Information Technology

Infrastructure Library
(ITIL)
History, Concepts and Alignment to CobiT and ISO 20000

Thursday, October 12, 2006

Todays Objectives:

1. Learn about the history of ITIL

2. Understand ITILs key objectives
3. Discover all components of the ITIL Framework
4. Visit each of the core 10 ITIL SM Processes
5. Learn the importance of process interaction
6. Understand the ISO 20000 & alignment to ITIL
7. Understand the alignment to CobiT Framework
8. Learn about the future of ITIL
Dalibor Petrovic, I.S.P.
Consulting Manager,
IT Strategy and Management, Deloitte

- Certified ITIL Service Manager

- EXIN International Exam Marker for ITIL
Service Manager Certifications
- Certified CobiT Professional
- Certified ISO 20000 Internal Auditor
- Chair of itSMF Northern Alberta
WHAT IS ITIL?
Framework for Best Practices in
IT Service Management
A Library of Books
Defined Common Sense
Origins:

British Governments effort to improve IT management

Developed by the CCTA in the late 1980s
Originally, a library of over 40 books that documented
various IT Service areas, processes and standards
Today, a library of 8 books, under the auspices of OGC
ITIL Objectives

Three Key Objectives of IT Service Management:

1. Align IT Services with the Current and Future

Needs of the Business and its Customers
2. Improve Quality of IT Services
3. Reduce Long-Term Costs of IT Service
Provision
In the beginning

there
was
Deming!
The Deming Cycle
The Deming Cycle
 The ITIL Library

Planning to Implement Service Management

Service
Support

The Technology
The Business

ICT
The Business Security Infrastructure
Perspective Management Management

Service
Delivery

Applications Management

Software Asset Management

Source: OGC
ITSM Components
IT Service

security
Service Level Continuity
Management Management

Availability
Management Release
Management
Capacity
Management
IT
Change
Financial Infrastructure Management
Management
for IT services Configuration
Management
Incident
Management Problem Management
 Service Support
The Service Desk
Incident Management
Problem Management
Configuration Management
Release Management
Change Management

Service Delivery
Service Level Management
Availability Management
IT Service Continuity Management
Capacity Management
Financial Management for IT Services
 The Service Desk

The Service Desk

Goals

To act as the single point of contact between the User and IT

Service Management and track status of all customer interactions
To handle Incidents and requests, and provide an interface for other
activities such as Change, Problem, Configuration, Release, Service
Level, and IT Service Continuity Management
 The Service Desk

Inputs to the Service Desk

Information
 The Service Desk

Why a Service Desk?

Essentials

The Service Desk is more than just a Help Desk

The first and single point of contact

High quality support to meet business goals

Help identify costs of IT services

Proactive support and communication of changes

Increase user perception and satisfaction

Identification of business opportunities

Identification of Training Opportunities

 The Service Desk

Responsibilities
Activities

Receive and record all calls from users

Provide first-line support (using knowledge resources)

Refer to second-line support where necessary

Monitoring and escalation of incidents

Keep users informed on status and progress

Provide interface between ITSM disciplines

Produce measurements and metrics

 Incident Management

Incident Management
Goals

To restore normal service operation as quickly as possible with

minimum disruption to the business, thus ensuring that the
best achievable levels of availability and service are
maintained

Incident definition
Any event which is not part of the standard operation of a
service and which causes, or may cause, an interruption to, or
a reduction in, the quality of that service

Work-around definition
A method of avoiding an Incident or Problem either by
employing a temporary fix or technique so the user is no
longer reliant on a Configuration Item (CI) that is known to
cause failure
 Incident Management

The Incident Life Cycle the monitoring and

tracking of Incidents
Activities

Including Impact and Urgency

selection

Yes

No

Note. This is not Problem Closure

 Incident Management

Categorization
Activities

Service affected (and possibly by association the

affected SLA)
User perception of failure in terms of the Users
inability to do something
Batch job output has not been received
I cant print, connect to a server or access an
application
Category and details of CI thought to be at fault
Category and details of CI eventually found to be
at fault
The fault in the CI, the quick fix and the action
taken, etc.
 Incident Management

