ITIL Essentials (Foundation) Course Overview

Oct03-23-05
14, 2006
ITIL Essentials (Foundation) Course
Aroonrat Chinwonno
Sakul Tunboonek
page 1
What is ITIL ?
ITIL (Information Technology Infrastructure Library) is
- Documentation for IT Server Management Best Practice
- Framework for any IT organization to develop its support model
ITIL is NOT a technology specific
ITIL has been well established in UK and Europe, and was used as a
groundwork in developing BS15000/ISO20000*
BS15000/ISO20000 is (the first) worldwide standard for IT service management
ITIL recommends “ADOPT AND ADAPT” approach
ITIL Essentials (Foundations) Oct 14, 2006 page 2

What companies ADOPT and ADAPT ITIL ?
Microsoft “ADOPT and ADAPT” ITIL into its Microsoft’s Operations Framework (MOF)
HP “ADOPT and ADAPT” ITIL into its HP’s IT Service Management Reference Model
In US, implementing of ITIL provides an acceptable structure to meet many of

Sarbanes-Oxley Act audit requirements
Many companies are now regularly requesting ITIL compliance in bids and requests for
service improvement
Forrester Research reports that 13% of corporations with revenue exceeding $1 billion
had adopted ITIL by the end of 2005. By late 2006, that will have expanded to 40%,
then to as high as 80% by 2008.

What ITIL can mean to us ?
• Understand what ITIL is
• What are the (ITM Objectives) we want to implement ITIL
To reduce unexpected system downtime - Implement Change Mgnt to ensure that

system changes are properly plan
- Implement Incident Mgnt to ensure
minimum business impact
- Implement Problem Mgnt to develop
known error database
To increase user satisfaction level - Implement Service Desk SPOC with SLA ,
and metric
To find more time to do IT planning - Implement ITIL as a whole
(80/20), Difficult to get control - Each module is able to be measured*
You cannot control what you cannot measure.
• However the ultimate is to serve the Corporate Business goals (CEO) to

– Increase efficiency and create value to Business
– Reduce cost

ITIL Elements
• Service Support concentrates on day to day operation and support
• Service Delivery looks at planning and improvement of IT service
Service Support Service Delivery
Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt
Release Mgnt Security Mgnt

Standard Definitions
Customer: recipient of a service; usually Customer

management has responsibility for the funding of the service
Provider: the unit responsibility for the provision of IT

services
Supplier : a 3rd party responsible for supplying or supporting of

underpinning elements of the IT services
User: the person using the service on a daily basis

What
questions
do you
have?
Oct03-23-05
14, 2006
ITIL Essentials (Foundations) Course
First Part: Service Support
page 8
Service Delivery Agenda

Service Desk SLM

Oct03-23-05
14, 2006
Service Desk
page 10
Service Desk - Roles
• ITIL views Service Desk as a Vital function rather than as a

process
• Service Desk is the “Central Point of Contact” between users

and the IT service model
• A first positive or negative impression is perceived upon Service

Desk performance and attitude
• Service Desk in ITIL is more than just a Helpdesk. Service Desk

has broader role of the front line support – with more
organizations looking to radically increase the percentage of
calls closed at first point of contact – FIXED ON FIRST -

Service Desk - Responsibilities
• Receive and Record all calls from Users (a ticket created);
deal directly with simple requests and complaints
- Incident calls
- Service requests
- IT service information, FAQ such as how to order
equipment, how to request a software installation
• Provide initial assessment of all incidents; make first

attempt at Incident resolution and/or escalate to 2nd level
support, based on agreed SLA
• Once escalated, monitor the tickets according to SLA

and Keep users informed on the status and progress

Service Desk - Responsibilities
• Produce Service Desk Management reports
• Highlighting user requirements such as training to assist

with service improvement
• Perform basic operational functions such as password

resets, backup and restore
• Perform Infrastructure monitoring such as Data Center

environmental check, System backup status, Server-LAN-
WAN status (receiving alerts from automated tools)

Service Desk - Tools
• Remedy (BMC), Tivoli (IBM), Openview (HP)

• Knowledge base
• ACD (Automated Call Distribution)
• IVR (Interactive Voice Response)

