OPEN NOTES ON DIGITAL GOVERNANCE ICT SERVICE MANAGEMENT

FRAMEWORK

Introductory Slide

Good morning, thank you for joining the webinar on Digital Governance ICT Service
Management.

The knowledge sharing gives attention to the five (5) essential questions to understand
the result areas of managed ICT services of digital governance.

1. What ICT services means to digital governance, and its statutory and regulatory context?

2. What practice standards determine valid and verifiable view of leadership, direction,
and control to deliver and support ICT services?

3. What are the principles that qualify effectiveness in the management of ICT services?

4. What is the lifecycle of ICT service management, and the related processes,
documentation, and measurement of results?

5. What is the ICT service management organization that matches best practice view of
leadership, direction and control of value creation with information and
communications technology?

Part 1 - ICT Services as Governance Digital Platform

Today, when we speak of information and communication technology services, it is

about the “digital platform” on which business enterprise or government agency engages the
customer or citizen in “value creation” through the integrated use of transformative
technology that enable connectivity and interaction of people, location, devices, product, data,
and process in achieving defined “outcome” or “purpose.”

Value creation in ICT service management means there is a “good” to be delivered that
differentiates the market space and customer experience.

ICT services represent “utility” and “warranty.”

 Utility of ICT services talks about “what customer gets.” It is measured by the number of
key outcomes supported, and the constraints or risks removed.

Warranty of ICT services demonstrates “how the expectation of the customer is

delivered.” It is measured in terms of the levels of quality, availability, capacity, continuity and
security

Best practice says “Value" is created with ICT services when the perceived benefits,
usefulness, and importance of information and communication technology are found in the
“service portfolio” that is developed, delivered and supported by the service provider or
internal service organization in accordance with the “stakeholders’ specification.”

The specification agreement determines the acceptable configuration, cost, capability,

capacity, availability, and security to meet the expected customer experience of service quality
and quantity.

“Service portfolio” as described by ITIL, comes as list of the services managed by a

service provider or ICT service organization. It contains:

1. Present contractual commitments

2. New service development
3. Ongoing service improvement plans.

The Service Portfolio is divided into three phases:

1. Service Pipeline,
2. Service Catalogue,
3. Retired Services.

It also includes third-party services that are integral part of the service offerings
presented to the customers. E.g. managed services, cloud services, data center, payment
gateway, middle ware, and internet service provider

“Stakeholder” for ICT services is people or entities that affect the service or are
affected by the service. They represent interest and benefits that are secured in the ICT
services strategy, design, project, operation, security, and continual improvement.

The stakeholder is categorized as “external,” namely, user, customer, supplier, and

regulator; and “internal,” namely the ICT service team, business management group, process
owner and in-house personnel. The stakeholders are party to the functional features and
service level requirement definition and agreement.
 ICT services provides the “digital environment” on which the critical asset to
governance called “data” are created, collected, transmitted, retained, stored, processed,
disclosed, distributed, shared, transferred, re-used and disposed through the use of
“application” that acts the achievement of the mandated outcomes as ruled, and of the
expected customer experience as designed.

With the emergence of “disruptive technologies,” like Internet broadband, cloud

computing, social media, mobile applications, Internet of things, big data, artificial intelligence,
etc., ICT services have defined the kind of effectiveness, efficiency, accountability and security
in the business function and processes of enabling the stakeholders and customer to achieve
their own experience of wanted results.

The computing devices, software, development methods, technical skills, programming

tools, web applications, multimedia, local area networks, Internet, mobile phone, broadband,
cloud computing and cyber security of providing ICT services have differentiated the capability
and capacity of business enterprise and government agency to deliver and support the
requirements of value creation, customer experience, quality process, and data privacy of
digital governance

Part 2 – ICT Services Statutory and Regulatory Context

The value creation with digital technology for government agency is determined by
statutory and regulatory guidance that consider information and communications technology
service as the platform on which to develop the country, to deliver efficient government
services, to protect data privacy, and to institute quality processes.

There are laws that provide the mandate needed for the provision of organization, fund,
policy and technology of ICT services management in order to:

 Create service strategy

 Design service architecture
 Initiate service project
 Support service operation
 Act the continual improvement.

The primary legal references for the use of ICT services in government are the following:
 1. R.A. 10844, the law that creates the Department of Information and
Communications Technology. With R.A. 10844, the government entities has to
align with policies, product, people, process, and provider that make the country
achieve developmental agenda with digital transformative technologies. It
includes the enabling of the government to become efficient and accountable in
the delivery of mandated services that are critical to people’s achievement of
their economic, health, education, cultural, community, privacy and safety
objectives.

The current ICT services requirements of the government are defined in the
national broadband plan, national government portal project, national cyber
security plan, and in the endorsed/budgeted information system strategic plan
of the agencies.

2. R.A. 11032, the law that promotes ease of doing business and efficient delivery
of government services. The ease of doing business is indicated by the “speed”
of the process to serve the need of the citizen, where simple process has to be
done in three (3) days; complex process is seven (7) days, and technical process
in twenty (20) days

The efficient delivery of government services is demonstrated in the activities

and result of the government agencies in doing the following mandated
activities.