Impact, Urgency & Priority

Definitions

Impact A measure of the business criticality of an

incident or problem (e.g. numbers
affected, magnitude)
Urgency A measure of the speed with which an
incident or problem requires resolution
(i.e. how much delay will the resolution
bear)
Priority The order in which an incident or
problem needs to be resolved, based on
impact and urgency
 Incident Management

Illustrative Example
Payroll Application: System run once per month to run payroll

Impact Urgency Priority

Failure of payroll High: will effect all Low : Payroll not run Low (at the
server employees for 3 weeks
moment)
(first week in month)
Failure in payroll High: will effect all High : Fix needed High
server (last week of employees before 06:00
month) tomorrow morning

Bank Teller Application: System used by cashiers in bank to transact

on accounts
Impact Urgency Priority
One Branch teller Medium : one branch High : Queues High
application out of 150 beginning to form
performing poorly
Router Interface down Low : Cashiers and Med : Router needs to Med
customers not be re-booted to
impacted due to restore network
redundancy in redundancy
network
 Incident Management

Escalation
Definitions

Hierarchical escalation would typically include authorization,

resources and/or cost

Hierarchical (authority)

Functional (competence)

Functional escalation might include specialist groups e.g. Unix Group

 Incident Management

Functional Escalation
Activities

The use of support

teams is important
in efficient incident
resolution.

First line support

deals with the
communication to
the user, resolution
of known incidents
(e.g. password
resets)

allowing the
second and
subsequent levels
to focus on
resolving assigned
incidents.
 Problem Management

Problem Management
Goals

To minimize the adverse effect on the business of Incidents and

Problems caused by errors in the infrastructure, and to
proactively prevent the occurrence of Incidents, Problems and
Errors.

Problem definition
Unknown cause of one or more incidents

Known Error definition

An Incident or Problem for which the root cause is
known and for which a temporary work around or
permanent alternative has been identified
 Problem Management

Problem Flow
Information

Incidents

Service Desk

Problem

Known Error

Change Process
 Configueration Management

Configuration Management
Goals

Enabling control of the infrastructure by monitoring and maintaining

information on:
Configuration Items (CI) needed to deliver services
CI status and history
CI relationships
Valuable CIs (monetary or service)
Providing information on the IT infrastructure to all other processes and to
IT Management
 Configueration Management

Configuration Management
Definitions

Configuration Item (CI) a component of an IT infrastructure

which is (or is to be) under the control of Configuration
Management and therefore subject to formal change control
Configuration Management Database (CMDB) a database
which contains details of the attributes and history of each CI and
the relationships between CIs
Baseline a snapshot of the state of a CI and its components or
related CIs, frozen in time for a particular purpose, such as:
The ability to return a service to a trusted state if a change goes
wrong
A specification for copying the CI or for a roll-out
The minimum CIs needed to maintain vital Business Functions
after a disaster
 Configueration Management

Major CI Types
Definitions

Documentation Data Files

Designs; Reports; What, Where,
Agreements; Contracts; Most Important Environment
Procedures; Plans; Process Accommodation; Light,
Descriptions; Minutes; Heat, Power; Utility
People Records; Events (Incident, Services (Electricity,
Users, Customers, Problems, Change Records); Gas, Water, Oil); Office
Who, Where, What Proposals; Quotations Equipment; Furniture;
Skills, Characteristics, Plant & Machinery
Experience, Roles

Services
Hardware Desktop Support, Software
Computers, Computer E-mail, Service Desk, Network Mgmt Systems;
components, Network Payroll, Finance, In-house applications; O/S;
components & cables Production Support Utilities (scheduling, B/R);
(LAN, WAN), Packages; Office systems;
Telephones, Switches Web Management
 Configueration Management