Service Desk - Types
• Local Service Desk

- Distributed Service Desk on each site
• Central Service Desk

- Centralized, or Regional Helpdesk
• Virtual Service Desk

- Global, Follow the Sun concept

What
questions
do you
have?
Oct03-23-05
14, 2006
Incident Management
page 17
Incident Management
Purpose:
• To restore normal service operation as quickly as possible
with minimal disruption to the business
Definition:
• Incident is an event which is not part of standard operation
service and cause interruption or reduction in quality of
service
Incident Management process is usually owned by Service Desk

,and later can transferred to Incident Manager (IM)

Incident Management
Incident Priorities: ITIL defines
Priority = Urgency + Impact
Urgency = How soon the problem needs resolution

Impact = How many or how large business service is effected
Priority in many practical term is called “Severity”

Incident Management – Severity Level
<<Company Name>>Incident Severity Definition:
* Incident Manager (IM) should be identified and

on board to take over the Sev1 and/or Sev2 incidents

Incident Management – Incident Manager
IM’s roles
– Arrange a formal meeting of “Support Group” which are
usually Problem Management, and Service Desk teams
– Make common understanding of this incident management
objectives:
• To restore the service ASAP (also communicate SLA)
• To minimize the business disruption (consider workaround)
– Arrange any additional resources if required
– Be a communicator between “Support Group” and the
“Customer”, so that the “Support Group” do not receive
mixed directions

Incident Management - Escalation
There are 2 types of escalation:

• Functional escalation – involving more specialist to help
• Hierarchical escalation – means a vertical move is made
through the organization because the authority are required

What
questions
do you
have?
Oct03-23-05
14, 2006
Problem Management
page 24
Problem Management
Purpose:
- To minimize the adverse effect on the business of Incidents and
problems cause by error in the infrastructure
- To proactively prevent the occurrence of incidents and problems
Role:
- To diagnose the root cause of the incidents and to identify a
permanent solution
Definition:
Incident is an abnormal event which cause interrupt or impact
Problem is an Unknown underlying cause of the incident
Known Error is an problem which root cause has been determined

Problem Management - Definition
Error in Infrastructure
Incident
is an abnormal event which cause interrupt or impact
Problem:
A problem describes an undesirable situation, indicating the unknown root cause of the Incident
Known Error
A known error is a problem whose root cause has been determined
Request for Change (RFC)

An RFC proposes a change. Eg. To eliminate the known error

Problem Management – Responsibilities
• Identify problems
• Investigate problems to resolution or error identification
• Raise RFC to clear error
• Advise IM of workaround for incidents for known errors
• Assist in Major incident to identify root cause
• Prevent the replication of problems across multiple system

Problem Management
• Problem Control – Focus on transforming Problems into

Known Error
• Error Control – Focus on resolving Known errors via the

Change Management process
Incident Configuration Service Level Availability

Management Management Management Management
Information
Problem Management
Workaround Problem Control -> Error Control
RFC
Change
Management

What
questions
do you
have?
Oct03-23-05
14, 2006
Configuration Management
page 30
• Asset Management
• Assurance the recorded CIs (Configuration Item) from
receipt to disposal
• Not only Asset Management but also provide relationship
among CIs
CMDB (Configuration Management Database)
is a single repository of information will be accessed across

the Service Management process, and is a major driver of
consistency between processes

Remedy ITSM 6.0

- Remedy Helpdesk 5.6
- Remedy Asset Management 5.6
- Remedy Change Management 5.6
- Remedy SLA 5.6
BMC Atrium 6.3 = CDMB

Configuration Baseline
is a configuration of a system established at a specific point in
time, and capturing both structure and details
- Created first time as a baseline

- Updated of CIs affected as changed by RFC
- Use as a point to fall back to if things go wrong

Configuration Management – Relationship with others
ERROR
INCIDENT
PROBLEM
KNOWN ERROR
CDMB
RFC
CHANGE
AUTHORIZED
CHANGE
IMPLEMENTED

What
questions
do you
have?
Oct03-23-05
14, 2006
Change Management
page 36
Change Management
Purpose
To ensure that standardize method and procedure are used
to handle all changes in order to minimize the impact of
change-related incidents, and the improve the day-to-day
operation of the organizations
Input of RFC
- Required resolution of an incident or problem
- A proposed to add/change/remove a CI
- A proposed to upgrade the infrastructure
- Changes in business requirement or Policy
- Product or service changes from vendors/suppliers

