ITILv3 Introduction and Overview

Tony Brett
Head of IT Support Staff Services
OUCS
 Agenda for the Session
• What is ITIL?
• What about v3?
• Key Concepts
• Service Management & Delivery
• The Service Lifecycle
• The Five Stages of the lifecycle
• ITIL Roles
• Functions and Processes
• Further Learning
• Accreditation
 What is ITIL?
• ITIL = Information Technology Infrastructure Library . Created in 1989 by
the CCTA, a UK government agency

• ITIL is a set of best practices standards for Information Technology (IT)

service management.

• The United Kingdom's Central Computer and Telecommunications Agency

(CCTA) created ITIL in response to the growing dependence on Information
Technology to meet business needs and goals.

• Emerged as the worlds most widely accepted approach to the

management and delivery of IT Services because it is scalable.

Internal
 What is ITIL?

• ITIL is:
– Comprehensive, consistent & coherent set of best practices for IT
management - NOT a methodology
– Identifies key management processes in IT organizations
– Aligns IT services with business requirements
– Promotes a metrics based management approach
– Vendor (tool) independent, advocates tool enablement.

Internal
 Key Concepts
• Service
– Services are a means of delivering value to
customers by facilitating the outcomes customers
want to achieve without the ownership of specific
costs and risks
– e.g. The HFS backup service means that you as
Unit ITSS don’t have to care about how much
tapes, disks or robots cost and you don’t have to
worry if one of the HFS staff is off sick or leaves
 Key Concepts
• Service Level
– Measured and reported achievement against one or
more service level targets
– E.g.
• Red = 1 hour response 24/7
• Amber = 4 hour response 8/5
• Green = Next business day
• Service Level Agreement
– Written and negotiated agreement between Service
Provider and Customer documenting agreed service
levels and costs
 Key Concepts
• Configuration Management System (CMS)
– Tools and databases to manage IT service provider’s
configuration data
– Contains Configuration ManagementDatabase
(CMDB)
• Records hardware, software, documentation and anything
else important to IT provision
• Release
– Collection of hardware, software, documentation,
processes or other things require to implement one or
more approved changes to IT Services
 Key Concepts
• Incident
– Unplanned interruption to an IT service or an
unplanned reduction in its quality
• Work-around
– Reducing or eliminating the impact of an incident
without resolving it
• Problem
– Unknown underlying cause of one or more
incidents
 4 Ps of Service Management
• People – skills, training, communication
• Processes – actions, activities, changes, goals
• Products – tools, monitor, measure, improve
• Partners – specialist suppliers
 Service Delivery Strategies
Strategy Features
In-sourcing All parts internal
Out-sourcing External resources for specific and
defined areas (e.g. Contract cleaners)
Co-Sourcing Mixture of internal and external resources
Knowledge Process Outsourcing Outsourcing of particular processes, with
(domain-based business expertise) additional expertise from provider
Application Outsourcing External hosting on shared computers –
applications on demand (e.g. Survey
Monkey, Meet-o-matic)
Business Process Outsourcing Outsourcing of specific processes e.g. HR,
Library Circulation, Payroll
Partnership/Multi-sourcing Sharing service provision over the
lifecycle with two or more organisations
(e.g. Shared IT Corpus/Oriel)
 The Service Lifecycle
• Service Strategy – Change management
– Strategy generation – Knowledge Management
– Financial management • Service Operation
– Service portfolio – Problem & Incident
management management
– Demand management – Request fulfilment
• Service Design – Event & Access management
– Capacity, Availability, Info • Continual Service
Security Management Improvement
– Service level & Supplier – Service measurement &
Management reporting
• Service Transition – 7-step improvement process
– Planning & Support
– Release & Deployment
– Asset & Config management
How the Lifecycle stages fit together
Internal
Internal
 Service Lifecycle

Business Needs Business

Process
Service

Continual Service Improvement

Strategy

• Funding
• ROI
• Chargeback Service
• Service Portfolio
Design
• Design Package
• Service Catalog
• Policies & standards Service
Transition

• Release Calendar
• Change Schedule
• CAB Meetings Service
Operations
• Service Availability
• Metrics
• SLA Breach Report Frameworks
CMS • Root cause analysis • Reports
• Incident statistics
CMS: Configuration Management System, CAB: Change Advisory Board, SLA: Service Level Agreement, ROI: Return on Investment
Internal
- 15 -
 Service Strategy
• What are we going to provide?
• Can we afford it?
• Can we provide enough of it?
• How do we gain competitive advantage?
• Perspective
– Vision, mission and strategic goals
• Position
• Plan
• Pattern
– Must fit organisational culture
Service Strategy has four activities

