Service level management principles form the basis on how to contribute to an ITSM culture to ensure that the right services with the appropriate quality are delivered, at the right cost to end users.
A) Purpose of Service Level Management Process
Ensure all current / planned services are delivered to agreed achievable targets
Accomplished through a constant cycle of negotiating, agreeing, monitoring, reporting on and reviewing IT service targets and achievements, and through instigation of actions to correct or improve the level of service delivered
B) Objectives of Service Level Management Process
Define, document, agree, monitor, measure, report and review the level of IT services provided; instigate corrective measures whenever appropriate
Provide and improve a relationship / communication with the business and customers in conjunction with business relationship management
Ensure specific and measurable targets are developed for all IT services
Monitor and improve customer satisfaction with quality of service delivered
Ensure IT and customers have a clear expectation of service levels to be delivered
Ensure that even when all agreed targets met, the levels of service delivered are subject to proactive, cost-effective continual improvement.
C) Scope of Service Level Management Process
Establishing service level requirements
Establishing Service level agreements
Monitoring service performance.
Measuring customer satisfaction.
Reporting on service performance and customer satisfaction.
Maintaining customer relationships.
D) Key Activities of Service Level Management Process
Identify IT services and service requirements
Define, build and manage the IT Service Catalog
Define, build and negotiate Service Level Agreements (SLAs)
Define, build and negotiate Operational Level Agreements (OLAs)
Identify Underpinning Contract service requirements (UCs)
Monitor and manage SLAs, OLAs and UCs
Initiate service improvement actions
Provide management information about Service Level Management quality and operations
4.8.2 Service Catalogue Management (SCM)
A service catalogue is a database or structured document with information about all live IT services, including those available for deployment. The service catalogue is part of the service portfolio and contains information about two types of IT service: customer-facing services that are visible to the business and supporting services required by the service provider to deliver customer-facing services.
Service Catalogue Management is a process responsible for providing and maintaining the service catalogue and for ensuring that it is available to those who are authorized to access it.
The service catalogue has different views for different people (users, IT, etc.)
Two-view (business service/technical service)
Three-view (wholesale customer, retail customer and supporting services).
B) Objectives of Service Catalogue Management Process
The production and maintenance of the service catalogue.
Documenting the details of the service, status, interfaces and dependencies (obtained from Configuration Management System), often in service packages (solution)
Ensure the service catalogue is made available to those approved to access it in a way that supports their effective and efficient use of service catalogue information
C) Scope of Service Catalogue Management Process
Contribution to the definition of services and service packages
Development and maintenance of service and service package descriptions appropriate for the service catalogue
Production and maintenance of an accurate service catalogue
Interfaces, dependencies / consistency between the catalogue and service portfolio
Interfaces and dependencies between all services and supporting services within the service catalogue and the CMS
D) Key Activities of Service Catalogue Management Process
Documenting the definition of the service
Production and maintenance of an accurate service catalogue
Interfaces, dependencies and consistency between the service catalogue and service portfolio
Interfaces and dependencies between all services and supporting services within the service catalogue and the CMS
Interfaces and dependencies between all services, and supporting components and Configuration Items (CIs) within the Service Catalogue and the CMS
4.8.3 Availability Management
Availability management is a process responsible for ensuring IT services meet current and future availability needs of the business in a cost-effective and timely manner.
A) Purpose of Availability Management Process: The purpose of Availability Management is to provide a focal point and management responsibility for all availability-related activities in respect of both resources and services
B) Objectives of Availability Management process
To prepare and maintain the Availability Plan.
To monitor availability levels and the status of resources and services to identify potential and actual availability issues and prevent or minimize any consequent business interruptions.
To manage the availability of services and resources to meet agreed service levels.
To assist with the investigation and resolution of availability-related Incidents and Problems.
To assess the impact of changes on availability levels and plans.
To proactively improve availability where the cost is justified.
C) Scope of Availability Management process
Covers the design, implementation, measurement, management, testing and improvement of IT service and component availability (reduce availability issues throughout the service lifecycle)
Ensure that availability is duly considered in service design
Should be applied to all operational services and technology, particularly those covered by SLAs.
Monitor and measure availability according to SLA (if available)
Include both reactive (monitoring by event management, investigating downtime incidences) and proactive (identifying and managing risks) activities.
