ITIL Information Technology Infrastructure Library

http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library

Overview of ITIL v3

ITIL v3 is an extension of ITIL v2 and fully replaced it following the completion of the withdrawal period on 30 June 2011 [2]. ITIL v3 provides a more holistic perspective on the full life cycle of services, covering the entire IT organisation and all supporting components needed to deliver services to the customer, whereas v2 focused on specific activities directly related to service delivery and support. Most of the v2 activities remained untouched in v3, but some significant changes in terminology were introduced in order to facilitate the expansion.

[edit]Changes and characteristics of the 2011 edition of ITIL

A summary of changes has been published by HM Government [3]. In line with the 2007 edition, the 2011 edition consists of 5 core publications – Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. ITIL 2011 is a major update to the ITIL framework that addresses errors and inconsistencies.

There are 26 processes listed in ITIL 2011 edition and described below that shows which core publication provides the main content for each process.

ITIL v3 has five volumes, published in May 2007 (2007 edition) and updated in July 2011 (2011 edition) for consistency:

1. ITIL Service Strategy^[4]
2. ITIL Service Design^[5]
3. ITIL Service Transition^[6]
4. ITIL Service Operation^[7]
5. ITIL Continual Service Improvement^[8]

[edit]Service Strategy

As the center and origin point of the ITIL Service Lifecycle, the ITIL Service Strategy (SS) volume^[4] provides guidance on clarification and prioritisation of service-provider investments in services. More generally, Service Strategy focuses on helping IT organizations improve and develop over the long term. In both cases, Service Strategy relies largely upon a market-driven approach. Key topics covered include service value definition, business-case development, service assets, market analysis, and service provider types. List of covered processes:

1. Strategy Management
2. Service Portfolio Management
3. Financial Management of IT Services
4. Demand Management
5. Business relationship management

For candidates in the ITIL Intermediate Capability stream, the Service Offerings and Agreements (SOA) Qualification course and exam are most closely aligned to the Service Strategy (SS) Qualification course and exam in the Lifecycle stream.

[edit]Financial management for IT services

IT Financial Management comprises the discipline of ensuring that the IT infrastructure is obtained at the most effective price (which does not necessarily mean cheapest) and calculating the cost of providing IT services so that an organization can understand the costs of its IT services. These costs may then be recovered from the customer of the service. This is the 2nd component of service delivery process.

[edit]Service Design

The Service Design (SD) volume^[5] provides good-practice guidance on the design of IT services, processes, and other aspects of the service management effort. Significantly, design within ITIL is understood to encompass all elements relevant to technology service delivery, rather than focusing solely on design of the technology itself. As such, service design addresses how a planned service solution interacts with the larger business and technical environments, service management systems required to support the service, processes which interact with the service, technology, and architecture required to support the service, and the supply chain required to support the planned service. Within ITIL, design work for an IT service is aggregated into a single service design package (SDP). Service design packages, along with other information about services, are managed within the service catalogues.

List of covered processes:

1. Design coordination (Introduced in ITIL 2011 Edition)
2. Service Catalogue
3. Service level Management
4. Availability Management
5. Capacity Management
6. IT Service Continuity Management (ITSCM)
7. Information Security Management System
8. Supplier Management

[edit]Service level management

Service-level management provides for continual identification, monitoring and review of the levels of IT services specified in the Service-level agreements (SLAs). Service-level management ensures that arrangements are in place with internal IT support-providers and external suppliers in the form of Operational Level Agreements (OLAs) and Underpinning Contracts (UCs), respectively. The process involves assessing the impact of change upon service quality and SLAs. The service level management process is in close relation with the operational processes to control their activities. The central role of Service-level management makes it the natural place for metrics to be established and monitored against a benchmark.

Service level management is the primary interface with the customer (as opposed to the user serviced by the service desk). Service-level management is responsible for:

• ensuring that the agreed IT services are delivered when and where they are supposed to be
• liaising with availability management, capacity management, incident management and problem management to ensure that the required levels and quality of service are achieved within the resources agreed with financial management
• producing and maintaining a service catalog (a list of standard IT service options and agreements made available to customers)
• ensuring that appropriate IT service continuity plans exist to support the business and its continuity requirements.

The service-level manager relies on the other areas of the service delivery process to provide the necessary support which ensures the agreed services are provided in a cost-effective, secure and efficient manner.

