Professional Documents
Culture Documents
Agenda/Learning Objectives
Agenda/LearningObjectives
Primarygoals,objectivesandbenefitsof
g
ServiceDesign
Genericconceptsanddefinitions
ServiceDesignPackage
S i D i P k
ServicePortfolio(andServiceCatalogue)
ServiceProvider&Supplier
SLA,OLA,Contract
SLA, OLA, Contract
Availability
Information Technology Learning
Agenda/Learning Objectives
Agenda/LearningObjectives
KeyPrinciplesandModels
Processes
ServiceLevelManagement
ServiceCatalogueManagement
S i C l
M
AvailabilityManagement
InformationSecurityManagement
SupplierManagement
Supplier Management
CapacityManagement
ITServiceContinuityManagement
IT S i C i i M
Information Technology Learning
Definition
TheDesignofappropriateandinnovativeIT
g
services, includingtheirarchitectures,
processes,policiesand documentation,to
meet current and future agreed business
meetcurrentandfutureagreed
business
requirements
ServiceDesigntranslatestrategicplansand
l
l
objectivesandcreatesthedesign
specifications forexecutionthroughService
Transition and Operation
TransitionandOperation
Information Technology Learning
PrimaryGoals,Objectives
Primary
Goals Objectives &
&
Benefits
ServiceDesign
Objectives
Servicethatmeetbusinessrequirements
Servicethatadheretothepoliciesand principlesofServiceStrategy
Designefficientandeffectiveprocessesforthedesign,transitions,
operationandimprovementofhighqualityITservices
DesignsecureandresilientITinfrastructure
D i
Designmeasurementmethodsandmetrics
h d
d
i
Reducingtheneedforreworkingandenhancingservices
Governance
Functionality
Schedule
Resource
BusinessserviceaBusinessservicebBusinessservicec
Business
Business
Business
Process3
Process
Process2
2
Process1
SSLAss
SLAs
SLAs
Service
St t
Strategy
Business
Business
Business
Process6
Process
Process5
5
Process4
ServiceD
ServiceC
Se
ce
C
ServiceB
Service
B
ServiceA
Service
T
Transition
iti
The business
Business
Business
Business
Process9
Process
Process8
8
Process7
IT Services
IT
Service
O
Operation
ti
SKMS
Service
Portfolio
S i D i
ServiceDesign
Process
SLM
Service
Improvement
S
SLAs
SLAs
SLAs
Services
SCM
SLAs
SLAs
SLAs
Architectures
Supplier
Security
Availability
ITServiceContinuity
Capacity
SLAs
SLAs
Measurement
SLAs
methods
Supportteams
Suppliers
Business
Process
Change
Business
Requirements
&Feasibility
IT Service
Requirement
Business
Process
Development
Business
Process
Implementation
Business
Benefit
Realization
IT Service
ITServiceLifecycle
Service Composition
ServiceComposition
B i
BusinessService
S i
Requirement
Requirements/demand:
BusinessServiceA
Business
Process1
Business
Process2
Business
Process3
Policy/strategy
governance
compliance
ITService
Utility:
Service
Name,description,
,
p
,
purpose,impact,contacts
Warranty:
SLAs/SLRs
incl.Cost/prices
Servicelevels,targets,assurance
servicehours,responsibility
, p
y
Assets/resources:
Infrastructure
Systems,assets,
components
A t/
Assets/capabilities:
biliti
Process,supportingtargets,
resources
Assets/capabilities:
Resources,staffing,skills
OLAs
contracts
Support
services
Support
pp
teams
S
Supplier
li
Environment
Data
Applications
IT
process
Requirement
collections
Design
appropriate
services
Reviewand
revision
Liaisonwith
other
process
Production
and
mantainance
Revisionofall
design
documents
Risk
assesment
Ensure
alignment
withpolicies
&strategies
Design Aspect
DesignAspect
Servicesolutions
incl.allofthefunctionalrequirements,resourcesandcapabilitiesneeded&agreed
ServiceManagementsystemandtools
especiallytheServicePortfolioformanagementandcontrolofservicesthroughtheir
lifecyle
Technologyarchitecture
andmanagementarchitecturesandtoolsrequiredtoprovidetheservices
Processes
thatneededtodesign,transition,operateandimprovetheservices
Measurementsystems
incl.methodsandmetricsfortheservices,thearchitecturesandtheirconstituent
p
p
componentsandtheprocesses
KeyPrinciplesandModels
ServiceDesign
The 4Ps
The
4P sofServiceManagement
of Service Management
ThesearetheMajor
ComponentsofService
Management
Thedesignandsubsequent
Implementation of Service
ImplementationofService
Management(and
individual service)isabout
preparingandplanning
(designing)theeffective
andefficientuseofthefour
d ffi i t
f th f
Ps
Processes
People
Product
P
Partners
ThedesignoftheServiceManagementSystems&Tools (especiallyService
P tf li )
Portfolio)
Requiredordertomanageandcontroltheservicesthroughtheirlifecycle
Thedesignofthetechnologyarchitectureandmanagementsystem
The
design of the technology architecture and management system required
required
toprovidetheservices
Toensurethatthealltechnologyarchitecturesanmanagementsystemsareconsistentwith
theneworchangedserviceandhavethecapabilitytooperateandmaintainthenew
h
h
d
dh
h
bl
d
h
services.
