the predicted profile Current charging policies and IT Accounting methods Variances How profits are invested

To IT Services manager: Total cost, broken down by business Total revenue, broken down by business Costs and recovery against profile Costs and recovery outlook Problems and costs associated with IT Accounting and Charging systems Recommendations for changes Future investments.

4.13 Roles & Responsibilities of IT Finance Manager

4.13.1 Role

Work with representatives of business management and finance department, to develop the policies of Budgeting, IT Accounting & Charging. Implement and maintain the IT Financial Management process. Assist in developing account plans and investments for the IT organization and its customers


Budgeting Manage the IT organization budget Prepare budget forecasts and assist customers preparing IT elements of their

budgets Report to IT managers and customers on conformance to budgets

IBM Belgium of 44

IT Accounting Select tools and processes to gather cost data Develop cost models Agree IT accounting policies (depreciation) Assist develop cost/benefit cases for IT investments Advise senior management on cost-effectiveness of IT solutions

Charging Develop charging policies Provide justifications and comparisons for charges Prepare regular bills for customers

Other Support SLA manager, Capacity manager and CRM during budget planning Recommend scope for internal audits and assist external auditors.

4.13.3 Skill set

Financial, statistical and numerical skills Interact successfully with all levels of Customer and IT organization management Strong documentation and schedule skills Excellent communication and negotiation skills Presentation skills Understand customers business

4.14 Budgeting

4.14.1 Goal

Ensure that correct amount of money is set aside for the provision of IT Services and that they are not overspent during the budget period.

4.14.2 Cost dependent budget items

Hardware, software, Overtime and contractors payments Consumables External network charges

Can vary from estimates depending on usage

4.14.3 Workload dependent budget items

Workload estimates and forecast needed N° users, dial in lines, routers, PC’s are workload dependent items

4.15 IT Accounting

4.15.1 Goals

Track actual costs against budget Provide cost targets for performance and service delivery Help prioritization of resource usage Support introduction of Charging

IBM Belgium of 44

Provide detailed information on where and for what reason expenditure has been incurred

4.15.2 Possible policies

IT Accounting only: focus awareness on costs and provide better foundations on investment decisions without overhead of billing. Less likely to shape user behavior.

Zero-Profit: fully account for all IT spend and recover it from users. Improved cost control over service provision, recognition of true costs by customers.

Profit Centre: operate the IT organization as separate business entity but with set business objectives by enterprise. Can be created with objective to make profit, break-even or operate with subsidy. All deliverables are clearly identified and sold into marketplace. Each product or service carries a price tag. Customers could have freedom to go elsewhere.

4.15.3 Cost Model

Framework in which all known costs can be recorded and allocated to specific customers or activities.

Can be per customer (usual starting point), or per service. Steps in building cost model (per customer)

1. Identify all major cost elements in the budget and attribute them to the customers who cause them.

2. Split costs between Direct Costs and Indirect Costs (overhead + x% unabsorbed overhead).

3. Ensure that the sum of all costs attributed to each customer equals the total costs incurred by the IT organization; Balance Check.

4. Classify all recorded costs to a standard system that allows extension. Cost attribution must be: Simple, fair and accurate in that order.

4.15.4 Cost elements

Provides more details then only major cost types. Examples of cost elements per major type:

o Hardware: CPU, Disk units, peripherals, PC’s, Serverso Software: OS, applications, databases, monitoring toolso Employment: payroll costs, Company Cars, Expenseso Accommodation: Offices, Storage areaso Transfer: Consultancy, Disaster Recovery services, outsourcing services,

security services. Classify each cost element into Capital Costs and Operational Costs.

o Capital Costs: computer equipment, building & plants, software owned. Also large costs that the organization wants to write off over several years.

o Operational Costs: staff costs, maintenance, rental fees, software licensed, utility costs, consumables

Attribute cost elements Directly or Indirectly to customers Depreciation can be done by:

o Straight line method: x% each yearo Reducing balance method: 40% 1st year, 30% 2nd year and 30% last year.o By usage: printer with 5mio page lifetime, 1mio pages in 1st year, hence 20%

per year.

4.15.5 Cost per Cost Unit

Helps in apportioning Indirect Costs or to assess actual cost of a Variable Cost. Must be recalculated regularly, but done with Standard Costs like $/€ per CPU cycle.

IBM Belgium of 44

4.15.6 Changes affecting Costs

Ensure changes do not require recalculation of all costs. Use one of the following methods:

1. Average Cost: e.g. Total cost of machine divided by hours used results in cost per hour service time. Ensures all costs are attributed and simple rate per hour. But not all costs are recovered (changes in staff costs) and revenues change with usage.

2. Standard Rate: estimated costs of resources to meet an estimated capacity. Consistent rate for the whole period. Differs from true costs if workload changes.

3. Standard Rate using Standard Machine: idem Standard Rate but trying to overcome its disadvantages. Not based on actual forecast but on average use of a machine. Reflects ‘market rate’. IT organization has be able to deliver service at standard rate.

4.15.7 Investment appraisal

Process to determine whether business will benefit from changes to IT service quantity or quality. Essential prerequisite to sound financial management because longer term capital investment value is shown compared to the shorter term budget period goals like efficient use of allocated resources. Methods are:

Return on Investment (ROI): average increase in profits/investment. Return on Capital Employed (ROCE): Net profit before Taxes & Interest/Total

assets minus current liabilities. Judges effectiveness of an enterprise as a whole. Total Cost of Ownership (TCO): calculates the cost of a product or service during

its whole lifecycle.

4.15.8 Budgeting, IT Accounting & Charging Cycles

2 cycles:1. Planning cycle: annual. Cost projections and workload forecasting form basis of price

settings Budgeting: Agree overall expenditures IT Accounting: Establish standard unit costs for IT resources Charging: Establish pricing policy

2. Operational cycle: monthly/quarterly. Costs are monitored and checked against budgets. Bills are issued.

Budgeting: manage budget exceptions or changed costs IT Accounting: monitor expenditure by cost-centre Charging: compile and issue bills.