 Re-engineering of system and process

 Regulatory impact assessment
 Automation

3. R.A. 10173, known as Data Privacy Act of 2012 is the law to protect the

fundamental human right of privacy, of communication.. It is to ensure that
personal information in information and communications systems in the
government and in the private sector are secured and protected.

NPC Circular 16-01 on security of personal data in government agencies

identifies and describes the obligation of the head of agency to protect the
privacy of personal information.

Part 3 - ICT Service Management is To

The effectiveness, efficiency, accountability, and security in the delivery and support of
ICT services are critically determined by the
 1. Legal mandate of the agreed value to be created
2. Technology acquisition of the designed service
3. Management competency to lead, direct, and control service outcomes.

ICT services management competency is about the ability to lead, direct and control the
delivery and support of the stakeholders’ outcomes with information and communications
technology.

4. Leadership – Strategy
5. Direction – Policy
6. Control – Process

Leadership, direction and control is determined by set of standards that affect the mindset and
behaviour of the person or entity designated as accountable and responsible:

1. To have clarity of mandate, vision, goals and key result results.

1. To give attention to the discipline associated to stakeholder engagement, service
planning-execution-evaluation, technology standards application, and regulatory
compliance.
2. To provide the fitted product, people, policy, process and service providers to the
agreed service requirements of the stakeholder and customer.
3. To continually improve the function and processes of service delivery and support to
meet the quality expectation of the stakeholder and customer.
4. To align the use of technology to achieve management objectives to communicate,
document, develop, and control the service processes.
5. To control service project as valued, scoped, timed, budgeted, and assigned.
6. To be auditable for continual improvement.

Part - 4 – ISO 38500 – Corporate Governance of ICT Services

ISO 38500 has identified the three (3) key result area of ICT services corporate governance in
order for ICT project and operation serves the performance outcomes demanded to the
business process by regulatory compliance, new competition, disruptive technologies, and
customer changing needs. They are:

1. Evaluation – Risks, change requirement

2. Direction – Strategy, policy and plan
3. Monitor – Performance conformity, compliance, improvement
The exercise of the decision rights associated to the management of ICT services is influenced
by six (6) governance principles

1. Responsibility
2. Strategy
3. Acquisition
4. Performance
5. Conformance
6. Human behaviour

Here are the questions to ask if the governance principles are applied in the
management of ICT services

Responsibility

1. Are ICT decisions and policies are ensured to be the responsibility of formally
constituted committee of appropriate executives?

2. Is ICT management headed by a director who devolved responsibility to managers who

are cognizant of their responsibilities and follow defined procedures?

3. Do managers submits regular performance reports and made responsible for achieving
target outcome?

Strategy

1. Is business strategy development ensured to understand the current and future needs
for ICT services of the organization?

2. Is business and ICT strategy are developed as an integrated whole?

3. Is business tactical and operational activities monitored to anticipate future ICT services
requirements; and are ICT resources capable to deliver and support?

Acquisition

1. Are all request for change and new acquisition subjected to formal and full evaluation
that consider appropriateness, feasibility, cost and value?

2. Is there an implemented formal acquisition plan that considers well competitive costing,
past performance and future needs?

3. Are projects evaluated based on current needs, relevance and external conditions?
Performance

1. How ensured are the defined objectives for availability, performance, and reliability of
operational system, and assessment of threats to organizational integrity ?

2. Are skilled IT personnel selected for the relevant jobs? How effective is the security
protocols for data protection and handing of incidents and problems?

3. How threat against data and system are independently verified, and regular reports on
system and personnel performances are reported?

Conformance

1. Is it ensured that IT systems and services follow up-to-date regulatory and standards
protocols, and personnel are made aware of updates?

2. All changes on the protocol are subjected to stakeholders agreement; and purchases are
transparent and governed by well defined and living contract?

3. Is there a formal process to detect, assess and intervene on breaches and non-
compliance?

Human Behavior

1. New business plan takes into account user’s expectation, and IT personnel is trained
well on the capabilities to match the objectives?

2. Stakeholders are ensured to understand the planned ICT services initiatives, and they
are educated on the why, why and how?

3. Is there regular assessment of IT personnel on their capability to demonstrate the

knowledge, skills and attitudes to support the objectives of ICT services and expectation
of stakeholders

Part - 5 - ISO 20000 ICT Service Management System Requirements

ISO 20000 is a look up reference standards to determine, describe, document and demonstrate
the requirements that compose an ICT Service Management System.

ICT Service Management System as defined by ISO 20000 is about

1. Management system to direct and control the service management activities of the
organization
 2. Set of capabilities and processes to direct and control the organization’s activities
and resources for the planning, design, transition, delivery and improvement of
services to deliver value
3. “Means of delivering value for the customer by facilitating outcomes the customer
wants to achieve”

ICT service management system has the following components that compose the
requirement necessary to establish, implement, maintain and continually improve the
management of ICT services.