CI Relationships and Attributes

Activities

Desktop Device #1 Desktop Device #2

Cable #1 Cable #2 Ethernet

Cable #3

Disk #1 Printer #1
Power
Server
Disk #2
Relationships
Is connected to
System Software Is a copy of
Is part of

Printer #2
Attributes
Application B Owner, status,
Application A
location, serial #,
version, supplier, etc.
 Change Management

Change Management
Goals

Process of controlling changes to the infrastructure or any

other aspect of services, in a controlled manner, enabling
approved changes with minimum disruption.

Change Management ensures that standardized methods and

procedures are used for the efficient and prompt handling of all
Changes, in order to minimize the adverse impact of any
Change-related incidents upon service quality.
Changes can arise as a result of Problems, Known Errors and their
resolution, but many Changes can come from proactively seeking
business benefits such as reducing costs or improving services
 Change Management

Change Management
Definitions

Change a deliberate action that alters the

form, fit or function of Configuration Item (CI)
such as an addition, modification, movement, or
deletion that impacts the IT infrastructure
Request for Change (RFC) a means of
proposing a change to any component of an IT
infrastructure or any aspect of an IT service
Forward Schedule of Change (FSC) a
schedule that contains details of all the changes
approved for implementation and their proposed
implementation date
 Change Management

Change Management
Definitions

Standard Change a Change that is recurrent,

has been proceduralized to follow a pre-defined,
relatively risk free path and where Change
Management and budgetary authority is
effectively give in advance
Service Request a request, usually made
through a Service Desk, for a Standard Change
Example: providing access to services for a new
member of staff or relocating a few PCs
 Release Management

Release Management
Goals

Release Management takes a holistic view of a Change to an

IT service and should ensure that all aspects of a Release, both
technical and non-technical, are considered together

Good resource planning and management are

essential to package and distribute a Release
successfully.

The focus of Release Management is the

protection of the live environment and its services
through the use of formal procedures and checks.
Service Support Process Model

Management Service Enquiries,

Tools & IT Incidents
Desk Communications, Users /
Infrastructure Workarounds,
Updates
Customers
Incident
Management
Changes
Problem Releases
Management
Services
Reports, Change
Management
Incidents,
Statistics, Problem Release
Audit Reports Statistics, Management
Trend Analysis,
Problem
Reports, Change Configuration
Schedule, Release Management
Problem
Reviews, CAB Minutes, Schedule,
Diagnostic Change Release
Aids, Statistics, Statistics, CMDB Reports,
Audit Reports Change Release CMDB Statistics,
Reviews, Reviews, Policy/Standards,
Audit Reports Source Library, Audit Reports
Testing
Standards,
Audit Reports

Incidents Problems, Changes Releases CI Relationships

Known Errors
Configuration Management Database
 Service Support
The Service Desk
Incident Management
Problem Management
Configuration Management
Release Management
Change Management

Service Delivery
Service Level Management
Availability Management
IT Service Continuity
Management
Capacity Management
Financial Management for IT
Services
 Service Level Management

Service Level Management

Goals

To maintain and gradually improve business aligned IT service

quality, through a constant cycle of defining, agreeing,
monitoring, reporting and IT service achievements and through
instigating actions to eradicate unacceptable levels of service

Service Level Management manages and

improves the agreed level of service
between two parties

The provider who may be an internal

service department or the external
organisation that provides an outsourced
service

The receiver of the servers i.e. the

customer who pays the bill.
 Availabtily Management

Availability Management
Goals

To optimise the capability of the IT infrastructure and supporting

organisations to deliver a cost effective and sustained level of
availability that enables the business to satisfy its objectives
 IT Service Coninuity Management

IT Service Continuity Management

Goals

To support the overall Business Continuity Management

process by ensuring that the required IT technical services and
facilities can be recovered within required and agreed business
time-scales