Change Management - Roles
• Change Manager Roles
– Receive, Log, Assign priority to RFCs
– Reject RFCs which are impractical
– Consolidate, issue agenda of RFCs to CAB
– Chair CAB meeting
– Update authorized change status (post implementation)
– Produce Change Management report
• CAB (Change Advisory Board) Roles

– Review RFCs, ensure to evaluate of RFCs’ impact,
implementation plan, resource plan, UAT, and Rollback plan
– Provide approval or not approval for the RFCs

Change Management - Types
• Standard pre-approved Changes

– An accepted solution to an identifiable and relatively common
set of requirements, where authority is effectively in advance
of implementation. E.g. setting up access profiles for a new
employee
• Urgent Changes
– A change that requires immediate action in the managed IT
environment and cannot be executed through the normal
change/authorization process
– Most of urgent changes are reactive changes E.g. Urgent RFCs
from Problem Management to fix error (during the incidents)
IT organization should also identify process to handle such

urgent change such as who can be CAB to approve the urgent
changes, a minimum steps qualifying to approve such urgent
changes

Change Management – Abuse of Urgent change
Do NOT request Urgent Change for …
– Would be nice to have completed early

– Was accidentally submitted too late for the CAB
– Attempting to avoid all of the planning processes
– To compensate for poor planning
Note: An Urgent Change should be avoided if possible and used only when
required. Urgent Changes skip the normal planning and communication process,
many urgent changes request for approval over the telephone. Approval of the
RFCs in such situation can cause instability in the production environment.

What
questions
do you
have?
Oct03-23-05
14, 2006
Release Management
page 42
Release Management - Purpose
To take a holistic view of a change to an IT service and

ensure that all aspects of a release, both technical and
non-technical, are considered together.
•PROTECTS THE PRODUCTION

ENVIRONMENT

Release Management
Usually Release Management will be used for

- Large or critical hardware / software roll out
- Bundle relates set of changes
Release Management
• is concerned with implementation, unlike Change
Management, which is concerned with verification
• particularly useful in distributed multi-tier environments,
where an implementation may consist of a number of
different components supported by different technology
domains, which need to be coordinated

Release Management
Responsibilities:
• Plan the rollout of software and related hardware.

• Create procedures for the distribution and installation
of changes to IT systems
• Communicate and manage customer expectations
during the planning and rollout of releases
• Implementing new releases into the operational
environment using the controlling processes of
Configuration and Change Management.
• Ensuring that master copies of all software are
secured in the Definitive Software Library (DSL) and
that the Configuration Management Database (CMDB)
is updated

Release Management – Functions and Roles
Release Management staff

In most of companies the Release Management function
may well be combined with several other Service
Management disciplines, in particular Change
Management and Configuration Management.
• In a larger organization there may be dedicated
Release Management staff for particular systems.

Release Management - Activities
A Release is
a collection of
authorized
changes into
an IT
environment

Release Management –
Process Relationships
Incident Problem RFC

Management Management Change Approved
Management RFC
New projects
Incidents Release HW and SW
schedules
Service Release
Desk Management
Release
schedules Configuration
Configuration
-assets
Management
-relationships
Release
schedules
Service -Monitoring
CpM Level -software
Service Management -availability
AvM Delivery
SCM
Release, Change and Configuration Management
Change mgnt ensures

that new/modified CIs are
implemented to Production Change
environment properly Management
Change Mgnt ensures

Release that Configuration Items
Management are accurate due to changes
Configuration Mgnt ensures

that Release Mgnt use the
correct CIs version Configuration
Management

What
questions
do you
have?
Oct03-23-05
14, 2006
ITIL Essentials (Foundations) Course
Second Part: Service Delivery
page 51
Service Delivery Agenda

Service Desk SLM

Service Delivery - Overview
BUSINESS /
USERS
Service
Level
Management
IT Service
COSTS Financial
Management SERVICE Continuity
Management
RISK
DELIVERY Security
Management
Capacity Availability
Management Management
TECHNOLOGY
Service Delivery
Service Delivery looks at the long term planning and

improvement of IT service provision, which will also improve
efficiency and the achievement of business goals.
There are five processes within the Service Delivery umbrella
and they are:
– Service Level Management
– Financial Management for IT Services
– Capacity Management
– IT Service Continuity Management
– Availability Management.
Security Management sits under the Information Security
umbrella but will be addressed today due to the criticality of
information security in today’s IT environment.