4.16 Charging

4.16.1 Goal

Determine prior to implementation the most suitable Charging policies Recover fairly and accurate the agreed costs of providing services Shape customer/user behavior to ensure optimal return on IT investment

4.16.2 Policies

Based on 4 factors1. Level of recovery of expenditure required2. Desire to influence customer/user behavior3. Ability to recovering costs based on usage

IBM Belgium of 44

4. Control of the internal market

4.16.3 Deciding Chargeable Items

Choice what to charge for, and how much to charge for it. Should be understandable and controllable by the customer (PC’s connected to

network e.g.).

4.16.4 Pricing

Not merely cost recovery but also influences demand for the product. It involves:o Understand true demand for the serviceo Determine pricing objectiveo Determine direct & indirect costso Level of control of internal marketo Legal, regulatory & tax issues

Different pricing methods:o Cost: marginal costs (cost of providing service now based on already made

investment) or full costs (calculated as TCO)o Cost plus: price = cost + x% (mark up)o Going rate: price is comparable with other internal depts.o Market rate: price is same as charged by external supplierso Fixed price: negotiated price

4.16.5 Internal market

Tied users: users must use internal IT services. Possibility to provide IT Services ‘free’, notional charges or actual charges

Untied users: customers can choose other IT providers. Real charging applies.

4.16.6 Billing

3 objectives:1. Bills must be simple, clear and matched to the ability to pay (time, period & method)2. Chargeable Items must be understood by the user3. IT Accounting data must be available to provide details and/or justification for bills

IBM Belgium of 44

5 Capacity Management

5.1 Mission StatementEnsure that cost justifiable IT capacity always exists and that it is matched to the current and future identified capacity needs of the business.

5.2 Scope Be focal point for all IT performance and capacity issues for HW, SW, Network,

peripherals & Human Resources where it concerns impact on end-to-end response times.

Monitoring of performance & throughput of IT services. Performance tuning of the existing resources. Influence the demand for resources in conjunction with Financial Management Produce Capacity plan that enables the IT service to stay within SLA’s. Match cost vs. capacity. Match supply vs. demand.

The driving force is the business requirements. Capacity Management needs to understand the long-term strategy of the business while providing information on latest technologies during input of the IT strategy aligned with the business plans.

5.3 Critical success factors Accurate business forecasts Knowledge of accurate IT strategy and plans Understanding of current & future technologies Ability to demonstrate cost effectiveness Interaction with other Service Management processes Ability to plan and implement the appropriate IT capacity to match business need

5.4 Benefits Reduced risk of performance problems and failure through:

o Application sizingo Managing resources and service performanceo Being member of the CAB to assess impact on capacity because of changeso Reducing urgent changes to increase capacity

Cost savings through:o Planned buying e.g. by providing input to procurement to allow best deals to

be negotiated by using economies of scale. o Deferring expenditure until really needed (but in a controlled way)o Matching capacity to business need

Ensures systems have sufficient capacity to run the applications required by the business for the foreseeable future

IBM Belgium of 44

Provides information on current and planned resource utilization of individual components allowing decisions on which components to upgrade, when and how much it will cost.

5.5 Costs Setting up Capacity Management: Procurement of required HW & SW like

monitoring tools, project management, staff costs, accommodation. Daily management of Capacity Management: annual maintenance and

upgrades, on-going staff costs, recurring accommodation costs (leasing, rental, energy).

5.6 Problems Over expectation of customer compared to technical capability. Hence requirement

for managing customer expectations and impact of demands on cost. Vendor influence: remember that what you can buy tomorrow will always have more

capacity then what you buy today. Lack of information on business forecasts due to shorter planning cycles, or being

provided with wrong forecasts. Distributed environment is often not included in the capacity management plans Level of monitoring to implement can be too high providing more costs than value

that is gained from the process.

5.7 Links with other Service Management processes Incident Management: IM keeps CM informed on incidents related to capacity

management. CM supports IM in solving & documenting capacity related incidents. Change Management: CM helps assessing impact of cumulative changes on

available capacity. CM is in CAB. Additional Capacity required will be included in the Capacity Plan and will be treated as an RFC

Service Level Management: CM helps SLM to assure that SLR’s are achievable and SLA’s can be supported by ensuring that enough performance & capacity is available. CM assists SLM with UC’s and OLA’s where capacity is concerned. Operationally, CM monitors and reports on performance and throughput.

Problem Management: CM helps with diagnosing the underlying cause of incidents caused by poor performance.

IT Service Continuity Management: CM provides input on required capacity of key business processes for all recovery options used. Capacity identified for recovery must be kept in line with live environment.

Availability Management: CM works in conjunction with Availability Management to ensure the good functioning of IT services and there are many interdependencies. Performance and capacity problems result in unavailability. Increasing availability of a component gives rise to an additional need in capacity.

Release Management: CM helps determine the distribution strategy based on capacity of the network

Configuration Management: Conceptually is the Capacity Database a subset of the CMDB. Information provided by CM will be passed to other processes through the CMDB.

IBM Belgium of 44

5.8 Planning activities Review existing capacity management activities

o Current responsibilityo Tools already in useo Requirements by other Service Management processeso Current budget & cost effectivenesso Management commitment to introduction of Capacity Management

Produce report describing:o Current situationo Improvements to be made and how it can be obtainedo Demonstrate need for Capacity Management and benefits to be expectedo Sample output from Capacity Management processo Project plan

Decide how CM will operate in a widely distributed environmento Centralized: how will it control remote components?o Decentralized: how can the process be controlled?