All information is recorded in the availability management information system. An ongoing process, finishing only when the IT service is decommissioned or retired
D) Key Activities of Availability Management Process
Proactive activities:
Ensure that appropriate design and planning of availability takes place for all new services
Planning, design and improvement of availability
Providing cost effective availability improvements that can deliver business and customer benefits
Ensuring agreed level of availability is provided
Produce and maintain an availability plan
Reactive activities:
Monitoring, measuring, analysis and management of all events, incidents and problems involving unavailability
Continually optimize and improve availability of IT infrastructure services
Assisting security and ITSCM in the assessment and management of risk
Attending CAB as required
Determining availability requirements: the Availability Manager can determine the availability requirements.
Determining Vital Business Functions (VBF's): IT systems that support VBFs should have higher availability expectations and the appropriate systems and support to achieve and sustain these higher levels at critical times which have been agreed and documented in the SLA.
Business Impact analysis: A formal analysis of the affect on the business, if a specific set of IT services are not available.
E) Key Indicators of Availability Management
Reliability: A measure of how long a service, component or CI can perform its agreed function without Interruption. It is measured as the mean time between service incidents (MTBSI) or mean time between failures (MTBF)
2) Maintainability: A measure of how quickly and effectively a service, component or CI can be restored to normal working after a failure. It is measured as the mean time to restore service (MTRS).
3) Serviceability: Ability of a third-party supplier to meet the terms of its contract. This contract will include agreed levels of availability, reliability and/or maintainability for a supporting service.
4) Resilience: A measure of freedom from operational failure and a method of keeping services reliable. It minimizes the consequences of component failure; one popular method of resilience is redundancy.
5) Security: Security refers to the confidentiality, integrity, and availability of that data.
4.8.4 Information Security Management
Information security is the management process within the corporate governance framework, which provides the strategic direction for security activities and ensures objectives are achieved.
A) Purpose of Information Security Management: The purpose of the Information Security Management is to ensure that IT security meets the overall business security requirements through availability, integrity, and confidentiality.
B) Objectives of Information Security Management
Information is available and usable when required, and the systems that provide it can appropriately resist attacks and recover from or prevent failures availability
Confidentiality: Information is observed by, or disclosed, to only those who have a right to know.
Integrity: Information is complete, accurate and protected against unauthorized modification
Authenticity and Non-repudiation: Business transactions, as well as information exchanges between partners, can be trusted.
C) Scope of Information Security Management
Identifying information security needs.
Establishing security policies and methods.
Implementing security policies and methods.
Monitoring system access and needs.
D) Elements of Information Security Management Process:
There are five elements of Information Security Management Process they are:
Control: The objectives of control elements are:
Establish an organization structure to prepare, approve and implement the information security policy.
Establish a management framework to initiate and manage information security in the organization.
Allocate responsibilities establish and control documentation.
Plan: The objectives of Plan are:
Devise and recommend the appropriate security measures, based on an understanding of the requirements of the organization.
The requirements will be gathered from such sources as business and service risk, plans and strategies, SLAs and OLAs and the legal, moral and ethical responsibilities for information security.
Implement: The objective of the implementation element is to ensure that appropriate procedures, tools and controls are in place to underpin the Information Security Policy.
Evaluation: The objectives of Evaluation element are:
Supervise and check compliance with the security policy and security requirements in SLAs and OLAs.
Carry out regular audits of the technical security of IT systems.
Provide information to external auditors and regulators, if required.
Maintain: The objectives of Maintain element are:
Improve on security agreements as specified in, for example, SLAs and OLAs.
Improve the implementation of security measures and controls.
E) The Information Security Policy
The policy must cover all areas of security, be appropriate, meet business needs and include:
1) An overall Information Security Policy
2) Use and misuse of IT assets policy
3) An access control policy
4) A password control policy
5) An e-mail policy
6) An internet policy
7) An anti-virus policy
8) An information classification policy
9) A document classification policy
10) A remote access policy
11) A policy with regard to supplier access of IT services, information and components
12) An asset disposal policy.
4.8.5 Supplier Management
The process responsible for getting value for money from suppliers, ensuring all supplier contracts and agreements support business needs, and all suppliers meet contractual commitments.
A) Purpose of Supplier Management Process: The purpose of the supplier management process is to obtain value for money from suppliers and to ensure that suppliers perform to the targets contained within their contracts.
B) Objectives of Supplier Management Process
Obtain value for money from suppliers and contracts.
Work with SLM to ensure underpinning contracts support and are aligned with business needs, SLRs and SLAs.
Negotiate and agree underpinning contracts and manage through their lifecycle.
Manage supplier relationships and performance.
Maintain a supplier policy and a Supplier and Contract Database (SCD).
C) Scope of Supplier Management Process
Identifying qualified suppliers.
Negotiating with suppliers.
Establishing underpinning contracts.
Monitoring supplier performance.