Service Level Management - Purpose
To maintain and improve IT service quality through a

constant cycle of agreeing, monitoring and reporting
upon IT Service achievements and the instigation of
actions to eradicate poor service, in line with business
or cost justification.
•SERVICE DEFINITION AND

STANDARDS

Service Level Management - Role
Service Level Management

• is essential in any organization so that the level of IT
service needed to support the business can be
determined, and monitoring can be initiated to identify
whether the required service levels are being met.
• is a client facing role, where regular lines of
communication are maintained between the IT service
provider and the IT customer
• process is responsible for ensuring Service Level
Agreements (SLAs) and Operational Level Agreements
(OLAs) or underpinning contracts (UCs) are met

Types of Agreements and Contracts
Internal/External
Service Level Customers
Agreements
(Business
Language)
IT Service Level
Operational Underpinning
Level
Management Contracts
Agreements (supporting)
(Technical
(Technical Language)
Language)
Internal Suppliers External Suppliers

and Maintenance and Maintenance
Personnel Personnel
Service Level Management - Activities
CustomerDemand
Identify: ServiceLevel
needs Requirements
Define: ServiceS pec

Internallyand Sheets
Externally
ServiceQuality
Plan
Contract:
-Negotiate Service
-Draft Catalogue
-Am end
-Conclude ServiceLevel
Agreem ent
Operational
Level
Agreem ent
Underpinning
C ontract
Mon itoring: ServiceLevel

ServiceLevels Achievem ent
Report ServiceLevel
Reports
Service
Review Improvem ent
Program

Service Catalogue
• A list of all services

• The characteristics of each service
• Information on the use of the service

Contents of a Service Level Agreement
• Scope of the agreement • Functionality

• Service description • Charges
• Signatories • Change procedure
• Date of next review • Contingency
• Service hours • Anticipated growth
• Service availability • Restrictions
• Support levels • Training
• Performance • Change procedure for the
• Security Service Level Agreement

Service Level Management - Benefits
• IT services are designed to meet expectations outlined

in SLRs
• Service performance can be measured
*Reporting is Critical to the success of Service Level
Agreements
• If charged, customers can draw a balance between
service costs and required quality
• The IT organization can control resource management
and reduce costs in the long term as the organization
can specify the required services and components
• Improved customer relationships and satisfaction

Service Level Management –
Service
Incidents Incident Problem
Desk
Management Release
RFC
Service
Support
Change Configuration
Service
SLAs definitions
OLAs
SLAs Service Third

Customer Level Party
SLRs Management UCs Suppliers
SLAs
OLAs
Capacity Finance
Service
Planning Availability
Delivery
Continuity

Service Level Management
SLR - Service
Level
COMPANY
SERVICE MGMT
Requirement FIN
SLA - Service SCM METRICS
Level Agreement AVM CEO
SLR
UC CAP SLA
SLM
Suppliers
SLR
Suppliers OLA
Suppliers
Suppliers
IM
SERVICE DESK
PM End
OLA - Operational CHG User
Level Agreement CFG
UC - Underpinning
REL
Contract IT ORGANISATION

What
questions
do you
have?
Oct03-23-05
14, 2006
Financial Management for IT Services
page 65
Financial Management for IT Services
- Purpose
To provide cost effective stewardship of the IT assets

and the financial resources used in the IT services
provided.
•CONTROL AND RECOVER IT

COSTS

Financial Management for IT Services –
Role
Financial Management is responsible for

• Accounting for the costs (costing) and return
on IT service investments (IT portfolio
management), and
• Budgeting – defining and implementing IT
budgetary process
• Charging - for any aspects of recovering
costs from the customers (charging).

Financial Management for IT Services –
Functions and Roles
Finance Manager
Responsibility for:
• Managing the IT budget
• Gathering suitable cost data to develop a cost model
• Preparing regular bills for the customer
Note:
• The Finance Manager for IT Services may not necessarily be
a dedicated resource.
• The process may have an owner within the IT department
who liaises with the Finance department of the organization
and senior IT managers, particularly those responsible for
service level management.