Ifnot,theneitherthearchitectureormanagementsystemswillneedtobeamendedorthe
designofthenewservicewillneedtoberevised
des
g o t e e se ce
eed to be e sed
Utilizeinternalorganisationalresourcesinthedesign,
development,transition,maintenance,operation,
and/or support of a new changed or revised service
and/orsupportofanew,changedorrevised
Outsourcing
Utilisestheresourcesofanexternalorganisation(or
ili
h
f
l
i i (
organisations)inaformalarrangementtoprovidea
welldefinedportionofaservicesdesign,development,
maintenance,operations,and/orsupport
, p
,
/
pp
Cosourcing
Oftenacombinationofinsourcingandoutsourcing,
usinganumberofoutsourcingorganisationsworking
togethertodesign,develop, transition,maintain,
operate,and/orsupportaportionofaservice
Formalarrangementsbetweentwoormoreorganisations
toworktogethertodesign,develop,transition,maintain,
operate,and/orsupportITservice(s)
Thefocus heretendstobeonstrategicpartnershipthat
leveragecriticalexpertiseormarketopportunities
Business
process
process
outsourcing
Relocationofentirebusinessfunctionsusingformal
arrangementbetweenorganizationswhereone
organisationprovidesandmanagestheother
organisationssentirebusinessprocess(es)orfunction(s)in
organisation
entire business process(es) or function(s) in
alowcostlocation
Commonexamplesaredatacentreand payrolloperations
InvolvesformalarrangementswithanApplicationService
Provider(ASP)organisationthatwillprovidesharedcomputer
basedservicestocustomer organisationsoveranetwork
Applicationofferedinthiswayoftentermedondemand
ThroughASPsthecomplexitiesandcostsofshareds/wcanbe
reduced(andprovidetoorganisationsthatmaynototherwise
beabletojustifyinvestment
j
y
Knowledge
process
process
outsourcing
Thenewestformofsourcing
KPOisa stepaheadofBPOinonerespect
KPOorganisationsprovidedomainbasedprocessesbusiness
expertise rather than just process expertise and requires
expertiseratherthanjustprocessexpertiseandrequires
advancedanaytical andspecializedskillsfromthe outsourcing
organization
ServiceLevelManagement
ServiceDesign
Goal of SLM
GoalofSLM
Thegoal oftheServiceLevelManagementprocessis
toensurethatanagreedlevelofITserviceis
providedforallcurrentITservice,andthatfuture
servicearedesignedanddeliveredtoagreed
achievabletargets
Objectives
Define,document,agree,monitor,reportandreviewthelevelofIT
f
d
d
h l l f
servicesprovided
Provideandimprovetherelationshipandcommunicationwiththe
p
p
businessandcustomer
EnsurethatspecificandmeasurabletargetsaredevelopedforallIT
services
Monitorandimprovecustomersatisfactionwiththequalityofservice
delivered
EnsurethatITandthecustomershaveaclearandunambiguous
expectationofthelevelofservicetobedelivered
Ensure that proactive measures to improve the level of service delivered
Ensurethatproactivemeasurestoimprovethelevelofservicedelivered
areimplementedwhereveritiscostjustifiabletodoso
Key Activities
KeyActivities
Developrelationshipwithbusiness,
customers,andstakeholders
Determinate,Negotiate,Document,&agree
Requirements for new and changed services in
Requirementsfornewandchangedservicesin
SLRs
Develop&manageSLAsforOperational
Service
Reviewandrevised underpinningOLAsinline
withSLAs
ith SLA
Information Technology Learning
Key Activities
KeyActivities
Monitorandmeasureserviceperformance
g
g
againstSLATargets
CollatemeasureandimproveCustomer
Satisfaction
ProduceServiceReports
ConductServiceReviewandInstigate
improvements within an overall Service
improvementswithinanoverallService
Improvement Program/Plan(SIP)
Information Technology Learning
Basic Concepts
BasicConcepts
ServiceLevel
g
(
)
Agreement(SLA)
Writtenagreementbetweenan ITserviceprovider&theIT
customer(s),definingquantitativelyandqualitativelythe
servicebeingofferedtoacustomer,thekeyservicetargets
andresponsibilitiesofbothparties
OperationalLevel
Agreement(OLA)
AgreementbetweenanITserviceprovider&anotherpart
ofthesameorganizationthatassistswiththeprovisionof
services
Contract(formerly
Contract
(formerly
knowasUnderpinning
Contract U/C)
Formal
FormalcontractbetweenanITServiceProvider&aThird
contract between an IT Service Provider & a Third
PartycoveringdeliveryofservicesthatsupporttheIT
organisationintheirdeliveryofservices.
