ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

1

ITIL: What is it?How does ITIL link to COBIT

and ISO 17799?

2

The IT Infrastructure Library A set of books comprising an IT service

management Best Practices framework An industry of products, services, and

organizations Unique: consistent, comprehensive, non-

proprietary Created by and for the British

government, later expanded for use in all organizations

Gives a detailed description of important IT practices, with comprehensive checklists, tasks, procedures and responsibilities. And can be tailored to any IT organization.

What is ITIL?

http://www.isaca.org/template.cfm?section=about_isaca

3

Create a set of comprehensive, consistent and coherent codes of Best Practice for quality IT service management, promoting business effectiveness in the use of IT

Encourage the private sector to develop services and products (training, consultancy and tools) that support ITIL®

Provide an approach based on the best examples taken from practice

ITIL Objectives


4

Codes of practice for Quality management of IT Services and Infrastructure

ITIL® has its own definition for key terms

Quality means “matched to business needs and user requirements as these evolve"

ITIL defined !


5

Why use ITIL®?

IT service providers use ITIL® concepts and practices to:

Increase satisfaction of customers / users with IT services

Enhance communication with customers Achieve higher reliability in mission-critical

systems and infrastructure Improve the cost/benefit of services Create a “common sense” among staff


6

ITIL is easy


7

ITIL, not just tools & processes

Culture, Attitudes

Beliefs & Skills

Infrastructure (Technology &

Tools)

Service Support &

Service Delivery

StrategySteeringDirection

Integration

Process Products

People


8

The Office of Government Commerce created ITIL® in the late 1980’s; still own it today.

The National Exam Institute for Informatics (Netherlands). Current ITIL ® examination caretakers. Contracted in 1995 by the OGC to maintain and develop ITIL®. In 2004, the OGC transferred the responsibility of managing EXIN to the itSMF.

Who Made & Maintains ITIL®?


9

The Information Systems Examination Board (UK). Part of the British Computer Society.

The National Exam Institute for Informatics (Netherlands). Contracted since 1995 to maintain ITIL‘s examination and certification process. Loyalist College in Canada

Loyalist and Prometric (Sylvan) in the USA

Certifying Bodies


http://www.bcs.org.uk/iseb/index.html

10

EXIN and ISEB provide certification testing at Foundation, Practitioner, and Manager levels

Training is typically 2-3 days for Foundation, 2-3 days for Practitioner, 10 days for Manager

Deeper understanding of all eleven ITIL® service management modules

Service Manager

Deep understanding of one of the ITIL® service management modulesPractitioner

Basic understanding of all eleven ITIL® service management modulesFoundation

ITIL® Certification & Training


11

ITIL - 7 Core volumes


12


The Business Perspective Covers a range of issues concerned with understanding and

improving IT service provision, as an integral part of an overall business requirement for high quality IS management.

Planning to Implement Service Management Discusses the key issues of planning and implementing IT service

management. It explains the steps required for implementation and improvement

of IT service delivery.


13


Information & Communications Technology (ICT) Infrastructure Management Covers all aspects of ICT infrastructure from the identification of

business requirements through the tendering process, to the testing, installation, deployment, and ongoing support and maintenance of the ICT components and IT services. Network Service Management Operations Management Management of Local Processors Computer Installation and Acceptance Systems Management.

Applications Management Discusses software development using a life cycle approach and

expands on the issues of business change with emphasis on clear requirements definition and implementation of solutions to meet business needs.


14


Security Management Details the process of planning and managing a defined level of

security on information and ICT services, including all aspects associated with the reaction to security incidents.

Service Support Is concerned with ensuring that the Customer has access to the

appropriate services to support the business functions. Service Delivery

Looks at what service the business requires of the provider in order to provide adequate support to the business Users.