1. Context of the organization – understand the internal and external factors, roles of
interested parties, and the requirement for service management system.
2. Leadership – establish the engagement and commitment of the organization’s
leadership. The top management is made committed to ensure the provision of
necessary policies, processes, people, tools, and technology to deliver quality
services to the business.
3. Planning – enable effective planning that support both risk management and the
ability to seize opportunities. Planning defines with clarity the required action to
achieve the organization’s service management objectives
4. Support of the service management system – recognize the role multiple
organizational areas to support the effectiveness requirement of the service
management. Support of the service management system has to be holistic to
assure the availability of resources, employee competence, situational awareness,
internal/external communications, documented information, and knowledge
management.
5. Operation of service management system - ensure that the activities necessary for
the operation of the SMS are conducted in an effective and efficient manner.
Operations requirements cover all stages of the operational service lifecycle, such as
planning and control, service portfolio, relationship agreement, supply and demand,
service design, and service assurance,
6. Performance evaluation - assess the performance of the service management
system through monitoring, measurement, analysis, and evaluation of the system
7. Improvement - specify the corrective actions to take when nonconformities are
encountered by the organization. And to perform the activities that support
continual service improvement.

Part - 6 – ICT Service Management Principle of ITIL

 The decisions and action of leadership and management in ICT services delivery and
support are influenced by their adopted fundamental truth or propositions that determine their
belief or behavior about acceptable performance.

The performance principles communicate how decision are made and action are taken.
The acceptability of the principles is based on the universality, usefulness and applicability of
the practice references.

ITIL or IT Infrastructure Library is a de-facto-standard in creating ICT service

management system. It has the identified seven (7) principles considered to define value,
effectiveness, efficiency, and accountability of leadership, direction and control of ICT services
delivery and support.

1. Focus on value Give attention to the stakeholder’s interest and benefits

What are to be done must be mapped directly or indirectly to what

the stakeholders and customers consider or want as the “good.”

2. Start where you are Do not start from scratch.

Something new is build from what is already available to make

leverage. Find out what is in the current services, processes,
programmes, project and people that can used to create desired
outcome. The current state has to be evaluated and understood as
to their use to support service continual improvement.

3. Progress iteratively Do not attempt to do everything at once. Huge initiatives must be

with feedback accomplished iteratively.

Organize work into smaller, manageable section that can be

executed and completed in a timely manner.

Use feedback before, throughout and after each iteration ensures

that actions are focus and appropriate, even if circumstances
changes.

4. Collaborate and Work together across boundaries to produce better result, buy-in,
promote visibility more relevance to objectives, and increased likelihood of long term
success.

Objectives are achieved where there is information, understanding

and trust.
 Work and consequence should be made visible, hidden agendas
avoided, and information shared to the greatest degree possible.

5. Think and work No stand-alone

holistically
The achievement of outcomes is because the organization works on
the service as a whole, and not just on its parts.

Results are delivered to internal and external customer through the

effective and efficient management and dynamic integration of
information, technology, organization, people, practices, partners,
and agreements that are all coordinated to provide the defined
value

6. Keep simple and Use the minimum number of steps that are necessary to accomplish
practical the objective. Always us outcome-based thinking to produce
practical solutions that deliver results.

Eliminate process, service, action or metrics that fails to provide

value or produce useful outcome.

7. Optimize and Resources should be used to their best effect. Eliminate anything
automate that is wasteful and use technology to achieve whatever it is capable
of.

Human intervention should only happen where it really contributes

value.

Part – 7 ICT Service Management Life Cycle Based on ITIL Framework

1. Service Strategy

Process Objective:

To decide on a strategy to serve customers. Starting from an assessment of

customer needs and the market place, the Service Strategy process determines which
services the IT organization is to offer and what capabilities need to be developed. Its
ultimate goal is to make the IT organization think and act in a strategic manner.

2. Service Design
 Process Objective:

To design new IT services. Its scope includes the design of new services, as well
as changes and improvements to existing ones.

3. Service Transition

Process Objective:

To build and deploy IT services. This process also makes sure that changes to
services and Service Management processes are carried out in a coordinated way.

4. Service Operation

Process Objective:

To make sure that IT services are delivered effectively and efficiently. This
includes fulfilling user requests, resolving service failures, fixing problems, as well as
carrying out routine operational tasks.

5. Continual Service Improvement (CSI)

Process Objective:

To use methods from quality management in order to learn from past successes
and failures. The Continual Service Improvement process aims to continually improve
the effectiveness and efficiency of IT processes and services, in line with the concept of
continual improvement adopted in ISO 20000

Part 8 –Critical Elements in the Organization of ICT Service Management

1. Authority. -It is mandate provided by the stakeholders

2. Measures. -It is risks examined by the policy
3. Governance. -It is organization assigned for the decision rights
4. Methodology. -It is process executed for the objectives
5. Enabler. -It is laws, funds, supply chain, and expert provided for the results
6. Competency. It is knowledge and skills of people fitted to the outcomes
7. Control. It is audit performed for the continual improvement
8. Messaging. It is communication created for support percept