Basic Concepts
BasicConcepts
ServiceLevel
R
Requirements
i
(SLRs)
AdocumentownedbytheBusinessownerofthe
Service
Detailsthedesiredlevelofservice
Generallyusedasastartingpointforthedevelopment
oftheSLA,butdoesnotbecomeapartoftheSLA
Service
Service
Improvement
P
Programmed
d
(SIP)
Aplanorprogrammedestablishedtoimprovean
aspectsoftheITservice
Oftendevelopedinconjuction withAvailabilityand
CapacityManagement
GenerallyownedbyServiceLevelManagement
What is an SLA?
WhatisanSLA?
TheSLAiseffectivelyalevelofassuranceor
warrantywithregardtothelevelofSecurityquality
deliveredbytheServiceproviderforeachofthe
servicedeliveredtothebusiness
Awrittenagreement(innontechnicallanguage)
betweenITServiceProviderandCustomer(s)
Aformalnegotiateddocumentthatdefinesin
q
quantitativetermstheservicebeingofferedtoa
g
customer
What is an SLA?
WhatisanSLA?
Anymetricsincludedshouldbecapableofbeing
measuredonaregular
So ifyoucantmeasureit,dontputitin!
SLAsshouldberenegotiatedwheneverabusiness
servicesissubjecttomajorchange
RegularupdatingisessentialtoensurethatSLAsremain
g
p
g
relevanttoneedsofthebusiness
Itclearlydefinesandarticulatesthekeyservicelevel
y
y
targetsandresponsibilitiesofeachparty
Underpinned by OLA and/or Contract
UnderpinnedbyOLAand/orContract
Information Technology Learning
Key Metrics
KeyMetrics
PercentagereductioninSLAtargetsmissed/threatened
/
PercentageincreaseinCustomerperception&satisfactionof
SLA hi
SLAachievements
t
Servicereviews
CustomerSatisfactionSurveyresponses
Customer Satisfaction Survey responses
Totalnumberandpercentageincreaseinfullydocumented
SLAsinplace
p
PercentageincreaseinSLAsagreedagainstoperational
servicesbeingrun
Percentagereductioninthecostsassociatedwithservice
provision
Information Technology Learning
EnsuringthatservicereportsareproducedandthatbreachesofSLA
h
d d d h b
h
f
targetsarehighlighted,investigated,andactionstakentopreventtheir
recurrence
Ensuringthatserviceperformancereviewsarescheduled,carriedoutwith
customersregularlyandaredocumentedwithagreedactionsprogressed
Developing relationships and communication with stakeholders
Developingrelationshipsandcommunicationwithstakeholders,
customersandkeyusers
Managingcompliance andtheirescalation,andresolution
Measuring,recording,analysing andimprovingcustomersatisfaction
Reviewingservicescope,SLAs,OLAsandotheragreementsonaregular
basis ideally at least annually
basis,ideallyatleastannually
Challenges
MonitoringofpreSLAachievements
Ensuringtargetsareachievablebeforecommitting to
them
SLAs that are:
SLAsthatare:
Simplybasedupondesiresratherthanbusinessneeds
ITbasedratherbusinessaligned
IT based rather business aligned
Tootechnicalorlengthy¬properlycommunicated
LackofITSeniorMgmtcommitment
Lack of IT Senior Mgmt commitment
Lackofbusinessparticipation
Viewedasanoverhead
Information Technology Learning
ServiceCatalogueManagement
ServiceDesign
Goal of SCM
GoalofSCM
ThegoaloftheSCMProcessistoensurethat
g
p
aService Catalogueisproducedand
maintainedcontainingaccurate information
on all operational services and those being
onalloperationalservicesandthosebeing
preparedtoberunoperationally
Objective
Tomanagetheinformationcontainedwithin
g
theServiceCatalogueandtoensurethatitis
accurateandreflectsthecurrentdetails,
status interfaces and dependencies of all
status,interfacesanddependenciesofall
servicesthatarebeingrunorbeingprepared
to run in the live environment
torunintheliveenvironment
Purpose
Toprovideasinglesourceofconsistent
T
id
i l
f
i
informationonalloftheagreedservicesand
ensurethatitiswidelyavailabletothosethatare
h i i id l
il bl
h
h
approvedtoaccessit
Information Technology Learning
Key Activities
KeyActivities
Agreeinganddocumentingaservicedefinitionwithallrelevantparties
dd
d f
h ll l
InterfacingwithServicePortfolioManagementonthecontentsofthe
ServicePortfolioandServiceCatalogue
g
ProducingandmaintainingaServiceCatalogueanditscontents,in