Monitoring is required for:o HW, networking, peripherals, softwareo Focused on components that support business critical serviceso Time to keep data must be agreedo Throughput data for Service Capacity, transaction data for Business Capacity

Capacity Database is the repository where all collected data is stored. o Data can be centralized, or data kept on platform with only summaries

centralized.o Can contain also service data from SLM process as well as business data

from business plans, technical data from manufacturers and financial data from Financial Management process.

o Should be regularly audited for accuracy. Provide links with other Service Management processes like Availability

Management Plan regular production of Capacity Plan

o Depends on need for input to budgeting cycle, accuracy of business plans and volatility of IT infrastructure

o Its recommendations should be part of the budget planning cycleo Updated at least once a year

5.9 Implementation activities Train staff: wide range of skills necessary to implement monitoring on different

platforms. Establish monitoring and the CDB. Ongoing is required that all monitoring

remains active and that secure copies of the CDB are taken. Business Capacity Management: create series of resource and service utilization

reports for IT management and business with links to SLA’s. Main responsibility is the Capacity Plan

Service Capacity Management: Analyze data from monitoring and if required tune the service performance. Can require Demand Management to influence demand for the service.

Resource Capacity Management: Analyze data from monitoring and if required tune resource performance. Exception reports have to be created for SLM. Tuning

IBM Belgium of 44

should happen under Change Management. Consider new technology where required.

5.10 Capacity Management ActivitiesSame activities are used by any of the 3 sub-processes but with difference in kind of data that is monitored:

Resource Capacity Management: level of utilization of individual components Service Capacity Management: transaction throughput rates and response times of

an IT service. Business Capacity Management: translation of transaction throughput rates to

business volumes (sales invoices raised).

5.10.1 Type of activities

On-going: iterative activities, Demand Management, storage of data in the CDB Ad hoc: Modeling and application sizing Regularly: Production of Capacity plan

5.10.2 Iterative activities

Monitoring in order to ensure optimum use of HW and SW such that agreed service levels can be achieved. Metrics are:

o CPU, memory & file store utilizationo Transactions: per second, response timeo Batch duration profiles

Distinguish availability data and performance data. Thresholds should be set based on analysis of previously recorded data. They should be set below targets in SLA’s to allow for corrective action before SLA is breached.

Analysis of the collected data to identify trends from which normal utilization and service level can be established. Report on exception conditions compared with baseline. Predict future resource usage. Analysis should happen on short-term, medium-term and long-term.

Tuning of configurations to improve performance through:o Balancing workloads or disk traffico Change locking strategy (database, page, table, record, row)o Efficient use of memory

Implementation of tuning activities in the live environment should happen through Change Management to limit implications on the customers of the service

5.10.3 Capacity Database

It is a cornerstone of a successful Capacity Management system. It is the basis of performance and capacity reports to be delivered to management and technical personnel.

All sub-processes use it. It contains business data:

o Number of accountso Number of brancheso Number of calls into call centerso Number of PC’so Anticipated workloads

It contains service datao Transaction response timeso Times for batch jobs to be processed

IBM Belgium of 44

o SLM thresholds It contains technical data

o Limitations of resources (80% CPU, 30% Ethernet) It contains financial data

o Financial planso IT budgetso External supplierso CMDB

It contains utilization data of resources. o Data of current utilization of componentso Lower granularity data on older utilization data of components

Can exist in several physical locations Outputs are:

o Service and component based reportso Exception reporting on capacity & performance for component or service.

Special interest in reporting on items that affect SLA’so Capacity forecasts to predict future growth.

5.10.4 Demand Management

Influence demand for resources and use of it Carried out as short-term solution to a capacity problem (like break down of a

redundant component that was also in use, hence halving capacity) Carried out as longer-term solution if difficult to justify expensive upgrade Exercised through:

o Physical constraints or limiting usageo Financial constraints or charging

Can be carried out by any of the 3 sub-processes.

5.10.5 Modeling

Predict behavior of systems under a given volume and variety of work Can be carried out by any of the 3 sub-processes Done through:

o Trend analysis based on former collected data. Less accurate.o Analytical modeling using mathematical techniques. Used by software

package. Quite accurate but not as accurate as simulation modelingo Simulation modeling of discrete events like transaction arrival rates. Very

time consuming but very accurate.o Baseline model is created that reflects performance that is achieved. Based

on this, predictive modeling can be done.

5.10.6 Application Sizing

Done at the beginning of a new project and is completed when application is accepted in operational environment

Estimate resource requirements to ensure it meets required service levels Takes resilience aspects into account

5.10.7 Production of the Capacity plan

Plan that documents current levels of resource utilization and service performance Takes business strategy and plans, and forecasts future requirements for resources

to support the IT services that underpin business activities. Should occur at pre-defined intervals in line with business life cycle

IBM Belgium of 44

5.11 Reporting & Metrics % of components for which utilization is recorded in the CDB Correct amount of utilization is stored in CDB Recommendations for tuning actions should predict effect and these actions should

be reviewed for success and results documented. SLM is informed of any potential/actual breach of targets in SLA Constraints imposed on demand are with understanding of customers and do not

affect credibility of IT Service provider Regular management reports are produced on time Annual Capacity Plan is produced on time Recommendations on upgrades identified in Capacity Plan are accurate

5.12 Key Performance Indicators

5.12.1 Resource forecasts

Timely production of forecasts of resource requirements Accurate forecasts of trends in resource utilization Incorporation of business plans into Capacity Plan

5.12.2 Technology

Ability to monitor performance and throughput of all services and components where needed

Implementation of new technology in line with business requirements Old technology not resulting in breached SLA’s due to support and/or performance

problems

5.12.3 Cost-effectiveness

Reduction in panic buying No significant over-capacity that isn’t business justified Accurate forecasts of planned expenditure

5.12.4 IT capacity matching business need

Reduction in lost business due to poor performance incidents Reduction in lost business due to inadequate capacity New services implemented matching SLR’s

5.13 Roles & Responsibilities of the Capacity Manager

5.13.1 Role

To manage the CM process and to use business requirements as input in setting up the CM process.


Ensure there is adequate IT capacity to meet required levels of service for the business.

Ensure that senior IT management is correctly advised on how to match capacity and demand.