The Costing, Charging and Budgeting Cycle
Business IT IT operational plan Cost analysis Charges
requirements (inc. Budgets) (Accounting)
Financial targets
Costing models
Feedback of proposed Charging policies
charges to business

Cost Model
• A framework in which all known costs can be recorded and allocated to

specific Customers, activities or other categories
• Several types
– Cost-by-service, activity (Activity Based Costing), Customer or location
• Define the Cost Unit for services or activities (transaction, minute, CPU-
seconds, storage, incident, change, etc.)

Pricing Policy
• Market price – the price charged by external suppliers

• Going rate – comparable to other internal organizations
• Cost plus – input cost plus uplift
• Cost – total cost of ownership
• Fixed price – negotiated price for a fixed period

Financial Management – •
•
Purpose
…
• Activities
• Benefits
• Relationships Between Processes
• Potential Challenges/Problems
• KPIs
Services Service
Customer Level
Management
Performance
Cost Usage Service
Budget model Support
Spend Charging
Configuration
Management
Business
Relationship Financial Changes with
Management Cost model Management cost affects
Charges Capacity
Management
Service
Delivery
Performance
Usage

What
questions
do you
have?
Oct03-23-05
14, 2006
Capacity Management
page 74
Capacity Management - Purpose
To ensure that cost justifiable IT capacity always exists

and that it is matched to the current and future
identified needs of the business.

Capacity Management –
Functions and Roles
Capacity Manager
• Reporting on current usage of resources, trending and
forecasts for future usage
• Identifying needs for increases or reductions in
hardware based on SLR and cost
• Performance testing of new systems
• Sizing all proposed new systems to determine
resources required.
• Assessing new technology or products which may
improve efficiency of the capacity process.

Input and Output Data Requirements
Inputs Sub-process Outputs
 Technology
 Capacity plan
 SLAs, SLRs and Service  Business  Capacity Database
Catalogue
Capacity  Baselines and profiles
 Business plans and strategy
Management  Thresholds and alarms
 IS/IT plans and strategy
 Capacity reports (regular, ad
 Business requirements and
hoc and exception)
volumes
 SLA and SLR
 Operational schedules  Service
recommendations
 Deployment and development Capacity  Costing and charging
plans and programs Management recommendations
 Forward Schedule of Change
 Proactive changes and service
 Incidents and Problems
 Resource improvements
 Service Reviews
Capacity  Revised operational schedule
 SLA breaches
Management  Effectiveness reviews
 Financial plans
 Audit reports
 Budgets

Sub-Processes
• Resource Capacity Management

– Monitor, analyze, run and report on the utilization of
components, establish baselines and profiles of use
of components
• Service Capacity Management
– Monitor, analyze, tune, and report on service
performance, establish baselines and profiles of use
for services, manage demand for services
• Business Capacity Management
– Trend, forecast, model, prototype, size and
document future business requirements

Capacity Management –
Service
Level Monitoring Incident
Management Reporting Management
Requirements Problem Service

SLR Management Support
Plans
Requirements Change
Customer Capacity Management
Plans Management Plans
Availability Service
Continuity Delivery
Planning

What
questions
do you
have?
Oct03-23-05
14, 2006
IT Service Continuity Management
page 81
IT Service Continuity Management –
Purpose
To support the overall Business Continuity Management

process by ensuring that the required IT technical and
services facilities can be recovered within required and
agreed business timescales.
•KEEP THE BUSINESS IN

BUSINESS

Functions and Roles
The primary goal of ITSCM Manager is to implement and

maintain the ITSCM process in accordance with the
overall requirements of the organization's Business
Continuity Management (BCM), and to represent the
IT services within the BCM function.

Thoughts that should avoid…
• Too expensive
• Disaster unlikely to happen
• More important things to do
• We will ‘muddle through’
• Unaware of the business risks
Thought that should have….

MURPHY LAW……Anything can go wrong , will go wrong
You cannot control what you cannot measure,

You cannot recover what you have not planned.