Note. IT Service Continuity Management used to be known as Disaster Recovery in the old ITIL books
 Capacity Management

Capacity Management
Goals

To understand the future business requirements (the required

service delivery), the organization's operations (the current
delivery), and ensure that all current and future capacity and
aspects of the business requirements are provided cost
effectively
 Financial Management For IT Services

Financial Management
Goals

To provide cost-effective stewardship of the IT assets and

financial resources used in Services

Note. Financial Management of IT Services used to be known as Cost Recovery in the old ITIL books
Participants in IT Service Management

Sr. IT Sr. Service

Strategic Mgt Mgt Delivery

Tactical Service Level Customers Service

Management Support

Operational Service Desk Users

IT The Business
 DISPATCH Emergency TESTS and

Management
AMBULANCE Room ANALYSIS

Problem
Root Cause Service Level Mgmt

Financial Mgmt
Specialist
DIAL 911 Consult
DIAGNOSIS
Problem Control Error Control

Incident
Management
Request for
Heart Operation/Procedure
Capacity Management
Availability Management Attack!!!
Service Continuity Management
Operations
& Scheduling
Surgical Team
Patient Lifecycle Medical Filter
File Develop
Strategy

Impact Analysis
Medical Procedure Library Perform
Operation
/Procedure
Prioritize
Medical Tools

Configuration Management Release Management Change Management

ITIL is more than a library of books

Training Qualifications:
Fundamentals Certification at each
Practitioner level
Service Manager

Information Technology Infrastructure Library

Consultancy:
Tools: ITIL
Provision of IT
compliance is
consulting services to
driving tools
clients based on a de
manufacturers
facto standard
itSMF: User groups
providing seminars,
conferences, and
workshops
Consistent and predictable results, process
improvement and cost saving top the list of
benefits from implementing defined IT Process
methods
*

* Source: Forrester Research Stabilizing IT with Process Methodologies May, 2005

CobiT

What Is It?
How Does It Relate To ITIL?
COBIT and ITILProcess Perspective

Strategic

Process Control
XY

##
XY

##
COBIT XY

##
XY

##
XY

##

Process Execution
ITIL

Work Instruction
Work instruction Work instruction Work instruction Work instruction Work instruction
2 2 2 2 2
3 3 3 3 3
4,5,6. 4,5,6. 4,5,6. 4,5,6. 4,5,6.
CobiT

WHAT COBIT
Control

HOW ITIL
Activities
Gartner Advisory on COBIT and ITIL

COBIT WHAT
Control
ITIL
Activities HOW
 Acquire and Implement
(AI Process Domain)

Plan and
Organise
(PO Process Domain)

Monitor and
Deliver and Support
Evaluate (DS Process Domain)
(M Process Domain)
 Plan and Organise Acquire and Implement

Define Define Determine Acquire and Acquire and Develop and

Identify Install and
Strategic Information Technological Maintain Manage Maintain Maintain
Automated Accredit
IT Plan Architecture Direction Application Change Technology IT
Solutions Systems
Software Infrastructure Procedures

Define IT
Communicate
Organisation Manage IT
Aims and
and Investment
Direction
Relationships
ITIL
Manage
Ensure
Compliance Assess
Service Support Service Delivery
Human Service
with External Risks Service Incident Problem Availability Capacity
Resource Level
Standards Desk Management Management Management Management
Management

Change Release Configuration Financial Continuity

Manage Manage Management Management Management Management Management
Projects Quality

Monitor and Evaluate Deliver and Support

Assess
Monitor Internal Define and
the Manage Manage Ensure Ensure Identify
Control Manage Manage
Process Third-party Performance Continuous System and Allocate
Adequacy Service Operations
Services and Capacity Service Security Costs
Levels