IBM Belgium of 44

Ensure that use of existing capacity is optimized Advise Service Level Management about appropriate service levels and options

5.13.3 Tasks

Ensure correct level of monitoring of resources is set and that information is recorded in a CDB which is kept up to date and used by the process

Produce capacity plans in line with business planning cycle Produce regular management reports which include usage of resource, trends and

forecasts Size all proposed new systems to determine computer & network resource required Assess new technology and its relevance Carry out performance testing of new systems Report on performance against targets contained in SLA Determine performance levels that are maintainable and cost justified Recommend tuning and make recommendations on system design for optimum use

of all HW and OS SW resources Recommend solutions to performance related incidents and problems Recommend to IT management when to employ Demand management to dampen

customer demands on systems Be presented on the CAB, assessing and authorizing Changes. Ensure that audits are performed in the Capacity Management Process.

5.14 Capacity PlanContains:

5.14.1 Introduction

Explains background to this issue of the capacity plan:o Current levels of capacity of the organizationo Problems and pain points identified due to over- or under-capacity.o Changes since last issue of Capacity Plan

Scope of plan is given (ideally all IT resources). Methods used (how and when information obtained from sub-processes):

o Business forecasts from business planso Workload forecasts from userso Service level forecasts from modeling

5.14.2 Management summary

Highlight main issues, options, recommendations and costs.

5.14.3 Business scenario’s

Put the plan in context of current and future business environment. Mention all known business forecasts so readers can determine what is inside and outside the scope of the plan.

5.14.4 Service summary

Fore each current and recent service provision, provide a service profile, including throughput rates and resulting resource utilization. Trends should be presented.

Service forecasts should be detailed because of new and demised services.

IBM Belgium of 44

5.14.5 Resource summary

Current and recent resource usage should be documented, reporting on trends. Resource forecasts coming from service forecasts.

5.14.6 Options for service improvement

Outlines possible options for improving effectiveness and efficiency of service delivery; upgrading network, consolidating applications, rewriting custom built applications etc.

5.14.7 Cost model

Costs associated with options should be documented. Current and forecasted cost of providing IT services (data generally coming from IT

Financial management).

5.14.8 Recommendations

Summary of recommendations made in previous plan and status. Any new recommendations should be made Recommendations should be quantified in terms of:

o Business benefit to expecto Potential impact in (not) carrying out recommendationso Risks involvedo Resources requiredo Setup cost and ongoing cost

5.15 The Capacity Management Process

5.15.1 The Inputs

External suppliers of new technology Organization’s business strategy & financial plans IT strategy plans and current budgets Incident and Problem management processes with incidents & problems relating to

poor performance SLM process with SLA’s details and SLR’s. Change Management process with FSC’s and need to assess impact on capacity. IT Operations team with schedules of work that is needed to be run.

5.15.2 Sub-processes

Business Capacity Managemento Ensures future business capacity requirements for IT services are

considered, planned & implemented.o Uses existing data on current resource utilization by various services to trend,

model & forecast future requirements: Capacity Plan Service Capacity Management

o Focuses on management of performance of IT services used by customerso Ensures that performance of all services as detailed in SLA’s & SLR’s are

monitored and measuredo Takes action to ensure end-to-end performance meets business

requirements. Resource Capacity Management

o Focuses on management of individual components of the IT infrastructure

IBM Belgium of 44

o Is responsible for monitoring all components within the IT infrastructure.o Takes action to manage the available resources such that the IT services it

supports meet the business requirements.

5.15.3 Outputs

Outputs of Capacity Management are used within: Other parts of Capacity Management:

o Data from Resource CM is used in Service CM, which is in turn used in Business CM

o CDB contains data used by all sub-processes of CM Other Service Management Processes

o CM process verifies SLR’so CM process assists Financial Management

Other parts of the organizationo IT Operations implements any changes that CM may recommendo Capacity Plan is to be acted upon by management of IT service provider and

senior management of organization

5.15.4 Reactive-Proactive

Sometimes it is reactive, sometimes proactive. The more it is proactive, the less it needs to be reactive. Proactive activities will:

Take necessary actions before performance problems occur. Produce trends on current resource utilization and estimate future requirements Model predicted changes in IT services and identifies changes in components to be

made to catch resource utilization changes Ensures upgrades are budgeted, planned and implemented before SLA’s are

breached. Actively seeks to improve service provision

5.15.5 Business Capacity Management objectives

Ensures that future business capacity requirements for IT services are understood and considered and that sufficient capacity to support the services is planned and implemented.

Changes in requirements will happen and will impact the ability to satisfy SLR’s. This must be predicted and handled.

Activities in the sub-process are:o Identify and agree Service level requirements in conjunction with SLM

process. Response times, expected throughput, usage pattern.o Design, procure and configure changes. Sometimes through Change

Managemento Update CMDB and CDB. Information on anticipated throughput, response

times are CI’s in the CMDB. CDB should contain technical data on configuration (processor speed).

o Verify SLA. CM provides SLA with targets that can be monitored. Provides modeling that shows that service design will meet SLA

o Sign SLA. Potentially after renegotiation. After assurance that requirements are achievable

o Go Operational in compliance with SLA. Monitor the systems and provide information to SLM. Pass the work to the Service Capacity Management sub-process

5.15.6 Service Capacity Management objectives

IBM Belgium of 44

Identify and understand IT Services, their resource usage, working patterns, peaks and troughs.

Manage service performance as determined by SLA’s. Once a service is operations SCM is responsible for it. Monitoring on service level is required If capacity issues arise that are not due to over utilization of a component but due to

design, then service performance should be managed. Pro-active rather than re-active.

5.15.7 Resource Capacity Management objectives

Understand utilization of each of the component parts in IT infrastructure Is concerned with resources like CPU, memory, discs, bandwidth Collect resource information on iterative basis Pro-active rather than re-active but sometimes unavoidably re-active. Estimate effects of changes in services on resource usage Understand new technology and how it can support the business Identify resilience inherent to IT infrastructure to avoid failures and how failure will

impact remaining resources on capacity level.

