Lesson 9 Service Design Processes Part 2 PDF

Lesson 9 Study Guide
Service Design Processes Part 2

ITIL Foundation Certicate in IT Service Management
The ITIL Foundation Certificate in IT Service Management

www.itiltrainingzone.com
Service Design Processes Part 2
Welcome to the ninth chapter of your Study Guide. This document is

supplementary to the information available to you online, and should be used in
conjunction with the videos, quizzes and exercises.
After your subscription to the course has finished online, you will still have the Study Guide to
help you prepare for your exam - if youve not taken the exam by the time your subscription
expires.
Youll download a Study Guide at the end of most Lessons as you progress through the course.
This Chapter contains the Study Guide information for Lesson 9 Service Design Processes:
Part 2.
Use this Study Guide in conjunction with your own notes that you make as you progress
through the course. You may prefer to print the Study Guides out, or use them on-screen.
After each Lesson, you can consolidate what you have learnt whilst watching the videos and
taking the quizzes by reading through the chapter of the Study Guide.
If you progress on to the formal exam, your Study Guide will provide you with vital revision
information.
Remember, your Study Guide is yours to keep, even after your subscription to the course has
finished.
Page 1 of 20
2011 IT Training Zone LTD
www.ITILTrainingZone.com
ITIL is a registered trademark of the Office of Government Commerce in the United Kingdom and other countries

Table of Contents
Study Guide Icons
Lesson Contents
Information Security Management
Exercise Poor Security Management
Supplier Management
Supplier Categorization
10
Capacity Management
12
Capacity Management Sub-Processes
14
ITSCM
16
Business Impact Analysis and Risk Assessment
18
Design Coordination
19
The Service Design Package
20
Page 2 of 20

Study Guide Icons
Watch out for these icons as you use your Study Guide. Each icon highlights an important
piece of information.
Tip this will remind you of something you need to take note of, or give
you some exam guidance.
Definition key concept or term that you need to understand and

remember.
Role a job title or responsibility associated with a process or function.
Exercise Solution suggested solution to one of the exercises you will

complete throughout the course.
Goal or Objective for a particular process or core volume.
Page 3 of 20

Lesson Contents
This Lesson completed our studies of the Service Design processes.

We studied:

Supplier Management
Capacity Management
IT Service Continuity Management
Design Coordination
Text in "italics and quotation marks" is drawn from the ITIL core volumes
Quoted ITIL text is from Service Strategy, Service Design, Service Transition, Service Operation
and Continual Service Improvement
Crown copyright 2011 Reproduced under license from OGC.
Page 4 of 20

Information Security Management is responsible for aligning IT security with the

business security policy and making sure that effective levels of security are
designed into all new services and service management activities.
The process sets standards that need to be available to everyone in the business. These could
cover areas such as acceptable usage of email and web browsing standards, and password
confidentiality.
Security is part of the warranty of a service.
Process Objectives
Information Security Managements objectives relate to the protection of information, and the
people who use information.
The security objective is met when information is confidential, available as required, has
integrity and has authenticity.
Confidential: information is only seen by those who have a right to know
Integrity: its complete, accurate and cant be changed without permission.
Available: information is available and usable and protected from attack
Authenticity and non-repudiation: information can be shared between organizations and
trusted
Page 5 of 20

Exercise Poor Security Management

This Lesson included an Exercise to look at the consequences of poor security management. If
you didnt have time to complete the exercise during the Lesson, why not attempt it now?
Exercise
Imagine youre an information security manager. You are trying to get the business to take
security seriously, but they arent really listening.
Prepare a list of some of the potential business consequences of a security breach. Try and
think of at least 6 different consequences remember they can be both tangible and intangible.
Exercise Solution
Consequences could include:
A fine for breach of legislation or regulations

Loss of customer data
Loss of customer trust
Poor reputation and image
Potential for legal proceedings to be taken against accountable staff
Financial loss including theft from the organization
Withdrawal of any relevant industry accreditation
Commercially sensitive information or designs may become public
Remember, if you found this exercise challenging or have any questions, you can
email a tutor at tutor@itiltrainingzone.com.
Page 6 of 20