Assist and
Obtain Provide Educate Manage
Advise Manage Manage Manage
Independent Independent and Problems and
IT Configuration Data Facilities
Assurance Audit Train Users Incidents
Customers
 Plan and Organise Acquire and Implement

Define Define Determine Acquire and Acquire and Develop and

Identify Install and
Strategic Information Technological Maintain Manage Maintain Maintain
Automated Accredit
IT Plan Architecture Direction Application Change Technology IT
Solutions Systems
Software Infrastructure Procedures

Define IT
Communicate
Organisation Manage IT
Aims and
and Investment
Direction
Relationships
ITIL
Manage
Ensure
Compliance Assess
Service Support Service Delivery
Human Service
with External Risks Service Incident Problem Availability Capacity
Resource Level
Standards Desk Management Management Management Management
Management

Change Release Configuration Financial Continuity

Manage Manage Management Management Management Management Management
Projects Quality

Monitor and Evaluate Deliver and Support

Assess
Monitor Internal Define and
the Manage Manage Ensure Ensure Identify
Control Manage Manage
Process Third-party Performance Continuous System and Allocate
Adequacy Service Operations
Services and Capacity Service Security Costs
Levels

Assist and
Obtain Provide Educate Manage
Advise Manage Manage Manage
Independent Independent and Problems and
IT Configuration Data Facilities
Assurance Audit Train Users Incidents
Customers
 Plan and Organise Acquire and Implement

Define Define Determine Acquire and Acquire and Develop and

Identify Install and
Strategic Information Technological Maintain Manage Maintain Maintain
Automated Accredit
IT Plan Architecture Direction Application Change Technology IT
Solutions Systems
Software Infrastructure Procedures

Define IT
Communicate
Organisation Manage IT
Aims and
and Investment
Direction
Relationships
ITIL
Manage
Ensure
Compliance Assess
Service Support Service Delivery
Human Service
with External Risks Service Incident Problem Availability Capacity
Resource Level
Standards Desk Management Management Management Management
Management

Change Release Configuration Financial Continuity

Manage Manage Management Management Management Management Management
Projects Quality

Monitor and Evaluate Deliver and Support

Assess
Monitor Internal Define and
the Manage Manage Ensure Ensure Identify
Control Manage Manage
Process Third-party Performance Continuous System and Allocate
Adequacy Service Operations
Services and Capacity Service Security Costs
Levels

Assist and
Obtain Provide Educate Manage
Advise Manage Manage Manage
Independent Independent and Problems and
IT Configuration Data Facilities
Assurance Audit Train Users Incidents
Customers
 Plan and Organise Acquire and Implement

Define Define Determine Acquire and Acquire and Develop and

Identify Install and
Strategic Information Technological Maintain Manage Maintain Maintain
Automated Accredit
IT Plan Architecture Direction Application Change Technology IT
Solutions Systems
Software Infrastructure Procedures

Define IT
Communicate
Organisation Manage IT
Aims and
and Investment
Direction
Relationships
ITIL
Manage
Ensure
Compliance Assess
Service Support Service Delivery
Human Service
with External Risks Service Incident Problem Availability Capacity
Resource Level
Standards Desk Management Management Management Management
Management

Change Release Configuration Financial Continuity

Manage Manage Management Management Management Management Management
Projects Quality

Monitor and Evaluate Deliver and Support

Assess
Monitor Internal Define and
the Control Manage Manage Ensure Ensure Identify
Manage Manage
Process Adequacy Third-party Performance Continuous System and Allocate
Service Operations
Services and Capacity Service Security Costs
Levels

Assist and
Obtain Provide Educate Manage
Advise Manage Manage Manage
Independent Independent and Problems and
IT Configuration Data Facilities
Assurance Audit Train Users Incidents
Customers
ISO 20000

What Is It?
How Does It Relate To ITIL?
ISO 20000: Basic Concepts

Quality standard for IT Service Management

Formal specification defined requirements for an organization
to deliver managed services to acceptable quality to customers