Define the Market

Develop the Offerings

Develop Strategic Assets

Prepare for Execution

 Service Assets
• Resources
– Things you buy or pay for
– IT Infrastructure, people, money
– Tangible Assets
• Capabilities
– Things you grow
– Ability to carry out an activity
– Intangible assets
– Transform resources into Services
 Service Portfolio Management
• Prioritises and manages investments and
resource allocation
• Proposed services are properly assessed
– Business Case
• Existing Services Assessed. Outcomes:
– Replace
– Rationalise
– Renew
– Retire
 Demand Management
• Ensures we don’t waste money with excess
capacity
• Ensures we have enough capacity to meet
demand at agreed quality
• Patterns of Business Activity to be considered
– E.g. Economy 7 electricity, Congestion Charging
 Service Design
• How are we going to provide it?
• How are we going to build it?
• How are we going to test it?
• How are we going to deploy it?

Holistic approach to determine the impact of

change introduction on the existing services and
management processes
 Processes in Service Design
• Availability Management
• Capacity Management
• ITSCM (disaster recovery)
• Supplier Management
• Service Level Management
• Information Security Management
• Service Catalogue Management
 Service Catalogue

Business Process A Business Process B Business Process C

Business Service Catalogue

Service 1 Service 2 Service 3 Service 4 Service 5 Service 6

Technical Service Catalogue

Hardware Software Support Applications Databases Capability

Keeps service information away from business information

Provides accurate and consistent information enabling service-focussed working
 Service Level Management
• Service Level Agreement
– Operational Level Agreements
• Internal
– Underpinning Contracts
• External Organisation
• Supplier Management
– Can be an annexe to a contract
– Should be clear and fair and written in easy-to-
understand, unambiguous language
• Success of SLM (KPIs)
– How many services have SLAs?
– How does the number of breaches of SLA change over
time (we hope it reduces!)?
 Things you might find in an SLA
Service Hours of User Response
Description operation times

Incident Availability &

Resolution
Response Continuity
times
times targets

Critical Change
Customer
operational Response
Responsibilities
periods Times
 Types of SLA
• Service-based
– All customers get same deal for same services
• Customer-based
– Different customers get different deal (and
different cost)
• Multi-level
– These involve corporate, customer and service
levels and avoid repetition
Right Capacity, Right Time, Right Cost!
• This is capacity management
• Balances Cost against Capacity so minimises
costs while maintaining quality of service
 Is it available?
• Ensure that IT services matches or exceeds
agreed targets
• Lots of Acronyms
– Mean Time Between Service Incidents
– Mean Time Between Failures
– Mean Time to Restore Service
• Resilience increases availability
– Service can remain functional even though one or
more of its components have failed
 ITSCM – what?
• IT Service Continuity Management
• Ensures resumption of services within agreed
timescale
• Business Impact Analysis informs decisions
about resources
– E.g. Stock Exchange can’t afford 5 minutes
downtime but 2 hours downtime probably wont
badly affect a departmental accounts office or a
college bursary
 Standby for liftoff...
• Cold
– Accommodation and environment ready but no IT
equipment
• Warm
– As cold plus backup IT equipment to receive data
• Hot
– Full duplexing, redundancy and failover
Information Security Management
• Confidentiality
– Making sure only those authorised can see data
• Integrity
– Making sure the data is accurate and not
corrupted
• Availability
– Making sure data is supplied when it is requested
 Service Transition
• Build
• Deployment
• Testing
• User acceptance
• Bed-in
 Good service transition
• Set customer expectations
• Enable release integration
• Reduce performance variation
• Document and reduce known errors
• Minimise risk
• Ensure proper use of services
• Some things excluded
– Swapping failed device
– Adding new user
– Installing standard software
 Knowledge management
• Vital to enabling the right information to be
provided at the right place and the right time
to the right person to enable informed
decision
• Stops data being locked away with individuals
• Obvious organisational advantage
Data-Information-Knowledge-Wisdom

Data Information Knowledge Wisdom

- who, what , where? - How? - Why?

Wisdom cannot be assisted by technology

– it only comes with experience!