conjunctionwiththeServicePortfolio(incl.BusinessandTechnicalService
Catalogue aspects)
Catalogueaspects)
InterfacingwithSupportTeams,SuppliersandConfigurationManagement
oninterfacesanddependenciesbetweenITservicesandthesupporting
services,componentsandCIscontainedwithintheTechnicalService
Catalogue
Interfacing with Business Relationship Management and Service Level
InterfacingwithBusinessRelationshipManagementandServiceLevel
Managementtoensurethatinformationisalignedtothebusinessand
businessprocess
Challenges
ThemajorchallengesfacingtheSCMprocessisthat
ofmaintaininganaccurateServiceCatalogueaspart
ofaServicePortfolio,incorporatingboththe
BusinessServiceCatalogueandtheTechnicalService
CatalogueaspartofanoverallCMSandSKMS
Inordertoachievethis,thecultureofthe
organizationneedstoacceptthattheCatalogueand
Portfolioareessentialssourcesofinformationthat
everyonewithintheITorganizationneedstouseand
helpmaintain
Information Technology Learning
CapacityManagement
ServiceDesign
Definition
Theprocessresponsibleforensuringthatthe
p y
capacityofITservicesandoftheIT
infrastructureisabletodeliveragreedservice
level targets in a cost effectiveandtimely
leveltargetsinacost
effective and timely
manner
CapacityManagementprocessesandplanning
l
mustbeinvolvedinallstagesoftheservice
lifecyclefromstrategyanddesignthrough
transition and operation to improvement
transitionandoperationtoimprovement
Information Technology Learning
Purpose
Toprovideapointoffocusandmanagementforall
capacityandperformancerelatedissues,relatingtoboth
i
d
f
l di
l i
b h
servicesandresources
Objectives
ToproducedandmaintainanappropriateanduptodateCapacityPlan,
d d d
d
d
l
whichreflectsthecurrentandfutureneedsofthebusiness
ToprovideadviceandguidancetoallotherareasofthebusinessanITon
p
g
allcapacityandperformancerelatedissues
Toensurethatserviceperformanceachievementsmeetorexceedallof
their agreed performance targets by managing the performance and
theiragreedperformancetargets,bymanagingtheperformanceand
capacityofbothservicesandresources
Toassistwiththediagnosisandresolutionofperformanceandcapacity
relatedincidentsandresources
ToassesstheimpactofallchangesontheCapacityPlanandthe
Performance and Capacity of all Service and resources
PerformanceandCapacityofallServiceandresources
Toensurethatproactivemeasurestoimprovetheperformanceofservices
areImplementedwhereveritisjustifiabletodoso
A Balancing
A
BalancingAct
Act
Costagainst
Resources
Resources
needed
Supply
against
against
Demand
Information Technology Learning
3 Sub Processes
3SubProcesses
Business
Capacity
Management
Isfocusedonthecurrentandfuture
businessrequirements
q
ServiceCapacity
Management
Isfocusedonthedeliveryoftheexisting
servicesthatsupportthebusiness
Component
p
Capacity
Management
Is
IsfocusedontheITinfrastructurethat
focused on the IT infrastructure that
underpinsserviceprovision
Looksatnewandemergenttechnology
8 Key Activities
8KeyActivities
Monitoring
Demand
Management
Modelling
Analysis
Storageof
Capacity
ManagementData
ApplicationSizing
Tuning
Implementation
8 Key Activities
8KeyActivities
Tuning
I l
Implementation
t ti
A l i
Analysis
Monitoring
SLM
SLM
exception
Resource
R
Utilisation
thresholds
SLM
thresholds
Capacity
Management
Database
ResourceUtilisation
Exceptionreports
8 Key Activities
8KeyActivities
Inputs
Outputs
SService&
i &
Component
Basedreports
BusinessData
ServiceData
TechnicalData
FinancialData
Capacity
Data
Base
Exception
Reports
Capacity
forecasts
UtilisationData
AvailabilityManagement
ServiceDesign
Definition
Theprocessofensuringthatthelevelof
y
serviceavailabilitydeliveredinallservicesis
matchedtothecurrentandfutureagreed
needs of the business cost effectively
needsofthebusinesscosteffectively
Theavailabilitymanagementprocess,(justlike
capacitymanagement),mustbeinvolvedinall
)
b
l
ll
stagesoftheservicelifecyclefromstrategy
anddesignthroughtransitionandoperation
to improvement.