Functions and Roles
Role Roles in Normal Operation Roles in Crisis Situation
Board Level Initiate IT Service Continuity, set Crisis Management,

policy, allocate responsibilities, direct corporate decisions, external
and authorize affairs
Senior Manage IT Service Continuity, accept Co- ordination, direction and

Management deliverables, communicate and arbitration, resource
maintain awareness, integrate across authorization
organization
Junior Undertake IT Service Continuity Invocation, team leadership,
Management analysis, define deliverables, contract site management, liaison
for services, manage testing and and reporting
assurance
Supervisors Develop deliverables, negotiate Task execution, team
and Staff services, perform testing, develop and membership liaison
operate processes and procedures

Activities
Stage 1 - Initiation Initiate BCM
Stage 2 – Business Impact Analysis

Requirements &
strategy Risk Assessment
Business Continuity Mgt
Stage 3 - Organization and

Implementation Implementation Planning
Implement Stand-by Develop Recovery Implement Risk

Arrangements Plans Reduction Measures
Develop Procedures
Initial Testing
Testing
Review & Change
Audit Management
Stage 4 – Operational
Management Education & Training
Awareness
Assurance

Risk Reduction and Recovery Options
It is rare that an organization will choose only risk reduction

(prevention measures) or recovery options. Generally a
combination of reducing risks to assets with greatest
vulnerability or with higher business impact with a recovery
plan will be implemented.
Recovery Options
Do nothing
Return to manual systems
Gradual recovery (cold stand-by) (72 hrs)
Intermediate recovery (warm stand-by) (24-72 hrs)
Immediate recovery (hot start, hot stand-by) (<24 hrs)
Combinations

Gradual Recovery Facilities
(cold standby 72+ hours)
• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
Does not include ANY computing equipment

Intermediate Recovery Facilities
(warm standby 24-72 hours)
• Accommodations
• Power
• Operations, system management and technical support
• Processors, peripherals, communications equipment and / or
operating systems

Immediate Recovery Facilities
(hot standby <24 hours)
• Accommodations
• Power
• Operations, system management and technical support
• Processors, peripherals and communications equipment
• Operating systems, applications and data mirrored from the operational
servers

Service Exercise /
Level Service Recovery Incident
Problem
Management Service
SLR Support
Plans Requirements
Change
Requirements Service
Management
Customer Continuity
Plans Management Configuration
Management
Planning
Incidents
Service
Desk Capacity
Event Availability
Monitoring Service
Delivery
Planning

What
questions
do you
have?
Oct03-23-05
14, 2006
Availability Management
page 93
Availability Management - Purpose
To optimize the capability of the IT infrastructure and

supporting organization to deliver a cost effective and
sustained level of availability that enables the
business to satisfy its business objectives.
•ENSURE RESOURCES ARE

AVAILABLE AND
EFFECTIVE

The Availability Management Process
INPUTS OUTPUTS
Business availability Availability & recovery design
requirements criteria
A
Business impact assessment V M IT infrastructure resilience
& assessment
A A
I N
Availability, reliability & Agreed targets for availability
L A
maintainability requirements and maintainability
A G
B E
Reports of availability, reliability
Incident and problem data I M & maintainability achieved
L E
I N
Configuration & monitoring data Availability monitoring
T T
Y
Service level achievements Availability Plan
Availability Management Terminology
• Availability - is the ability for an IT Service or component to perform
its required function at a stated instant or over a stated period
• Reliability – the tendency of an IT Service or component not to fail
(i.e. how long can it perform)
• Resilience – the ability of the component to continue providing the
service even though some piece is no longer functioning (i.e. fault
tolerance)
• Maintainability - is the ability to retain or restore an IT Service or
component to an operational state (internal)
• Serviceability - as Maintainability but for external suppliers
• Security - Confidentiality, Integrity and Availability of the services
and associated data; an aspect of overall availability
Confidentiality, Integrity and Availability (CIA) – the basis of
security

Availability Management Terminology
Basic Availability Calculation
(2 of 2)
(Agreed service time – downtime)

Availability = ____________________________ x 100
Agreed service time
Remember the definition of a "Service”

Availability Management Activities
• Designing for availability (Proactive perspective)

– The technical design of the IT infrastructure and the
alignment of the internal and external suppliers required
to meet the availability requirements of the service
• Designing for recovery (Reactive perspective)

– The design points required to ensure that in the event of
an IT service failure, the service can be reinstated to
resume normal business operations as quickly as possible