IBM Belgium of 44

6 IT Service Continuity Management

6.1 MissionTo support the Business Continuity Management process by ensuring that the required IT technical and services facilities can be recovered within required and agreed timescales

6.2 Definitions Business Continuity Management (BCM) is concerned with managing risks to

ensure that an organization can continue operating to, at least a predetermined minimum level. The BCM process involves:

o Reducing the risk to an acceptable levelo Planning for recovery of business processes should a disruption to the

business occur IT Service Continuity Management (ITSCM) is a part of the overall BCM process

and is dependent on information derived from it. It focuses on the continuity of IT services to the business. Before it is implemented the minimum business requirements must be determined.

6.3 Scope Focus on ability to restore those IT Services that are required to support the critical

business processes including supporting needs like office locations etc. Requirements of minimal level of business operation are measured through

Business Impact Analysis (financial loss, reputation damage, business process loss).

Analyze and provision for risks in scope. Longer term risks like changes in business direction and such are not in scope. Minor technical faults are covered through Incident management and are not in scope

6.4 Benefits Potential lower insurance premiums because of pro-actively managing down the

business risks Regulatory requirements are followed for some types of industries, and therefore

avoiding fines or loss of trading licenses. Business relationship with the rest of the enterprise is fostered because IT

organization is forced to get a better understanding of the business Positive marketing of contingency capabilities. Effective ITSCM allows

organization to provide high service levels and thus win business Organizational credibility is increased towards customers, business partners and

stakeholders Competitive advantage towards organizations without it. More and more,

customers require it from the IT organization if they want to tender for business

IBM Belgium of 44

6.5 Costs Cost of organization Cost of implementation Cost of HW to recover critical IT services Contracts for off-site storage, recovery centers, recovery systems Cost of implementation of Backup/Recovery strategy taking ITSCM into account Cost of testing recovery plans Cost of maintaining recovery plans

6.6 Problems No senior management commitment during implementation or ongoing phase. No continual review of process, outdating it compared to production environment. BAU pressures focuses management time to the business and ITSCM takes a back

seat.

6.7 Links with other IT Service processes Service Level Management: helps ITSCM understanding the obligations of IT

service delivery. Availability Management: delivers risk reduction measures to maintain business as

usual Configuration Management: provides information on the relationships between CI’s

which are necessary for critical business processes Capacity Management ensures that business requirements are fully supported

through appropriate IT resources. It tells ITSCM the capacity required to recover critical business processes.

Change Management ensures the currency and accuracy of continuity plans through change processes and reviews

Service Desk/Incident Management: when a major service disruption occurs, the Service Desk plays a central communication role.

6.8 Business Continuity Lifecycle activities5 stages:

1. Initiation BCM2. Requirements & Strategy3. Implementation4. Operational Management5. Invocation

6.8.1 Initiation activities

Only way for effective ITSCM is through identification of critical business processes and the associated IT supporting services.

Policy Setting should set out management intention and objectives. To be communicated asap to all members of organization that are involved

Define scope and responsibilities of management and staff in the organization. Tasks like undertaking Risk Assessment, Business Impact Analysis and determination of a Command & Control structure are required to support recovery from a business interruption. Regulatory requirements and compliance with standards has to be taken into account

IBM Belgium of 44

Allocate resources, both in manpower as well as costs. Setting up ITSCM can be costly

Define project organization and control structure to handle the complexity of the ITSCM and BCM projects. An experienced project management and steering committee is required.

Agree project and quality plans that enable the project to be controlled and variances to be addressed.

6.8.2 Requirements analysis and Strategy definition

Provides foundation of ITSCM and will determine how well an organization will survive a disaster. There are 2 sections:

1. Requirements: perform Business Impact Analysis and Risk Assessment2. Strategy: agree risk reduction measures and recovery options

6.8.2.1 Requirements: Business Impact Analysis

Determines how much an organization will lose as a result of a disaster and provide the minimum requirements to support the critical business functions. This requires identifying:

Critical business processes Potential damage that may be caused as a result of a disruption of them. Ongoing damage caused by unavailability of service. An incident becoming a

disaster. Form of damage: additional costs, loss of goodwill, loss of competitive advantage Staffing, skills facilities & services required to enable critical business processes to

continue at minimal acceptable level Time within which minimum levels of critical business process should be recovered Time within which all required business processes should be fully recovered

6.8.2.2 Requirements: Risk Assessment

Identify the likelihood that a disaster will actually occur and thus identify the level of threat and the extent to which an organization is vulnerable to that threat. Appropriate counter measures or risk reduction measures should be identified. This requires:

Identification of Risks like:o Damage or denial of access to premiseso Loss of IT systemso Loss of data or integrity of datao Loss of network serviceso Unavailability of key staffo Loss of service from a partnero Breach of securityo Loss of utilities

Assess threat and vulnerability levels like:o Likely motivation, capability and resources for deliberate service disruptionso Possibilities of accidental service disruptionso Single point of failure in business processeso Assess levels of risk like: low, medium or high

6.8.2.3 Strategy: Risk reduction measures

Based on output of the BIA and RA, Risk Reduction measures will be proposed. This includes:

Backup and recovery strategy including off-site storage Elimination of SPOF’s Use more than one service provider

IBM Belgium of 44

Use of resilient IT systems and networks Greater security controls Improve procedures to reduce probability of errors

6.8.2.4 Strategy: Recovery options

To be considered for: People and accommodation: alternative premises, location of it and mobility of staff IT systems and networks: recovery of HW, SW, networks and data used. Relies on

effective backups and good Availability Management Critical services: like power, telecom, water Critical assets: like paper records and reference material

It should takes short-term recovery and long-term recovery into account.

Options are: Do nothing: not a very good idea Manual workarounds: can be an effective interim measure but mostly not to be

used for more complex business processes Reciprocal arrangements with another organization using similar technology is a

good solution in a batch processing environment, but doesn’t work in a distributed environment

Gradual recovery or cold-standby is good for organization that can wait up to 72 hours for recovery of full IT services. Provision of empty accommodation is foreseen but everything else has to be installed (computer equipment and restoration of data).