[edit]Availability management

Availability management targets allowing organisations to sustain the IT service-availability to support the business at a justifiable cost. The high-level activities realise availability requirements, compile availability plan, monitor availability, and monitor maintenance obligations.

Availability management addresses the ability of an IT component to perform at an agreed level over a period of time.

• Reliability: Ability of an IT component to perform at an agreed level at described conditions.
• Maintainability: The ability of an IT component to remain in, or be restored to an operational state.
• Serviceability: The ability for an external supplier to maintain the availability of component or function under a third-party contract.
• Resilience: A measure of freedom from operational failure and a method of keeping services reliable. One popular method of resilience is redundancy.
• Security: A service may have associated data. Security refers to the confidentiality, integrity, and availability of that data. Availability gives a clear overview of the end-to-end availability of the system.

[edit]Capacity management

Capacity management supports the optimum and cost-effective provision of IT services by helping organisations match their IT resources to business demands. The high-level activities include:

• application sizing
• workload management
• demand management
• modelling
• capacity planning
• resource management
• performance management

Capacity management is focused on strategic capacity, including capacity of personnel (e.g., human resources, staffing and training), system capacity, and component (or tactical) capacity.

[edit]IT service continuity management

IT service continuity management (ITSCM) covers the processes by which plans are put in place and managed to ensure that IT Services can recover and continue even after a serious incident occurs. It is not just about reactive measures, but also about proactive measures – reducing the risk of a disaster in the first instance.

ITSCM is regarded by the application owners as the recovery of the IT infrastructure used to deliver IT Services, but as of 2009 many businesses practice the much further-reaching process of business continuity planning (BCP), to ensure that the whole end-to-end business process can continue should a serious incident occur (at primary support level).

ITSCM involves the following basic steps:

• prioritising the activities to be recovered by conducting a business impact analysis (BIA)
• performing a risk assessment (aka risk analysis) for each of the IT services to identify the assets, threats, vulnerabilities and countermeasures for each service.
• evaluating the options for recovery
• producing the contingency plan
• testing, reviewing, and revising the plan on a regular basis.

[edit]Information security management system

The ITIL-process Security Management^[9] describes the structured fitting of information security in the management organisation. ITIL security management is based on the code of practice forinformation security management system (ISMS) now known as ISO/IEC 27002.

A basic goal of security management is to ensure adequate information security. The primary goal of information security, in turn, is to protect information assets against risks, and thus to maintain their value to the organization. This is commonly expressed in terms of ensuring their confidentiality, integrity and availability, along with related properties or goals such as authenticity, accountability, non-repudiation and reliability.

Mounting pressure for many organisations to structure their information security management systems in accordance with ISO/IEC 27001 requires revision of the ITIL v2 security management volume, and indeed a v3 release is in the works.

[edit]Service Transition

Service transition, as described by the ITIL service transition volume,^[6] relates to the delivery of services required by a business into live/operational use, and often encompasses the „project“ side of IT rather than „BAU“ (business as usual). This area also covers topics such as managing changes to the „BAU“ environment.

List of ITIL processes in Service Transition (ST):

1. Transition planning and support
2. Change management
3. Service asset and configuration management
4. Release and deployment management
5. Service validation and testing
6. Change evaluation
7. Knowledge management

[edit]Change management

Change Management aims to ensure that standardised methods and procedures are used for efficient handling of all changes. A change is an event that results in a new status of one or moreConfiguration items (CIs), and which is approved by management, cost-effective, enhances business process changes (fixes) – all with a minimum risk to IT infrastructure.

The main aims of change management include:

• Minimal disruption of services
• Reduction in back-out activities
• Economic use of resources involved in the change

Common change management terminology includes:

• Change: the addition, modification or removal of CIs
• Request For Change (RFC) or, in older terminology, Change Request (CR): form used to record details of a request for a change and is sent as an input to Change Management by the Change Requestor
• ITIL v2 – Forward Schedule of Changes (FSC): schedule that contains details of all forthcoming Changes.
• ITIL v3 – Change Schedule (CS): schedule that contains details of all forthcoming Changes, and references historical data. Many people will still refer to the known term FSC.