15

Service Support


16

Service Delivery


17

Service Desk

Service LevelManagement

CapacityManagement

IT Service ContinuityManagement

FinancialManagement

AvailabilityManagement Service

Delivery

ChangeManagement

ProblemManagement

ConfigurationManagement

ReleaseManagement

IncidentManagement Service

Support

Service Desk


18

Service Desk Goals

To support business activities and drive service improvement

To be primary point of contact To manage the Incident

lifecycle To manage service requests To maintain ownership of a

User Incident through to completion


19

To provide a single point of contact for Customers

To be a Customer interface for IT To improve incident response

performance Improving service levels To facilitate the restoration of

normal operational service, quickly as possible, with minimal business impact on the Customer within agreed service levels and business priorities

Service Desk Objectives


20

Incident Management


CapacityManagement


FinancialManagement

AvailabilityManagement Service

Delivery

ChangeManagement

ProblemManagement


ReleaseManagementService

Support

Service Desk

IncidentManagement


21

Incident Management Goals

Restore normal service operation as quickly as possible within Service Level Agreements (SLA) limits

Minimize the adverse impact on business operations

Ensuring that the best possible levels of service quality and availability are maintained

Maintain and apply a consistent approach to managing Incidents


22

Return to the normal service level as defined in the Service Level Agreement as soon as possible with the smallest possible impact on the

business activities Keep effective records of incidents to:

measure and improve the process Provide appropriate information to other

services management processes Report on incident progress

Incident Management Objectives


23

Problem Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement


AvailabilityManagement

Service Desk


24

Problem Management Goals

Stabilize IT services through: Minimizing the consequences of incidents

by identifying trusted quick fixes Identifying and removing the root causes

of potential incidents Identifying and managing Known Errors

To improve the quality of services delivered to customers by reducing the number of preventable service disruptions


25

To reduce both the number and severity of Incidents and Problems on the business that are caused by errors within the IT Infrastructure.

Problem Management Objectives

What’s causing

these Incidents?


26

Incident Management Cycle

ChangeRequest

KnownError ProblemIncident

Event Progression

ProblemService Desk Management ChangeManagement

Resolution Resolution Resolution

Problem Control

ProblemsKnown Error from Release Management

Error ControlIncident Control


27

Change Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


28

Change Management Goals

Ensure that standardized methods and procedures are used for efficient and prompt handling of all Changes

Minimize the impact of Change-related incidents upon service quality

Improve the day-to-day operations of the organization

Maintain a balance between the need for change against the impact of change


29

Standard methods and procedures are used

Changes be dealt with quickly, with the lowest impact on service quality

All changes are traceable

Change Management Objectives

“Change is good, donkey!!”


30

Release Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


31

Release Management Goals

Plan and oversee the successful rollout of software and related hardware

Ensure that hardware and software being changed is traceable, secure and that only correct, authorised and tested versions are installed

Communicate and manage expectations of the customer during the planning and rollout of new releases

Agree on the exact content and rollout plan for the release, through liaison with Change Management

Implement new software releases or hardware into the operational environment using the controlling processes of Configuration Management (CIs) and Change Management


32

Safeguard all software, hardware & related items

Ensure that only tested / correct versions of authorized software and hardware are in use

Right software / hardware, right time, right place

Redundant hardware, software identified for Request For Change

Release Management Objectives

Protect the live environment & its services !


33

Configuration Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


34

Configuration Management Goals

To enable control of the infrastructure and services by monitoring, maintaining and verifying information on: All resources needed to deliver services Configuration Item status and history Configuration Item relationships

Provide accurate information on the IT infrastructure for all the other Service Management processes & IT Management

To assist with impact assessment of proposed changes

Verify the configuration records against the infrastructure and correct any exceptions


35

Keeping reliable records of details of IT Assets and services provided by the organization All Resources needed to deliver

Services Configuration Items (CI) Status and

History Configuration Item Relationships

Providing accurate information and documentation to support the other Service Management processes

Configuration Management Objectives

Do I get stored in

the CMDB?