The Monetary Impact of Unavailability
User productivity Hourly cost of Hours of

loss = User affected
X disruption
+
IT productivity Hourly cost of IT Hours of
loss = staff
X disruption
+ Lost revenue per Hours of
Lost revenue = hour
X disruption
+
Other business (Overtime, wasted materials or goods, financial
losses incurred penalties or fines)
+
Impact on
Customer Service (Where / if known)
/ Reputation

Calculating Availability
M inicom puter N etw ork Server W orkstation

99.8% 98% 99.5% 96%
Host x N etw ork x Server x W orkstation = Availability
93.4%
0.998 x 0.98 x 0.995 x 0.96 = 0.934

Availability Management –
Service Downtime
Level SLA Monitoring Incident
Management Monitoring Management
Cause Problem
Management Service
SLR Support
Plans
Change
Requirements Management
Customer Availability
Management Change
Plans Configuration
Management
Planning
Incidents
Service
Desk
Event
Monitoring of Capacity Service
Downtime Continuity Delivery
Planning

What
questions
do you
have?
Oct03-23-05
14, 2006
Security Management
page 103
Security Management - Purpose
Security Management is the process of managing a

defined level of security on information and IT services
. It has links with all processes
It also includes managing the reaction to security
incidents.
Security Management has two objectives:
• To meet the security requirements of SLAs and other
external requirements further to contracts, legislation
and externally imposed policies.
• To provide a basic level of security, independence and
external requirements.
•PROTECT DATA
The Cost of Security Incidents
Incident Type 1999 2004
Proprietary $1,847,652 $11,460,000

Information
Fraud 1,470,592 7,670,500
Denial of Service 116,250 26,064,050
Virus 45,465 55,053,900
Insider Access 142,680 4,278,205
Laptop Theft 86,920 6,734,500
Total losses reported in the 2004 report was: $141,496,560

Source: CSI/FBI Computer Crime and Security Survey
Security Management - Role
• Confidentiality
– protecting the business information from failure and
attack
– is more than locking server rooms or insisting on
password discipline.
• Integrity
– timeliness or correctness require careful consideration of
information flows and
– safeguards against incorrect values
• Availability
– maintaining the uninterrupted operation of the IT
organization
– also helps to simplify Information Security Service Level
Management, as it is much more difficult to manage a
large number of different SLAs than a limited one.
Security Management Activities *
• Plan
– Establish the structure of the Security section of the Service Level Agreements, Operational Level Agreements and
Underpinning Contracts
– Establish the security baseline (or minimum security standards)
• Implement
– Establish and maintain security awareness
– Establish the procedures to identify and classify security incidents
– Establish the procedures to handle security incidents
• Evaluate
– Conducting security audits
• Using Internal resources
• Using External resources
• Self assessment (using Security Management resources)
– Ongoing review and analysis of security incidents
• Control
– Establish the structure and controls for security functions
– Defines the roles & responsibilities (including the line of command)
• Maintain
– Ensure the continuity of security measures
– Update to the security handbooks
• Report
– Communicate the effectiveness and efficiency of the security management process and functions
– Communicate the number and type of security incidents
– Communicate the action plans to improve/correct security measures
– Communicate compliance with security policy

Security Management –
Service Incidents
Level SLA Incident
Management Monitoring Management
Virus Problem
Management Service
SLR Support
Plans
Change
Requirements Management
Customer Security
Management Change
Plans Configuration
Management
Planning
Incidents Release
Management
Service
Desk
Attacks
Capacity Service
Continuity Delivery
Planning Availability

Oct03-23-05
14, 2006
Quick Review
page 109
ITIL Process Linkages
IT Service
Continuity
Management
Strong Relationship Availability Capacity

Uses
Communicates With
Change
Management
Financial Service Level
Problem
Release
Management
Management
Incident
Management and
Service Desk
ITIL Essentials (Foundations) Oct 14, 2006

Attitude Change
The organization works better
We can learn
Recommending improvements
Structure helps
Understanding
May have
benefits
Would be nice in a perfect world
Bureaucratic
Time and Effort
Too much
delay
Paper chase
It won't work for us
We already do
ITIL Essentials (Foundations)
that Oct 14, 2006 page 111
Roles that could be combined
• Configuration Management and Release Management

• Configuration Management and Change Management
• Service Level Management and Financial Management for
IT Services