D) Categories of Supplier Management Process
Strategic - for significant partnering relationships that involve senior managers sharing confidential strategic information to facilitate long-term plans
Tactical - relationships involving significant commercial activity and business interaction.
Operational - for suppliers of operational products or services
Commodity - for suppliers providing low-value and/or readily available products and services.
4.8.6 Capacity Management
Capacity management process is responsible for ensuring that the capacity of IT services and the IT infrastructure is able to meet agreed capacity- and performance-related requirements in a cost-effective and timely manner.
A) Purpose of Capacity Management Process
Ensure that the IT infrastructure and the capacity of IT services reach the agreed capacity and performance levels in a cost-effective and timely manner.
Capacity management process should to meet both the current and future capacity and very importantly the performance needs of a business.
B) Objectives of Capacity Management Process
Providing guidance and suggestions to other areas of the business and IT on all capacity and performance related issues
Making sure that service performance achievements reach their agreed targets by managing the capacity and performance of both resources and services
Helps with the diagnosis and resolution of capacity and performance related issues
Estimating the impact of all changes on the capacity plan.
Making sure that proactive measures are taken to improve the performance of services.
C) Scope of Capacity Management Process
Accounting for data storage, concurrency, and service data.
Establishing and implementing capacity designs.
Analyzing and assessing capacity performance.
D) Activities of Capacity Management
There are mainly three activities of Capacity Management Process they are:
Business Capacity Management: Translates business needs and plans into requirements for service and IT infrastructure, ensuring that the future business requirements for IT services are quantified, designed, planned and implemented in a timely fashion.
Service Capacity Management: Focuses on the management, control and prediction of the end-to-end performance and capacity of the live, operational IT services usage and workloads.
Component Capacity Management: Focuses on the management, control and prediction of the performance, utilization and capacity of individual IT technology components.
4.8.7 The IT Service Continuity Management
IT service continuity management (ITSCM) is responsible for the continuity of the IT services required by the business in times of disasters or extreme events to recover the IT services. (Less significant incidents are dealt with by Incident Management Process). ITSCM is one of the elements of business continuity plan (BCM).
A) Purpose of IT Service Continuity Management Process
Identify and manage the risks to the IT services.
Agree with the business for the minimum requirement of service in case of a disaster
B) Objectives of IT Service Continuity Management Process
Maintain a set of IT Service Continuity Plans and IT recovery plans that support the overall Business Continuity Plans (BCPs) of the organization.
Complete regular Business Impact Analysis (BIA) exercises to ensure that all continuity plans are maintained in line with changing business impacts and requirements.
Conduct regular risk assessment and management exercises in conjunction particularly with the business and the Availability Management and Security Management processes that manages IT services within an agreed level of business risk.
Provide advice and guidance to all other areas of the business and IT on all continuity- and recovery-related issues.
Ensure that appropriate continuity and recovery mechanisms are put in place to meet or exceed the agreed business continuity targets.
Assess the impact of all changes on the IT Service Continuity Plans and IT recovery plans
Ensure that proactive measures to improve the availability of services are implemented wherever it is cost-justifiable to do so.
Negotiate and agree the necessary contracts with suppliers for the provision of the necessary recovery capability to support all continuity plans in conjunction with the Supplier Management process.
C) Scope of IT Service Continuity Management Process
Defining continuity needs
Establishing Continuity Plans
Implementing Continuity Plans
Periodically Testing Continuity Plans.
D) Activities of IT Service Continuity Management Process
There are four stages of ITSCM, incorporating each of the activities that take place to ensure that IT organizations are as prepared and organized as possible in the event of a disaster situation. The stages are as follows:
1) Initiation defines policy, scope, allocate resources and set up project organization.
2) Requirements and strategy will need to be defined.
A business impact analysis (BIA) has to be done.
Service analysis will also have to be done. this will analyze essential IT services based on the SLA. Dependencies must be assessed also.
Risks affecting the business will then have to be analyzed. The ITSC manager also has to identify the threats and vulnerabilities.
ITSCM strategy must then be defined. The strategy can be risk reduction or recovery planning.
3) The next step is to implement the plan. This includes setting up the organization, developing the plan and testing it.
4) Operation management requires training non-IT staff on the DRP. It requires regular review and testing. Any improvements or changes have to go through the Change management process.
figure: Activities of an IT Service Continuity Management Process
E) Sub-process of IT Service Continuity Management Process
1) Business Impact Analysis- identify key services that need continuity at different time of the day/month/year and clarify relative importance of individual services
2) Risk Assessment - to compile a list of evaluated risks and propose counter measures. These will ensure the provision of IT service continuity in a cost-effective way