[edit]Service asset and configuration management

Service asset and configuration management is primarily focused on maintaining information (i.e., configurations) about Configuration Items (i.e., assets) required to deliver an IT service, including their relationships. Configuration management is the management and traceability of every aspect of a configuration from beginning to end and it includes the following key process areas under its umbrella:

• Identification,
• Planning,
• Change Control,
• Change Management,
• Release Management, and
• Maintenance.

[edit]Release and deployment management

Release and deployment management is used by the software migration team for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. Proper software and hardware control ensures the availability of licensed, tested, and version-certified software and hardware, which functions as intended when introduced into existing infrastructure. Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. This guarantees that all software meets the demands of the business processes.

The goals of release management include:

• Planning the rollout of software
• Designing and implementing procedures for the distribution and installation of changes to IT systems
• Effectively communicating and managing expectations of the customer during the planning and rollout of new releases
• Controlling the distribution and installation of changes to IT systems

Release management focuses on the protection of the live environment and its services through the use of formal procedures and checks.

A Release consists of the new or changed software and/or hardware required to implement approved changes. Release categories include:

• Major software releases and major hardware upgrades, normally containing large amounts of new functionality, some of which may make intervening fixes to problems redundant. A major upgrade or release usually supersedes all preceding minor upgrades, releases and emergency fixes.
• Minor software releases and hardware upgrades, normally containing small enhancements and fixes, some of which may have already been issued as emergency fixes. A minor upgrade or release usually supersedes all preceding emergency fixes.
• Emergency software and hardware fixes, normally containing the corrections to a small number of known problems.

Releases can be divided based on the release unit into:

• Delta release: a release of only that part of the software which has been changed. For example, security patches.
• Full release: the entire software program is deployed—for example, a new version of an existing application.
• Packaged release: a combination of many changes—for example, an operating system image which also contains specific applications.

[edit]Service Operation

Service Operation (SO) aims to provide best practice for achieving the delivery of agreed levels of services both to end-users and the customers (where „customers“ refer to those individuals who pay for the service and negotiate the SLAs). Service operation, as described in the ITIL Service Operation volume,^[7] is the part of the lifecycle where the services and value is actually directly delivered. Also the monitoring of problems and balance between service reliability and cost etc. are considered. The functions include technical management, application management, operations management and service desk as well as, responsibilities for staff engaging in Service Operation.

List of processes:

1. Event management
2. Incident management
3. Request fulfillment
4. Problem management
5. Access management

[edit]ITIL Functions

[edit]Service desk

The service desk is one of four ITIL functions and is primarily associated with the Service Operation lifecycle stage. Tasks include handling incidents and requests, and providing an interface for other ITSM processes. Features include:

• single point of contact (SPOC) and not necessarily the first point of contact (FPOC)
• single point of entry
• single point of exit
• easier for customers
• data integrity
• streamlined communication channel

Primary purposes of a service desk include:

• incident control: life-cycle management of all service requests
• communication: keeping a customer informed of progress and advising on workarounds

The service desk function can have various names, such as:

• Call center: main emphasis on professionally handling large call volumes of telephone-based transactions
• Help desk: manage, co-ordinate and resolve incidents as quickly as possible at primary support level
• Service desk: not only handles incidents, problems and questions but also provides an interface for other activities such as change requests, maintenance contracts, software licenses, service-level management, configuration management, availability management, financial management and IT services continuity management

The three types of structure for consideration:

• Local service desk: to meet local business needs – practical only until multiple locations requiring support services are involved
• Central service desk: for organisations having multiple locations – reduces operational costs^{[citation needed]} and improves usage of available resources
• Virtual service desk: for organisations having multi-country locations – can be situated and accessed from anywhere in the world due to advances^[when?] in network performance and telecommunications, reducing operational costs^{[citation needed]} and improving usage of available resources.

[edit]Application management

ITIL application management^[10] encompasses a set of best practices proposed to improve the overall quality of IT software development and support through the life-cycle of software development projects, with particular attention to gathering and defining requirements that meet business objectives.

Software asset management (SAM) is a primary topic of ITILv2 and is closely associated with the ITILv3 Application Management function. SAM is the practice of integrating people, processes, and technology to allow software licenses and usage to be systematically tracked, evaluated, and managed. The goal of SAM is to reduce IT expenditures, human resource overhead and risks inherent in owning and managing software assets.

SAM practices include:

• maintaining software license compliance
• tracking inventory and software asset use
• maintaining standard policies and procedures surrounding definition, deployment, configuration, use, and retirement of software assets and the definitive software library.

SAM represents the software component of IT asset management. This includes hardware asset management because effective hardware inventory controls are critical to efforts to control software. This means overseeing software and hardware that comprise an organization’s computers and network.

[edit]IT operations management

Refer to #ICT infrastructure management for more details.

[edit]Technical management

Refer to #ICT infrastructure management for more details.

[edit]Incident management

Incident management aims to restore normal service operation as quickly as possible and minimise the adverse effect on business operations, thus ensuring that the best possible levels of service quality and availability are maintained. ‚Normal service operation‘ is defined here as service operation within service-level agreement (SLA) limits.

An incident is defined as:

V3: An unplanned interruption to an IT service or a reduction in the quality of an IT service. Failure of a configuration item that has not yet impacted service is also an incident. For example, failure of one disk from a mirror set.

V2: An event which is not part of the standard operation of a service and which causes or may cause disruption to or a reduction in the quality of services and customer productivity.

The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price. The transformation between event-to-incident is the critical junction where Application Performance Management (APM) and ITIL come together to provide tangible value back to the business.^[11]

[edit]Request fulfillment

Request fulfillment (or request management) focuses on fulfilling Service Requests, which are often minor (standard) changes (e.g., requests to change a password) or requests for information.

[edit]Problem management

Problem management aims to resolve the root causes of incidents and thus to minimise the adverse impact of incidents and problems on business that are caused by errors within the IT infrastructure, and to prevent recurrence of incidents related to these errors. A ‚problem‘ is an unknown underlying cause of one or more incidents, and a ‚known error‘ is a problem that is successfully diagnosed and for which either a work-around or a permanent resolution has been identified. The CCTA (Central Computer and Telecommunications Agency) defines problems and known errors as follows

A problem is a condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant.

A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a work-around.

Problem management differs from incident management. The principal purpose of problem management is to find and resolve the root cause of a problem and thus prevent further incidents; the purpose of incident management is to return the service to normal level as soon as possible, with smallest possible business impact.

The problem-management process is intended to reduce the number and severity of incidents and problems on the business, and report it in documentation to be available for the first-line and second line of the help desk. The proactive process identifies and resolves problems before incidents occur. Such processes include:

• Trend analysis
• Targeting support action
• Providing information to the organisation

The error control process iteratively diagnoses known errors until they are eliminated by the successful implementation of a change under the control of the Change Management process.

The problem control process aims to handle problems in an efficient way. Problem control identifies the root cause of incidents and reports it to the service desk. Other activities are:

• Problem identification and recording
• Problem classification
• Problem investigation and diagnosis

A technique for identifying the root cause of a problem is to use an Ishikawa diagram, also referred to as a cause-and-effect diagram, tree diagram, or fishbone diagram. Alternatively, a formal Root Cause Analysis method such as Apollo Root Cause Analysis can be implemented and used to identify causes and solutions. An effective root cause analysis method and/or tool will provide the most effective/efficient solutions to address problems in the Problem Management process.

[edit]Identity Management/Access and Identity Management

Identity management (IdM) less commonly called Access and Identity Management (AIM) as a process focuses on granting authorised users the right to use a service, while preventing access to non-authorised users. Certain identity management processes executes policies defined in Information Security Management System

[edit]Continual Service Improvement (CSI)

Continual service improvement, defined in the ITIL continual service improvement volume,^[8] aims to align and realign IT services to changing business needs by identifying and implementing improvements to the IT services that support the business processes. It incorporates many of the same concepts articulated in the Deming Cycle of Plan-Do-Check-Act. The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle. To manage improvement, CSI should clearly define what should be controlled and measured.

CSI needs to be treated just like any other service practice.^{[citation needed]} There needs to be upfront planning, training and awareness, ongoing scheduling, roles created, ownership assigned,and activities identified to be successful. CSI must be planned and scheduled as process with defined activities, inputs, outputs, roles and reporting. Continual Service Improvement and Application Performance Management (APM) are two sides of the same coin. They both focus on improvement with APM tying together service design, service transition, and service operation which in turn helps raise the bar of operational excellence for IT.^[12]

Improvement initiatives typically follow a seven-step process:

1. Identify the strategy for improvement
2. Define what you will measure
3. Gather the data
4. Process the data
5. Analyse the information and data
6. Present and use the information
7. Implement improvement