36

Service Relationship

RelatedIncidents

RelatedProblems

RelatedChanges

OperationalState

- Current- Historical

CapacityManagement

SLAManagement

Incident Management


ChangeManagement

ProblemManagement

Configuration items

Inventory

Asset Financial & Contract

Physical AttributesHW-SW Asset statusStockroomsLocations

LicenseCost

Invoice Reconciliation

CapitalizationChargeback Info. WarrantyVendor Information

LeaseContract

Capacity- Current

- HistoricalAvailability


IT Service Continuity

ManagementRelease

Management

Total Cost of Ownership

IT Financial Management

DepreciationTCO

Lease mgmtVendor mgmt

SW licence mgmtWarranty mgmtContract mgmt

Service chargebacks

Configuration Management Database (CMDB)Complete record of all CI’s associated with the IT infrastructure: versions, location, documentation, components, services and the relationships between them

HW, SW, Network, Documents, people, organization

Relationships : Peer-to-peer, parent-child, free-form relations Product catalogueService catalogue

CGI Integrated IT Service Management

ERPFinancial

ProcurementHR

System mgmtRemote access

Auto-discovery toolAuto-recovery tool

MonitoringMetering (HW-SW usage)

DSLDefinitive Software LibraryDHL: Definitive Hardware library

CI relationships include the usage, the ownership, the service relationships, etc.

Identifies, records, controls and reports on IT components.

-Standard/Basic change (pre-approved): IMAC, - Urgent change, Planned change

Containment Hierarchy


37

Service Level Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


38

Service Level Management Goals

Maintain and improve IT Service quality

Constant cycle of agreeing, monitoring and reporting upon IT service achievements

Instigation of actions to eradicate poor service - in line with business or cost justification.

Better relationship between IT and its Customers


39

Ensures that the IT services required by the customer are continuously maintained and improved

Achieved by agreeing, monitoring and reporting the performance of the IT organization

Service Level Management Objectives


40

Availability Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


41

Availability Management Goals

To understand the availability requirements of the business and to plan, measure, monitor and continuously strive to improve the availability of the IT infrastructure, services and supporting organization to ensure these requirements are met consistently

To enable the business to satisfy its business objectives by: Optimizing the capability of the IT

infrastructure, services and supporting organization

Delivering a cost-effective and sustained level of availability


42

Ensure IT services are designed to deliver the levels of availability required by the business

Provide a range of IT availability reporting to ensure that agreed levels of availability, reliability and maintainability are measured and monitored on an ongoing basis

Optimize the availability of the IT infrastructure to deliver cost effective improvements that deliver tangible benefits to the business & user

Achieve over a period of time a reduction in the frequency and duration of incidents that impact IT availability

Availability Management Objectives


43

Capacity Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


44

Capacity Management Goals

To determine the right, cost justifiable, capacity of IT resources

To understand the business requirements, current operations and IT infrastructure to ensure that the current and future capacity and performance aspects of the business are provided cost-effectively

To understand the potential for improved service design and delivery


45

Consistently provide the required IT resources: At the right time At the right cost Aligned with the current and future

business requirements Need to understand the expected

business developments affecting customers and anticipate technical developments

Important role in determining returns on investment and cost justification

Capacity Management Objectives


46

Financial Management for IT Services

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


47

Financial Management Goals

To provide cost-effective stewardship of any of the organization’s IT asset or resources used to deliver IT services

To be able to account fully for IT service expenditures

To attribute these costs to the services delivered to Customers and determine whether value for money is being obtained

To assist management decisions on IT investment by providing detailed business cases for changes to IT services


48

Assist the internal IT organization with the cost-effective management of IT resources required for the provision of IT services

Break down the IT service costs, and associate them with IT services

Support management decisions with respect to IT investments

Encourage the cost aware use of IT facilities

Financial Management Objectives


49

IT Service Continuity Management

ServiceSupport

ServiceDelivery


ProblemManagement

ReleaseManagement

ChangeManagement

IncidentManagement


FinancialManagement

CapacityManagement



Service Desk


50

IT Service Continuity Management Goals

To support overall Business Continuity Management

To improve the chance of business survival by: Reducing the service vulnerability and risk

to the business Reducing the impact of a disaster or

major failure Maintaining a pre-determined level of

service in the event of a disaster

To preserve high customer and user confidence


51

Support the overall Business Continuity Management by ensuring that the required IT infrastructure and IT services can be restored within specified time limits after a disaster.