Process Scope
The scope of Information Security Management includes being a focal point for all security
issues.
The process will produce a policy that outlines the organizational approach to security. This will
be linked to any overall business security plans and policies, as well as any legislative
requirements.
Security issues need to be prioritized according to overall business goals and priorities.
The Information security policy should be available to everyone. It sets out standards for the
use of passwords, email and internet browsing.
Adequate levels of security should be designed into each new service and the Information
Security policy will be updated - if required.
The security policy covers everything that could have a potential impact on security, including
email, internet, anti-virus, information classification, remote access, copyright, asset disposal,
access control, and passwords.
The Information Security Manager also needs to ensure that all security policies are
communicated, fully implemented and enforced. The security policies need to be integrated at
all levels of the organization strategic, tactical and operational.
Every single user has the potential to cause a security breach, so training and communication is
critical. For example, security inductions for new starters might include not sharing your
password, or leaving your desk without locking your PC.
Another responsibility of the Information Security Management process is to manage any
security breaches, for example virus outbreaks or unauthorized access to a system.
Security breaches will need to be prioritized and appropriate action must be taken to resolve
the breach. There will be a review after the breach to see if any lessons need to be learnt or
processes updated.
Information Security Management also organizes regular security reviews and security tests such as network penetration tests. These reviews and tests will all help to ensure that the
policies and measures put in place are performing as they should.
Page 7 of 20

Supplier Management
Supplier Management is responsible for managing suppliers and the services

that they supply to provide a seamless quality of IT service to the business,
ensuring value for money is obtained.
The process is responsible for managing the full lifecycle of a supplier relationship. This starts
with choosing the supplier and making sure the correct contract is in place, and carrying out
any necessary negotiation.
Then, the supplier will be monitored on an ongoing basis in line with the overall organizational
supplier policy. At the end of the contract, the termination or re-negotiation process also
needs to be managed.
Most organizations will have a number of different suppliers. Some suppliers will provide
business critical services and products, whilst others will provide less important services and
products. The least critical suppliers are usually those who provide your organization with
consumables like printer toner cartridges.
Suppliers should be categorized so that it is clear how much actual management each supplier
and their corresponding contract needs. The more disruption the loss of any particular
suppliers service would cause, then the more effort that needs to be put into managing that
particular relationship.
Supplier Management has some overlap with other areas such as Service Catalogue
Management and Service Level Management. Service Level Management will want to make
sure that service targets within suppliers contracts will actually support the targets within SLAs.
Supplier management will maintain an information repository with supplier and contract
details, known as the Supplier and Contract Management Information System.
Supplier Management can provide powerful information to organizations, including:
When are specific supplier contracts due to expire?

Which suppliers are performing well?
Are suppliers improving overall?
Page 8 of 20

Supplier Management are responsible for ensuring that all suppliers continue to deliver value.
The key outputs from the process include:
Supplier and contract performance reports, which are used to help manage the ongoing
quality of service
Supplier review meeting minutes, which record actions agreed and also track previous
and ongoing actions
Supplier service improvement plans, which are used to manage suppliers who may not
be meeting the required standard and therefore need to improve
Survey reports are used to collect information from all levels of the organization that
deal with a particular supplier. This will give a well-rounded view of the suppliers
overall performance
By reviewing all of this information, Supplier Management can help to ensure that they get the
maximum value from third party suppliers.
Page 9 of 20

Supplier Categorisation
The diagram below shows that one of the best methods for categorizing
suppliers is based on assessing the risk and impact associated with the supplier.
This can be plotted against the value and importance of the supplier and their services to the
business.
Service Design fig. 4.28 Supplier Categorization

Crown copyright 2011. Reproduced under license from OGC
Page 10 of 20

Supplier
Category
Notes
Strategic
This is relevant for significant partnering relationships that involve senior

managers sharing confidential strategic information to facilitate long-term
plans. These relationships would normally be managed and owned at a
senior management level.
For example, if all of IT service provision was outsourced, this might be a
strategic relationship.
Tactical
Operational
Commodity
This is relevant for relationships involving significant commercial activity and

business interaction. These relationships would normally be managed by
middle management.
Operational is used for suppliers of operational products or services. These
relationships would normally be managed by junior operational
management.
Examples include an internet hosting service provider, supplying hosting
space for a low-usage, low-impact website or internally used.
Commodity is suitable for suppliers that provide low-value and/or readily
available products and services, which could be alternatively sourced
relatively easily. For example, paper or printer cartridge suppliers.
Page 11 of 20

Capacity Management
Capacity Management extends right across the service lifecycle. It has a key
responsibility to make sure the required level of capacity is designed into new
or changing services.
Lack of Capacity means that something has run out of space. If a server reaches maximum
capacity, or you run out of network bandwidth, this can significantly affect the performance of
a service.
Process Purpose and Objectives

The purpose of Capacity Management is to make sure that the capacity of IT services and
infrastructure in place meets the agreed business requirements in a cost-effective and timely
manner.
This involves planning ahead in order to predict the right capacity requirements for a new
service to avoid suffering from any downtime caused by a lack of capacity.
Capacity Management is interested in service performance how this can be maintained and
improved.
Capacity Management has a number of objectives. It will produce a Capacity Plan, which
provides costed options to meet current and future business needs. It will advise the business
and IT abut capacity-related concerns, and make sure that services are not affected by issues
related to capacity.
The Capacity Management process will carry out reactive activities, working with processes like
incident and problem management when service has been affected.
It will also have a proactive role, carrying out change impact assessments and implementing any
cost-justified measures that could improve service performance.
Page 12 of 20