Service Knowledge Information

Management System is crucial to retaining
this extremely valuable information
 Service Asset and Configuration
• Managing these properly is key
• Provides Logical Model of Infrastructure and
Accurate Configuration information
• Controls assets
• Minimised costs
• Enables proper change and release
management
• Speeds incident and problem resolution
Configuration Management System
Service Asset and
Management Configuration Change Data
KB Info

Application
Release Data Document
Data

Configuration
Definitive
Management
Media Library
DB
 Painting the Forth Bridge...
• A Baseline is a “last known good
configuration”
• But the CMS will always be a “work in
progress” and probably always out of date.
But still worth having
• Current configuration will always be the most
recent baseline plus any implemented
approved changes
Change Management – or what we all
get wrong!
• Respond to customers changing business
requirements
• Respond to business and IT requests for change
that will align the services with the business
needs
• Roles
– Change Manager
– Change Authority
• Change Advisory Board (CAB)
• Emergency CAB (ECAB)
• 80% of service interruption is caused by operator
error or poor change control (Gartner)
 Change Types
• Normal
– Non-urgent, requires approval
• Standard
– Non-urgent, follows established path, no approval
needed
• Emergency
– Requires approval but too urgent for normal
procedure
 Change Advisory Board
• Change Manager (VITAL)
• One or more of
– Customer/User
– User Manager
– Developer/Maintainer
– Expert/Consultant
– Contractor
• CAB considers the 7 Rs
– Who RAISED?, REASON, RETURN, RISKS, RESOURCES,
RESPONSIBLE, RELATIONSHIPS to other changes
 Release Management
• Release is a collection of authorised and tested
changes ready for deployment
• A rollout introduces a release into the live
environment
• Full Release
– e.g. Office 2007
• Delta (partial) release
– e.g. Windows Update
• Package
– e.g. Windows Service Pack
 Phased or Big Bang?
• Phased release is less painful but more work
• Deploy can be manual or automatic
• Automatic can be push or pull
• Release Manager will produce a release policy
• Release MUST be tested and NOT by the
developer or the change instigator
 Service Operation
• Maintenance
• Management
• Realises Strategic Objectives and is where the
Value is seen
 Processes in Service Operation
• Incident Management
• Problem Management
• Event Management
• Request Fulfilment
• Access Management
 Functions in Service Operation
• Service Desk
• Technical Management
• IT Operations Management
• Applications Management
Service Operation Balances

A B
Reactive Proactive

Responsiveness Stability

Cost Quality

Internal External
 Incident Management
• Deals with unplanned interruptions to IT
Services or reductions in their quality
• Failure of a configuration item that has not
impacted a service is also an incident (e.g.
Disk in RAID failure)
• Reported by:
– Users
– Technical Staff
– Monitoring Tools
 Event Management
• 3 Types of events
– Information
– Warning
– Exception
• Can we give examples?
• Need to make sense of events and have
appropriate control actions planned and
documented
 Request Fulfilment
• Information, advice or a standard change
• Should not be classed as Incidents or Changes
• Can we give more examples?
 Problem Management
• Aims to prevent problems and resulting incidents
• Minimises impact of unavoidable incidents
• Eliminates recurring incidents
• Proactive Problem Management
– Identifies areas of potential weakness
– Identifies workarounds
• Reactive Problem Management
– Indentifies underlying causes of incidents
– Identifies changes to prevent recurrence
 Access Management
• Right things for right users at right time
• Concepts
– Access
– Identity (Authentication, AuthN)
– Rights (Authorisation, AuthZ)
– Service Group
– Directory
 Service Desk
• Local, Central or Virtual
• Examples?
• Single point of contact
• Skills for operators
– Customer Focus
– Articulate
– Interpersonal Skills (patient!)
– Understand Business
– Methodical/Analytical
– Technical knowledge
– Multi-lingual
• Service desk often seen as the bottom of the pile
– Bust most visible to customers so important to get right!
 Continual Service Improvement
• Focus on Process owners and Service Owners
• Ensures that service management processes
continue to support the business
• Monitor and enhance Service Level
Achievements
• Plan – do –check – act (Deming)
 Service Measurement
• Technology (components, MTBF etc)
• Process (KPIs - Critical Success Factors)
• Service (End-to end, e.g. Customer Satisfaction)
• Why?
– Validation – Soundness of decisions
– Direction – of future activities
– Justify – provide factual evidence
– Intervene – when changes or corrections are needed
 Continual Service Improvement
• Responsible for managing improvements to IT Service
Management Process and IT Services across the whole Service
Lifecycle.

– To continually align and re-align IT services to the changing business

needs by identifying and implementing improvements to IT services
that support business processes.