toimprovement.
Information Technology Learning
Availability Management
AvailabilityManagement
Goal
Toensurethatthelevelofserviceavailability
y
deliveredinallservicesismatchedtoorexceeds
thecurrentandfutureagreedneedsofthe
g
business,inacosteffectivemanner
Purpose
Purpose
Toprovideapointoffocusandmanagementfor
allavailabilityrelatedissues,relatingtoboth
ll
il bili
l di
l i
b h
servicesandresources,ensuringthatavailability
targetsinallareasaremeasuredandachieved
i ll
d d hi d
Information Technology Learning
Objectives
TToproduceanavailabilityplan,whichreflectsthe
d
il bili
l
hi h fl
h
currentandfutureneedsofthebusiness
Toprovideadviceandguidanceonallavailability
T
id d i
d id
ll
il bili
achievementsmeetorexceedtheagreedtargets
Assistwithavailabilityrelatedincidentsand
A i
ih
il bili
l d i id
d
problems
ToassesstheimpactofallchangesontheAvailability
T
h i
f ll h
h A il bili
Plan
Toensurethatproactivemeasurestoimprovethe
T
th t
ti
t i
th
availabilityofservicesareimplementedwhereverit
is cost justifiable to do so
iscostjustifiabletodoso
Information Technology Learning
Scope
ThescopeoftheAvailabilityManagementprocess
coversthedesign,implementation,measurement,
managementandimprovementofITserviceand
componentavailability
AvailabilityManagementiscompletedat2inter
connectedLevels:
ServiceAvailabilityy
ComponentAvailability
p
y
Involvesallaspectsof
servicesavailabilityand
unavailabilityandthe
impact of component
impactofcomponent
availability,orthe
potentialimpactof
componentunavailability
onserviceavailability
o
se ce a a ab ty
Involvesallaspectsof
componentavailability
andunavailability
4 Aspects of AM
4AspectsofAM
Availability
Theabilityofservice,componentorCItoperformitsagreedfunction
whenrequired
Itisoftenmeasuredandreportedasapercentage
Reliabilityy
Ameasureofhowlongaservice,componentorCIcanperformitsagreed
functionwithoutinterruption
ItisoftenmeasuredandreportedasMeanTimeBetweenFailures(MTBF)
i f
d d
d
i
il
(
)
bl
Maintainability
Ameasureofhowquicklyandeffectivelyaservice,componentorCIcan
easu e o o qu c y a d e ect e y a se ce, co po e t o C ca
berestoredtonormalworkingafterfailure
ItismeasuredandreportedasMeanTimeToRestoreService(MTRS)
Serviceability
Theabilityofathirdpartysuppliertomeetthetermsoftheircontract
Oftenthiscontractwillincludeagreedlevelsofavailability,reliability
and/ormaintainabilityforasupportingserviceorcomponent
ProactiveActivities
Themonitoring,measurement,
The monitoring measurement
analysisandmanagementofallevents,
incidentsandproblemsinvolving
unavailability
Theseactivitiesareprincipallyinvolved
withintheoperationalroles,andareto
ensurethatallagreedservicetargets
are measured and achieved
aremeasuredandachieved
Mostoftheseactivitiesareconducted
withintheOperationsstageofthe
lifecycleandarelinkedintothe
monitoringandcontrolactivities,event
andincidentmanagementprocesses
Involvetheproactiveplanning,design,
Involve the proactive planning design
andimprovementofavailability
Producingrecommendations,plans
anddocumentsondesignguidelines
g g
andcriteriafornewandchanged
services
Thecontinualimprovementofservice
andreductionofriskinexisting
d d ti
f i ki
i ti
serviceswhereveritcanbecost
justified
Thesearekeyaspectstobeconsidered
y p
withintheservicedesignstageofthe
lifecycle
Key Activities
KeyActivities
D
Determiningtheavailabilityrequirementsfromthebusiness
t
i i th
il bilit
i
t f
th b i
foraneworenhancedITservice
g
y
y
g
Formulatingtheavailabilityandrecoverydesigncriteriafor
theITcomponentsunderpinningaservice
Definingthetargetsforavailability,reliabilityand
maintainability for the IT Infrastructure components that
maintainabilityfortheITInfrastructurecomponentsthat
underpintheITservice
Establishingmeasuresandreportingofavailability,reliability
and maintainability that reflects the business user and IT
andmaintainabilitythatreflectsthebusiness,userandIT