Intermediate recovery or warm-standby for recovering IT services within 24 hours. Typically this is through an equipped Disaster-Recovery center where only data needs to be recovered. Disadvantage is the distance and sharing with other customers.

Immediate recovery or hot-standby is for immediate restoration of services and is mostly an extension of the intermediate recovery, where exclusive access to systems is provided. Also a mirroring service can be established with regular data transfers. Times of recovery vary from second to between 2 and 4 hours.

6.8.3 Implementation

6.8.3.1 Organization Planning

Command & Control structure consists of 3 tiers:1. Executive: includes senior management with overall authority within the company

and is responsible for crisis management2. Coordination: one level below and is responsible for coordinating the overall

recovery effort3. Recovery: series of business and service recovery teams representing the critical

business functions grouped by IT service and application

6.8.3.2 Implementation Planning

Plan development is one of the most important parts of the implementation process. Plans are made on different levels:

Highest level: Emergency Response plan, Damage Assessment plan, Salvage plan, Vital Records plan, Crisis Management and Public Relations plan.

Key support functions: Computer systems and Network plan, Security plan, Personnel plan, Finance and Administration plan, Accommodation plan

Business area plan: recovery team and list of actions to take, and dependent service plans.

IBM Belgium of 44

6.8.3.3 Implement Risk Reduction Measures

In conjunction with Availability Management, and reduces risk of outage of critical IT services Installation of UPS and backup power Fault tolerant systems for critical applications Offsite storage and archiving RAID arrays and disk mirroring Spare equipment

6.8.3.4 Implement Stand-By Arrangements

Recovery is based on stand-by arrangements requiring the following actions to be done: Negotiate for third party recovery facilities Prepare and equip stand-by accommodation Purchase and install stand-by computers Negotiate external providers contingency plans and undertake due diligence.

6.8.3.5 Develop IT Service Continuity Management Plans

Enable necessary information for critical systems, services & facilities to be recovered within acceptable period to the business.

Contains also information on dependencies between them, testing required prior to delivery and validation of data integrity.

Also priority of services is communicated.

6.8.3.6 Develop Procedures

All specific procedures to be undertaken should be fully documented so any literate IT person can follow them. They should include:

Installation and testing of hardware and networks Restoration of software and data to common reference point Different time-zone handling Business cut-off points

6.8.3.7 Initial Testing

Critical part of ITSCM process and only way to ensure that selected strategy, stand-by arrangements, etc works in practice.

Initially can be purely technical IT test Subsequently business should be involved to demonstrate capability and aid mutual

understanding Full test will replicate as much as possible the invocation of all stand-by

arrangements. Can be announced or unannounced (the latter requires senior management

approval). Cannot cover reaction of staff in crisis moments where people are dead or injured.

6.8.4 Operational Management

Ensures process is maintained and includes: Education and awareness throughout the organization for service continuity specific

items. Training the non-IT literate recovery team members to provide them the necessary

level of competence Regular Review of all deliverables from the ITSCM process to ensure they remain

current. Is triggered by any major change in IT infrastructure. Testing of the recovery strategy at least annually with changes included. Change control is used to update the ITSCM plans. ITSCM is part of the CAB to

ensure all infrastructure changes are reflected in the contingency arrangements

IBM Belgium of 44

Assurance that the quality of the ITSCM deliverables is acceptable to senior business management and operational management procedures are working good.

6.8.5 Invocation

This is the ultimate test of BCM and ITSCM plans. Should not be taken lightly as costs will be involved and business will be disrupted. Decision is taken by a crisis management team comprising senior business and IT

managers Plans musts be available in home of key members Deadlines should be established after which invocation of BCM and ITSCM happens. Decisions depend on:

o Extent of damage and scope of invocationo Length of disruptiono Time of day/month/year and potential business impact

After resolution, rewarding to staff involved should be considered. Information security should be maintained at a correct level

6.9 Management Structure

6.9.1 Scope

Allow responsibilities for ongoing ITSCM to be clearly defined and allocated Integrate into existing management structures Avoid concentrating responsibility in isolated department Ensure management structure of ITSCM on an ongoing basis resembles the

structure that will control recovery should invocation happen Ensure ITSCM strategy and requirements are integrated with business & IT strategy.

6.9.2 Management responsibilities in ongoing phase

Board: typically IT director. o Sponsors ITSCMo Allocate Resourceso Set policy & strategyo Direct & authorize

Senior Management: day-to-day responsibility for BCM and:o Advises board on ITSCM strategy & policyo Ensures ITSCM is up-to-day and effectiveo Ensures Change control and testing is doneo Owns deliverables relating to their area of expertiseo Communicate and maintain awareness

Junior Management performs day-to-day activities and:o Analyze ITSCMo Define ITSCM deliverableso Contract for serviceso Manage tests, reviews and assurance

Staff & Supervisorso Develop ITSCM deliverableso Perform tests & reviewso Develop and operate procedures

6.9.3 Management responsibilities in invocation phase

IBM Belgium of 44

Board: Crisis Managemento Corporate decisionso External affairs

Senior Management: Coordinationo Direction and arbitrationo Resource authorization

Junior Management: invocation of continuity or recovery mechanismso Team leadershipo Site Managemento Reporting

Supervisors and staff: Task executiono Team membershipo Team and site liaison

6.10 Roles and responsibilities of the ITSCM manager.

6.10.1 Role

Implement and maintain the ITSCM process in accordance with the overall requirements of the BCM process and represent the IT services function within the BCM process.


Develop and manage the ITSCM plan to ensure that the recovery objective of the business can be achieved

Ensure that all IT service areas are prepared to respond to an invocation of the continuity plans

Maintain a comprehensive IT testing schedule Do quality reviews of all procedures and ensure they are in the testing schedule Maintain awareness of ITSCM objectives within the supported business and the IT

services organization Conduct yearly reviews of the continuity plans with the business to ensure they

reflect the business processing environment. Negotiate and manage contracts with providers of third party recovery services Manage IT service delivery after invocation of continuity plans by:

o Coordination with the crisis control teamo Invocation of recovery facilitieso Resource management o Recovery site management

6.10.3 Skills

Senior IT management level Experience in IT Service Continuity Knowledge of Contract Management type Roles. Ability to translate business requirements into technical requirements Good IT technical knowledge to enable quality assurance Ability to communicate with all levels within the organization

6.11 ITSCM Recovery Plan

6.11.1 Introduction

IBM Belgium of 44

This section provides information on content of document.

