Академический Документы
Профессиональный Документы
Культура Документы
Page 1 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Table of Contents
Lesson Contents
Supplier Management
Supplier Categorization
10
Capacity Management
12
14
ITSCM
16
18
Design Coordination
19
20
Page 2 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Watch out for these icons as you use your Study Guide. Each icon highlights an important
piece of information.
Tip this will remind you of something you need to take note of, or give
you some exam guidance.
Page 3 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Lesson Contents
Text in "italics and quotation marks" is drawn from the ITIL core volumes
Quoted ITIL text is from Service Strategy, Service Design, Service Transition, Service Operation
and Continual Service Improvement
Crown copyright 2011 Reproduced under license from OGC.
Page 4 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Process Objectives
Information Security Managements objectives relate to the protection of information, and the
people who use information.
The security objective is met when information is confidential, available as required, has
integrity and has authenticity.
Confidential: information is only seen by those who have a right to know
Integrity: its complete, accurate and cant be changed without permission.
Available: information is available and usable and protected from attack
Authenticity and non-repudiation: information can be shared between organizations and
trusted
Page 5 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Exercise
Imagine youre an information security manager. You are trying to get the business to take
security seriously, but they arent really listening.
Prepare a list of some of the potential business consequences of a security breach. Try and
think of at least 6 different consequences remember they can be both tangible and intangible.
Exercise Solution
Consequences could include:
Remember, if you found this exercise challenging or have any questions, you can
email a tutor at tutor@itiltrainingzone.com.
Page 6 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Process Scope
The scope of Information Security Management includes being a focal point for all security
issues.
The process will produce a policy that outlines the organizational approach to security. This will
be linked to any overall business security plans and policies, as well as any legislative
requirements.
Security issues need to be prioritized according to overall business goals and priorities.
The Information security policy should be available to everyone. It sets out standards for the
use of passwords, email and internet browsing.
Adequate levels of security should be designed into each new service and the Information
Security policy will be updated - if required.
The security policy covers everything that could have a potential impact on security, including
email, internet, anti-virus, information classification, remote access, copyright, asset disposal,
access control, and passwords.
The Information Security Manager also needs to ensure that all security policies are
communicated, fully implemented and enforced. The security policies need to be integrated at
all levels of the organization strategic, tactical and operational.
Every single user has the potential to cause a security breach, so training and communication is
critical. For example, security inductions for new starters might include not sharing your
password, or leaving your desk without locking your PC.
Another responsibility of the Information Security Management process is to manage any
security breaches, for example virus outbreaks or unauthorized access to a system.
Security breaches will need to be prioritized and appropriate action must be taken to resolve
the breach. There will be a review after the breach to see if any lessons need to be learnt or
processes updated.
Information Security Management also organizes regular security reviews and security tests such as network penetration tests. These reviews and tests will all help to ensure that the
policies and measures put in place are performing as they should.
Page 7 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Supplier Management
Page 8 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Supplier Management are responsible for ensuring that all suppliers continue to deliver value.
The key outputs from the process include:
Supplier and contract performance reports, which are used to help manage the ongoing
quality of service
Supplier review meeting minutes, which record actions agreed and also track previous
and ongoing actions
Supplier service improvement plans, which are used to manage suppliers who may not
be meeting the required standard and therefore need to improve
Survey reports are used to collect information from all levels of the organization that
deal with a particular supplier. This will give a well-rounded view of the suppliers
overall performance
By reviewing all of this information, Supplier Management can help to ensure that they get the
maximum value from third party suppliers.
Page 9 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Supplier Categorisation
The diagram below shows that one of the best methods for categorizing
suppliers is based on assessing the risk and impact associated with the supplier.
This can be plotted against the value and importance of the supplier and their services to the
business.
Page 10 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Supplier
Category
Notes
Strategic
Tactical
Operational
Commodity
Page 11 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Capacity Management
Capacity Management extends right across the service lifecycle. It has a key
responsibility to make sure the required level of capacity is designed into new
or changing services.
Lack of Capacity means that something has run out of space. If a server reaches maximum
capacity, or you run out of network bandwidth, this can significantly affect the performance of
a service.
Page 12 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Process Scope
The scope of Capacity Management includes being the organizations focal point for capacity
information. The process encompasses hardware, software, infrastructure and even people.
Capacity management needs to work closely with Service Strategy to make sure it understands
and plans for long term business needs, not just short term changes.
To fulfill its role, capacity management needs monitoring capabilities to support it. If capacity
isnt monitored, any potential problems will not be detected.
Capacity Management will constantly tune and refine services and infrastructure to optimize
their performance.
The scope of Capacity Management also includes understanding how technology can improve
services and service performance. If a service is not performing well and investment is not
available to expand capacity, capacity management may try and influence demand.
For example, it may work with Financial Management to introduce peak and off-peak charging
for a service.
Page 13 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Page 14 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Page 15 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Process Objectives
ITSCM include:
Maintaining the IT Service Continuity plans and IT recovery plans. The plans need to be
updated and regularly assessed to make sure they still support the business continuity
plans
Carrying out regular Business Impact Analysis exercises, to make sure that the changing
criticality of business services is reflected in the plans
Carrying out risk analysis and management, providing advice and guidance as needed
Assessing the impact of all changes on the plans
Negotiating contracts with any suppliers who provide services that support the plans
Page 16 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Process Scope
The scope of ITSCM is whatever the business deems to be a disaster. Less significant downtime
will be managed by processes like Incident and Availability Management. The more complex
our services, the more challenging ITSCM planning will be.
One area that is out of scope for ITSCM is long term business changes that could affect the
organization.
For example, a major restructure could affect service, but this would not be part of ITSCM.
These events need to be planned for at the business level, as part of the overall strategic
planning.
As part of its scope, ITSCM follows a four-step process:
Page 17 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
One of the techniques used by ITSCM is the Business Impact Analysis. This is
way of determining the effect to the business of service loss.
The effects can be financial or non-financial. Some impacts are tangible and easy to measure,
and others are less tangible and can be hard to quantify such as a damaged reputation. How
do you assess what this costs?
The output from the Business Impact Analysis is usually a graph which shows how the effect can
escalate over time. This can be used to identify the minimum amount of staff and
infrastructure required to maintain service.
Business Impact Analysis can help to guide ITSCM efforts and investment.
Risk Assessment
ITSCM also uses risk assessment to help identify what to protect and how much to invest.
Risk assessment is also used by Availability Management and Security Management when they
are protecting services. Standard methodologies like Management of Risk or MoR can be used
to create a profile of risk.
The risks that have the highest chance of materializing or affecting a business critical service
may require countermeasures to reduce their likelihood.
Page 18 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Design Coordination
Process Scope
The scope of design coordination covers all design activities, no matter what the technology or
service involved. The more complex the design, the more coordination is needed.
Each organization will need to have guidelines to make sure that each design or project gets an
appropriate level of coordination.
As part of its role, design coordination will:
There are some areas that are out of scope for design coordination. The process is not
responsible for:
Page 19 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries
Part of the scope of design coordination is making sure the Service Design
Package or SDP is handed over to Service Transition in the agreed format.
Service
Design
Package
The SDP needs to include information for Service Transition, Service Operation and CSI.
Standard contents will include:
Page 20 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries