Purpose and Processes of Information Technology Infrastructure Library
Information Technology Infrastructure Library (ITIL) is a series of books that guide business users through the planning, delivery, and management of quality Information Technology (IT) services. According to , these books are Registered Trade Marks of the Office of Government Commerce (OGC), which is included in the Office of the United Kingdom’s Treasury and is protected by the Crown Copyright. OGC on the other hand, according to , is an organisation in the government of the United Kingdom. It is charged with tasks that improve the efficiency and effectiveness of business procedures for the government. The Chief Secretary to the Treasury, a junior position in the British Cabinet, is where the OGC reports.
ITIL is comprised of a set of internationally accepted best practices that assists organizations in aligning IT services with business requirements. According to (2002), “best” practices are those practices, which experts believe correspond to the condition of the art in a particular area or field of practice. The idea with ITIL is that with proper processes, checks, and testing, a project can be rolled out and completed with fewer problems and unforeseen complications. ITIL provides guidance on how to link specific business and service processes together crossways with IT departments to cross-functionally and holistically provide quality IT service support and service delivery to the Customer community.
The eight ITIL books and their disciplines are: The IT Service Management sets (1) Service Delivery; (2) Service Support; other operational guidance (3) ICT Infrastructure Management; (4) Security Management; (5) The Business Perspective; (6) Application Management; (7) Software Asset Management; and (8) Planning to Implement Service Management. Another has more recently been supplemented with guidelines for smaller IT units, not included in the original eight publications: ITIL Small-Scale Implementation.
ITSM Set
IT Service Management (ITSM) is a discipline for supervision of large-scale IT systems, philosophically focused on the customer’s perspective of IT’s contribution to the business. This book if made up of eleven different disciplines, split into two sections, Service Support and Service Delivery.
Figure 1: ITIL Service Management Process
Service Delivery – the main concern with this discipline is the business with the Customer of the Information and Communications Technology (ICT) services. It focuses on the pro-active and forward-looking services that the business requires of its ICT provider so it could give adequate support to the business users. This discipline consists of the following processes:
Service Level Management – Service Level Agreements (SLAs) are negotiated contracts between Information systems (IS) departments and clients that spell out specific details of service and the conditions under which service will be provided. It provides a means of measurement of service and service
satisfaction. The typical SLA includes the following components ( 1992): effective date of agreement; duration of agreement; specific type of service; measures of service; resources needed or costs charged; reporting mechanism; and signatures.
Service Level Management makes sure that SLAs are monitored. This process involves close control over operational processes and service quality that are specified in the SLA.
Service Level Management is the main boundary with the Customer (as User is serviced by the Service Desk). The Service Level Manager relies upon all the other areas of the Service Delivery process to provide the necessary support, which ensures the agreement is provided in a cost effective, secure and efficient manner.
Capacity Management – It is the process that ensures cost-effective manners are used to meet the current and future business requirements with IT capacity. The high level activities are: Application Sizing, Workload Management, Demand Management, Modeling, Capacity Planning, Resource Management, and Performance Management.
IT Service Continuity Management – In case of disasters within the IT services, this process helps to keep the availability and very fast restoration of IT services. The high level activities are: Risk Analysis, Manage Contingency Plan Management, Contingency Plan Testing, and Risk Management.
Availability Management – This process on the other hand, like Capacity Management, ensures cost-effective manners in supporting organizations with IT service availability in order to support the business. The high level activities are: Realize Availability Requirements, Compile Availability Plan, Monitor Availability, and Monitor Maintenance Obligations.
Financial Management – The previous processes ensures cost-effective manners. However, Financial Management is the steward. It gives accurate IT assets and resources used in providing IT Services, also in a cost-effective manner. It is used to plan, control and recover costs used in providing the IT Service negotiated and agreed to in the SLA.
Service Support – Service Delivery focuses on the Customer as this discipline is on the User. It ensures that the Users have access to the appropriate services to serve the business functions.
Why the customers and users? Because in a business, the entry point to the process model is them. They are involved by just asking for updates or if ever they need further communications or if they are having difficulties and queries.
Service Desk – Many organisations have implemented a central point of contact for handling Customer, User and related issues. In this view, the Service Desk is intended to provide a Single Point of Contact (SPOC). Communication needs are met in this area as well as the fulfillment of the objectives between the users and IT providers. An increase in business of this function have been cited but under different titles. A call centre is a centralized office used for the purpose of receiving and transmitting a large volume of requests by telephone; a contact centre on the other hand, centers requests through letters, faxes and e-mails; and a help desk is an information and assistance resource that troubleshoots problems with computers and similar products.
However, the Service Desk differs from these similar services. The difference? Service Desk offers a more broad and user centric approach. A Service Desk accomplishess the business processes into the Service Management infrastructure much easier.
Service Desk also acts as a focal point for reporting Incidents. An incident is an unplanned interruption to an IT Service or reduction in the Quality of an IT Service. Any event which could affect an IT Service in the future is also an Incident.
In addition to monitoring Incidents, regularly informing the users of relevant information and providing communication channels for other Service Management disciplines with the user community, a Service Desk also provides an interface for other activities such as customer Change requests, third parties (e.g. maintenance contracts), and software licencing.
Incident Management – The process responsible for managing the Lifecycle of all Incidents. The first goal of the incident management is to return the IT Service to Customers as quickly as possible.
Errors or failures in the IT infrastructure leads to Incidents. The cause of Incidents are often handled without the need for further investigation, resulting in a repair, a Work-around or a request for change (RFC) to remove the error. But if Incidents are not to be resolved quickly, it will be assigned to specialist Technical Support groups. These are a range of services providing assistance with computer hardware, software, or other electronic or mechanical goods. These services services help users solve specific problems with a product—rather than providing training, customization, or other support services.
If an Incident occurs in numerous times, it will be considered serious and thus needs to be recorded. The management of a problem is usually performed by different staff and therefore is controlled by the problem management process. Moreover, a request for new additional service is not regarded as an incident but as a RFC.
The main incident management processes are the following: incident detection and recording; classification and initial support; investigation and diagnosis; resolution and recovery; incident closure; and incident ownership, monitoring, tracking and communication.
Problem Management – the goal of this process is to resolve the root cause of Problems and thus to minimize its effects and reccurence. The CCTA defines problems and known errors as follows:
A problem is a condition often identified as a result of multiple Incidents that exhibit common symptoms. Problems can also be identified from a single significant Incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant.
A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a Work-around.
The problem management process is intends to report in document all incident and problems to reduce its recurrence.The said reports will then be avalibale for the first-line and second line of the help desk. Activities under Problem Management are: trend analysis; targeting support action; providing information to the organization; problem identification and recording; problem classification; and problem investigation and diagnosis.
The standard technique for identifying the root cause of a problem is to use an Ishikawa diagram, also referred to as a cause-and-effect diagram, tree diagram, or fishbone diagram. The aim will be to look for the cause and effect of the problem.
The Ishikawa Diagram is a used for finding the most likely causes for an undesired effect. It was a graphical method first used in the 1960s by .
The backbone of the diagram is the main subject, which is what we are trying to solve or improve, it is derived from a cause. The relationship between a cause and an effect is a double relation: an effect is a result of a cause, and the cause is the root of an effect. But there is just one effect for several causes and one cause for several effects.
Figure 2: Diagram or The Fishbone
Change Management – This process is responsible for controlling the Lifecycle of all Changes. Its primary objective is to enable beneficial Changes to be made, with minimum disruption to IT Services.
Any proposed change must be approved in the change management process. The authority to decide is give to the Change Advisory Board (CAB), which is mostly made up of people from other functions within the organisation. The main activities of the change management are: Filtering changes; Managing changes and the change process; Chairing the CAB and the CAB/Emergency committee; Reviewing and closing of RFCs; and Management reporting and providing management information.
Release Management – This process is responsible for Planning, scheduling and controlling the movement of Releases to Test and Live Environments. Its main concern is to protect the integrity of the Live Environment and that the correct Components are released.
Also, Quality Control during development and implementation of a new hardware or software, is under this process. It makes sure that everything can be conceptually optimized to meet the demands of the business processes.
The goals of release management are: plan to rollout of software; design and implement procedures for the distribution and installation of changes to IT systems; communicate and manage expectations of the customer during the planning and rollout of new releases; and control the distribution and installation of changes to IT systems.
Configuration Management – A single server may be a simple, or as complex as the entire IT department, it is still a system. Here in Configuration Management, these systems are tracked down for all of the individual Configuration Items (CI) . A CI, according to is a unit of configuration that can be individually managed and versioned. A configuration management system will control files, requirements, or another definable unit. These units are managed with a combination of process and tools to avoid the introduction of errors and to maintain high quality results. The units themselves can be considered configuration items, or they may be combined into an overall collection that is supervised under the same set of processes and tools.
Configuration Management includes: creating a parts list of every CI (hardware or software) in the system; defining the relationship of CIs in the system; tracking of the status of each CI, both its current status and its history; tracking all RFCs to the system; and verifying and ensuring that the CI parts list is complete and correct.
There are five basic activities of Configuration Management: Planning – planning covers the next three to six months in detail, and the following twelve months in outline. Reviewed at least twice a year, it includes a strategy, policy, scope, objectives, roles and responsibilities, the Configuration Management processes, activities and procedures, the CMDB, relationships with other processes and third parties, as well as tools and other resource requirements; Identification – the selection, identification and labelling of all CIs. This includes the recording of information about CI’s, it covers ownership, relationships, versions and unique identifiers. CIs should be recorded at a level of detail justified by the business need, typically to the level of “independent change”; Control – this gives the assurance that only authorised and identifiable CIs are accepted and recorded from receipt to disposal. It ensures that no CI is added, modified, replaced or removed without the appropriate controlling documentation. All CIs will be under Change Management Control; Status Accounting – the reporting of all current and historical data concerned with each CI throughout its life-cycle. It enables changes to CIs and tracking of their records through various statuses; Verification and Audit – ensures the verification of the physical existence of Cis through a series of reviews and audits, and checks that they are correctly recorded in the CMDB. It includes the process of verifying Release and Configuration documentation before changes are made to the live environment.
A configuration management database (CMDB) is a unified or federated repository of information related to all the components of an information system. It helps an organization to understand the relationships between these components and track their configuration. CMDB records CI and details about the important relationships between CIs. A configuration item is an example of a unit that has configurable attributes. A key success factor in implementing a CMDB is the ability to automatically discover information about the CIs (auto-discovery), and track changes as they happen.
ICT Infrastructure Management – This processes are best practice for ICT Infrastructure. It includes requirements analysis, planning, design, deployment and ongoing operations management and technical support.
It also describes processes that are directly relative to the ICT equipment and software that is involved in providing ICT services to customers. These processes are: ICT Design and Planning; ICT Deployment; ICT Operations; and ICT Technical Support.
These disciplines are less well stated than those of Service Management and therefore often some of their content is believed to be covered ‘by implication’ in Service Management disciplines.
ICT Design and Planning – This includes the Strategic and Technical Design and Planning of ICT infrastructures where a framework and approach is appropriately provided. It is the essential combination of Business strategy, with technical design and architecture. It drives both the creation of new ICT solutions through the production of Statements of Requirement (SOR) and Invitations to Tender (ITT) and is responsible for the initiation and management of ICT Programmes for strategic business change. Key Outputs from Design and Planning are: ICT Strategies, Policies and Plans; The ICT Overall Architecture & Management Architecture; Business Cases, Feasibility Studies, ITTs and SORs.
ICT Deployment and Management – This on the other hand, is for the successful management of design, build, test and roll-out (deploy) projects within an overall ICT programme. It includes many project management disciplines in common with Prince2, but has a broader focus to include the necessary integration of Release Management and both functional and non functional testing.
Prince2, or PRojects IN Controlled Environments, according to (2003), is a project management method. It covers the management, control and organisation of a project.
ICT Operations Management – Day-to-day technical supervision of the ICT infrastructure is provided by the ICT Operations Management. Operations is more technical and is concerned not solely with Incidents reported by users, as is compared with the role of Incident Management from Service Support, but with Events generated by or recorded by the Infrastructure. ICT Operations often work closely with Incident Management and the Service Desk, which are not-necessarily technical in order to provide an ‘Operations Bridge’. Operations, however should primarily work from documented processes and procedures and should be involved with a number of specific sub-processes, such as: Output Management, Job Scheduling, Backup and Restore, Network Monitoring/Management, System Monitoring/Management, Database Monitoring/Management Storage Monitoring/Management. Operations are responsible for: a stable, secure ICT infrastructure; a current, up to date Operational Documentation Library (ODL); a log of all operational Events; maintenance of operational monitoring and management tools; and Operational Scripts.
ICT Technical Support – This is the specialist technical function for ICT infrastructure. Mainly as a support to other processes, both in Infrastructure Management and Service Management, Technical Support provides a number of specialist functions: Research and Evaluation, Market Intelligence (particularly for Design and Planning and Capacity Management), Proof of Concept and Pilot engineering, specialist technical expertise (particularly to Operations and Problem Management), creation of documentation (perhaps for the Operational Documentation Library or Known Error DataBase).
Security Management – is about the security measure observed in the management organization. ITIL Security Management is based on the code of application for information security management also known as ISO/IEC 17799.
ISO/IEC 17799 ( July 2002), is British Standard 7799, a code of practice for information security management, that has been widely accepted as a national standard by other countries in Europe and on the Pacific Rim. Controversially, it had recently been implemented as a new International Standard.
Information security is the basic concept of the Security Management. The aim of information security is to ensure safety of the information. Protection against risks is safe but security is the means to be safe against risks. The value of the information is protected here. These values are stipulated by the confidentiality, integrity and availability. Inferred aspects are privacy, anonymity and verifiability.
The current move towards ISO/IEC 27001 may require some revision to the ITIL Security Management best practices which are often claimed to be rich in content for physical security but fragile in areas such as software/application security and logical security in the ICT infrastructure.
The Business Perspective – As a part of the entire business requirement for high IS quality management, a collection of best practices that is suggested to address some of the issues often stumbled upon in understanding and improving IT service provision is provided. These issues are: Business Continuity Management describes the responsibilities and opportunities available to the business manager to improve what is, in most organizations one of the key contributing services to business efficiency and effectiveness; Surviving Change. IT infrastructure changes can impact the way in which business is conducted or the continuity of business operations. It is important that business managers take notice of these changes and ensure that steps are taken to safeguard the business from adverse side effects; Transformation of business practice through radical change helps to control IT and to incorporate it with the business; and Partnerships and outsourcing
Application Management – This is the process that is responsible for managing applications throughout their lifecycle. It uses the Application portfolio as a database to manage applications. An Application Portfolio contains key Attributes of all Applications deployed in the Business.
These attributes are said to develop overall quality of IT software development and support through the life-cycle of software development projects, with particular attention to gathering and defining requirements that meet business objectives.
Software Asset Management – the process responsible for management, control and protection of software Assets throughout their Lifecycle.
Asset is contributes something an IT Service. Assets can include people, accommodation, Servers, software, data, networks, paper Records, telephones etc. Assets that need to be individually managed are also Configuration Items.
Figure 23: Software Asset Management
Conclusion
There is sufficient evidence of the potential of ICTs that all governments and other investors need to build new capabilities for producing, accessing, and/or using these technologies. In order to build these capabilities each country should establish and implement a national ICT strategy that is responsive to sustainable development goals.
As developing countries join the global information infrastructure, each country will need to find ways of maximizing the benefits and controlling the risks from ICTs. This will involve coordinated action through national ICT strategies encompassing the technologies and services as well as many aspects of the institutional environment. Strategies are needed which help to build the necessary scientific, technical, and engineering knowledge as well as the management procedures and social and economic institutions that are consistent with creatively using ICTs to reap the potential social and economic benefits.
Priority needs to be given to policies, regulation, education and training, and technology assessment programmes to enhance the capacity for creatively producing or using ICTs. The balance between creating and using the new applications will differ from country to country. Distinctions need to be drawn between producing ICTs for domestic consumption, especially where there is a requirement for divergence from standard commodity-type ICTs, and producing the technologies and services for export as a sector of the export economy. The ICT-using sectors in developing countries are highly differentiated and the relative benefits of use in the public and private sectors also need careful consideration. New coalitions of resources encouraging and partnerships among stakeholders, including the business sector, need to be encouraged in line with each country’s development priorities.
The coming decades will still not eradicate of the gap between the rich and the poor. However, if governments and other stakeholders design and implement effective national ICT strategies, the new technologies and services may help to reduce the gap for some of those who are disadvantaged or marginalized. Such strategies have to focus on the difficulties of using ICTs to transform data and information into useful knowledge that is consistent with development priorities.
– The United Nations Commission on Science and Technology for Development (UNCSTD) Working Group on IT and Development.
References:
Credit:ivythesis.typepad.com
0 comments:
Post a Comment