Roles that should not be combined
• Problem Management and Incident Management

• Problem Management and Change Management
• Capacity Management and Availability Management

Some Useful Websites
http://www.ogc.gov.uk The OGC – the organization that publishes the ITIL books
http://www.itil.co.uk ITIL UK – Official Web Site
http://www.itilexams.com/ Loyalist College [Belleville, Ontario]

ITIL Certification Agent
http://www.itsmf.com The global IT Service Management Forum site
http://www.itsmfusa.org/mc/page.do The ITSMF – US site
http://www.itsmf.ca/ ItSMF Canada Site – IT Service Management Forum - check out

Event/Presentation for local context and players.
http://www.pultorak.com/pcbit/itsm.htm General ITSM information and white-papers
http://www.staytech.com/ Ottawa based ITIL Services/Training provider

“Links” contains a good selection of ITIL Information/Solution providers
http://www.nextslm.org/ Tools, newsletters, and white-papers on ITSM

What
questions
do you
have?
Go home!

ITIL Essentials (Foundation) Course Overview

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ITIL Essentials (Foundation) Course Overview

Uploaded by

Copyright:

Available Formats

Oct03-23-05

ITIL Essentials (Foundation) Course

ITIL is NOT a technology specific

BS15000/ISO20000 is (the first) worldwide standard for IT service management

ITIL recommends “ADOPT AND ADAPT” approach

ITIL Essentials (Foundations) Oct 14, 2006 page 2

In US, implementing of ITIL provides an acceptable structure to meet many of

ITIL Essentials (Foundations) Oct 14, 2006 page 3

To reduce unexpected system downtime - Implement Change Mgnt to ensure that

• However the ultimate is to serve the Corporate Business goals (CEO) to

ITIL Essentials (Foundations) Oct 14, 2006 page 4

• Service Delivery looks at planning and improvement of IT service

Service Support Service Delivery

Service Desk SLM

Incident Mgnt Financial Mgnt

Problem Mgnt Capacity Mgnt

Configuration Mgnt IT Service Cont Mgnt

Change Mgnt Availability Mgnt

Release Mgnt Security Mgnt

ITIL Essentials (Foundations) Oct 14, 2006 page 5

Customer: recipient of a service; usually Customer

Provider: the unit responsibility for the provision of IT

Supplier : a 3rd party responsible for supplying or supporting of

User: the person using the service on a daily basis

ITIL Essentials (Foundations) Oct 14, 2006 page 6

ITIL Essentials (Foundations) Course

First Part: Service Support

Service Support Service Delivery

Release Mgnt Security Mgnt

ITIL Essentials (Foundations) Oct 14, 2006 page 9

• ITIL views Service Desk as a Vital function rather than as a

• Service Desk is the “Central Point of Contact” between users

• A first positive or negative impression is perceived upon Service

• Service Desk in ITIL is more than just a Helpdesk. Service Desk

ITIL Essentials (Foundations) Oct 14, 2006 page 11

• Provide initial assessment of all incidents; make first

• Once escalated, monitor the tickets according to SLA

ITIL Essentials (Foundations) Oct 14, 2006 page 12

• Produce Service Desk Management reports

• Highlighting user requirements such as training to assist

• Perform basic operational functions such as password

• Perform Infrastructure monitoring such as Data Center

ITIL Essentials (Foundations) Oct 14, 2006 page 13

• Remedy (BMC), Tivoli (IBM), Openview (HP)

ITIL Essentials (Foundations) Oct 14, 2006 page 14

• Local Service Desk

• Central Service Desk

• Virtual Service Desk

ITIL Essentials (Foundations) Oct 14, 2006 page 15

Incident Management process is usually owned by Service Desk

ITIL Essentials (Foundations) Oct 14, 2006 page 18

Priority = Urgency + Impact

Urgency = How soon the problem needs resolution

Priority in many practical term is called “Severity”

ITIL Essentials (Foundations) Oct 14, 2006 page 19

* Incident Manager (IM) should be identified and

ITIL Essentials (Foundations) Oct 14, 2006 page 20

ITIL Essentials (Foundations) Oct 14, 2006 page 21

There are 2 types of escalation:

ITIL Essentials (Foundations) Oct 14, 2006 page 22

ITIL Essentials (Foundations) Oct 14, 2006 page 25

Request for Change (RFC)