Process Scope
The scope of Capacity Management includes being the organizations focal point for capacity
information. The process encompasses hardware, software, infrastructure and even people.
Capacity management needs to work closely with Service Strategy to make sure it understands
and plans for long term business needs, not just short term changes.
To fulfill its role, capacity management needs monitoring capabilities to support it. If capacity
isnt monitored, any potential problems will not be detected.
Capacity Management will constantly tune and refine services and infrastructure to optimize
their performance.
The scope of Capacity Management also includes understanding how technology can improve
services and service performance. If a service is not performing well and investment is not
available to expand capacity, capacity management may try and influence demand.
For example, it may work with Financial Management to introduce peak and off-peak charging
for a service.
Page 13 of 20

Capacity Management Sub-Processes
Business Capacity Management

Business Capacity Management operates at the strategic level. It looks at the future plans of
the business including information on mergers and acquisitions, and predicts how these will
affect capacity.
This sub-process focuses on predicting future capacity usage based on business plans and
trend analysis of current growth and usage.
Service Capacity Management

Service Capacity Management operates at the tactical level. It will review current capacity
levels and changes to demand to make sure that service targets can be met.
SCM monitors day to day activity to analyze trends. This sub-process is concerned with making
sure that service targets in Service Level Agreements and Service Level Requirements can be
monitored and achieved.
Component Capacity Management

Component Capacity Management is involved with the technology that makes up our
infrastructure.
Individual components such as disk arrays, networks and routers (say rooters) must all be
monitored and measured in order to build up a complete picture of the capacity available to
deliver services.
This is the most technical sub-process. Monitoring should be automated as far as possible.
Page 14 of 20

The Capacity Plan

The Capacity Plan is developed to document and predict the capacity required to support the
business in the next financial period. It provides forecasts at the Business, Service and
Component level. This information will feed into financial planning for the next financial
period.
The Capacity Plan provides costed recommendations about how to best meet the Capacity
needs of the business over the coming months.
Capacity Plans are typically produced on an annual basis, in line with an organizations financial
cycle. The plan should be used by all of IT and the business as part of their planning processes.
Page 15 of 20

IT Service Continuity Management
IT Service Continuity Management deals with situations that could have a

massive effect on the business, including disaster recovery planning.
The process deals with business critical services, including planning to protect them and also
planning for how to successfully recover from their loss.
The purpose of ITSCM is to support the overall Business Continuity Management process by
making sure that minimum agreed levels of services can be delivered in a disaster situation.
This is done by managing risk, and planning for service recovery when required.
One of the important points to be aware of when implementing IT Service Continuity
Management is that is has to be integrated with the organizational Business Continuity Plans.
This means that IT should never be acting alone when developing the IT Service Continuity Plan.
It is not for the service provider to decide how long the business can cope without any
particular service, or which service is the most important. Instead, BCM should provide this
information to ITSCM.
Process Objectives
ITSCM include:
Maintaining the IT Service Continuity plans and IT recovery plans. The plans need to be
updated and regularly assessed to make sure they still support the business continuity
plans
Carrying out regular Business Impact Analysis exercises, to make sure that the changing
criticality of business services is reflected in the plans
Carrying out risk analysis and management, providing advice and guidance as needed
Assessing the impact of all changes on the plans
Negotiating contracts with any suppliers who provide services that support the plans
Page 16 of 20

Process Scope
The scope of ITSCM is whatever the business deems to be a disaster. Less significant downtime
will be managed by processes like Incident and Availability Management. The more complex
our services, the more challenging ITSCM planning will be.
One area that is out of scope for ITSCM is long term business changes that could affect the
organization.
For example, a major restructure could affect service, but this would not be part of ITSCM.
These events need to be planned for at the business level, as part of the overall strategic
planning.
As part of its scope, ITSCM follows a four-step process:
Initiation: this is where ITSCM begins, driven by BCM

Requirements and strategy: carrying out Business Impact Analysis and risk assessment
to identify critical services
Implementation: production of plans and implementation of risk reduction measures
Ongoing operation: regular testing of the plans
Page 17 of 20

Business Impact Analysis and Risk Assessment
One of the techniques used by ITSCM is the Business Impact Analysis. This is
way of determining the effect to the business of service loss.
The effects can be financial or non-financial. Some impacts are tangible and easy to measure,
and others are less tangible and can be hard to quantify such as a damaged reputation. How
do you assess what this costs?
The output from the Business Impact Analysis is usually a graph which shows how the effect can
escalate over time. This can be used to identify the minimum amount of staff and
infrastructure required to maintain service.
Business Impact Analysis can help to guide ITSCM efforts and investment.
Risk Assessment
ITSCM also uses risk assessment to help identify what to protect and how much to invest.
Risk assessment is also used by Availability Management and Security Management when they
are protecting services. Standard methodologies like Management of Risk or MoR can be used
to create a profile of risk.
The risks that have the highest chance of materializing or affecting a business critical service
may require countermeasures to reduce their likelihood.
Page 18 of 20