ITIL v3 Overview - Rob Goodwin-Davey

 7 Steps to Improvement
What should
we measure?

Corrective What can we

action measure?

Present and
Gather data
use info

Analyse data Process data

 CSI Processes
• 7 Step Improvement Process

– Fundamental to CSI is the concept of measurement

– Obvious that all the activities of the improvement process will assist
CSI in some way
– Relatively simple to identify what takes place but difficulty lies in
understanding exactly how this will happen.

ITIL v3 Overview - Rob Goodwin-Davey

 CSI Processes
• 7 Step Improvement Process

• Step 1 – Define what you should measure

– Compile a list of what you should measure

– Make it simple! The number of what you should measure can grow
quite rapidly
– Identify & link: Corporate & IT vision, mission, goals and objectives
– CSFs
– Service Level targets
– Job description for IT staff.

ITIL v3 Overview - Rob Goodwin-Davey

 CSI Processes
• 7 Step Improvement Process

• Step 2 – Define what you can measure

– Every organization may find they have a limit on what they can
actually measure. If you cannot measure something then it should not
be in an SLA.
– Create a list of tools and what they measure against what information
is being collected and reported on.
– Perform gap analysis on the 2 lists & report back to the business,
customers & IT.

ITIL v3 Overview - Rob Goodwin-Davey

 CSI Processes
• 7 Step Improvement Process

• Step 3 – Gathering the data

– Need some form of monitoring in place.

– Quality is the key objective of monitoring in CSI
– Focuses on the effectiveness of a service, process, tool, organization or
Configuration Item (CI).
– Gather whatever data has been identified as both needed and
measurable.
– Gathering data is defined as the act of monitoring and data collection

ITIL v3 Overview - Rob Goodwin-Davey

 CSI Processes
• 7 Step Improvement Process

• Step 4 – Processing the data

– Convert the data in the required format and for the required audience.
Metric to KPI to CSF.
– This step is often overlooked in CSI.
– An example is taking the data from monitoring of the individual
components such as the mainframe, applications, WAN, LAN, servers
etc and process this into a structure of an end-to-end service from the
customer’s perspective.

ITIL v3 Overview - Rob Goodwin-Davey

 CSI Processes
• 7 Step Improvement Process

• Step 5 – Analysing the data

– This transforms the information into knowledge of the events that are
affecting the organization.
– More skill and experience is required to perform data analysis than
data gathering and processing.
– Verification against goals and objectives is expected to validate that
objectives are being supported and value is being added.
– Looking for: clear positive or negative trends, if changes are required,
are targets being met, are corrective actions required etc

ITIL v3 Overview - Rob Goodwin-Davey

 CSI Processes
• 7 Step Improvement Process
• Step 6 – Presenting and using the information

– Take knowledge and present it, turning it into wisdom by utilizing

reports, monitors, action plans, reviews, evaluations and
opportunities.
– 3 distinct groups to present to:
• Business – real need is to understand whether IT delivered the service they
promised at the levels they promised and if not what they have done to correct it
• Senior IT management – focussed on results around CSFs and KPIs such as
customer satisfaction, actual v plan, costing and revenue targets
• Internal IT – interested in KPIs and activity metrics that help them plan, coordinate,
schedule and identify incremental improvement opportunities.

ITIL v3 Overview - Rob Goodwin-Davey

 CSI Processes
• 7 Step Improvement Process

• Step 7 – Implementing Corrective Action

– Use the knowledge gained to optimize, improve and correct services

– Need to identify issues and present solutions
– Explain how the corrective actions to be taken will improve service.
– Based on goals, objectives and types of service breaches, an
organization needs to prioritise improvement activities.
– These may be driven externally such as regulatory requirements,
changes in competition or even political decisions.

ITIL v3 Overview - Rob Goodwin-Davey

 ITIL Roles
• Process Owner
– Ensures Fit for Purpose
• Process Manager
– Monitors and Reports on Process
• Service Owner
– Accountable for Delivery
• Service Manager
– Responsible for initiation, transition and
maintenance. Lifecycle!
 More Roles
• Business Relationship Manager
• Service Asset & Configuration
– Service Asset Manager
– Service Knowledge Manager
– Configuration Manager
– Configuration Analyst
– Configuration Librarian
– CMS tools administrator
 Functions and Processes
• Process
– Structured set of activities designed to accomplish a
defined objective
– Inputs & Outputs
– Measurable
– e.g. ??
• Function
– Team or group of people and tools they use to carry
out one or more processes or activities
– Own practices and knowledge body
– e.g. ??