IT Service Continuity Management Objectives


52

COBIT & How does it map to ITIL

53

Control Objectives for Information and Related Technology (COBIT)

Sponsor: Information Systems Audit and Control Association and the IT Governance Institute

What it is: An audit-oriented set of guidelines for IT processes, practices and controls. Geared to risk reduction, focusing on integrity, reliability and security. Addresses four domains: planning and organization, acquisition and implementation, delivery and support, and monitoring. Has six maturity levels, similar to CMM's.

Strengths: Good checklists for IT. Enables IT to address risks not explicitly addressed by other frameworks and to pass audits. Can work well with other frameworks, especially ITIL.

Limitations: Says what to do but not how to do it. Doesn't deal directly with software development or IT services. Doesn't provide road map for continuous process improvement.


54

COBIT & ITIL Mappings

PLANNING & ORGANISATION

Quality Management for IT Services (CCTA Quality Management Library)

11. Manage Quality

10. Manage Projects

9. Assess Risks

8. Ensure Compliance with External Requirements

7. Manage Human Resources

6. Communicate Management Aims and Direction

Financial Management5. Manage the Investment in Information Technology

IT Services Organization4. Define the IT Organization and Relationships

Determine the Technology Direction3. Determine the Technology Direction

Security Management2. Define the Information Architecture

Planning & control for IT Services1. Define a Strategic Information Technology Plan

ITILCOBIT


55


ACQUISITION & IMPLEMENTATION

Capacity Management; Change Management; Security Management

5. Install and Accredit Systems

4. Develop and Maintain Information Technology Procedures

Problem Management; Security Management; Change Management

3. Acquire and Maintain Technology Architecture

Change Management, Availability Management

2. Acquire and Maintain Application Software

Service Level Management; Change Management; Security Management; Release Management

1. Identify Solutions

ITILCOBIT


56


DELIVERY & SUPPORT

13. Manage Operations

12. Manage Facilities

Capacity Management, Release Management, Availability Management; Contingency Planning

11. Manage Data

Problem Management10. Manage Problems and Incident

Configuration Management9. Manage the Configuration

Incident Management (Service Desk)8. Assisting and Advising Information Technology Customers

Customer Liaison7. Educate and Train Users

Financial Management6. Identify and Allocate Costs

Security Management5. Ensure Systems Security

Availability Management, Contingency Planning4. Ensure Continuous Service

Capacity Management3. Manage Performance and Capacity

Service Level Management2. Manage Third-Party Services

Service Level Management1. Define Service Levels

ITILCOBIT


57


MONITORING

4. Provide for Independent Audit

3. Obtain Independent Assurance

2. Obtain Independent Assurance

1. Monitor the ProcessITILCOBIT


58

ISO17799 & How does it map to ITIL

59

ISO17799

Sponsor: British Standards Institution What it is: ISO/IEC 17799:2000 provides information to

responsible parties for implementing information security within an organisation. It can be seen as a basis for developing security standards and management practices within an organisation to improve reliability on information security in inter-organisational relationships.


60

ISO17799 & ITIL Mappings

IT Service Continuity Management Business Continuity Management (BCM)

Configuration ManagementAsset Classification and Control

Security ManagementSecurity Organization

Security ManagementPersonnel Security

Security ManagementComplianceSecurity ManagementPhysical and Environmental Security

Application ManagementSystem Development and Maintenance

ICT Infrastructure ManagementComputer & Operations Management

Security ManagementSystem Access Control

ITILISO17799


61

itSMF

62

The IT Service Management Forum. The independent forum for ITIL® users, formed in 1991.

Promotes exchange of information and experience to assist IT organizations in managing the delivery of IT services.

Chapters in the UK, Netherlands, Belgium, Germany/Austria/Switzerland, Canada, South Africa, the USA and Australia.

A major influencer and contributor to Industry Best Practice and Standards worldwide.

IT Service Management Forum


63

CGI

64

About CGI

CGI is the 8th largest independent IT services firm in the world

We combine industry expertise, end-to-end services and global delivery capabilities to deliver cost-effective solutions that help clients win and grow


65

CGI Contact

Steve Worth Senior Consultant ITSM / ITIL Centre of Excellence CGI Email - [email protected]


66

Thank You!

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

Documents

Transcript of ITIL: What is it? How does ITIL link to COBIT and ISO 17799?