supportorganizationperspectives
ProducingandmaintaininganAvailabilityPlanwhich
prioritizesandplansITavailabilityimprovements
Monitoringofallaspectsofavailability,reliabilityand
maintainability of IT services and the supporting components
maintainabilityofITservicesandthesupportingcomponents
Information Technology Learning
FaultTreeAnalysis(FTA)
AnalysisofExpandedIncidentLifecycle(EIL)
RiskAnalysis&Management
ServiceFailureAnalysis(SFA)
Challenges
Unreliable&inaccuratebusinessforecasts&
li bl & i
b i
f
&
information
Incompleteorinaccurateinformation,
p
particularlyfromdistributedsystems,
y
y
,
networks&PCs
Measuresofavailabilitythataremeaningless
Measures of availability that are meaningless
tothebusiness
Lackoftoolstounderpin&supportthe
L k ft l t
d i &
t th
process
Information Technology Learning
ITServiceContinuity
IT
Service Continuity
Management
g
ServiceDesign
Definition
ThegoalofITSCMistosupporttheoverall
y
g
p
y
BusinessContinuityManagementprocessby
ensuringthattherequiredITtechnicaland
service facilities can be resumed within
servicefacilitiescanberesumedwithin
required,andagreed,businesstimescales'
Purpose
The
ThepurposeofITSCMistomaintainthenecessaryon
purpose of ITSCM is to maintain the necessary on
goingrecoverycapabilitywithintheITserviceandtheir
supporting components
supportingcomponents
Information Technology Learning
Objectives
DevelopandmaintainITServiceContinuity&ITrecoveryplansthat
l
l
h
supporttheoverallBusinessContinuityPlans(BSPs)oftheorganization
CompleteregularBusinessImpactAnalysis(BIA)
Complete regular Business Impact Analysis (BIA)
Conductriskassessment&managementexercise
Toensurethatappropriatecontinuityandrecoverymechanismsare
putinplacetomeetorexceedtheagreedbusinesscontinuitytargets
ToAssestheimpactofallchangeontheITServiceContinuityPlans
and IT recovery plans
andITrecoveryplans
Tonegotiateandagreethenecessarycontractswithsupplierforthe
p
provisionofthenecessaryrecoverycapabilitytosupportallcontinuity
y
y p
y
pp
y
plansinconjunctionwiththeSupplierManagementprocess
Recovery Options
RecoveryOptions
Donothing
Manual/clericalbackup
Reciprocalarrangement
GradualRecovery 72hrs+
Accommodationandutilitiesonly
A
d i
d ili i
l
Includespowerandcommunications
IntermediateRecovery 24 72hrs
Own or 3rd partyStandbysite
party Standby site
Ownor3
Recentapplicationanddataarchivesrequired
FastRecovery upto24hours
Equipmentavailable
ImmediateRecovery
Equipmentalreadyupandrunning
Dataismirrored
InformationSecurity
Information
Security
Management
g
ServiceDesign
Definition
ThegoaloftheISMprocessistoalignIT
y
y
securitywithbusinesssecurityandensure
thatinformationsecurityiseffectively
managed in all services and service
managedinallservicesandservice
managementactivities
ISMneedstobeconsideredwithintheoverall
b
h h
ll
CorporateGovernanceFramework
Objectives
Thesecurityobjectiveismetwhen:
Informationisavailableandusablewhenrequired,
q
,
andthesystemthatprovideitcanappropriately
resistattacksandrecoverfromorpreventfailures
p
(availability)
Informationisobservedbyordisclosedtoonly
Information is observed by or disclosed to only
thosewhohavearighttoknow(confidentiality)
Informationiscomplete,accurateandprotected
Information is complete accurate and protected
againstunauthorizedmodification(integrity)
Information Technology Learning
Scope
TheISMprocessshouldbethefocalpointforallITsecurity
issuesandmustensurethataninformationSecurityPolicyis
produced maintained and enforced that covers the use
produced,maintainedandenforcedthatcoverstheuse
misuseofallITsystemsandservices
ISM needs to understand the total IT and business security
ISMneedstounderstandthetotalITandbusinesssecurity
environment,including:
TheBusinessSecurityPolicyandplans
Thecurrentbusinessoperationsanditssecurityrequirements
Legislativerequirements