Design Coordination
Design coordination provides a point of coordination for all Service Design

processes and activities, and makes sure that design goals are met.
Without good coordination, all the other Service Design processes might work in isolation,
leading to poor quality services and failed designs.
To fulfill its purpose, design coordination needs to make sure that all processes work
consistently. It will coordinate resources and make sure plans are handed over to Service
Transition in a timely way.
It will also make sure that all service designs conform to any overall corporate requirements.
The design coordination process improves overall Service Design effectiveness and efficiency. It
provides a common framework of standard, reusable practices, and identifies improvements
that can be made.
Process Scope
The scope of design coordination covers all design activities, no matter what the technology or
service involved. The more complex the design, the more coordination is needed.
Each organization will need to have guidelines to make sure that each design or project gets an
appropriate level of coordination.
As part of its role, design coordination will:
Assist and support projects

Maintain policies, guidelines and standard documents
Coordinate, prioritize and schedule activities
Review, measure and improve design activies
There are some areas that are out of scope for design coordination. The process is not
responsible for:
Coordinating activities outside of Service Design

Actually carrying out Service Design activities
Page 19 of 20

Service Design Package
Part of the scope of design coordination is making sure the Service Design
Package or SDP is handed over to Service Transition in the agreed format.
Service
Design
Package
The SDP is defined as a set of documents defining all

aspects of an IT service and its requirements through
each stage of its lifecycle. An SDP is produced for each
new IT service, major change or service retirement.
The SDP needs to include information for Service Transition, Service Operation and CSI.
Standard contents will include:
Requirements including business and service

Service Design including functional and Service Level Requirements
Organizational Readiness Assessment
Service lifecycle plan
Service Acceptance Criteria to confirm the service is working as it should
Page 20 of 20

Lesson 9 Service Design Processes Part 2 PDF

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Lesson 9 Service Design Processes Part 2 PDF

Загружено:

Авторское право:

Доступные форматы

Lesson 9 Study Guide

Service Design Processes Part 2

The ITIL Foundation Certificate in IT Service Management

Service Design Processes Part 2

Welcome to the ninth chapter of your Study Guide. This document is

The ITIL Foundation Certificate in IT Service Management

Study Guide Icons

Information Security Management

Exercise Poor Security Management

Capacity Management Sub-Processes

Business Impact Analysis and Risk Assessment

The Service Design Package

The ITIL Foundation Certificate in IT Service Management

Study Guide Icons

Definition key concept or term that you need to understand and

Role a job title or responsibility associated with a process or function.

Exercise Solution suggested solution to one of the exercises you will

Goal or Objective for a particular process or core volume.

The ITIL Foundation Certificate in IT Service Management

This Lesson completed our studies of the Service Design processes.

Information Security Management

The ITIL Foundation Certificate in IT Service Management

Information Security Management

Information Security Management is responsible for aligning IT security with the

The ITIL Foundation Certificate in IT Service Management

Exercise Poor Security Management

A fine for breach of legislation or regulations

The ITIL Foundation Certificate in IT Service Management

The ITIL Foundation Certificate in IT Service Management

Supplier Management is responsible for managing suppliers and the services

When are specific supplier contracts due to expire?

The ITIL Foundation Certificate in IT Service Management

The ITIL Foundation Certificate in IT Service Management

Service Design fig. 4.28 Supplier Categorization

The ITIL Foundation Certificate in IT Service Management

This is relevant for significant partnering relationships that involve senior

This is relevant for relationships involving significant commercial activity and

The ITIL Foundation Certificate in IT Service Management

Process Purpose and Objectives

The ITIL Foundation Certificate in IT Service Management

The ITIL Foundation Certificate in IT Service Management

Capacity Management Sub-Processes

Business Capacity Management

Service Capacity Management

Component Capacity Management

The ITIL Foundation Certificate in IT Service Management

The Capacity Plan

The ITIL Foundation Certificate in IT Service Management

IT Service Continuity Management

IT Service Continuity Management deals with situations that could have a

The ITIL Foundation Certificate in IT Service Management

Initiation: this is where ITSCM begins, driven by BCM

The ITIL Foundation Certificate in IT Service Management

Business Impact Analysis and Risk Assessment

The ITIL Foundation Certificate in IT Service Management

Design coordination provides a point of coordination for all Service Design

Assist and support projects

Coordinating activities outside of Service Design

The ITIL Foundation Certificate in IT Service Management

Service Design Package

The SDP is defined as a set of documents defining all

Requirements including business and service