6.11.2 Recovery Strategy

Gives the systems, services and/or facilities that are covered. Gives the time it will take to recover them. What kind of recovery and up to what level is mentioned. Last time the recovery procedures have been tested for the services in scope.

6.11.3 Invocation

Gives the names of persons authorized to invoke the recovery plans

6.11.4 General Guidance

What to do with information requests from external parties (refer to procedure xxx) What operational escalation procedure to follow when notifying personnel of a

disaster. Record all activities and contact points.

6.11.5 Dependencies

All dependencies for the different IT services in scope should be documented in priority order in referenced documents, so related recovery plans can be identified and invoked.

6.11.6 Recovery team

Names of staff responsible for executing these procedures or ensuring that the procedures are executed, and how to contact them, should be listed.

6.11.7 Recovery Team checklist

List key activities that must be done in a checklist kind of way: Confirm invocation has taken place Initiate call tree and establish recovery team Identify issues and advise Crisis Management Team Arrange for backup media to be shipped to recovery site … initiate recovery actions Advise estimate for system recovery and testing Advise estimate for being ready for user processing

6.11.8 Recovery Procedure

Enter recovery procedures here. Content/format should be in-line with company guidelines. References should be made to supporting documentation.

IBM Belgium of 44

7 Availability Management

7.1 MissionTo understand the availability requirements of the business and to plan, measure and monitor the IT infrastructure and as such, strive continuously to improve the availability of the IT infrastructure, in order to ensure these requirements are consistently met.

3 Guiding principles:1. Availability is at the core of business and end user satisfaction.2. Things will go wrong, but even then Business and End-user satisfaction can be

obtained by the way the unavailability is handled.3. Availability improvement requires the understanding of how technology supports the

business. Both IT service and IT component perspectives are important.

7.2 Definitions Availability: measured by Mean Time Between Failures (MTBF).

o Ability of an IT service/component to perform its required function at a stated instant, or over a stated period of time.

o Underpinned by reliability, maintainability, serviceability and resilience of the IT infrastructure

Reliability: measured by Mean Time Between System Incidents (MTBSI)o Ability to work without operational failureo Depends on the probability of failure of each component, the resilience built in

the IT infrastructure and the preventive maintenance applied to avoid a failure to occur.

Maintainability: measured by the Mean Time To Repair (MTTR)o Ability to be retained or restored to an operational stateo Depends on anticipation, detection, diagnosing, resolving, recovery from

failures and restoration of data and IT service. Serviceability: cannot be measured as a specific metric.

o Ability to maintain the Availability, Reliability and Maintainability provided by the contractual agreements with the IT service providers

Resilience: or Fault Toleranceo Ability of an IT Service to remain operational in spite of malfunction by one or

more subcomponents. Vital Business Function (VBF): reflects the business critical elements of the

business process supported by an IT Service. E.g. dispensing cash by an ATM.

7.3 Scope AM should be applied to al new IT services and for existing services where SLR’s

and SLA’s have been established Suppliers of services for which SLA’s exist should have AM applied to AM will consider all aspects of IT infrastructure and supporting organization which

may impacts availability, including policy, training, skills, procedures and tools. AM is not responsible for BCM and/or ITSCM, but it provides input to that process.

IBM Belgium of 44

7.4 Benefits IT Services with an availability requirement are designed, implemented and managed

to consistently meet that target. Improvement of capability of the IT infrastructure to attain the required levels of

availability to support the critical business processes. Improvement of customer satisfaction and recognition that availability is the prime IT

deliverable. Reduction in frequency and duration of Incidents that impact IT availability. Single point for availability is established within the IT organization (process owner) Levels of IT availability provided are cost justified and support fully SLA’s Shortcomings in provision of availability are recognized and coped with in a formal

way. Mindsets moves from error correction to service enhancement. From reactive to pro-

active attitude.

7.5 Costs Staff costs associated with process owner role Accommodation costs Process deployment costs Support tools for monitoring and reporting

7.6 Problems Availability is seen as a shared responsibility so the costs are not justified to appoint

a single individual as accountable for availability, as well as given this individual authority over all IT support organization concerning availability.

Difficulty how AM can make a difference if there are already Incident, Problem and Change management processes deployed.

Failure to delegate authority to enable process owner for AM to influence all areas of IT support organization

Lack of available resources with the required skills Lack of specific AM tools to underpin and support the process Lack of existing service management processes that provide a key input to AM, like

SLM, Conf Mgmt and Problem Management

7.7 Links with other processes Service Level Management: AM provides assessment of Availability that can be

delivered for a new IT Service. This will enable SLA’s to be agreed. Details of the SLA will be given to AM that will enable appropriate availability measurements and reporting to be instigated.

IT Service Continuity Management: BIA providing VBF’s that are dependent on IT Services is input to the AM process. AM will provide availability and recovery design criteria to maintain BAU.

IT Financial Management: AM will provide the cost of non-availability of IT Services to cost justify improvements defined in the Availability Plan. ITFM will provide costs associated with proposed upgrades to the IT infrastructure to deliver increased levels of availability.

Capacity Management: AM will provide a Component Failure Impact Analysis (CFIA) to tell where additional resilience will be built in. CM provides the Capacity

IBM Belgium of 44

Plan detailing how capacity requirements coming with the additional resilience can be met.

Change Management: AM will provide details of the planned maintenance like duration, impact and frequency. Change Management will provide a schedule of planned maintenance activities with times and impacted IT Services.

Incident/Problem Management: AM will provide details on root cause and measures to be taken to remove the errors in the IT Service availability. IM/PM provide data that can be analyzed to see where problems with availability occur.

7.8 Process & Activities

7.8.1 Inputs

Availability, Reliability and Maintainability requirements of the business for new or enhanced IT Services.

Business Impact Assessment (BIA) for each Vital Business Function underpinned by the IT Infrastructure.

Information on IT service and component failures coming from Incidents and Problems.

Configuration and monitoring data SLA achievements

7.8.2 Outputs

Availability and recovery design criteria for new or enhanced IT Services Availability techniques that will be deployed to provide additional infrastructure

resilience Availability reporting to reflect the business, IT support and end user perspectives Monitoring requirement for IT components that allow the detection of deviations in

Availability Availability Plan for the pro-active improvement of IT infrastructure availability

7.8.3 activities

Determine the availability requirements from the business for new or enhanced IT Services and formulate the design criteria to meet them.

Determine together with ITSCM the VBF’s and impact of IT component failure. Review, if necessary the availability design criteria.

Define targets for Availability, Reliability and Maintainability for the IT infrastructure components underpinning the IT Service, that can be used within SLA’s, OLA’s and UC’s.

Implement measures and reporting of A, R & M that reflect business, IT support and end user perspectives.

Perform monitoring and trend analysis of the A, R & M of IT components Investigate root cause of unacceptable unavailability Production and maintenance of an Availability Plan, prioritizing and planning IT

availability improvements.

7.9 Reporting3 perspectives:

1. IT Support organization: mainly IT component availability with regard to Availability, Reliability and Maintainability

IBM Belgium of 44

2. End User: Frequency, duration and impact of unavailability. Also IT Service availability in terms of response times.

3. Business: contribution or impact on the VBF that drive the business operation.

7.9.1 IT Availability reporting measures

Classical measurements % Availability: emphasizes big numbers 95% or 96% is not a big difference % Unavailability: creates awareness: 4% or 5% is a big difference (20%). Duration of unavailability in hours: more human measure. Frequency of failure: good indication for reliability for end user.

Problems: Fails to reflect IT availability as experienced by end user Conceal ‘hot spots’. Generally good availability, except when it really counts e.g. Does not support continuous improvement

7.9.2 End user availability reporting measures

Impact by end user minutes lost: duration of downtime x number of users impacted Impact by business transaction: number of business transactions that could not be

processed during downtime.

7.9.3 Business availability reporting measures

Measuring VBF’s availability Report on consequence of IT Availability on the vital business function. E.g number

of customer orders that cannot be fulfilled if IT Service down. Report on the application services required to run business operations Report on data availability essential to support the business function (e.g. batches

terminated to provide new ‘start of day’ position). Report on A,R & M of key IT infrastructure components required to support the

business Report on platform that in the end supports the critical business applications

7.10 Roles & Responsibilities of the Availability Manager

7.10.1 Role

Define and deploy the AM process and be accountable for execution and compliance of the process

Ensure that IT services are designed to deliver the required levels of availability Provide a range of IT Availability reporting to ensure the agreed levels of A, R & M

are met Optimize availability in a cost effective way leading to tangible benefits to business

and end user Achieve reduction in frequency and duration of Incidents impacting IT availability over

a period of time Ensure shortfalls in IT availability are recognized and that appropriate actions are

taken. Create and maintain an Availability Plan aiming to improve overall availability of IT

Services


IBM Belgium of 44

To be accountable for the deployment of AM process To be responsible that the AM process is regularly reviewed and the techniques are

continuously improved To be responsible for determining the availability requirements from the business for

new and enhanced IT services To be responsible for the creation of availability and recovery design criteria that will

be applied to new or enhanced infrastructure design To be responsible that the levels of IT Availability are cost justified. To be responsible for measurements and reporting that reflects business, end user

and IT support organization requirements To be responsible for the creation and maintenance of an Availability plan To promote AM awareness

7.11 Tools & Techniques Component Failure Impact Analysis (CFIA): predict & evaluate impact on IT

services arising by the failure of a component in the IT infrastructure. To be used to determine where additional resilience is required.

Fault Tree Analysis (FTA): Determines the chain of events that causes a disruption to IT Services. Used to calculate models of availability. Uses concepts like:

o Basic events: power failure, operator erroro Resulting events: failure of IT service or intermediate componento Conditional events: happens only when certain conditions are met

(temperature too high)o Trigger events: events that trigger other events e.g. power failure detection

triggers automatic shutdown. CCTA Risk Analysis and Management Method (CRAMM): identify new risks and

provide appropriate counter measures Systems Outage Analysis: structured approach to identify underlying causes of

service interruption.o Select opportunityo Scope assignmento Plan assignmento Build hypothesiso Analyze datao Interview key personnelo Findings & conclusionso Recommendationso Reporto Build programo validation

Expanded Incident Lifecycle: break down the total IT Service downtime for any incident and map this against the lifecycle that all incidents go through. Provides information where ‘time is lost’

Continuous improvement: helps IT organization recognize where they can add value by exploiting technical skills in an availability context.

Technical Observation Post (TOP): gathering of technical support staff to focus on specific aspects of IT availability. Monitor real time events and identify improvement opportunities.

7.12 The Availability Plan

IBM Belgium of 44

Structures and aggregates the wide range of initiatives that will be undertaken to improve availability. It should cover:

Actual levels of availability vs. agreed levels of availability for key IT Services. Activities that are progressed to address shortfalls in availability for existing IT

Services. Costs and benefits analysis included where necessary Details of changing availability requirements for existing IT Services and options

to meet the changed requirements. Costs and benefits analysis included where necessary.

Details of availability requirements for new IT Services, and options to meet these requirements. Costs and benefits analysis included where necessary.

Reviews of SOA assignments to ensure infrastructure availability is proactively improved.

Technology futures section with indication of potential benefits and exploitation opportunities.

Outlook for the coming 2 years with detailed information for the coming 6 months. It is complementary to the capacity plan.

IBM Belgium of 44

ITIL Summary Service Delivery.doc.doc

Technology

Transcript of ITIL Summary Service Delivery.doc.doc