BS 15000 fast-tracked to become IS0 20000

ITIL forms the basis of the standard
Standard = a list of criteria that needs to be met

The standard versus the framework

Standard = audit & certify against. Makes ITIL alive
Framework = best practice that the standard is based on
ISO 20000

Capacity SERVICE DELIVERY Information

Management Security
Service Level Management Management
Service Reporting
Availability and Budgeting and
The Business
Service ICTAccounting for
Perspective CONTROL Infrastructure
Continuity IT Services
Management
Configuration Management
RELEASE Change Management RELATIONSHIP

Business Relationship
Release RESOLUTION Management
Management Incident Management
Supplier Relationship
Problem Management
Management

Source: itSMF International

Example: Change Management
Specifications: Objective + Requirements

Objective:
To ensure all changes are assessed, approved, implemented and
reviewed in a controlled manner

Requirement examples:
All requests for change shall be recorded and classified, e.g.
urgent, emergency, major, minor
Requests for changes shall be assessed for their risk, impact
and business benefit
All changes shall be reviewed for success and any actions
taken after implementation
Example: Change Management
Code of Practice: Objective + Detailed Best Practices

Objective (Sub-process: 8.2.2): Closing and reviewing the

change request

Detailed Best Practice:

All changes should be reviewed for success or failure after
implementation and any improvements recorded
A post-implementation review should be undertaken for major
changes to check that:
a) the change met its objectives;
b) the customers are happy with the results;
c) there have been no unexpected side effects
Any nonconformity should be recorded and actioned
Any weaknesses or deficiencies identified in a review of the
change control process should be fed in to service
improvement plans
 Future
ITIL to this: from
ITILthis.
V.3
Planning to Implement Service Management

Service Service Service Service Continuous

Strategy Design
Service
Transition
Operation Service
Support

The Technology
Improvmt
The Business

ICT
The Business LIFECYCLESecurity
PERSPECTIVE Infrastructure
Perspective Management Management

Service
Pocket Guides Case Studies
Delivery
ITIL Practice Working Templates
Applications Management
Governance Methods Certification-based Study Aids

Software Asset
Executive Introduction to ITManagement
Service Management
 Various non-proprietary frameworks and methods exist to help
IT organizations become more process centric and improve the
quality of the services delivered

ITIL CMM CobiT Six Sigma ISO 2000

The IT Infrastructure The Capability Maturity Control OBjectives A data driven quality A standard concerned
What is it? Library is a Model is a method for Information and management program primarily with the
customizable of evaluating and related Technology to control variations quality of IT Service
framework measuring the is a framework for and thereby achieve Management. It
of best practises that maturity of the information security high levels of quality. provides the basis to
promote quality IT software development and provides fulfill customer
service, build on a process. Recent generally accepted requirements,
process-model view revisions (CMMI) IT control objectives regulatory
of controlling and provide guidance for to assist in developing requirements, enhance
managing operations. improving organization appropriate IT customer satisfaction,
ITIL was originally process and manage governance and and pursue continual
developed by the UK the development, control improvement
government and has acquisition and
since matured into maintenance of
an internationally products and service
recognized standard.

IT Operations IT Development Governance and Process Improvement Processes Consistency

Focus Service Management Control

Yes Yes Yes No Yes

IT Specific

Define and implement Determine extent of Provide process Improve processes Certify processes are
How it fits processes process maturity controls being followed
Frameworks and Methodologies

ISO20000
CobiT
SIX SIGMA
CMMi
Governance
Business
ITIL Process
Models
In summary:

ITIL is:

The international de-facto Best Practice for IT Service

Management
Process Approach to improving Quality, Efficiency and
Effectiveness
Service focused IT management, viewed from the
perspective of IT customers and users
Evolving, vendor-neutral, non-proprietary framework
CobiT complementary, Certifiable through ISO20000
DEFINED COMMON SENSE