The obligations & responsibilities with regards to security contained within
Theobligations&responsibilitieswithregardstosecuritycontainedwithin
SLAs
Thebusiness&ITrisksandtheirmanagement
ISMS Framework
ISMSFramework
InformationSecurityManagementSystem
(
(ISMS)Framework
)
Toachieveeffectiveinformationsecurity
governance, management must establish and
governance,managementmustestablishand
maintainaninformationSecurityManagement
Systems (ISMS) to guide the development and
Systems(ISMS)toguidethedevelopmentand
managementofacomprehensiveinformation
security programme thatsupportsthebusiness
securityprogramme
that supports the business
objectives
ISMS Framework
ISMSFramework
Control
Establishamanagementframeworktoinitiateandmanageinformationsecurityintheorganization
Establishanorganizationstructuretoprepare,approveandimplementtheinformationsecuritypolicy
Allocateresponsibilities
Establishandcontroldocumentation
Plan
Deviceandrecommendtheappropriatesecuritymeasures,basedontherequirementsoftheorganization
requirementswilladdressbusiness&servicerisk,plansand
factorssuchastheamountoffundingavailable,andtheprevailingorganizationculture&attitudestosecuritymustbe
considered
Implement
Ensureappropriateprocedures,toolsandcontrolsareinplacetounderpintheInformationSecurityPolicy,suchas:
AccountabilityforassetsConfigurationManagementandtheCMSareinvaluablehere
Informationclassificationinformation&repositoriesshouldbeclassifiedaccordingtothesensitivityandtheimpactof
disclosure
Evaluation
Maintain
SuperviseandcheckcompliancewiththesecuritypolicyandsecurityrequirementsinSLAsandOLAs
CarryoutregularauditsofthetechnicalsecurityofITsystems
Provideinformationtoexternalauditorsandregulators,ifrequired
ImproveonsecurityagreementsasspecifiedinSLAs,OLAsandcontracts
Improvetheimplementationofsecuritymeasuresandcontrols
ThisshouldbeachievedusingPDCA(PlanDoCheckAct),whichisaformalapproachsuggestedbyISO27001forthe
establishmentoftheISMSframework
SupplierManagement
ServiceDesign
Purpose
Thepurposeofthisprocessistoobtainvaluefor
Th
f hi
i
b i
l f
moneyfromsuppliersandtoensurethatsuppliers
performtothetargetscontainedwithintheir
f
h
i d i hi h i
contractsandagreementswhileconformingtoall
ofthetermsandconditions
f h
d
di i
Information Technology Learning
Objectives
Obtainvalueformoneyfromsupplierandcontracts
Ensurethatunderpinningcontractandagreementswith
suppliersarealignedtobusinessneedsandsupportandalign
li
li d t b i
d
d
t d li
withagreedinSLRsandSLAs,inconjunctionwithSLM
Managerelationshipwithsuppliers
Manage relationship with suppliers
Managesupplierperformance
Negotiateandagreecontractswithsuppliersandmanage
Negotiate and agree contracts with suppliers and manage
themthroughtheirlifecycle
MaintainasupplierpolicyandasupportingSupplierand
Maintain a supplier policy and a supporting Supplier and
ContractDatabase(SCD)
The Process
TheProcess
TheSupplierManagementProcessshouldinclude
h
l
h ld l d
Implementationandenforcementofthesupplierpolicy
ThemaintenanceofaSupplierandContractDatabase
pp
(SCD)
Supplierandcontract,evaluationandselection
Thedevelopment,negotiationandagreementofcontracts
The development negotiation and agreement of contracts
Contractreview,renewalandtermination
Themanagementofsuppliersandsupplierperformance
Theagreementandimplementationofserviceand
supplierimprovementplan
Themaintenanceofstandardcontracts,termsand
conditions
Managementofcontractualdisputeresolution
Categorization
&maintenance
Evaluation
Establishnew
Management&
performance
p
Renewal&
t
termination
i ti
The Process
TheProcess
AllSupplier
ll S
li
Management
processactivity
shouldbedrivenby
h ld b d i
b
asupplierstrategy
andpolicyfrom
Service Strategy
ServiceStrategy
Inordertoachieve
consistencyand
effectiveness in the
effectivenessinthe
implementationof
thepolicyanSCD
should be
shouldbe
established
SupplierStrategy&Policy
Suppliercategorization&
Supplier
categorization &
maintenanceofSCD
EvaluationofnewSupplier&
contracts
EstablishnewSupplier&
contracts
Supplier
Reports&
Suoo
Information
Supplier&contracts
management&performance
Contractrenewaland/or
termination
Learning Objectives
LearningObjectives
Primarygoals,objectivesandbenefitsof
g
ServiceDesign
Genericconceptsanddefinitions
ServiceDesignPackage
S i D i P k
ServicePortfolio(andServiceCatalogue)
ServiceProvider&Supplier
SLA,OLA,Contract
SLA, OLA, Contract
Availability
Information Technology Learning
Learning Objectives
LearningObjectives
KeyPrinciplesandModels
Processes
ServiceLevelManagement
ServiceCatalogueManagement
S i C l
M
AvailabilityManagement
InformationSecurityManagement
SupplierManagement
Supplier Management
CapacityManagement
ITServiceContinuityManagement
IT S i C i i M
Information Technology Learning
TestingYourKnowledge
ServiceDesign
Question #1
Question#1
Which of the following is NOT a major process of
S i D
Service
Design?
i ?
A.
A
B.
C
C.
D.
Capacity
C
it M
Managementt
Portfolio Management
S i L
Service
Levell M
Managementt
Supplier Management
Question #2
Question#2
Which one of the following statements about Service
Level
e e Agreement
g ee e t is
s FALSE?
S
A. An SLA is an agreement
g
between Service Provider
and a Customer
B. The SLA describes the IT Service and documents
Service Level Target
C. Each individual SLA should be a comprehensive
p
legally binding document
D. An SLA specifies
p
the responsibilities
p
of both p
parties
Information Technology Learning
Question #3
Question#3
Which one of the following statements is incorrect?
A. Supplier Management negotiates OLAs & SLAs
B. Supplier
pp
Management
g
has an important
p
role to
play in all phases of the Service Lifecycle
C. Supplier
pp
Management
g
maintains the SCD
D. Supplier Management ensures that Changes are
assessed for impact
p
on suppliers
pp
contracts,,
supporting services and contracts
Question #4
Question#4
Which one of the following statements is correct?
1. Information Security is a management activity within the
Corporate Governance framework
2. ISM ensures that access to services by suppliers is subject
to contractual agreement and responsibilities
3. All processes within the IT organization must include
security considerations
A.
B.
C.
D.
1 and 2 only
All a
are
e co
correct
ect
Only 3 is correct
2 and 3 only are correct
Information Technology Learning
Question #5
Question#5
Which of the following is not a valid stage within the
ITSCM Lifecycle?
A. Testing
B. Initiation
C. Implementation
D. Requirements & Strategy
Question #6
Question#6
The 4Ps of Service Management refer to?
A. People, Process, Products, Partners
B Process,
B.
Process Policies
Policies, Products
Products, People
C. People,
p , Policies,, Process,, Purchasing
g
D. People, Process, Policies, Philosophy
Question #7
Question#7
Who within an organization should know about the
Information Security Policy?
A. The Information Security Manager
B. The Information Security Manager, Head of IT Services
and the Heads of Business Units
C. IT, Customers and Users
D. Being a secure document, it should only given to those
who need
need to know
know
Information Technology Learning
Question #8
Question#8
Which are the 5 Major aspects of Service Design....
The Design of....?
A.
B.
C.
D.
Question #9
Question#9
Whatt is
Wh
i being
b i described....
d
ib d Relocation
R l
ti off entire
ti
business function using formal arrangement between
organizations
i ti
where
h
one organization
i ti provides
id and
d
manage the organizations entire business process(es)
off function(s)
f
ti ( ) in
i a low
l
costt location.?
l
ti ?
A. a Partnership
B. Knowledge Process Outsourcing
C. Co-Sourcing
D Business Process Outsourcing
D.
Information Technology Learning